ansible-test - Use --tmpfs to run containers. (#78605)

pull/78615/head
Matt Clay 2 years ago committed by GitHub
parent 2e536c0afb
commit 4187707f03
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1,5 @@
bugfixes:
- ansible-test - Test containers are now run with the ``--tmpfs`` option for ``/tmp``, ``/run`` and ``/run/lock``.
This allows use of containers built without the ``VOLUME`` instruction.
Additionally, containers with those volumes defined no longer create anonymous volumes for them.
This avoids leaving behind volumes on the container host after the container is stopped and deleted.

@ -428,6 +428,15 @@ class DockerProfile(ControllerHostProfile[DockerConfig], SshTargetHostProfile[Do
options = [ options = [
'--volume', '/sys/fs/cgroup:/sys/fs/cgroup:ro', '--volume', '/sys/fs/cgroup:/sys/fs/cgroup:ro',
f'--privileged={str(self.config.privileged).lower()}', f'--privileged={str(self.config.privileged).lower()}',
# These temporary mount points need to be created at run time.
# Previously they were handled by the VOLUME instruction during container image creation.
# However, that approach creates anonymous volumes when running the container, which are then left behind after the container is deleted.
# These options eliminate the need for the VOLUME instruction, and override it if they are present.
# The mount options used are those typically found on Linux systems.
# Of special note is the "exec" option for "/tmp", which is required by ansible-test for path injection of executables using temporary directories.
'--tmpfs', '/tmp:exec',
'--tmpfs', '/run:exec',
'--tmpfs', '/run/lock', # some systemd containers require a separate tmpfs here, such as Ubuntu 20.04 and Ubuntu 22.04
] ]
if self.config.memory: if self.config.memory:

Loading…
Cancel
Save