ansible-podman-collections icon indicating copy to clipboard operation
ansible-podman-collections copied to clipboard

Published 20 hours ago verified publisher icon containers

`generate_systemd` doesn't work for pod with user namespace

Open exploide opened this issue 3 years ago • 1 comments
trafficstars

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

When creating a pod with a user namespace and assigning a container to it, the generation of systemd unit files doesn't work correctly.

Steps to reproduce the issue:

  1. Run the following Ansible tasks (as root) that create a pod with a user namespace (uidmap and gidmap), assign a MariaDB container to it, and try to generate the systemd unit files:
- name: Create pod for mytest
  containers.podman.podman_pod:
    name: mytest
    infra_name: mytest-infra
    state: created
    uidmap: 0:10000000:65536
    gidmap: 0:10000000:65536

- name: Create MariaDB container for mytest
  containers.podman.podman_container:
    name: mytest-mariadb
    image: docker.io/library/mariadb:latest
    pod: mytest
    state: created

- name: Generate systemd units for mytest pod
  containers.podman.podman_pod:
    name: mytest
    generate_systemd:
      new: yes
      no_header: yes
      path: /etc/systemd/system
  1. Check whether the unit files have been generated:
# ll /etc/systemd/system/*mytest*
-rw-r--r--. 1 root root 803 Jan 15 17:14 /etc/systemd/system/pod-mytest.service

Only the pod service has been created. The container service is missing. When checking podman ps -a the container is also gone.

  1. Remove all leftovers and try again, this time with uidmap and gidmap commented out. It works and the unit files are present.
# ll /etc/systemd/system/*mytest*
-rw-r--r--. 1 root root 802 Jan 15 17:11 /etc/systemd/system/container-mytest-mariadb.service
-rw-r--r--. 1 root root 893 Jan 15 17:11 /etc/systemd/system/pod-mytest.service

Describe the results you received:

The container unit is missing and the pod unit is also incomplete (e.g. infra_name is missing). No visible error message is displayed.

Describe the results you expected:

The generation of systemd unit files should work for pods and container with namespaces.

Additional information you deem important (e.g. issue happens only occasionally):

I noticed that with namespace options, the pod gets recreated in task 3, that's where it looses its container and options. This does not happen without the namespace options. Then, the pod state is not changed in task 3.

If I omit the Ansible task that generates the systemd units and execute podman manually, it works even with namespaced pods.

# podman generate systemd -f -n --new --no-header mytest 
/root/pod-mytest.service
/root/container-mytest-mariadb.service
# ll
total 8.0K
-rw-r--r--. 1 root root 802 Jan 15 17:17 container-mytest-mariadb.service
-rw-r--r--. 1 root root 945 Jan 15 17:17 pod-mytest.service

Version of the containers.podman collection: Either git commit if installed from git: git show --summary Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman

containers.podman 1.9.1

Output of ansible --version:

ansible [core 2.12.1]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/jannik/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  ansible collection location = /home/jannik/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.1 (main, Dec  9 2021, 00:00:00) [GCC 11.2.1 20211203 (Red Hat 11.2.1-7)]
  jinja version = 3.0.1
  libyaml = True

Output of podman version:

Version:      3.4.4
API Version:  3.4.4
Go Version:   go1.16.8
Built:        Wed Dec  8 22:45:07 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.23.1
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.30-2.fc35.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.30, commit: '
  cpus: 2
  distribution:
    distribution: fedora
    variant: server
    version: "35"
  eventLogger: journald
  hostname: fury
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.15.14-200.fc35.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 2206203904
  memTotal: 3047051264
  ociRuntime:
    name: crun
    package: crun-1.4-1.fc35.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.4
      commit: 3daded072ef008ef0840e8eccb0b52a7efbd165d
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.12-2.fc35.x86_64
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 3046109184
  swapTotal: 3046109184
  uptime: 49m 57.66s
plugins:
  log:
  - k8s-file
  - none
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageStore:
    number: 3
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 3.4.4
  Built: 1638999907
  BuiltTime: Wed Dec  8 22:45:07 2021
  GitCommit: ""
  GoVersion: go1.16.8
  OsArch: linux/amd64
  Version: 3.4.4

Package info (e.g. output of rpm -q podman or apt list podman):

podman-3.4.4-1.fc35.x86_64

Playbok you run with ansible (e.g. content of playbook.yaml):

See steps to reproduce.

Command line and output of ansible run with high verbosity

> ansible-playbook -i dev site.yml --ask-vault-pass -vv
ansible-playbook [core 2.12.1]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/jannik/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  ansible collection location = /home/jannik/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.10.1 (main, Dec  9 2021, 00:00:00) [GCC 11.2.1 20211203 (Red Hat 11.2.1-7)]
  jinja version = 3.0.1
  libyaml = True
Using /etc/ansible/ansible.cfg as config file
Vault password:
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: site.yml *******************************************************************************************************************************************
1 plays in site.yml

PLAY [webserver] *********************************************************************************************************************************************

TASK [Gathering Facts] ***************************************************************************************************************************************
task path: /my/playbook/site.yml:3
ok: [fury]
META: ran handlers

TASK [mytest-pod : Create pod for mytest] **********************************************************************************************************
task path: /my/playbook/roles/mytest-pod/tasks/main.yml:3
changed: [fury] => {"actions": ["created mytest"], "changed": true, "pod": {"CgroupParent": "machine.slice", "CgroupPath": "machine.slice/machine-libpod_pod_ea84f2bd8fc3433ee9032b7cc74836ccc1034f7484fe4be4c929a1d6e67c757c.slice", "Containers": [{"Id": "96d8f5d503eab48f39ea0fce08d61ab76edf18004d2ef0514293bbd3436bdf50", "Name": "mytest-infra", "State": "configured"}], "CreateCgroup": true, "CreateCommand": ["podman", "pod", "create", "--name", "mytest", "--infra-name", "mytest-infra", "--uidmap", "0:10000000:65536", "--gidmap", "0:10000000:65536"], "CreateInfra": true, "Created": "2022-01-15T17:44:51.102947181+01:00", "Hostname": "", "Id": "ea84f2bd8fc3433ee9032b7cc74836ccc1034f7484fe4be4c929a1d6e67c757c", "InfraConfig": {"DNSOption": null, "DNSSearch": null, "DNSServer": null, "HostAdd": null, "HostNetwork": true, "NetworkOptions": null, "Networks": null, "NoManageHosts": false, "NoManageResolvConf": false, "PortBindings": {}, "StaticIP": "", "StaticMAC": "", "pid_ns": "private", "userns": "private"}, "InfraContainerID": "96d8f5d503eab48f39ea0fce08d61ab76edf18004d2ef0514293bbd3436bdf50", "Name": "mytest", "NumContainers": 1, "SharedNamespaces": ["user", "uts", "ipc", "net"], "State": "Created"}, "podman_actions": ["podman pod create --name mytest --infra-name mytest-infra --uidmap 0:10000000:65536 --gidmap 0:10000000:65536"], "podman_systemd": {"pod-mytest": "# pod-mytest.service\n# autogenerated by Podman 3.4.4\n# Sat Jan 15 17:44:51 CET 2022\n\n[Unit]\nDescription=Podman pod-mytest.service\nDocumentation=man:podman-generate-systemd(1)\nWants=network-online.target\nAfter=network-online.target\nRequiresMountsFor=\nRequires=\nBefore=\n\n[Service]\nEnvironment=PODMAN_SYSTEMD_UNIT=%n\nRestart=on-failure\nTimeoutStopSec=70\nExecStart=/usr/bin/podman start mytest-infra\nExecStop=/usr/bin/podman stop -t 10 mytest-infra\nExecStopPost=/usr/bin/podman stop -t 10 mytest-infra\nPIDFile=/run/containers/storage/overlay-containers/96d8f5d503eab48f39ea0fce08d61ab76edf18004d2ef0514293bbd3436bdf50/userdata/conmon.pid\nType=forking\n\n[Install]\nWantedBy=default.target\n"}, "stderr": "", "stderr_lines": [], "stdout": "ea84f2bd8fc3433ee9032b7cc74836ccc1034f7484fe4be4c929a1d6e67c757c\n", "stdout_lines": ["ea84f2bd8fc3433ee9032b7cc74836ccc1034f7484fe4be4c929a1d6e67c757c"]}

TASK [mytest-pod : Create MariaDB container for mytest] ********************************************************************************************
task path: /my/playbook/roles/mytest-pod/tasks/main.yml:11
changed: [fury] => {"actions": ["created mytest-mariadb"], "changed": true, "container": {"AppArmorProfile": "", "Args": ["mariadbd"], "BoundingCaps": ["CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_NET_BIND_SERVICE", "CAP_SETFCAP", "CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", "CAP_SYS_CHROOT"], "Config": {"Annotations": {"io.kubernetes.cri-o.ContainerType": "container", "io.kubernetes.cri-o.SandboxID": "mytest", "io.kubernetes.cri-o.TTY": "false", "io.podman.annotations.autoremove": "FALSE", "io.podman.annotations.init": "FALSE", "io.podman.annotations.privileged": "FALSE", "io.podman.annotations.publish-all": "FALSE"}, "AttachStderr": false, "AttachStdin": false, "AttachStdout": false, "Cmd": ["mariadbd"], "CreateCommand": ["podman", "container", "create", "--name", "mytest-mariadb", "--pod", "mytest", "docker.io/library/mariadb:latest"], "Domainname": "", "Entrypoint": "docker-entrypoint.sh", "Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm", "container=podman", "MARIADB_VERSION=1:10.6.5+maria~focal", "GOSU_VERSION=1.14", "MARIADB_MAJOR=10.6"], "Hostname": "ee62c2751d24", "Image": "docker.io/library/mariadb:latest", "Labels": null, "OnBuild": null, "OpenStdin": false, "StdinOnce": false, "StopSignal": 15, "StopTimeout": 10, "Timeout": 0, "Tty": false, "Umask": "0022", "User": "", "Volumes": null, "WorkingDir": "/"}, "ConmonPidFile": "/run/containers/storage/overlay-containers/ee62c2751d248707c4f67f21518c6e4b11c3232f304125b8ea1b0c17f76e1251/userdata/conmon.pid", "Created": "2022-01-15T17:44:52.20920615+01:00", "Dependencies": ["96d8f5d503eab48f39ea0fce08d61ab76edf18004d2ef0514293bbd3436bdf50"], "Driver": "overlay", "EffectiveCaps": ["CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_NET_BIND_SERVICE", "CAP_SETFCAP", "CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", "CAP_SYS_CHROOT"], "ExecIDs": [], "ExitCommand": ["/usr/bin/podman", "--root", "/var/lib/containers/storage", "--runroot", "/run/containers/storage", "--log-level", "warning", "--cgroup-manager", "systemd", "--tmpdir", "/run/libpod", "--runtime", "crun", "--storage-driver", "overlay", "--storage-opt", "overlay.mountopt=nodev,metacopy=on", "--events-backend", "journald", "container", "cleanup", "ee62c2751d248707c4f67f21518c6e4b11c3232f304125b8ea1b0c17f76e1251"], "GraphDriver": {"Data": {"LowerDir": "/var/lib/containers/storage/overlay/5066d2aa49486983c65ecfd98185c506e08604078a372f94a41ac7e2828cfe51/diff:/var/lib/containers/storage/overlay/9ad536dbeacd4cf1abcdc75d12e2108ab7591e6b8e7ada612311d089705b0198/diff:/var/lib/containers/storage/overlay/93c4e715fa318d7eda8f0ef59172d58c4f2f96654f628cbce40cc92905add3e1/diff:/var/lib/containers/storage/overlay/81e275c9f78ec01b09f30e6effd9cf1c635237e20d782d0c86748c25f97635e6/diff:/var/lib/containers/storage/overlay/b2b4c8ed4c8233de33a022e14025572a934912d2b3a62ce38766112f1703fd2e/diff:/var/lib/containers/storage/overlay/4ebaec150edc9060e34e0f98ed0203cbb45749354555950c510b838d98421836/diff:/var/lib/containers/storage/overlay/3179cdaa58c319ba3de683712bdf218621af71c1b4e9ab75d86ac6b8bb91f821/diff:/var/lib/containers/storage/overlay/9c007a41c917209e62549d2f05ff48ff0c37d657a0520dc43151b0799d14ccad/diff:/var/lib/containers/storage/overlay/9ddac8be101694e162bfd34f6002963e330a073627f4a1ff80c16c1124dbb8fa/diff:/var/lib/containers/storage/overlay/559de99bd9c6f16e2d44eccf9c992b53375d917cd44862e224a3cf532d35c8d8/diff:/var/lib/containers/storage/overlay/0eba131dffd015134cb310c284b776c1e44d330146cd2f0e30c4e464d0b76d24/diff", "UpperDir": "/var/lib/containers/storage/overlay/a862656eac0d147bd825296ad06904b7be22111c38fd76b74b0dd275df0657a7/diff", "WorkDir": "/var/lib/containers/storage/overlay/a862656eac0d147bd825296ad06904b7be22111c38fd76b74b0dd275df0657a7/work"}, "Name": "overlay"}, "HostConfig": {"AutoRemove": false, "Binds": ["8165efc8d73ea14c02224938c6e1d760fa2f329358ca301280fd6e69e1d52451:/var/lib/mysql:rprivate,rw,nodev,exec,nosuid,rbind"], "BlkioDeviceReadBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceWriteIOps": null, "BlkioWeight": 0, "BlkioWeightDevice": null, "CapAdd": [], "CapDrop": ["CAP_AUDIT_WRITE", "CAP_MKNOD", "CAP_NET_RAW"], "Cgroup": "", "CgroupConf": null, "CgroupManager": "systemd", "CgroupMode": "private", "CgroupParent": "machine.slice/machine-libpod_pod_ea84f2bd8fc3433ee9032b7cc74836ccc1034f7484fe4be4c929a1d6e67c757c.slice", "Cgroups": "default", "ConsoleSize": [0, 0], "ContainerIDFile": "", "CpuCount": 0, "CpuPercent": 0, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpuShares": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DiskQuota": 0, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": [], "GroupAdd": [], "IOMaximumBandwidth": 0, "IOMaximumIOps": 0, "IpcMode": "container:96d8f5d503eab48f39ea0fce08d61ab76edf18004d2ef0514293bbd3436bdf50", "Isolation": "", "KernelMemory": 0, "Links": null, "LogConfig": {"Config": null, "Path": "", "Size": "0B", "Tag": "", "Type": "journald"}, "Memory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": 0, "NanoCpus": 0, "NetworkMode": "container:96d8f5d503eab48f39ea0fce08d61ab76edf18004d2ef0514293bbd3436bdf50", "OomKillDisable": false, "OomScoreAdj": 0, "PidMode": "private", "PidsLimit": 2048, "PortBindings": {}, "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "RestartPolicy": {"MaximumRetryCount": 0, "Name": ""}, "Runtime": "oci", "SecurityOpt": [], "ShmSize": 65536000, "Tmpfs": {}, "UTSMode": "container:96d8f5d503eab48f39ea0fce08d61ab76edf18004d2ef0514293bbd3436bdf50", "Ulimits": [{"Hard": 1048576, "Name": "RLIMIT_NOFILE", "Soft": 1048576}, {"Hard": 4194304, "Name": "RLIMIT_NPROC", "Soft": 4194304}], "UsernsMode": "container:96d8f5d503eab48f39ea0fce08d61ab76edf18004d2ef0514293bbd3436bdf50", "VolumeDriver": "", "VolumesFrom": null}, "HostnamePath": "", "HostsPath": "", "Id": "ee62c2751d248707c4f67f21518c6e4b11c3232f304125b8ea1b0c17f76e1251", "Image": "d462573d8688665ea676252d2c2609f9ff748ee0d9b53744bcc358fb511a7438", "ImageName": "docker.io/library/mariadb:latest", "IsInfra": false, "MountLabel": "system_u:object_r:container_file_t:s0:c273,c744", "Mounts": [{"Destination": "/var/lib/mysql", "Driver": "local", "Mode": "", "Name": "8165efc8d73ea14c02224938c6e1d760fa2f329358ca301280fd6e69e1d52451", "Options": ["nodev", "exec", "nosuid", "rbind"], "Propagation": "rprivate", "RW": true, "Source": "/var/lib/containers/storage/volumes/8165efc8d73ea14c02224938c6e1d760fa2f329358ca301280fd6e69e1d52451/_data", "Type": "volume"}], "Name": "mytest-mariadb", "Namespace": "", "NetworkSettings": {"Bridge": "", "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "HairpinMode": false, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "MacAddress": "", "Networks": {"podman": {"DriverOpts": null, "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAMConfig": null, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "Links": null, "MacAddress": "", "NetworkID": "podman"}}, "Ports": {}, "SandboxID": "", "SandboxKey": ""}, "OCIRuntime": "crun", "Path": "docker-entrypoint.sh", "PidFile": "/run/containers/storage/overlay-containers/ee62c2751d248707c4f67f21518c6e4b11c3232f304125b8ea1b0c17f76e1251/userdata/pidfile", "Pod": "ea84f2bd8fc3433ee9032b7cc74836ccc1034f7484fe4be4c929a1d6e67c757c", "ProcessLabel": "system_u:system_r:container_t:s0:c273,c744", "ResolvConfPath": "", "RestartCount": 0, "Rootfs": "", "State": {"Dead": false, "Error": "", "ExitCode": 0, "FinishedAt": "0001-01-01T00:00:00Z", "Healthcheck": {"FailingStreak": 0, "Log": null, "Status": ""}, "OOMKilled": false, "OciVersion": "1.0.2-dev", "Paused": false, "Pid": 0, "Restarting": false, "Running": false, "StartedAt": "0001-01-01T00:00:00Z", "Status": "configured"}, "StaticDir": "/var/lib/containers/storage/overlay-containers/ee62c2751d248707c4f67f21518c6e4b11c3232f304125b8ea1b0c17f76e1251/userdata"}, "podman_actions": ["podman create --name mytest-mariadb --pod mytest docker.io/library/mariadb:latest"], "podman_systemd": {"container-mytest-mariadb": "# container-mytest-mariadb.service\n# autogenerated by Podman 3.4.4\n# Sat Jan 15 17:44:52 CET 2022\n\n[Unit]\nDescription=Podman container-mytest-mariadb.service\nDocumentation=man:podman-generate-systemd(1)\nWants=network-online.target\nAfter=network-online.target\nRequiresMountsFor=/run/containers/storage\n\n[Service]\nEnvironment=PODMAN_SYSTEMD_UNIT=%n\nRestart=on-failure\nTimeoutStopSec=70\nExecStart=/usr/bin/podman start mytest-mariadb\nExecStop=/usr/bin/podman stop -t 10 mytest-mariadb\nExecStopPost=/usr/bin/podman stop -t 10 mytest-mariadb\nPIDFile=/run/containers/storage/overlay-containers/ee62c2751d248707c4f67f21518c6e4b11c3232f304125b8ea1b0c17f76e1251/userdata/conmon.pid\nType=forking\n\n[Install]\nWantedBy=default.target\n"}, "stderr": "", "stderr_lines": [], "stdout": "ee62c2751d248707c4f67f21518c6e4b11c3232f304125b8ea1b0c17f76e1251\n", "stdout_lines": ["ee62c2751d248707c4f67f21518c6e4b11c3232f304125b8ea1b0c17f76e1251"]}

TASK [mytest-pod : Generate systemd units for mytest pod] ******************************************************************************************
task path: /my/playbook/roles/mytest-pod/tasks/main.yml:18
changed: [fury] => {"actions": ["recreated mytest"], "changed": true, "pod": {"CgroupParent": "machine.slice", "CgroupPath": "machine.slice/machine-libpod_pod_eef3623c966eadbd3e75e835a5b9dfac9dbc2eee3cd8649729567ce2d7e6503e.slice", "Containers": [{"Id": "1bfd2006d8bfa6bfc7c0afe7ad19159e9d13edf9e8a0da431e1e4df8299f0ba5", "Name": "eef3623c966e-infra", "State": "configured"}], "CreateCgroup": true, "CreateCommand": ["podman", "pod", "create", "--name", "mytest"], "CreateInfra": true, "Created": "2022-01-15T17:44:53.469202499+01:00", "Hostname": "", "Id": "eef3623c966eadbd3e75e835a5b9dfac9dbc2eee3cd8649729567ce2d7e6503e", "InfraConfig": {"DNSOption": null, "DNSSearch": null, "DNSServer": null, "HostAdd": null, "HostNetwork": true, "NetworkOptions": null, "Networks": null, "NoManageHosts": false, "NoManageResolvConf": false, "PortBindings": {}, "StaticIP": "", "StaticMAC": "", "pid_ns": "private", "userns": "host"}, "InfraContainerID": "1bfd2006d8bfa6bfc7c0afe7ad19159e9d13edf9e8a0da431e1e4df8299f0ba5", "Name": "mytest", "NumContainers": 1, "SharedNamespaces": ["ipc", "net", "uts"], "State": "Created"}, "podman_actions": ["podman pod rm -f mytest", "podman pod create --name mytest"], "podman_systemd": {"pod-mytest": "# pod-mytest.service\n\n[Unit]\nDescription=Podman pod-mytest.service\nDocumentation=man:podman-generate-systemd(1)\nWants=network-online.target\nAfter=network-online.target\nRequiresMountsFor=\nRequires=\nBefore=\n\n[Service]\nEnvironment=PODMAN_SYSTEMD_UNIT=%n\nRestart=on-failure\nTimeoutStopSec=70\nExecStartPre=/bin/rm -f %t/pod-mytest.pid %t/pod-mytest.pod-id\nExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-mytest.pid --pod-id-file %t/pod-mytest.pod-id --name mytest --replace\nExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-mytest.pod-id\nExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-mytest.pod-id -t 10\nExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-mytest.pod-id\nPIDFile=%t/pod-mytest.pid\nType=forking\n\n[Install]\nWantedBy=default.target\n"}, "stderr": "", "stderr_lines": [], "stdout": "eef3623c966eadbd3e75e835a5b9dfac9dbc2eee3cd8649729567ce2d7e6503e\n", "stdout_lines": ["eef3623c966eadbd3e75e835a5b9dfac9dbc2eee3cd8649729567ce2d7e6503e"]}
META: role_complete for fury
META: ran handlers
META: ran handlers

PLAY RECAP ***************************************************************************************************************************************************
fury                       : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Additional environment details (AWS, VirtualBox, physical, etc.):

QEMU/KVM virtual machine.

exploide avatar Jan 15 '22 16:01 exploide

I think it's related to --new option issue in https://github.com/containers/ansible-podman-collections/issues/345

sshnaidm avatar Jan 16 '22 17:01 sshnaidm

Using the new podman_generate_systemd module, it is now possible to create systemd unit files for pods with a user namespace. So I'm closing this :)

exploide avatar Jan 14 '23 16:01 exploide