feature request: ability to prepend/append to environment variables in podman run

[lastephey]

/kind feature

We would like to request the ability to prepend/append to existing environment variables in the image in podman run.

Steps to reproduce the issue:

For example, if the image already has LD_LIBRARY_PATH=foo set, if we set at the command line during a podman run

podman run --rm -e 'LD_LIBRARY_PATH=bar' ubuntu:latest

then the newest setting LD_LIBRARY_PATH=bar will override the LD_LIBRARY_PATH=foo that was set in the image.

We would like the ability to append/prepend so we can adjust these settings for NERSC systems (adding paths to our optimized MPI libraries, for example) while preserving the user's original image functionality.

Output of podman version:

podman version 4.0.0-dev

Output of podman info:

host:
  arch: amd64
  buildahVersion: 1.24.0-dev
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: Unknown
    path: /global/common/shared/das/podman/bin/conmon
    version: 'conmon version 2.0.30, commit: unknown'
  cpus: 256
  distribution:
    distribution: '"sles"'
    version: "15.3"
  eventLogger: file
  hostname: login29
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 75313
      size: 1
    uidmap:
    - container_id: 0
      host_id: 75313
      size: 1
  kernel: 5.3.18-150300.59.43_11.0.51-cray_shasta_c
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 490263789568
  memTotal: 540250042368
  networkBackend: cni
  ociRuntime:
    name: crun
    package: Unknown
    path: /global/common/shared/das/podman/bin/crun
    version: |-
      crun version 1.4.1.11-38e1b
      commit: 38e1b5e2a3e9567ff188258b435085e329aaba42
      spec: 1.0.0
      +SELINUX +APPARMOR +CAP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/user/75313/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_AUDIT_WRITE,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_MKNOD,CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: unconfined
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-0.4.7-3.12.1.x86_64
    version: |-
      slirp4netns version 0.4.7
      commit: unknown
      libslirp: 4.3.1-git
  swapFree: 1736982528
  swapTotal: 9999994880
  uptime: 21h 40m 18.46s (Approximately 0.88 days)
plugins:
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.opensuse.org
  - docker.io
store:
  configFile: /global/u1/s/stephey/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.ignore_chown_errors: "true"
    overlay.mount_program:
      Executable: /global/common/shared/das/podman/bin/fuse-overlayfs-wrap
      Package: Unknown
      Version: |-
        fusermount3 version: 3.6.1
        fuse-overlayfs: version 1.1.0
        FUSE library version 3.6.1
        using FUSE kernel interface version 7.29
    overlay.squashmount: "true"
  graphRoot: /tmp/stephey/storage
  graphStatus:
    Backing Filesystem: tmpfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /tmp
  imageStore:
    number: 0
  runRoot: /run/user/75313/containers
  volumePath: /tmp/stephey/storage/volumes
version:
  APIVersion: 4.0.0-dev
  Built: 1643325567
  BuiltTime: Thu Jan 27 15:19:27 2022
  GitCommit: ecf818a1cddd5e3e62b4a2a761d44b2be336317e-dirty
  GoVersion: go1.16.12
  OsArch: linux/amd64
  Version: 4.0.0-dev

Package info (e.g. output of rpm -q podman or apt list podman):

We have a custom build right now, so I'm not sure if this applies. Please let me know if you want more info. 

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

Using at NERSC with @scanon and @danfulton

[mheon]

I don't think this would be terribly difficult to implement, but I'm worried about the complexity of the user interface. Almost certainly has to be a fresh flag (--env-merge maybe?), and I imagine we can restrict to comma separators only for simplicity - which, on their own, aren't that bad, but I'm worried this will continue to expand beyond that scope, which could be bad.

[giuseppe]

@mheon could it be something like --env-merge foo=${foo},bar so you can access the previous value and modify it as you wish

[mheon]

@giuseppe I like that a lot better, yeah

[rhatdan]

Why not just --env foo=${foo},bar
The problem is the user would need to type

--env foo=\${foo},bar

[rhatdan]

If ${foo} is not defined within the image, should this fail?

[lastephey]

From our point of view, it would be nice if that didn't fail.

[flouthoc]

Above PR #15443 should close this issue.

[lastephey]

Excellent, thanks so much for your work to add this capability! 🎉