ansible-podman-collections
ansible-podman-collections copied to clipboard
containers
podman_container: device breaks idempotency
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
podman_container with device keys aren't idempotent
Steps to reproduce the issue:
This rule isn't idempotent:
- name: my container
containers.podman.podman_container:
name: container_name
image: "my_image:latest"
image_strict: true
state: created
device:
- /dev/fuse
privileged: true
But this rule is:
- name: my container
containers.podman.podman_container:
name: container_name
image: "my_image:latest"
image_strict: true
state: created
volume:
- /dev/fuse:/dev/fuse
privileged: true
Additional information you deem important (e.g. issue happens only occasionally):
Version of the containers.podman collection:
Either git commit if installed from git: git show --summary
Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman
containers.podman 1.8.2
Output of ansible --version:
ansible [core 2.12.1]
config file = /home/heinzi/projects/dockerserver/host/ansible.cfg
configured module search path = ['/home/heinzi/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/heinzi/projects/dockerserver/host/venv/lib/python3.9/site-packages/ansible
ansible collection location = /home/heinzi/.ansible/collections:/usr/share/ansible/collections
executable location = /home/heinzi/projects/dockerserver/host/venv/bin/ansible
python version = 3.9.5 (default, May 11 2021, 08:20:37) [GCC 10.3.0]
jinja version = 3.0.3
libyaml = True
Output of podman version:
podman version 3.0.1
Output of podman info --debug:
host:
arch: amd64
buildahVersion: 1.19.6
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: 'conmon: /usr/bin/conmon'
path: /usr/bin/conmon
version: 'conmon version 2.0.25, commit: unknown'
cpus: 4
distribution:
distribution: debian
version: "11"
eventLogger: journald
hostname: [redacted]
idMappings:
gidmap: null
uidmap: null
kernel: 5.10.0-9-amd64
linkmode: dynamic
memFree: 16020426752
memTotal: 16786501632
ociRuntime:
name: crun
package: 'crun: /usr/bin/crun'
path: /usr/bin/crun
version: |-
crun version 0.17
commit: 0e9229ae34caaebcb86f1fde18de3acaf18c6d9a
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
os: linux
remoteSocket:
exists: true
path: /run/podman/podman.sock
security:
apparmorEnabled: true
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
selinuxEnabled: false
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 0
swapTotal: 0
uptime: 1h 26m 57.97s (Approximately 0.04 days)
registries: {}
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 2
paused: 0
running: 2
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /var/lib/containers/storage
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageStore:
number: 3
runRoot: /run/containers/storage
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 3.0.0
Built: 0
BuiltTime: Thu Jan 1 01:00:00 1970
GitCommit: ""
GoVersion: go1.15.9
OsArch: linux/amd64
Version: 3.0.1
Package info (e.g. output of rpm -q podman or apt list podman):
Listing... Done
podman/stable,now 3.0.1+dfsg1-3+b2 amd64 [installed]
Playbok you run with ansible (e.g. content of playbook.yaml):
(paste your output here)
Command line and output of ansible run with high verbosity
Please NOTE: if you submit a bug about idempotency, run the playbook with --diff option, like:
ansible-playbook -i inventory --diff -vv playbook.yml
--- before
+++ after
@@ -1 +1 @@
-devices - []
+devices - ['/dev/fuse']
Additional environment details (AWS, VirtualBox, physical, etc.):
As I see in rootless containers "Devices" section is empty when you run with --devices /dev/fuse. Although it works with root containers.
Are you sure mounting device works in rootless container?
having a similar issue. The container gets recreated everytime if i dont specify the in container path for the device: --- before +++ after @@ -1 +1 @@ -devices - ['/dev/ttyACM0:/dev/ttyACM0'] +devices - ['/dev/ttyACM0']
I do have the same issue when using the following versions:
$ podman -v podman version 3.0.1 $ apt list podman Listing... Done podman/stable,now 3.0.1+dfsg1-3+deb11u1 amd64 [installed] % git show -p commit 409369c9fc2f91f2b0b459c244499397316ea1f5 (HEAD -> master, origin/master, origin/HEAD) Author: Sagi Shnaidman [email protected] Date: Wed Sep 21 02:33:13 2022 +0300
Add shellcheck sanity ignore list for 2.15
Signed-off-by: Sagi Shnaidman <[email protected]>
% ansible --version ansible 2.10.8 config file = /home/user/.ansible.cfg configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3/dist-packages/ansible executable location = /usr/bin/ansible python version = 3.10.4 (main, Jun 29 2022, 12:14:53) [GCC 11.2.0] % apt list ansible Listing... Done ansible/jammy,jammy,now 2.10.7+merged+base+2.10.8+dfsg-1 all [installed]
I've noticed that the HostConfig Dictionary generated by "podman inspect $container" does not include a value "devices", but the createcommand list in the Config Dictionary includes the --device parameters. Thus i have reused code from diffparam_ulimit, which parses the createcommand list from the Config Dictionary, to fix this for my setup.
I've pushed my commit to https://github.com/frnky/ansible-podman-collections/commit/28e07b6c678d4bb380cd1ae2dc122d2cd4b643a0
