containers / ansible-podman-collections

Repository for Ansible content that can include playbooks, roles, modules, and plugins for use with the Podman tool
GNU General Public License v3.0
269 stars 147 forks source link

Idempotency problem with module `containers.podman.podman_container` when container is running inside a pod as systemd service #828

Closed 4ndyZ closed 1 month ago

4ndyZ commented 2 months ago

/kind bug

Description

The module containers.podman.podman_container creates a change and therefore is not idempotent when creating a pod, attaching a container to it and creating a systemd service for that pod.

Steps to reproduce the issue:

  1. Create a pod using containers.podman.podman_pod

  2. Create and attach a container to the pod usin containers.podman.podman_container

  3. Create and start a systemd service from the pod using containers.podman.podman_generate_systemd

  4. Rerun steps 1-3

Describe the results you received: Step 2 reports a change and tries to recreate the container. Because the pod_id_file is missing for the container.

-pod_id_file - /run/pod_test.pod-id
+pod_id_file - None

Describe the results you expected: No change and idempotency.

Additional information you deem important (e.g. issue happens only occasionally): /

Version of the containers.podman collection: Either git commit if installed from git: git show --summary Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman

$ ansible-galaxy collection list | grep containers.podman
containers.podman                        1.15.4

Output of ansible --version:

$ ansible --version
ansible [core 2.16.9]
  config file = <redacted>/ansible/ansible.cfg
  configured module search path = ['<redacted>/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = <redacted>/ansible/lib/python3.12/site-packages/ansible
  ansible collection location = <redacted>/ansible/collections
  executable location = <redacted>/ansible/bin/ansible
  python version = 3.12.5 (main, Aug  6 2024, 19:08:49) [Clang 15.0.0 (clang-1500.3.9.4)] (~/ansible/bin/python3.12)
  jinja version = 3.0.3
  libyaml = True

Output of podman version:

$ podman -v
podman version 4.3.1

Output of podman info --debug:

host:
  arch: arm
  buildahVersion: 1.28.2
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - pids
  - rdma
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon_2.1.6+ds1-1_armhf
    path: /usr/bin/conmon
    version: 'conmon version 2.1.6, commit: unknown'
  cpuUtilization:
    idlePercent: 99.67
    systemPercent: 0.2
    userPercent: 0.13
  cpus: 4
  distribution:
    codename: bookworm
    distribution: debian
    version: "12"
  eventLogger: journald
  hostname: <redacted>
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.6.31-current-sunxi
  linkmode: dynamic
  logDriver: journald
  memFree: 513425408
  memTotal: 1046315008
  networkBackend: cni
  ociRuntime:
    name: crun
    package: crun_1.8.1-1+deb12u1_armhf
    path: /usr/bin/crun
    version: |-
      crun version 1.8.1
      commit: f8a096be060b22ccd3d5f3ebe44108517fbf6c30
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 517910528
  swapTotal: 523153408
  uptime: 693h 6m 32.00s (Approximately 28.88 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries: {}
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 2
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 7495299072
  graphRootUsed: 2117947392
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 3
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.3.1
  Built: 0
  BuiltTime: Thu Jan  1 01:00:00 1970
  GitCommit: ""
  GoVersion: go1.19.8
  Os: linux
  OsArch: linux/arm
  Version: 4.3.1

Package info (e.g. output of rpm -q podman or apt list podman):

$ apt list podman
Listing... Done
podman/stable,now 4.3.1+ds1-8+deb12u1 armhf [installed]

Playbok you run with ansible (e.g. content of playbook.yaml):

---
- hosts: all
  tasks:
    - name: Create Podman pod
      containers.podman.podman_pod:
        name: test
        debug: true
        # State options
        state: created
        recreate: false
        # Infra container
        infra_name: "test_infra"

    - name: Create container
      containers.podman.podman_container:
        name: test_test
        image: fedora
        command: sleep infinity
        pod: test
        state: created
        rm: true
        ipc: shareable
        log_driver: journald
        log_level: info
        log_opt:
          tag: test_test

    - name: Setup Systemd service for Podman pod test
      containers.podman.podman_generate_systemd:
        name: test
        # Systemd options
        dest: /etc/systemd/system
        restart_policy: on-failure
        restart_sec: 10
        wants: []
        after: []
        # Nameing
        pod_prefix: "pod"
        container_prefix: "container"
        separator: "_"
        use_names: true # Use container name as Systemd service name
        # Additional options for Podman
        new: true # Create containers with Systemd unit file
        no_header: true # Do not add header to Systemd unit file (no reload of Systemd daemon required)

    - name: Set enable and mask Systemd service for Podman pod test
      ansible.builtin.systemd:
        name: "pod_test.service"
        enabled: true
        state: started
        masked: false
        daemon_reload: true

Command line and output of ansible run with high verbosity

Please NOTE: if you submit a bug about idempotency, run the playbook with --diff option, like:

ansible-playbook -i inventory --diff -vv playbook.yml --check

...
TASK [Create container] ********************************************************************************************************************************************************************************************************************************************************
task path:<redacted>/ansible/test.yml:15
--- before
+++ after
@@ -1 +1 @@
-pod_id_file - /run/pod_test.pod-id
+pod_id_file - None
...

Additional environment details (AWS, VirtualBox, physical, etc.): /

sshnaidm commented 2 months ago

@4ndyZ can you check please if #829 solves it?

4ndyZ commented 1 month ago

@4ndyZ can you check please if #829 solves it?

Sorry for the late reply. #829 fixes the problem. Thank you.