beaker-docker 0.5.4 → 0.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: c08f5cd20c40f88ec243742f3471581e3bdedaac
-  data.tar.gz: a51dd89bab315c5bc3061e4c290335ca305c8932
+SHA256:
+  metadata.gz: d1f70940dc7c4b43db06838e143fc4e4a498247be0ed67ae0926ae84527f5786
+  data.tar.gz: b12830fb23b10ccf1718be061c3e6ffe3e81c0b47b3aff58e3882e2e0a843c7d
 SHA512:
-  metadata.gz: b475e8f7ce22f303fbe772749f0176511581ec9b84f3d116ad690fe2c5d318bc4b33b9f68186938bf5715b81e1a5f8b05f2a7833b6a3e469f7970eebfe5068b8
-  data.tar.gz: f7a3654d9252c82362d88be8dcbfa75aa3a546d01f156e65838d0eed1525a17e55c2fbd937c559fb5dba472fce1f02b27282daee917be49d183d52e03ed83c82
+  metadata.gz: d182e05ba8dea02f896571bb5cf100f3a313349e1178f3eb9daf5e62f7ec93572114e4e1cf6e10a34aa18e8280d7be0ff7ed8a1482984cbd07ae3a530a7a0be9
+  data.tar.gz: 478ac68e7088d66a8f5a4732f59a1337b355293b5a5f8d38551e5d54b81e6e7634528139b4c5717462b3d0b4a8558de05afc83b2f2c51705f0e8d16b7fb885a8

data/.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "13:00"
+  open-pull-requests-limit: 10

data/.github/workflows/release.yml

@@ -0,0 +1,24 @@
+name: Release
+
+on:
+  create:
+    ref_type: tag
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    if: github.repository == 'voxpupuli/beaker-docker'
+    env:
+      BUNDLE_WITHOUT: release
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Ruby 2.7
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '2.7'
+      - name: Build gem
+        run: gem build *.gemspec
+      - name: Publish gem
+        run: gem push *.gem
+        env:
+          GEM_HOST_API_KEY: '${{ secrets.RUBYGEMS_AUTH_TOKEN }}'

data/.github/workflows/test.yml

@@ -0,0 +1,105 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - test_me_github
+  pull_request:
+    branches:
+      - main
+      - master
+
+jobs:
+  rspec:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - "2.4"
+          - "2.5"
+          - "2.6"
+          - "2.7"
+    env:
+      BUNDLE_WITHOUT: release
+    name: RSpec - Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Ruby ${{ matrix.ruby }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: install bundler
+        run: |
+          gem install bundler -v '~> 1.17.3'
+          bundle update
+      - name: spec tests
+        run: bundle exec rake test:spec
+
+  docker:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - "2.6"
+    env:
+      BUNDLE_WITHOUT: release
+    name: Docker - Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Ruby ${{ matrix.ruby }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: install bundler
+        run: |
+          gem install bundler -v '~> 1.17.3'
+          bundle update
+      - name: install container runtime
+        run: |
+          sudo apt-get remove -y docker docker-engine docker.io containerd runc ||:
+          sudo apt-get update -y
+          sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common
+          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+          sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+          sudo apt-get update -y
+          sudo apt-get install -y docker-ce docker-ce-cli containerd.io
+          sudo systemctl start docker
+      - name: Run acceptance tests
+        run: bundle exec rake test:acceptance
+
+  podman:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - "2.6"
+    env:
+      BUNDLE_WITHOUT: release
+    name: Podman - Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Ruby ${{ matrix.ruby }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: install bundler
+        run: |
+          gem install bundler -v '~> 1.17.3'
+          bundle update
+      # We need the latest version of podman for this to work
+      - name: install container runtime
+        run: |
+          . /etc/os-release
+          curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add -
+          echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/podman.list > /dev/null
+          sudo apt-get update
+          sudo apt-get -y install podman
+          sudo systemctl start podman
+      - name: Run acceptance tests
+        run: bundle exec rake test:acceptance

data/Gemfile.local

@@ -0,0 +1,5 @@
+group :acceptance_testing do
+  # Needed for podman testing
+  gem "docker-api", :git => 'https://github.com/trevor-vaughan/docker-api', :branch => 'podman-compat'
+  gem "beaker-rspec"
+end

data/README.md

@@ -6,25 +6,94 @@ Beaker library to use docker hypervisor
 
 This gem that allows you to use hosts with [docker](docker.md) hypervisor with [beaker](https://github.com/puppetlabs/beaker).
 
-Beaker will automatically load the appropriate hypervisors for any given hosts file, so as long as your project dependencies are satisfied there's nothing else to do. No need to `require` this library in your tests.
+Beaker will automatically load the appropriate hypervisors for any given hosts
+file, so as long as your project dependencies are satisfied there's nothing else
+to do. No need to `require` this library in your tests.
 
-## With Beaker 3.x
-
-This library is included as a dependency of Beaker 3.x versions, so there's nothing to do.
-
-## With Beaker 4.x
-
-As of Beaker 4.0, all hypervisor and DSL extension libraries have been removed and are no longer dependencies. In order to use a specific hypervisor or DSL extension library in your project, you will need to include them alongside Beaker in your Gemfile or project.gemspec. E.g.
+In order to use a specific hypervisor or DSL extension library in your project,
+you will need to include them alongside Beaker in your Gemfile or
+project.gemspec. E.g.
 
 ~~~ruby
 # Gemfile
-gem 'beaker', '~>4.0'
-gem 'beaker-aws'
+gem 'beaker', '~> 4.0'
+gem 'beaker-docker'
 # project.gemspec
-s.add_runtime_dependency 'beaker', '~>4.0'
-s.add_runtime_dependency 'beaker-aws'
+s.add_runtime_dependency 'beaker', '~> 4.0'
+s.add_runtime_dependency 'beaker-docker'
+~~~
+
+## Nodeset Options
+
+The following is a sample nodeset:
+
+~~~yaml
+HOSTS:
+  el8:
+    platform: el-8-x86_64
+    hypervisor: docker
+    image: centos:8
+    docker_cmd: '["/sbin/init"]'
+    # Run arbitrary things
+    docker_image_commands:
+      - 'touch /tmp/myfile'
+    dockeropts:
+      Labels:
+        thing: 'stuff'
+      HostConfig:
+        Privileged: true
+  el7:
+    platform: el-7-x86_64
+    hypervisor: docker
+    image: centos:7
+    # EL7 images do not support nested systemd
+    docker_cmd: '/usr/sbin/sshd -D -E /var/log/sshd.log'
+CONFIG:
+  docker_cap_add:
+    - AUDIT_WRITE
+~~~
+
+## Privileged containers
+
+Containers are **not** run in privileged mode by default for safety.
+
+If you wish to enable privileged mode, simply set the following in your node:
+
+~~~yaml
+dockeropts:
+  HostConfig:
+    Privileged: true
+~~~
+
+## Cleaning up after tests
+
+Containers created by this plugin may not be destroyed unless the tests complete
+successfully. Each container created is prefixed by `beaker-` to make filtering
+for clean up easier.
+
+A quick way to clean up all nodes is as follows:
+
+~~~sh
+podman rm -f $( podman ps -q -f name="beaker-*" )
 ~~~
 
+# Working with `podman`
+
+If you're using a version of `podman` that has API socket support then you
+should be able to simply set `DOCKER_HOST` to your socket and connect as usual.
+
+You also need to ensure that you're using a version of the `docker-api` gem that
+supports `podman`.
+
+You may find that not all of your tests work as expected. This will be due to
+the tighter system restrictions placed on containers by `podman`. You may need
+to edit the `dockeropts` hash in your nodeset to include different flags in the
+`HostConfig` section.
+
+See the
+[HostConfig](https://any-api.com/docker_com/engine/docs/Definitions/HostConfig)
+portion of the docker API for more information.
+
 # Spec tests
 
 Spec test live under the `spec` folder. There are the default rake task and therefore can run with a simple command:
@@ -34,7 +103,8 @@ bundle exec rake test:spec
 
 # Acceptance tests
 
-There is a simple rake task to invoke acceptance test for the library: 
+There is a simple rake task to invoke acceptance test for the library:
+
 ```bash
 bundle exec rake test:acceptance
 ```
@@ -42,3 +112,14 @@ bundle exec rake test:acceptance
 # Contributing
 
 Please refer to puppetlabs/beaker's [contributing](https://github.com/puppetlabs/beaker/blob/master/CONTRIBUTING.md) guide.
+
+# Releasing
+
+To release new versions of beaker-docker, please use this [jenkins job](https://cinext-jenkinsmaster-sre-prod-1.delivery.puppetlabs.net/view/all/job/qe_beaker-docker_init-multijob_master/). This job
+lives on Puppet-internal infrastructure, so you'll need to be a part of the Puppet org to do this.
+
+To run the job, click on `Build with Parameters` in the menu on the left. Make
+sure you check the box next to `PUBLIC` and enter the appropriate version. The
+version should adhere to [semantic version standards](https://semver.org).
+When in doubt, consult the [maintainers of Beaker](https://github.com/puppetlabs/beaker/blob/master/CODEOWNERS)
+for guidance.

data/Rakefile

@@ -6,14 +6,14 @@ namespace :test do
 
     desc "Run spec tests"
     RSpec::Core::RakeTask.new(:run) do |t|
-      t.rspec_opts = ['--color']
+      t.rspec_opts = ['--color', '--format documentation']
       t.pattern = 'spec/'
     end
 
     desc "Run spec tests with coverage"
     RSpec::Core::RakeTask.new(:coverage) do |t|
       ENV['BEAKER_DOCKER_COVERAGE'] = 'y'
-      t.rspec_opts = ['--color']
+      t.rspec_opts = ['--color', '--format documentation']
       t.pattern = 'spec/'
     end
 
@@ -32,11 +32,15 @@ A quick acceptance test, named because it has no pre-suites to run
       beaker_test_base_dir = File.join(beaker_gem_dir, 'acceptance/tests/base')
       load_path_option = File.join(beaker_gem_dir, 'acceptance/lib')
 
+      ENV['BEAKER_setfile'] = 'acceptance/config/nodes/hosts.yaml'
       sh("beaker",
          "--hosts", "acceptance/config/nodes/hosts.yaml",
-         "--tests", beaker_test_base_dir,
+          # We can't run these tests until the rsync support in the main
+          # beaker/host.rb is updated to work with passwords.
+          # "--tests", beaker_test_base_dir,
+          # "--load-path", load_path_option,
+         "--tests", 'acceptance/tests/',
          "--log-level", "debug",
-         "--load-path", load_path_option,
          "--debug")
     end
 

data/acceptance/config/nodes/hosts.yaml

@@ -1,9 +1,9 @@
 ---
 HOSTS:
-  ubuntu1604-64-1:
-    platform: ubuntu-1604-x86_64 
+  centos8:
+    platform: el-8-x86_64
     hypervisor: docker
-    image: ubuntu:16.04
+    image: centos:8
     roles:
       - master
       - agent
@@ -12,22 +12,29 @@ HOSTS:
       - classifier
       - default
     docker_cmd: '["/sbin/init"]'
-    dockeropts:
-      Labels:
-        one: '1'
-        two: '2'
-  ubuntu1604-64-2:
-    platform: ubuntu-1604-x86_64
+  centos7:
+    platform: el-7-x86_64
     hypervisor: docker
-    image: ubuntu:16.04
+    image: centos:7
     roles:
       - agent
-    docker_cmd: '["/sbin/init"]'
+    docker_cmd: '/usr/sbin/sshd -D -E /var/log/sshd.log'
+    use_image_entrypoint: true
 CONFIG:
   nfs_server: none
   consoleport: 443
   log_level: verbose
+  # Ubuntu runners need to run with full privileges
+  # RHEL derivitives just need the docker cap AUDIT_WRITE
   dockeropts:
-    Labels:
-      one: '3'
-      two: '4'
+    HostConfig:
+      Privileged: true
+  # docker_cap_add:
+  #   - AUDIT_WRITE
+  type: aio
+  ssh:
+    verify_host_key: false
+    user_known_hosts_file: '/dev/null'
+    password: root
+    auth_methods:
+      - password

data/acceptance/tests/00_default_spec.rb

@@ -0,0 +1,10 @@
+require 'beaker'
+require 'beaker-rspec'
+
+RSpec.describe 'it can connect' do
+  hosts.each do |host|
+    context "on #{host}" do
+      on(host, 'ls /tmp')
+    end
+  end
+end

data/beaker-docker.gemspec

@@ -20,24 +20,14 @@ Gem::Specification.new do |s|
   # Testing dependencies
   s.add_development_dependency 'rspec', '~> 3.0'
   s.add_development_dependency 'rspec-its'
-  # pin fakefs for Ruby < 2.3
-  if RUBY_VERSION < "2.3"
-    s.add_development_dependency 'fakefs', '~> 0.6', '< 0.14'
-  else
-    s.add_development_dependency 'fakefs', '~> 0.6'
-  end
-  s.add_development_dependency 'rake', '~> 10.1'
+  s.add_development_dependency 'fakefs', '~> 1.3'
+  s.add_development_dependency 'rake', '~> 13.0'
   s.add_development_dependency 'simplecov'
   s.add_development_dependency 'pry', '~> 0.10'
 
-  # Documentation dependencies
-  s.add_development_dependency 'yard'
-  s.add_development_dependency 'markdown'
-  s.add_development_dependency 'thin'
-
   # Run time dependencies
   s.add_runtime_dependency 'stringify-hash', '~> 0.0.0'
-  s.add_runtime_dependency 'docker-api'
+  s.add_runtime_dependency 'docker-api', '< 3.0.0'
 
 end
 

data/lib/beaker-docker/version.rb

@@ -1,3 +1,3 @@
 module BeakerDocker
-  VERSION = '0.5.4'
+  VERSION = '0.8.1'
 end

data/lib/beaker/hypervisor/docker.rb

@@ -19,19 +19,25 @@ module Beaker
       default_docker_options = { :write_timeout => 300, :read_timeout => 300 }.merge(::Docker.options || {})
       # Merge docker options from the entry in hosts file
       ::Docker.options = default_docker_options.merge(@options[:docker_options] || {})
-      # assert that the docker-api gem can talk to your docker
-      # enpoint.  Will raise if there is a version mismatch
+
+      # Ensure that we can correctly communicate with the docker API
       begin
-        ::Docker.validate_version!
+        @docker_version = ::Docker.version
       rescue Excon::Errors::SocketError => e
-        raise "Docker instance not connectable.\nError was: #{e}\nCheck your DOCKER_HOST variable has been set\nIf you are on OSX or Windows, you might not have Docker Machine setup correctly: https://docs.docker.com/machine/\n"
+        raise <<~ERRMSG
+          Docker instance not connectable
+          Error was: #{e}
+          * Check your DOCKER_HOST variable has been set
+          * If you are on OSX or Windows, you might not have Docker Machine setup correctly: https://docs.docker.com/machine/
+          * If you are using rootless podman, you might need to set up your local socket and service
+          ERRMSG
       end
 
       # Pass on all the logging from docker-api to the beaker logger instance
       ::Docker.logger = @logger
 
       # Find out what kind of remote instance we are talking against
-      if ::Docker.version['Version'] =~ /swarm/
+      if @docker_version['Version'] =~ /swarm/
         @docker_type = 'swarm'
         unless ENV['DOCKER_REGISTRY']
           raise "Using Swarm with beaker requires a private registry. Please setup the private registry and set the 'DOCKER_REGISTRY' env var"
@@ -41,10 +47,21 @@ module Beaker
       else
         @docker_type = 'docker'
       end
-
     end
 
     def install_and_run_ssh(host)
+      def host.enable_root_login(host,opts)
+        logger.debug("Root login already enabled for #{host}")
+      end
+
+      # If the container is running ssh as its init process then this method
+      # will cause issues.
+      if host[:docker_cmd] =~ /sshd/
+        def host.ssh_service_restart
+          self[:docker_container].exec(%w(kill -1 1))
+        end
+      end
+
       host['dockerfile'] || host['use_image_entry_point']
     end
 
@@ -62,7 +79,6 @@ module Beaker
             '22/tcp' => [{ 'HostPort' => rand.to_s[2..5], 'HostIp' => '0.0.0.0'}]
           },
           'PublishAllPorts' => true,
-          'Privileged' => true,
           'RestartPolicy' => {
             'Name' => 'always'
           }
@@ -109,6 +125,48 @@ module Beaker
                   { rm: true, buildargs: buildargs_for(host) })
     end
 
+    # Find out where the ssh port is from the container
+    # When running on swarm DOCKER_HOST points to the swarm manager so we have to get the
+    # IP of the swarm slave via the container data
+    # When we are talking to a normal docker instance DOCKER_HOST can point to a remote docker instance.
+    def get_ssh_connection_info(container)
+      ssh_connection_info = {
+        ip: nil,
+        port: nil
+      }
+
+      container_json = container.json
+      network_settings = container_json['NetworkSettings']
+      host_config = container_json['HostConfig']
+
+      ip = nil
+      port = nil
+      # Talking against a remote docker host which is a normal docker host
+      if @docker_type == 'docker' && ENV['DOCKER_HOST'] && !ENV.fetch('DOCKER_HOST','').include?(':///')
+        ip = URI.parse(ENV['DOCKER_HOST']).host
+      else
+        # Swarm or local docker host
+        if in_container?
+          gw = network_settings['Gateway']
+          ip = gw unless (gw.nil? || gw.empty?)
+        else
+          port22 = network_settings.dig('Ports','22/tcp')
+          ip = port22[0]["HostIp"] if port22
+        end
+      end
+
+      if host_config['NetworkMode'] != 'slirp4netns' && network_settings['IPAddress'] && !network_settings['IPAddress'].empty?
+        ip = network_settings['IPAddress']
+      else
+        port22 = network_settings.dig('Ports','22/tcp')
+        port = port22[0]['HostPort'] if port22
+      end
+
+      ssh_connection_info[:ip] = (ip == '0.0.0.0') ? '127.0.0.1' : ip
+      ssh_connection_info[:port] = port || '22'
+      ssh_connection_info
+    end
+
     def provision
       @logger.notify "Provisioning docker"
 
@@ -156,7 +214,12 @@ module Beaker
                 host_path = "/" + host_path.gsub(/^.\:/, host_path[/^(.)/].downcase)
               end
               a = [ host_path, mount['container_path'] ]
-              a << mount['opts'] if mount.has_key?('opts')
+              if mount.has_key?('opts')
+                a << mount['opts'] if mount.has_key?('opts')
+              else
+                a << mount['opts'] = 'z'
+              end
+
               a.join(':')
             end
           end
@@ -171,10 +234,29 @@ module Beaker
 
           if host['docker_container_name']
             container_opts['name'] = host['docker_container_name']
+          else
+            container_opts['name'] = ['beaker', host.name, SecureRandom.uuid.split('-').last].join('-')
           end
 
           @logger.debug("Creating container from image #{image_name}")
-          container = ::Docker::Container.create(container_opts)
+
+          ok=false
+          retries=0
+          while(!ok && (retries < 5))
+            container = ::Docker::Container.create(container_opts)
+
+            ssh_info = get_ssh_connection_info(container)
+            if ssh_info[:ip] == '127.0.0.1' && (ssh_info[:port].to_i < 1024) && (Process.uid != 0)
+              @logger.debug("#{host} was given a port less than 1024 but you are not running as root, retrying")
+
+              container.delete
+
+              retries+=1
+              next
+            end
+
+            ok=true
+          end
         else
           host['use_existing_container'] = true
         end
@@ -189,52 +271,55 @@ module Beaker
         @logger.debug("Starting container #{container.id}")
         container.start
 
+        begin
+          container.stats
+        rescue StandardError => e
+          container.delete
+          raise "Container '#{container.id}' in a bad state: #{e}"
+        end
+
+        # Preserve the ability to talk directly to the underlying API
+        #
+        # You can use any method defined by the docker-api gem on this object
+        # https://github.com/swipely/docker-api
+        host[:docker_container] = container
+
         if install_and_run_ssh(host)
           @logger.notify("Installing ssh components and starting ssh daemon in #{host} container")
           install_ssh_components(container, host)
           # run fixssh to configure and start the ssh service
           fix_ssh(container, host)
         end
-        # Find out where the ssh port is from the container
-        # When running on swarm DOCKER_HOST points to the swarm manager so we have to get the
-        # IP of the swarm slave via the container data
-        # When we are talking to a normal docker instance DOCKER_HOST can point to a remote docker instance.
-
-        # Talking against a remote docker host which is a normal docker host
-        if @docker_type == 'docker' && ENV['DOCKER_HOST']
-          ip = URI.parse(ENV['DOCKER_HOST']).host
-        else
-          # Swarm or local docker host
-          if in_container?
-            ip = container.json["NetworkSettings"]["Gateway"]
-          else
-            ip = container.json["NetworkSettings"]["Ports"]["22/tcp"][0]["HostIp"]
-          end
-        end
 
-        @logger.info("Using docker server at #{ip}")
-        port = container.json["NetworkSettings"]["Ports"]["22/tcp"][0]["HostPort"]
+        ssh_connection_info = get_ssh_connection_info(container)
+
+        ip = ssh_connection_info[:ip]
+        port = ssh_connection_info[:port]
+
+        @logger.info("Using container connection at #{ip}:#{port}")
 
         forward_ssh_agent = @options[:forward_ssh_agent] || false
 
-        # Update host metadata
-        host['ip']  = ip
+        host['ip'] = ip
         host['port'] = port
         host['ssh']  = {
           :password => root_password,
           :port => port,
           :forward_agent => forward_ssh_agent,
+          :auth_methods => ['password', 'publickey', 'hostbased', 'keyboard-interactive']
         }
 
-        @logger.debug("node available as  ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@#{ip} -p #{port}")
+        @logger.debug("node available as ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@#{ip} -p #{port}")
         host['docker_container_id'] = container.id
         host['docker_image_id'] = image.id
         host['vm_ip'] = container.json["NetworkSettings"]["IPAddress"].to_s
 
+        def host.reboot
+          @logger.warn("Rebooting containers is ineffective...ignoring")
+        end
       end
 
       hack_etc_hosts @hosts, @options
-
     end
 
     # This sideloads sshd after a container starts
@@ -243,19 +328,23 @@ module Beaker
       when /ubuntu/, /debian/
         container.exec(%w(apt-get update))
         container.exec(%w(apt-get install -y openssh-server openssh-client))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /cumulus/
         container.exec(%w(apt-get update))
         container.exec(%w(apt-get install -y openssh-server openssh-client))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /fedora-(2[2-9])/
         container.exec(%w(dnf clean all))
         container.exec(%w(dnf install -y sudo openssh-server openssh-clients))
         container.exec(%w(ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key))
         container.exec(%w(ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /^el-/, /centos/, /fedora/, /redhat/, /eos/
         container.exec(%w(yum clean all))
         container.exec(%w(yum install -y sudo openssh-server openssh-clients))
         container.exec(%w(ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key))
         container.exec(%w(ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /opensuse/, /sles/
         container.exec(%w(zypper -n in openssh))
         container.exec(%w(ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key))
@@ -371,64 +460,76 @@ module Beaker
       case host['platform']
       when /ubuntu/, /debian/
         service_name = "ssh"
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN apt-get update
           RUN apt-get install -y openssh-server openssh-client #{Beaker::HostPrebuiltSteps::DEBIAN_PACKAGES.join(' ')}
-        EOF
-        when  /cumulus/
-          dockerfile += <<-EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
+      when  /cumulus/
+          dockerfile += <<~EOF
           RUN apt-get update
           RUN apt-get install -y openssh-server openssh-client #{Beaker::HostPrebuiltSteps::CUMULUS_PACKAGES.join(' ')}
-        EOF
+          EOF
       when /fedora-(2[2-9])/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN dnf clean all
           RUN dnf install -y sudo openssh-server openssh-clients #{Beaker::HostPrebuiltSteps::UNIX_PACKAGES.join(' ')}
           RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
           RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
-        EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
+      when /el-8/
+        dockerfile += <<~EOF
+          RUN dnf clean all
+          RUN dnf install -y sudo openssh-server openssh-clients #{Beaker::HostPrebuiltSteps::RHEL8_PACKAGES.join(' ')}
+          RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
+          RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
       when /^el-/, /centos/, /fedora/, /redhat/, /eos/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN yum clean all
           RUN yum install -y sudo openssh-server openssh-clients #{Beaker::HostPrebuiltSteps::UNIX_PACKAGES.join(' ')}
           RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
           RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
-        EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
       when /opensuse/, /sles/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN zypper -n in openssh #{Beaker::HostPrebuiltSteps::SLES_PACKAGES.join(' ')}
           RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
           RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
           RUN sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
-        EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
       when /archlinux/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN pacman --noconfirm -Sy archlinux-keyring
           RUN pacman --noconfirm -Syu
           RUN pacman -S --noconfirm openssh #{Beaker::HostPrebuiltSteps::ARCHLINUX_PACKAGES.join(' ')}
           RUN ssh-keygen -A
           RUN sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
           RUN systemctl enable sshd
-        EOF
+          EOF
       else
         # TODO add more platform steps here
         raise "platform #{host['platform']} not yet supported on docker"
       end
 
       # Make sshd directory, set root password
-      dockerfile += <<-EOF
+      dockerfile += <<~EOF
         RUN mkdir -p /var/run/sshd
         RUN echo root:#{root_password} | chpasswd
-      EOF
+        EOF
 
       # Configure sshd service to allowroot login using password
       # Also, disable reverse DNS lookups to prevent every. single. ssh
       # operation taking 30 seconds while the lookup times out.
-      dockerfile += <<-EOF
+      dockerfile += <<~EOF
         RUN sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config
         RUN sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config
         RUN sed -ri 's/^#?UseDNS .*/UseDNS no/' /etc/ssh/sshd_config
-      EOF
+        EOF
 
 
       # Any extra commands specified for the host