Draft: Check and fix for podman network_backend consistency when embedding containers (HMS-8783)
#1365
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thozza
force-pushed
the
el9-podman-network_backend-fix
branch
from
0cf9369 to
551bc50
Compare
achilleas-k
previously approved these changes
Mar 27, 2025
Will do. I hoped that GH will mark this PR as a Draft. 😇 My plan is first to see where the consistency check fails, before pushing any fix for RHEL-9. |
thozza
force-pushed
the
el9-podman-network_backend-fix
branch
2 times, most recently
from
d27bc35 to
4b9ecd5
Compare
thozza
force-pushed
the
el9-podman-network_backend-fix
branch
from
4b9ecd5 to
d647bc5
Compare
It turns out that jq is not installed by default on RHEL-8 images and therefore no checks were run on RHEL-8. Also extend the check script to fail in case jq is not installed, to prevent it from silently passing. Signed-off-by: Tomáš Hozza <[email protected]>
Extend the `all-customizations.json` config to embed a container in the image. Extend the `base-host-check.sh` to verify that a container image is present on the booted system in case it was specified in the BP. Explicitly install podman, which is required by the check. Signed-off-by: Tomáš Hozza <[email protected]>
When embedding containers into images, certain versions of podman may consider them as a sign of system upgrade or migration and may fall back to using `cni` network_backend for backward compatibility even though it should use its default. Since we embed containers as root, this manifests as different network_backend being used for rootfull and rootless podman. Add a check to verify that the network_backend is the same for rootfull and rootless podman when embedding container into the image. More information in: https://docs.podman.io/en/v4.2/markdown/podman-network.1.html Signed-off-by: Tomáš Hozza <[email protected]>
…ions Be consistent and don't rely on the global `config` variable in check functions and instead use a local `config_file` variable and error if not config is provided to the check function. Signed-off-by: Tomáš Hozza <[email protected]>
thozza
force-pushed
the
el9-podman-network_backend-fix
branch
from
d647bc5 to
341bda0
Compare
|
This PR is stale because it has been open 30 days with no activity. Remove "Stale" label or comment or this will be closed in 7 days. |
|
Do we still want this? EDIT: Nvm, noticed you un-staled it. |
|
This PR is stale because it had no activity for the past 30 days. Remove the "Stale" label or add a comment, otherwise this PR will be closed in 7 days. |
thozza
changed the title
network_backend consistency when embedding containersnetwork_backend consistency when embedding containers (HMS-8783)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WIP