[FEAT] Can we have Journeys validated to run on RHEL and podman?

[mikeoleary]

Is your feature request related to a problem? Please describe.
Due to corporate security policies, I have a customer that cannot easily deploy Ubuntu with Docker, like many others can, to run this tool. They can deploy RHEL and Podman. However, this Journeys tool did not work consistently with Podman.

Describe the solution you'd like
I would love if Journeys tool could be run using RHEL and Podman.

Describe alternatives you've considered
An alternative used by customer is to run Docker Desktop, which appears to have worked. But ideally a more robust Journeys tool would not require this.

Additional context
The errors that were encountered by customer when using Podman were spurious and I don't have screenshots. Almost always, the tool seemed to run incredibly slowly, judging by the browser UI. Sometimes, clicking a button failed to work, only to see the expected result upon clicking the button again. I'm sorry I don't have better details, but this is more of a request for testing and validation on RHEL/podman than a specific bug report.

[mikeoleary]

Hi guys,
Any chance I can get an update on if this will be considered? The customer in question no longer needs it, FYI.

[bbusner]

I ran into many issues trying to get Journeys running in RHEL/Podman VM. Additionally, our RHEL VMs are running SELinux. In case it helps anyone, here are the issues I ran into and my workarounds. Please note, this might not be the best way to address these issues. I'm not much of a sysadmin; I'm just trying to migrate some F5 configs!

The install script didn't like colons in the tar files. Here is an example of an error from the script:

Error: payload does not match any of the supported image formats:
 * oci: Invalid OCI reference: path ./f5devcentral/f5-automation-config-converter:1.23.3.tar contains a colon

I fixed this by simply renaming the four tar files and removing the colon. The install script will still find them as long as they end in .tar.

After running docker-compose up -d, I noticed the postgres container was constantly restarting. The container logs reported chown errors:
chown: changing ownership of '/var/lib/postgresql/data': Permission denied

The RHEL /var/log/messages and /var/log/audit/audit.log also reported errors:
/var/log/messages
setroubleshoot[135479]: SELinux is preventing /usr/local/bin/python3.9 from write access on the directory journeys

/var/log/audit/audit.log
type=AVC msg=audit(1719926057.324:20748): avc: denied { setattr } for pid=129162 comm="chmod" name="db" dev="dm-9" ino=4001765 scontext=system_u:system_r:container_t:s0:c621,c992 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=0

I didn't know it was an SELinux issue initially, so I first tried changing both the MIGRATE_DIR and WORKING_DIRECTORY variables in .env to point to a path inside my home directory. Later, I realized that it was a SELinux issue and I appended ":Z" to my volume mount for postgres:
"${WORKING_DIRECTORY}/db:/var/lib/postgresql/data:Z"

I also had to do this for the journeys container. But I used a ":z" because I believe the celery-worker container also needs access to this volume:
"${WORKING_DIRECTORY}:${MIGRATE_DIR}:z"

The only other change I made was to change the ports for journeys container. It was originally configured to listen on the host's loopback IP address. I'm not running any kind of desktop GUI on the RHEL VM, so I removed the loopback so I can reach the front end on the VM's IP address:
"${JOURNEYS_PORT}:443"