search

fnproject / cli

CLI tool for fnproject.
https://fnproject.io
Apache License 2.0
132 stars 66 forks source link

Unable to launch the server using Podman over Ubuntu Linux 22.04 LTS #663

Open mansilva opened 1 year ago

mansilva commented 1 year ago

Hello,

I was trying to locally setup the Fn Project to develop some functions to deploy to Oracle Cloud but my setup (Ubuntu 22.04 LTS with deamonless and rootless Podman) doesn't seem to work correctly.

My ${HOME}/.fn/config.yaml looks like this:

cli-version: 0.6.24
container-enginetype: podman
current-context: default

Several executions produced distinct errors:

$ fn start
2023/05/31 21:14:30 ¡¡¡ 'fn start' should NOT be used for PRODUCTION !!! see https://github.com/fnproject/fn-helm/
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Error: statfs /home/msilva/.fn/iofs: no such file or directory
2023/05/31 21:14:30 Error: processed finished with error exit status 125
$ fn start
2023/05/31 21:14:34 ¡¡¡ 'fn start' should NOT be used for PRODUCTION !!! see https://github.com/fnproject/fn-helm/
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Error: statfs /var/run/docker.sock: permission denied
2023/05/31 21:14:34 Error: processed finished with error exit status 125
$ fn start
2023/05/31 21:14:39 ¡¡¡ 'fn start' should NOT be used for PRODUCTION !!! see https://github.com/fnproject/fn-helm/
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Error: statfs /home/msilva/.fn/data: no such file or directory
2023/05/31 21:14:39 Error: processed finished with error exit status 125

It seems the root-cause is a system-call to the docker command which, in turn, is a shell script that just calls podman with the same arguments it receives. I hacked it a bit to see which arguments were being passed and got the following:

run --rm -i --name fnserver -v /home/msilva/.fn/iofs:/iofs -e FN_IOFS_DOCKER_PATH=/home/msilva/.fn/iofs -e FN_IOFS_PATH=/iofs -v /home/msilva/.fn/data:/app/data -v /var/run/docker.sock:/var/run/docker.sock --privileged -p 8080:8080 --entrypoint ./fnserver fnproject/fnserver:latest

Some of the problems I don't know how to workaround but when using Podman is there any way to change the socket "volume" to be /run/user/${UID}/podman/podman.sock:/var/run/docker.sock?

Another thing regarding the Podman setup is that it assumes /etc/containers/registries.conf contains at least:

unqualified-search-registries = ["docker.io"]

Otherwise it fails to pull the OCI.

Edit: I tried to launch the server manually by fixing some arguments just to see if there was any chance to make it work with Podman and got this result:

$ podman run --rm -i --name fnserver -v ${HOME}/.fn/iofs:/iofs -e FN_IOFS_DOCKER_PATH=${HOME}/.fn/iofs -e FN_IOFS_PATH=/iofs -v ${HOME}/.fn/data:/app/data -v /run/user/${UID}/podman/podman.sock:/var/run/docker.sock --privileged -p 8080:8080 --entrypoint ./fnserver fnproject/fnserver:latest
time="2023-06-01T01:02:33Z" level=info msg="Setting log level to" fields.level=info
time="2023-06-01T01:02:33Z" level=info msg="Registering data store provider 'sql'"
time="2023-06-01T01:02:33Z" level=info msg="Connecting to DB" url="sqlite3:///app/data/fn.db"
time="2023-06-01T01:02:33Z" level=info msg="datastore dialed" datastore=sqlite3 max_idle_connections=256 url="sqlite3:///app/data/fn.db"
time="2023-06-01T01:02:33Z" level=info msg="agent starting cfg={MinDockerVersion:17.10.0-ce ContainerLabelTag: DockerNetworks: DockerLoadFile: DisableUnprivilegedContainers:false FreezeIdle:50ms HotPoll:200ms HotLauncherTimeout:1h0m0s HotPullTimeout:10m0s HotStartTimeout:5s DetachedHeadRoom:6m0s MaxResponseSize:0 MaxHdrResponseSize:0 MaxLogSize:1048576 MaxTotalCPU:0 MaxTotalMemory:0 MaxFsSize:0 MaxPIDs:50 MaxOpenFiles:0xc420411718 MaxLockedMemory:0xc420411730 MaxPendingSignals:0xc420411738 MaxMessageQueue:0xc420411740 PreForkPoolSize:0 PreForkImage:busybox PreForkCmd:tail -f /dev/null PreForkUseOnce:0 PreForkNetworks: EnableNBResourceTracker:false MaxTmpFsInodes:0 DisableReadOnlyRootFs:false DisableDebugUserLogs:false IOFSEnableTmpfs:false EnableFDKDebugInfo:false IOFSAgentPath:/iofs IOFSMountRoot:/home/msilva/.fn/iofs IOFSOpts: ImageCleanMaxSize:0 ImageCleanExemptTags: ImageEnableVolume:false}"
time="2023-06-01T01:02:33Z" level=info msg="no docker auths from config files found (this is fine)" error="open /root/.dockercfg: no such file or directory"
time="2023-06-01T01:02:33Z" level=fatal msg="docker version error" error="docker version is too old. Required: 17.10.0-ce Found: 3.4.4"
metamemelord commented 1 year ago

The current implementation of fnproject/fn is incompatible with Podman (Thing that runs on fn start). I've tried to recompile fnproject/fn with the fix to the older version fix too, but it does not work. The problem is fnproject/fn's client layer is written with an old docker client and that does not work properly with Podman, even with the Podman service running exposed on a socket. Your best bet is to install docker for local development, but the best way really is to try out the project directly in OCI.