Merge pull request #7631 from afbjorklund/podman-sudo

Add "sudo" to podman calls

hack/jenkins/linux_integration_tests_podman.sh

@@ -31,7 +31,6 @@ JOB_NAME="Experimental_Podman_Linux"
 
 mkdir -p cron && gsutil -qm rsync "gs://minikube-builds/${MINIKUBE_LOCATION}/cron" cron || echo "FAILED TO GET CRON FILES"
 sudo install cron/cleanup_and_reboot_Linux.sh /etc/cron.hourly/cleanup_and_reboot || echo "FAILED TO INSTALL CLEANUP"
-SUDO_PREFIX="sudo -E "
 
 EXTRA_ARGS="--container-runtime=containerd"
 

pkg/drivers/kic/kic.go

@@ -250,7 +250,7 @@ func (d *Driver) Kill() error {
 	}
 
 	cr := command.NewExecRunner() // using exec runner for interacting with dameon.
-	if _, err := cr.RunCmd(exec.Command(d.NodeConfig.OCIBinary, "kill", d.MachineName)); err != nil {
+	if _, err := cr.RunCmd(oci.PrefixCmd(exec.Command(d.NodeConfig.OCIBinary, "kill", d.MachineName))); err != nil {
 		return errors.Wrapf(err, "killing %q", d.MachineName)
 	}
 	return nil
@@ -301,7 +301,7 @@ func (d *Driver) Restart() error {
 // Start an already created kic container
 func (d *Driver) Start() error {
 	cr := command.NewExecRunner() // using exec runner for interacting with docker/podman daemon
-	if _, err := cr.RunCmd(exec.Command(d.NodeConfig.OCIBinary, "start", d.MachineName)); err != nil {
+	if _, err := cr.RunCmd(oci.PrefixCmd(exec.Command(d.NodeConfig.OCIBinary, "start", d.MachineName))); err != nil {
 		return errors.Wrap(err, "start")
 	}
 	checkRunning := func() error {

pkg/drivers/kic/oci/cli_runner.go

@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"io"
 	"os/exec"
+	"runtime"
 	"strings"
 	"time"
 
@@ -63,8 +64,24 @@ func (rr RunResult) Output() string {
 	return sb.String()
 }
 
+// PrefixCmd adds any needed prefix (such as sudo) to the command
+func PrefixCmd(cmd *exec.Cmd) *exec.Cmd {
+	if cmd.Args[0] == Podman && runtime.GOOS == "linux" { // want sudo when not running podman-remote
+		cmdWithSudo := exec.Command("sudo", cmd.Args...)
+		cmdWithSudo.Env = cmd.Env
+		cmdWithSudo.Dir = cmd.Dir
+		cmdWithSudo.Stdin = cmd.Stdin
+		cmdWithSudo.Stdout = cmd.Stdout
+		cmdWithSudo.Stderr = cmd.Stderr
+		cmd = cmdWithSudo
+	}
+	return cmd
+}
+
 // runCmd runs a command exec.Command against docker daemon or podman
 func runCmd(cmd *exec.Cmd, warnSlow ...bool) (*RunResult, error) {
+	cmd = PrefixCmd(cmd)
+
 	warn := false
 	if len(warnSlow) > 0 {
 		warn = warnSlow[0]

pkg/drivers/kic/oci/info.go

@@ -231,7 +231,7 @@ func dockerSystemInfo() (dockerSysInfo, error) {
 // podmanSysInfo returns podman system info --format '{{json .}}'
 func podmanSystemInfo() (podmanSysInfo, error) {
 	var ps podmanSysInfo
-	rr, err := runCmd(exec.Command(Podman, "system", "info", "--format", "'{{json .}}'"))
+	rr, err := runCmd(exec.Command(Podman, "system", "info", "--format", "json"))
 	if err != nil {
 		return ps, errors.Wrap(err, "get podman system info")
 	}

pkg/drivers/kic/oci/oci.go

@@ -18,7 +18,6 @@ package oci
 
 import (
 	"os"
-	"path/filepath"
 	"time"
 
 	"bufio"
@@ -28,11 +27,12 @@ import (
 	"github.com/golang/glog"
 	"github.com/pkg/errors"
 	"k8s.io/minikube/pkg/minikube/constants"
-	"k8s.io/minikube/pkg/minikube/localpath"
 	"k8s.io/minikube/pkg/util/retry"
 
 	"fmt"
 	"os/exec"
+	"runtime"
+	"strconv"
 	"strings"
 )
 
@@ -133,21 +133,41 @@ func CreateContainerNode(p CreateParams) error {
 	}
 
 	if p.OCIBinary == Podman { // enable execing in /var
-		// volume path in minikube home folder to mount to /var
-		hostVarVolPath := filepath.Join(localpath.MiniPath(), "machines", p.Name, "var")
-		if err := os.MkdirAll(hostVarVolPath, 0711); err != nil {
-			return errors.Wrapf(err, "create var dir %s", hostVarVolPath)
-		}
 		// podman mounts var/lib with no-exec by default  https://github.com/containers/libpod/issues/5103
-		runArgs = append(runArgs, "--volume", fmt.Sprintf("%s:/var:exec", hostVarVolPath))
+		runArgs = append(runArgs, "--volume", fmt.Sprintf("%s:/var:exec", p.Name))
 	}
 	if p.OCIBinary == Docker {
 		runArgs = append(runArgs, "--volume", fmt.Sprintf("%s:/var", p.Name))
-		// setting resource limit in privileged mode is only supported by docker
-		// podman error: "Error: invalid configuration, cannot set resources with rootless containers not using cgroups v2 unified mode"
-		runArgs = append(runArgs, fmt.Sprintf("--cpus=%s", p.CPUs), fmt.Sprintf("--memory=%s", p.Memory))
 	}
 
+	runArgs = append(runArgs, fmt.Sprintf("--cpus=%s", p.CPUs))
+
+	memcgSwap := true
+	if runtime.GOOS == "linux" {
+		if _, err := os.Stat("/sys/fs/cgroup/memory/memsw.limit_in_bytes"); os.IsNotExist(err) {
+			// requires CONFIG_MEMCG_SWAP_ENABLED or cgroup_enable=memory in grub
+			glog.Warning("Your kernel does not support swap limit capabilities or the cgroup is not mounted.")
+			memcgSwap = false
+		}
+	}
+
+	if p.OCIBinary == Podman && memcgSwap { // swap is required for memory
+		runArgs = append(runArgs, fmt.Sprintf("--memory=%s", p.Memory))
+	}
+	if p.OCIBinary == Docker { // swap is only required for --memory-swap
+		runArgs = append(runArgs, fmt.Sprintf("--memory=%s", p.Memory))
+	}
+
+	// https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
+	var virtualization string
+	if p.OCIBinary == Podman {
+		virtualization = "podman" // VIRTUALIZATION_PODMAN
+	}
+	if p.OCIBinary == Docker {
+		virtualization = "docker" // VIRTUALIZATION_DOCKER
+	}
+	runArgs = append(runArgs, "-e", fmt.Sprintf("%s=%s", "container", virtualization))
+
 	for key, val := range p.Envs {
 		runArgs = append(runArgs, "-e", fmt.Sprintf("%s=%s", key, val))
 	}
@@ -166,6 +186,13 @@ func CreateContainerNode(p CreateParams) error {
 	}
 
 	checkRunning := func() error {
+		r, err := ContainerRunning(p.OCIBinary, p.Name)
+		if err != nil {
+			return fmt.Errorf("temporary error checking running for %q : %v", p.Name, err)
+		}
+		if !r {
+			return fmt.Errorf("temporary error created container %q is not running yet", p.Name)
+		}
 		s, err := ContainerStatus(p.OCIBinary, p.Name)
 		if err != nil {
 			return fmt.Errorf("temporary error checking status for %q : %v", p.Name, err)
@@ -429,12 +456,23 @@ func PointToHostDockerDaemon() error {
 	return nil
 }
 
+// ContainerRunning returns running state of a container
+func ContainerRunning(ociBin string, name string, warnSlow ...bool) (bool, error) {
+	rr, err := runCmd(exec.Command(ociBin, "inspect", name, "--format={{.State.Running}}"), warnSlow...)
+	if err != nil {
+		return false, err
+	}
+	return strconv.ParseBool(strings.TrimSpace(rr.Stdout.String()))
+}
+
 // ContainerStatus returns status of a container running,exited,...
 func ContainerStatus(ociBin string, name string, warnSlow ...bool) (state.State, error) {
 	cmd := exec.Command(ociBin, "inspect", name, "--format={{.State.Status}}")
 	rr, err := runCmd(cmd, warnSlow...)
 	o := strings.TrimSpace(rr.Stdout.String())
 	switch o {
+	case "configured":
+		return state.Stopped, nil
 	case "running":
 		return state.Running, nil
 	case "exited":

pkg/minikube/command/kic_runner.go

@@ -108,6 +108,9 @@ func (k *kicRunner) RunCmd(cmd *exec.Cmd) (*RunResult, error) {
 	oc.Stdout = outb
 	oc.Stderr = errb
 
+	oc = oci.PrefixCmd(oc)
+	glog.Infof("Args: %v", oc.Args)
+
 	start := time.Now()
 
 	err := oc.Run()
@@ -199,14 +202,14 @@ func (k *kicRunner) chmod(dst string, perm string) error {
 
 // Podman cp command doesn't match docker and doesn't have -a
 func copyToPodman(src string, dest string) error {
-	if out, err := exec.Command(oci.Podman, "cp", src, dest).CombinedOutput(); err != nil {
+	if out, err := oci.PrefixCmd(exec.Command(oci.Podman, "cp", src, dest)).CombinedOutput(); err != nil {
 		return errors.Wrapf(err, "podman copy %s into %s, output: %s", src, dest, string(out))
 	}
 	return nil
 }
 
 func copyToDocker(src string, dest string) error {
-	if out, err := exec.Command(oci.Docker, "cp", "-a", src, dest).CombinedOutput(); err != nil {
+	if out, err := oci.PrefixCmd(exec.Command(oci.Docker, "cp", "-a", src, dest)).CombinedOutput(); err != nil {
 		return errors.Wrapf(err, "docker copy %s into %s, output: %s", src, dest, string(out))
 	}
 	return nil

pkg/minikube/driver/driver.go

@@ -126,7 +126,7 @@ func BareMetal(name string) bool {
 
 // NeedsRoot returns true if driver needs to run with root privileges
 func NeedsRoot(name string) bool {
-	return name == None || name == Podman
+	return name == None
 }
 
 // NeedsPortForward returns true if driver is unable provide direct IP connectivity
@@ -137,7 +137,7 @@ func NeedsPortForward(name string) bool {
 
 // HasResourceLimits returns true if driver can set resource limits such as memory size or CPU count.
 func HasResourceLimits(name string) bool {
-	return !(name == None || name == Podman)
+	return name != None
 }
 
 // NeedsShutdown returns true if driver needs manual shutdown command before stopping.

pkg/minikube/node/cache.go

@@ -99,15 +99,20 @@ func doCacheBinaries(k8sVersion string) error {
 }
 
 // BeginDownloadKicArtifacts downloads the kic image + preload tarball, returns true if preload is available
-func beginDownloadKicArtifacts(g *errgroup.Group) {
-	glog.Info("Beginning downloading kic artifacts")
+func beginDownloadKicArtifacts(g *errgroup.Group, driver string, cRuntime string) {
+	glog.Infof("Beginning downloading kic artifacts for %s with %s", driver, cRuntime)
 	baseImage := viper.GetString("base-image")
-	if !image.ExistsImageInDaemon(baseImage) {
-		out.T(out.Pulling, "Pulling base image ...")
-		g.Go(func() error {
-			glog.Infof("Downloading %s to local daemon", baseImage)
-			return image.WriteImageToDaemon(baseImage)
-		})
+	if driver == "docker" {
+		if !image.ExistsImageInDaemon(baseImage) {
+			out.T(out.Pulling, "Pulling base image ...")
+			g.Go(func() error {
+				glog.Infof("Downloading %s to local daemon", baseImage)
+				return image.WriteImageToDaemon(baseImage)
+			})
+		}
+	} else {
+		// TODO: driver == "podman"
+		glog.Info("Driver isn't docker, skipping base-image download")
 	}
 }
 

pkg/minikube/node/start.go

@@ -201,7 +201,7 @@ func Provision(cc *config.ClusterConfig, n *config.Node, apiServer bool) (comman
 	}
 
 	if driver.IsKIC(cc.Driver) {
-		beginDownloadKicArtifacts(&kicGroup)
+		beginDownloadKicArtifacts(&kicGroup, cc.Driver, cc.KubernetesConfig.ContainerRuntime)
 	}
 
 	if !driver.BareMetal(cc.Driver) {

pkg/minikube/registry/drvs/docker/docker.go

@@ -82,8 +82,10 @@ func status() registry.State {
 
 	// Quickly returns an error code if server is not running
 	cmd := exec.CommandContext(ctx, oci.Docker, "version", "--format", "{{.Server.Version}}")
-	_, err = cmd.Output()
+	o, err := cmd.Output()
+	output := string(o)
 	if err == nil {
+		glog.Infof("docker version: %s", output)
 		return registry.State{Installed: true, Healthy: true}
 	}