Use tpa managed podman for working defaults values

shelikhoorequested to merge
shelikhoo/webtunnel:dev-use-tpa-managed-podman-vh33WVCC-7LkKCYbm-uJuH4QzY into main

The buildah image from upstream has issue working with some of the third party runners:

[1/2] STEP 5/5: RUN go build -ldflags="-s -w" -o "build/server" gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/main/server Error: building at STEP "RUN go build -ldflags="-s -w" -o "build/server" gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/main/server": setting "RLIMIT_NOFILE" limit to soft=1048576,hard=1048576 (was soft=524287,hard=524288): operation not permitted

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/jobs/1256774

This merge request fix that.

Click to expand 
Did we recently added restriction on gitlab runners? I encountered the following error when running buildah : [1/2] STEP 5/5: RUN go build -ldflags="-s -w" -o "build/server" gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/main/server
Error: building at STEP "RUN go build -ldflags="-s -w" -o "build/server" gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/main/server": setting "RLIMIT_NOFILE" limit to soft=1048576,hard=1048576 (was soft=524287,hard=524288): operation not permitted
Sign in · GitLab
Welcome to The Tor Project's Gitlab
lavamind (IRC)
SShelikhoo: what runner is that
Shelikhoo
#372 (HfiV8GrW) ci-x64-runner5-osuosl 
lavamind (IRC)
tpa doesn't manage all the runners
Shelikhoo
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/jobs/1256765
build-server-container (#1256765) · Jobs · The Tor Project / Anti-censorship / Pluggable Transports / WebTunnel · GitLab - GitLab
Pluggable Transport based on HTTP Upgrade(HTTPT)
lavamind (IRC)
that is a osuosl, external runner
so, we don't know
did the same job used to work?
seems like you hit some kind of limit
Shelikhoo
I think it is the buildah is trying to increase limit, but it was rejected
and it treat it as a critical failure
that being said I think the old limit works okay for my build script
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/jobs/1256774
build-server-container (#1256774) · Jobs · The Tor Project / Anti-censorship / Pluggable Transports / WebTunnel · GitLab - GitLab
Pluggable Transport based on HTTP Upgrade(HTTPT)
Yes, I have tried an earlier version of the main branch, it works on Sep and broken now 
lavamind (IRC)
SShelikhoo: I don't think it's buildah that's messing with the limit, it's probably go build
Shelikhoo
Yes, personally I think it is the buildah, let me try to find out...
BTW, let's me try to set the runner manually for now
I see it works on another runner
https://gitlab.torproject.org/shelikhoo/webtunnel/-/jobs/1256742
build-server-container (#1256742) · Jobs · shelikhoo / WebTunnel · GitLab - GitLab
Pluggable Transport based on HTTP Upgrade(HTTPT)
#375 (5LqHbg3A) ci-runner-x86-02-main 
lavamind (IRC)
right, you ca target tpa runners with the "tpa" tags if you want
Shelikhoo
yes! thanks! I will do this first and get things done, before trying to find out the root cause of the error. Thanks!!!
Shelikhoo
llavamind (IRC): I have tested and it shows it is the buildah that has trouble with ulimit restriction: https://gitlab.torproject.org/shelikhoo/webtunnel/-/jobs/1256865#L45
build-server-container (#1256865) · Jobs · shelikhoo / WebTunnel · GitLab - GitLab
Pluggable Transport based on HTTP Upgrade(HTTPT)
[1/2] STEP 4/6: WORKDIR /webtunnel
[1/2] STEP 5/6: RUN ls -l
Error: building at STEP "RUN ls -l": setting "RLIMIT_NOFILE" limit to soft=1048576,hard=1048576 (was soft=524287,hard=524288): operation not permitted
lavamind (IRC)
oh wow
interesting
SShelikhoo: buildah build has a "--ulimit" command line argument https://manpages.debian.org/trixie/buildah/buildah-build.1.en.html
buildah-build(1) — buildah — Debian trixie — Debian Manpages
MANPAGES Skip Quicknav Index About Manpages FAQ Service Information / trixie / buildah / buildah-build(1) links language-indep link
maybe your container image, quay.io/buildah/stable, has a too high limit
Quay
Quay is the best place to build, store, and distribute your containers. Public repositories are always free.
did you try building your image with containers.torproject.org/tpo/tpa/base-images/podman:stable ?
Shelikhoo
Let's me try it and let you know if tpa/base-images/podman:stable doesn't work...
lavamind (IRC)
ok!

Merge request reports