docs(quick-deploy): remove Container Issues troubleshooting section

ShawnMcKee · ShawnMcKee · commit 5d7bcb5f6c47 · 2025-12-17T10:43:33.000-05:00
Container-based deployments are out of scope for the RPM Toolkit Quick Deploy
guide. All container-specific troubleshooting has been removed to keep the
guide focused solely on RPM-based installations.

Container Issues removed:
- Container won't start or exits immediately
- Container crashes after reboot with exit code 255
- Certbot service fails with config file error
- SELinux denials blocking container operations
diff --git a/docs/personas/quick-deploy/install-perfsonar-toolkit.md b/docs/personas/quick-deploy/install-perfsonar-toolkit.md
@@ -1197,21 +1197,6 @@ podman exec -it perfsonar-testpoint psconfig remote list
     /opt/perfsonar-toolkit/tools_scripts/perfSONAR-update-lsregistration.sh extract --output /root/restore-lsreg.sh --local
     ```
 
-    **For container-based installs:**
-    ```bash
-    # Preview changes only
-    /opt/perfsonar-toolkit/tools_scripts/perfSONAR-update-lsregistration.sh update --container perfsonar-testpoint \
-        --dry-run --site-name "Acme Co." --project WLCG \
-        --admin-email admin@example.org --admin-name "pS Admin"
-
-    # Apply new settings and restart the daemon in the container
-    /opt/perfsonar-toolkit/tools_scripts/perfSONAR-update-lsregistration.sh create --container perfsonar-testpoint \
-        --site-name "Acme Co." --domain example.org --project WLCG --project OSG \
-        --city Berkeley --region CA --country US --zip 94720 \
-        --latitude 37.5 --longitude -121.7469 \
-        --admin-name "pS Admin" --admin-email admin@example.org
-    ```
-
 1. **Automatic updates**
 
     The perfSONAR Toolkit uses `dnf-automatic` for automatic updates (already configured in Step 5).
@@ -1584,205 +1569,6 @@ Perform these checks before handing the host over to operations:
 
 ## Troubleshooting
 
-### Container Issues
-
-??? failure "Container won't start or exits immediately"
-    
-    **Symptoms:** `podman ps` shows no running containers, or container exits shortly after starting.
-    
-    **Diagnostic steps:**
-    
-    ```bash
-    # Check container logs
-    podman logs perfsonar-testpoint
-
-    # Check for systemd initialization errors
-    podman logs perfsonar-testpoint 2>&1 | grep -i "failed\|error"
-
-    # Verify compose file syntax
-    cd /opt/perfsonar-toolkit
-    podman-compose config
-
-    ```
-
-    **Common causes:**
-
-    - Missing entrypoint wrapper: Ensure `/opt/perfsonar-toolkit/tools_scripts/testpoint-entrypoint-wrapper.sh` exists
-    - SELinux denials: Check `ausearch -m avc -ts recent` and consider temporarily setting to permissive mode for testing
-    - Incorrect bind-mount paths: Verify all host directories exist and have correct permissions
-    - Cgroup issues: Ensure `cgroupns: private` is set and no manual cgroup bind-mounts exist
-
-??? failure "Container won't start or exits immediately"
-    
-    **Symptoms:** `podman ps` shows no running containers, or container exits shortly after starting.
-    
-    **Diagnostic steps:**
-    
-    ```bash
-    # Check container logs
-    podman logs perfsonar-testpoint
-
-    # Check for systemd initialization errors
-    podman logs perfsonar-testpoint 2>&1 | grep -i "failed\|error"
-
-    # Verify compose file syntax
-    cd /opt/perfsonar-toolkit
-    podman-compose config
-
-    ```
-
-    **Common causes:**
-
-    - Missing entrypoint wrapper: Ensure `/opt/perfsonar-toolkit/tools_scripts/testpoint-entrypoint-wrapper.sh` exists
-    - SELinux denials: Check `ausearch -m avc -ts recent` and consider temporarily setting to permissive mode for testing
-    - Incorrect bind-mount paths: Verify all host directories exist and have correct permissions
-    - Cgroup issues: Ensure `cgroupns: private` is set and no manual cgroup bind-mounts exist
-
-??? failure "Container crashes after reboot with exit code 255"
-    
-    **Symptoms:** Containers run fine when started manually but crash-loop after host reboot. Logs show repeated restarts
-    with exit code 255.
-    
-    **Cause:** The perfSONAR testpoint image runs systemd internally but podman-compose doesn't support the
-    `--systemd=always` flag required for proper systemd operation in containers.
-    
-    **Diagnostic steps:**
-    
-    ```bash
-    # Check container status
-    podman ps -a
-
-    # Check systemd service status
-    systemctl status perfsonar-testpoint.service
-
-    # View recent container logs
-    podman logs perfsonar-testpoint --tail 100
-
-    # Check if using compose-based service (BAD)
-    grep -A5 "ExecStart" /etc/systemd/system/perfsonar-testpoint.service
-    ```
-
-    **Solution:**
-
-    Replace the compose-based systemd service with proper systemd units that use `podman run --systemd=always`:
-
-    ```bash
-    # Stop and disable old service
-    systemctl stop perfsonar-testpoint.service
-    systemctl disable perfsonar-testpoint.service
-
-    # Install new systemd units
-    curl -fsSL \
-        https://raw.githubusercontent.com/osg-htc/networking/master/docs/perfsonar/tools_scripts/install-systemd-units.sh \
-        -o /tmp/install-systemd-units.sh
-    chmod 0755 /tmp/install-systemd-units.sh
-
-    # For testpoint only:
-    /tmp/install-systemd-units.sh --install-dir /opt/perfsonar-toolkit
-
-    # For testpoint + certbot:
-    /tmp/install-systemd-units.sh --install-dir /opt/perfsonar-toolkit --with-certbot
-
-    # Enable and start
-    systemctl enable --now perfsonar-testpoint.service
-
-    # If using certbot:
-    systemctl enable --now perfsonar-certbot.service
-
-    # Verify containers are running
-    podman ps
-    curl -kI https://127.0.0.1/
-    ```
-
-    **Verification:**
-
-    After installing the new units, the testpoint should:
-    - Start successfully on boot
-    - Run systemd properly inside the container
-    - Maintain state across reboots
-    - Show "Up" status in `podman ps` (not "Exited" or crash-looping)
-
-??? failure "Certbot service fails with 'Unable to open config file' error"
-    
-    **Symptoms:** `perfsonar-certbot.service` fails immediately after starting with exit code 2. Logs show: `certbot: error:
-    Unable to open config file: trap exit TERM; while...`
-    
-    **Cause:** The certbot container image has a built-in entrypoint that expects certbot commands directly. When using a
-    shell loop for renewal, the entrypoint tries to parse the shell command as a certbot config file, causing this error.
-    
-    **Diagnostic steps:**
-    
-    ```bash
-    # Check certbot service status
-    systemctl status perfsonar-certbot.service
-
-    # View detailed logs
-    journalctl -u perfsonar-certbot.service -n 50
-
-    # Check for the error in logs
-    journalctl -u perfsonar-certbot.service | grep "Unable to open config file"
-
-    # Verify service file configuration
-    grep -A5 "ExecStart" /etc/systemd/system/perfsonar-certbot.service
-    ```
-
-    **Solution:**
-
-    The certbot service needs two flags:
-    - `--systemd=always` for proper systemd integration and reboot persistence
-    - `--entrypoint=/bin/sh` to override the built-in entrypoint
-
-    Re-run the installation script to get the fixed version:
-
-    ```bash
-    # Stop current service
-    systemctl stop perfsonar-certbot.service
-
-    # Download and install updated systemd units
-    curl -fsSL \
-        https://raw.githubusercontent.com/osg-htc/networking/master/docs/perfsonar/tools_scripts/install-systemd-units.sh \
-        -o /tmp/install-systemd-units.sh
-    chmod 0755 /tmp/install-systemd-units.sh
-
-    # Install with certbot support
-    /tmp/install-systemd-units.sh --install-dir /opt/perfsonar-toolkit --with-certbot
-
-    # Start the fixed service
-    systemctl daemon-reload
-    systemctl start perfsonar-certbot.service
-
-    # Verify it's running
-    systemctl status perfsonar-certbot.service
-    podman ps | grep certbot
-    ```
-
-    **Expected result:** The certbot container should be running (not exiting) and the service should be in "active (running)" state.
-
-??? failure "SELinux denials blocking container operations"
-    
-    **Symptoms:** Container starts but services fail, permission denied errors in logs.
-    
-    **Diagnostic steps:**
-    
-    ```bash
-    
-    # Check for recent SELinux denials
-    ausearch -m avc -ts recent
-
-    # Temporarily set to permissive for testing
-    setenforce 0
-
-    # Test if issue resolves, then check audit log
-    ausearch -m avc -ts recent > /tmp/selinux-denials.txt
-
-    ```
-
-    **Solutions:**
-
-    - Verify volume labels are correct (`:Z` for exclusive, `:z` for shared)
-    - Recreate containers to reapply SELinux labels: `podman-compose down && podman-compose up -d`
-    - If persistent issues, consider creating custom SELinux policy or running in permissive mode
-
 ### Networking Issues
 
 ??? failure "Policy-based routing not working correctly"
