beaker-docker 0.5.3 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7b9f93de9358670645ea7e0c3bf982a7c822b8ca
-  data.tar.gz: 19730ee76587c0e098504bf7bae15627c10f1603
+SHA256:
+  metadata.gz: f21e88681130028d956057cc5d7e10242d3ab4b0dd3afdddc1e4a77b6a30376e
+  data.tar.gz: 27f935f63ebaf20d0eb18afcab7360dccdb6cc7e037cee4d6e9e3a45aed9ef33
 SHA512:
-  metadata.gz: 78b6a3d9dda05f73f12861c8f3675647b3265428cfa634de30dbd89da20eac938353ecbf44c900079cdc1a7113a9f7304e13915c78c3f39426e1364be9fee0e8
-  data.tar.gz: a88c7fe2fa9ec4655e629e1996310baa0154bfc8c69e7294f0111479c447f3ef878305df2cf14b8c4fcd36b272f761c06fa9181bfa330ed943e51a27f63eded5
+  metadata.gz: 419eee4542d7283b98c1c9e56fae980816123bd5b4f8f69920180815c0ac61d047f0a8523ac68dc091e6bff6c101d8782905ec18d8a8d571274e62588872f58d
+  data.tar.gz: 7aa8635232484d7b4ef171d1714ab59805cd82e1b8c0d44d70174b903805376cf08e8ce48030f33f0efeb8d4ce845b8f2ad6b0f3deeb30bef602ffa86b092387

data/.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "13:00"
+  open-pull-requests-limit: 10

data/.github/workflows/test.yml

@@ -0,0 +1,32 @@
+name: Test
+
+on:
+  - pull_request
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - "2.4"
+          - "2.5"
+          - "2.6"
+          - "2.7"
+    env:
+      BUNDLE_WITHOUT: release
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Ruby ${{ matrix.ruby }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Run spec tests
+        run: bundle exec rake test:spec
+      # It seems some additonal setup of Docker may be needed for
+      # the acceptance tests to work.
+      # - name: Run acceptance tests
+      #   run: bundle exec rake test:acceptance

data/README.md

@@ -6,25 +6,94 @@ Beaker library to use docker hypervisor
 
 This gem that allows you to use hosts with [docker](docker.md) hypervisor with [beaker](https://github.com/puppetlabs/beaker).
 
-Beaker will automatically load the appropriate hypervisors for any given hosts file, so as long as your project dependencies are satisfied there's nothing else to do. No need to `require` this library in your tests.
+Beaker will automatically load the appropriate hypervisors for any given hosts
+file, so as long as your project dependencies are satisfied there's nothing else
+to do. No need to `require` this library in your tests.
 
-## With Beaker 3.x
-
-This library is included as a dependency of Beaker 3.x versions, so there's nothing to do.
-
-## With Beaker 4.x
-
-As of Beaker 4.0, all hypervisor and DSL extension libraries have been removed and are no longer dependencies. In order to use a specific hypervisor or DSL extension library in your project, you will need to include them alongside Beaker in your Gemfile or project.gemspec. E.g.
+In order to use a specific hypervisor or DSL extension library in your project,
+you will need to include them alongside Beaker in your Gemfile or
+project.gemspec. E.g.
 
 ~~~ruby
 # Gemfile
-gem 'beaker', '~>4.0'
-gem 'beaker-aws'
+gem 'beaker', '~> 4.0'
+gem 'beaker-docker'
 # project.gemspec
-s.add_runtime_dependency 'beaker', '~>4.0'
-s.add_runtime_dependency 'beaker-aws'
+s.add_runtime_dependency 'beaker', '~> 4.0'
+s.add_runtime_dependency 'beaker-docker'
+~~~
+
+## Nodeset Options
+
+The following is a sample nodeset:
+
+~~~yaml
+HOSTS:
+  el8:
+    platform: el-8-x86_64
+    hypervisor: docker
+    image: centos:8
+    docker_cmd: '["/sbin/init"]'
+    # Run arbitrary things
+    docker_image_commands:
+      - 'touch /tmp/myfile'
+    dockeropts:
+      Labels:
+        thing: 'stuff'
+      HostConfig:
+        Privileged: true
+  el7:
+    platform: el-7-x86_64
+    hypervisor: docker
+    image: centos:7
+    # EL7 images do not support nested systemd
+    docker_cmd: '/usr/sbin/sshd -D -E /var/log/sshd.log'
+CONFIG:
+  docker_cap_add:
+    - AUDIT_WRITE
+~~~
+
+## Privileged containers
+
+Containers are **not** run in privileged mode by default for safety.
+
+If you wish to enable privileged mode, simply set the following in your node:
+
+~~~yaml
+dockeropts:
+  HostConfig:
+    Privileged: true
+~~~
+
+## Cleaning up after tests
+
+Containers created by this plugin may not be destroyed unless the tests complete
+successfully. Each container created is prefixed by `beaker-` to make filtering
+for clean up easier.
+
+A quick way to clean up all nodes is as follows:
+
+~~~sh
+podman rm -f $( podman ps -q -f name="beaker-*" )
 ~~~
 
+# Working with `podman`
+
+If you're using a version of `podman` that has API socket support then you
+should be able to simply set `DOCKER_HOST` to your socket and connect as usual.
+
+You also need to ensure that you're using a version of the `docker-api` gem that
+supports `podman`.
+
+You may find that not all of your tests work as expected. This will be due to
+the tighter system restrictions placed on containers by `podman`. You may need
+to edit the `dockeropts` hash in your nodeset to include different flags in the
+`HostConfig` section.
+
+See the
+[HostConfig](https://any-api.com/docker_com/engine/docs/Definitions/HostConfig)
+portion of the docker API for more information.
+
 # Spec tests
 
 Spec test live under the `spec` folder. There are the default rake task and therefore can run with a simple command:
@@ -34,7 +103,8 @@ bundle exec rake test:spec
 
 # Acceptance tests
 
-There is a simple rake task to invoke acceptance test for the library: 
+There is a simple rake task to invoke acceptance test for the library:
+
 ```bash
 bundle exec rake test:acceptance
 ```
@@ -42,3 +112,14 @@ bundle exec rake test:acceptance
 # Contributing
 
 Please refer to puppetlabs/beaker's [contributing](https://github.com/puppetlabs/beaker/blob/master/CONTRIBUTING.md) guide.
+
+# Releasing
+
+To release new versions of beaker-docker, please use this [jenkins job](https://cinext-jenkinsmaster-sre-prod-1.delivery.puppetlabs.net/view/all/job/qe_beaker-docker_init-multijob_master/). This job
+lives on Puppet-internal infrastructure, so you'll need to be a part of the Puppet org to do this.
+
+To run the job, click on `Build with Parameters` in the menu on the left. Make
+sure you check the box next to `PUBLIC` and enter the appropriate version. The
+version should adhere to [semantic version standards](https://semver.org).
+When in doubt, consult the [maintainers of Beaker](https://github.com/puppetlabs/beaker/blob/master/CODEOWNERS)
+for guidance.

data/Rakefile

@@ -6,14 +6,14 @@ namespace :test do
 
     desc "Run spec tests"
     RSpec::Core::RakeTask.new(:run) do |t|
-      t.rspec_opts = ['--color']
+      t.rspec_opts = ['--color', '--format documentation']
       t.pattern = 'spec/'
     end
 
     desc "Run spec tests with coverage"
     RSpec::Core::RakeTask.new(:coverage) do |t|
       ENV['BEAKER_DOCKER_COVERAGE'] = 'y'
-      t.rspec_opts = ['--color']
+      t.rspec_opts = ['--color', '--format documentation']
       t.pattern = 'spec/'
     end
 

data/acceptance/config/nodes/hosts.yaml

@@ -1,9 +1,9 @@
 ---
 HOSTS:
-  ubuntu1604-64-1:
-    platform: ubuntu-1604-x86_64 
+  centos8:
+    platform: el-8-x86_64
     hypervisor: docker
-    image: ubuntu:16.04
+    image: centos:8
     roles:
       - master
       - agent
@@ -12,22 +12,24 @@ HOSTS:
       - classifier
       - default
     docker_cmd: '["/sbin/init"]'
+    docker_cap_add:
+      - AUDIT_WRITE
     dockeropts:
       Labels:
         one: '1'
         two: '2'
-  ubuntu1604-64-2:
-    platform: ubuntu-1604-x86_64
+  centos7:
+    platform: el-7-x86_64
     hypervisor: docker
-    image: ubuntu:16.04
+    image: centos:7
     roles:
       - agent
-    docker_cmd: '["/sbin/init"]'
+    docker_cmd: '/usr/sbin/sshd -D -E /var/log/sshd.log'
+    use_image_entrypoint: true
+    dockeropts:
+      HostConfig:
+        Privileged: true
 CONFIG:
   nfs_server: none
   consoleport: 443
   log_level: verbose
-  dockeropts:
-    Labels:
-      one: '3'
-      two: '4'

data/beaker-docker.gemspec

@@ -20,24 +20,14 @@ Gem::Specification.new do |s|
   # Testing dependencies
   s.add_development_dependency 'rspec', '~> 3.0'
   s.add_development_dependency 'rspec-its'
-  # pin fakefs for Ruby < 2.3
-  if RUBY_VERSION < "2.3"
-    s.add_development_dependency 'fakefs', '~> 0.6', '< 0.14'
-  else
-    s.add_development_dependency 'fakefs', '~> 0.6'
-  end
-  s.add_development_dependency 'rake', '~> 10.1'
+  s.add_development_dependency 'fakefs', '~> 1.3'
+  s.add_development_dependency 'rake', '~> 13.0'
   s.add_development_dependency 'simplecov'
   s.add_development_dependency 'pry', '~> 0.10'
 
-  # Documentation dependencies
-  s.add_development_dependency 'yard'
-  s.add_development_dependency 'markdown'
-  s.add_development_dependency 'thin'
-
   # Run time dependencies
   s.add_runtime_dependency 'stringify-hash', '~> 0.0.0'
-  s.add_runtime_dependency 'docker-api'
+  s.add_runtime_dependency 'docker-api', '< 3.0.0'
 
 end
 

data/lib/beaker-docker/version.rb

@@ -1,3 +1,3 @@
 module BeakerDocker
-  VERSION = '0.5.3'
+  VERSION = '0.8.0'
 end

data/lib/beaker/hypervisor/docker.rb

@@ -19,19 +19,25 @@ module Beaker
       default_docker_options = { :write_timeout => 300, :read_timeout => 300 }.merge(::Docker.options || {})
       # Merge docker options from the entry in hosts file
       ::Docker.options = default_docker_options.merge(@options[:docker_options] || {})
-      # assert that the docker-api gem can talk to your docker
-      # enpoint.  Will raise if there is a version mismatch
+
+      # Ensure that we can correctly communicate with the docker API
       begin
-        ::Docker.validate_version!
+        @docker_version = ::Docker.version
       rescue Excon::Errors::SocketError => e
-        raise "Docker instance not connectable.\nError was: #{e}\nCheck your DOCKER_HOST variable has been set\nIf you are on OSX or Windows, you might not have Docker Machine setup correctly: https://docs.docker.com/machine/\n"
+        raise <<~ERRMSG
+          Docker instance not connectable
+          Error was: #{e}
+          * Check your DOCKER_HOST variable has been set
+          * If you are on OSX or Windows, you might not have Docker Machine setup correctly: https://docs.docker.com/machine/
+          * If you are using rootless podman, you might need to set up your local socket and service
+          ERRMSG
       end
 
       # Pass on all the logging from docker-api to the beaker logger instance
       ::Docker.logger = @logger
 
       # Find out what kind of remote instance we are talking against
-      if ::Docker.version['Version'] =~ /swarm/
+      if @docker_version['Version'] =~ /swarm/
         @docker_type = 'swarm'
         unless ENV['DOCKER_REGISTRY']
           raise "Using Swarm with beaker requires a private registry. Please setup the private registry and set the 'DOCKER_REGISTRY' env var"
@@ -41,10 +47,21 @@ module Beaker
       else
         @docker_type = 'docker'
       end
-
     end
 
     def install_and_run_ssh(host)
+      def host.enable_root_login(host,opts)
+        logger.debug("Root login already enabled for #{host}")
+      end
+
+      # If the container is running ssh as its init process then this method
+      # will cause issues.
+      if host[:docker_cmd] =~ /sshd/
+        def host.ssh_service_restart
+          self[:docker_container].exec(%w(kill -1 1))
+        end
+      end
+
       host['dockerfile'] || host['use_image_entry_point']
     end
 
@@ -62,7 +79,6 @@ module Beaker
             '22/tcp' => [{ 'HostPort' => rand.to_s[2..5], 'HostIp' => '0.0.0.0'}]
           },
           'PublishAllPorts' => true,
-          'Privileged' => true,
           'RestartPolicy' => {
             'Name' => 'always'
           }
@@ -109,6 +125,45 @@ module Beaker
                   { rm: true, buildargs: buildargs_for(host) })
     end
 
+    # Find out where the ssh port is from the container
+    # When running on swarm DOCKER_HOST points to the swarm manager so we have to get the
+    # IP of the swarm slave via the container data
+    # When we are talking to a normal docker instance DOCKER_HOST can point to a remote docker instance.
+    def get_ssh_connection_info(container)
+      ssh_connection_info = {
+        ip: nil,
+        port: nil
+      }
+
+      # Talking against a remote docker host which is a normal docker host
+      if @docker_type == 'docker' && ENV['DOCKER_HOST'] && !ENV.fetch('DOCKER_HOST','').include?(':///')
+        ip = URI.parse(ENV['DOCKER_HOST']).host
+      else
+        # Swarm or local docker host
+        if in_container?
+          ip = container.json["NetworkSettings"]["Gateway"]
+        else
+          ip = container.json["NetworkSettings"]["Ports"]["22/tcp"][0]["HostIp"]
+        end
+      end
+
+      network_settings = container.json['NetworkSettings']
+      host_config = container.json['HostConfig']
+
+      port = '22'
+      if host_config['NetworkMode'] == 'bridge' && network_settings['IPAddress'] && !network_settings['IPAddress'].empty?
+        ssh_connection_info[:ip] = network_settings['IPAddress']
+      else
+        port = network_settings['Ports']['22/tcp'][0]['HostPort']
+
+        # Update host metadata
+        ssh_connection_info[:ip] = (ip == '0.0.0.0') ? '127.0.0.1' : ip
+      end
+
+      ssh_connection_info[:port] = port
+      ssh_connection_info
+    end
+
     def provision
       @logger.notify "Provisioning docker"
 
@@ -144,10 +199,9 @@ module Beaker
 
         container = find_container(host)
 
-        # Provisioning - Only provision if:
-        # - provisioning was explicitly requested via options, or
-        # - the host's container can't be found via its name or ID
-        if @options[:provision] || container.nil?
+        # Provisioning - Only provision if the host's container can't be found
+        # via its name or ID
+        if container.nil?
           unless host['mount_folders'].nil?
             container_opts['HostConfig'] ||= {}
             container_opts['HostConfig']['Binds'] = host['mount_folders'].values.map do |mount|
@@ -157,21 +211,50 @@ module Beaker
                 host_path = "/" + host_path.gsub(/^.\:/, host_path[/^(.)/].downcase)
               end
               a = [ host_path, mount['container_path'] ]
-              a << mount['opts'] if mount.has_key?('opts')
+              if mount.has_key?('opts')
+                a << mount['opts'] if mount.has_key?('opts')
+              else
+                a << mount['opts'] = 'z'
+              end
+
               a.join(':')
             end
           end
 
+          if host['docker_env']
+            container_opts['Env'] = host['docker_env']
+          end
+
           if host['docker_cap_add']
             container_opts['HostConfig']['CapAdd'] = host['docker_cap_add']
           end
 
           if host['docker_container_name']
             container_opts['name'] = host['docker_container_name']
+          else
+            container_opts['name'] = ['beaker', host.name, SecureRandom.uuid.split('-').last].join('-')
           end
 
           @logger.debug("Creating container from image #{image_name}")
-          container = ::Docker::Container.create(container_opts)
+
+          ok=false
+          retries=0
+          while(!ok && (retries < 5))
+            container = ::Docker::Container.create(container_opts)
+
+            if (get_ssh_connection_info(container)[:port].to_i < 1024) && (Process.uid != 0)
+              @logger.debug("#{host} was given a port less than 1024 but you are not running as root, retrying")
+
+              container.delete
+
+              retries+=1
+              next
+            end
+
+            ok=true
+          end
+        else
+          host['use_existing_container'] = true
         end
 
         if container.nil?
@@ -184,41 +267,35 @@ module Beaker
         @logger.debug("Starting container #{container.id}")
         container.start
 
+        # Preserve the ability to talk directly to the underlying API
+        #
+        # You can use any method defined by the docker-api gem on this object
+        # https://github.com/swipely/docker-api
+        host[:docker_container] = container
+
+        ssh_connection_info = get_ssh_connection_info(container)
+
+        ip = ssh_connection_info[:ip]
+        port = ssh_connection_info[:port]
+
+        @logger.info("Using container connection at #{ip}:#{port}")
+
         if install_and_run_ssh(host)
           @logger.notify("Installing ssh components and starting ssh daemon in #{host} container")
           install_ssh_components(container, host)
           # run fixssh to configure and start the ssh service
           fix_ssh(container, host)
         end
-        # Find out where the ssh port is from the container
-        # When running on swarm DOCKER_HOST points to the swarm manager so we have to get the
-        # IP of the swarm slave via the container data
-        # When we are talking to a normal docker instance DOCKER_HOST can point to a remote docker instance.
-
-        # Talking against a remote docker host which is a normal docker host
-        if @docker_type == 'docker' && ENV['DOCKER_HOST']
-          ip = URI.parse(ENV['DOCKER_HOST']).host
-        else
-          # Swarm or local docker host
-          if in_container?
-            ip = container.json["NetworkSettings"]["Gateway"]
-          else
-            ip = container.json["NetworkSettings"]["Ports"]["22/tcp"][0]["HostIp"]
-          end
-        end
-
-        @logger.info("Using docker server at #{ip}")
-        port = container.json["NetworkSettings"]["Ports"]["22/tcp"][0]["HostPort"]
 
         forward_ssh_agent = @options[:forward_ssh_agent] || false
 
-        # Update host metadata
-        host['ip']  = ip
+        host['ip'] = ip
         host['port'] = port
         host['ssh']  = {
           :password => root_password,
           :port => port,
           :forward_agent => forward_ssh_agent,
+          :auth_methods => ['password', 'publickey', 'hostbased', 'keyboard-interactive']
         }
 
         @logger.debug("node available as  ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@#{ip} -p #{port}")
@@ -226,10 +303,12 @@ module Beaker
         host['docker_image_id'] = image.id
         host['vm_ip'] = container.json["NetworkSettings"]["IPAddress"].to_s
 
+        def host.reboot
+          @logger.warn("Rebooting containers is ineffective...ignoring")
+        end
       end
 
       hack_etc_hosts @hosts, @options
-
     end
 
     # This sideloads sshd after a container starts
@@ -238,19 +317,23 @@ module Beaker
       when /ubuntu/, /debian/
         container.exec(%w(apt-get update))
         container.exec(%w(apt-get install -y openssh-server openssh-client))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /cumulus/
         container.exec(%w(apt-get update))
         container.exec(%w(apt-get install -y openssh-server openssh-client))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /fedora-(2[2-9])/
         container.exec(%w(dnf clean all))
         container.exec(%w(dnf install -y sudo openssh-server openssh-clients))
         container.exec(%w(ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key))
         container.exec(%w(ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /^el-/, /centos/, /fedora/, /redhat/, /eos/
         container.exec(%w(yum clean all))
         container.exec(%w(yum install -y sudo openssh-server openssh-clients))
         container.exec(%w(ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key))
         container.exec(%w(ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /opensuse/, /sles/
         container.exec(%w(zypper -n in openssh))
         container.exec(%w(ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key))
@@ -279,38 +362,44 @@ module Beaker
     def cleanup
       @logger.notify "Cleaning up docker"
       @hosts.each do |host|
-        container = find_container(host)
-        if container
-          @logger.debug("stop container #{container.id}")
-          begin
-            container.kill
-            sleep 2 # avoid a race condition where the root FS can't unmount
-          rescue Excon::Errors::ClientError => e
-            @logger.warn("stop of container #{container.id} failed: #{e.response.body}")
-          end
-          @logger.debug("delete container #{container.id}")
-          begin
-            container.delete
-          rescue Excon::Errors::ClientError => e
-            @logger.warn("deletion of container #{container.id} failed: #{e.response.body}")
-          end
-        end
-
-        # Do not remove the image if docker_preserve_image is set to true, otherwise remove it
-        unless host['docker_preserve_image']
-          image_id = host['docker_image_id']
-
-          if image_id
-            @logger.debug("deleting image #{image_id}")
+        # leave the container running if docker_preserve_container is set
+        # setting docker_preserve_container also implies docker_preserve_image
+        # is set, since you can't delete an image that's the base of a running
+        # container
+        unless host['docker_preserve_container']
+          container = find_container(host)
+          if container
+            @logger.debug("stop container #{container.id}")
             begin
-              ::Docker::Image.remove(image_id)
+              container.kill
+              sleep 2 # avoid a race condition where the root FS can't unmount
             rescue Excon::Errors::ClientError => e
-              @logger.warn("deletion of image #{image_id} failed: #{e.response.body}")
-            rescue ::Docker::Error::DockerError => e
-              @logger.warn("deletion of image #{image_id} caused internal Docker error: #{e.message}")
+              @logger.warn("stop of container #{container.id} failed: #{e.response.body}")
+            end
+            @logger.debug("delete container #{container.id}")
+            begin
+              container.delete
+            rescue Excon::Errors::ClientError => e
+              @logger.warn("deletion of container #{container.id} failed: #{e.response.body}")
+            end
+          end
+
+          # Do not remove the image if docker_preserve_image is set to true, otherwise remove it
+          unless host['docker_preserve_image']
+            image_id = host['docker_image_id']
+
+            if image_id
+              @logger.debug("deleting image #{image_id}")
+              begin
+                ::Docker::Image.remove(image_id)
+              rescue Excon::Errors::ClientError => e
+                @logger.warn("deletion of image #{image_id} failed: #{e.response.body}")
+              rescue ::Docker::Error::DockerError => e
+                @logger.warn("deletion of image #{image_id} caused internal Docker error: #{e.message}")
+              end
+            else
+              @logger.warn("Intended to delete the host's docker image, but host['docker_image_id'] was not set")
             end
-          else
-            @logger.warn("Intended to delete the host's docker image, but host['docker_image_id'] was not set")
           end
         end
       end
@@ -360,64 +449,76 @@ module Beaker
       case host['platform']
       when /ubuntu/, /debian/
         service_name = "ssh"
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN apt-get update
           RUN apt-get install -y openssh-server openssh-client #{Beaker::HostPrebuiltSteps::DEBIAN_PACKAGES.join(' ')}
-        EOF
-        when  /cumulus/
-          dockerfile += <<-EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
+      when  /cumulus/
+          dockerfile += <<~EOF
           RUN apt-get update
           RUN apt-get install -y openssh-server openssh-client #{Beaker::HostPrebuiltSteps::CUMULUS_PACKAGES.join(' ')}
-        EOF
+          EOF
       when /fedora-(2[2-9])/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN dnf clean all
           RUN dnf install -y sudo openssh-server openssh-clients #{Beaker::HostPrebuiltSteps::UNIX_PACKAGES.join(' ')}
           RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
           RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
-        EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
+      when /el-8/
+        dockerfile += <<~EOF
+          RUN dnf clean all
+          RUN dnf install -y sudo openssh-server openssh-clients #{Beaker::HostPrebuiltSteps::RHEL8_PACKAGES.join(' ')}
+          RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
+          RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
       when /^el-/, /centos/, /fedora/, /redhat/, /eos/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN yum clean all
           RUN yum install -y sudo openssh-server openssh-clients #{Beaker::HostPrebuiltSteps::UNIX_PACKAGES.join(' ')}
           RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
           RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
-        EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
       when /opensuse/, /sles/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN zypper -n in openssh #{Beaker::HostPrebuiltSteps::SLES_PACKAGES.join(' ')}
           RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
           RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
           RUN sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
-        EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
       when /archlinux/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN pacman --noconfirm -Sy archlinux-keyring
           RUN pacman --noconfirm -Syu
           RUN pacman -S --noconfirm openssh #{Beaker::HostPrebuiltSteps::ARCHLINUX_PACKAGES.join(' ')}
           RUN ssh-keygen -A
           RUN sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
           RUN systemctl enable sshd
-        EOF
+          EOF
       else
         # TODO add more platform steps here
         raise "platform #{host['platform']} not yet supported on docker"
       end
 
       # Make sshd directory, set root password
-      dockerfile += <<-EOF
+      dockerfile += <<~EOF
         RUN mkdir -p /var/run/sshd
         RUN echo root:#{root_password} | chpasswd
-      EOF
+        EOF
 
       # Configure sshd service to allowroot login using password
       # Also, disable reverse DNS lookups to prevent every. single. ssh
       # operation taking 30 seconds while the lookup times out.
-      dockerfile += <<-EOF
+      dockerfile += <<~EOF
         RUN sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config
         RUN sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config
         RUN sed -ri 's/^#?UseDNS .*/UseDNS no/' /etc/ssh/sshd_config
-      EOF
+        EOF
 
 
       # Any extra commands specified for the host
@@ -498,6 +599,7 @@ module Beaker
 
       return container unless container.nil?
       @logger.debug("Existing container not found")
+      return nil
     end
 
     # return true if we are inside a docker container