Skip to content

Instantly share code, notes, and snippets.

@protosam

protosam/podman-machine-hooks-testing.md

Created December 22, 2021 18:19
Show Gist options
  • Save protosam/a862b2f519153b5f39e1e997f6c68454 to your computer and use it in GitHub Desktop.
Save protosam/a862b2f519153b5f39e1e997f6c68454 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
podman-machine-hooks-testing.md

Right now hooks that do mount magic do not work, because crun and podman will try to stat the source volume before even running hooks.

Refs:

Hopefully this will work in the future. For now below are the steps to test the hooks.

Where

This is all being done inside the podman machine on a macbook.

$ podman machine init
$ podman machine start
$ podman machine ssh

Setup

Become root in the podman machine.

[core@localhost ~]$ sudo su -

Most of the podman machine is read-only, such is the nature of ostree. So the containers directory needs to be copied to a writable location and bind mounted back.

# mkdir -p /var/usr/share
# cp -rfvp /usr/share/containers /var/usr/share/
# mount -o bind /var/usr/share/containers /usr/share/containers

Directories for hooks and executables.

# mkdir -p /usr/share/containers/oci/hooks.d /usr/share/containers/oci/hooks.bin

Make podman hook.

cat <<EOF > /usr/share/containers/oci/hooks.d/testhook.json
{
  "version": "1.0.0",
  "hook": {
    "path": "/usr/share/containers/oci/hooks.bin/oci-mount-fixer"
  },
  "when": {
    "always": true
  },
  "stages": ["createRuntime","prestart"]
}
EOF

Make executable to be ran by hook.

echo '#!/bin/bash
echo running mount-fixer
echo $0 > /var/home/core/.oci-mount-fixer
echo $@ >> /var/home/core/.oci-mount-fixer
echo env_below >> /var/home/core/.oci-mount-fixer
env >> ~/.oci-mount-fixer
' > /usr/share/containers/oci/hooks.bin/oci-mount-fixer

Ensure executable has execute perms.

# chmod +x /usr/share/containers/oci/hooks.bin/oci-mount-fixer

Stop being root.

# exit

Testing

So this hook executable isn't going to work, this is just something I'm using to collect data in testing. The data will be in ~/.oci-mount-fixer. Before beginning, I made sure prior tests are cleaned with the file not there. The file existing is how I know the execuable ran without enabling debug output.

[core@localhost ~]$ ls -lah ~/.oci-mount-fixer
ls: cannot access '/var/home/core/.oci-mount-fixer': No such file or directory

I run podman with my custom hooks dir. At this point the hook is working. GREAT!

[core@localhost ~]$ podman run --rm alpine sh -c 'echo hello world'
Error: OCI runtime error: error executing hook `/var/home/core/.local/share/containers/oci/hooks.bin/oci-mount-fixer` (exit code: 1)

[core@localhost ~]$ ls -lah ~/.oci-mount-fixer
-rw-r--r--. 1 core core 80 Dec 18 16:58 /var/home/core/.oci-mount-fixer

Clean up and check if it runs when adding volumes? This does not work. Podman is stating before running hooks. Not sure this is right.

[core@localhost ~]$ rm -rf ~/.oci-mount-fixer

[core@localhost ~]$ ls -lah ~/.oci-mount-fixer
ls: cannot access '/var/home/core/.oci-mount-fixer': No such file or directory

[core@localhost ~]$ podman --hooks-dir ~/.local/share/containers/oci/hooks.d/ run -v /does/not/exist:/usr/src --rm alpine sh -c 'echo hello world'
Error: statfs /does/not/exist: no such file or directory

[core@localhost ~]$ ls -lah ~/.oci-mount-fixer
ls: cannot access '/var/home/core/.oci-mount-fixer': No such file or directory
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment