Podman compose file works on Rocky 9 but not Rocky 8

Support
#1

Problem:
pulp-web container does not start properly under Rocky 8

git clone https://github.com/pulp/pulp-oci-images.git
cd images/compose
podman-compose up -d

Expected outcome:

All pods should start without errors

Pulpcore version:

Pulp plugins installed and their versions:

Operating system - distribution and version:

[root@gsil-pulp compose]# podman-compose --version
podman-compose version: 1.0.6
[‘podman’, ‘–version’, ‘’]
using podman version: 4.9.4-rhel
podman-compose version 1.0.6
podman --version
podman version 4.9.4-rhel
exit code: 0
[root@gsil-pulp compose]# cat /etc/redhat-release
Rocky Linux release 8.10 (Green Obsidian)

[user@rocky9-lt compose]$ podman-compose --version
podman-compose version: 1.0.6
[‘podman’, ‘–version’, ‘’]
using podman version: 5.2.2
podman-compose version 1.0.6
podman --version
podman version 5.2.2
exit code: 0
[user@rocky9-lt compose]$ cat /etc/redhat-release
Rocky Linux release 9.5 (Blue Onyx)

Other relevant data:
podman logs compose_pulp_web_1
/docker-entrypoint.sh: 47: exec: /usr/bin/nginx.sh: Permission denied

A section of the compose.yml is modified to try and troubleshoot.
#1
#command: [’/usr/bin/nginx.sh’]
When doing this the pod stays up with no error but I can’t reach the api. I can exec into the pod. If I try to manually run the nginx.sh the error does say permission denied. I can copy nginx.sh to /root within the pod and that will allow the script to run if I do that manually.
OK, let’s try this:
#2
command: [’/root/nginx.sh’]
volumes:
- “./assets/bin/nginx.sh:/root/nginx.sh:Z”

podman exec -it compose_pulp_web_1 /bin/bash
root@pulp:/usr/bin# ./nginx.sh
bash: ./nginx.sh: Permission denied
root@pulp:/usr/bin# cp nginx.sh /root
root@pulp:/usr/bin# cd /root
root@pulp:~# ls
nginx.sh
root@pulp:~# ./nginx.sh
./nginx.sh: 9: [: podman: unexpected operator
Nameserver is: 10.89.0.1 172.30.50.1
Generating nginx config
Modifying /etc/nginx/pulp/pulp_ansible.conf
Modifying /etc/nginx/pulp/pulp_container.conf
Modifying /etc/nginx/pulp/pulp_python.conf
Starting nginx
2025/01/18 19:31:35 [notice] 22#22: using the “epoll” event method
2025/01/18 19:31:35 [notice] 22#22: nginx/1.27.3
2025/01/18 19:31:35 [notice] 22#22: built by gcc 12.2.0 (Debian 12.2.0-14)
2025/01/18 19:31:35 [notice] 22#22: OS: Linux 4.18.0-553.34.1.el8_10.x86_64
2025/01/18 19:31:35 [notice] 22#22: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2025/01/18 19:31:35 [notice] 22#22: start worker processes
2025/01/18 19:31:35 [notice] 22#22: start worker process 35

So it runs but I still get a 502 bad gateway from my browser when browsing to my_ip:8080/pulp/api/v3
Also, podman ps -a shows
5e053cc50ed2 docker.io/pulp/pulp-web:latest /bin/sh -c nginx … 8 minutes ago Up 8 minutes 0.0.0.0:8080->8080/tcp compose_pulp_web_1

I’m not sure what else to try. Any suggestions?

#2

OK, I did some further testing. I installed a two Rocky 8 boxes, one with a DISA STIG profile the other with no security profile. There are differences seen in podman info especially the idMappings: section. I was able to get the system with no security to run the compose file without any issues. All containers stay running. I made no changes to how I installed podman nor did I apply any policy. My install process was simply dnf install podman podman-compose -y That’s all and nothing more.

podman info (unsecured system)
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536

podman info (secured system)
idMappings:
gidmap: null
uidmap: null

I am going to apply Ansible STIG playbook after confirming that the pulp compose stack is all working as expected. So I think my question is how to get the uid/gid map per container. Thoughts?