The Windows installer was able to automatically enable the
Windows features for WSL or HyperV when they were not
already enabled. This PR removes this capability.
Having the installer to automatically install the right prerequiste
(WSL or HyperV) was helpful as users won't have to do it manually to
use Podman after the installation. But it also made the code of
installer more complicated as it needed to manage the installation
of these OS features and a reboot. And we weren't able to automatically
test these scenarios that required a reboot.
In other words the Windows installer, that merely just extracted
some files in a folder, required, to support the installation of
WSL and HyperV, an advanced knowledge of WiX toolkit and of the
Windows Installer SDK, plus contributors-time to manually test
the scenarios that require a reboot.
We decided to remove this capability based on the following reasons:
- We had a couple of regressions in the last month that were hard to
analyse and fix (#24624 and #24735)
- Podman maintainers currently have a scarce knowledge of the Windows Installer
and there is no plan to invest in that
- Manually installing WSL or HyperV is not hard (e.g. run `wsl --install`) and
are features that admins can manage on their fleet of Windows machines
- Competitors such as Docker Desktop don't automatically install these
components
- Podman `machine init` currently verifies if WSL and HyperV are installed and
guide the user to install them when they are not
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
When trying to pass a string with spaces that broke the go command cli
parsing, the full argument must be put in quotes to avoid escaping
issues.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The default `gobuild` macro on CentOS Stream 9 now includes support for
`BUILDTAGS`.
CentOS Stream envs now also define `_user_tmpfilesdir` macro by default.
Both these definitions are no longer needed here.
`libtrust_openssl` buildtag is also set in spec wherever relevant.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
First, refactor our existing graph traversal code to improve code
sharing. There still isn't much sharing between inward traversal
(stop, remove) and outward traversal (start) but stop and remove
are sharing most of their code, which seems a positive.
Second, add a new graph-traversal function to stop containers.
We already had start and remove; stop uses the newly-refactored
inward-traversal code which it shares with removal.
Third, rework the shared stop/removal inward-traversal code to
add locking. This allows parallel execution of stop and removal,
which should improve the performance of `podman pod rm` and
retain the performance of `podman pod stop` at about what it is
right now.
Fourth and finally, use the new graph-based stop when possible
to solve unordered stop problems with pods - specifically, the
infra container stopping before application containers, leaving
those containers without a working network.
Fixes https://issues.redhat.com/browse/RHEL-76827
Signed-off-by: Matt Heon <mheon@redhat.com>
commit c6fe5e5395 rearranged the code so
that it accesses the store before checking if the current process has
CAP_SYS_ADMIN.
Restore the check and augment it to also check for CAP_SYS_ADMIN.
Closes: https://github.com/containers/podman/issues/25241
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
avoid using the glibc fork() function after using directly the clone()
syscall, as it confuses glibc causing the fork() to hang in some
cases.
The issue has been observed only on s390x, and the fix was confirmed
in the issue discussion.
Closes: https://github.com/containers/podman/issues/25184
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
... because (podman system reset) will delete all of it,
interfering with the test storing other data in the directory.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Checking of service and timer caused unexpected exit code `3` of `systemctl status`. Since the status check can be executed when HealthCheck was exited, this caused a termination error code `3` for `systemctl status`. Because service was in dead state because HealthCheck exited.
Fixes: https://github.com/containers/podman/issues/25204
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Allowing for multiple manifest per artifact just makes the code and cli
design harder to work with it. It is not clear how mounting, extracting
or edit on a multi manifest artifact should have worked.
A single manifest should make the code much easier to work with.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allow the user to provide an Ansible playbook file on init which will
then be run on boot.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Signed-off-by: Brent Baude <bbaude@redhat.com>
like images and containers, it could be handy to have a --noheading
option that removes the headings on the output.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The intention behind this is to stop races between
`pod stop|start` and `container stop|start` being run at the same
time. This could result in containers with no working network
(they join the still-running infra container's netns, which is
then torn down as the infra container is stopped, leaving the
container in an otherwise unused, nonfunctional, orphan netns.
Locking the pod (if present) in the public container start and
stop APIs should be sufficient to stop this.
Signed-off-by: Matt Heon <mheon@redhat.com>
The current macos installer gvproxy version has a number of issues
around dns handling[1,2]. They should be fixed now in 0.8.3 as they
reverted the dns changes back to the 0.7.5 code. This should make it
work like it used to be. Our 5.3.2 installer ships the 0.7.5 version so
users of the podman installer never noticed that but we got plenty of
reports from brew users. This needs to be backported into v5.4 to make
sure we do not ship the broken version as part of the installer.
[1] https://github.com/containers/gvisor-tap-vsock/issues/462
[2] https://github.com/containers/gvisor-tap-vsock/issues/466
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Mario Loriedo
Paul Holzinger
renovate[bot]
Lokesh Mandvekar
Matt Heon
openshift-merge-bot[bot]
Giuseppe Scrivano
Miloslav Trmač
Jan Rodák
Jake Correnti
Brent Baude
tomsweeneyredhat