How to run tiflash next-gen integration tests with `podman` under rockylinux 9

README-macos.md

Running podman on macos

> brew install podman
> brew install podman-compose

> podman machine init
> podman machine start
> podman machine list
NAME                     VM TYPE     CREATED        LAST UP            CPUS        MEMORY      DISK SIZE
podman-machine-default*  applehv     3 minutes ago  Currently running  5           2GiB        100GiB

References

• https://zhuanlan.zhihu.com/p/22886116297
• https://william-yeh.net/post/2023/02/wsl2-podman-k3s/

README.md

Why using podman instead of docker?

podman is a drop-in replacement for docker with native support for rootless secure opperation. Most users can simply alias Docker to Podman (alias docker=podman) without any problems.

I'm using podman so that the output logging and data files of tiflash integration tests is owned by the users but not root, which is more friendly for running and debugging tiflash tests.

Install podman

> sudo yum -y install podman crun

> podman --version
podman version 5.2.2

> crun --version
crun version 1.16.1
commit: afa829ca0122bd5e1d67f1f38e6cc348027e3c32
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL

Check whether podman run normally

If podman output error log as below:

> podman ps
ERRO[0000] running `/usr/bin/newuidmap 701148 0 1000 1 1 100000 65536`: newuidmap: write to uid_map failed: Operation not permitted
Error: cannot set up namespace using "/usr/bin/newuidmap": should have setuid or have filecaps setuid: exit status 1

Then fix the issue as below

# Reference
# https://github.com/containers/podman/discussions/23861
# https://github.com/containers/podman/discussions/11217
> sudo usermod --add-subuids 100000-200000 --add-subgids 100000-200000 $(whoami)
> sudo chmod 0755 /usr/bin/newuidmap /usr/bin/newgidmap

> mkdir -pv ~/.config/containers/
> vi ~/.config/containers/storage.conf

[storage]
# Default storage driver, must be set for proper operation.
driver = "overlay"

[storage.options.overlay]
ignore_chown_errors = "true"

Check whether podman compose run normally

> pip3 install podman-compose --user
> podman compose --version
podman-compose version 1.4.0
podman version 5.2.2

Build the docker image for running CI on rockylinux 9

The binary built under rocklinux 9 can not be directly run with the default rocklinux 8 ci base image.

> podman logs fullstack-test-next-gen_tiflash-wn0_1 2>&1 | head
/tiflash/tiflash: /lib64/libm.so.6: version `GLIBC_2.29' not found (required by /tiflash/tiflash)
/tiflash/tiflash: /lib64/libc.so.6: version `GLIBC_2.29' not found (required by /tiflash/tiflash)
/tiflash/tiflash: /lib64/libc.so.6: version `GLIBC_2.32' not found (required by /tiflash/tiflash)
/tiflash/tiflash: /lib64/libc.so.6: version `GLIBC_2.33' not found (required by /tiflash/tiflash)

> cat > Dockerfile-tiflash-ci-base-20250529 << EOF
FROM rockylinux:9.3

USER root
WORKDIR /root/

ENV HOME=/root/
ENV TZ=Asia/Shanghai
ENV LD_LIBRARY_PATH=/tiflash

# refer to https://github.com/CentOS/sig-cloud-instance-images/issues/154
RUN dnf install -y glibc-langpack-en
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

RUN dnf install -y https://dev.mysql.com/get/mysql80-community-release-el8-1.noarch.rpm && \
    dnf install -y mysql-community-client --nogpgcheck
EOF
> podman build -f Dockerfile-tiflash-ci-base-20250529 -t hub.pingcap.net/tiflash/tiflash-ci-base:rocky9-20250529 .