Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

podman play kube truncates env parameters #11891

Closed
eaepstein opened this issue Oct 7, 2021 · 1 comment · Fixed by #11920
Closed

podman play kube truncates env parameters #11891

eaepstein opened this issue Oct 7, 2021 · 1 comment · Fixed by #11920
Assignees
Labels
In Progress This issue is actively being worked by the assignee, please do not work on this at this time. kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@eaepstein
Copy link

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

An image run with "podman run" has correct env value:
JAVA_TOOL_OPTIONS='-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningGcOnIdle -Xshareclasses:name=openj9_system_scc,cacheDir=/opt/java/.scc,readonly,nonFatal'

But when running this image using "podman play kube" the same env has value:
JAVA_TOOL_OPTIONS='-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningGcOnIdle -Xshareclasses:name'

Steps to reproduce the issue:

  1. $ podman run --rm quay.io/ibm/kar-sdk-java-runtime-11:latest /bin/bash -c set | grep name

  2. create podman-bug.yaml with content:
    apiVersion: v1
    kind: Pod
    metadata:
    labels:
    app: testbug
    name: testbug
    spec:
    containers:

  • command:
    • /bin/bash
    • -c
    • sleep 20000
      env:
    • name: HOSTNAME
      image: quay.io/ibm/kar-sdk-java-runtime-11:latest
      name: bugpod
      resources: {}
      securityContext:
      allowPrivilegeEscalation: true
      capabilities: {}
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
      workingDir: /
      restartPolicy: Never
  1. $ podman play kube podman-play-bug.yaml

  2. $ podman exec $(podman ps | grep quay | awk '{print $1}') /bin/bash -c set | grep name

Describe the results you received:

result from step 1:
JAVA_TOOL_OPTIONS='-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningGcOnIdle -Xshareclasses:name=openj9_system_scc,cacheDir=/opt/java/.scc,readonly,nonFatal'
OPENJ9_JAVA_OPTIONS='-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningGcOnIdle -Xshareclasses:name=openj9_system_scc,cacheDir=/opt/java/.scc,readonly,nonFatal -Dosgi.checkConfiguration=false'

result from step 4:
$ podman exec b6c94714b410 /bin/bash -c set | grep name
JAVA_TOOL_OPTIONS='-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningGcOnIdle -Xshareclasses:name'
OPENJ9_JAVA_OPTIONS='-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningGcOnIdle -Xshareclasses:name'

Describe the results you expected:

I expected the env parameter values from "podman play kube" to be the same as from "podman run"

Additional information you deem important (e.g. issue happens only occasionally):

**Output of podman version

Version:      3.2.3
API Version:  3.2.3
Go Version:   go1.15.7
Built:        Thu Jul 29 11:02:43 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.21.3
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.29-1.module+el8.4.0+11822+6cc1e7d7.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.29, commit: ae467a0c8001179d4d0adf4ada381108a893d7ec'
  cpus: 12
  distribution:
    distribution: '"rhel"'
    version: "8.4"
  eventLogger: file
  hostname: hybrid
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 4.18.0-305.19.1.el8_4.x86_64
  linkmode: dynamic
  memFree: 2685669376
  memTotal: 33408557056
  ociRuntime:
    name: runc
    package: runc-1.0.0-74.rc95.module+el8.4.0+11822+6cc1e7d7.x86_64
    path: /usr/bin/runc
    version: |-
      runc version spec: 1.0.2-dev
      go: go1.15.13
      libseccomp: 2.5.1
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.8-1.module+el8.4.0+11822+6cc1e7d7.x86_64
    version: |-
      slirp4netns version 1.1.8
      commit: d361001f495417b880f20329121e3aa431a8f90f
      libslirp: 4.3.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.1
  swapFree: 33317711872
  swapTotal: 33348907008
  uptime: 24h 27m 33.77s (Approximately 1.00 days)
registries:
  localhost:5000:
    Blocked: false
    Insecure: true
    Location: localhost:5000
    MirrorByDigestOnly: false
    Mirrors: []
    Prefix: localhost:5000
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
store:
  configFile: /home/eddie/.config/containers/storage.conf
  containerStore:
    number: 3
    paused: 0
    running: 3
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-1.6-1.module+el8.4.0+11822+6cc1e7d7.x86_64
      Version: |-
        fusermount3 version: 3.2.1
        fuse-overlayfs: version 1.6
        FUSE library version 3.2.1
        using FUSE kernel interface version 7.26
  graphRoot: /home/eddie/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 110
  runRoot: /run/user/1000/containers
  volumePath: /home/eddie/.local/share/containers/storage/volumes
version:
  APIVersion: 3.2.3
  Built: 1627570963
  BuiltTime: Thu Jul 29 11:02:43 2021
  GitCommit: ""
  GoVersion: go1.15.7
  OsArch: linux/amd64
  Version: 3.2.3

Package info (e.g. output of rpm -q podman or apt list podman):

podman-3.2.3-0.11.module+el8.4.0+12050+ef972f71.x86_64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)

No

Additional environment details (AWS, VirtualBox, physical, etc.):

$ cat /etc/redhat-release
Red Hat Enterprise Linux release 8.4 (Ootpa)

@openshift-ci openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Oct 7, 2021
@jwhonce jwhonce self-assigned this Oct 8, 2021
@jwhonce jwhonce added the In Progress This issue is actively being worked by the assignee, please do not work on this at this time. label Oct 8, 2021
@jwhonce
Copy link
Member

jwhonce commented Oct 8, 2021

@eaepstein Thanks for such a detailed description of the issue. I have manually tested a fix and will push a PR tomorrow with automated tests and the fix. Note, I abused your comments a bit for better formatting some of the code text.

After fix:

$ podman exec $(podman ps | grep quay | awk '{print $1}') /bin/bash -c set | grep name
JAVA_TOOL_OPTIONS='-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningGcOnIdle -Xshareclasses:name=openj9_system_scc,cacheDir=/opt/java/.scc,readonly,nonFatal'
OPENJ9_JAVA_OPTIONS='-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningGcOnIdle -Xshareclasses:name=openj9_system_scc,cacheDir=/opt/java/.scc,readonly,nonFatal -Dosgi.checkConfiguration=false'

jwhonce added a commit to jwhonce/podman that referenced this issue Oct 11, 2021
Environment variables whose value contained an equal sign where
truncated

Fixes containers#11891

Signed-off-by: Jhon Honce <jhonce@redhat.com>
mheon pushed a commit to mheon/libpod that referenced this issue Oct 19, 2021
Environment variables whose value contained an equal sign where
truncated

Fixes containers#11891

Signed-off-by: Jhon Honce <jhonce@redhat.com>

<MH: Fixed cherry-pick conflicts>

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
In Progress This issue is actively being worked by the assignee, please do not work on this at this time. kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants