Add Podman Support

* Fixed
  * Validated support for podman in root and rootless mode
    * Requires upserve/docker-api#569
  * Changed the acceptance nodesets to centos so that testing on both
    podman and docker will function properly
  * No longer start containers in privileged mode by default for safety
    reasons
  * Updated the README
  * Fixed support for connections to socket files
  * Added a check for detection of SSH ports < 1024 if operating in
    rootless mode
  * Ensure that the IP is set to 127.0.0.1 instead of 0.0.0.0 for better
    SSH connections
  * Override host.reboot so that containers are not accidentally
    destroyed
  * Fixed PAM session entries due to known pam_loginuid issues
  * Override enable_root_login since it is already performed by
    this plugin
  * Override ssh_service retart if the init process is set as sshd since
    that causes container termination
* Added
  * Migrated to support docker-api 2.X
  * Set container names as `beaker-<uniquehash>` for easy cleanup if a
    name is not otherwise specified
  * Ensure that the underlying container object can be accessed at any
    time through `host[:docker_container]` for selective optimization
    * May want to override the archive_to and scp_to/from methods to
      call the underlying docker-api commands at some point

README.md

@@ -6,25 +6,94 @@ Beaker library to use docker hypervisor
 
 This gem that allows you to use hosts with [docker](docker.md) hypervisor with [beaker](https://github.com/puppetlabs/beaker).
 
-Beaker will automatically load the appropriate hypervisors for any given hosts file, so as long as your project dependencies are satisfied there's nothing else to do. No need to `require` this library in your tests.
+Beaker will automatically load the appropriate hypervisors for any given hosts
+file, so as long as your project dependencies are satisfied there's nothing else
+to do. No need to `require` this library in your tests.
 
-## With Beaker 3.x
-
-This library is included as a dependency of Beaker 3.x versions, so there's nothing to do.
-
-## With Beaker 4.x
-
-As of Beaker 4.0, all hypervisor and DSL extension libraries have been removed and are no longer dependencies. In order to use a specific hypervisor or DSL extension library in your project, you will need to include them alongside Beaker in your Gemfile or project.gemspec. E.g.
+In order to use a specific hypervisor or DSL extension library in your project,
+you will need to include them alongside Beaker in your Gemfile or
+project.gemspec. E.g.
 
 ~~~ruby
 # Gemfile
-gem 'beaker', '~>4.0'
-gem 'beaker-aws'
+gem 'beaker', '~> 4.0'
+gem 'beaker-docker'
 # project.gemspec
-s.add_runtime_dependency 'beaker', '~>4.0'
-s.add_runtime_dependency 'beaker-aws'
+s.add_runtime_dependency 'beaker', '~> 4.0'
+s.add_runtime_dependency 'beaker-docker'
 ~~~
 
+## Nodeset Options
+
+The following is a sample nodeset:
+
+~~~yaml
+HOSTS:
+  el8:
+    platform: el-8-x86_64
+    hypervisor: docker
+    image: centos:8
+    docker_cmd: '["/sbin/init"]'
+    # Run arbitrary things
+    docker_image_commands:
+      - 'touch /tmp/myfile'
+    dockeropts:
+      Labels:
+        thing: 'stuff'
+      HostConfig:
+        Privileged: true
+  el7:
+    platform: el-7-x86_64
+    hypervisor: docker
+    image: centos:7
+    # EL7 images do not support nested systemd
+    docker_cmd: '/usr/sbin/sshd -D -E /var/log/sshd.log'
+CONFIG:
+  docker_cap_add:
+    - AUDIT_WRITE
+~~~
+
+## Privileged containers
+
+Containers are **not** run in privileged mode by default for safety.
+
+If you wish to enable privileged mode, simply set the following in your node:
+
+~~~yaml
+dockeropts:
+  HostConfig:
+    Privileged: true
+~~~
+
+## Cleaning up after tests
+
+Containers created by this plugin may not be destroyed unless the tests complete
+successfully. Each container created is prefixed by `beaker-` to make filtering
+for clean up easier.
+
+A quick way to clean up all nodes is as follows:
+
+~~~sh
+podman rm -f $( podman ps -q -f name="beaker-*" )
+~~~
+
+# Working with `podman`
+
+If you're using a version of `podman` that has API socket support then you
+should be able to simply set `DOCKER_HOST` to your socket and connect as usual.
+
+You also need to ensure that you're using a version of the `docker-api` gem that
+supports `podman`.
+
+You may find that not all of your tests work as expected. This will be due to
+the tighter system restrictions placed on containers by `podman`. You may need
+to edit the `dockeropts` hash in your nodeset to include different flags in the
+`HostConfig` section.
+
+See the
+[HostConfig](https://any-api.com/docker_com/engine/docs/Definitions/HostConfig)
+portion of the docker API for more information.
+
 # Spec tests
 
 Spec test live under the `spec` folder. There are the default rake task and therefore can run with a simple command:
@@ -34,7 +103,8 @@ bundle exec rake test:spec
 
 # Acceptance tests
 
-There is a simple rake task to invoke acceptance test for the library: 
+There is a simple rake task to invoke acceptance test for the library:
+
 ```bash
 bundle exec rake test:acceptance
 ```

acceptance/config/nodes/hosts.yaml

@@ -1,9 +1,9 @@
 ---
 HOSTS:
-  ubuntu1604-64-1:
-    platform: ubuntu-1604-x86_64 
+  centos8:
+    platform: el-8-x86_64
     hypervisor: docker
-    image: ubuntu:16.04
+    image: centos:8
     roles:
       - master
       - agent
@@ -12,22 +12,24 @@ HOSTS:
       - classifier
       - default
     docker_cmd: '["/sbin/init"]'
+    docker_cap_add:
+      - AUDIT_WRITE
     dockeropts:
       Labels:
         one: '1'
         two: '2'
-  ubuntu1604-64-2:
-    platform: ubuntu-1604-x86_64
+  centos7:
+    platform: el-7-x86_64
     hypervisor: docker
-    image: ubuntu:16.04
+    image: centos:7
     roles:
       - agent
-    docker_cmd: '["/sbin/init"]'
+    docker_cmd: '/usr/sbin/sshd -D -E /var/log/sshd.log'
+    use_image_entrypoint: true
+    dockeropts:
+      HostConfig:
+        Privileged: true
 CONFIG:
   nfs_server: none
   consoleport: 443
   log_level: verbose
-  dockeropts:
-    Labels:
-      one: '3'
-      two: '4'

beaker-docker.gemspec

@@ -32,7 +32,7 @@ Gem::Specification.new do |s|
 
   # Run time dependencies
   s.add_runtime_dependency 'stringify-hash', '~> 0.0.0'
-  s.add_runtime_dependency 'docker-api', '< 2.0.0'
+  s.add_runtime_dependency 'docker-api', '< 3.0.0'
 
 end