When combined with --emulated, this enables running VMs with an
architecture different from the host's.
Closes#62.
Signed-off-by: Alberto Faria <afaria@redhat.com>
It allows settings the disk size of the VM image that is generated from
a bootc container image.
Also improve the default disk size by basing it on the container image
size.
Signed-off-by: Alberto Faria <afaria@redhat.com>
Store them as untagged containerdisks in the user's container storage.
They appear in the output of `podman images`, making users aware of
their existence and size on disk, and cleanup commands like `podman
image prune` remove them.
Signed-off-by: Alberto Faria <afaria@redhat.com>
We attempt to detect if a container image is bootable. We can't easily
retrieve the image's labels, so we check if /usr/lib/bootc/install
exists and is a directory. If so, it is a bootable container. If it is a
bootable container but we're not running under Podman, we fail with an
error.
Once our container's entrypoint starts running, a background process on
the host (outside the container) queries Podman for the image's name and
ID, which the OCI runtime does not get but bootc-install needs. It then
saves the container image as an OCI archive.
It then runs the original container to generate the VM image. We do this
using krun [1] so that elevated privileges aren't necessary. Our
entrypoint blocks until this is done, and all subsequent logic remains
the same.
We could potentially avoid the OCI archive creation step by mounting the
host's container storage into the container running under krun. This
isn't trivial to achieve due to SELinux label and context mismatches
between the host and the krun environment, so we leave this optimization
for a future date.
Closes#26.
[1] https://github.com/containers/crun/blob/main/krun.1.md
Signed-off-by: Alberto Faria <afaria@redhat.com>
Errors like the following sometimes occur when ssh'ing during boot:
"Pseudo-terminal will not be allocated because stdin is not a terminal"
Signed-off-by: Alberto Faria <afaria@redhat.com>
When attempting first ssh, tolerate errors like the following:
"System is booting up. Unprivileged users are not permitted to log
in yet. Please come back later. For technical details, see
pam_nologin(8)."
Signed-off-by: Alberto Faria <afaria@redhat.com>
Instead of falling back to system emulation when /dev/kvm is not
available, let the user decide explicitly whether they want
hardware-assisted KVM virtualization or full emulation.
Signed-off-by: Alberto Faria <afaria@redhat.com>
Containerdisks now set their entrypoint to "no-entrypoint", so we can
drop the empty "" argument to podman-run and equivalents in most cases.
Signed-off-by: Alberto Faria <afaria@redhat.com>
Our test harness now requires nested virt, but test farm runners are
themselves VMs and do not support KVM, so the harness is effectively
unusable in testing farm right now.
Signed-off-by: Alberto Faria <afaria@redhat.com>
This forces the generation of a new random ssh key pair for the
container and VM, never reusing the host user's key pair.
Signed-off-by: Alberto Faria <afaria@redhat.com>
Alberto Faria
Daniel J Walsh