Podman auto-update with --pull=always fails #7407
Comments
openshift-ci-robot
added
the
kind/bug
|
As a note, I've been looking into more docs about auto-update, and I am guessing it's a bug because I created the systemd units using the --name flag, so they aren't based on container hashes. This seems like it should be a supported use case. |
|
How did you create the container? |
I created the systemd units with |
|
Hi @andrew-kennedy, thanks for opening the issue and sorry for the long silence. I was on PTO and the issue must have slipped through the inbox of other maintainers. The last comment seems to be truncated (see |
|
It's not truncated actually. I created these containers from the generated systemd units and the output above is still what I get from the CreateCommand podman inspect query. |
|
I think I see the problem. Podman auto-update seems to be using the Image field instead of ImageName. For example, for caddy they have these values: and the auto-uodate error mentions that image check for image |
|
Thanks! That should be enough information to get it fixed 👍 |
|
I can only reproduce when the container has been created with the image ID (i.e., 90a12b5c957bab94f57aadfd9e655d414ab69443495f22ef430152181ab0aede) instead of the name (i.e. docker.io/caddy). Could you try again from scratch and make sure that names are used instead of IDs? |
|
weirdly enough, the containers are created "automatically" via generated systemd unit files which are themselves created via So the specific failing flow is: and then after which I start those unit files/containers using If you need the generated systemd unit files and the commands in them, I can add those here too. |
|
To be 100 percent sure. Did you do a |
|
Sorry, left that step out of my summary, but yes. Had to I believe, because otherwise systemctl thinks it can't find the unit file. Here is the generated unit file for good measure: |
|
Thanks, @andrew-kennedy! I can reproduce with the service file you provided. Will take a close look now :) |
|
I found the issue. It's related to |
vrothberg
changed the title
Record the user-specified "raw" image name in the SpecGenerator, so we can pass it along to the config when creating a container. We need a separate field as the image name in the generator may be set to the ID of the previously pulled image - ultimately the cause of containers#7404. Reverting the image name from the ID to the user input would not work since "alpine" for pulling iterates over the search registries in the registries.conf but looking up "alpine" normalizes to "localhost/alpine". Recording the raw-image name directly in the generator was the best of the options I considered as no hidden magic from search registries or normalizations (that may or may not change in the future) can interfere. The auto-update backend enforces that the raw-image name is a fully-qualified reference, so we need to worry about that in the front end. Fixes: containers#7407 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Record the user-specified "raw" image name in the SpecGenerator, so we can pass it along to the config when creating a container. We need a separate field as the image name in the generator may be set to the ID of the previously pulled image - ultimately the cause of containers#7404. Reverting the image name from the ID to the user input would not work since "alpine" for pulling iterates over the search registries in the registries.conf but looking up "alpine" normalizes to "localhost/alpine". Recording the raw-image name directly in the generator was the best of the options I considered as no hidden magic from search registries or normalizations (that may or may not change in the future) can interfere. The auto-update backend enforces that the raw-image name is a fully-qualified reference, so we need to worry about that in the front end. Fixes: containers#7407 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
github-actions
bot
added
the
locked - please file new issue/PR
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
I have setup a few rootless containers using systemd with the auto update label, and they fail to update using podman auto-update with errors such as the following.
Steps to reproduce the issue:
Create various containers in a pod.
Use podman generate to create rootless systemd units to start these containers.
Start the containers using
systemctl --user start pod-test-pod.serviceAttempt to
podman auto-updateDescribe the results you received:
I received many errors like this for each container:
Describe the results you expected:
I expected the containers to auto update.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version:host:
arch: amd64
buildahVersion: 1.15.0
cgroupVersion: v2
conmon:
package: conmon-2.0.19-1.fc32.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.19, commit: 5dce9767526ed27f177a8fa3f281889ad509fea7'
cpus: 24
distribution:
distribution: fedora
version: "32"
eventLogger: file
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 5.7.15-200.fc32.x86_64
linkmode: dynamic
memFree: 4345331712
memTotal: 33604354048
ociRuntime:
name: crun
package: crun-0.14.1-1.fc32.x86_64
path: /usr/bin/crun
version: |-
crun version 0.14.1
commit: 598ea5e192ca12d4f6378217d3ab1415efeddefa
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
os: linux
remoteSocket:
exists: true
path: /run/user/1000/podman/podman.sock
rootless: true
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.1.4-1.fc32.x86_64
version: |-
slirp4netns version 1.1.4
commit: b66ffa8e262507e37fca689822d23430f3357fe8
libslirp: 4.3.1
SLIRP_CONFIG_VERSION_MAX: 2
swapFree: 8582590464
swapTotal: 8589930496
uptime: 38h 4m 54.98s (Approximately 1.58 days)
registries:
search:
store:
configFile: /home/andrew/.config/containers/storage.conf
containerStore:
number: 17
paused: 0
running: 17
stopped: 0
graphDriverName: overlay
graphOptions:
overlay.mount_program:
Executable: /usr/bin/fuse-overlayfs
Package: fuse-overlayfs-1.1.2-1.fc32.x86_64
Version: |-
fusermount3 version: 3.9.1
fuse-overlayfs: version 1.1.0
FUSE library version 3.9.1
using FUSE kernel interface version 7.31
graphRoot: /home/andrew/.local/share/containers/storage
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "false"
imageStore:
number: 21
runRoot: /run/user/1000/containers
volumePath: /home/andrew/.local/share/containers/storage/volumes
version:
APIVersion: 1
Built: 0
BuiltTime: Wed Dec 31 16:00:00 1969
GitCommit: ""
GoVersion: go1.14.6
OsArch: linux/amd64
Version: 2.0.4```
Package info (e.g. output of
rpm -q podmanorapt list podman):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
Fedora 32 Physical server.
The text was updated successfully, but these errors were encountered: