|
2 | 2 |
|
3 | 3 | set -Eeoux pipefail |
4 | 4 |
|
5 | | -echo "Setting up IBM container runtime for rootless containers" |
| 5 | +echo "Setting up IBM container runtime (rootful podman for minikube)" |
6 | 6 |
|
7 | | -# Enable lingering for the user - allows systemd user services without an active login session |
8 | | -echo "Enabling lingering for user $(whoami)..." |
9 | | -sudo loginctl enable-linger "$(whoami)" || true |
10 | | - |
11 | | -# Delegate cgroup controllers for rootless containers (required for cgroup v2) |
12 | | -# This allows rootless podman/minikube to manage CPU, memory, IO limits |
13 | | -echo "Setting up cgroup delegation for rootless containers..." |
14 | | -sudo mkdir -p /etc/systemd/system/user@.service.d |
15 | | -sudo tee /etc/systemd/system/user@.service.d/delegate.conf > /dev/null << 'CGROUP_EOF' |
16 | | -[Service] |
17 | | -Delegate=cpu cpuset io memory pids |
18 | | -CGROUP_EOF |
19 | | -sudo systemctl daemon-reload || true |
20 | | - |
21 | | -# Setup XDG_RUNTIME_DIR for rootless podman |
22 | | -uid=$(id -u) |
23 | | -runtime_dir="/run/user/${uid}" |
24 | | -if [[ ! -d "${runtime_dir}" ]]; then |
25 | | - sudo mkdir -p "${runtime_dir}" |
26 | | - sudo chown "$(whoami):$(whoami)" "${runtime_dir}" |
27 | | - sudo chmod 700 "${runtime_dir}" |
| 7 | +# Install crun if not present (OCI runtime for cgroup v2) |
| 8 | +if ! command -v crun &>/dev/null; then |
| 9 | + echo "Installing crun..." |
| 10 | + sudo dnf install -y crun --disableplugin=subscription-manager 2>/dev/null || \ |
| 11 | + sudo yum install -y crun --disableplugin=subscription-manager 2>/dev/null || \ |
| 12 | + echo "Warning: Could not install crun" |
| 13 | +else |
| 14 | + echo "crun already installed: $(crun --version | head -1)" |
28 | 15 | fi |
29 | | -export XDG_RUNTIME_DIR="${runtime_dir}" |
30 | 16 |
|
31 | | -# Set up D-Bus session bus address for rootless podman networking |
32 | | -if [[ -S "${runtime_dir}/bus" ]]; then |
33 | | - export DBUS_SESSION_BUS_ADDRESS="unix:path=${runtime_dir}/bus" |
34 | | - echo "Using existing D-Bus session at ${DBUS_SESSION_BUS_ADDRESS}" |
35 | | -else |
36 | | - echo "No D-Bus session found, attempting to start one..." |
37 | | - systemctl --user start dbus.socket 2>/dev/null || true |
38 | | - if [[ -S "${runtime_dir}/bus" ]]; then |
39 | | - export DBUS_SESSION_BUS_ADDRESS="unix:path=${runtime_dir}/bus" |
40 | | - echo "Started D-Bus session at ${DBUS_SESSION_BUS_ADDRESS}" |
| 17 | +# Clean up stale container state (safe for shared CI machines) |
| 18 | +cleanup_stale_state() { |
| 19 | + echo "Cleaning up stale container state..." |
| 20 | + |
| 21 | + # Skip if minikube is running |
| 22 | + if command -v minikube &>/dev/null && minikube status &>/dev/null 2>&1; then |
| 23 | + echo " Minikube running - skipping cleanup" |
| 24 | + return 0 |
41 | 25 | fi |
42 | | -fi |
43 | 26 |
|
44 | | -# Write environment to file for other scripts to source |
45 | | -cat > "${HOME}/.podman_env" << EOF |
46 | | -export XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR}" |
47 | | -export DBUS_SESSION_BUS_ADDRESS="${DBUS_SESSION_BUS_ADDRESS:-}" |
48 | | -EOF |
49 | | -echo "Wrote podman environment to ${HOME}/.podman_env" |
| 27 | + # Kill orphaned root conmon processes (PPID=1 means orphaned) |
| 28 | + for pid in $(sudo pgrep conmon 2>/dev/null); do |
| 29 | + ppid=$(ps -o ppid= -p "$pid" 2>/dev/null | tr -d ' ') |
| 30 | + if [[ "$ppid" == "1" ]]; then |
| 31 | + echo " Killing orphaned conmon $pid" |
| 32 | + sudo kill -9 "$pid" 2>/dev/null || true |
| 33 | + fi |
| 34 | + done |
50 | 35 |
|
51 | | -# Clean up stale podman state (fixes "cannot re-exec process to join the existing user namespace") |
52 | | -echo "Cleaning up stale podman state..." |
53 | | -pkill -9 -u "$(id -u)" -f "podman" 2>/dev/null || true |
54 | | -pkill -9 -u "$(id -u)" -f "conmon" 2>/dev/null || true |
55 | | -rm -rf "${XDG_RUNTIME_DIR}/containers" 2>/dev/null || true |
56 | | -rm -rf "${XDG_RUNTIME_DIR}/libpod" 2>/dev/null || true |
57 | | -rm -rf "${HOME}/.local/share/containers/storage/libpod" 2>/dev/null || true |
58 | | -rm -rf "${HOME}/.local/share/containers/storage/overlay-containers" 2>/dev/null || true |
59 | | -sleep 1 |
| 36 | + # Clean stale lock files |
| 37 | + sudo find /run/crun -name "*.lock" -mmin +60 -delete 2>/dev/null || true |
60 | 38 |
|
61 | | -# Install crun |
62 | | -echo "Installing crun..." |
63 | | -sudo dnf clean all || true |
64 | | -sudo dnf install -y crun --disableplugin=subscription-manager || \ |
65 | | -sudo yum install -y crun --disableplugin=subscription-manager || true |
| 39 | + # Prune exited containers and dangling volumes |
| 40 | + sudo podman container prune -f 2>/dev/null || true |
| 41 | + sudo podman volume prune -f 2>/dev/null || true |
| 42 | +} |
66 | 43 |
|
67 | | -# Configure rootless podman |
68 | | -mkdir -p ~/.config/containers |
| 44 | +cleanup_stale_state |
69 | 45 |
|
70 | | -cat > ~/.config/containers/containers.conf << 'EOF' |
71 | | -[containers] |
72 | | -cgroup_manager = "cgroupfs" |
| 46 | +# Test sudo podman (used by minikube in rootful mode) |
| 47 | +echo "Testing sudo podman..." |
| 48 | +if ! sudo podman run --rm docker.io/library/alpine:latest echo "sudo podman works" 2>/dev/null; then |
| 49 | + echo "Sudo podman not working, resetting..." |
| 50 | + sudo podman system reset --force 2>/dev/null || true |
| 51 | + sleep 1 |
73 | 52 |
|
74 | | -[network] |
75 | | -# Use slirp4netns instead of pasta for rootless networking |
76 | | -default_rootless_network_cmd = "slirp4netns" |
77 | | -EOF |
| 53 | + if sudo podman run --rm docker.io/library/alpine:latest echo "sudo podman works" 2>/dev/null; then |
| 54 | + echo "Sudo podman working after reset" |
| 55 | + else |
| 56 | + echo "Warning: Sudo podman still not working" |
| 57 | + fi |
| 58 | +else |
| 59 | + echo "Sudo podman working" |
| 60 | +fi |
| 61 | + |
| 62 | +# Configure root-level podman |
| 63 | +sudo mkdir -p /etc/containers |
| 64 | +sudo tee /etc/containers/containers.conf > /dev/null << 'EOF' |
| 65 | +[containers] |
| 66 | +cgroup_manager = "systemd" |
78 | 67 |
|
79 | | -cat > ~/.config/containers/storage.conf << EOF |
80 | | -[storage] |
81 | | -driver = "overlay" |
82 | | -runroot = "${XDG_RUNTIME_DIR}/containers" |
83 | | -graphroot = "${HOME}/.local/share/containers/storage" |
| 68 | +[engine] |
| 69 | +runtime = "crun" |
84 | 70 | EOF |
85 | 71 |
|
86 | | -echo "Done" |
| 72 | +echo "Container runtime setup complete" |
| 73 | +echo " crun: $(crun --version 2>/dev/null | head -1 || echo 'not found')" |
| 74 | +echo " podman: $(sudo podman --version)" |
0 commit comments