rmi: image in use by nonexistent container

[2xB]

First: If there's anything I can provide info on or test out, I'd be happy to do so in the next days. I plan on resetting podman storage next week, so now would be the time to test anything as long as the issue is visible.

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

On my machine, some untagged images exist that are not removed with podman image prune. I have no containers (podman container list -a gives an empty list), but trying to remove one of the dangling images using rmi, an error occurs stating image is in use by a container. Trying to do anything with the given container, I get no such container.

Btw. podman images takes approximately a minute which seems quite long.

Steps to reproduce the issue:

sh-5.1$ podman images
REPOSITORY                 TAG         IMAGE ID      CREATED       SIZE
[...]
<none>                     <none>      1ddd162dd266  2 weeks ago   3.32 GB
[...]
sh-5.1$ podman container list
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES
sh-5.1$ podman container list -a
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES
sh-5.1$ podman rmi 1ddd162dd266
Error: Image used by c9eef8764b304daaab222683bd5bf12182620e101f8ed5a45dd3f4f3aa961cb6: image is in use by a container
sh-5.1$ podman start -ia c9eef8764b304daaab222683bd5bf12182620e101f8ed5a45dd3f4f3aa961cb6
Error: no container with name or ID "c9eef8764b304daaab222683bd5bf12182620e101f8ed5a45dd3f4f3aa961cb6" found: no such container

Describe the results you received:
Image is said to be in use by a container that seems to not exist.

Describe the results you expected:
Image is removed using rmi or a container appears in the list.

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:      3.4.0
API Version:  3.4.0
Go Version:   go1.17.1
Git Commit:   6e8de00bb224f9931d7402648f0177e7357ed079
Built:        Fri Oct  1 12:14:18 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.23.1
  cgroupControllers: []
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: /usr/bin/conmon is owned by conmon 1:2.0.30-1
    path: /usr/bin/conmon
    version: 'conmon version 2.0.30, commit: 2792c16f4436f1887a7070d9ad99d9c29742f38a'
  cpus: 8
  distribution:
    distribution: manjaro
    version: unknown
  eventLogger: journald
  hostname: b2-81j7
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 10000
      size: 55537
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 10000
      size: 55537
  kernel: 5.12.19-1-MANJARO
  linkmode: dynamic
  logDriver: journald
  memFree: 206942208
  memTotal: 8081862656
  ociRuntime:
    name: crun
    package: /usr/bin/crun is owned by crun 1.2-1
    path: /usr/bin/crun
    version: |-
      crun version 1.2
      commit: 4f6c8e0583c679bfee6a899c05ac6b916022561b
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: /usr/bin/slirp4netns is owned by slirp4netns 1.1.12-1
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 11474182144
  swapTotal: 17179865088
  uptime: 63h 59m 42.5s (Approximately 2.62 days)
plugins:
  log:
  - k8s-file
  - none
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /home/b2/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/b2/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 96
  runRoot: /run/user/1000/containers
  volumePath: /home/b2/.local/share/containers/storage/volumes
version:
  APIVersion: 3.4.0
  Built: 1633083258
  BuiltTime: Fri Oct  1 12:14:18 2021
  GitCommit: 6e8de00bb224f9931d7402648f0177e7357ed079
  GoVersion: go1.17.1
  OsArch: linux/amd64
  Version: 3.4.0

Package info (e.g. output of rpm -q podman or apt list podman):

Manjaro system package

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)

At least with the newest version available for Manjaro

Additional environment details (AWS, VirtualBox, physical, etc.):

[mheon]

3.4.0 is a few minor versions out of date, can you try 3.4.2?

That container is probably a leftover Buildah container from an aborted build. Does podman rm --force remove it?

[2xB]

@mheon Yes, the container is even removed successfully using podman rm without force. It is not removed using podman container prune though.

I btw. have 6 such ghost containers left to test (that I know of thanks to dangling but not pruned images).
Regarding 3.4.2: Is there a better way for Manjaro than building it from source?

[2xB]

@mheon Tried it on Podman 3.4.2 (its Manjaro package was updated). Same issue as before, only after removing the ghost container with podman rm and calling podman rmi to remove the image again, which resulted in:

> podman rmi ae2c69eefe1e
Deleted: ae2c69eefe1eef33a3bad217f3d41478d3d6e83625a9d6a7f2124d08afd3fb4d
Error: Image used by 9ae4d8a4ed5d37c6480db91debae03076358bbefe8140f4d21e3afbd708d9c86: image is in use by a container
> podman rmi ae2c69eefe1e
Error: ae2c69eefe1e: image not known

So it works after removing the container, but it writes the same error message it would write if the container was there after successfully deleting the image.

[2xB]

If there's any test I could perform to provide more information to fix this, I'd be very interested in doing so!

[2xB]

Although ignored by podman container prune, using podman system reset, the containers are listed with WARNING! The following external containers will be purged:. Reading the source (https://github.com/containers/podman/blob/473f958e137eb9d8a3a3ef44cf3c17513243c18d/cmd/podman/system/reset.go), this means the ghost containers can be listed via
registry.ContainerEngine().ContainerListExternal(registry.Context())
. Question remains why podman container prune doesn't prune them.

[mheon]

Because they may be containers you are actually using. If you're on a system with CRI-O or Buildah installed, those containers could have been made by one of those; there's no easy way to determine whether these containers are artifacts of a failed build or intentionally-created containers from another tool.

We added a flag to podman image prune (--external) to remote such containers when pruning unused images (containers not recognized by Podman that are using an image that would otherwise be pruned).

[2xB]

That is awesome! I bet CI systems such as the hopefully progressing GitLab Runner Podman executor can really profit from this way of avoiding a buildup of unused files by canceled builds. I am btw. using podman build, therefore I didn't expect to have "external" containers.

But should I be worried though that the ghost containers don't show up when doing podman container list --external in 3.4.2?

[mheon]

That is very unusual, that should show all containers, even those not created by Podman - sounds like a bug. @rhatdan Any thoughts?

[rhatdan]

Yes they should show up.
Could you execute buildah containers

[2xB]

Sure! So far, I've only used podman build and no external tool like buildah, so I've installed buildah freshly. Output:

CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME
1a06688345ad     *     7e94ed77b448 docker.io/library/fedora:31      fedora-working-container
1bb57bc88d4b     *     b4e4de9c1de0                                  b4e4de9c1de031e01f789604145e9983cb2a436072ce44c406abbea989f60650-working-container
56f891d170a9     *     3269b400037f                                  3269b400037f466a7a0b09a2af712cd0bedea90dee151d779c16ce6de662fac5-working-container
654be61126a3     *     8589d6b27cb3                                  8589d6b27cb332af36631dfdfac16511880bbc4131c9866386df69f55fd56d72-working-container
4aa45ed3e66e     *     7146d89079b2                                  7146d89079b238aa2b0c3b34d231f690a51568c23c52f5e9e4c6871445440eb8-working-container
7b3ea4a0b5e8     *     6fb4681b6408                                  6fb4681b6408bea62ef3d8850b987ecbf753bf62b8fa3199d3683c6ec8859e09-working-container
58ef4c9271af     *     c3ae700fe0f8                                  c3ae700fe0f8a6b61750814b78dc1ce4371052f59814ee7ed60a399cf3f4827d-working-container
cb04b8237def     *     2b971f9093c0                                  2b971f9093c055748f814e9b3121f0ddeeb6c17678bab0f75cd798d128db7f33-working-container
bf27aaabd6ea     *     2d423850fc7b                                  2d423850fc7be506daf7ef4f654c1fa4cc25082f8c73d90e6d3b31b978f31e73-working-container
52975c7bba67     *     b31d19cc6351                                  b31d19cc63516dfba93b5f939371ef4af24539e61e5b922fb08aa70aae1a04dc-working-container
45c626665f58     *     546f1be90b8d                                  546f1be90b8dae6fe042332f022e3a4c2cc73ea4de31cfe6661c4b452401819e-working-container
461ddffbc0fc     *     862808be185f                                  862808be185f7650fea2ef205413a204babe99e639c4f04af4036cd1b8985583-working-container
235eaa559145     *     b31d19cc6351                                  b31d19cc63516dfba93b5f939371ef4af24539e61e5b922fb08aa70aae1a04dc-working-container-1
3fa80a4e8b51     *     5d236624ac5b                                  5d236624ac5be54f1c1bb0dca66127e7e2e091537d9b96a5b78500d978cb38b3-working-container
d3bbc817f7f3     *     22353ffdfb33                                  22353ffdfb33307fa766799d37925f850b75096eb2dc62afce70d0d3223ed0ee-working-container
ff5dd3e8c290     *     f6e24827bc30                                  f6e24827bc306b566139dd34814568110b485614a3e73d1d45ae264336d8892f-working-container
be157736f8bc     *     d23bc7da4516                                  d23bc7da45166c8b16f5fb24b725c52a02da11f48d7274d69d9a4dc4b8b3826d-working-container
6a60d8211849     *     a2ce1eb606e7                                  a2ce1eb606e7ab726b5324a5e27dbd02ecb0102da84442382fe3dbde3dea0664-working-container
d62b30e577ce     *     38a10ca56b11                                  38a10ca56b11268f4cbc562400142771da8c40001adb43e57c4365d5403946a8-working-container
ae691b6ff69a     *     04269b40740e                                  04269b40740e83a053b0203397c28e7669790de228d27f020bdd47d159a96e1c-working-container
3ac23b81cf86     *     63952f22264a                                  63952f22264a5dce9cc5481227d5740f289a99d7e8166c93626a741803f3e7db-working-container
1e9092ed5bc6     *     9040bd0e89f1                                  9040bd0e89f1c568b863f7050b9ca29dcd3a883fc5d761cb6961b8e918baf683-working-container
59f9b36f0ab8     *     023841fdeb94                                  023841fdeb94d11451854acfc64ba94fa0932557218b91626c91438b2511e695-working-container
c991c6e1cfad     *     6fb4681b6408                                  6fb4681b6408bea62ef3d8850b987ecbf753bf62b8fa3199d3683c6ec8859e09-working-container-1
ca237b81e54f     *     c3ae700fe0f8                                  c3ae700fe0f8a6b61750814b78dc1ce4371052f59814ee7ed60a399cf3f4827d-working-container-1
47d001087a64     *     2b971f9093c0                                  2b971f9093c055748f814e9b3121f0ddeeb6c17678bab0f75cd798d128db7f33-working-container-1
616565447cb3     *     b31d19cc6351                                  b31d19cc63516dfba93b5f939371ef4af24539e61e5b922fb08aa70aae1a04dc-working-container-2
eff61b0cc996     *     5d236624ac5b                                  5d236624ac5be54f1c1bb0dca66127e7e2e091537d9b96a5b78500d978cb38b3-working-container-1
3ed5ee598ff9     *     22353ffdfb33                                  22353ffdfb33307fa766799d37925f850b75096eb2dc62afce70d0d3223ed0ee-working-container-1
4201eb9acf54     *     b31d19cc6351                                  b31d19cc63516dfba93b5f939371ef4af24539e61e5b922fb08aa70aae1a04dc-working-container-3
b5b1a184804d     *     546f1be90b8d                                  546f1be90b8dae6fe042332f022e3a4c2cc73ea4de31cfe6661c4b452401819e-working-container-1
b72208263356     *     d23bc7da4516                                  d23bc7da45166c8b16f5fb24b725c52a02da11f48d7274d69d9a4dc4b8b3826d-working-container-1
fb5c4a486d80     *     a2ce1eb606e7                                  a2ce1eb606e7ab726b5324a5e27dbd02ecb0102da84442382fe3dbde3dea0664-working-container-1
156008aa6564     *     38a10ca56b11                                  38a10ca56b11268f4cbc562400142771da8c40001adb43e57c4365d5403946a8-working-container-1
e792f23e68c2     *     04269b40740e                                  04269b40740e83a053b0203397c28e7669790de228d27f020bdd47d159a96e1c-working-container-1
487e35e3469a     *     63952f22264a                                  63952f22264a5dce9cc5481227d5740f289a99d7e8166c93626a741803f3e7db-working-container-1
beb2a2d30673     *     9040bd0e89f1                                  9040bd0e89f1c568b863f7050b9ca29dcd3a883fc5d761cb6961b8e918baf683-working-container-1
cc05b1ca6cd5     *     29053e3ddf17                                  29053e3ddf1748132d4db827da4653a29afd2b75af5659d6b478d2381c90d55c-working-container
65969acfde2e     *     0e58495b280f docker.io/library/fedora:34      fedora-working-container-1
36f0d24ab4ae     *     edc7a1a346a1                                  edc7a1a346a1ee23ee9be9c6924439e17ccab2436cbc8705d455f7ae65dfba7a-working-container
3a4c20a081cc     *     21e137bbca4d                                  21e137bbca4dd505c9451e19820d55ca9c434bcf6fefc1c1d77739177eda5f8e-working-container
23a159bcc693     *     3241559b8eff                                  3241559b8efffdeda7c2bde5c762e719cec821cbef16cb74a478229d94af2262-working-container
21cff0d2633b     *     4bfbdc5e70ea                                  4bfbdc5e70ead9b4f821c4d12cd56191039417c029725bb468fa63a4db6e4b34-working-container
bac82fe80ce3     *     5cea31137024                                  5cea311370241032cbd0a0fa05bd8ca265babf1a2a287c8bde5f692a3df145e2-working-container
a7da073eb01f     *     81f1e1a330f1                                  81f1e1a330f12e934a9d24b7e2c9293f4bf7e1312f27e55fc9a7dcc76dffc500-working-container
1c36017c4d72     *     7e94ed77b448 docker.io/library/fedora:31      fedora-working-container-2
a4cf376f617b     *     b4e4de9c1de0                                  b4e4de9c1de031e01f789604145e9983cb2a436072ce44c406abbea989f60650-working-container-1
4d2d763cc8db     *     3269b400037f                                  3269b400037f466a7a0b09a2af712cd0bedea90dee151d779c16ce6de662fac5-working-container-1
c985e67172f5     *     8589d6b27cb3                                  8589d6b27cb332af36631dfdfac16511880bbc4131c9866386df69f55fd56d72-working-container-1
5ed7c0165193     *     7146d89079b2                                  7146d89079b238aa2b0c3b34d231f690a51568c23c52f5e9e4c6871445440eb8-working-container-2
65e579e61446     *     6fb4681b6408                                  6fb4681b6408bea62ef3d8850b987ecbf753bf62b8fa3199d3683c6ec8859e09-working-container-2
931462718f09     *     c3ae700fe0f8                                  c3ae700fe0f8a6b61750814b78dc1ce4371052f59814ee7ed60a399cf3f4827d-working-container-2
0ec1f59b763b     *     2b971f9093c0                                  2b971f9093c055748f814e9b3121f0ddeeb6c17678bab0f75cd798d128db7f33-working-container-2
c71f80228eb5     *     2d423850fc7b                                  2d423850fc7be506daf7ef4f654c1fa4cc25082f8c73d90e6d3b31b978f31e73-working-container-1
1436b0803af4     *     a4ee4d6a00ed                                  a4ee4d6a00edea9ab818737eae4aaaab7fa81c71ad0c99223ede38dc8a023812-working-container
0227a9061278     *     408c7d96191a                                  408c7d96191a5655381932c0f5181a7a46728594eabac8303ea89044fd295249-working-container
ea760dddf660     *     9b58b8fcefa3                                  9b58b8fcefa3ef34cc0cab276bf80e6ebac44e6698925e1921f785afbcbdaec7-working-container
c001f06c09cd     *     190e98d307be                                  190e98d307bef46e2541b5bbf59a0baa8d57b7553bda6497c6f3621b778bd611-working-container
79bdf06026f5     *     408c7d96191a                                  408c7d96191a5655381932c0f5181a7a46728594eabac8303ea89044fd295249-working-container-1
a0eef24ea950     *     53777a87d0f3                                  53777a87d0f306b0bd023f3ccc885c41cdcc59d37ffac453e301019d6e2d8510-working-container
2bb493477b9d     *     8204a83e9e96                                  8204a83e9e96fadce75a4b0498de0cc5cb5b2e7ae4c56d8a529cac8ffa9132b8-working-container
c2b59a799615     *     0f0743f3ba13                                  0f0743f3ba13e9e2003f241df8e520e46a3890c387324c10748c2c07ef5a48e2-working-container
c213bffa846b     *     5e7ff7e5421e                                  5e7ff7e5421ebef23053c9a6cd474439c21e81f0f877a6951a1504b52f8da415-working-container
4cd80533da04     *     b75fc0639cd7                                  b75fc0639cd7ad9d14d830331cb39e97caf4838281a65d505d0af9edc0fabb36-working-container
bc206b682f2f     *     5b6a668d82e2                                  5b6a668d82e2e8d39f6c78109b9c0645512e81e6005a5435b20e5912758a1559-working-container
6e940218b189     *     e74c36c0b2d8                                  e74c36c0b2d8a09715ccf38999e6682c6151ebd8369ce64c9a87c5a306fe079e-working-container
0f3fb7e6480e     *     218f4e52dff1                                  218f4e52dff15c9b5097bc3b46e964f2608301a7bcda9dcfe2845398ad9936cf-working-container
c954fd9d501a     *     7e94ed77b448 docker.io/library/fedora:31      fedora-working-container-3
9a53fffdd0bc     *     b4e4de9c1de0                                  b4e4de9c1de031e01f789604145e9983cb2a436072ce44c406abbea989f60650-working-container-2
870a434b1de9     *     3269b400037f                                  3269b400037f466a7a0b09a2af712cd0bedea90dee151d779c16ce6de662fac5-working-container-2
98e3d24996ef     *     8589d6b27cb3                                  8589d6b27cb332af36631dfdfac16511880bbc4131c9866386df69f55fd56d72-working-container-2
2ce252af7f69     *     7146d89079b2                                  7146d89079b238aa2b0c3b34d231f690a51568c23c52f5e9e4c6871445440eb8-working-container-3
c78c902d01ba     *     6fb4681b6408                                  6fb4681b6408bea62ef3d8850b987ecbf753bf62b8fa3199d3683c6ec8859e09-working-container-3
f8df592eb8f1     *     c3ae700fe0f8                                  c3ae700fe0f8a6b61750814b78dc1ce4371052f59814ee7ed60a399cf3f4827d-working-container-3
8967b778876d     *     2b971f9093c0                                  2b971f9093c055748f814e9b3121f0ddeeb6c17678bab0f75cd798d128db7f33-working-container-3
597eabf4e88b     *     2d423850fc7b                                  2d423850fc7be506daf7ef4f654c1fa4cc25082f8c73d90e6d3b31b978f31e73-working-container-2
cb1cf16edff9     *     a4ee4d6a00ed                                  a4ee4d6a00edea9ab818737eae4aaaab7fa81c71ad0c99223ede38dc8a023812-working-container-1
d1b37cc60857     *     408c7d96191a                                  408c7d96191a5655381932c0f5181a7a46728594eabac8303ea89044fd295249-working-container-2
74bae4edf421     *     53777a87d0f3                                  53777a87d0f306b0bd023f3ccc885c41cdcc59d37ffac453e301019d6e2d8510-working-container-1
70604ec9d1ae     *     8204a83e9e96                                  8204a83e9e96fadce75a4b0498de0cc5cb5b2e7ae4c56d8a529cac8ffa9132b8-working-container-1
68612039acfa     *     0f0743f3ba13                                  0f0743f3ba13e9e2003f241df8e520e46a3890c387324c10748c2c07ef5a48e2-working-container-1
f1926b5f557e     *     408c7d96191a                                  408c7d96191a5655381932c0f5181a7a46728594eabac8303ea89044fd295249-working-container-3
f6e35cc7399c     *     9b58b8fcefa3                                  9b58b8fcefa3ef34cc0cab276bf80e6ebac44e6698925e1921f785afbcbdaec7-working-container-1
cce00ad8f8ca     *     190e98d307be                                  190e98d307bef46e2541b5bbf59a0baa8d57b7553bda6497c6f3621b778bd611-working-container-1
e59c01a2e06b     *     5e7ff7e5421e                                  5e7ff7e5421ebef23053c9a6cd474439c21e81f0f877a6951a1504b52f8da415-working-container-1
43bf46c62840     *     b75fc0639cd7                                  b75fc0639cd7ad9d14d830331cb39e97caf4838281a65d505d0af9edc0fabb36-working-container-1
6f6e6a9e305e     *     5b6a668d82e2                                  5b6a668d82e2e8d39f6c78109b9c0645512e81e6005a5435b20e5912758a1559-working-container-1
7adfd673218f     *     e74c36c0b2d8                                  e74c36c0b2d8a09715ccf38999e6682c6151ebd8369ce64c9a87c5a306fe079e-working-container-1
9ae4d8a4ed5d     *     218f4e52dff1                                  218f4e52dff15c9b5097bc3b46e964f2608301a7bcda9dcfe2845398ad9936cf-working-container-1
668e1bcb050c     *     7e94ed77b448 docker.io/library/fedora:31      fedora-working-container-4
66c5f731e2f0     *     b4e4de9c1de0                                  b4e4de9c1de031e01f789604145e9983cb2a436072ce44c406abbea989f60650-working-container-3
e56e51886961     *     3269b400037f                                  3269b400037f466a7a0b09a2af712cd0bedea90dee151d779c16ce6de662fac5-working-container-3
15eb2fd423e0     *     8589d6b27cb3                                  8589d6b27cb332af36631dfdfac16511880bbc4131c9866386df69f55fd56d72-working-container-3
b096dc5540ea     *     7146d89079b2                                  7146d89079b238aa2b0c3b34d231f690a51568c23c52f5e9e4c6871445440eb8-working-container-4
76dbca68c77d     *     6fb4681b6408                                  6fb4681b6408bea62ef3d8850b987ecbf753bf62b8fa3199d3683c6ec8859e09-working-container-4
bae89e988f01     *     c3ae700fe0f8                                  c3ae700fe0f8a6b61750814b78dc1ce4371052f59814ee7ed60a399cf3f4827d-working-container-4
9a61f524cec6     *     2b971f9093c0                                  2b971f9093c055748f814e9b3121f0ddeeb6c17678bab0f75cd798d128db7f33-working-container-4
20c7c2e0b640     *     2d423850fc7b                                  2d423850fc7be506daf7ef4f654c1fa4cc25082f8c73d90e6d3b31b978f31e73-working-container-3
abf3a26e4a85     *     a4ee4d6a00ed                                  a4ee4d6a00edea9ab818737eae4aaaab7fa81c71ad0c99223ede38dc8a023812-working-container-2
088fe166cfd0     *     dec05f3406cc                                  dec05f3406cc14a140c03d9f5cf1ae88d658e296894fcfd89224a9fa737d2f33-working-container
a4903538186c     *     c808a8581554                                  c808a85815549044795c2c2f89613a4bf2bb8013a221be26dde97c04d8c7ac06-working-container
2f5ed24eea54     *     1747979f72f1                                  1747979f72f10ef7ae769a9a630e623446d0e0b2c83ba8ec3e01630c9b30d99e-working-container
d83d2da5ee24     *     dec05f3406cc                                  dec05f3406cc14a140c03d9f5cf1ae88d658e296894fcfd89224a9fa737d2f33-working-container-1
77fdf6b95ca4     *     5d077f02ffba                                  5d077f02ffbaf890bfff191386ca9f26cf7a140882d54b91bfb1201f481a3df2-working-container
08142435eb0d     *     32faf36e8a71                                  32faf36e8a7166c0cbf1056a2dfe926aedb0b2268856666b140090dbcf6ca324-working-container
744907379fa5     *     27962279d4d8                                  27962279d4d87757b4833c6cb39d72bdd2f642c9914a1836fa4146fe2659ac1f-working-container
b30e377dbf8d     *     50da3da4d126                                  50da3da4d1260a4df7c7eacbdb0b24eb32ac62ebcbb199a2c0adba25111a3fea-working-container
8ea1220ab6b7     *     f219081c1cca                                  f219081c1cca269b03b035b8bb4bc4ce976f44aac76f0124065a40173c8e7ab7-working-container
96e2dbdc9f86     *     79b9faefe00d                                  79b9faefe00d39b505fe6fc3c2b661c3c443669b523286c2edcd5ca9ae7d897e-working-container
ad08dead3002     *     ada90ff4f3f5                                  ada90ff4f3f5bc9bd432912d835acea484d2d689d250ef07e156049fdad8427f-working-container
85129319c1ef     *     38b82685d6f3                                  38b82685d6f33f631dae4ae3b39aaf468e98b3c3b6b964fd79d98d8e8a20323e-working-container
6b6be6f878f7     *     7e94ed77b448 docker.io/library/fedora:31      fedora-working-container-5
c637c287ca97     *     b4e4de9c1de0                                  b4e4de9c1de031e01f789604145e9983cb2a436072ce44c406abbea989f60650-working-container-4
ed5389472611     *     3269b400037f                                  3269b400037f466a7a0b09a2af712cd0bedea90dee151d779c16ce6de662fac5-working-container-4
215c3ccf8ec6     *     8589d6b27cb3                                  8589d6b27cb332af36631dfdfac16511880bbc4131c9866386df69f55fd56d72-working-container-4
dcfb384f8a66     *     7146d89079b2                                  7146d89079b238aa2b0c3b34d231f690a51568c23c52f5e9e4c6871445440eb8-working-container-5
093efc47eb3b     *     6fb4681b6408                                  6fb4681b6408bea62ef3d8850b987ecbf753bf62b8fa3199d3683c6ec8859e09-working-container-5
7cb38c053b56     *     c3ae700fe0f8                                  c3ae700fe0f8a6b61750814b78dc1ce4371052f59814ee7ed60a399cf3f4827d-working-container-5
84deff16e547     *     2b971f9093c0                                  2b971f9093c055748f814e9b3121f0ddeeb6c17678bab0f75cd798d128db7f33-working-container-5
fb7e3774d263     *     2d423850fc7b                                  2d423850fc7be506daf7ef4f654c1fa4cc25082f8c73d90e6d3b31b978f31e73-working-container-4
f9394258a786     *     a4ee4d6a00ed                                  a4ee4d6a00edea9ab818737eae4aaaab7fa81c71ad0c99223ede38dc8a023812-working-container-3
ac5c721a99a8     *     dec05f3406cc                                  dec05f3406cc14a140c03d9f5cf1ae88d658e296894fcfd89224a9fa737d2f33-working-container-2
4e8a60fa1864     *     0b86b7c7d1de                                  0b86b7c7d1deb14219a2f2acf66445694cb2194d056acbd5eb611c2b42151a2d-working-container
8c3ab91c1581     *     a97369b1b025                                  a97369b1b025b93ea5476d6f43ec06f21476bd5c6102e4866a0996711ec63f81-working-container
e2d80b08a91a     *     a5d11f14dff6                                  a5d11f14dff6d9d6a71506a9fe6af3c9de548be6936498a502695dfec3efafa9-working-container
0074430b9f3f     *     8f290ad8ab79                                  8f290ad8ab79d1683e5ff2e13b54bebe7271b9de9a79c7d332e88c1f1c81a7dc-working-container
1f9be7e13ab3     *     dec05f3406cc                                  dec05f3406cc14a140c03d9f5cf1ae88d658e296894fcfd89224a9fa737d2f33-working-container-3
fea9495e59c4     *     c808a8581554                                  c808a85815549044795c2c2f89613a4bf2bb8013a221be26dde97c04d8c7ac06-working-container-1
0deb88733b96     *     1747979f72f1                                  1747979f72f10ef7ae769a9a630e623446d0e0b2c83ba8ec3e01630c9b30d99e-working-container-1
d65592af0eb9     *     dec05f3406cc                                  dec05f3406cc14a140c03d9f5cf1ae88d658e296894fcfd89224a9fa737d2f33-working-container-4
251c2bc28c08     *     5d077f02ffba                                  5d077f02ffbaf890bfff191386ca9f26cf7a140882d54b91bfb1201f481a3df2-working-container-1
227a9632e9e5     *     32faf36e8a71                                  32faf36e8a7166c0cbf1056a2dfe926aedb0b2268856666b140090dbcf6ca324-working-container-1
afce54b5cd68     *     27962279d4d8                                  27962279d4d87757b4833c6cb39d72bdd2f642c9914a1836fa4146fe2659ac1f-working-container-1
e2921e1c345e     *     50da3da4d126                                  50da3da4d1260a4df7c7eacbdb0b24eb32ac62ebcbb199a2c0adba25111a3fea-working-container-1
3c5276e24616     *     f219081c1cca                                  f219081c1cca269b03b035b8bb4bc4ce976f44aac76f0124065a40173c8e7ab7-working-container-1
1184062c4ad5     *     79b9faefe00d                                  79b9faefe00d39b505fe6fc3c2b661c3c443669b523286c2edcd5ca9ae7d897e-working-container-1
befd18523ed9     *     ada90ff4f3f5                                  ada90ff4f3f5bc9bd432912d835acea484d2d689d250ef07e156049fdad8427f-working-container-1
c26582fec7e2     *     38b82685d6f3                                  38b82685d6f33f631dae4ae3b39aaf468e98b3c3b6b964fd79d98d8e8a20323e-working-container-1
c9eef8764b30     *     1ddd162dd266                                  1ddd162dd26699624452deb082de0ae710d91d05e2afa4017dd321dfc2430a6a-working-container

One could get the impression that I used Fedora 31 a lot.

[2xB]

I btw. have no idea where so many containers come from. I do cancel builds from time to time, but that seems like an extremely high amount of containers. Other than that, I start my images with the --rm flag.

[rhatdan]

Do a buildah rm --all and see if the situation is cleared up.

[2xB]

I can, but if that works I can then of course no longer help debugging it (Edit: unless I wait for these ghost containers to build up again) - maybe I should add that I also saw this issue on a CentOS 8 Stream machine that I set up a week ago. So this is nothing special to the configuration on one machine.

[2xB]

I should add that doing a podman system reset on the CentOS machine yesterday worked. If buildah rm --all is not only a workaround but would also provide insights into this issue, I can of course do it anyways and wait until these containers build up again.

[rhatdan]

Any chance you have a simple repeater. podman images list --external is just supposed to list images in container/storage, which includes Buildah images. I would like to know how the image is invisible to container/storage.

[2xB]

That was actually quite simple and @mheon is right that one gets this from an aborted build - I do that frequently because I compile code in containers and abort builds as soon as I see a compiler error. Similarly, a CI system like the GitLab Runner also cancels builds regularly depending on its setting, so that's probably "explaining" how ghost containers form in both setups. Here's an example where you can copy-paste each block from empty line to empty line:

podman run --rm -it --privileged --ulimit host -v /dev/fuse:/dev/fuse:rw quay.io/podman/stable

dnf install -y buildah

cat << EOD > Dockerfile
FROM alpine
RUN echo "Please press CTRL+C" && sleep 100000
EOD

podman build . # Now wait for the "Please press CTRL+C" message and follow it

podman container list --external

buildah containers

(The way of starting podman in podman that supports running build was found in https://stackoverflow.com/a/64537135/8575607 in the section "Podman in Podman (outdated answer)")

Example output:

> podman version
Version:      3.4.2
API Version:  3.4.2
Go Version:   go1.17.3
Git Commit:   2ad1fd3555de12de34e20898cc2ef901f08fe5ed
Built:        Fri Nov 12 22:41:08 2021
OS/Arch:      linux/amd64
> podman run --rm -it --privileged --ulimit host -v /dev/fuse:/dev/fuse:rw quay.io/podman/stable
[root@d7c2d9c66b71 /]# podman version
Version:      3.4.2
API Version:  3.4.2
Go Version:   go1.16.8
Built:        Fri Nov 12 20:25:37 2021
OS/Arch:      linux/amd64
[root@d7c2d9c66b71 /]# dnf install -y buildah
Fedora 35 - x86_64                                                               6.0 MB/s |  61 MB     00:10    
Fedora 35 openh264 (From Cisco) - x86_64                                         3.7 kB/s | 2.5 kB     00:00    
Fedora Modular 35 - x86_64                                                       1.7 MB/s | 2.6 MB     00:01    
Fedora 35 - x86_64 - Updates                                                     1.3 MB/s |  15 MB     00:11    
Fedora Modular 35 - x86_64 - Updates                                             708 kB/s | 736 kB     00:01    
Last metadata expiration check: 0:00:01 ago on Wed Dec  8 21:47:17 2021.
Dependencies resolved.
=================================================================================================================
 Package                  Architecture            Version                         Repository                Size
=================================================================================================================
Installing:
 buildah                  x86_64                  1.23.1-1.fc35                   updates                  7.7 M

Transaction Summary
=================================================================================================================
Install  1 Package

Total download size: 7.7 M
Installed size: 29 M
Downloading Packages:
buildah-1.23.1-1.fc35.x86_64.rpm                                                 8.8 MB/s | 7.7 MB     00:00    
-----------------------------------------------------------------------------------------------------------------
Total                                                                            7.9 MB/s | 7.7 MB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                         1/1 
  Installing       : buildah-1.23.1-1.fc35.x86_64                                                            1/1 
  Running scriptlet: buildah-1.23.1-1.fc35.x86_64                                                            1/1 
  Verifying        : buildah-1.23.1-1.fc35.x86_64                                                            1/1 

Installed:
  buildah-1.23.1-1.fc35.x86_64                                                                                   

Complete!
[root@d7c2d9c66b71 /]# cat << EOD > Dockerfile
FROM alpine
RUN echo "Please press CTRL+C" && sleep 100000
EOD
[root@d7c2d9c66b71 /]# podman build . # Now wait for the "Please press CTRL+C" message and follow it
STEP 1/2: FROM alpine
Resolved "alpine" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob 59bf1c3509f3 done  
Copying config c059bfaa84 done  
Writing manifest to image destination
Storing signatures
STEP 2/2: RUN echo "Please press CTRL+C" && sleep 100000
Please press CTRL+C
^C[root@d7c2d9c66b71 /]podman container list --externalal
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES
[root@d7c2d9c66b71 /]# buildah containers
CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME
95d9624d5e26     *     c059bfaa849c docker.io/library/alpine:latest  alpine-working-container

[2xB]

Btw. buildah rm --all does indeed work, so until this is fixed, a workaround is to use Buildah to clean up after Podman when a build is cancelled. At least for my GitLab executor this is works.

Still I think this would be good to be fixed - for others who try setting up a CI pipeline with Podman, the discoverability of this workaround is probably significantly lower than if the podman commands would interact with these containers correctly.

[rhatdan]

podman continaer ls --all --external

Should show them. Currently the code only shows external if you add --all.
I will fix this.

[rhatdan]

BTW This was documented in the podman ps man page.

   --external
       Display external containers that are not controlled by Podman  but  are
       stored  in containers storage.  These external containers are generally
       created via other container technology such as Buildah or CRI-O and may
       depend  on the same container images that Podman is also using.  Exter‐
       nal containers are denoted with either a 'buildah' or 'storage' in  the
       COMMAND  and  STATUS  column of the ps output. Only used with the --all
       option.

[rhatdan]

@mheon @nalind WDYT about marking Buildah containers created by Podman as podman containers and then allowing podman rm --all to destroy them automatically.

[rhatdan]

Is there a field in storage we could mark, or just add names based on podman-alpine1 or something like that.

[nalind]

buildah.OpenBuilder() should fail when called for containers for which buildah hasn't created any state data of its own, either from a call to buildah.NewBuilder() or buildah.ImportBuilder().

[rhatdan]

Sure these containers are created by buildah code. The issue is users do not know they are using buildah when they do podman build, and then we sometime leak the buildah containers, which ends up creating images which can not be removed.
If Podman became smarter about this, then podman rm --all Could remove buildah containers created by Podman build.

[2xB]

That sounds like a good first step - I would also argue that when the containers are created with podman build, they should also be removed by podman container prune without additional flags, and be visible via podman container list - just to make it easier for users to discover that cancelling builds actually pollutes the container storage. Since these containers aren't usable anyways, discovering and removing them should be as simple as possible in my opinion.

Which seems currently not to be the case, from how long it took us to understand this very issue - although most here are developers of podman. Having podman container list and podman container prune just interact with these containers normally would make this way more intuitive without any drawback at least visible from my side.