containers
podman ps: output unreadable with many exposed ports
Issue Description
After a recent upgrade from 5.0.3 to 5.1.0, I noticed that podman ps is unreadable. This is due to my FreeSWITCH container, which uses a macvlan network and has many exposed ports (see here). Prior to 5.1, this and other containers using macvlan networks would not list any ports at all.
This appears to be intended behaviour introduced by PR https://github.com/containers/podman/pull/22319 Is it possible to add a flag to mute port information for macvlan containers?
Steps to reproduce the issue
Steps to reproduce the issue...using adguardhome as an example:
$ sudo podman network create -d macvlan adguard
$ sudo podman run -d --network adguard docker.io/adguard/adguardhome:latest
$ sudo podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
55463e58fa91 docker.io/adguard/adguardhome:latest --no-check-update... 26 minutes ago Up 26 minutes 53/udp, 53/tcp, 67/udp, 68/udp, 80/tcp, 443/tcp, 443/udp, 853/tcp, 853/udp, 3000/tcp, 3000/udp, 5443/udp, 5443/tcp, 6060/tcp adguardhome
Describe the results you received
$ sudo podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
55463e58fa91 docker.io/adguard/adguardhome:latest --no-check-update... 26 minutes ago Up 26 minutes 53/udp, 53/tcp, 67/udp, 68/udp, 80/tcp, 443/tcp, 443/udp, 853/tcp, 853/udp, 3000/tcp, 3000/udp, 5443/udp, 5443/tcp, 6060/tcp adguardhome
Describe the results you expected
$ sudo podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
55463e58fa91 docker.io/adguard/adguardhome:latest --no-check-update... 26 minutes ago Up 26 minutes adguardhome
podman info output
host:
arch: amd64
buildahVersion: 1.36.0
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.10-1.fc40.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.10, commit: '
cpuUtilization:
idlePercent: 98.77
systemPercent: 0.61
userPercent: 0.61
cpus: 4
databaseBackend: boltdb
distribution:
distribution: fedora
variant: coreos
version: "40"
eventLogger: journald
freeLocks: 2045
hostname: falcon
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 6.8.11-300.fc40.x86_64
linkmode: dynamic
logDriver: journald
memFree: 9361956864
memTotal: 12185284608
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.11.0-1.fc40.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.11.0
package: netavark-1.11.0-1.fc40.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.11.0
ociRuntime:
name: crun
package: crun-1.15-1.fc40.x86_64
path: /usr/bin/crun
version: |-
crun version 1.15
commit: e6eacaf4034e84185fd8780ac9262bbf57082278
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20240510.g7288448-1.fc40.x86_64
version: |
pasta 0^20240510.g7288448-1.fc40.x86_64
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: false
path: /run/user/1000/podman/podman.sock
rootlessNetworkCmd: pasta
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.2-2.fc40.x86_64
version: |-
slirp4netns version 1.2.2
commit: 0ee2d87523e906518d34a6b423271e4826f71faf
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.5
swapFree: 0
swapTotal: 0
uptime: 22h 45m 49.00s (Approximately 0.92 days)
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
store:
configFile: /var/home/core/.config/containers/storage.conf
containerStore:
number: 2
paused: 0
running: 2
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /var/home/core/.local/share/containers/storage
graphRootAllocated: 511561764864
graphRootUsed: 21785911296
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Supports shifting: "false"
Supports volatile: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 5
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
APIVersion: 5.1.0
Built: 1716940800
BuiltTime: Wed May 29 00:00:00 2024
GitCommit: ""
GoVersion: go1.22.3
Os: linux
OsArch: linux/amd64
Version: 5.1.0
Podman in a container
No
Privileged Or Rootless
Privileged
Upstream Latest Release
No
Additional environment details
Additional environment details
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
Yeah it doesn't look very nice, to be honest I still don't understand why this is shown at all in docker... Adding a new cli options seems awkward (would you actual remember to type this?). Having to use a special option every time is not great. Also why should this be specific to macvlan? This effects all modes in the same way. Maybe we should add a containers.conf to turn this off? This way it would only need to be set once on the host.
One other option is to trim off ports when the result string length is greater than 20 (or some other number?). This is already done for the command field. But that would not be fully compatible with docker.
I noticed one other problem though we do not merge ranges for exposed ports, docker does. That is certainly something that has to be fixed.
Yeah it doesn't look very nice, to be honest I still don't understand why this is shown at all in docker... Adding a new cli options seems awkward (would you actual remember to type this?). Having to use a special option every time is not great. Also why should this be specific to macvlan? This effects all modes in the same way. Maybe we should add a containers.conf to turn this off? This way it would only need to be set once on the host.
Yes. An option in containers.conf to default to the Podman ps output prior to 5.1 would be an excellent idea.
Regarding macvlan. It's just where I noticed the change the most, seeing how the output went from nothing to a wall of text.
One other option is to trim off ports when the result string length is greater than 20 (or some other number?). This is already done for the command field. But that would not be fully compatible with docker.
I noticed one other problem though we do not merge ranges for exposed ports, docker does. That is certainly something that has to be fixed.
This would clean things up substantially. I don't use Docker, so I didn't realize it grouped ports into ranges.
I noticed one other problem though we do not merge ranges for exposed ports, docker does. That is certainly something that has to be fixed.
This would clean things up substantially. I don't use Docker, so I didn't realize it grouped ports into ranges.
Well given you example this would not help much only 67/udp, 68/udp would be grouped into 67-68/udp
Well given you example this would not help much only
67/udp, 68/udpwould be grouped into67-68/udp
True, that wasn't the best example. The FreeSWITCH example I referenced first was much better. It's just that I couldn't link to a public image for demo purposes.
This is just a small sample of the wall of text I was referring to:
65235/udp, 65236/udp, 65237/udp, 65238/udp, 65239/udp, 65240/udp, 65241/udp, 65242/udp, 65243/udp, 65244/udp, 65245/udp, 65246/udp, 65247/udp, 65248/udp, 65249/udp, 65250/udp, 65251/udp, 65252/udp, 65253/udp, 65254/udp, 65255/udp, 65256/udp, 65257/udp, 65258/udp, 65259/udp, 65260/udp, 65261/udp, 65262/udp, 65263/udp, 65264/udp, 65265/udp, 65266/udp, 65267/udp, 65268/udp, 65269/udp, 65270/udp, 65271/udp, 65272/udp, 65273/udp, 65274/udp, 65275/udp, 65276/udp, 65277/udp, 65278/udp, 65279/udp, 65280/udp, 65281/udp, 65282/udp, 65283/udp, 65284/udp, 65285/udp, 65286/udp, 65287/udp, 65288/udp, 65289/udp, 65290/udp, 65291/udp, 65292/udp, 65293/udp, 65294/udp, 65295/udp, 65296/udp, 65297/udp, 65298/udp, 65299/udp, 65300/udp, 65301/udp, 65302/udp, 65303/udp, 65304/udp, 65305/udp, 65306/udp, 65307/udp, 65308/udp, 65309/udp, 65310/udp, 65311/udp, 65312/udp, 65313/udp, 65314/udp, 65315/udp, 65316/udp, 65317/udp, 65318/udp, 65319/udp, 65320/udp, 65321/udp, 65322/udp, 65323/udp, 65324/udp, 65325/udp, 65326/udp, 65327/udp, 65328/udp, 65329/udp, 65330/udp, 65331/udp, 65332/udp, 65333/udp, 65334/udp, 65335/udp, 65336/udp, 65337/udp, 65338/udp, 65339/udp, 65340/udp, 65341/udp, 65342/udp, 65343/udp, 65344/udp, 65345/udp, 65346/udp, 65347/udp, 65348/udp, 65349/udp, 65350/udp, 65351/udp, 65352/udp, 65353/udp, 65354/udp, 65355/udp, 65356/udp, 65357/udp, 65358/udp, 65359/udp, 65360/udp, 65361/udp, 65362/udp, 65363/udp, 65364/udp, 65365/udp, 65366/udp, 65367/udp, 65368/udp, 65369/udp, 65370/udp, 65371/udp, 65372/udp, 65373/udp, 65374/udp, 65375/udp, 65376/udp, 65377/udp, 65378/udp, 65379/udp, 65380/udp, 65381/udp, 65382/udp, 65383/udp, 65384/udp, 65385/udp, 65386/udp, 65387/udp, 65388/udp, 65389/udp, 65390/udp, 65391/udp, 65392/udp, 65393/udp, 65394/udp, 65395/udp, 65396/udp, 65397/udp, 65398/udp, 65399/udp, 65400/udp, 65401/udp, 65402/udp, 65403/udp, 65404/udp, 65405/udp, 65406/udp, 65407/udp, 65408/udp, 65409/udp, 65410/udp, 65411/udp, 65412/udp, 65413/udp, 65414/udp, 65415/udp, 65416/udp, 65417/udp, 65418/udp, 65419/udp, 65420/udp, 65421/udp, 65422/udp, 65423/udp, 65424/udp, 65425/udp, 65426/udp, 65427/udp, 65428/udp, 65429/udp, 65430/udp, 65431/udp, 65432/udp, 65433/udp, 65434/udp, 65435/udp, 65436/udp, 65437/udp, 65438/udp, 65439/udp, 65440/udp, 65441/udp, 65442/udp, 65443/udp, 65444/udp, 65445/udp, 65446/udp, 65447/udp, 65448/udp, 65449/udp, 65450/udp, 65451/udp, 65452/udp, 65453/udp, 65454/udp, 65455/udp, 65456/udp, 65457/udp, 65458/udp, 65459/udp, 65460/udp, 65461/udp, 65462/udp, 65463/udp, 65464/udp, 65465/udp, 65466/udp, 65467/udp, 65468/udp, 65469/udp, 65470/udp, 65471/udp, 65472/udp, 65473/udp, 65474/udp, 65475/udp, 65476/udp, 65477/udp, 65478/udp, 65479/udp, 65480/udp, 65481/udp, 65482/udp, 65483/udp, 65484/udp, 65485/udp, 65486/udp, 65487/udp, 65488/udp, 65489/udp, 65490/udp, 65491/udp, 65492/udp, 65493/udp, 65494/udp, 65495/udp, 65496/udp, 65497/udp, 65498/udp, 65499/udp, 65500/udp, 65501/udp, 65502/udp, 65503/udp, 65504/udp, 65505/udp, 65506/udp, 65507/udp, 65508/udp, 65509/udp, 65510/udp, 65511/udp, 65512/udp, 65513/udp, 65514/udp, 65515/udp, 65516/udp, 65517/udp, 65518/udp, 65519/udp, 65520/udp, 65521/udp, 65522/udp, 65523/udp, 65524/udp, 65525/udp, 65526/udp, 65527/udp, 65528/udp, 65529/udp, 65530/udp, 65531/udp, 65532/udp, 65533/udp, 65534/udp, 65535/udp systemd-freeswitch
I did attempt a fix, which does work, however I'm sure the code quality is not up to par for this project: https://github.com/containers/podman/compare/main...skyblaster:podman:exposed-port-ranges-ps
This brings up another area that could benefit from grouping.
Here's a snippet from podman image inspect freeswitch:
"Config": {
"ExposedPorts": {
"16384-32768/udp": {},
"5060/tcp": {},
"5060/udp": {},
"5061/tcp": {},
"5061/udp": {},
"5066/tcp": {},
"5080/tcp": {},
"5080/udp": {},
"5081/tcp": {},
"5081/udp": {},
"64535-65535/udp": {},
"7443/tcp": {},
"8021/tcp": {},
"8081/tcp": {},
"8082/tcp": {}
},
Which is very different from the non-grouped output of podman inspect systemd-freeswitch:
"Ports": {
"16384/udp": null,
"16385/udp": null,
"16386/udp": null,
"16387/udp": null,
"16388/udp": null,
"16389/udp": null,
...
...
...
"65519/udp": null,
"65520/udp": null,
"65521/udp": null,
"65522/udp": null,
"65523/udp": null,
"65524/udp": null,
"65525/udp": null,
"65526/udp": null,
"65527/udp": null,
"65528/udp": null,
"65529/udp": null,
"65530/udp": null,
"65531/udp": null,
"65532/udp": null,
"65533/udp": null,
"65534/udp": null,
"65535/udp": null,
"7443/tcp": null,
"8021/tcp": null,
"8081/tcp": null,
"8082/tcp": null
},
I believe the podman inspect output must be that way for docker compat, they do not group port ranges there AFAIK.
A friendly reminder that this issue had no activity for 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello, I'm just commenting here to say that I encounter the same problem after an update of my podman package on debian trixie :
podman --version podman version 5.2.2
We are using multiple containers which have to expose lots of ports and now the output is really not readable. It's even the case for the containers that don't expose ports because it creates spaces corresponding to the size of the largest "PORTS" String.
You can see an example on the following screenshot (I had to hide the data corresponding to our containers, sorry) :
PRs welcome, otherwise I get to it when I get to it. And yes of course I would love to fix this but time is limited.