From a8c19b6d3ad71761f7d19c00bf37cbae8c0a10c8 Mon Sep 17 00:00:00 2001
From: Robb Manes <robbmanes@protonmail.com>
Date: Wed, 25 Oct 2023 13:17:01 -0400
Subject: [PATCH] Prevent anonymous volume creation

When performing a mirror-registry installation or restarting the
"quay-pod" service, baked-in volumes to the image for "/tmp" and
"/var/log" get created every time the "quay-app" container is made
within the pod.  By using "--image-volume=ignore", any specifically
defined Dockerfile VOLUME directives do not have volumes made for them,
preventing anonymous volumes from being made by the "podman run"
command.

Signed-off-by: Robb Manes <robbmanes@protonmail.com>
---
 .../project/roles/mirror_appliance/templates/postgres.service.j2 | 1 +
 .../app/project/roles/mirror_appliance/templates/quay.service.j2 | 1 +
 .../project/roles/mirror_appliance/templates/redis.service.j2    | 1 +
 3 files changed, 3 insertions(+)

diff --git a/ansible-runner/context/app/project/roles/mirror_appliance/templates/postgres.service.j2 b/ansible-runner/context/app/project/roles/mirror_appliance/templates/postgres.service.j2
index e17aee38..26eca0e4 100755
--- a/ansible-runner/context/app/project/roles/mirror_appliance/templates/postgres.service.j2
+++ b/ansible-runner/context/app/project/roles/mirror_appliance/templates/postgres.service.j2
@@ -11,6 +11,7 @@ ExecStartPre=-/bin/rm -f %t/%n-pid %t/%n-cid
 ExecStart=/usr/bin/podman run \
     --name quay-postgres \
     -v {{ expanded_pg_storage }}:/var/lib/pgsql/data:Z \
+    --image-volume=ignore \
     -e POSTGRESQL_USER=user \
     -e POSTGRESQL_PASSWORD=password \
     -e POSTGRESQL_DATABASE=quay \
diff --git a/ansible-runner/context/app/project/roles/mirror_appliance/templates/quay.service.j2 b/ansible-runner/context/app/project/roles/mirror_appliance/templates/quay.service.j2
index bef4f5dd..b37fa6b0 100755
--- a/ansible-runner/context/app/project/roles/mirror_appliance/templates/quay.service.j2
+++ b/ansible-runner/context/app/project/roles/mirror_appliance/templates/quay.service.j2
@@ -12,6 +12,7 @@ ExecStart=/usr/bin/podman run \
     --name quay-app \
     -v {{ expanded_quay_root }}/quay-config:/quay-registry/conf/stack:Z \
     -v {{ expanded_quay_storage }}:/datastorage:Z \
+    --image-volume=ignore \
     --pod=quay-pod \
     --conmon-pidfile %t/%n-pid \
     --cidfile %t/%n-cid \
diff --git a/ansible-runner/context/app/project/roles/mirror_appliance/templates/redis.service.j2 b/ansible-runner/context/app/project/roles/mirror_appliance/templates/redis.service.j2
index 7d934295..b4044d50 100755
--- a/ansible-runner/context/app/project/roles/mirror_appliance/templates/redis.service.j2
+++ b/ansible-runner/context/app/project/roles/mirror_appliance/templates/redis.service.j2
@@ -15,6 +15,7 @@ ExecStart=/usr/bin/podman run \
     --conmon-pidfile %t/%n-pid \
     --cidfile %t/%n-cid \
     --cgroups=no-conmon \
+    --image-volume=ignore \
     --replace \
     {{ redis_image }}