When loading a rendered configuration from a file as a candidate config systemd requires authentication to stop/start the units managing the containers.
This does not happen when you type/paste in the commands that would produce the rendered configuration.
```
yzguy@test-R1# run add container image cloudflare/gortr
[edit]
yzguy@test-R1# set container name gortr allow-host-networks
[edit]
yzguy@test-R1# set container name gortr arguments '-cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082'
[edit]
yzguy@test-R1# set container name gortr image 'cloudflare/gortr'
[edit]
yzguy@test-R1# set container name gortr port http destination '8082'
[edit]
yzguy@test-R1# set container name gortr port http source '8082'
[edit]
yzguy@test-R1# compare
[]
+ container {
+ name gortr {
+ allow-host-networks { }
+ arguments "-cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082"
+ image "cloudflare/gortr"
+ port http {
+ destination "8082"
+ source "8082"
+ }
+ }
+ }
[edit]
yzguy@test-R1# commit
[edit]
yzguy@test-R1# run show container
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
40c7fabd236e docker.io/cloudflare/gortr:latest -cache https://dn... 14 seconds ago Up 14 seconds ago gortr
[edit]
```
It seems perhaps related to polkit: https://lateambichon.com/en/authenticating-for-org-freedesktop-systemd1-manage-units-2/ and it being done as a non-root/sudo operation.
```
yzguy@test-R1# load /var/tmp/candidate_running.conf
Loading configuration from '/var/tmp/candidate_running.conf'
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
Authentication is required to stop 'vyos-container-gortr.service'.
Multiple identities can be used for authentication:
1. salt minion user,,, (minion)
2. RADIUS mapped user at privilege level admin,,, (radius_priv_user)
3. vyos
4. testuser1
5. testuser2
Choose identity to authenticate as (1-5):
^CTraceback (most recent call last):
File "/usr/libexec/vyos/vyos-load-config.py", line 92, in <module>
migration.run()
File "/usr/lib/python3/dist-packages/vyos/migrator.py", line 191, in run
rev_versions = self.run_migration_scripts(cfg_versions, sys_versions)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/migrator.py", line 127, in run_migration_scripts
out = cmd([migrate_script, self._config_file])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 141, in cmd
decoded, code = popen(
^^^^^^
File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 82, in popen
pipe = p.communicate(input, timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/subprocess.py", line 1207, in communicate
stdout, stderr = self._communicate(input, endtime, timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/subprocess.py", line 2059, in _communicate
ready = selector.select(timeout)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/selectors.py", line 415, in select
fd_event_list = self._selector.poll(timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
KeyboardInterrupt
```
Seems maybe to be related to the container 0-to-1 migration script: https://github.com/vyos/vyos-1x/blob/current/src/migration-scripts/container/0-to-1#L38-L47
```
yzguy@test-R1# /opt/vyatta/etc/config-migrate/migrate/container/0-to-1 /tmp/tmp6uqa5gmw
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
Authentication is required to stop 'vyos-container-gortr.service'.
Multiple identities can be used for authentication:
```
If you let it sit it will eventually move through each container and finish. However with the automation pipeline we have, it errors out because of hitting a timeout as it's waiting for the prompt to come back after the configuration is loaded.
Sample configuration for containers
```
container {
name gortr {
allow-host-networks { }
arguments "-cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082"
image "cloudflare/gortr"
port http {
destination "8082"
source "8082"
}
}
}
...
```