Skip to content

modulesync 10.4.0 #229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

modulesync 10.4.0 #229

wants to merge 1 commit into from

Conversation

@pccibot
Copy link
Contributor

@pccibot pccibot commented Oct 17, 2025

modulesync 10.4.0

@traylenator
Copy link
Contributor

traylenator commented Oct 17, 2025

Relevant change - voxpupuli/gha-puppet#82

Now running on container_podman rather than docker.

@traylenator
Copy link
Contributor

traylenator commented Oct 20, 2025 

podman run   --tmpfs /run --tmpfs /run/lock --cap-add=SYS_ADMIN  --security-opt seccomp=unconfined --security-opt label=disable  --userns=host debian:13 /bin/bash -c   "apt update ; apt install -y  autofs ; /usr/sbin/automount"

fails with the same error

/usr/sbin/automount: test mount forbidden or incorrect kernel protocol version, kernel protocol version 5.00 or above required.

where as

podman run  --privileged debian:13 /bin/bash -c   "apt update ; apt install -y  autofs ; /usr/sbin/automount"

works. This somewhat implies that we are not running podman with --privileged ...

@traylenator
Copy link
Contributor

traylenator commented Oct 20, 2025

Understood probably:

  bundle exec rake beaker
  shell: /usr/bin/bash -e {0}
  env:
    BEAKER_HYPERVISOR: container_podman
    BUNDLE_WITHOUT: development:test:release
    BEAKER_HCLOUD_TOKEN: 
    DOCKER_HOST: unix:///run/user/1001/podman/podman.sock

So with that DOCKER_HOST we are running rootless podman - that is doomed even with --priviledged.

  • Either get access to the system podman socket or
  • Change the tests use the mount_method => mount and forget about autofs.

@TheMeier
Copy link
Contributor

TheMeier commented Oct 22, 2025

I was chasing that in the autofs module,if you do podman inspect it reports that privilieged mode and subsequentailly a nearly all capabilities are enabled.
So you are saying both are irrelevant due to DOCKER_HOST being set? Why is it set in the first place, is that actually a thing from using docker in the past?

@traylenator
Copy link
Contributor

traylenator commented Oct 22, 2025

We are running both docker and podman as a user.
In this case docker still defaults to the root owned socket where as a podman defaults to the user owned socket... So in reality we probably do not need to set it for either case. Not setting it will change nothing however.

I've got a MR on gha-puppet to use the root owned socket with podman however while it works on my laptop it is not in CI :-( See the MR.

Even if it did work it's a bit dirty. Think solution is to switch to vagrant hypervisor for this and autofs, have not got around to trying yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

modulesync

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pccibot @traylenator @TheMeier