Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Systemd specifiers in the line "RequiresMountsFor=" from "podman generate systemd --new" #10493

Closed
eriksjolund opened this issue May 28, 2021 · 2 comments · Fixed by #10506
Closed

Use Systemd specifiers in the line "RequiresMountsFor=" from "podman generate systemd --new" #10493

eriksjolund opened this issue May 28, 2021 · 2 comments · Fixed by #10506
Labels
kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@eriksjolund
Copy link
Contributor

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind feature

Description

podman generate systemd --new does not make use of Systemd specifiers in the line that starts with RequiresMountsFor=.

By changing for instance

RequiresMountsFor=/home/tmptest/.local/share/containers/storage /run/user/1003/containers

to

RequiresMountsFor=%h/.local/share/containers/storage %t/containers

the unit file would be made more portable and could be reused by another user. (If the other user would have a non-standard Podman configuration it would not work but that would be an edge case).

The list of available Systemd specifiers can be seen in Table 4. Specifiers available in unit files in
https://www.freedesktop.org/software/systemd/man/systemd.unit.html

Steps to reproduce the issue:

  1. Create the new user tmptest and log in to that account

  2. Create the container foobar

    [tmptest@laptop ~]$ podman create --name foobar docker.io/library/alpine
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob 540db60ca938 done  
Copying config 6dbb9cc540 done  
Writing manifest to image destination
Storing signatures
71bf99fa5a7c6056ca5a203b0734162d1289db0eef6b17a9c55d6483b7d1bcac
[tmptest@laptop ~]$

  3. Generate a Systemd user service

    [tmptest@laptop ~]$ podman generate systemd --new --name foobar
# container-foobar.service
# autogenerated by Podman 3.1.2
# Fri May 28 07:19:37 CEST 2021

[Unit]
Description=Podman container-foobar.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
RequiresMountsFor=/home/tmptest/.local/share/containers/storage /run/user/1003/containers

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-foobar.pid %t/container-foobar.ctr-id
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-foobar.pid --cidfile %t/container-foobar.ctr-id --cgroups=no-conmon -d --replace --name foobar docker.io/library/alpine
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-foobar.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-foobar.ctr-id
PIDFile=%t/container-foobar.pid
Type=forking

[Install]
WantedBy=multi-user.target default.target
[tmptest@laptop ~]$

Describe the results you received:

I see the line

RequiresMountsFor=/home/tmptest/.local/share/containers/storage /run/user/1003/containers

Describe the results you expected:

RequiresMountsFor=%h/.local/share/containers/storage %t/containers

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:      3.1.2
API Version:  3.1.2
Go Version:   go1.16.3
Built:        Wed May 12 21:27:59 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.20.1
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.27-2.fc34.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.27, commit: '
  cpus: 8
  distribution:
    distribution: fedora
    version: "34"
  eventLogger: journald
  hostname: laptop
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1004
      size: 1
    - container_id: 1
      host_id: 296608
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1003
      size: 1
    - container_id: 1
      host_id: 296608
      size: 65536
  kernel: 5.12.6-300.fc34.x86_64
  linkmode: dynamic
  memFree: 22559367168
  memTotal: 33503195136
  ociRuntime:
    name: crun
    package: crun-0.19.1-3.fc34.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 0.19.1
      commit: 1535fedf0b83fb898d449f9680000f729ba719f5
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1003/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    selinuxEnabled: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.9-1.fc34.x86_64
    version: |-
      slirp4netns version 1.1.8+dev
      commit: 6dc0186e020232ae1a6fcc1f7afbc3ea02fd3876
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.0
  swapFree: 13958635520
  swapTotal: 13958635520
  uptime: 71h 44m 32.6s (Approximately 2.96 days)
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /home/tmptest/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-1.5.0-1.fc34.x86_64
      Version: |-
        fusermount3 version: 3.10.3
        fuse-overlayfs: version 1.5
        FUSE library version 3.10.3
        using FUSE kernel interface version 7.31
  graphRoot: /home/tmptest/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 1
  runRoot: /run/user/1003/containers
  volumePath: /home/tmptest/.local/share/containers/storage/volumes
version:
  APIVersion: 3.1.2
  Built: 1620847679
  BuiltTime: Wed May 12 21:27:59 2021
  GitCommit: ""
  GoVersion: go1.16.3
  OsArch: linux/amd64
  Version: 3.1.2

Package info (e.g. output of rpm -q podman or apt list podman):

podman-3.1.2-3.fc34.x86_64
@openshift-ci openshift-ci bot added the kind/feature Categorizes issue or PR as related to a new feature. label May 28, 2021
@vrothberg
Copy link
Member

Thanks for the report, @eriksjolund!

I consider it a bug actually. Let's fix it before v3.2 gets out the door.

@vrothberg vrothberg added 3.2 kind/bug Categorizes issue or PR as related to a bug. labels May 31, 2021
vrothberg added a commit to vrothberg/libpod that referenced this issue May 31, 2021
@vrothberg
generate systemd: make mounts portable
5307218 
Commit 748826f fixed a bug where slow mounting of the runroot was
causing issues when the units are started at boot.  The fix was to add
the container's runroot to the required mounts; the graph root has been
added as well.

Hard-coding the run- and graphroot to the required mounts, however,
breaks the portability of units generated with --now.  Those units are
intended to be running on any machine as, theoreticaly, any user.

Make the mounts portable by using the `%t` macro for the run root.
Since the graphroot's location varies across root and ordinary users,
drop it from the list of required mounts.  The graphroot was not causing
issues.

Fixes: containers#10493
Signed-off-by: Valentin Rothberg <[email protected]>
@vrothberg vrothberg mentioned this issue May 31, 2021
Merged
@vrothberg
Copy link
Member

Opened #10506

vrothberg added a commit to vrothberg/libpod that referenced this issue May 31, 2021
@vrothberg
generate systemd: make mounts portable
32927f5 
Commit 748826f fixed a bug where slow mounting of the runroot was
causing issues when the units are started at boot.  The fix was to add
the container's runroot to the required mounts; the graph root has been
added as well.

Hard-coding the run- and graphroot to the required mounts, however,
breaks the portability of units generated with --now.  Those units are
intended to be running on any machine as, theoreticaly, any user.

Make the mounts portable by using the `%t` macro for the run root.
Since the graphroot's location varies across root and ordinary users,
drop it from the list of required mounts.  The graphroot was not causing
issues.

Fixes: containers#10493
Signed-off-by: Valentin Rothberg <[email protected]>
@vrothberg vrothberg mentioned this issue May 31, 2021
Merged
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

generate systemd: make mounts portable vrothberg/libpod
2 participants
@eriksjolund @vrothberg