spec: create/own /etc/containers/networks #2265
Conversation
dustymabe
force-pushed
the
dusty-rpm-spec-networks
branch
from
21ec3c5 to
aa7bc16
Compare
|
Ephemeral COPR build failed. @containers/packit-build please check. |
The org.osbuild.container-deploy stage uses podman. Including it in the build here will allow that stage to be used with this pipeline as the buildroot. Include a workaround here for what I consider to be a bug [1] in that `podman` will create `/etc/containers/networks` on first run if it doesn't exist. That dir should just be created by an RPM. If we don't include this workaround then the stage will fail when `podman` attempts the `mkdir` because `/etc/containers` is mounted in from the buildroot readonly. [1] containers/common#2265
|
You need to create the directory in prep section, I believe. error: Directory not found: /builddir/build/BUILDROOT/containers-common-0.61.0-1.20241205170236038297.pr2265.37.gaa7bc162.el9.x86_64/etc/containers/networks |
In some cases if /etc/ is mounted read-only the non-existence of the `/etc/containers/networks` directory will cause basic functionality to fail. ``` bash-5.2# mount --bind -o ro /etc/containers/ /etc/containers/ bash-5.2# podman info Error: mkdir /etc/containers/networks: read-only file system ``` Since it's going to get created anyway let's just have the directory exist from the beginning. Signed-off-by: Dusty Mabe <[email protected]>
dustymabe
force-pushed
the
dusty-rpm-spec-networks
branch
from
aa7bc16 to
9f2002b
Compare
|
Thanks Dan, let's see if the new push makes it happy. |
There was a problem hiding this comment.
I mean the init logic does try to create the dir but if the dir is read only then creating networks will still fail.
Would it be better if we change the code to only create the dir when we try to write to it (podman network create)? Then we just don't create the dir by default anymore. The original reason why we had to do it was the there was a lockfile in the dir as well that is needed for basically any network operation but that file was long moved to /run/lock/... so I think fixing the code seems better
that works for me too |
|
While fixing the code might be better, it could take a while for a new version of the code to get created, fixing the spec file can happen much more quickly ... |
|
I can patch this in the code within the next 15 mins if this is a priority for you. Of course the change would only make it into the podman 5.4 release in February. If you need this fix ASAP then I agree fixing the spec upstream/downstream is much quicker. |
|
The problem I was hitting was an issue with using an OSBuild stage. In OSBuild they bind mount a lot of things in read-only using If we want this in OSBuild sooner in RHEL I guess the packaging approach would be useful. I guess one option would be to do both fixes. This one to get it in faster (and also to have some RPM own |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dustymabe, Luap99 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Agree, I mean there is no harm shipping one extra directory in the rpm here. |
|
The package can be released with the current version of podman with just an update to the spec file releasever, no reason to wait for a podman release. |
|
LGTM. cc @jnovy for upcoming CS/rhel changes. |
Podman creates/initializes the network backend for every command. Howver most commands will not need it so we should keep the required actions we do to a minimum. In this case the config directory /etc/containers/networks by default as root may not exists and then we try to create it which can fail, i.e. when /etc is read only[1]. The code here are a bit more changes then I would have liked but we must make sure the default in memory network always exists and do not create the directory there. [1] containers#2265 Signed-off-by: Paul Holzinger <[email protected]>
Podman creates/initializes the network backend for every command. However most commands will not need it so we should keep the required actions we do to a minimum. In this case the config directory /etc/containers/networks by default as root may not exists and then we try to create it which can fail, i.e. when /etc is read only[1]. The code here are a bit more changes then I would have liked but we must make sure the default in memory network always exists and do not create the directory there. [1] containers#2265 Signed-off-by: Paul Holzinger <[email protected]>
In some cases if /etc/ is mounted read-only the non-existence of the
/etc/containers/networksdirectory will cause basic functionality to fail.Since it's going to get created anyway let's just have the directory exist from the beginning.