Hi Valentin,

Thanks for the suggestion, I gave it a try. Although it creates the container now, if the main process ever gets killed or we restart, it will complain that the container is already in use.

If we now run it, get the Main PID and kill it, the container will keep running.
spytec@KeyraGuest1:~$ systemctl --user start container-bitwarden
spytec@KeyraGuest1:~$ systemctl --user status container-bitwarden
[...]
 Main PID: 8828 (conmon)
[...]
spytec@KeyraGuest1:~$ sudo kill -9 8828
spytec@KeyraGuest1:~$ 

Looking at journalctl, which is also identical when running podman stop bitwarden instead of kill.
[...]
Feb 03 10:28:01 KeyraGuest1 podman[8812]: 59932a3cb11ac5a95518fb5b016de23851d189483caf525ef2d4c1a67f3525da
Feb 03 10:28:01 KeyraGuest1 systemd[837]: Started Bitwarden Podman container.
Feb 03 10:28:21 KeyraGuest1 systemd[837]: container-bitwarden.service: Main process exited, code=killed, status=9/KILL
Feb 03 10:28:21 KeyraGuest1 systemd[837]: container-bitwarden.service: Failed with result 'signal'.
Feb 03 10:28:21 KeyraGuest1 systemd[837]: container-bitwarden.service: Service RestartSec=100ms expired, scheduling restart.
Feb 03 10:28:21 KeyraGuest1 systemd[837]: container-bitwarden.service: Scheduled restart job, restart counter is at 1.
Feb 03 10:28:21 KeyraGuest1 systemd[837]: Stopped Bitwarden Podman container.
Feb 03 10:28:21 KeyraGuest1 systemd[837]: container-bitwarden.service: Found left-over process 8839 (bitwarden_rs) in control group while starting unit. Ignoring.
Feb 03 10:28:21 KeyraGuest1 systemd[837]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Feb 03 10:28:21 KeyraGuest1 systemd[837]: Starting Bitwarden Podman container...
Feb 03 10:28:21 KeyraGuest1 systemd[837]: container-bitwarden.service: Found left-over process 8839 (bitwarden_rs) in control group while starting unit. Ignoring.
Feb 03 10:28:21 KeyraGuest1 systemd[837]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Feb 03 10:28:22 KeyraGuest1 podman[8918]: Error: error creating container storage: the container name "bitwarden" is already in use by "59932a3cb11ac5a95518fb5b016de23851d189483caf525ef2d4c1a67f3525da"

The new service file:
[Unit]
Description=Bitwarden Podman container

[Service]
Restart=on-failure
ExecStartPre=/usr/bin/rm -f /%t/%n-pid /%t/%n-cid
ExecStart=/usr/bin/podman run --conmon-pidfile /%t/%n-pid --env-file=/home/spytec/Bitwarden/bitwarden.conf -d -p 8080:8080 -v /home/spytec/Bitwarden/bw-data:/data/:Z --name 'bitwarden' bitwardenrs/server:latest
ExecStop=/usr/bin/podman rm -f --cid-file /%t/%n-cid
KillMode=none
Type=forking
PIDFile=/%t/%n-pid

[Install]
WantedBy=multi-user.target

I tried running podman rm myself without and I had to run it twice.
spytec@KeyraGuest1:~$ podman rm -f bitwarden
Error: cannot remove container 59932a3cb11ac5a95518fb5b016de23851d189483caf525ef2d4c1a67f3525da as it could not be stopped: timed out waiting for file /run/user/1000/libpod/tmp/exits/59932a3cb11ac5a95518fb5b016de23851d189483caf525ef2d4c1a67f3525da: internal libpod error
spytec@KeyraGuest1:~$ podman rm -f bitwarden
59932a3cb11ac5a95518fb5b016de23851d189483caf525ef2d4c1a67f3525da

Thanks,
Eric

On Mon, 3 Feb 2020 at 09:19, Valentin Rothberg <rothberg@redhat.com> wrote:


On Sat, Feb 1, 2020 at 1:32 AM Eric Gustavsson <egustavs@redhat.com> wrote:
Given that one container worked right off the bat, I removed bitwarden container and started up a new one from an image. Though now there's systemd issues.
conmon.pid seems to disappear as soon as I start the container service. Only modification I did to the container-bitwarden.service was to add User and Group

spytec@KeyraGuest1:~$ podman run --name bitwarden [...]
spytec@KeyraGuest1:~$ podman generate systemd --name bitwarden -f
/home/spytec/container-bitwarden.service
spytec@KeyraGuest1:~$ ls -l /run/user/1000/vfs-containers/ed80bfc884aac5ba8c3046f148d686b891b05e21585be8461997c82fa2909223/userdata | grep conmon
-rw-r--r--. 1 spytec spytec   4 Feb  1 00:22 conmon.pid
spytec@KeyraGuest1:~$ sudo systemctl enable /usr/lib/systemd/system/container-bitwarden.service
Created symlink /etc/systemd/system/multi-user.target.wants/container-bitwarden.service → /usr/lib/systemd/system/container-bitwarden.service.
spytec@KeyraGuest1:~$ sudo systemctl start container-bitwarden
Job for container-bitwarden.service failed because the control process exited with error code.
See "systemctl status container-bitwarden.service" and "journalctl -xe" for details.
spytec@KeyraGuest1:~$ ls -l /run/user/1000/vfs-containers/ed80bfc884aac5ba8c3046f148d686b891b05e21585be8461997c82fa2909223/userdata | grep conmon
spytec@KeyraGuest1:~$

from journalctl of the service:
Feb 01 00:12:14 KeyraGuest1 systemd[1]: Starting Podman container-bitwarden.service...
Feb 01 00:12:14 KeyraGuest1 podman[5867]: bitwarden
Feb 01 00:12:14 KeyraGuest1 systemd[1]: container-bitwarden.service: Can't open PID file /run/user/1000/vfs-containers/f58e338ec3ff083fff993c97c715665bbc243eaf48ddf115095209d997982182/userdata/conmon.pid (yet?) after start: No such file>

I haven't seen this error yet. It could very well be a race. We recently published a blog about improved systemd services [1] that create new containers on each start. I suggest using that instead. With the next release of Podman, systemd generate comes with --new flag to generate such service files.

Kind regards,
 Valentin

 
Thanks,
Eric


On Fri, 31 Jan 2020 at 15:42, Eric Gustavsson <egustavs@redhat.com> wrote:
Hi Matt,

Seems I forgot to include transcripts of me kill those processes. Even though I do kill the processes and try to run again, it still hangs.
Doing podman ps after killing the processes works, but starting my bitwarden container just doesn't got anywhere no matter if I kill all processes or restart - it always hangs.
For slirp4netns I had 0.3.0-2.git4992082.fc30. Upgrading to 0.4.0-4.git19d199a.fc30 did make podman run work, and testing on that new container seems to work fine. Would my bitwarden container be corrupted somehow?

spytec@KeyraGuest1:~$ podman run -p 5432:5432 -d --name test postgres
d73a11bc83b1de7811b8a6eb393e7c7de2ea98dda968ae11c4b490b1c16eb444
spytec@KeyraGuest1:~$ podman ps
CONTAINER ID  IMAGE                              COMMAND   CREATED        STATUS            PORTS                   NAMES
d73a11bc83b1  docker.io/library/postgres:latest  postgres  8 seconds ago  Up 3 seconds ago  0.0.0.0:5432->5432/tcp  test
spytec@KeyraGuest1:~$ podman stop test
d73a11bc83b1de7811b8a6eb393e7c7de2ea98dda968ae11c4b490b1c16eb444
spytec@KeyraGuest1:~$ podman start test
test
spytec@KeyraGuest1:~$ podman start bitwarden
^C


On Fri, 31 Jan 2020 at 15:33, Matt Heon <mheon@redhat.com> wrote:
On 2020-01-31 15:11, Eric Gustavsson wrote:
>Hi all,
>
>I have unit file generated by podman running, though as soon as I run it
>there's issues with running any other command that needs to do something
>with containers. podman ps for example will be completely unresponsive and
>not return anything, even after waiting minutes. Not only that, but even
>running podman start x by itself will hang or creating new containers
>
>This is with Fedora 30 and Kernel 5.1.8-300.fc30.x86_64
>
>spytec@KeyraGuest1:~$ podman --version
>podman version 1.7.0
>spytec@KeyraGuest1:~$ podman start bitwarden -a
>^C
>spytec@KeyraGuest1:~$ sudo systemctl start bitwarden
>^C
>spytec@KeyraGuest1:~$ sudo systemctl status bitwarden
>[... output omitted...]
>Jan 31 13:53:14 KeyraGuest1 systemd[1]: Starting Podman
>container-bitwarden.service...
>spytec@KeyraGuest1:~$ sudo systemctl stop bitwarden
>spytec@KeyraGuest1:~$ podman ps
>^C
>spytec@KeyraGuest1:~$ ps auxww | grep podman
>spytec    1097  0.0  0.8  62816 33808 ?        S    13:52   0:00 podman
>spytec    1171  0.0  1.3 681944 55064 ?        Ssl  13:53   0:00
>/usr/bin/podman start bitwarden
>spytec    1178  0.0  1.4 755824 56680 ?        Sl   13:53   0:00
>/usr/bin/podman start bitwarden
>spytec    1224  0.0  0.0   9360   880 pts/0    S+   13:54   0:00 grep
>--color=auto podman
>spytec@KeyraGuest1:~$ journalctl -u bitwarden | tail -n 5
>Jan 31 13:51:50 KeyraGuest1 systemd[1]: bitwarden.service: Failed with
>result 'exit-code'.
>Jan 31 13:51:50 KeyraGuest1 systemd[1]: Failed to start Podman
>container-bitwarden.service.
>Jan 31 13:53:14 KeyraGuest1 systemd[1]: Starting Podman
>container-bitwarden.service...
>Jan 31 13:54:26 KeyraGuest1 systemd[1]: bitwarden.service: Succeeded.
>Jan 31 13:54:26 KeyraGuest1 systemd[1]: Stopped Podman
>container-bitwarden.service.
>spytec@KeyraGuest1:~$ ps auxww | grep podman
>spytec    1097  0.0  0.8  62816 33808 ?        S    13:52   0:00 podman
>spytec    1171  0.0  1.3 682008 55064 ?        Ssl  13:53   0:00
>/usr/bin/podman start bitwarden
>spytec    1178  0.0  1.4 755824 56680 ?        Sl   13:53   0:00
>/usr/bin/podman start bitwarden
>spytec    1235  0.0  0.0   9360   816 pts/0    S+   13:55   0:00 grep
>--color=auto podman
>spytec@KeyraGuest1:~$ kill 1181
>spytec@KeyraGuest1:~$ kill 1097
>spytec@KeyraGuest1:~$ podman ps -a
>CONTAINER ID  IMAGE                                COMMAND        CREATED
>   STATUS   PORTS                   NAMES
>baa2f3d6ed39  docker.io/bitwardenrs/server:latest  /bitwarden_rs  3 weeks
>ago  Created  0.0.0.0:8080->8080/tcp  bitwarden
>
>And creating a whole new container
>spytec@KeyraGuest1:~$ podman run -d --name test postgres
>Trying to pull docker.io/library/postgres...
>[... output omitted...]
>Writing manifest to image destination
>Storing signatures
>Error: slirp4netns failed: "/usr/bin/slirp4netns: unrecognized option
>'--netns-type=path'\nUsage: /usr/bin/slirp4netns [OPTION]... PID
>TAPNAME\nUser-mode networking for unprivileged network namespaces.\n\n-c,
>--configure          bring up the interface\n-e, --exit-fd=FD
>specify the FD for terminating slirp4netns\n-r, --ready-fd=FD
> specify the FD to write to when the network is configured\n-m, --mtu=MTU
>         specify MTU (default=1500, max=65521)\n--cidr=CIDR
> specify network address CIDR (default=10.0.2.0/24)\n--disable-host-loopback
> prohibit connecting to 127.0.0.1:* on the host namespace\n-a,
>--api-socket=PATH    specify API socket path\n-6, --enable-ipv6
> enable IPv6 (experimental)\n-h, --help               show this help and
>exit\n-v, --version            show version and exit\n"
>
>Thanks,
>
>Eric Gustavsson, RHCSA
>
>He/Him/His
>
>Software Engineer
>
>Red Hat <https://www.redhat.com>
>
>IM: Telegram: @SpyTec
>
>E1FE 044A E0DE 127D CBCA E7C7 BD1B 8DF2 C5A1 5384
><https://www.redhat.com>

>_______________________________________________
>Podman mailing list -- podman@lists.podman.io
>To unsubscribe send an email to podman-leave@lists.podman.io

It seems like you have some Podman processes hanging in the background
from what you sent - if you kill those, do things go back to normal,
with regards to creation of new containers, `podman ps`, etc? This
sounds like a hanging process that is holding a lock, preventing
anything else from running.

The slirp error seems like a version mismatch - what are the RPM
versions of Podman and slirp4netns over there? I suspect this is not
the same issue causing the hanging issue, it seems like it exits
immediately which would not hold a lock (or does it not exit, and hang
instead?).

Thanks,
Matt Heon
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io