Moves the shared logic from `writeConfig` into a shared function in
`pkg/machine/machine_common.go`
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves most of the logic of `setRootful` to the common file
`pkg/machine/machine_common.go`.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves `removeFilesAndConnections` to the common file
`pkg/machine/connections.go` to be reused by multiple hypervisors.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves `waitAPIAndPrintInfo` into the common file
`pkg/machine/machine_common.go` allowing applehv and qemu to share the
code.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves the implementation of `addSSHConnectionsToPodmanSocket` into the
common file `pkg/machine/machine_common.go`. The implementation was
shared between the hypervisors and does not need to be implemented
multiple times.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves acquisition of an alternate image provided by the user out of
`acquireVMImage` in `pkg/machine/<hypervisor>/machine.go` and into
`pkg/machine/pull.go` as its own function.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves `getDevNullFiles` into a new common file,
`pkg/machine/machine_common.go`, preventing the re-implementation of the
function across the different hypervisor implementations.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Converts new functions added in #19311 to methods and adds
documentation.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Lock the machine when stopping, removing or changing its attributes to
make sure write accesses are serialized which should prevent a number of
issues and inconsistencies reported.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Lock the VM on start. If the machine is in the "starting" state we know
that a previous start has failed and guide the user into resolving the
issue.
Concurrent starts will busy wait and return the expected "already
running" error.
NOTE: this change is only looking at the start issue (#18662). Other
commands such as stop and update should also lock and will be updated
in a future change. I expect the underlying issue to apply to all
machine providers, not only QEMU. It's desirable to aim for extending
the machine interface to also allow to `Lock()` and `Unlock()`. After
acquiring the lock, the VM should automatically be reloaded/updated.
[NO NEW TESTS NEEDED]
Fixes: #18662
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The functions for QEMU's `VM` interface implementation (`machine.go`)
had quite large functions. Pulls out some code that could be moved to
its own function for easier readability.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
During the exponential backoff waiting for the machine to be fully up
and running, also make sure that SSH is ready. The systemd dependencies
of the ready.service include the sshd.service among others but that is
not enough.
Other CoreOS users reported the same issue on IRC, so I feel fairly
confident to use the pragmatic approach of making sure SSH works on the
client side. #17403 is quite old and there are other pressing machine
issues that need attention.
[NO NEW TESTS NEEDED]
Fixes: #17403
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Make sure that starting a qemu machine uses proper exponential backoffs
and that a single variable isn't shared across multiple backoffs.
DO NOT BACKPORT: I want to avoid backporting this PR to the upcoming 4.6
release as it increases the flakiness of machine start (see #17403). On
my M2 machine, the flake rate seems to have increased with this change
and I strongly suspect that additional/redundant sleep after waiting for
the machine to be running and listening reduced the flakiness. My hope
is to have more predictable behavior and find the sources of the flakes
soon.
[NO NEW TESTS NEEDED] - still too flaky to add a test to CI.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When debugging #17403, the logs of sshd indicates that Podman tried to
ssh into the machine too soon as the `core` user has not yet been fully
set up:
> error: kex_exchange_identification: Connection closed by remote host
> fatal: Access denied for user core by PAM account configuration [preauth]
@dustymabe found that the we may have to wait for systemd-user sessions
to be up. Doing that reduces the flake rate on my M2 machine but does
not entirely fix the issue.
Since I have seen multiple symptoms of flakiness, I think it does not
hurt to add the systemd-user sessions to the dependencies of the ready
service and continue investigating.
[NO NEW TESTS NEEDED] - once we have a fix out, I want to exercise
frequent stop/start in the machine tests but they won't pass now.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Ensures that for each hypervisor implementation, their `config.go` file
deals with implementing the `VirtProvider` interface while the
`machine.go` file is for implementing the `VM` interface.
Moves the `Virtualization` type into a common file and
created wrappers for the individual hypervisors. Allows for shared
functions that are exactly the same while providing the flexibility to
create hypervisor-specific implementations of the functions.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
gvproxy listens on 127.0.0.1, using localhost as hostname can result in
the client trying to connect to the ipv6 localhost (`::1`). This will
fail as shown in the issue. This switches the hostname in the system
connection to 127.0.0.1 to fix this problem.
I switched the qemu, hyperV and WSL backend. I haven't touched the
applehv code because it uses two different ips and I am not sure what is
the correct thing there. I leave this to Brent to figure out.
[NO NEW TESTS NEEDED]
[1] https://github.com/containers/gvisor-tap-vsock/blob/main/cmd/gvproxy/main.go#L197-L199Fixes#16470
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It really does not make sense to call RemoveConnection() twice and then
update the config file a third time in updateDefaultMachineinConfig().
This results in unnecessary reads/writes and more code.
Simplyfy this into one function that is only called once and do all
updates at once.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
the connection remove call must be done inside the function that is
returned so that we wait until the user confirmed it.
Fixes#18330
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In rare instances, if podman machine start does not exit correctly, the machine can be left in a "Starting" state, when in reality the machine is stopped. This prevents the user from actually starting the machine. This commit makes sure that on `podman machine stop`, we check if this is the case, and correctly set the starting state to false, allowing the user to start their machine again.
Signed-off-by: Ashley Cui <acui@redhat.com>
on machine start, create a socket representing the machine's podman
service socket so local (to the host) applications can take advanatge of
it.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
podman machine with Microsoft HyperV will use hvsock on the guest and
vsock on the guest for its networking. this pr enables the basics for
this to happen as well as changes to ignition to automatically set this
up with network manager.
the vm binary referenced in this pr is in containers/gvisor-tap-vsock
and will need to be added to distributions.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Windows HyperV uses HVSocks (Windows adaptation of vsock) for
communicating between vms and the host. Podman machine in Qemu uses a
virtual UDS to signal the host that the machine is booted. In HyperV,
we can use a HVSOCK for the same purpose.
One of the big aspects of using HVSOCK on Windows is that the HVSOCK
must be entered into the Windows registry. So now part of init and rm
of a podman machine, entries must be added and removed respectively.
Also duplicates are a no-no.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Windows: Flush machine config writes before renaming
Windows: Previously this code was changed to improve atomicity by changing
the persitence approach to a two-step process (write + rename).
However, the first-step write operation was not fully flushed,
leading to the possibility of incomplete writes.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
with libhvee, we are able to do the basics of podman machine management
on hyperv. The basic functions like init, rm, stop, and start are all
functional. Start and stop will periodically throw a benign error
processing the hyperv message being returned from the action. The error
is described in the todo's below.
notable items:
* no podman commands will work (like ps, images, etc)
* the machine must be initialized with --image-path and fed a custom image.
* disk size is set to 100GB statically.
* the vm joins the default hyperv network which is TCP/IP network based.
* podman machine ssh does not work
* podman machine set does not work
* you can grab the ip address from hyperv and fake a machine connection
with `podman system connection`.
* when booting, use the hyperv console to know the boot is complete.
TODOs:
* podman machine ssh
* podman machine set
* podman machine rm needs force bool
* disk size in NewMachine is set to 100GB
* podman start needs to wait until fully booted
* establish a boot complete signal from guest
* implement gvproxy like user networking
* fix benign failures in stop/start -> Error: error 2147749890 (FormatMessage failed with: The system cannot find message text for message number 0x%1 in the message file for %2.)
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
in preparation for adding hyper as a machine option, several common
functions needed to be moved specifically from qemu to a common area in
pkg/machine. this usually involved functions and variables related to
using fcos as a machine image as well as its compression, artifact, and
image format.
[NO NEW TESTS NEEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
before we can support hyperv as a virtualization option for podman
machine, several areas in machine will require cleanup. this is the
first pass of these changes to keep the review burden low. changes
include:
* convert artifact, format (image format) and compression to enums
with string methods
* rename Provider interface to VirtProvider
* change Provider implementation in QEMU to QEMUVirt
* change Provider implementation in WSL to WSLVirt
as mentioned earlier, there will be several more of these refactoring
PRs because assumptions were made about associations of platforms and
virt providers as well as compression and image formats.
Signed-off-by: Brent Baude <bbaude@redhat.com>
There are 2 things added. First there is added support for handling drive
letters while doing value split. If drive letter is detected, then max number
of elements will be increased by one, but then first two will be concatenated
to reconstruct the path. Second part is basic, but working, conversion of Windows
path to Unix path to be used, when target path is not explicitly specified.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
On Mac machines security model none works, while "mapped-xattr"
causes symlinks to not work.
Update docs/source/markdown/podman-machine-init.1.md
[NO NEW TESTS NEEDED]
Related: https://github.com/containers/podman/discussions/16102
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Sorin Sbarnea <sorin.sbarnea@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add quiet and no-info flags to podman machine start.
No-info suppresses helpful informational tips
Quiet suppresses machine start progress output, as well as informational
tips.
Signed-off-by: Ashley Cui <acui@redhat.com>
Safe guards calls to os.RemoveAll in order to prevent calls from accidently
deleting the root file system in very strange edge cases. Did this by creating
GuardedRemoveAll and migrated machine os.RemoveAll calls to it.
Signed-off-by: Mike Perry <mike@bitbistro.org>
add the key used in newly initialized machines to the user's known_hosts file. This ensures that golang will be able to ssh into the machine using
podman-remote. Also, remove the /dev/null redirection for podman machine ssh's known_hosts file.
resolves#15347
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Package `io/ioutil` was deprecated in golang 1.16, preventing podman from
building under Fedora 37. Fortunately, functionality identical
replacements are provided by the packages `io` and `os`. Replace all
usage of all `io/ioutil` symbols with appropriate substitutions
according to the golang docs.
Signed-off-by: Chris Evich <cevich@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The new apple silicon processesors (m1/m2) are capable of using a performent apple
hypervisor (included in macos). Our "virtual providers" for podman
machine are part of an interface design. This PR provides an
implementation of the interface to begin the work for supporting the
apple hypervisor. It is basically only a skeletal PR.
The actual code for using the hypervisor and launching a machine will
come as several new PRs following the inclusion of this one.
There will likely be code reuse between the applehv and qemu code; but
none of that code is being moved at this time. It will be moved "on
demand" during development.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Jake Correnti
Valentin Rothberg
OpenShift Merge Robot
Brent Baude
Black-Hole1
Erik Sjölund
Paul Holzinger
Jason T. Greene
Ashley Cui
Arthur Sengileyev
Sorin Sbarnea
Björn Mosler
Mike Perry
Charlie Doern
Chris Evich
Daniel J Walsh