review: add CONTAINER_ROOTFUL

Signed-off-by: vsoch <[email protected]>

.github/workflows/main.yaml

@@ -20,18 +20,23 @@ jobs:
         include:
           - lima_template: template://ubuntu-24.04
             container_engine: docker
+            rootful: "false"
           - lima_template: template://docker-rootful
-            container_engine: docker-rootful
+            container_engine: docker
+            rootful: "true"
           - lima_template: template://ubuntu-24.04
             container_engine: nerdctl
+            rootful: "false"
           - lima_template: template://centos-stream-9
             container_engine: podman
           - lima_template: template://fedora
             container_engine: podman
+            rootful: "false"
     uses: ./.github/workflows/reusable-multi-node.yaml
     with:
       lima_template: ${{ matrix.lima_template }}
       container_engine: ${{ matrix.container_engine }}
+      rootful: ${{ matrix.rootful }}
 
   # TODO: this test should create multiple instances of Usernetes on each of the hosts
   multi-node-custom-ports:

.github/workflows/reusable-multi-node.yaml

@@ -19,6 +19,10 @@ on:
         description: flannel vxlan port
         type: string
         default: "8472"
+      rootful:
+        description: use rootful mode for a container technology
+        type: string
+        default: "false"
       etcd_port:
         description: etcd service port
         type: string
@@ -41,6 +45,7 @@ jobs:
     env:
       LIMA_TEMPLATE: "${{ inputs.lima_template }}"
       CONTAINER_ENGINE: "${{ inputs.container_engine }}"
+      CONTAINER_ROOTFUL: "${{ inputs.rootful }}"
       PORT_KUBE_APISERVER: "${{ inputs.kube_apiserver_port }}"
       PORT_FLANNEL: "${{ inputs.flannel_port }}"
       PORT_KUBELET: "${{ inputs.kubelet_port }}"

hack/create-cluster-lima.sh

@@ -37,12 +37,6 @@ done
 
 SERVICE_PORTS="PORT_KUBE_APISERVER=${PORT_KUBE_APISERVER} PORT_ETCD=${PORT_ETCD} PORT_FLANNEL=${PORT_FLANNEL} PORT_KUBELET=${PORT_KUBELET}"
 
-# At this point, rootless / rootful Docker is setup
-if [[ "$CONTAINER_ENGINE" == "docker-rootful" ]]
-  then
-    CONTAINER_ENGINE="docker"  
-fi
-
 # Launch a Kubernetes node inside a Rootless Docker host
 for host in host0 host1; do
 	${LIMACTL} shell "${host}" ${SERVICE_PORTS} CONTAINER_ENGINE="${CONTAINER_ENGINE}" make -C "${guest_home}/usernetes" up

init-host/init-host.root.sh

@@ -7,6 +7,7 @@ if [ "$(id -u)" != "0" ]; then
 fi
 
 : "${CONTAINER_ENGINE:=docker}"
+: "${CONTAINER_ROOTFUL:=false}"
 script_dir="$(dirname "$0")"
 
 if [ ! -e /etc/systemd/system/[email protected]/delegate.conf ]; then
@@ -64,8 +65,12 @@ else
 	apt-get install -y git uidmap make jq
 fi
 
-case "${CONTAINER_ENGINE}" in
-"docker")
+setup_docker() {
+	if [ "${CONTAINER_ROOTFUL}" = "true" ]; then
+		echo "Preparing to run docker in default rootful mode."	
+		return
+	fi
+	echo "Preparing to run docker in rootless mode."	
 	if ! command -v dockerd-rootless-setuptool.sh >/dev/null 2>&1; then
 		if grep -q centos /etc/os-release; then
 			# Works with Rocky and Alma too
@@ -76,9 +81,11 @@ case "${CONTAINER_ENGINE}" in
 		fi
 	fi
 	systemctl disable --now docker
-	;;
-"docker-rootful")
-	echo "Preparing to run docker in default rootful mode."
+}
+
+case "${CONTAINER_ENGINE}" in
+"docker")
+	setup_docker
 	;;
 "podman")
 	if ! command -v podman-compose >/dev/null 2>&1; then

init-host/init-host.rootless.sh

@@ -7,10 +7,19 @@ if [ "$(id -u)" == "0" ]; then
 fi
 
 : "${CONTAINER_ENGINE:=docker}"
+: "${CONTAINER_ROOTFUL:=false}"
 : "${XDG_CONFIG_HOME:=${HOME}/.config}"
+
+setup_docker_rootless() {
+	if [ "${CONTAINER_ROOTFUL}" = "true" ]; then
+		return
+	fi
+	dockerd-rootless-setuptool.sh install || (journalctl --user --since "10 min ago"; exit 1)
+}
+
 case "${CONTAINER_ENGINE}" in
 "docker")
-	dockerd-rootless-setuptool.sh install || (journalctl --user --since "10 min ago"; exit 1)
+	setup_docker_rootless
 	;;
 "docker-rootful")
 	echo "Skipping rootless install of docker"