Run-rootless-podman-filedescriptors!

In this post i would like to discuss my experience with file descriptors issues in rootless podman.
Tried to build from scratch openstack nfv-tempest-plugin
This openstack nfv-tempest plugin requires:

• python3.6 and up.
• pip tempest
• pip python-tempestconf
• pip neutron-tempest-plugin

once the above installed we are ready to install nfv-tempest-plugin through git or pip.

I will review in the following article the operation and checks for podman. and how to work around file descriptors errors while building the image.

install Centos/Rhel 7.X packages

sudo -i
yum install podman -y
echo "user.max_user_namespaces=28633" > /etc/sysctl.d/userns.conf
sysctl -p /etc/sysctl.d/userns.conf

Run command in user namespace

[stack@RHEL7 ~]$ podman unshare cat /proc/self/uid_map
         0       1001          1
         1     165536      65536

[stack@RHEL7 ~]$ podman unshare cat /proc/self/gid_map
         0       1001          1
         1     165536      65536

Consume dockerhub images

[stack@RHEL7 ~]$ podman login -u yarboa docker.io
Password: 
Login Succeeded!
skopeo inspect docker://rackspacedot/python37
podman pull rackspacedot/python37

Verify glibc is packed in the container

[stack@RHEL7 ~]$ podman inspect docker.io/rackspacedot/python37

Run and verify container is ready for running tempest

Run container

[stack@RHEL7 ~]$ podman run -it docker.io/rackspacedot/python37 /bin/bash
root@e9762ca9a49c:/# 
root@e9762ca9a49c:/# ulimit -Hn
1024
root@e9762ca9a49c:/# ulimit -Sn
1024

Install required packages:

root@e9762ca9a49c:/# python -m pip install -U pip
root@e9762ca9a49c:/# python -m pip install -U tempest
OSError: [Errno 24] Too many open files: '/tmp/pip-ephem-wheel-cache-_8l0t8s7'

Increase user files descriptor

Googling a bit brings you to the follwoing podman-ticket Searching a bit more brings you to the follwoing article

Add rootless podman user number of files

sudo -i
vi /etc/security/limits.conf
# End of file
stack   soft   nofile    1048576
stack   hard   nofile    1048576
:wq

sysctl -p

Logout as rootles user and login

[stack@RHEL7 ~]$ ulimit -n
1048576

We are ready to run podman image with new ulimits

podman run --ulimit nofile=1048576:1048576 -it docker.io/rackspacedot/python37 /bin/bash

root@e9762ca9a419:/# ulimit -Hn
1048576

Try to install tempest

root@e9762ca9a419:/# python -m pip install -U tempest
root@e9762ca9a419:/# python -m pip install -U python-tempestconf
root@e9762ca9a419:/# python -m pip install -U neutron-tempest-plugin
root@e9762ca9a419:/# cd /root
root@e9762ca9a419:/# python -m pip install -U git client
root@e9762ca9a419:/# git clone https://github.com/openstack/neutron-tempest-plugin.git

We are set and secure to create our docker/buildah file [future articles]