feat(install): Adds support for podman(compose)

[DuncanConroy]

Adds support for podman(compose), while maintaining compatibility with docker

Introduces a new script to detect podman vs. docker. Distinguishes between docker and podman minimum versions and substitutes uses of docker with a variable instead.

Closes #369

Legal Boilerplate

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

[BYK]

Quite surprised (positively!) that the changes needed are so few! Added a few comments and on top of those, we definitely should have a test using podman now to make sure this actually works and does not break in the future (can help with this if you need me).

Thanks so much for taking the effort!

[BYK]

Oops, sorry meant the require changes 😅

[BYK]

FYI tests failed with the following error:

Detecting Docker platform
FAIL: Unsupported docker architecture amd64.

[DuncanConroy]

Quite surprised (positively!) that the changes needed are so few! Added a few comments and on top of those, we definitely should have a test using podman now to make sure this actually works and does not break in the future (can help with this if you need me).

Thanks so much for taking the effort!

I agree that having a test would be great. In the best case, we can run the whole suite for both docker and podman. I'm just unsure about the environment this is run on and would welcome your input and ideas very much!

[DuncanConroy]

Have converted back to draft, as there are some tweaks to make, still.

[aldy505]

@DuncanConroy Let us know if you need help in terms of anything, we'd be happy to help you. Having this PR really made us happy :)

[BYK]

Tests are run on GitHub Actions. I'm happy to add a new job that installs and runs with podman once the PR is stable in terms of API

[BYK]

Same as above: how about this just being --container-engine with a default value of docker?

[DuncanConroy]

Not sure I understand your intent. This was thought as a switch to activate podman over docker. We can surely remove the autodetection and completely rely on this switch. I'd still keep it --container-engine-podman, because just using --container-engine would possibly be misleading?

[BYK]

@DuncanConroy sorry for not being clearer. What I had in mind was making --container-engine a flag to pass in a custom value as in --container-engine <engine> where we default to docker (so when the flag is not passed, we will assume docker).

Although we would only support podman and docker at start, this should keep the API unchanged if we ever add new engines like runc or similar.

[DuncanConroy]

Not sure how to do this with bash, tbh. :D

[BYK]

I'll see what I can do about this 😅

[doc-sheet]

It is quite simple... unless you want to validate argument :)
Something like

  case "$1" in

<...>

  --container-engine) CONTAINER_ENGINE="$2"; shift ;;

[aminvakil]

Thank you for this!

sentry-admin.sh file needs to be fixed as well, I guess adding source install/detect-container-engine.sh suffices.

[BYK]

Okay, now we need to make the tests aware of Podman

[doc-sheet]

If podman-comose compatible enough podman-docker package could help.
It creates system-wide alias docker -> podman

[aldy505]

Okay, now we need to make the tests aware of Podman

@BYK do you still remember what you mean by this?

[BYK]

@aldy505 the tests written in Python assume everything with Docker and Docker Compose. They now need to be aware of what technology we're using. See the fail here: https://github.com/getsentry/self-hosted/actions/runs/14893466765/job/41831036774?pr=3673#step:4:2280

[aldy505]

@DuncanConroy FYI, I'll revisit this after 25.6.0 release, since it has too much big changes already 😆

[doc-sheet]

UPD. Nevermind it's incomplete yet

Hi!
Here is rough workaround for tests https://github.com/doc-sheet/self-hosted/compare/podman-tests-base...doc-sheet:self-hosted:podman-tests?expand=1#files

Since podman works without root privileges

• it requires nofile ulimits for current user higher then limits declared for containers
• chown don't work

Additional notes for future me:

• separate caches
• conflicting ports

[aldy505]

@doc-sheet do you wanna work on the tests? We can merge this PR first, then when it's on master you can submit your PR for podman tests.

[aldy505]

Why is this broken..

Ensuring correct permissions on profiles directory ...

Executing external compose provider "podman-compose". Please refer to the documentation for details. <<<<

WARNING:podman_compose:missing services [vroom]
Error: executing podman-compose --no-ansi --env-file .env --in-pod=false run --rm --no-deps --entrypoint /bin/bash --user root vroom -c chown -R vroom:vroom /var/vroom/sentry-profiles && chmod -R o+rwx /var/vroom/sentry-profiles: exit status 1
Error in install/ensure-correct-permissions-profiles-dir.sh:6.
'$dcr --no-deps --entrypoint /bin/bash --user root vroom -c 'chown -R vroom:vroom /var/vroom/sentry-profiles && chmod -R o+rwx /var/vroom/sentry-profiles'' exited with status 1
yes: standard output: Broken pipe
yes: standard output: Broken pipe
-> ./install.sh:main:41
--> install/ensure-correct-permissions-profiles-dir.sh:source:6

[doc-sheet]

Why is this broken..

because podman is rootless, :U is a workaround which works with docker-compose too I suppose

do you wanna work on the tests? We can merge this PR first, then when it's on master you can submit your PR for podman tests.

well I'm trying to make tests pass, but don't have much time this days to research.
I'm stuck with nofile restriction and can't figure it out how to increase limit in github action runner.

I don't think it is ready to be merged because of new changes like chown.
But if install works and it is ok to skip podman tests until complete fix I'm totally fine with it.

[aldy505]

Interesting, it didn't try to pull vroom at all

>>>> Executing external compose provider "podman-compose". Please refer to the documentation for details. <<<<
  Resolving "nginx" using unqualified-search registries (/etc/containers/registries.conf)
  Trying to pull docker.io/library/nginx:1.25.4-alpine...
  Trying to pull registry.gitlab.com/egos-tech/smtp:latest...
  Resolving "memcached" using unqualified-search registries (/etc/containers/registries.conf)
  Trying to pull docker.io/library/memcached:1.6.26-alpine...
  Resolving "getsentry/symbolicator" using unqualified-search registries (/etc/containers/registries.conf)
  Trying to pull docker.io/getsentry/symbolicator:nightly...
  Resolving "getsentry/snuba" using unqualified-search registries (/etc/containers/registries.conf)
  Trying to pull docker.io/getsentry/snuba:nightly...
  Resolving "confluentinc/cp-kafka" using unqualified-search registries (/etc/containers/registries.conf)
  Trying to pull docker.io/confluentinc/cp-kafka:7.6.1...
  Resolving "getsentry/taskbroker" using unqualified-search registries (/etc/containers/registries.conf)
  Trying to pull docker.io/getsentry/taskbroker:nightly...
  Resolving "postgres" using unqualified-search registries (/etc/containers/registries.conf)
  Trying to pull docker.io/library/postgres:14.11...
  Trying to pull docker.io/getsentry/relay:nightly...
  Resolving "redis" using unqualified-search registries (/etc/containers/registries.conf)
  Trying to pull docker.io/library/redis:6.2.14-alpine...
  ...truncated...
  Resolving "getsentry/sentry" using unqualified-search registries (/etc/containers/registries.conf)
  Trying to pull docker.io/getsentry/sentry:nightly...
  ...truncated...

[aldy505]

do you wanna work on the tests? We can merge this PR first, then when it's on master you can submit your PR for podman tests.

well I'm trying to make tests pass, but don't have much time this days to research. I'm stuck with nofile restriction and can't figure it out how to increase limit in github action runner.

what is "nofile restriction"?

I don't think it is ready to be merged because of new changes like chown. But if install works and it is ok to skip podman tests until complete fix I'm totally fine with it.

okay 👍

[aldy505]

do you wanna work on the tests? We can merge this PR first, then when it's on master you can submit your PR for podman tests.

well I'm trying to make tests pass, but don't have much time this days to research. I'm stuck with nofile restriction and can't figure it out how to increase limit in github action runner.

what is "nofile restriction"?

ah you mean nofile limits on linux..

[aldy505]

Ah I see the problem now. vroom is behind feature-complete profiles, yet podman only supports passing in the --profile arg. Setting the environment variables does nothing basically. Refer to this PR containers/podman-compose#592

[doc-sheet]

Another bug in podman-compose containers/podman-compose#1118 I stepped on.

[aldy505]

ughh I wanna skip the test