Bug 1694662

Summary: Support --restart=no in podman docker compatibility wrapper
Product: Red Hat Enterprise Linux 8 Reporter: Miroslav Lisik <mlisik>
Component: podmanAssignee: Jindrich Novy <jnovy>
Status: CLOSED CURRENTRELEASE QA Contact: atomic-bugs <atomic-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0CC: cluster-maint, dwalsh, jligon, jnovy, lsm5, mheon, michele, tsweeney
Target Milestone: rc   
Target Release: 8.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: podman-1.4.4 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-02-26 10:28:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miroslav Lisik 2019-04-01 11:21:38 UTC 
Description of problem:
Pacemaker docker bundle failed to start because docker's --restart option is not supported in RHEL8.

Version-Release number of selected component (if applicable):
pacemaker-2.0.1-4.el8

How reproducible:
always

Steps to Reproduce:
1. Prepare docker image on all nodes:

# mkdir -p /tmp/bundle

# cat >/tmp/bundle/Dockerfile <<EOF
FROM centos:centos7

RUN yum update -y
RUN yum install -y pacemaker pacemaker-remote resource-agents
EOF


# cd /tmp/bundle/ && docker build -t pcmkbundle:latest .

2. Configure disabled bundle in pacemaker with pcs:


# pcs resource bundle create BundleTest container docker image=localhost/pcmkbundle:latest network control-port=3121 --disable
# pcs resource create dummy ocf:pacemaker:Dummy bundle BundleTest

3. Start/enable bundle

# pcs resource enable BundleTest

Actual results:

Resource failed to start.

Expected results:

Resource started successfully.

Additional info:

From logs:
Apr  1 13:05:47 virt-140 docker(BundleTest-docker-0)[17296]: INFO: running container BundleTest-docker-0 for the first time
Apr  1 13:05:47 virt-140 docker(BundleTest-docker-0)[17296]: ERROR: Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. --restart option is not supported. Use systemd unit files for restarting containers
Apr  1 13:05:47 virt-140 docker(BundleTest-docker-0)[17296]: ERROR: docker failed to launch container
Apr  1 13:05:47 virt-140 pacemaker-execd[8169]: notice: BundleTest-docker-0_start_0:17296:stderr [ Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. ]
Apr  1 13:05:47 virt-140 pacemaker-execd[8169]: notice: BundleTest-docker-0_start_0:17296:stderr [ Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. ]
Apr  1 13:05:47 virt-140 pacemaker-execd[8169]: notice: BundleTest-docker-0_start_0:17296:stderr [ error getting image "BundleTest-docker-0": repository name must be lowercase ]
Apr  1 13:05:47 virt-140 pacemaker-execd[8169]: notice: BundleTest-docker-0_start_0:17296:stderr [ Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. ]
Apr  1 13:05:47 virt-140 pacemaker-execd[8169]: notice: BundleTest-docker-0_start_0:17296:stderr [ error getting image "BundleTest-docker-0": repository name must be lowercase ]
Apr  1 13:05:48 virt-140 pacemaker-execd[8169]: notice: BundleTest-docker-0_start_0:17296:stderr [ ocf-exit-reason:docker failed to launch container ]
Apr  1 13:05:48 virt-140 pacemaker-controld[8172]: notice: Result of start operation for BundleTest-docker-0 on virt-140: 1 (unknown error)
Apr  1 13:05:48 virt-140 pacemaker-controld[8172]: notice: virt-140-BundleTest-docker-0_start_0:20 [ Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.\nEmulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.\nerror getting image "BundleTest-docker-0": repository name must be lowercase\nEmulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.\nerror getting image "BundleTest-docker-0": repository name must be lowercase\nocf-exit-reason:docker failed to launch container\n ]
Apr  1 13:05:48 virt-140 pacemaker-execd[8169]: notice: BundleTest-docker-0_stop_0:17426:stderr [ Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. ]
Apr  1 13:05:48 virt-140 pacemaker-execd[8169]: notice: BundleTest-docker-0_stop_0:17426:stderr [ error getting image "BundleTest-docker-0": repository name must be lowercase ]
Apr  1 13:05:48 virt-140 pacemaker-execd[8169]: notice: BundleTest-docker-0_stop_0:17426:stderr [ Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. ]
Apr  1 13:05:48 virt-140 pacemaker-execd[8169]: notice: BundleTest-docker-0_stop_0:17426:stderr [ error getting image "BundleTest-docker-0": repository name must be lowercase ]
Apr  1 13:05:48 virt-140 pacemaker-controld[8172]: notice: Result of stop operation for BundleTest-docker-0 on virt-140: 0 (ok)
Apr  1 13:05:48 virt-140 pacemaker-attrd[8170]: notice: Removing all BundleTest-0 attributes for peer virt-141
Apr  1 13:05:48 virt-140 pacemaker-fenced[8168]: warning: Node names with capitals are discouraged, consider changing 'BundleTest-0'
Apr  1 13:05:48 virt-140 pacemaker-fenced[8168]: notice: Node BundleTest-0 state is now lost
Apr  1 13:05:50 virt-140 pacemaker-attrd[8170]: notice: Removing all BundleTest-0 attributes for peer virt-141
Apr  1 13:05:51 virt-140 pacemaker-controld[8172]: notice: Result of probe operation for BundleTest-0 on virt-140: 7 (not running)
Apr  1 13:05:51 virt-140 pacemaker-attrd[8170]: notice: Removing all BundleTest-0 attributes for peer virt-141

After investigation was found that pacemaker starts container with these options:

docker run -d --name=BundleTest-docker-0  --restart=no -e PCMK_stderr=1 -e PCMK_remote_port=3121 -v /etc/pacemaker/authkey:/etc/pacemaker/authkey -v /var/log/pacemaker/bundles/BundleTest-0:/var/log -p 3121:3121  localhost/pcmkbundle:latest /usr/sbin/pacemaker-remoted

This command gives error message:

Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
--restart option is not supported.
Use systemd unit files for restarting containers

Option --restart=no is default is RHEL7.x. In RHEL8, this option is no longer supported.
Comment 2 Ken Gaillot 2019-04-01 16:57:33 UTC 
Reassigning to the podman component.

Podman's docker compatibility wrapper does not support the --restart option, since there's no equivalent of docker-daemon. However, there should be no problem in supporting an explicit --restart=no option, for a small increase in compatibility. (Even the other restart values could perhaps just get a warning.)

In this case, pacemaker's built-in support for launching containers via docker does pass --restart=no. That will cause fatal problems for any customers using the docker compatibility wrapper for this purpose. ("no" is the default, but I'm not sure whether that can be overridden externally somehow, so I'd rather not stop sending it -- it's crucial that docker-daemon not try to restart containers managed by pacemaker).
Comment 3 Daniel Walsh 2019-04-01 21:18:19 UTC 
Opened a PR to allow --restart=no
Comment 4 Daniel Walsh 2019-08-14 10:51:24 UTC 
Fixed in podman-1.4.4
Comment 5 Matthew Heon 2019-08-14 13:46:02 UTC 
We're actually shipping 1.4.2 in 8.1 - but it's fixed there, too