Use privileged container for running cli build release steps #2011

ddelnano · 2024-09-06T21:08:31Z

Summary: Use privileged container for running cli build release steps

This reverts my second attempt at fixing the issue with our recent cli builds and tries to address the issue by running the GitHub action's container privileged. This is to address the following error seen in recent cli release builds:

+ podman run -i --rm -v /tmp/tmp.xkTyDurlVW:/src/ -v /__w/pixie/pixie:/image docker.io/cdrx/fpm-fedora:24 fpm -f -p /image/pixie-px-0.8.3.x86_64.rpm -s dir -t rpm -n pixie-px -v 0.8.3 --prefix /usr/local/bin px
time="2024-09-05T22:47:26Z" level=warning msg="\"/\" is not a shared mount, this could cause issues or missing mounts with rootless containers"
cannot clone: Operation not permitted
Error: cannot re-exec process

Relevant Issues: #1993

Type of change: /kind bugfix

Test Plan: Reproduced the clone: Operation not permitted issue on my dev VM. Verified that adding --privileged no longer sees the issue

# Note: running podman without sudo runs into an issue before the clone issue happens.
# This may not be the most representative test but hopefully it reproduces the issue closely enough

$ ./scripts/run_docker.sh
sha256:e8d76daa1fe01efdff68cacf982f00a94a674b1d450f8eab11b98f5bd6a5c397
grep: /etc/bazelrc: No such file or directory
Run Parameters:
        Build Buddy:             Disabled
        Shell:                   /bin/bash
+ docker run --rm --hostname px-dev-docker-dev-vm.us-west1-a.c.endless-datum-422018.internal -it -v /dev/shm:/dev/shm -v /home/ddelnano:/home/ddelnano -v /var/run/docker.sock:/var/run/docker.sock -v /home/ddelnano/code/pixie-worktree:/px/src/px.dev/pixie --network=host -v /usr/local/bin/px:/bin/px px_dev_image:202405102250 /bin/bash

$ sudo podman info
sudo: unable to resolve host px-dev-docker-dev-vm.us-west1-a.c.endless-datum-422018.internal: Name or service not known
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
cannot clone: Operation not permitted
Error: cannot re-exec process

# Run same ./scripts/run_docker.sh but with --privileged added

$ docker run --rm --hostname px-dev-docker-dev-vm.us-west1-a.c.endless-datum-422018.internal -it -v /dev/shm:/dev/shm -v /home/ddelnano:/home/ddelnano -v /var/run/docker.sock:/var/run/docker.sock -v /home/ddelnano/code/pixie-worktree:/px/src/px.dev/pixie --network=host -v /usr/local/bin/px:/bin/px --privileged px_dev_image:202405102250 /bin/bash

# podman info succeeds
$ sudo podman info
sudo: unable to resolve host px-dev-docker-dev-vm.us-west1-a.c.endless-datum-422018.internal: Name or service not known
host:
  arch: amd64

…u24 runners (pixie-io#2010)" This reverts commit 5dc122a. Signed-off-by: Dom Del Nano <[email protected]>

Signed-off-by: Dom Del Nano <[email protected]>

…ixie-io#2011)" This reverts commit a4b8bc5.

…ixie-io#2011)" This reverts commit a4b8bc5. Signed-off-by: Dom Del Nano <[email protected]>

Revert "Another attempt to remediate user namespace issues with ubunt…

7f61a25

…u24 runners (pixie-io#2010)" This reverts commit 5dc122a. Signed-off-by: Dom Del Nano <[email protected]>

ddelnano requested review from a team as code owners September 6, 2024 21:08

ddelnano added 2 commits September 6, 2024 21:09

Use privileged container for running cli build release steps

3e773bc

Signed-off-by: Dom Del Nano <[email protected]>

Revert changes undone by revert commit

dc108e9

Signed-off-by: Dom Del Nano <[email protected]>

ddelnano force-pushed the ddelnano/run-cli_release-podman-steps-in-privileged-container branch from 31ea9fb to dc108e9 Compare September 6, 2024 21:12

aimichelle approved these changes Sep 6, 2024

View reviewed changes

aimichelle merged commit a4b8bc5 into pixie-io:main Sep 6, 2024
19 checks passed

ddelnano deleted the ddelnano/run-cli_release-podman-steps-in-privileged-container branch September 6, 2024 21:19

ddelnano added a commit to ddelnano/pixie that referenced this pull request Sep 9, 2024

Revert "Use privileged container for running cli build release steps (p…

fb2e3ec

…ixie-io#2011)" This reverts commit a4b8bc5.

ddelnano added a commit to ddelnano/pixie that referenced this pull request Sep 9, 2024

Revert "Use privileged container for running cli build release steps (p…

e8544c9

…ixie-io#2011)" This reverts commit a4b8bc5. Signed-off-by: Dom Del Nano <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use privileged container for running cli build release steps #2011

Use privileged container for running cli build release steps #2011

ddelnano commented Sep 6, 2024

Use privileged container for running cli build release steps #2011

Use privileged container for running cli build release steps #2011

Conversation

ddelnano commented Sep 6, 2024