release 1.0.3

Reverse services when stopping or restarting

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,54 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+Please make sure it's not a bug in podman (in that case report it to podman)
+or your understanding of docker-compose or how rootless containers work (for example, it's normal for rootless container not to be able to listen for port less than 1024 like 80)
+
+please try to reproduce the bug in latest devel branch
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. what is the content of the current working directory (ex. `docker-compose.yml`, `.env`, `Dockerfile`, ...etc.)
+2. what is the sequence of commands you typed
+
+please use [minimal reproducible example](https://stackoverflow.com/help/minimal-reproducible-example) for example give me a small busybox-based compose yaml
+
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Actual behavior**
+What is the behavior you actually got and that should not happen.
+
+
+**Output**
+
+```
+$ podman-compose version
+using podman version: 3.4.0
+podman-composer version  0.1.7dev
+podman --version 
+podman version 3.4.0
+
+$ podman-compose up
+...
+
+```
+
+**Environment:**
+ - OS: Linux / WSL / Mac
+ - podman version: 
+ - podman compose version: (git hex)
+
+**Additional context**
+
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

CODE-OF-CONDUCT.md

@@ -0,0 +1,3 @@
+## The Podman Compose Project Community Code of Conduct
+
+The Podman Compose project follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/master/CODE-OF-CONDUCT.md).

CONTRIBUTING.md

@@ -54,12 +54,11 @@ def compose_up(compose, args):
 
 
 ## Missing Commands (help needed)
-
+```
   bundle             Generate a Docker bundle from the Compose file
   config             Validate and view the Compose file
   create             Create services
   events             Receive real time events from containers
-  exec               Execute a command in a running container
   images             List images
   kill               Kill containers
   logs               View output from containers
@@ -72,3 +71,4 @@ def compose_up(compose, args):
   top                Display the running processes
   unpause            Unpause services
   version            Show the Docker-Compose version information
+```

README.md

@@ -1,28 +1,44 @@
 # Podman Compose
 
-An implementation of `docker-compose` with [podman](https://podman.io/) backend.
+An implementation of [Compose Spec](https://compose-spec.io/) with [Podman](https://podman.io/) backend.
-The main objective of this project is to be able to run `docker-compose.yml` unmodified and rootless.
+This project focus on:
-This project is aimed to provide drop-in replacement for `docker-compose`,
-and it's very useful for certain cases because:
 
-- can run rootless
+* rootless
-- only depend on `podman` and Python3 and [PyYAML](https://pyyaml.org/)
+* daemon-less process model, we directly execute podman, no running daemon.
-- no daemon, no setup.
+
-- can be used by developers to run single-machine containerized stacks using single familiar YAML file
+This project only depend on:
+
+* `podman`
+* Python3
+* [PyYAML](https://pyyaml.org/)
+* [python-dotenv](https://pypi.org/project/python-dotenv/)
+
+And it's formed as a single python file script that you can drop into your PATH and run.
+
+## References:
+
+* [spec.md](https://github.com/compose-spec/compose-spec/blob/master/spec.md)
+* [docker-compose compose-file-v3](https://docs.docker.com/compose/compose-file/compose-file-v3/)
+* [docker-compose compose-file-v2](https://docs.docker.com/compose/compose-file/compose-file-v2/)
+
+## Alternatives
+
+As in [this article](https://fedoramagazine.org/use-docker-compose-with-podman-to-orchestrate-containers-on-fedora/) you can setup a `podman.socket` and use unmodified `docker-compose` that talks to that socket but in this case you lose the process-model (ex. `docker-compose build` will send a possibly large context tarball to the daemon)
 
 For production-like single-machine containerized environment consider
 
 - [k3s](https://k3s.io) | [k3s github](https://github.com/rancher/k3s)
 - [MiniKube](https://minikube.sigs.k8s.io/)
-- [MiniShift](https://www.okd.io/minishift/)
-
 
 For the real thing (multi-node clusters) check any production
-OpenShift/Kubernetes distribution like [OKD](https://www.okd.io/minishift/).
+OpenShift/Kubernetes distribution like [OKD](https://www.okd.io/).
 
-## NOTE
+## Versions
 
-This project is still underdevelopment.
+If you have legacy version of `podman` (before 3.1.0) you might need to stick with legacy `podman-compose` `0.1.x` branch.
+The legacy branch 0.1.x uses mappings and workarounds to compensate for rootless limitations.
+
+Modern podman versions (>=3.4) do not have those limitations and thus you can use latest and stable 1.x branch.
 
 ## Installation
 
@@ -47,13 +63,19 @@ curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containe
 chmod +x /usr/local/bin/podman-compose
 ```
 
-or 
+or inside your home
 
 ```
 curl -o ~/.local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py
 chmod +x ~/.local/bin/podman-compose
 ```
 
+or install from Fedora (starting from f31) repositories:
+
+```
+sudo dnf install podman-compose
+```
+
 ## Basic Usage
 
 We have included fully functional sample stacks inside `examples/` directory.
@@ -78,18 +100,11 @@ which have
 
 
 When testing the `AWX3` example, if you got errors just wait for db migrations to end. 
-
+There is also AWX 17.1.0
 
 ## Tests
 
 Inside `tests/` directory we have many useless docker-compose stacks
 that are meant to test as much cases as we can to make sure we are compatible
 
-## How it works
-
-The default mapping `1podfw` creates a single pod and attach all containers to
-its network namespace so that all containers talk via localhost.
-For more information see [docs/Mappings.md](docs/Mappings.md).
-
-If you are running as root, you might use identity mapping.
 

SECURITY.md

@@ -0,0 +1,3 @@
+## Security and Disclosure Information Policy for the Podman Compose Project
+
+The Podman Compose Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/master/SECURITY.md) for the Containers Projects.

examples/awx17/README.md

@@ -0,0 +1,37 @@
+# AWX Compose
+
+the directory roles is taken from [here](https://github.com/ansible/awx/tree/17.1.0/installer/roles/local_docker)
+
+also look at https://github.com/ansible/awx/tree/17.1.0/tools/docker-compose
+
+```
+mkdir deploy awx17
+ansible localhost \
+    -e host_port=8080 \
+    -e awx_secret_key='awx,secret.123' \
+    -e secret_key='awx,secret.123' \
+    -e admin_user='admin' \
+    -e admin_password='admin' \
+    -e pg_password='awx,123.' \
+    -e pg_username='awx' \
+    -e pg_database='awx' \
+    -e pg_port='5432' \
+    -e redis_image="docker.io/library/redis:6-alpine" \
+    -e postgres_data_dir="./data/pg" \
+    -e compose_start_containers=false \
+    -e dockerhub_base='docker.io/ansible' \
+    -e awx_image='docker.io/ansible/awx' \
+    -e awx_version='17.1.0' \
+    -e dockerhub_version='17.1.0' \
+    -e docker_deploy_base_path=$PWD/deploy \
+    -e docker_compose_dir=$PWD/awx17 \
+    -e awx_task_hostname=awx \
+    -e awx_web_hostname=awxweb \
+    -m include_role -a name=local_docker
+cp awx17/docker-compose.yml awx17/docker-compose.yml.orig
+sed -i -re "s#- \"$PWD/awx17/(.*):/#- \"./\1:/#" awx17/docker-compose.yml
+cd awx17
+podman-compose run --rm --service-ports task awx-manage migrate --no-input
+podman-compose up -d
+```
+

examples/awx17/roles/local_docker/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+dockerhub_version: "{{ lookup('file', playbook_dir + '/../VERSION') }}"
+
+awx_image: "awx"
+redis_image: "redis"
+
+postgresql_version: "12"
+postgresql_image: "postgres:{{postgresql_version}}"
+
+compose_start_containers: true
+upgrade_postgres: false

examples/awx17/roles/local_docker/tasks/compose.yml

@@ -0,0 +1,74 @@
+---
+- name: Create {{ docker_compose_dir }} directory
+  file:
+    path: "{{ docker_compose_dir }}"
+    state: directory
+
+- name: Create Redis socket directory
+  file:
+    path: "{{ docker_compose_dir }}/redis_socket"
+    state: directory
+    mode: 0777
+
+- name: Create Docker Compose Configuration
+  template:
+    src: "{{ item.file }}.j2"
+    dest: "{{ docker_compose_dir }}/{{ item.file }}"
+    mode: "{{ item.mode }}"
+  loop:
+    - file: environment.sh
+      mode: "0600"
+    - file: credentials.py
+      mode: "0600"
+    - file: docker-compose.yml
+      mode: "0600"
+    - file: nginx.conf
+      mode: "0600"
+    - file: redis.conf
+      mode: "0664"
+  register: awx_compose_config
+
+- name: Render SECRET_KEY file
+  copy:
+    content: "{{ secret_key }}"
+    dest: "{{ docker_compose_dir }}/SECRET_KEY"
+    mode: 0600
+  register: awx_secret_key
+
+- block:
+    - name: Remove AWX containers before migrating postgres so that the old postgres container does not get used
+      docker_compose:
+        project_src: "{{ docker_compose_dir }}"
+        state: absent
+      ignore_errors: true
+
+    - name: Run migrations in task container
+      shell: docker-compose run --rm --service-ports task awx-manage migrate --no-input
+      args:
+        chdir: "{{ docker_compose_dir }}"
+
+    - name: Start the containers
+      docker_compose:
+        project_src: "{{ docker_compose_dir }}"
+        restarted: "{{ awx_compose_config is changed or awx_secret_key is changed }}"
+      register: awx_compose_start
+
+    - name: Update CA trust in awx_web container
+      command: docker exec awx_web '/usr/bin/update-ca-trust'
+      when: awx_compose_config.changed or awx_compose_start.changed
+
+    - name: Update CA trust in awx_task container
+      command: docker exec awx_task '/usr/bin/update-ca-trust'
+      when: awx_compose_config.changed or awx_compose_start.changed
+
+    - name: Wait for launch script to create user
+      wait_for:
+        timeout: 10
+      delegate_to: localhost
+
+    - name: Create Preload data
+      command: docker exec awx_task bash -c "/usr/bin/awx-manage create_preload_data"
+      when: create_preload_data|bool
+      register: cdo
+      changed_when: "'added' in cdo.stdout"
+  when: compose_start_containers|bool

examples/awx17/roles/local_docker/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- name: Generate broadcast websocket secret
+  set_fact:
+    broadcast_websocket_secret: "{{ lookup('password', '/dev/null length=128') }}"
+  run_once: true
+  no_log: true
+  when: broadcast_websocket_secret is not defined
+
+- import_tasks: upgrade_postgres.yml
+  when:
+    - postgres_data_dir is defined
+    - pg_hostname is not defined
+
+- import_tasks: set_image.yml
+- import_tasks: compose.yml

examples/awx17/roles/local_docker/tasks/set_image.yml

@@ -0,0 +1,46 @@
+---
+- name: Manage AWX Container Images
+  block:
+    - name: Export Docker awx image if it isnt local and there isnt a registry defined
+      docker_image:
+        name: "{{ awx_image }}"
+        tag: "{{ awx_version }}"
+        archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_image }}_{{ awx_version }}.tar"
+      when: inventory_hostname != "localhost" and docker_registry is not defined
+      delegate_to: localhost
+
+    - name: Set docker base path
+      set_fact:
+        docker_deploy_base_path: "{{ awx_base_path|default('/tmp') }}/docker_deploy"
+      when: ansible_connection != "local" and docker_registry is not defined
+
+    - name: Ensure directory exists
+      file:
+        path: "{{ docker_deploy_base_path }}"
+        state: directory
+      when: ansible_connection != "local" and docker_registry is not defined
+
+    - name: Copy awx image to docker execution
+      copy:
+        src: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_image }}_{{ awx_version }}.tar"
+        dest: "{{ docker_deploy_base_path }}/{{ awx_image }}_{{ awx_version }}.tar"
+      when: ansible_connection != "local" and docker_registry is not defined
+
+    - name: Load awx image
+      docker_image:
+        name: "{{ awx_image }}"
+        tag: "{{ awx_version }}"
+        load_path: "{{ docker_deploy_base_path }}/{{ awx_image }}_{{ awx_version }}.tar"
+        timeout: 300
+      when: ansible_connection != "local" and docker_registry is not defined
+
+    - name: Set full image path for local install
+      set_fact:
+        awx_docker_actual_image: "{{ awx_image }}:{{ awx_version }}"
+      when: docker_registry is not defined
+  when: dockerhub_base is not defined
+
+- name: Set DockerHub Image Paths
+  set_fact:
+    awx_docker_actual_image: "{{ dockerhub_base }}/awx:{{ dockerhub_version }}"
+  when: dockerhub_base is defined

examples/awx17/roles/local_docker/tasks/upgrade_postgres.yml

@@ -0,0 +1,64 @@
+---
+
+- name: Create {{ postgres_data_dir }} directory
+  file:
+    path: "{{ postgres_data_dir }}"
+    state: directory
+
+- name: Get full path of postgres data dir
+  shell: "echo {{ postgres_data_dir }}"
+  register: fq_postgres_data_dir
+
+- name: Register temporary docker container
+  set_fact:
+    container_command: "docker run --rm -v '{{ fq_postgres_data_dir.stdout }}:/var/lib/postgresql' centos:8 bash -c "
+
+- name: Check for existing Postgres data (run from inside the container for access to file)
+  shell:
+    cmd: |
+      {{ container_command }} "[[ -f /var/lib/postgresql/10/data/PG_VERSION ]] && echo 'exists'"
+  register: pg_version_file
+  ignore_errors: true
+
+- name: Record Postgres version
+  shell: |
+    {{ container_command }} "cat /var/lib/postgresql/10/data/PG_VERSION"
+  register: old_pg_version
+  when: pg_version_file is defined and pg_version_file.stdout == 'exists'
+
+- name: Determine whether to upgrade postgres
+  set_fact:
+    upgrade_postgres: "{{ old_pg_version.stdout == '10' }}"
+  when: old_pg_version.changed
+
+- name: Set up new postgres paths pre-upgrade
+  shell: |
+    {{ container_command }} "mkdir -p /var/lib/postgresql/12/data/"
+  when: upgrade_postgres | bool
+
+- name: Stop AWX before upgrading postgres
+  docker_compose:
+    project_src: "{{ docker_compose_dir }}"
+    stopped: true
+  when: upgrade_postgres | bool
+
+- name: Upgrade Postgres
+  shell: |
+    docker run --rm \
+      -v {{ postgres_data_dir }}/10/data:/var/lib/postgresql/10/data \
+      -v {{ postgres_data_dir }}/12/data:/var/lib/postgresql/12/data \
+      -e PGUSER={{ pg_username }} -e POSTGRES_INITDB_ARGS="-U {{ pg_username }}" \
+      tianon/postgres-upgrade:10-to-12 --username={{ pg_username }}
+  when: upgrade_postgres | bool
+
+- name: Copy old pg_hba.conf
+  shell: |
+    {{ container_command }} "cp /var/lib/postgresql/10/data/pg_hba.conf /var/lib/postgresql/12/data/pg_hba.conf"
+  when: upgrade_postgres | bool
+
+- name: Remove old data directory
+  shell: |
+    {{ container_command }} "rm -rf /var/lib/postgresql/10/data"
+  when:
+    - upgrade_postgres | bool
+    - compose_start_containers|bool

examples/awx17/roles/local_docker/templates/credentials.py.j2

@@ -0,0 +1,13 @@
+DATABASES = {
+    'default': {
+        'ATOMIC_REQUESTS': True,
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': "{{ pg_database }}",
+        'USER': "{{ pg_username }}",
+        'PASSWORD': "{{ pg_password }}",
+        'HOST': "{{ pg_hostname | default('postgres') }}",
+        'PORT': "{{ pg_port }}",
+    }
+}
+
+BROADCAST_WEBSOCKET_SECRET = "{{ broadcast_websocket_secret | b64encode }}"

examples/awx17/roles/local_docker/templates/docker-compose.yml.j2

@@ -0,0 +1,208 @@
+#jinja2: lstrip_blocks: True
+version: '2'
+services:
+
+  web:
+    image: {{ awx_docker_actual_image }}
+    container_name: awx_web
+    depends_on:
+      - redis
+      {% if pg_hostname is not defined %}
+      - postgres
+      {% endif %}
+    {% if (host_port is defined) or (host_port_ssl is defined) %}
+    ports:
+      {% if (host_port_ssl is defined) and (ssl_certificate is defined) %}
+      - "{{ host_port_ssl }}:8053"
+      {% endif %}
+      {% if host_port is defined %}
+      - "{{ host_port }}:8052"
+      {% endif %}
+    {% endif %}
+    hostname: {{ awx_web_hostname }}
+    user: root
+    restart: unless-stopped
+    {% if (awx_web_container_labels is defined) and (',' in awx_web_container_labels) %}
+    {% set awx_web_container_labels_list = awx_web_container_labels.split(',') %}
+    labels:
+      {% for awx_web_container_label in awx_web_container_labels_list %}
+      - {{ awx_web_container_label }}
+      {% endfor %}
+    {% elif awx_web_container_labels is defined %}
+    labels:
+      - {{ awx_web_container_labels }}
+    {% endif %}
+    volumes:
+      - supervisor-socket:/var/run/supervisor
+      - rsyslog-socket:/var/run/awx-rsyslog/
+      - rsyslog-config:/var/lib/awx/rsyslog/
+      - "{{ docker_compose_dir }}/SECRET_KEY:/etc/tower/SECRET_KEY"
+      - "{{ docker_compose_dir }}/environment.sh:/etc/tower/conf.d/environment.sh"
+      - "{{ docker_compose_dir }}/credentials.py:/etc/tower/conf.d/credentials.py"
+      - "{{ docker_compose_dir }}/nginx.conf:/etc/nginx/nginx.conf:ro"
+      - "{{ docker_compose_dir }}/redis_socket:/var/run/redis/:rw"
+    {% if project_data_dir is defined %}
+      - "{{ project_data_dir +':/var/lib/awx/projects:rw' }}"
+    {% endif %}
+    {% if custom_venv_dir is defined %}
+      - "{{ custom_venv_dir +':'+ custom_venv_dir +':rw' }}"
+    {% endif %}
+    {% if ca_trust_dir is defined %}
+      - "{{ ca_trust_dir +':/etc/pki/ca-trust/source/anchors:ro' }}"
+    {% endif %}
+    {% if (ssl_certificate is defined) and (ssl_certificate_key is defined) %}
+      - "{{ ssl_certificate +':/etc/nginx/awxweb.pem:ro' }}"
+      - "{{ ssl_certificate_key +':/etc/nginx/awxweb_key.pem:ro' }}"
+    {% elif (ssl_certificate is defined) and (ssl_certificate_key is not defined) %}
+      - "{{ ssl_certificate +':/etc/nginx/awxweb.pem:ro' }}"
+    {% endif %}
+    {% if (awx_container_search_domains is defined) and (',' in awx_container_search_domains) %}
+    {% set awx_container_search_domains_list = awx_container_search_domains.split(',') %}
+    dns_search:
+    {% for awx_container_search_domain in awx_container_search_domains_list %}
+      - {{ awx_container_search_domain }}
+    {% endfor %}
+    {% elif awx_container_search_domains is defined %}
+    dns_search: "{{ awx_container_search_domains }}"
+    {% endif %}
+    {% if (awx_alternate_dns_servers is defined) and (',' in awx_alternate_dns_servers) %}
+    {% set awx_alternate_dns_servers_list = awx_alternate_dns_servers.split(',') %}
+    dns:
+    {% for awx_alternate_dns_server in awx_alternate_dns_servers_list %}
+      - {{ awx_alternate_dns_server }}
+    {% endfor %}
+    {% elif awx_alternate_dns_servers is defined %}
+    dns: "{{ awx_alternate_dns_servers }}"
+    {% endif %}
+    {% if (docker_compose_extra_hosts is defined) and (':' in docker_compose_extra_hosts) %}
+    {% set docker_compose_extra_hosts_list = docker_compose_extra_hosts.split(',') %}
+    extra_hosts:
+    {% for docker_compose_extra_host in docker_compose_extra_hosts_list %}
+      - "{{ docker_compose_extra_host }}"
+    {% endfor %}
+    {% endif %}
+    environment:
+      http_proxy: {{ http_proxy | default('') }}
+      https_proxy: {{ https_proxy | default('') }}
+      no_proxy: {{ no_proxy | default('') }}
+    {% if docker_logger is defined %}
+    logging:
+      driver: {{ docker_logger }}
+    {% endif %}
+
+  task:
+    image: {{ awx_docker_actual_image }}
+    container_name: awx_task
+    depends_on:
+      - redis
+      - web
+      {% if pg_hostname is not defined %}
+      - postgres
+      {% endif %}
+    command: /usr/bin/launch_awx_task.sh
+    hostname: {{ awx_task_hostname }}
+    user: root
+    restart: unless-stopped
+    volumes:
+      - supervisor-socket:/var/run/supervisor
+      - rsyslog-socket:/var/run/awx-rsyslog/
+      - rsyslog-config:/var/lib/awx/rsyslog/
+      - "{{ docker_compose_dir }}/SECRET_KEY:/etc/tower/SECRET_KEY"
+      - "{{ docker_compose_dir }}/environment.sh:/etc/tower/conf.d/environment.sh"
+      - "{{ docker_compose_dir }}/credentials.py:/etc/tower/conf.d/credentials.py"
+      - "{{ docker_compose_dir }}/redis_socket:/var/run/redis/:rw"
+    {% if project_data_dir is defined %}
+      - "{{ project_data_dir +':/var/lib/awx/projects:rw' }}"
+    {% endif %}
+    {% if custom_venv_dir is defined %}
+      - "{{ custom_venv_dir +':'+ custom_venv_dir +':rw' }}"
+    {% endif %}
+    {% if ca_trust_dir is defined %}
+      - "{{ ca_trust_dir +':/etc/pki/ca-trust/source/anchors:ro' }}"
+    {% endif %}
+    {% if ssl_certificate is defined %}
+      - "{{ ssl_certificate +':/etc/nginx/awxweb.pem:ro' }}"
+    {% endif %}
+    {% if (awx_container_search_domains is defined) and (',' in awx_container_search_domains) %}
+    {% set awx_container_search_domains_list = awx_container_search_domains.split(',') %}
+    dns_search:
+    {% for awx_container_search_domain in awx_container_search_domains_list %}
+      - {{ awx_container_search_domain }}
+    {% endfor %}
+    {% elif awx_container_search_domains is defined %}
+    dns_search: "{{ awx_container_search_domains }}"
+    {% endif %}
+    {% if (awx_alternate_dns_servers is defined) and (',' in awx_alternate_dns_servers) %}
+    {% set awx_alternate_dns_servers_list = awx_alternate_dns_servers.split(',') %}
+    dns:
+    {% for awx_alternate_dns_server in awx_alternate_dns_servers_list %}
+      - {{ awx_alternate_dns_server }}
+    {% endfor %}
+    {% elif awx_alternate_dns_servers is defined %}
+    dns: "{{ awx_alternate_dns_servers }}"
+    {% endif %}
+    {% if (docker_compose_extra_hosts is defined) and (':' in docker_compose_extra_hosts) %}
+    {% set docker_compose_extra_hosts_list = docker_compose_extra_hosts.split(',') %}
+    extra_hosts:
+    {% for docker_compose_extra_host in docker_compose_extra_hosts_list %}
+      - "{{ docker_compose_extra_host }}"
+    {% endfor %}
+    {% endif %}
+    environment:
+      AWX_SKIP_MIGRATIONS: "1"
+      http_proxy: {{ http_proxy | default('') }}
+      https_proxy: {{ https_proxy | default('') }}
+      no_proxy: {{ no_proxy | default('') }}
+      SUPERVISOR_WEB_CONFIG_PATH: '/etc/supervisord.conf'
+
+  redis:
+    image: {{ redis_image }}
+    container_name: awx_redis
+    restart: unless-stopped
+    environment:
+      http_proxy: {{ http_proxy | default('') }}
+      https_proxy: {{ https_proxy | default('') }}
+      no_proxy: {{ no_proxy | default('') }}
+    command: ["/usr/local/etc/redis/redis.conf"]
+    volumes:
+      - "{{ docker_compose_dir }}/redis.conf:/usr/local/etc/redis/redis.conf:ro"
+      - "{{ docker_compose_dir }}/redis_socket:/var/run/redis/:rw"
+    {% if docker_logger is defined %}
+    logging:
+      driver: {{ docker_logger }}
+    {% endif %}
+
+  {% if pg_hostname is not defined %}
+  postgres:
+    image: {{ postgresql_image }}
+    container_name: awx_postgres
+    restart: unless-stopped
+    volumes:
+      - "{{ postgres_data_dir }}/12/data/:/var/lib/postgresql/data:Z"
+    environment:
+      POSTGRES_USER: {{ pg_username }}
+      POSTGRES_PASSWORD: {{ pg_password }}
+      POSTGRES_DB: {{ pg_database }}
+      http_proxy: {{ http_proxy | default('') }}
+      https_proxy: {{ https_proxy | default('') }}
+      no_proxy: {{ no_proxy | default('') }}
+    {% if docker_logger is defined %}
+    logging:
+      driver: {{ docker_logger }}
+    {% endif %}
+  {% endif %}
+
+{% if docker_compose_subnet is defined %}
+networks:
+  default:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+      - subnet:  {{ docker_compose_subnet }}
+{% endif %}
+
+volumes:
+  supervisor-socket:
+  rsyslog-socket:
+  rsyslog-config:

examples/awx17/roles/local_docker/templates/environment.sh.j2

@@ -0,0 +1,10 @@
+DATABASE_USER={{ pg_username|quote }}
+DATABASE_NAME={{ pg_database|quote }}
+DATABASE_HOST={{ pg_hostname|default('postgres')|quote }}
+DATABASE_PORT={{ pg_port|default('5432')|quote }}
+DATABASE_PASSWORD={{ pg_password|default('awxpass')|quote }}
+{% if pg_admin_password is defined %}
+DATABASE_ADMIN_PASSWORD={{ pg_admin_password|quote }}
+{% endif %}
+AWX_ADMIN_USER={{ admin_user|quote }}
+AWX_ADMIN_PASSWORD={{ admin_password|quote }}

examples/awx17/roles/local_docker/templates/nginx.conf.j2

@@ -0,0 +1,122 @@
+#user awx;
+
+worker_processes  1;
+
+pid        /tmp/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    server_tokens off;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /dev/stdout main;
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+
+    sendfile        on;
+    #tcp_nopush     on;
+    #gzip  on;
+
+    upstream uwsgi {
+        server 127.0.0.1:8050;
+        }
+
+    upstream daphne {
+        server 127.0.0.1:8051;
+    }
+
+    {% if ssl_certificate is defined %}
+    server {
+        listen 8052 default_server;
+        server_name _;
+
+        # Redirect all HTTP links to the matching HTTPS page
+        return 301 https://$host$request_uri;
+    }
+    {%endif %}
+
+    server {
+        {% if (ssl_certificate is defined) and (ssl_certificate_key is defined) %}
+        listen 8053 ssl;
+
+        ssl_certificate /etc/nginx/awxweb.pem;
+        ssl_certificate_key /etc/nginx/awxweb_key.pem;
+        {% elif (ssl_certificate is defined) and (ssl_certificate_key is not defined) %}
+        listen 8053 ssl;
+
+        ssl_certificate /etc/nginx/awxweb.pem;
+        ssl_certificate_key /etc/nginx/awxweb.pem;
+        {% else %}
+        listen 8052 default_server;
+        {% endif %}
+
+        # If you have a domain name, this is where to add it
+        server_name _;
+        keepalive_timeout 65;
+
+        # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
+        add_header Strict-Transport-Security max-age=15768000;
+
+        # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
+        add_header X-Frame-Options "DENY";
+
+        location /nginx_status {
+          stub_status on;
+          access_log off;
+          allow 127.0.0.1;
+          deny all;
+        }
+
+        location /static/ {
+            alias /var/lib/awx/public/static/;
+        }
+
+        location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
+
+        location /websocket {
+            # Pass request to the upstream alias
+            proxy_pass http://daphne;
+            # Require http version 1.1 to allow for upgrade requests
+            proxy_http_version 1.1;
+            # We want proxy_buffering off for proxying to websockets.
+            proxy_buffering off;
+            # http://en.wikipedia.org/wiki/X-Forwarded-For
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            # enable this if you use HTTPS:
+            proxy_set_header X-Forwarded-Proto https;
+            # pass the Host: header from the client for the sake of redirects
+            proxy_set_header Host $http_host;
+            # We've set the Host header, so we don't need Nginx to muddle
+            # about with redirects
+            proxy_redirect off;
+            # Depending on the request value, set the Upgrade and
+            # connection headers
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+        }
+
+        location / {
+            # Add trailing / if missing
+            rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
+            uwsgi_read_timeout 120s;
+            uwsgi_pass uwsgi;
+            include /etc/nginx/uwsgi_params;
+            {%- if extra_nginx_include is defined %}
+            include {{ extra_nginx_include }};
+            {%- endif %}
+            proxy_set_header X-Forwarded-Port 443;
+            uwsgi_param HTTP_X_FORWARDED_PORT 443;
+        }
+    }
+}

examples/awx17/roles/local_docker/templates/redis.conf.j2

@@ -0,0 +1,4 @@
+unixsocket /var/run/redis/redis.sock
+unixsocketperm 660
+port 0
+bind 127.0.0.1

requirements.txt

@@ -0,0 +1,7 @@
+# The order of packages is significant, because pip processes them in the order
+# of appearance. Changing the order has an impact on the overall integration
+# process, which may cause wedges in the gate later.
+
+pyyaml
+python-dotenv
+

setup.cfg

@@ -1,2 +1,5 @@
 [bdist_wheel]
 universal = 1
+
+[metadata]
+version = attr: podman_compose.__version__

setup.py

@@ -1,23 +1,18 @@
 import os
-from setuptools import setup, find_packages
+from setuptools import setup
 
 try:
     readme = open(os.path.join(os.path.dirname(__file__), 'README.md')).read()
 except:
     readme = ''
 
-from podman_compose import __version__ as podman_compose_version
-
 setup(
     name='podman-compose',
-    version=podman_compose_version,
     description="A script to run docker-compose.yml using podman",
     long_description=readme,
     long_description_content_type='text/markdown',
     classifiers=[
         "Programming Language :: Python",
-        "Programming Language :: Python :: 2",
-        "Programming Language :: Python :: 2.7",
         "Programming Language :: Python :: 3",
         "Programming Language :: Python :: 3.5",
         "Programming Language :: Python :: 3.6",
@@ -41,7 +36,8 @@ setup(
     include_package_data=True,
     license='GPL-2.0-only',
     install_requires=[
-        'pyyaml'
+        'pyyaml',
+        'python-dotenv',
     ],
     # test_suite='tests',
     # tests_require=[

test-requirements.txt

@@ -0,0 +1,8 @@
+# The order of packages is significant, because pip processes them in the order
+# of appearance. Changing the order has an impact on the overall integration
+# process, which may cause wedges in the gate later.
+
+coverage
+pytest-cov
+pytest
+tox

tests/build/context/Dockerfile-alt

@@ -1,7 +1,9 @@
 FROM busybox
 ARG buildno=1
 ARG httpd_port=80
+ARG other_variable=not_set
 ENV httpd_port ${httpd_port}
+ENV other_variable ${other_variable}
 RUN mkdir -p /var/www/html/ && \
     echo "ALT buildno=$buildno port=$httpd_port `date -Iseconds`" > /var/www/html/index.txt
 CMD httpd -f -p "$httpd_port" -h /var/www/html

tests/build/docker-compose.yml

@@ -17,3 +17,9 @@ services:
       image: my-busybox-httpd2
       ports:
       - 8000:8000
+    test_build_arg_argument:
+      build:
+        context: ./context
+        dockerfile: Dockerfile-alt
+      image: my-busybox-httpd2
+      command: env

tests/deps/README.md

@@ -0,0 +1,4 @@
+
+```
+podman-compose run --rm sleep /bin/sh -c 'wget -O - http://localhost:8000/hosts'
+```

tests/deps/docker-compose.yaml

@@ -0,0 +1,24 @@
+version: "3.7"
+services:
+    web:
+      image: busybox
+      command: ["/bin/busybox", "httpd", "-f", "-h", "/etc/", "-p", "8000"]
+      tmpfs:
+        - /run
+        - /tmp
+    sleep:
+      image: busybox
+      command: ["/bin/busybox", "sh", "-c", "sleep 3600"]
+      depends_on: "web"
+      tmpfs:
+        - /run
+        - /tmp
+    sleep2:
+      image: busybox
+      command: ["/bin/busybox", "sh", "-c", "sleep 3600"]
+      depends_on:
+      - sleep
+      tmpfs:
+        - /run
+        - /tmp
+

tests/env-tests/README.md

@@ -0,0 +1,5 @@
+running the following command should give myval2
+
+```
+podman_compose run -l monkey -e ZZVAR1=myval2 env-test
+```

tests/env-tests/container-compose.yml

@@ -0,0 +1,9 @@
+version: '3'
+
+services:
+  env-test:
+    image: busybox
+    command: sh -c "export | grep ZZ"
+    environment:
+    - ZZVAR1=myval1
+

tests/exit-from/README.md

@@ -0,0 +1,15 @@
+We have service named sh1 that exits with code 1 and sh2 that exists with code 2
+
+```
+podman-compose up --exit-code-from=sh1
+echo $?
+```
+
+the above should give 1.
+
+```
+podman-compose up --exit-code-from=sh2
+echo $?
+```
+
+the above should give 2.

tests/exit-from/docker-compose.yaml

@@ -0,0 +1,21 @@
+version: "3"
+services:
+    too_long:
+      image: busybox
+      command: ["/bin/busybox", "sh", "-c", "sleep 3600; exit 0"]
+      tmpfs:
+        - /run
+        - /tmp
+    sh1:
+      image: busybox
+      command: ["/bin/busybox", "sh", "-c", "sleep 5; exit 1"]
+      tmpfs:
+        - /run
+        - /tmp
+    sh2:
+      image: busybox
+      command: ["/bin/busybox", "sh", "-c", "sleep 5; exit 2"]
+      tmpfs:
+        - /run
+        - /tmp
+

tests/extends/docker-compose.yaml

@@ -0,0 +1,29 @@
+version: "3"
+services:
+    echo:
+      image: busybox
+      command: ["/bin/busybox", "echo", "Zero"]
+      ports:
+        - '1234:1234'
+      environment:
+          - FOO=original
+          - BAR=original
+#      volumes:
+#        - ./original:/foo
+#        - ./original:/bar
+    echo1:
+      extends:
+        service: echo
+      command: ["/bin/busybox", "echo", "One"]
+      ports:
+        - '12345:12345'
+#      volumes:
+#        - ./local:/bar
+#        - ./local:/baz
+    env1:
+      extends:
+        service: echo
+      command: ["/bin/busybox", "env"]
+      environment:
+        - BAR=local
+        - BAZ=local

tests/extends_w_file/common-services.yml

@@ -0,0 +1,7 @@
+webapp:
+  build: .
+  ports:
+    - "8000:8000"
+  volumes:
+    - "/data"
+

tests/extends_w_file/docker-compose.yml

@@ -0,0 +1,14 @@
+version: "3"
+services:
+  web:
+    extends:
+      file: common-services.yml
+      service: webapp
+    environment:
+      - DEBUG=1
+    cpu_shares: 5
+
+  important_web:
+    extends: web
+    cpu_shares: 10
+

tests/interpolation/.env

@@ -0,0 +1 @@
+DOT_ENV_VARIABLE=This value is from the .env file

tests/interpolation/docker-compose-colon-question-error.yml

@@ -0,0 +1,8 @@
+version: "3.7"
+services:
+    variables:
+        image: busybox
+        command: ["/bin/busybox", "sh", "-c", "export | grep EXAMPLE"]
+        environment:
+            EXAMPLE_COLON_QUESTION_ERROR: ${NOT_A_VARIABLE:?Missing variable}
+

tests/interpolation/docker-compose-question-error.yml

@@ -0,0 +1,8 @@
+version: "3.7"
+services:
+    variables:
+        image: busybox
+        command: ["/bin/busybox", "sh", "-c", "export | grep EXAMPLE"]
+        environment:
+            EXAMPLE_QUESTION_ERROR: ${NOT_A_VARIABLE?Missing variable}
+

tests/interpolation/docker-compose.yml

@@ -0,0 +1,14 @@
+version: "3.7"
+services:
+    variables:
+        image: busybox
+        command: ["/bin/busybox", "sh", "-c", "export | grep EXAMPLE"]
+        environment:
+            EXAMPLE_VARIABLE: "Host user: $USER"
+            EXAMPLE_BRACES: "Host user: ${USER}"
+            EXAMPLE_COLON_DASH_DEFAULT: ${NOT_A_VARIABLE:-My default}
+            EXAMPLE_DASH_DEFAULT: ${NOT_A_VARIABLE-My other default}
+            EXAMPLE_DOT_ENV: $DOT_ENV_VARIABLE
+            EXAMPLE_LITERAL: This is a $$literal
+            EXAMPLE_EMPTY: $NOT_A_VARIABLE
+

tests/multicompose/README.md

@@ -0,0 +1,19 @@
+# Multiple compose files
+
+to make sure we get results similar to
+
+```
+docker-compose -f d1/docker-compose.yml -f d2/docker-compose.yml up -d
+docker exec -ti d1_web1_1 sh -c 'set'
+docker exec -ti d1_web2_1 sh -c 'set'
+curl http://${d1_web1_1}:8001/index.txt
+curl http://${d1_web1_1}:8002/index.txt
+```
+
+we need to verify
+
+- project base directory and project name is `d1`
+- `var12='d1/12.env'` which means `enf_file` was appended not replaced (which means that we normalize to array before merge)
+- `var2='d1/2.env'` which means that paths inside `d2/docker-compose.yml` directory are relative to `d1`
+
+

tests/multicompose/d1/1.env

@@ -0,0 +1 @@
+var1=d1/1.env

tests/multicompose/d1/12.env

@@ -0,0 +1 @@
+var12=d1/12.env

tests/multicompose/d1/2.env

@@ -0,0 +1 @@
+var2=d1/2.env

tests/multicompose/d1/docker-compose.yml

@@ -0,0 +1,13 @@
+version: '3'
+services:
+  web1:
+    image: busybox
+    command: busybox httpd -h /var/www/html/ -f -p 8001
+    volumes:
+      - ./1.env:/var/www/html/index.txt:z
+    env_file: ./1.env
+    labels:
+      l1: v1
+    environment:
+    - mykey1=myval1
+

tests/multicompose/d2/12.env

@@ -0,0 +1 @@
+var12=d2/12.env

tests/multicompose/d2/2.env

@@ -0,0 +1 @@
+var2=d2/2.env

tests/multicompose/d2/docker-compose.yml

@@ -0,0 +1,19 @@
+version: '3'
+services:
+  web1:
+    image: busybox
+    env_file: ./12.env
+    labels:
+      - l1=v2
+      - l2=v2
+    environment:
+        mykey1: myval2
+        mykey2: myval2
+
+  web2:
+    image: busybox
+    command: busybox httpd -h /var/www/html/ -f -p 8002
+    volumes:
+      - ./2.env:/var/www/html/index.txt:z
+    env_file: ./2.env
+

tests/nets_test1/docker-compose.yml

@@ -0,0 +1,21 @@
+version: "3"
+services:
+    web1:
+      image: busybox
+      hostname: web1
+      command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8001"]
+      working_dir: /var/www/html
+      ports:
+        - 8001:8001
+      volumes:
+        - ./test1.txt:/var/www/html/index.txt:ro,z
+    web2:
+      image: busybox
+      hostname: web1
+      command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8001"]
+      working_dir: /var/www/html
+      ports:
+        - 8002:8001
+      volumes:
+        - ./test2.txt:/var/www/html/index.txt:ro,z
+

tests/nets_test1/test1.txt

@@ -0,0 +1 @@
+test1

tests/nets_test1/test2.txt

@@ -0,0 +1 @@
+test2

tests/nets_test2/docker-compose.yml

@@ -0,0 +1,23 @@
+version: "3"
+networks:
+    mystack:
+services:
+    web1:
+      image: busybox
+      hostname: web1
+      command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8001"]
+      working_dir: /var/www/html
+      ports:
+        - 8001:8001
+      volumes:
+        - ./test1.txt:/var/www/html/index.txt:ro,z
+    web2:
+      image: busybox
+      hostname: web2
+      command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8001"]
+      working_dir: /var/www/html
+      ports:
+        - 8002:8001
+      volumes:
+        - ./test2.txt:/var/www/html/index.txt:ro,z
+

tests/nets_test2/test1.txt

@@ -0,0 +1 @@
+test1

tests/nets_test2/test2.txt

@@ -0,0 +1 @@
+test2

tests/nets_test3/docker-compose.yml

@@ -0,0 +1,31 @@
+version: "3"
+networks:
+    net1:
+    net2:
+services:
+    web1:
+      image: busybox
+      #container_name: web1
+      hostname: web1
+      command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8001"]
+      working_dir: /var/www/html
+      networks:
+      - net1
+      ports:
+        - 8001:8001
+      volumes:
+        - ./test1.txt:/var/www/html/index.txt:ro,z
+    web2:
+      image: busybox
+      #container_name: web2
+      hostname: web2
+      command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8001"]
+      working_dir: /var/www/html
+      networks:
+      - net1
+      - net2
+      ports:
+        - 8002:8001
+      volumes:
+        - ./test2.txt:/var/www/html/index.txt:ro,z
+

tests/nets_test3/test1.txt

@@ -0,0 +1 @@
+test1

tests/nets_test3/test2.txt

@@ -0,0 +1 @@
+test2

tests/no_services/docker-compose.yaml

@@ -0,0 +1,7 @@
+version: '3'
+networks:
+  shared-network:
+    driver: bridge
+    ipam:
+      config:
+          - subnet: 172.19.0.0/24

tests/ports/docker-compose.yml

@@ -0,0 +1,35 @@
+version: "3"
+services:
+    web1:
+      image: busybox
+      hostname: web1
+      command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8001"]
+      working_dir: /var/www/html
+      ports:
+        - 8001:8001
+      volumes:
+        - ./test1.txt:/var/www/html/index.txt:ro,z
+    web2:
+      image: busybox
+      hostname: web2
+      command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8002"]
+      working_dir: /var/www/html
+      ports:
+        - 8002:8002
+        - target: 8003
+          host_ip: 127.0.0.1
+          published: 8003
+          protocol: udp
+        - target: 8004
+          host_ip: 127.0.0.1
+          published: 8004
+          protocol: tcp
+        - target: 8005
+          published: 8005
+        - target: 8006
+          protocol: udp
+        - target: 8007
+          host_ip: 127.0.0.1
+      volumes:
+        - ./test2.txt:/var/www/html/index.txt:ro,z
+

tests/ports/test1.txt

@@ -0,0 +1 @@
+test1

tests/ports/test2.txt

@@ -0,0 +1 @@
+test2

tests/seccomp/docker-compose.yml

@@ -0,0 +1,12 @@
+version: "3"
+services:
+  web1:
+    image: busybox
+    command: httpd -f -p 80 -h /var/www/html
+    volumes:
+    - ./docker-compose.yml:/var/www/html/index.html
+    ports:
+      - "8080:80"
+    security_opt:
+      - seccomp:unconfined
+

tests/secrets/bad_external_name/docker-compose.yaml

@@ -0,0 +1,18 @@
+version: "3.8"
+services:
+    test:
+      image: busybox
+      command:
+        - cat
+        - /run/secrets/new_secret
+      tmpfs:
+        - /run
+        - /tmp
+      secrets:
+        - new_secret
+
+secrets:
+  new_secret:
+    external: true
+    name: my_secret
+

tests/secrets/bad_external_target/docker-compose.yaml

@@ -0,0 +1,18 @@
+version: "3.8"
+services:
+    test:
+      image: busybox
+      command:
+        - cat
+        - /run/secrets/my_secret_2
+      tmpfs:
+        - /run
+        - /tmp
+      secrets:
+        - source: my_secret
+          target: new_secret
+
+secrets:
+  my_secret:
+    external: true
+

tests/secrets/docker-compose.yaml

@@ -0,0 +1,42 @@
+version: "3.8"
+services:
+    test:
+      image: busybox
+      command:
+        - /tmp/print_secrets.sh
+      tmpfs:
+        - /run
+        - /tmp
+      volumes:
+        - ./print_secrets.sh:/tmp/print_secrets.sh:z
+      secrets:
+        - my_secret
+        - my_secret_2
+        - source: my_secret_3
+          target: my_secret_3
+          uid: '103'
+          gid: '103'
+          mode: 400
+        - file_secret
+        - source: file_secret
+          target: custom_name
+        - source: file_secret
+          target: /etc/custom_location
+        - source: file_secret
+          target: unused_params_warning
+          uid: '103'
+          gid: '103'
+          mode: 400
+
+secrets:
+  my_secret:
+    external: true
+  my_secret_2:
+    external: true
+    name: my_secret_2
+  my_secret_3:
+    external: true
+    name: my_secret_3
+  file_secret:
+    file: ./my_secret
+

tests/secrets/my_secret

@@ -0,0 +1 @@
+important-secret-is-important

tests/secrets/print_secrets.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+ls -la /run/secrets/*
+ls -la /etc/custom_location
+cat /run/secrets/*
+cat /etc/custom_location

tests/short/docker-compose.yaml

@@ -4,7 +4,7 @@ services:
       image: redis:alpine
       command: ["redis-server", "--appendonly yes", "--notify-keyspace-events", "Ex"]
       volumes:
-        - ./data/redis:/data
+        - ./data/redis:/data:z
       tmpfs: /run1
       ports:
         - "6379"
@@ -25,16 +25,16 @@ services:
       command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8001"]
       working_dir: /var/www/html
       volumes:
-        - ./data/web:/var/www/html:ro
+        - ./data/web:/var/www/html:ro,z
     web2:
       image: busybox
       command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8002"]
       working_dir: /var/www/html
       volumes:
-        - ~/Downloads/www:/var/www/html:ro
+        - ~/Downloads/www:/var/www/html:ro,z
     web3:
       image: busybox
       command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8003"]
       working_dir: /var/www/html
       volumes:
-        - /var/www/html:/var/www/html:ro
+        - /var/www/html:/var/www/html:ro,z

tests/ulimit/Dockerfile

@@ -0,0 +1,3 @@
+FROM busybox
+
+COPY ./ulimit.sh /bin/ulimit.sh

tests/ulimit/docker-compose.yaml

@@ -0,0 +1,30 @@
+version: "3"
+services:
+    ulimit1:
+      image: ulimit_test
+      command: ["ulimit.sh" ]
+      ulimits: nofile=1001
+      build: 
+        context: ./
+        dockerfile: Dockerfile
+    ulimit2:
+      image: ulimit_test
+      command: ["ulimit.sh" ]
+      ulimits:
+      - nproc=1002:2002
+      - nofile=1002
+      build:
+        context: ./
+        dockerfile: Dockerfile
+    ulimit3:
+      image: ulimit_test
+      command: [ "ulimit.sh" ]
+      ulimits:
+        nofile: 1003
+        nproc:
+          soft: 1003
+          hard: 2003
+      build:
+        context: ./
+        dockerfile: Dockerfile
+

tests/ulimit/ulimit.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+echo "soft process limit"
+ulimit -S -u
+echo "hard process limit"
+ulimit -H -u
+echo "soft nofile limit"
+ulimit -S -n
+echo "hard nofile limit"
+ulimit -H -n

tests/vol/README.md

@@ -0,0 +1,8 @@
+# to test create the two external volumes
+
+```
+podman volume create my-app-data
+podman volume create actual-name-of-volume
+podman-compose up 
+```
+

tests/vol/docker-compose.yaml

@@ -14,7 +14,7 @@ services:
       command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8001"]
       working_dir: /var/www/html
       volumes:
-        - myvol1:/var/www/html:ro
+        - myvol1:/var/www/html:ro,z
     web2:
       image: busybox
       command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8002"]
@@ -27,6 +27,9 @@ services:
       working_dir: /var/www/html
       volumes:
         - myvol2:/var/www/html
+        - data:/var/www/html_data
+        - data2:/var/www/html_data2
+        - data3:/var/www/html_data3
 
 volumes:
   myvol2:
@@ -38,3 +41,6 @@ volumes:
   data2:
     external:
       name: actual-name-of-volume
+  data3:
+    name: my-app-data3
+

tests/yamlmagic/docker-compose.yml

@@ -0,0 +1,34 @@
+version: '3.6'
+
+x-deploy-base: &deploy-base
+  restart_policy:
+    delay: 2s
+
+x-common: &common
+  network: host
+  deploy:
+    <<: *deploy-base
+  networks:
+    hostnet: {}
+
+networks:
+  hostnet:
+    external: true
+    name: host
+
+volumes:
+  node-red_data:
+
+services:
+  node-red:
+    <<: *common
+    image: busybox
+    command: busybox httpd -h /data -f -p 8080
+    deploy:
+      <<: *deploy-base
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 32M
+    volumes:
+      - node-red_data:/data