Install probe podman

[didil]

Fixes #51

• Adds Podman support to the install-probe command

• Tested on Debian Linux 11

• Detects podman installation, even when aliased to "docker"

• I've added info about the need to install a service to run podman container on boot, as mentioned here https://github.com/jsdelivr/globalping-probe/blob/master/README.md#podman-alternative

• I've used the podman command from the globalping-probe repo README podman run --cap-add=NET_RAW -d --network host --restart=always --name globalping-probe ghcr.io/jsdelivr/globalping-probe , but when inspecting the podman logs I see this error:

[2023-04-24 10:27:58] [DEBUG] [682] [general] connection to API established
[2023-04-24 10:27:58] [INFO] [682] [api:connect] connected from (Council Bluffs, US, NA) (lat: 41.2324 long: -95.8751)
[2023-04-24 10:27:58] [WARN] [682] [status-manager] ping test promise rejected: Command failed with exit code 2: unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net
ping: socket: Operation not permitted
{
  shortMessage: 'Command failed with exit code 2: unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net',
  command: 'unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net',
  escapedCommand: 'unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net',
  exitCode: 2,
  signal: undefined,
  signalDescription: undefined,
  stdout: 'ping: socket: Operation not permitted',
  stderr: '',
  failed: true,
  timedOut: false,
  isCanceled: false,
  killed: false
}```

[jimaek]

Thats strange, --cap-add=NET_RAW fixed it for me when I was testing it. Are you sure it was specified correctly?

[didil]

@jimaek just tested manually by copy pasting the exact command from the probe repo Readme, same result:

$ podman run --cap-add=NET_RAW -d --network host --restart=always --name globalping-probe ghcr.io/jsdelivr/globalping-probe
078f3e4cd8d60e52c2506b28f2ff427ad600ba95cc503c93bcd8b783fab5ef44
$ podman logs globalping-probe
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Checking for the latest version
Current version 0.20.0
Latest version 0.20.0
[2023-04-24 17:40:57] [INFO] [682] [general] Start probe version 0.20.0 in a production mode
[2023-04-24 17:40:58] [DEBUG] [682] [general] connection to API established
[2023-04-24 17:40:58] [INFO] [682] [api:connect] connected from (Council Bluffs, US, NA) (lat: 41.2619 long: -95.8608)
[2023-04-24 17:40:58] [WARN] [682] [status-manager] ping test promise rejected: Command failed with exit code 2: unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net
ping: socket: Operation not permitted
{
  shortMessage: 'Command failed with exit code 2: unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net',
  command: 'unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net',
  escapedCommand: 'unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net',
  exitCode: 2,
  signal: undefined,
  signalDescription: undefined,
  stdout: 'ping: socket: Operation not permitted',
  stderr: '',
  failed: true,
  timedOut: false,
  isCanceled: false,
  killed: false
}
Error: Command failed with exit code 2: unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net
ping: socket: Operation not permitted
    at makeError (file:///app/node_modules/execa/lib/error.js:59:11)
    at handlePromise (file:///app/node_modules/execa/index.js:119:26)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Promise.allSettled (index 0)
    at async StatusManager.pingTest (file:///app/dist/lib/status-manager.js:49:25)
    at async StatusManager.runTest (file:///app/dist/lib/status-manager.js:36:24)
    at async StatusManager.start (file:///app/dist/lib/status-manager.js:19:9)
    at async Socket.<anonymous> (file:///app/dist/helper/api-connect-handler.js:8:5)

[jimaek]

I am confused, I just started a fresh Debian 11 VM and did apt install podman I copy pasted your command from your comment and it works just fine.

What version of podman do you have and how did you install it?

[jimaek]

That was podman 3. I also installed podman 4.5 and it worked as well

[didil]

@jimaek Here are the exact steps to replicate:

• created a gcp compute engine instance, gcp us-central1-a , e2-micro, Debian GNU/Linux 11 (bullseye)
• ran: sudo apt-get update
• followed instructions to install podman for Debian from: https://podman.io/getting-started/installation: sudo apt-get -y install podman
• ran podman -v, it returns podman version 3.0.1
• ran: podman run --cap-add=NET_RAW -d --network host --restart=always --name globalping-probe ghcr.io/jsdelivr/globalping-probe
• checking the podman logs shows the same errors as mentioned above ping: socket: Operation not permitted

[jimaek]

I just did every single step in your command, I used Google Cloud, same OS, same commands https://dl.dropboxusercontent.com/s/umk84q1woxkh4dm/chrome_2023-04-25_12-57-25.png

Are you sure you're not enabling some kind of "hardening" feature on top of the OS?

[didil]

@jimaek I see you're logged in as root ? I'm executing the commands as a regular user, not root.

[jimaek]

oh makes sense then, obviously you can't give -cap-add=NET_RAW because it belongs to root. We need to add a sudo prefix to all podman commands then to make this clear

[jimaek]

Will it even work with the CLI properly if the user running it is not root? Please test

[didil]

@jimaek Added sudo to the podman commands, tested in the same gcp box, it works now. Also added a message about the fact that sudo podman is used.