issuecreation

[abhidev8]

Issue Description
Hi, I am trying to automate container image creation using Azure pipelines, running Podman in Podman (PINP) and could not be able to run podman commands in the azure pipeline. Here's my repo structure:

Repo Name: BuildContainerPipeline
|==>azure-pipelines.yml
|==>ContainerImage.yml
|==>containerFile

NOTE: The BuildContainerPipeline is executing on containerized azure agent which is created manually/from local machine fedora box based on the above containerFile
azure-pipelines.yml ==> this contains some basic checks and refers to template-containerimage.yml to build container image (refer to the below .yml script)
#Starter pipeline

trigger:
batch: true
branches:
include:
- main
- feature/*

pool: DEV-AWS

variables:

• name: region
  value: "us-west-2"

jobs:

• job: clean_workspace_job
  workspace:
  clean: all
  condition: always()
  steps:

  • checkout: none
  • task: CmdLine@2
    displayName: clean task
    inputs:
    script: |
    echo "Cleaning workspace"

• deployment: Build_Container
  displayName: Build Container
  strategy:
  runOnce:
  deploy:
  steps:
  - task: CmdLine@2
  displayName: List Agent Directory
  inputs:
  script: |
  set -ex
  ls -alh $AGENT_BUILDDIRECTORY
  ls -alh $AGENT_BUILDDIRECTORY/s

      - template: ContainerImage.yml
  

ContainerImage.yml ==> this contains aws and podman commands that creates image and push to AWS ECR (refer to the below containerfile)
parameters:

• name: region
  type: string
  default: "us-west-2"
• name: displayName
  type: string
  default: "Build Agent Container"
• name: imageName
  type: string
  default: "aws-ado-agent"
• name: ECRName
  type: string
  default: "xxxxxxxx.dkr.ecr.us-west-2.amazonaws.com"
• name: workingDir
  type: string
  default: ""
• name: dockerFileDirPath
  type: string
  default: "$AGENT_BUILDDIRECTORY/s"
• name: dockerFileName
  type: string
  default: dockerFile

steps:

• task: CmdLine@2
  name: Build_Container
  displayName: ${{parameters.displayName}}
  inputs:
  script: |
  set -ex
  curl 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
  echo "start Image build"
  aws ecr get-login-password --region ${{parameters. Region}} | podman login --username AWS --password-stdin ${{parameters.ECRName}}
  cd ${{parameters.dockerFileDirPath}}
  VERSION=$(Build.BuildNumber)
  IMAGE_NAME=${{parameters.imageName}}
  podman build --format docker -t ${IMAGE_NAME}:v$VERSION -f ${{parameters.dockerFileName}} .
  podman tag 12345 xxxxxxxx.dkr.ecr.us-west-2.amazonaws.com/${IMAGE_NAME}:v$VERSION
  podman tag 12345 xxxxxxxx.dkr.ecr.us-west-2.amazonaws.com/${IMAGE_NAME}
  podman push xxxxxxxx.dkr.ecr.us-west-2.amazonaws.com/${IMAGE_NAME}:v$VERSION
  podman push xxxxxxxx.dkr.ecr.us-west-2.amazonaws.com/${IMAGE_NAME}
  podman rmi xxxxxxxx.dkr.ecr.us-west-2.amazonaws.com/${IMAGE_NAME}:v$VERSION
  podman rmi xxxxxxxx.dkr.ecr.us-west-2.amazonaws.com/${IMAGE_NAME}
  podman image prune -a;
  workingDirectory: "$(Pipeline.Workspace)/${{parameters.workingDir}}"
  containerFile ==> I have created this container file as mentioned here containers/podman
  Describe the results you received
  When I run the pipeline, I get the error below at podman login command, I have tried running AWS ECR command separately and could not get any error, I am seeing errors only when executing any Ppodman commands in the pipeline.
  Pipeline Log:

2023-06-20T08:22:23.0312499Z + podman login --username AWS --password-stdin xxxxxxxx.dkr.ecr.us-west-2.amazonaws.com
2023-06-20T08:22:23.0312499Z + podman login --username AWS --password-stdin 215206609463.dkr.ecr.us-west-2.amazonaws.com
2023-06-20T08:22:23.1067413Z + aws ecr get-login-password --region us-west-2
2023-06-20T08:22:24.7063750Z cannot clone: Operation not permitted
2023-06-20T08:22:24.7067977Z Error: cannot re-exec process
2023-06-20T08:22:26.8903041Z Exception ignored in: <_io.TextIOWrapper name='' mode='w' encoding='utf-8'>
2023-06-20T08:22:26.8903581Z BrokenPipeError: [Errno 32] Broken pipe
2023-06-20T08:22:27.4149409Z ##[error]Bash exited with code '125'.
I have also tried just running `podman info' command but ran in to same error
Pipeline Log:

2023-06-20T08:33:46.1083385Z + podman info
2023-06-20T08:33:46.1083639Z start Image build
2023-06-20T08:33:46.3498375Z cannot clone: Operation not permitted
2023-06-20T08:33:46.3499097Z Error: cannot re-exec process
2023-06-20T08:33:46.4126170Z ##[error]Bash exited with code '125'.
Describe the results you expected
I should be able to run podman commands without any issues
podman info output (ran from my local fedora box)
host:
arch: amd64
buildahVersion: 1.28.0
cgroupControllers: []
cgroupManager: cgroupfs
cgroupVersion: v1
conmon:
package: conmon-2.1.5-1.fc36.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.5, commit: '
cpuUtilization:
idlePercent: 99.23
systemPercent: 0.46
userPercent: 0.31
cpus: 8
distribution:
distribution: fedora
variant: container
version: "36"
eventLogger: file
hostname: mypcname
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 5.10.16.3-microsoft-standard-WSL2
linkmode: dynamic
logDriver: k8s-file
memFree: 23933665280
memTotal: 26699354112
networkBackend: netavark
ociRuntime:
name: crun
package: crun-1.7.2-2.fc36.x86_64
path: /usr/bin/crun
version: |-
crun version 1.7.2
commit: 0356bf4aff9a133d655dc13b1d9ac9424706cac4
rundir: /tmp/podman-run-1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +WASM:wasmedge +YAJL
os: linux
remoteSocket:
path: /tmp/podman-run-1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-0.2.beta.0.fc36.x86_64
version: |-
slirp4netns version 1.2.0-beta.0
commit: 477db14a24ff1a3de3a705e51ca2c4c1fe3dda64
libslirp: 4.6.1
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.3
swapFree: 7516192768
swapTotal: 7516192768
uptime: 19h 10m 28.00s (Approximately 0.79 days)
plugins:
authorization: null
log:

• k8s-file
• none
• passthrough
• journald
  network:
• bridge
• macvlan
  volume:
• local
  registries:
  search:
• registry.fedoraproject.org
• registry.access.redhat.com
• docker.io
• quay.io
  store:
  configFile: /home/myuser/.config/containers/storage.conf
  containerStore:
  number: 6
  paused: 0
  running: 0
  stopped: 6
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/myuser/.local/share/containers/storage
  graphRootAllocated: 269490393088
  graphRootUsed: 12191260672
  graphStatus:
  Backing Filesystem: extfs
  Native Overlay Diff: "false"
  Supports d_type: "true"
  Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
  number: 32
  runRoot: /tmp/podman-run-1000/containers
  volumePath: /home/myuser/.local/share/containers/storage/volumes
  version:
  APIVersion: 4.3.1
  Built: 1668180253
  BuiltTime: Fri Nov 11 20:54:13 2022
  GitCommit: ""
  GoVersion: go1.18.7
  Os: linux
  OsArch: linux/amd64
  Version: 4.3.1
  I could not get able to resolve this issue or find alternative solution for my use case. Request the community to help me on this issue.
  Please let me know if you require more details on my use case. Thanks for your help/inputs
  @sbidoul @cevich @rhatdan @Luap99

[cevich]

(Restored discussion from edit history, it was blanked out for some reason).

[cevich]

Woops, my bad, this discussion was replaced by #18944