Bug 1982164
Summary: | Podman volumes with size options | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Ashish Reddy <asreddy> |
Component: | podman | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | Joy Pu <ypu> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.4 | CC: | bbaude, chhudson, dornelas, dwalsh, jligon, jnovy, lsm5, mheon, pthomas, tsweeney, umohnani, ypu |
Target Milestone: | beta | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | podman-3.4 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-10 13:27:31 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1186913 | ||
Deadline: | 2022-02-28 |
Description
Ashish Reddy
2021-07-14 11:03:08 UTC
Paul, can you take a look at this please? This should go to Nalin, or Giuseppe or Me. The issue here is whether or not the disk that the volume was created on, has quota. Also whether we can enforce quota on the root user. Actually on second thought, this has nothing to do with containers/storage but has to do with container volume storage. So assigning to Matt. Should only work on XFS. Can use code from ~/storage/drivers/quota/ Something like: q= quota.NewControl(path) q.SetQuota(path, quota.Quota{Size: size}); Might work if the file system that path is mounted on is mounted with pquota. (In reply to Ashish Reddy from comment #0) > > Steps to Reproduce: > 1. Create a volume with size option > podman volume create --opt o=size=800m test > > 2. Attach it to a container and get inside the container > podman run -it -v /var/lib/containers/storage/volumes/test/_data:/tmp > registry.access.redhat.com/ubi8 > Is this actually a sane way to mount a named volume to a container? (In reply to Daniel Walsh from comment #3) > > Might work if the file system that path is mounted on is mounted with pquota. By default RHEL 8 doesn't mount the rootfs with quotas enabled. Maybe it would be good to also add a warning when a user tries to specify size with a local fs that isn't mounted with pquote, pjquota, etc.? Derrick - very good catch. You're entirely correct, that is very much not sane. The correct way would be to use `-v test:/tmp` instead. Explanation: these are Podman-managed volumes, which provide guarantees that they cannot be removed until they are not in use by any container. We do this via reference-counting, which does not work if you manually mount the volume's data directory - so `podman volume rm` will quite happily let someone remove that volume while your container is using it. Furthermore, mounting the volume like this breaks any volume that requires a mount command (e.g. NFS volumes, or volume plugins) as we don't know a container is using the mount and will not perform said mount. Please mount named volumes created via `volume create` into containers using their names to avoid this. Hello Matthew and Derrick, Sorry for not attaching the output properly. I have done the tests also with "-v test:/tmp" option. Please find the output below: ~~~ [root@vm251-225 ~]# podman volume create --opt o=size=1g test test [root@vm251-225 ~]# [root@vm251-225 ~]# [root@vm251-225 ~]# podman volume inspect test [ { "Name": "test", "Driver": "local", "Mountpoint": "/var/lib/containers/storage/volumes/test/_data", "CreatedAt": "2021-07-27T01:19:34.166111936-04:00", "Labels": {}, "Scope": "local", "Options": {} } ] [root@vm251-225 ~]# podman run -it -v test:/tmp registry.access.redhat.com/ubi8 /bin/bash Trying to pull registry.access.redhat.com/ubi8:latest... Getting image source signatures Checking if image destination supports signatures Copying blob a50df8fd88fe done Copying blob 1cadda38f72d done Copying config 0ced1c7c9b done Writing manifest to image destination Storing signatures [root@99a5d22825da /]# [root@99a5d22825da /]# cd /tmp/ [root@99a5d22825da tmp]# dd if=/dev/zero of=file.txt count=1024 bs=1048576 1024+0 records in 1024+0 records out 1073741824 bytes (1.1 GB, 1.0 GiB) copied, 1.19697 s, 897 MB/s [root@99a5d22825da tmp]# [root@99a5d22825da tmp]# dd if=/dev/zero of=file2.txt count=1024 bs=1048576 1024+0 records in 1024+0 records out 1073741824 bytes (1.1 GB, 1.0 GiB) copied, 1.24617 s, 862 MB/s [root@99a5d22825da tmp]# [root@99a5d22825da tmp]# [root@99a5d22825da tmp]# dd if=/dev/zero of=file.txt count=1024 bs=1048576 1024+0 records in 1024+0 records out 1073741824 bytes (1.1 GB, 1.0 GiB) copied, 1.2484 s, 860 MB/s [root@99a5d22825da tmp]# dd if=/dev/zero of=file3.txt count=1024 bs=1048576 1024+0 records in 1024+0 records out 1073741824 bytes (1.1 GB, 1.0 GiB) copied, 1.30469 s, 823 MB/s [root@99a5d22825da tmp]# total 4.0G -rw-r--r--. 1 root root 1.0G Jul 27 05:20 file.txt -rw-r--r--. 1 root root 1.0G Jul 27 05:20 file2.txt -rw-r--r--. 1 root root 1.0G Jul 27 05:21 file3.txt -rwx------. 1 root root 701 Jul 21 00:55 ks-script-eipzyf1a -rwx------. 1 root root 291 Jul 21 00:55 ks-script-t5il97pv [root@99a5d22825da tmp]# ~~~ In this case also, the size option is not being honored. Is there any other way to specify the size for volumes. container-storage.conf now has a size and inodes which apply to each containers rootfs. So it will follow the rules. Note: The size/inodes is per mountpount/volume. Currently we have no way to say a Container or Pod has a total limit of size of inodes. They are always rootfs (size/inodes) + foreach(vollume) { volume(size/inodes)) podman 3.3-rc2 should be available and built for RHEL8. Looks like podman-3.4.4 has support for this. Test with podman-3.4.5-0.4.module+el8.6.0+13880+7c3afcf8.x86_64 it works as expected. It can report error message when not config disk quotas. # podman volume create --opt o=size=800m test Error: Volume options size and inodes not supported. Filesystem does not support Project Quota And works as expect when setup disk quotas: # podman volume create --opt o=size=1g test test # podman inspect test [ { "Name": "test", "Driver": "local", "Mountpoint": "/var/lib/containers/storage/volumes/test/_data", "CreatedAt": "2022-01-17T06:55:37.094941027-05:00", "Labels": {}, "Scope": "local", "Options": { "SIZE": "1g", "o": "size=1g" } } ] # podman run -it -v test:/tmp registry.access.redhat.com/ubi8 /bin/bash [root@a8c83429c8b3 /]# cd /tmp/ [root@a8c83429c8b3 tmp]# ls ks-script-1rw57zdt ks-script-g73hk9vn [root@a8c83429c8b3 tmp]# dd if=/dev/zero of=file.txt count=1024 bs=2M dd: error writing 'file.txt': No space left on device 477+0 records in 476+0 records out 998244352 bytes (998 MB, 952 MiB) copied, 2.46736 s, 405 MB/s [root@a8c83429c8b3 tmp]# exit exit So set this bug to verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: container-tools:rhel8 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:1762 This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. |