feat(install): Adds support for podman(compose) (#3673)

Author: DuncanConroy

.github/workflows/test.yml

@@ -40,16 +40,30 @@ jobs:
     if: github.repository_owner == 'getsentry'
     runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
         os: [ubuntu-24.04, ubuntu-24.04-arm]
-    name: ${{ matrix.os == 'ubuntu-24.04-arm' && 'integration test (arm64)' || 'integration test' }}
+        container_engine: ['docker'] # TODO: add 'podman' into the list
+    name: ${{ matrix.os == 'ubuntu-24.04-arm' && (matrix.container_engine == 'docker' && 'integration test (arm64)' || 'integration test (arm64 podman)') || (matrix.container_engine == 'docker' && 'integration test' || 'integration test (podman)') }}
     env:
       REPORT_SELF_HOSTED_ISSUES: 0
       SELF_HOSTED_TESTING_DSN: ${{ vars.SELF_HOSTED_TESTING_DSN }}
+      CONTAINER_ENGINE_PODMAN: ${{ matrix.container_engine == 'podman' && '1' || '0' }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Install Podman
+        if: matrix.container_engine == 'podman'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends podman
+          # TODO: Replace below with podman-compose
+          #       We need this commit to be able to work: https://github.com/containers/podman-compose/commit/8206cc3ea277eee6c2e87d4cd66eba8eae3d44eb
+          pip3 install --user https://github.com/containers/podman-compose/archive/main.tar.gz
+          echo "PODMAN_COMPOSE_PROVIDER=podman-compose" >> $GITHUB_ENV
+          echo "PODMAN_COMPOSE_WARNING_LOGS=false" >> $GITHUB_ENV
+
       - name: Use action from local checkout
         uses: './'
         with:

docker-compose.yml

@@ -1,5 +1,7 @@
 x-restart-policy: &restart_policy
   restart: unless-stopped
+x-pull-policy: &pull_policy
+  pull_policy: never
 x-depends_on-healthy: &depends_on-healthy
   condition: service_healthy
 x-depends_on-default: &depends_on-default
@@ -15,7 +17,7 @@ x-healthcheck-defaults: &healthcheck_defaults
   retries: $HEALTHCHECK_RETRIES
   start_period: 10s
 x-sentry-defaults: &sentry_defaults
-  <<: *restart_policy
+  <<: [*restart_policy, *pull_policy]
   image: sentry-self-hosted-local
   # Set the platform to build for linux/arm64 when needed on Apple silicon Macs.
   platform: ${DOCKER_PLATFORM:-}
@@ -174,7 +176,7 @@ services:
       timeout: 10s
       retries: 30
   clickhouse:
-    <<: *restart_policy
+    <<: [*restart_policy, *pull_policy]
     image: clickhouse-self-hosted-local
     build:
       context: ./clickhouse
@@ -329,7 +331,7 @@ services:
         target: /etc/symbolicator
     command: run -c /etc/symbolicator/config.yml
   symbolicator-cleanup:
-    <<: *restart_policy
+    <<: [*restart_policy, *pull_policy]
     image: symbolicator-cleanup-self-hosted-local
     build:
       context: ./cron
@@ -550,7 +552,7 @@ services:
     profiles:
       - feature-complete
   vroom-cleanup:
-    <<: *restart_policy
+    <<: [*restart_policy, *pull_policy]
     image: vroom-cleanup-self-hosted-local
     build:
       context: ./cron

install/_detect-container-engine.sh

@@ -0,0 +1,12 @@
+echo "${_group}Detecting container engine ..."
+
+if [[ "${CONTAINER_ENGINE_PODMAN:-0}" -eq 1 ]] && command -v podman &>/dev/null; then
+  export CONTAINER_ENGINE="podman"
+elif command -v docker &>/dev/null; then
+  export CONTAINER_ENGINE="docker"
+else
+  echo "FAIL: Neither podman nor docker is installed on the system."
+  exit 1
+fi
+echo "Detected container engine: $CONTAINER_ENGINE"
+echo "${_endgroup}"

install/_min-requirements.sh

@@ -2,6 +2,9 @@
 MIN_DOCKER_VERSION='19.03.6'
 MIN_COMPOSE_VERSION='2.32.2'
 
+MIN_PODMAN_VERSION='4.9.3'
+MIN_PODMAN_COMPOSE_VERSION='1.3.0'
+
 # 16 GB minimum host RAM, but there'll be some overhead outside of what
 # can be allotted to docker
 if [[ "$COMPOSE_PROFILES" == "errors-only" ]]; then

install/build-docker-images.sh

@@ -3,10 +3,10 @@ echo "${_group}Building and tagging Docker images ..."
 echo ""
 # Build any service that provides the image sentry-self-hosted-local first,
 # as it is used as the base image for sentry-cleanup-self-hosted-local.
-$dcb --force-rm web
+$dcb web
 # Build each other service individually to localize potential failures better.
 for service in $($dc config --services); do
-  $dcb --force-rm "$service"
+  $dcb "$service"
 done
 echo ""
 echo "Docker images built."

install/check-minimum-requirements.sh

@@ -2,31 +2,41 @@ echo "${_group}Checking minimum requirements ..."
 
 source install/_min-requirements.sh
 
-DOCKER_VERSION=$(docker version --format '{{.Server.Version}}' || echo '')
+DOCKER_VERSION=$($CONTAINER_ENGINE version --format '{{.Server.Version}}' || echo '')
 if [[ -z "$DOCKER_VERSION" ]]; then
-  echo "FAIL: Unable to get docker version, is the docker daemon running?"
+  echo "FAIL: Unable to get $CONTAINER_ENGINE version, is the $CONTAINER_ENGINE daemon running?"
   exit 1
 fi
 
-if ! vergte ${DOCKER_VERSION//v/} $MIN_DOCKER_VERSION; then
-  echo "FAIL: Expected minimum docker version to be $MIN_DOCKER_VERSION but found $DOCKER_VERSION"
-  exit 1
-fi
-echo "Found Docker version $DOCKER_VERSION"
-
-if ! vergte ${COMPOSE_VERSION//v/} $MIN_COMPOSE_VERSION; then
-  echo "FAIL: Expected minimum $dc_base version to be $MIN_COMPOSE_VERSION but found $COMPOSE_VERSION"
-  exit 1
+if [[ "$CONTAINER_ENGINE" == "docker" ]]; then
+  if ! vergte ${DOCKER_VERSION//v/} $MIN_DOCKER_VERSION; then
+    echo "FAIL: Expected minimum docker version to be $MIN_DOCKER_VERSION but found $DOCKER_VERSION"
+    exit 1
+  fi
+  if ! vergte ${COMPOSE_VERSION//v/} $MIN_COMPOSE_VERSION; then
+    echo "FAIL: Expected minimum $dc_base version to be $MIN_COMPOSE_VERSION but found $COMPOSE_VERSION"
+    exit 1
+  fi
+elif [[ "$CONTAINER_ENGINE" == "podman" ]]; then
+  if ! vergte ${DOCKER_VERSION//v/} $MIN_PODMAN_VERSION; then
+    echo "FAIL: Expected minimum podman version to be $MIN_PODMAN_VERSION but found $DOCKER_VERSION"
+    exit 1
+  fi
+  if ! vergte ${COMPOSE_VERSION//v/} $MIN_PODMAN_COMPOSE_VERSION; then
+    echo "FAIL: Expected minimum $dc_base version to be $MIN_PODMAN_COMPOSE_VERSION but found $COMPOSE_VERSION"
+    exit 1
+  fi
 fi
-echo "Found Docker Compose version $COMPOSE_VERSION"
+echo "Found $CONTAINER_ENGINE version $DOCKER_VERSION"
+echo "Found $CONTAINER_ENGINE Compose version $COMPOSE_VERSION"
 
-CPU_AVAILABLE_IN_DOCKER=$(docker run --rm busybox nproc --all)
+CPU_AVAILABLE_IN_DOCKER=$($CONTAINER_ENGINE run --rm busybox nproc --all)
 if [[ "$CPU_AVAILABLE_IN_DOCKER" -lt "$MIN_CPU_HARD" ]]; then
   echo "FAIL: Required minimum CPU cores available to Docker is $MIN_CPU_HARD, found $CPU_AVAILABLE_IN_DOCKER"
   exit 1
 fi
 
-RAM_AVAILABLE_IN_DOCKER=$(docker run --rm busybox free -m 2>/dev/null | awk '/Mem/ {print $2}')
+RAM_AVAILABLE_IN_DOCKER=$($CONTAINER_ENGINE run --rm busybox free -m 2>/dev/null | awk '/Mem/ {print $2}')
 if [[ "$RAM_AVAILABLE_IN_DOCKER" -lt "$MIN_RAM_HARD" ]]; then
   echo "FAIL: Required minimum RAM available to Docker is $MIN_RAM_HARD MB, found $RAM_AVAILABLE_IN_DOCKER MB"
   exit 1
@@ -35,9 +45,9 @@ fi
 #SSE4.2 required by Clickhouse (https://clickhouse.yandex/docs/en/operations/requirements/)
 # On KVM, cpuinfo could falsely not report SSE 4.2 support, so skip the check. https://github.com/ClickHouse/ClickHouse/issues/20#issuecomment-226849297
 # This may also happen on other virtualization software such as on VMWare ESXi hosts.
-IS_KVM=$(docker run --rm busybox grep -c 'Common KVM processor' /proc/cpuinfo || :)
+IS_KVM=$($CONTAINER_ENGINE run --rm busybox grep -c 'Common KVM processor' /proc/cpuinfo || :)
 if [[ ! "$SKIP_SSE42_REQUIREMENTS" -eq 1 && "$IS_KVM" -eq 0 && "$DOCKER_ARCH" = "x86_64" ]]; then
-  SUPPORTS_SSE42=$(docker run --rm busybox grep -c sse4_2 /proc/cpuinfo || :)
+  SUPPORTS_SSE42=$($CONTAINER_ENGINE run --rm busybox grep -c sse4_2 /proc/cpuinfo || :)
   if [[ "$SUPPORTS_SSE42" -eq 0 ]]; then
     echo "FAIL: The CPU your machine is running on does not support the SSE 4.2 instruction set, which is required for one of the services Sentry uses (Clickhouse). See https://github.com/getsentry/self-hosted/issues/340 for more info."
     exit 1

install/create-docker-volumes.sh

@@ -1,10 +1,21 @@
 echo "${_group}Creating volumes for persistent storage ..."
 
-echo "Created $(docker volume create --name=sentry-clickhouse)."
-echo "Created $(docker volume create --name=sentry-data)."
-echo "Created $(docker volume create --name=sentry-kafka)."
-echo "Created $(docker volume create --name=sentry-postgres)."
-echo "Created $(docker volume create --name=sentry-redis)."
-echo "Created $(docker volume create --name=sentry-symbolicator)."
+create_volume() {
+  create_command="$CONTAINER_ENGINE volume create"
+  if [ "$CONTAINER_ENGINE" = "podman" ]; then
+    create_command="$create_command --ignore $1"
+  else
+    create_command="$create_command --name=$1"
+  fi
+
+  $create_command
+}
+
+echo "Created $(create_volume sentry-clickhouse)."
+echo "Created $(create_volume sentry-data)."
+echo "Created $(create_volume sentry-kafka)."
+echo "Created $(create_volume sentry-postgres)."
+echo "Created $(create_volume sentry-redis)."
+echo "Created $(create_volume sentry-symbolicator)."
 
 echo "${_endgroup}"

install/dc-detect-version.sh

@@ -6,17 +6,27 @@ else
   _endgroup=""
 fi
 
-echo "${_group}Initializing Docker Compose ..."
+echo "${_group}Initializing Docker|Podman Compose ..."
+
+export CONTAINER_ENGINE="docker"
+if [[ "${CONTAINER_ENGINE_PODMAN:-0}" -eq 1 ]]; then
+  if command -v podman &>/dev/null; then
+    export CONTAINER_ENGINE="podman"
+  else
+    echo "FAIL: Podman is not installed on the system."
+    exit 1
+  fi
+fi
 
 # To support users that are symlinking to docker-compose
-dc_base="$(docker compose version --short &>/dev/null && echo 'docker compose' || echo '')"
-dc_base_standalone="$(docker-compose version --short &>/dev/null && echo 'docker-compose' || echo '')"
+dc_base="$(${CONTAINER_ENGINE} compose version --short &>/dev/null && echo "$CONTAINER_ENGINE compose" || echo '')"
+dc_base_standalone="$(${CONTAINER_ENGINE}-compose version --short &>/dev/null && echo "$CONTAINER_ENGINE-compose" || echo '')"
 
 COMPOSE_VERSION=$([ -n "$dc_base" ] && $dc_base version --short || echo '')
 STANDALONE_COMPOSE_VERSION=$([ -n "$dc_base_standalone" ] && $dc_base_standalone version --short || echo '')
 
 if [[ -z "$COMPOSE_VERSION" && -z "$STANDALONE_COMPOSE_VERSION" ]]; then
-  echo "FAIL: Docker Compose is required to run self-hosted"
+  echo "FAIL: Docker|Podman Compose is required to run self-hosted"
   exit 1
 fi
 
@@ -25,14 +35,57 @@ if [[ -z "$COMPOSE_VERSION" ]] || [[ -n "$STANDALONE_COMPOSE_VERSION" ]] && ! ve
   dc_base="$dc_base_standalone"
 fi
 
+if [[ "$CONTAINER_ENGINE" == "podman" ]]; then
+  NO_ANSI="--no-ansi"
+else
+  NO_ANSI="--ansi never"
+fi
+
 if [[ "$(basename $0)" = "install.sh" ]]; then
-  dc="$dc_base --ansi never --env-file ${_ENV}"
+  dc="$dc_base $NO_ANSI --env-file ${_ENV}"
 else
-  dc="$dc_base --ansi never"
+  dc="$dc_base $NO_ANSI"
 fi
+
 proxy_args="--build-arg http_proxy=${http_proxy:-} --build-arg https_proxy=${https_proxy:-} --build-arg no_proxy=${no_proxy:-}"
-dcr="$dc run --pull=never --rm"
+if [[ "$CONTAINER_ENGINE" == "podman" ]]; then
+  proxy_args_dc="--podman-build-args http_proxy=${http_proxy:-},https_proxy=${https_proxy:-},no_proxy=${no_proxy:-}"
+  # Disable pod creation as these are one-off commands and creating a pod
+  # prints its pod id to stdout which is messing with the output that we
+  # rely on various places such as configuration generation
+  dcr="$dc --profile=feature-complete --in-pod=false run --rm"
+else
+  proxy_args_dc=$proxy_args
+  dcr="$dc run --pull=never --rm"
+fi
 dcb="$dc build $proxy_args"
-dbuild="docker build $proxy_args"
+dbuild="$CONTAINER_ENGINE build $proxy_args"
 echo "$dcr"
+# Utility function to handle --wait with docker and podman
+function start_service_and_wait_ready() {
+  local options=()
+  local services=()
+  local found_service=0
+
+  for arg in "$@"; do
+    if [[ $found_service -eq 0 && "$arg" == -* ]]; then
+      options+=("$arg")
+    else
+      found_service=1
+      services+=("$arg")
+    fi
+  done
+
+  if [ "$CONTAINER_ENGINE" = "podman" ]; then
+    $dc up --force-recreate -d "${options[@]}" "${services[@]}"
+    for service in "${services[@]}"; do
+      while ! $CONTAINER_ENGINE ps --filter "health=healthy" | grep "$service"; do
+        sleep 2
+      done
+    done
+  else
+    $dc up --wait "${options[@]}" "${services[@]}"
+  fi
+}
+
 echo "${_endgroup}"

install/detect-platform.sh

@@ -1,3 +1,5 @@
+source install/_detect-container-engine.sh
+
 echo "${_group}Detecting Docker platform"
 
 # Sentry SaaS uses stock Yandex ClickHouse, but they don't provide images that
@@ -12,13 +14,13 @@ echo "${_group}Detecting Docker platform"
 # linux/amd64 by default due to virtualization.
 # See https://github.com/docker/cli/issues/3286 for the Docker bug.
 
-if ! command -v docker &>/dev/null; then
-  echo "FAIL: Could not find a \`docker\` binary on this system. Are you sure it's installed?"
-  exit 1
+FORMAT="{{.Architecture}}"
+if [[ $CONTAINER_ENGINE == "podman" ]]; then
+  FORMAT="{{.Host.Arch}}"
 fi
 
-export DOCKER_ARCH=$(docker info --format '{{.Architecture}}')
-if [[ "$DOCKER_ARCH" = "x86_64" ]]; then
+export DOCKER_ARCH=$($CONTAINER_ENGINE info --format "$FORMAT")
+if [[ "$DOCKER_ARCH" = "x86_64" || "$DOCKER_ARCH" = "amd64" ]]; then
   export DOCKER_PLATFORM="linux/amd64"
 elif [[ "$DOCKER_ARCH" = "aarch64" ]]; then
   export DOCKER_PLATFORM="linux/arm64"

install/ensure-correct-permissions-profiles-dir.sh

@@ -3,5 +3,7 @@
 # TODO: Remove this after the next hard-stop
 
 echo "${_group}Ensuring correct permissions on profiles directory ..."
+
 $dcr --no-deps --entrypoint /bin/bash --user root vroom -c 'chown -R vroom:vroom /var/vroom/sentry-profiles && chmod -R o+rwx /var/vroom/sentry-profiles'
+
 echo "${_endgroup}"