Podman: "podman pod create --infra --infra-image" does not execute entrypoint of the infra-image
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
In openSUSE land we want to establish our own pause container, and because we have a nice structured way of building and testing containers, we want to use it for our new pause container.
This means that we have a prototype pause rpm package hosted at https://build.opensuse.org/package/view_file/home:favogt:kubix-images/kubic-pause/kubic-pause.spec?expand=1
With a prototype pause container definition at https://build.opensuse.org/package/view_file/home:favogt:kubix-images/kubic-pause-image/config.kiwi?expand=1
coming together to produce registry.opensuse.org/home/favogt/kubix-images/tw/kubic/pause:0.9
As you can see in the .kiwi link, the OCI container has a defined entry-point of /usr/bin/kubic-pause
However podman pod create --infra --infra-image registry.opensuse.org/home/favogt/kubix-images/tw/kubic/pause:0.9 produces the following error
error starting Infra Container: container create failed: container_linux.go:344: starting container process caused "exec: \"/pause\": stat /pause: no such file or directory"
: internal libpod error
In short, it seems podman is trying to call /pause and ignoring the entrypoint of my --infra container.
I think this is a bug.
Steps to reproduce the issue:
- Use
podman pod create --infra --infra-imagewith an OCI image with an entrypoint other than/pause
Describe the results you expected:
Podman should honour the entrypoint defined in it's infra containers
Output of podman version:
Version: 1.0.0
Go Version: go1.11.4
OS/Arch: linux/amd64
Output of podman info:
host:
BuildahVersion: 1.6-dev
Conmon:
package: podman-1.0.0-1.1.x86_64
path: /usr/lib/podman/bin/conmon
version: 'conmon version 1.12.0-dev, commit: '
Distribution:
distribution: '"opensuse-tumbleweed"'
version: "20190115"
MemFree: 20020473856
MemTotal: 33540788224
OCIRuntime:
package: runc-1.0.0~rc6-2.1.x86_64
path: /usr/bin/runc
version: |-
runc version 1.0.0-rc6
spec: 1.0.1-dev
SwapFree: 34359734272
SwapTotal: 34359734272
arch: amd64
cpus: 8
hostname: iwreckit.suse.de
kernel: 4.20.0-1-default
os: linux
rootless: false
uptime: 5h 26m 20.53s (Approximately 0.21 days)
insecure registries:
registries: []
registries:
registries:
- docker.io
store:
ConfigFile: /etc/containers/storage.conf
ContainerStore:
number: 0
GraphDriverName: overlay
GraphOptions: null
GraphRoot: /var/lib/containers/storage
GraphStatus:
Backing Filesystem: btrfs
Native Overlay Diff: "true"
Supports d_type: "true"
ImageStore:
number: 2
RunRoot: /var/run/containers/storage
sysrich
All 15 comments
I think at present we force a /pause entrypoint (compatability for the common use Kubernetes pause image). I think it would be reasonable to look up the image first, check if it has ENTRYPOINT set, and use that instead (and default to /pause if not present).
We should also add a flag to set the command for the infra container - I can see cases where I might want to do a pause container with a full init system running, so I can share the PID namespace in the pod and get proper reaping of dead processes.
mheon
on 18 Jan 2019
Which reminds me...
@vrothberg We should probably disable mounting an init into the container if it's joining another container's PID namespace (for pods, for example) - --init doesn't make sense when you aren't the owner of the PID ns.
mheon
on 18 Jan 2019
Which reminds me...
@vrothberg We should probably disable mounting an init into the container if it's joining another container's PID namespace (for pods, for example) ---initdoesn't make sense when you aren't the owner of the PID ns.
We're already doing that :)
vrothberg
on 18 Jan 2019
I love it when I think of things and they're already handled. Nice!
mheon
on 18 Jan 2019
@sysrich Could you try to modify the entrypoint and see if this changes the behaviour?
rhatdan
on 18 Jan 2019
@rhatdan tried - it doesn't change the behaviour
error starting Infra Container: container create failed: container_linux.go:344: starting container process caused "exec: \"/pause\": stat /pause: no such file or directory"
: internal libpod error
I think what I'm requesting is related to the use of the InfraCommand function
This is currently set to a default of /pause
I would like that default to be $entrypoint, then /pause if $entrypoint is not set
Regardless it should still be overridden by options like podman pod create --infra-command
sysrich
on 18 Jan 2019
Open a PR and we can review.
rhatdan
on 18 Jan 2019
But that seems reasonable.
rhatdan
on 18 Jan 2019
@rhatdan ha! as comfortable as I am poking around your code and pointing at things, I haven't written a single line of go and I'm not sure I'm brave enough to start.. if this bug lingers, I might find myself forced..but allow this comment to be my public statement of reluctance in the hope someone better and smarter than me beats me to it ;)
sysrich
on 18 Jan 2019
I think we also might want to look at other things from the image we want to use here - environment variables might be necessary?
mheon
on 18 Jan 2019
No problem, Matt can look into this.
rhatdan
on 18 Jan 2019
I'll take a look at this tomorrow
mheon
on 5 Feb 2019
@haircommander Since you are mister podman pod, could you check this out?
rhatdan
on 8 Mar 2019
@sysrich --infra-command is an option by the way!
haircommander
on 8 Mar 2019
Related issues
bbros-dev
路
5Comments
NooneXe
路
3Comments
cruwe
路
3Comments
daltschu22
路
4Comments
SergeyBear
路
4Comments