search

containers / ansible-podman-collections

Repository for Ansible content that can include playbooks, roles, modules, and plugins for use with the Podman tool
GNU General Public License v3.0
252 stars 137 forks source link

Idempotency problem in collection version `1.15.0` when creating pods #774

Closed 4ndyZ closed 3 weeks ago

4ndyZ commented 1 month ago

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

This issue reports an idempotency issue in collection version >= 1.14.0. Since the release 1.14.0 the collection creates a change, when running in check mode and run mode while creating pods.

Steps to reproduce the issue:

  1. Create a playbook that creates a Podman pod

  2. Run the playbook and create the Podman pod

  3. Run the playbook again to create the Podman pod (in check or run mode, does not matter)

Describe the results you received: The playbook creates a change because the dynamic or auto set parameters exit_policy, infra_conmon_pidfile and pod_id_file changed.

Describe the results you expected: No change and idempotency.

Additional information you deem important (e.g. issue happens only occasionally): None

Version of the containers.podman collection: Either git commit if installed from git: git show --summary Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman

ansible-galaxy collection list | grep containers.podman
containers.podman    1.15.0

Output of ansible --version:

ansible [core 2.12.10]
  config file = /~/ansible.cfg
  configured module search path = ['~/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = ~/ansible/lib/python3.11/site-packages/ansible
  ansible collection location = ~/ansible/collections
  executable location = ~/ansible/bin/ansible
  python version = 3.11.9 (main, Apr  2 2024, 08:25:04) [Clang 15.0.0 (clang-1500.3.9.4)]
  jinja version = 3.0.3
  libyaml = Tru

Output of podman version:

$ podman version
Client:       Podman Engine
Version:      4.9.4-rhel
API Version:  4.9.4-rhel
Go Version:   go1.21.7 (Red Hat 1.21.7-1.module+el8.10.0+21318+5ea197f8)
Built:        Mon Apr  1 17:55:40 2024
OS/Arch:      linux/amd64

Output of podman info --debug:

$ podman info --debug
host:
  arch: amd64
  buildahVersion: 1.33.7
  cgroupControllers:
  - cpuset
  - cpu
  - cpuacct
  - blkio
  - memory
  - devices
  - freezer
  - net_cls
  - perf_event
  - net_prio
  - hugetlb
  - pids
  - rdma
  cgroupManager: systemd
  cgroupVersion: v1
  conmon:
    package: conmon-2.1.10-1.module+el8.10.0+21077+98b84d8a.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: 80c4f656297773fb630a4d966add3242abab39a4'
  cpuUtilization:
    idlePercent: 98.74
    systemPercent: 0.7
    userPercent: 0.57
  cpus: 2
  databaseBackend: boltdb
  distribution:
    distribution: rhel
    version: "8.10"
  eventLogger: file
  freeLocks: 2044
  hostname: docker01.gfit.dienste
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 4.18.0-553.el8_10.x86_64
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 5816504320
  memTotal: 8071036928
  networkBackend: cni
  networkBackendInfo:
    backend: cni
    dns:
      package: podman-plugins-4.9.4-1.module+el8.10.0+21632+761e0d34.x86_64
      path: /usr/libexec/cni/dnsname
      version: |-
        CNI dnsname plugin
        version: 1.4.0-dev
        commit: unknown
        CNI protocol versions supported: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 1.0.0
    package: containernetworking-plugins-1.4.0-2.module+el8.10.0+21366+f9cb49f8.x86_64
    path: /usr/libexec/cni
  ociRuntime:
    name: runc
    package: runc-1.1.12-1.module+el8.10.0+21251+62b7388c.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.1.12
      spec: 1.0.2-dev
      go: go1.21.3
      libseccomp: 2.5.2
  os: linux
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.3-1.module+el8.10.0+21306+6be40ce7.x86_64
    version: |-
      slirp4netns version 1.2.3
      commit: c22fde291bb35b354e6ca44d13be181c76a0a432
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 0
  swapTotal: 0
  uptime: 244h 31m 9.00s (Approximately 10.17 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 3
    paused: 0
    running: 3
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 16290123776
  graphRootUsed: 5397790720
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 11
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.9.4-rhel
  Built: 1711986940
  BuiltTime: Mon Apr  1 17:55:40 2024
  GitCommit: ""
  GoVersion: go1.21.7 (Red Hat 1.21.7-1.module+el8.10.0+21318+5ea197f8)
  Os: linux
  OsArch: linux/amd64
  Version: 4.9.4-rhel

Package info (e.g. output of rpm -q podman or apt list podman):

$ rpm -q podman
podman-4.9.4-1.module+el8.10.0+21632+761e0d34.x86_64

Playbok you run with ansible (e.g. content of playbook.yaml):

- name: Setup Podman pod test-pod
  containers.podman.podman_pod:
    name:  test-pod
    debug: false
    # State options
    state: created
    recreate: false
    # Infra container
    infra_name: " test-pod_infra"
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
    network:
      - test-pod_ipvlan

Command line and output of ansible run with high verbosity

Please NOTE: if you submit a bug about idempotency, run the playbook with --diff option, like:

ansible-playbook -i inventory --diff -vv playbook.yml

....

TASK [podman : Setup Podman pod test-pod] ************************************************************************************
task path: ~/ansible/roles/podman/tasks/pod.yml:38
--- before
+++ after
@@ -1,3 +1,3 @@
-exit_policy - stop
-infra_conmon_pidfile - /run/pod_test-pod.pid
-pod_id_file - /run/pod_test-pod.pod-id
+exit_policy - None
+infra_conmon_pidfile - None
+pod_id_file - None

....

Additional environment details (AWS, VirtualBox, physical, etc.): None

sshnaidm commented 4 weeks ago

@4ndyZ I can not reproduce with this task, it's also not runnable, we don't have systemd option in pod. Can you please provide a real task you are running and see this problem? Also please check you use actual 1.15.0 version: ansible-galaxy collection list | grep podman

sshnaidm commented 3 weeks ago

Seems like the problem only if pod is generated by systemd: https://github.com/containers/podman/blob/main/pkg/systemd/generate/pods.go#L336-L338

startCommand = append(startCommand,
            "pod", "create",
            "--infra-conmon-pidfile", "{{{{.PIDFile}}}}",
            "--pod-id-file", "{{{{.PodIDFile}}}}")