Containers.podman idempotency?

monotux · August 8, 2024, 9:52am

Trying to setup containers with podman in a predictable manner, but failing. Not sure if an issue with containers.podman or me not understanding the documentation.

When I first encountered this issue, I had exit code 125 but then on container creation (container already existed), no matter if the container state was created or present which confused me. I expected it to check if the container existed, but it always tried to recreate it instead, leading to failures.

Tried to simplify my playbook down to below, so it’s not 100% the same as my initial issue, but the behaviour seems to be the same. I can include my other playbook if interesting as well, it’s just setting up two other containers in the same pod with the same pattern as below.

Playbooks

Working example

Below is the shortest playbook I could come up with. Below is working as expected, idempotent and all.

# This works as expected! See the second playbook for the issue.
---
- name: "Setup container"
  hosts: 127.0.0.1
  connection: local
  become: true

  tasks:
    - name: "Create test container"
      containers.podman.podman_container:
        name: "hello-nginx"
        state: created
        image: "docker.io/library/nginx:1.27"

    - name: "Generate systemd configuration"
      containers.podman.podman_generate_systemd:
        name: "hello-nginx"
        dest: "/etc/systemd/system"
        new: true
        restart_policy: "on-failure"
      register: gensystemd

    - name: "Reload systemd if necessary"
      ansible.builtin.systemd:
        daemon_reload: true
        scope: "system"
      when: gensystemd.changed

    - name: "Enable and start container"
      ansible.builtin.systemd:
        name: "container-hello-nginx.service"
        enabled: true
        state: "started"
        scope: "system"

The reason I generate systemd configuration in a discrete step (and not in the container creation step) is a leftover from the second playbook where I try to wrap everything in a pod, and then I want to create the pod, containers and then generate systemd files.

Not working

Below is one example of unexpected behaviour - it will fail every other time!

# This does not work as expected! It fails to setup a container every other execution.
---
- name: "Setup container"
  hosts: 127.0.0.1
  connection: local
  become: true

  tasks:
    # New step, creating a pod
    - name: "Create test pod"
      containers.podman.podman_pod:
        name: "test"
        state: created
        publish:
          - 8080:80
          - 8443:443

    - name: "Create test container"
      containers.podman.podman_container:
        name: "hello-nginx"
        pod: "test"  # add container to pod
        state: created
        image: "docker.io/library/nginx:1.27"

    - name: "Generate systemd configuration"
      containers.podman.podman_generate_systemd:
        name: "test" # generate pod systemd units
        dest: "/etc/systemd/system"
        new: true
        restart_policy: "on-failure"
      register: gensystemd

    - name: "Reload systemd if necessary"
      ansible.builtin.systemd:
        daemon_reload: true
        scope: "system"
      when: gensystemd.changed

    - name: "Enable and start container"
      ansible.builtin.systemd:
        name: "pod-test.service"  # enable and start pod instead
        enabled: true
        state: "started"
        scope: "system"

Execution run logs

First pod setup run

oscar@debian:~$ ansible-playbook container.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'

PLAY [Setup container] *********************************************************

TASK [Gathering Facts] *********************************************************
ok: [127.0.0.1]

TASK [Create test pod] *********************************************************
changed: [127.0.0.1]

TASK [Create test container] ***************************************************
changed: [127.0.0.1]

TASK [Generate systemd configuration] ******************************************
changed: [127.0.0.1]

TASK [Reload systemd if necessary] *********************************************
ok: [127.0.0.1]

TASK [Enable and start container] **********************************************
changed: [127.0.0.1]

PLAY RECAP *********************************************************************
127.0.0.1                  : ok=6    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Second pod setup run

This step should be idempotent? Notice test pod returns OK, but the container creation fails due to no pod?

oscar@debian:~$ ansible-playbook container.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [Setup container] *****************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************
ok: [127.0.0.1]

TASK [Create test pod] *****************************************************************************************************************************************
ok: [127.0.0.1]

TASK [Create test container] ***********************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Container hello-nginx exited with code 125 when createed", "stderr": "Error: no pod with name or ID test found: no such pod\n", "stderr_lines": ["Error: no pod with name or ID test found: no such pod"], "stdout": "", "stdout_lines": []}

PLAY RECAP *****************************************************************************************************************************************************
127.0.0.1                  : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Third pod setup run

All fine again. Guessing that the prior run tore down pods and containers, and running again just recreated everything as expected again.

oscar@debian:~$ ansible-playbook container.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [Setup container] *****************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************
ok: [127.0.0.1]

TASK [Create test pod] *****************************************************************************************************************************************
changed: [127.0.0.1]

TASK [Create test container] ***********************************************************************************************************************************
changed: [127.0.0.1]

TASK [Generate systemd configuration] **************************************************************************************************************************
ok: [127.0.0.1]

TASK [Reload systemd if necessary] *****************************************************************************************************************************
skipping: [127.0.0.1]

TASK [Enable and start container] ******************************************************************************************************************************
changed: [127.0.0.1]

PLAY RECAP *****************************************************************************************************************************************************
127.0.0.1                  : ok=5    changed=3    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

Test environment

Everything running on Debian 12 in a VM.

Relevant versions:

ansible [core 2.17.2]
  config file = None
  configured module search path = ['/home/oscar/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/oscar/.local/pipx/venvs/ansible/lib/python3.11/site-packages/ansible
  ansible collection location = /home/oscar/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/oscar/.local/bin/ansible
  python version = 3.11.2 (main, May  2 2024, 11:59:08) [GCC 12.2.0] (/home/oscar/.local/pipx/venvs/ansible/bin/python)
  jinja version = 3.1.4
  libyaml = True

I installed Ansible like below:

sudo apt install pipx podman
pipx install --include-deps ansible
pipx ensurepath

Conclusion

Am I using containers.podman wrong, or is this an issue with the idempotency checks in the collection?

Topic		Replies	Views
Podman container w/ systemd for molecule doesn't run init? Get Help galaxy-ng , fedora , molecule , systemd	4	580	January 30, 2024
Execution Environment built with user:0: what are the security implications for podman containers? Get Help awx , ansible-builder , ansible-navigator	4	558	October 16, 2023
Ansible in a docker container ("Service is in unknown state" error) Get Help debian , docker , systemd	2	1236	November 11, 2023
Help needed for error with ansible-test and podman Get Help ansible-test , podman	4	490	October 3, 2023
AAP failed to create container EE Get Help awx , ee , aap	18	664	September 21, 2024