Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Images don't run properly (or at all) if FIPS is enabled #716

Open
jeremytourville opened this issue Jan 30, 2025 · 3 comments
Open

Images don't run properly (or at all) if FIPS is enabled #716

jeremytourville opened this issue Jan 30, 2025 · 3 comments
Labels
Triage-Needed

Comments

@jeremytourville
Copy link

Version
all images pulled are from docker hub

(deploment via single container)
pulp:latest

OR

(deployment via multiple containers with compose)
pulp-minimal:latest
pulp-web:latest
redis:latest
postgres:13

Describe the bug
Images will not run with FIPS enabled

To Reproduce
Enable or disable FIPS and observe the logs

Expected behavior
The containers should start with FIPS enabled

Additional context
ENVIRONMENT:

[root@gdev-podman1 compose]# podman compose --version
>>>> Executing external compose provider "/bin/podman-compose". Please refer to the documentation for details. <<<<

podman-compose version: 1.0.6
['podman', '--version', '']
using podman version: 4.9.4-rhel
podman-compose version 1.0.6
podman --version
podman version 4.9.4-rhel
exit code: 0

[root@gdev-podman1 compose]# cat /etc/redhat-release
Rocky Linux release 8.10 (Green Obsidian)

[root@gdev-podman1 localadm]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

Run the single container with FIPS on

[root@gdev-podman1 compose]# fips-mode-setup --check
FIPS mode is enabled.

[root@gdev-podman1 pulp]# podman run --detach --publish 8080:80 --name pulp --volume "$(pwd)/settings":/etc/pulp:Z --volume "$(pwd)/pulp_storage":/var/lib/pulp:Z --volume "$(pwd)/pgsql":/var/lib/pgsql:Z --volume "$(pwd)/containers":/var/lib/containers:Z --device /dev/fuse --replace localhost/pulp:latest
bce761e31d5baeca36263c4b81d748b758aa00363715236240f4fdc3dba32af9
[root@gdev-podman1 pulp]# podman stop pulp
pulp
[root@gdev-podman1 pulp]# podman run --detach --publish 8080:80 --name pulp --volume "$(pwd)/settings":/etc/pulp:Z --volume "$(pwd)/pulp_storage":/var/lib/pulp:Z --volume "$(pwd)/pgsql":/var/lib/pgsql:Z --volume "$(pwd)/containers":/var/lib/containers:Z --device /dev/fuse --replace localhost/pulp:latest && podman logs -f pulp
3ac817a79755809ae58761ac8621ca742f4ef2e46f82b7b7a4c9f56778bc2d56
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
fix-attrs: info: applying /etc/fix-attrs.d/postgres
s6-chown: fatal: unable to chown /var/lib/pgsql/data/pg_wal
global
pg_commit_ts
pg_dynshmem
pg_notify
pg_serial
pg_snapshots
pg_subtrans
pg_twophase
pg_multixact
base
pg_replslot
pg_tblspc
pg_stat
pg_stat_tmp
pg_xact
pg_logical
PG_VERSION
postgresql.conf
postgresql.auto.conf
pg_hba.conf
pg_ident.conf
log
postmaster.opts
current_logfiles: Filename too long
fix-attrs: warning: fix-attrs is deprecated, please fix volume permissions in your container manager instead
fix-attrs: warning: some fix files failed to apply
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service postgres-init: starting
s6-rc: info: service fix-pulp-perms: starting
s6-rc: info: service db-fields-key-create: starting
s6-rc: info: service redis: starting
Calling /etc/init/postgres-init
Calling /etc/init/db-fields-key-create
Calling /etc/init/fix-pulp-perms
s6-rc: info: service redis successfully started
[oneshot] db-fields-key-create: creating database fields key
s6-rc: info: service db-fields-key-create successfully started
s6-rc: info: service certs: starting
Calling /etc/init/certs
Checking /var/lib/pulp/media permissions
[oneshot] certs: adding webserver certificate to the certificate store
Checking /var/lib/pulp/scripts permissions
Checking /var/lib/pulp/tmp permissions
s6-rc: info: service fix-pulp-perms successfully started
s6-rc: info: service postgres-init successfully started
s6-rc: info: service postgresql: starting
s6-rc: info: service postgresql successfully started
s6-rc: info: service postgres-prepare: starting
Calling /etc/init/postgres-prepare
2025-01-30 18:18:08.691 UTC [120] LOG:  redirecting log output to logging collector process
2025-01-30 18:18:08.691 UTC [120] HINT:  Future log output will appear in directory "log".
[oneshot] certs: finished adding webserver certificate to the certificate store
s6-rc: info: service certs successfully started
ALTER DATABASE
[oneshot] postgres-prepare: running Pulp migrations
crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Aborted (core dumped)
s6-rc: info: service postgres-prepare successfully started
s6-rc: info: service add-workers: starting
s6-rc: info: service pulpcore-worker@1: starting
s6-rc: info: service pulpcore-content: starting
s6-rc: info: service pulpcore-api: starting
s6-rc: info: service pulpcore-worker@1 successfully started
s6-rc: info: service pulpcore-content successfully started
s6-rc: info: service pulpcore-api successfully started
s6-rc: info: service nginx: starting
Calling /etc/init/add-workers
Checking for database migrations
Checking for database migrations
s6-rc: info: service nginx successfully started
Calling /etc/init/nginx
Checking for database migrations
[oneshot] add-workers: Adding workers 2 through 2
[oneshot] add-workers: Workers will be added shortly after the boot finishes
s6-rc: info: service add-workers successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
Calling /etc/init/postgres-init
Calling /etc/init/db-fields-key-create
Calling /etc/init/fix-pulp-perms
Checking /var/lib/pulp/media permissions
Checking /var/lib/pulp/scripts permissions
[oneshot] db-fields-key-create: creating database fields key
Calling /etc/init/certs
Checking /var/lib/pulp/tmp permissions
Calling /etc/init/postgres-prepare
2025-01-30 18:18:11.096 UTC [333] LOG:  redirecting log output to logging collector process
2025-01-30 18:18:11.096 UTC [333] HINT:  Future log output will appear in directory "log".
crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Database migrated!
... <more logs after this>

Run the single container with FIPS off

[root@gdev-podman1 compose]# fips-mode-setup --check
FIPS mode is disabled.

[root@gdev-podman1 pulp]# podman run --detach --publish 8080:80 --name pulp --volume "$(pwd)/settings":/etc/pulp:Z --volume "$(pwd)/pulp_storage":/var/lib/pulp:Z --volume "$(pwd)/pgsql":/var/lib/pgsql:Z --volume "$(pwd)/containers":/var/lib/containers:Z --device /dev/fuse --replace localhost/pulp:latest && podman logs -f pulp
fc0b490ee0e2305763616675bcdd00ddfd111cc54c07e5cc1759424c5e200c9a
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
fix-attrs: info: applying /etc/fix-attrs.d/postgres
s6-chown: fatal: unable to chown /var/lib/pgsql/data/pg_wal
global
pg_commit_ts
pg_dynshmem
pg_notify
pg_serial
pg_snapshots
pg_subtrans
pg_twophase
pg_multixact
base
pg_replslot
pg_tblspc
pg_stat
pg_stat_tmp
pg_xact
pg_logical
PG_VERSION
postgresql.conf
postgresql.auto.conf
pg_hba.conf
pg_ident.conf
log
postmaster.opts
current_logfiles: Filename too long
fix-attrs: warning: fix-attrs is deprecated, please fix volume permissions in your container manager instead
fix-attrs: warning: some fix files failed to apply
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service postgres-init: starting
s6-rc: info: service fix-pulp-perms: starting
s6-rc: info: service db-fields-key-create: starting
s6-rc: info: service redis: starting
Calling /etc/init/postgres-init
Calling /etc/init/db-fields-key-create
s6-rc: info: service redis successfully started
Calling /etc/init/fix-pulp-perms
[oneshot] db-fields-key-create: creating database fields key
s6-rc: info: service db-fields-key-create successfully started
s6-rc: info: service certs: starting
Calling /etc/init/certs
Checking /var/lib/pulp/media permissions
[oneshot] certs: adding webserver certificate to the certificate store
Checking /var/lib/pulp/scripts permissions
Checking /var/lib/pulp/tmp permissions
s6-rc: info: service fix-pulp-perms successfully started
s6-rc: info: service postgres-init successfully started
s6-rc: info: service postgresql: starting
s6-rc: info: service postgresql successfully started
s6-rc: info: service postgres-prepare: starting
Calling /etc/init/postgres-prepare
2025-01-30 18:24:19.756 UTC [124] LOG:  redirecting log output to logging collector process
2025-01-30 18:24:19.756 UTC [124] HINT:  Future log output will appear in directory "log".
[oneshot] certs: finished adding webserver certificate to the certificate store
s6-rc: info: service certs successfully started
ALTER DATABASE
[oneshot] postgres-prepare: running Pulp migrations
Operations to perform:
  Apply all migrations: ansible, auth, certguard, container, contenttypes, core, deb, file, gem, maven, ostree, python, rpm, sessions
Running migrations:
  No migrations to apply.
s6-rc: info: service postgres-prepare successfully started
s6-rc: info: service add-workers: starting
s6-rc: info: service pulpcore-worker@1: starting
s6-rc: info: service pulpcore-content: starting
s6-rc: info: service pulpcore-api: starting
Calling /etc/init/add-workers
s6-rc: info: service pulpcore-worker@1 successfully started
s6-rc: info: service pulpcore-content successfully started
s6-rc: info: service pulpcore-api successfully started
s6-rc: info: service nginx: starting
s6-rc: info: service nginx successfully started
Checking for database migrations
Calling /etc/init/nginx
Checking for database migrations
Checking for database migrations
[oneshot] add-workers: Adding workers 2 through 2
[oneshot] add-workers: Workers will be added shortly after the boot finishes
s6-rc: info: service add-workers successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
Calling /etc/init/db-fields-key-create
[oneshot] db-fields-key-create: creating database fields key
Calling /etc/init/fix-pulp-perms
Calling /etc/init/postgres-init
Checking /var/lib/pulp/media permissions
Checking /var/lib/pulp/scripts permissions
Calling /etc/init/certs
Checking /var/lib/pulp/tmp permissions
Calling /etc/init/postgres-prepare
2025-01-30 18:24:29.716 UTC [340] LOG:  redirecting log output to logging collector process
2025-01-30 18:24:29.716 UTC [340] HINT:  Future log output will appear in directory "log".
ALTER DATABASE
[oneshot] postgres-prepare: running Pulp migrations
Database migrated!
Database migrated!
ready
ready
Database migrated!
ready
Operations to perform:
  Apply all migrations: ansible, auth, certguard, container, contenttypes, core, deb, file, gem, maven, ostree, python, rpm, sessions
Running migrations:
  No migrations to apply.
Calling /etc/init/add-workers
Already migrated!
Already migrated!
Already migrated!
Calling /etc/init/nginx
Calling /etc/init/pulpcore-api
Calling /etc/init/pulpcore-content
Calling /etc/init/pulpcore-worker
/usr/local/bin/pulpcore-content
/usr/local/bin/pulpcore-api
[oneshot] add-workers: Adding workers 2 through 2
[oneshot] add-workers: Workers will be added shortly after the boot finishes
s6-rc: fatal: unable to take locks: Resource busy
Already migrated!
Calling /etc/init/pulpcore-worker
[2025-01-30 18:24:34 +0000] [406] [INFO] Starting gunicorn 23.0.0
[2025-01-30 18:24:34 +0000] [406] [INFO] Listening at: http://[::]:24817 (406)
[2025-01-30 18:24:34 +0000] [406] [INFO] Using worker: pulpcore.app.entrypoint.PulpApiWorker
[2025-01-30 18:24:34 +0000] [455] [INFO] Booting worker with pid: 455
[2025-01-30 18:24:34 +0000] [456] [INFO] Booting worker with pid: 456
pulp [None]: pulpcore.tasking.entrypoint:INFO: Starting distributed type worker
pulp [None]: pulpcore.tasking.worker:INFO: New worker '403@fc0b490ee0e2' discovered
pulp [None]: pulpcore.tasking.entrypoint:INFO: Starting distributed type worker
pulp [None]: pulpcore.tasking.worker:INFO: New worker '450@fc0b490ee0e2' discovered
[2025-01-30 18:24:36 +0000] [404] [INFO] Starting gunicorn 23.0.0
[2025-01-30 18:24:36 +0000] [404] [INFO] Listening at: http://[::]:24816 (404)
[2025-01-30 18:24:36 +0000] [404] [INFO] Using worker: aiohttp.GunicornWebWorker
[2025-01-30 18:24:36 +0000] [478] [INFO] Booting worker with pid: 478
[2025-01-30 18:24:36 +0000] [482] [INFO] Booting worker with pid: 482
pulp [2e937bd07ed94ace9a3964e491f677dc]: pulpcore.tasking._util:INFO: Dispatched scheduled task pulpcore.app.tasks.analytics.post_analytics as task id 0194b875-5bcc-72d2-a2da-52e36c455329
pulp [2e937bd07ed94ace9a3964e491f677dc]: pulpcore.tasking.tasks:INFO: Starting task 0194b875-5bcc-72d2-a2da-52e36c455329 in domain: default
pulp [2e937bd07ed94ace9a3964e491f677dc]: pulpcore.app.tasks.analytics:ERROR: Error sending analytics to https://analytics.pulpproject.org/: ClientConnectorDNSError(ConnectionKey(host='analytics.pulpproject.org', port=443, is_ssl=True, ssl=True, proxy=None, proxy_auth=None, proxy_headers_hash=None), OSError(None, 'Timeout while contacting DNS servers'))
pulp [2e937bd07ed94ace9a3964e491f677dc]: pulpcore.tasking.tasks:INFO: Task completed 0194b875-5bcc-72d2-a2da-52e36c455329 in domain: default

[root@gdev-podman1 pulp]# podman ps -a
CONTAINER ID  IMAGE                  COMMAND     CREATED             STATUS             PORTS                 NAMES
fc0b490ee0e2  localhost/pulp:latest  /init       About a minute ago  Up About a minute  0.0.0.0:8080->80/tcp  pulp

[root@gdev-podman1 pulp]# curl localhost:8080/pulp/api/v3/

I get valid output from curl at this point.

Run multiple containers using compose with FIPS on

[root@gdev-podman1 compose]# fips-mode-setup --check
FIPS mode is enabled.

[root@gdev-podman1 compose]# podman compose up -d
>>>> Executing external compose provider "/bin/podman-compose". Please refer to the documentation for details. <<<<

podman-compose version: 1.0.6
['podman', '--version', '']
using podman version: 4.9.4-rhel
** excluding:  set()
['podman', 'ps', '--filter', 'label=io.podman.compose.project=compose', '-a', '--format', '{{ index .Labels "io.podman.compose.config-hash"}}']
podman volume inspect pg_datadev || podman volume create pg_datadev
['podman', 'volume', 'inspect', 'pg_datadev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_postgres_1 -d --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=postgres -e POSTGRES_USER=pulp -e POSTGRES_PASSWORD=password -e POSTGRES_DB=pulp -e POSTGRES_INITDB_ARGS=--auth-host=scram-sha-256 -e POSTGRES_HOST_AUTH_METHOD=scram-sha-256 -v pg_datadev:/var/lib/postgresql/data -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/postgres/passwd:/etc/passwd:Z --net compose_default --network-alias postgres -p 5432:5432 --restart always --healthcheck-command /bin/sh -c 'pg_isready -U pulp' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/postgres:13
284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a
exit code: 0
podman volume inspect redis_datadev || podman volume create redis_datadev
['podman', 'volume', 'inspect', 'redis_datadev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_redis_1 -d --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=redis -v redis_datadev:/data --net compose_default --network-alias redis --restart always --healthcheck-command /bin/sh -c 'redis-cli ping' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/redis:latest
03d6ea33ae9f0953e464bac33b1ae4ccdeb1239821c3ace5864e799934144cfc
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_migration_service_1 -d --requires=compose_postgres_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=migration_service -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias migration_service localhost/pulp-minimal:latest pulpcore-manager migrate --noinput
846c85722f46a37e97bfe317ca09f99cce964b4a73d3de2434956fc747b8061f
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_set_init_password_service_1 -d --requires=compose_postgres_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=set_init_password_service -e PULP_DEFAULT_ADMIN_PASSWORD=password -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias set_init_password_service localhost/pulp-minimal:latest set_init_password.sh
42b09b3d13ec64d8e3db749edc8e03731403f525d394c42f64eb7fe4b1f9eb10
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_signing_key_service_1 -d --requires=compose_migration_service_1,compose_postgres_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=signing_key_service -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias signing_key_service localhost/pulp-minimal:latest sh -c add_signing_service.sh
95483b1071e74e8f063c7b67c0cacde64bee5d147194c0dd9b1100894c2cc5d0
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_content_1 -d --requires=compose_redis_1,compose_migration_service_1,compose_postgres_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=pulp_content -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_content -u pulp --hostname pulp-content --restart always --healthcheck-command /bin/sh -c 'readyz.py /pulp/content/' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/pulp-minimal:latest pulp-content
Error: generating dependency graph for container b33a3d5b2204bea0a3eea4747384979c25a39da9eb708e32701103b68dd6a1e6: container 846c85722f46a37e97bfe317ca09f99cce964b4a73d3de2434956fc747b8061f depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 127
podman start compose_pulp_content_1
Error: unable to start container "b33a3d5b2204bea0a3eea4747384979c25a39da9eb708e32701103b68dd6a1e6": generating dependency graph for container b33a3d5b2204bea0a3eea4747384979c25a39da9eb708e32701103b68dd6a1e6: container 846c85722f46a37e97bfe317ca09f99cce964b4a73d3de2434956fc747b8061f depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 125
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_content_2 -d --requires=compose_redis_1,compose_migration_service_1,compose_postgres_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=2 --label com.docker.compose.service=pulp_content -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_content -u pulp --hostname pulp-content --restart always --healthcheck-command /bin/sh -c 'readyz.py /pulp/content/' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/pulp-minimal:latest pulp-content
Error: generating dependency graph for container 7a17b68ae94f871772db0a2ec4abe9e189b7c0a9ac3f884b2be06069893e0425: container 846c85722f46a37e97bfe317ca09f99cce964b4a73d3de2434956fc747b8061f depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 127
podman start compose_pulp_content_2
Error: unable to start container "7a17b68ae94f871772db0a2ec4abe9e189b7c0a9ac3f884b2be06069893e0425": generating dependency graph for container 7a17b68ae94f871772db0a2ec4abe9e189b7c0a9ac3f884b2be06069893e0425: container 846c85722f46a37e97bfe317ca09f99cce964b4a73d3de2434956fc747b8061f depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 125
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_worker_1 -d --requires=compose_redis_1,compose_migration_service_1,compose_postgres_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=pulp_worker -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_worker -u pulp --restart always localhost/pulp-minimal:latest pulp-worker
Error: generating dependency graph for container 58b71de3a7643af027ed44d47039c4506da9219c1f3c1e339277427dcccf5e4b: container 846c85722f46a37e97bfe317ca09f99cce964b4a73d3de2434956fc747b8061f depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 127
podman start compose_pulp_worker_1
Error: unable to start container "58b71de3a7643af027ed44d47039c4506da9219c1f3c1e339277427dcccf5e4b": generating dependency graph for container 58b71de3a7643af027ed44d47039c4506da9219c1f3c1e339277427dcccf5e4b: container 846c85722f46a37e97bfe317ca09f99cce964b4a73d3de2434956fc747b8061f depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 125
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_worker_2 -d --requires=compose_redis_1,compose_migration_service_1,compose_postgres_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=2 --label com.docker.compose.service=pulp_worker -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_worker -u pulp --restart always localhost/pulp-minimal:latest pulp-worker
Error: generating dependency graph for container f5b4ea6a8f1b6f17f4faccc56178336a02d5ece30ef3ac0d53fc5a1e469ec700: container 846c85722f46a37e97bfe317ca09f99cce964b4a73d3de2434956fc747b8061f depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 127
podman start compose_pulp_worker_2
Error: unable to start container "f5b4ea6a8f1b6f17f4faccc56178336a02d5ece30ef3ac0d53fc5a1e469ec700": generating dependency graph for container f5b4ea6a8f1b6f17f4faccc56178336a02d5ece30ef3ac0d53fc5a1e469ec700: container 846c85722f46a37e97bfe317ca09f99cce964b4a73d3de2434956fc747b8061f depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 125
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_api_1 -d --requires=compose_redis_1,compose_postgres_1,compose_set_init_password_service_1,compose_signing_key_service_1,compose_migration_service_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=pulp_api -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_api -u pulp --hostname pulp-api --restart always --healthcheck-command /bin/sh -c 'readyz.py /pulp/api/v3/status/' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/pulp-minimal:latest pulp-api
Error: generating dependency graph for container 9da652ff18df132ae59b83ec981a940b7ea06a8f3bf3cdfda3ac0577f2a13c48: container 846c85722f46a37e97bfe317ca09f99cce964b4a73d3de2434956fc747b8061f depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 127
podman start compose_pulp_api_1
Error: unable to start container "9da652ff18df132ae59b83ec981a940b7ea06a8f3bf3cdfda3ac0577f2a13c48": generating dependency graph for container 9da652ff18df132ae59b83ec981a940b7ea06a8f3bf3cdfda3ac0577f2a13c48: container 846c85722f46a37e97bfe317ca09f99cce964b4a73d3de2434956fc747b8061f depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 125
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_api_2 -d --requires=compose_redis_1,compose_postgres_1,compose_set_init_password_service_1,compose_signing_key_service_1,compose_migration_service_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=2 --label com.docker.compose.service=pulp_api -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_api -u pulp --hostname pulp-api --restart always --healthcheck-command /bin/sh -c 'readyz.py /pulp/api/v3/status/' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/pulp-minimal:latest pulp-api
Error: generating dependency graph for container a09c33765160a6ae1f8a5f2d81606629f522ee02cf6123ff56950f5472ba8b13: container 95483b1071e74e8f063c7b67c0cacde64bee5d147194c0dd9b1100894c2cc5d0 depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 127
podman start compose_pulp_api_2
Error: unable to start container "a09c33765160a6ae1f8a5f2d81606629f522ee02cf6123ff56950f5472ba8b13": generating dependency graph for container a09c33765160a6ae1f8a5f2d81606629f522ee02cf6123ff56950f5472ba8b13: container 42b09b3d13ec64d8e3db749edc8e03731403f525d394c42f64eb7fe4b1f9eb10 depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 125
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_web_1 -d --requires=compose_redis_1,compose_postgres_1,compose_set_init_password_service_1,compose_signing_key_service_1,compose_pulp_content_1,compose_pulp_content_2,compose_pulp_api_1,compose_pulp_api_2,compose_migration_service_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=pulp_web -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/bin/nginx.sh:/usr/bin/nginx.sh:Z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/nginx/nginx.conf.template:/etc/nginx/nginx.conf.template:Z --net compose_default --network-alias pulp_web -p 8081:8080 -u root --hostname pulp --restart always localhost/pulp-web:latest /usr/bin/nginx.sh
Error: generating dependency graph for container 3df75cd79ffe19671636127f116d2e9bcea1edb8439e0db4f5dd44fb884f44f8: container 7a17b68ae94f871772db0a2ec4abe9e189b7c0a9ac3f884b2be06069893e0425 depends on container 03d6ea33ae9f0953e464bac33b1ae4ccdeb1239821c3ace5864e799934144cfc not found in input list: no such container
exit code: 127
podman start compose_pulp_web_1
Error: unable to start container "3df75cd79ffe19671636127f116d2e9bcea1edb8439e0db4f5dd44fb884f44f8": generating dependency graph for container 3df75cd79ffe19671636127f116d2e9bcea1edb8439e0db4f5dd44fb884f44f8: container 42b09b3d13ec64d8e3db749edc8e03731403f525d394c42f64eb7fe4b1f9eb10 depends on container 284c03bb5ff3c8e2aa2f383bf22f7e66421d2e0082187130dacca6bea543232a not found in input list: no such container
exit code: 125

Run multiple containers using compose with FIPS off

[root@gdev-podman1 compose]# fips-mode-setup --check
FIPS mode is disabled.

[root@gdev-podman1 compose]# podman compose up -d
>>>> Executing external compose provider "/bin/podman-compose". Please refer to the documentation for details. <<<<

podman-compose version: 1.0.6
['podman', '--version', '']
using podman version: 4.9.4-rhel
** excluding:  set()
['podman', 'ps', '--filter', 'label=io.podman.compose.project=compose', '-a', '--format', '{{ index .Labels "io.podman.compose.config-hash"}}']
podman volume inspect pg_datadev || podman volume create pg_datadev
['podman', 'volume', 'inspect', 'pg_datadev']
Error: no such volume pg_datadev
['podman', 'volume', 'create', '--label', 'io.podman.compose.project=compose', '--label', 'com.docker.compose.project=compose', 'pg_datadev']
['podman', 'volume', 'inspect', 'pg_datadev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_postgres_1 -d --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=postgres -e POSTGRES_USER=pulp -e POSTGRES_PASSWORD=password -e POSTGRES_DB=pulp -e POSTGRES_INITDB_ARGS=--auth-host=scram-sha-256 -e POSTGRES_HOST_AUTH_METHOD=scram-sha-256 -v pg_datadev:/var/lib/postgresql/data -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/postgres/passwd:/etc/passwd:Z --net compose_default --network-alias postgres -p 5432:5432 --restart always --healthcheck-command /bin/sh -c 'pg_isready -U pulp' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/postgres:13
506b8ebc9869ec1d6e10f21d766fbcc451a69a26d63fce884391094979f2f13a
exit code: 0
podman volume inspect redis_datadev || podman volume create redis_datadev
['podman', 'volume', 'inspect', 'redis_datadev']
Error: no such volume redis_datadev
['podman', 'volume', 'create', '--label', 'io.podman.compose.project=compose', '--label', 'com.docker.compose.project=compose', 'redis_datadev']
['podman', 'volume', 'inspect', 'redis_datadev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_redis_1 -d --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=redis -v redis_datadev:/data --net compose_default --network-alias redis --restart always --healthcheck-command /bin/sh -c 'redis-cli ping' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/redis:latest
ce6881fa2f400bdc4246ea57e1eabbc9b63d40bef66c68b517d2609dc4cb1791
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
Error: no such volume pulpdev
['podman', 'volume', 'create', '--label', 'io.podman.compose.project=compose', '--label', 'com.docker.compose.project=compose', 'pulpdev']
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_migration_service_1 -d --requires=compose_postgres_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=migration_service -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias migration_service localhost/pulp-minimal:latest pulpcore-manager migrate --noinput
2ef67e0d59a7d447ea8a4d5dc3ff25df4b4b3873a3751dcaa45d4c2d85430dd7
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_set_init_password_service_1 -d --requires=compose_postgres_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=set_init_password_service -e PULP_DEFAULT_ADMIN_PASSWORD=password -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias set_init_password_service localhost/pulp-minimal:latest set_init_password.sh
ea7957ea31d16a41ffdc0f154a6d68ef4a69b71e60a70355f71baccb85b7633c
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_signing_key_service_1 -d --requires=compose_postgres_1,compose_migration_service_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=signing_key_service -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias signing_key_service localhost/pulp-minimal:latest sh -c add_signing_service.sh
6980a83cd9325be9bb5bf50f674cab4c89e59433651edc139ffdfd093ef2b544
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_content_1 -d --requires=compose_postgres_1,compose_migration_service_1,compose_redis_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=pulp_content -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_content -u pulp --hostname pulp-content --restart always --healthcheck-command /bin/sh -c 'readyz.py /pulp/content/' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/pulp-minimal:latest pulp-content
0b773cd95932a8af59eb543b9fc97248111fbb0200e5a6af97b253dfda136aca
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_content_2 -d --requires=compose_postgres_1,compose_migration_service_1,compose_redis_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=2 --label com.docker.compose.service=pulp_content -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_content -u pulp --hostname pulp-content --restart always --healthcheck-command /bin/sh -c 'readyz.py /pulp/content/' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/pulp-minimal:latest pulp-content
8a8e6451b2d726f3b2d08c6464fe3f85f6c3bd66571c058c26037b1c9b003cd9
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_worker_1 -d --requires=compose_postgres_1,compose_migration_service_1,compose_redis_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=pulp_worker -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_worker -u pulp --restart always localhost/pulp-minimal:latest pulp-worker
78e8a763942728f5f396ede179db2df0aaa4bbc9925bfd4505f2190c2e83c274
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_worker_2 -d --requires=compose_postgres_1,compose_migration_service_1,compose_redis_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=2 --label com.docker.compose.service=pulp_worker -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_worker -u pulp --restart always localhost/pulp-minimal:latest pulp-worker
901dd0dcdcba306987b132ec5ef252f719f7f15264ad54729245e00d0d653d65
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_api_1 -d --requires=compose_postgres_1,compose_redis_1,compose_set_init_password_service_1,compose_migration_service_1,compose_signing_key_service_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=pulp_api -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_api -u pulp --hostname pulp-api --restart always --healthcheck-command /bin/sh -c 'readyz.py /pulp/api/v3/status/' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/pulp-minimal:latest pulp-api
ba31118087f62a4fd32787992007082ab22812711bb5bf5641ef5f32159e59d3
exit code: 0
podman volume inspect pulpdev || podman volume create pulpdev
['podman', 'volume', 'inspect', 'pulpdev']
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_api_2 -d --requires=compose_postgres_1,compose_redis_1,compose_set_init_password_service_1,compose_migration_service_1,compose_signing_key_service_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=2 --label com.docker.compose.service=pulp_api -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/settings.py:/etc/pulp/settings.py:z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/certs:/etc/pulp/certs:z -v pulpdev:/var/lib/pulp --net compose_default --network-alias pulp_api -u pulp --hostname pulp-api --restart always --healthcheck-command /bin/sh -c 'readyz.py /pulp/api/v3/status/' --healthcheck-interval 10s --healthcheck-timeout 5s --healthcheck-retries 5 localhost/pulp-minimal:latest pulp-api
c4e6c021dffa9a00f000a8a36c5fb01b84d2059dd94a277c2376216f8313a8ea
exit code: 0
['podman', 'network', 'exists', 'compose_default']
podman run --name=compose_pulp_web_1 -d --requires=compose_postgres_1,compose_redis_1,compose_pulp_content_1,compose_pulp_content_2,compose_pulp_api_1,compose_pulp_api_2,compose_set_init_password_service_1,compose_migration_service_1,compose_signing_key_service_1 --label io.podman.compose.config-hash=63516c693551fba4fa909f00937ac4ab43786198932c55e2fd7fcb37f6c87ccc --label io.podman.compose.project=compose --label io.podman.compose.version=1.0.6 --label [email protected] --label com.docker.compose.project=compose --label com.docker.compose.project.working_dir=/opt/pulp-compose/pulp-oci-images-latest/images/compose --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=pulp_web -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/bin/nginx.sh:/usr/bin/nginx.sh:Z -v /opt/pulp-compose/pulp-oci-images-latest/images/compose/assets/nginx/nginx.conf.template:/etc/nginx/nginx.conf.template:Z --net compose_default --network-alias pulp_web -p 8081:8080 -u root --hostname pulp --restart always localhost/pulp-web:latest /usr/bin/nginx.sh
16b1284332c3d718d1ce0a34e04422a237891858580698afc47eaa43d50a3587
exit code: 0

Again I get valid output from curl after waiting a few minutes for everything to be provisioned.
@jeremytourville jeremytourville mentioned this issue Jan 30, 2025
Open
@jeremytourville
Copy link
Author

@ggainey Can you assist with this or point me in the right direction? I see there is no SME for OCI images. Core Components SME List

@ggainey
Copy link
Contributor

ggainey commented Feb 10, 2025

I am not an SME around image-building, true. I do know that there are a lot of things to be careful of, if you want FIPS-mode to work - including how things are compiled. If we're not doing them (and I suspect we're not), you'll get errors like this. It could be something as simple as "not including the expected HMACs as part of the install process", IIRC. FIPS-mode is Very Picky (as it should be) - it's generally not as simple/easy as "turn it on".

@jeremytourville
Copy link
Author

@ggainey
I greatly appreciate your response.
I'm not compiling any images. I am simply using the image versions provided from docker hub or quay.io. I had sort of presumed FIPS support would be working. I was hoping somebody who knew the codebase could confirm if any FIPS capability exists or do I need to compile a custom version to get it to work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Triage-Needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ggainey @jeremytourville