search

containers / ansible-podman-collections

Repository for Ansible content that can include playbooks, roles, modules, and plugins for use with the Podman tool
GNU General Public License v3.0
270 stars 148 forks source link

Quadlet - cannot set 'Restart=no' in a POD systemd service #840

Closed erplus closed 1 week ago

erplus commented 2 months ago

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

When i use podman_pod module with state=quadlet then generated unit in systemd always has Restart=on-failure under [Service] section. Changing module parameter restart_policy: "no" or even generate_systemd['restart_policy']: "no" (but in my opinion this is not proper parameter for quadlet) doesn't help.

Steps to reproduce the issue:

  1. Deploy a pod with name: xyz, state: quadlet and restart_policy: "no"

  2. Run systemctl cat xyz-pod

Describe the results you received: In a systemd definition under [Service] is set Restart=on-failure

Describe the results you expected: In a systemd definition under [Service] is set Restart=no

Additional information you deem important (e.g. issue happens only occasionally):

Version of the containers.podman collection: Either git commit if installed from git: git show --summary Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman

1.15.4

Output of ansible --version:

ansible [core 2.16.10]
  config file = /home/psmogo/ansible/grupawp/dbcommon/ansible.cfg
  configured module search path = ['/home/psmogo/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/psmogo/venv/dbcommon/lib64/python3.12/site-packages/ansible
  ansible collection location = /home/psmogo/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/psmogo/venv/dbcommon/bin/ansible
  python version = 3.12.3 (main, Apr 17 2024, 00:00:00) [GCC 13.2.1 20240316 (Red Hat 13.2.1-7)] (/home/psmogo/venv/dbcommon/bin/python)
  jinja version = 3.1.4
  libyaml = True

Output of podman version:

Client:       Podman Engine
Version:      5.1.2
API Version:  5.1.2
Go Version:   go1.22.4 (Red Hat 1.22.4-1.el9)
Built:        Thu Jul 11 08:11:34 2024
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.36.0
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.10-1.el9.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: 574ce145d4fde456322f648afc2cb9dc2141ee16'
  cpuUtilization:
    idlePercent: 99.21
    systemPercent: 0.27
    userPercent: 0.51
  cpus: 1
  databaseBackend: sqlite
  distribution:
    distribution: almalinux
    version: "9.3"
  eventLogger: journald
  freeLocks: 2045
  hostname: molecule-podman-1
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.14.0-362.8.1.el9_3.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 306061312
  memTotal: 978833408
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.10.0-3.el9_4.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.10.0
    package: netavark-1.10.3-1.el9.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.10.3
  ociRuntime:
    name: crun
    package: crun-1.14.3-1.el9.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.14.3
      commit: 1961d211ba98f532ea52d2e80f4c20359f241a98
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20231204.gb86afe3-1.el9.x86_64
    version: |
      pasta 0^20231204.gb86afe3-1.el9.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: false
    path: /run/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.3-1.el9.x86_64
    version: |-
      slirp4netns version 1.2.3
      commit: c22fde291bb35b354e6ca44d13be181c76a0a432
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 0
  swapTotal: 0
  uptime: 1h 15m 15.00s (Approximately 0.04 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 1
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 20154679296
  graphRootUsed: 1715499008
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 3
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 5.1.2
  Built: 1720678294
  BuiltTime: Thu Jul 11 08:11:34 2024
  GitCommit: ""
  GoVersion: go1.22.4 (Red Hat 1.22.4-1.el9)
  Os: linux
  OsArch: linux/amd64
  Version: 5.1.2

Package info (e.g. output of rpm -q podman or apt list podman):

podman-5.1.2-1.el9.x86_64

Playbok you run with ansible (e.g. content of playbook.yaml):

- name: Podman pod test
  hosts: molecule-podman-*
  gather_facts: false
  become: true
  tasks:
    - name: Create a pod
      containers.podman.podman_pod:
        name: xyz
        state: quadlet
        restart_policy: "no"

    - name: Reload unit
      ansible.builtin.systemd_service:
        name: xyz-pod
        daemon_reload: true

Command line and output of ansible run with high verbosity

Please NOTE: if you submit a bug about idempotency, run the playbook with --diff option, like:

ansible-playbook -i inventory --diff -vv playbook.yml

PLAY [Podman pod test] *********************************************************

TASK [Create a pod] ************************************************************
changed: [molecule-podman-1]

TASK [Reload unit] *************************************************************
ok: [molecule-podman-1]

PLAY RECAP *********************************************************************
molecule-podman-1          : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Additional environment details (AWS, VirtualBox, physical, etc.):

cat /etc/redhat-release 
AlmaLinux release 9.3 (Shamrock Pampas Cat)
sshnaidm commented 4 weeks ago

So, after some investigation: You should have do something like this for Quadlet file:

[Service]
# Restart service when sleep finishes
Restart=always

according to Podman docs example here. So in our collection you just add a Service section (or any other):

- name: Podman pod test
  hosts: molecule-podman-*
  gather_facts: false
  become: true
  tasks:
    - name: Create a pod
      containers.podman.podman_pod:
        name: xyz
        state: quadlet
        quadlet_options:
          - |
            [Service]
            Restart=no

Podman options like restart: no are not reflected in Service, Quadlet doesn't pass it there. Although in this case I see they just override this section with hardcoded values here: https://github.com/containers/podman/blob/2aacd4e212525db4ee06be8e44e4405400d4df9d/pkg/systemd/quadlet/quadlet.go#L1652C2-L1657C3

    service.Setv(ServiceGroup,
        "Environment", "PODMAN_SYSTEMD_UNIT=%n",
        "Type", "forking",
        "Restart", "on-failure",
        "PIDFile", "%t/%N.pid",
    )

So I suppose you should submit a bug/rfe for Podman to enable custom Restart values.

sshnaidm commented 1 week ago

Closing it since it's not collection issue