gvproxy listens on 127.0.0.1, using localhost as hostname can result in
the client trying to connect to the ipv6 localhost (`::1`). This will
fail as shown in the issue. This switches the hostname in the system
connection to 127.0.0.1 to fix this problem.
I switched the qemu, hyperV and WSL backend. I haven't touched the
applehv code because it uses two different ips and I am not sure what is
the correct thing there. I leave this to Brent to figure out.
[NO NEW TESTS NEEDED]
[1] https://github.com/containers/gvisor-tap-vsock/blob/main/cmd/gvproxy/main.go#L197-L199Fixes#16470
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It really does not make sense to call RemoveConnection() twice and then
update the config file a third time in updateDefaultMachineinConfig().
This results in unnecessary reads/writes and more code.
Simplyfy this into one function that is only called once and do all
updates at once.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
the connection remove call must be done inside the function that is
returned so that we wait until the user confirmed it.
Fixes#18330
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In rare instances, if podman machine start does not exit correctly, the machine can be left in a "Starting" state, when in reality the machine is stopped. This prevents the user from actually starting the machine. This commit makes sure that on `podman machine stop`, we check if this is the case, and correctly set the starting state to false, allowing the user to start their machine again.
Signed-off-by: Ashley Cui <acui@redhat.com>
on machine start, create a socket representing the machine's podman
service socket so local (to the host) applications can take advanatge of
it.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
podman machine with Microsoft HyperV will use hvsock on the guest and
vsock on the guest for its networking. this pr enables the basics for
this to happen as well as changes to ignition to automatically set this
up with network manager.
the vm binary referenced in this pr is in containers/gvisor-tap-vsock
and will need to be added to distributions.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Windows HyperV uses HVSocks (Windows adaptation of vsock) for
communicating between vms and the host. Podman machine in Qemu uses a
virtual UDS to signal the host that the machine is booted. In HyperV,
we can use a HVSOCK for the same purpose.
One of the big aspects of using HVSOCK on Windows is that the HVSOCK
must be entered into the Windows registry. So now part of init and rm
of a podman machine, entries must be added and removed respectively.
Also duplicates are a no-no.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Windows: Flush machine config writes before renaming
Windows: Previously this code was changed to improve atomicity by changing
the persitence approach to a two-step process (write + rename).
However, the first-step write operation was not fully flushed,
leading to the possibility of incomplete writes.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
with libhvee, we are able to do the basics of podman machine management
on hyperv. The basic functions like init, rm, stop, and start are all
functional. Start and stop will periodically throw a benign error
processing the hyperv message being returned from the action. The error
is described in the todo's below.
notable items:
* no podman commands will work (like ps, images, etc)
* the machine must be initialized with --image-path and fed a custom image.
* disk size is set to 100GB statically.
* the vm joins the default hyperv network which is TCP/IP network based.
* podman machine ssh does not work
* podman machine set does not work
* you can grab the ip address from hyperv and fake a machine connection
with `podman system connection`.
* when booting, use the hyperv console to know the boot is complete.
TODOs:
* podman machine ssh
* podman machine set
* podman machine rm needs force bool
* disk size in NewMachine is set to 100GB
* podman start needs to wait until fully booted
* establish a boot complete signal from guest
* implement gvproxy like user networking
* fix benign failures in stop/start -> Error: error 2147749890 (FormatMessage failed with: The system cannot find message text for message number 0x%1 in the message file for %2.)
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
in preparation for adding hyper as a machine option, several common
functions needed to be moved specifically from qemu to a common area in
pkg/machine. this usually involved functions and variables related to
using fcos as a machine image as well as its compression, artifact, and
image format.
[NO NEW TESTS NEEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
before we can support hyperv as a virtualization option for podman
machine, several areas in machine will require cleanup. this is the
first pass of these changes to keep the review burden low. changes
include:
* convert artifact, format (image format) and compression to enums
with string methods
* rename Provider interface to VirtProvider
* change Provider implementation in QEMU to QEMUVirt
* change Provider implementation in WSL to WSLVirt
as mentioned earlier, there will be several more of these refactoring
PRs because assumptions were made about associations of platforms and
virt providers as well as compression and image formats.
Signed-off-by: Brent Baude <bbaude@redhat.com>
There are 2 things added. First there is added support for handling drive
letters while doing value split. If drive letter is detected, then max number
of elements will be increased by one, but then first two will be concatenated
to reconstruct the path. Second part is basic, but working, conversion of Windows
path to Unix path to be used, when target path is not explicitly specified.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
On Mac machines security model none works, while "mapped-xattr"
causes symlinks to not work.
Update docs/source/markdown/podman-machine-init.1.md
[NO NEW TESTS NEEDED]
Related: https://github.com/containers/podman/discussions/16102
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Sorin Sbarnea <sorin.sbarnea@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add quiet and no-info flags to podman machine start.
No-info suppresses helpful informational tips
Quiet suppresses machine start progress output, as well as informational
tips.
Signed-off-by: Ashley Cui <acui@redhat.com>
Safe guards calls to os.RemoveAll in order to prevent calls from accidently
deleting the root file system in very strange edge cases. Did this by creating
GuardedRemoveAll and migrated machine os.RemoveAll calls to it.
Signed-off-by: Mike Perry <mike@bitbistro.org>
add the key used in newly initialized machines to the user's known_hosts file. This ensures that golang will be able to ssh into the machine using
podman-remote. Also, remove the /dev/null redirection for podman machine ssh's known_hosts file.
resolves#15347
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Package `io/ioutil` was deprecated in golang 1.16, preventing podman from
building under Fedora 37. Fortunately, functionality identical
replacements are provided by the packages `io` and `os`. Replace all
usage of all `io/ioutil` symbols with appropriate substitutions
according to the golang docs.
Signed-off-by: Chris Evich <cevich@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The new apple silicon processesors (m1/m2) are capable of using a performent apple
hypervisor (included in macos). Our "virtual providers" for podman
machine are part of an interface design. This PR provides an
implementation of the interface to begin the work for supporting the
apple hypervisor. It is basically only a skeletal PR.
The actual code for using the hypervisor and launching a machine will
come as several new PRs following the inclusion of this one.
There will likely be code reuse between the applehv and qemu code; but
none of that code is being moved at this time. It will be moved "on
demand" during development.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Before making / mutable/immutable, podman-machine checks if the mount is
being done in /home or /mnt. However the current check is always going
to be true:
```
!strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt")
```
is false when mount.Target starts with "/home" and mount.Target starts
with "/mnt", which cannot happen at the same time.
The correct check is:
```
!strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt")
```
which can also be written as:
```
!(strings.HasPrefix(mount.Target, "/home") || strings.HasPrefix(mount.Target, "/mnt"))
```
The impact is not too bad, it results in extra 'chattr -i' calls which
should be unneeded.
[NO NEW TESTS NEEDED]
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
qemu fails when the same `fw_cfg` options is used more than once.
Since the current logic always adds a new option on each machine load
this will fail on the second start.
We can fix this by checking if the option is already set and replace but
I think it is easier to just not commit the option in the config and add
it dynamically on start. User that hit this bug have to recreate the
machine.
[NO NEW TESTS NEEDED]
Fixes#14636Fixes#14837
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When trying to connect to the qemu ready socket we should check if the
qemu process is still running, if it is not we can just error out. There
is no point in retrying.
To do so we have to directly call wait with WNOHANG.
Also change StartProcess to os/exec package which is higher level and
allows us to use a buffer as qemu stderr fd.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
qemu need the id to start with a letter for some reason.
If this is not the case qemu will fail:
```
qemu-system-x86_64: -device virtserialport,chardev=ad053e0bb519f_ready,name=org.fedoraproject.port.0: Property 'virtserialport.chardev' can't find value 'ad053e0bb519f_ready'
er
Identifiers consist of letters, digits, '-', '.', '_', starting with a letter.
```
To fix this we just add an "a" in front of it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This addresses:
Symlinks don't work on podman machine on macOS Monterey when using volumes feature #13784
This change does NOT exactly fix the bug, but it does allow the user to
work around it via 'podman init' option, e.g.:
podman machine init -v "$HOME/git:$HOME/git:ro:security_model=none"
If the default security model were to be changed to 'none', then that
would fix the bug, at the possible cost of breaking any use cases that
depend on 'mapped-xattr'.
The documentation of the purpose and behavior of the different security
models seems to be rather light:
https://wiki.qemu.org/Documentation/9psetup#Starting_the_Guest_directly
From testing, it appears that the mapped-xattr security model intends to
manage symlinks such that the guest can see the symlinks but the host
only sees regular files (with extended attributes). As far as I can
tell, this behavior only makes sense when the guest is the only thing
that ever needs to create and read symlinks. Otherwise, symlinks created
on the host are unusable on the guest, and vice versa.
As per the original commit: 8e7eeaa4dd
[NO NEW TESTS NEEDED]
Also document existing ro and rw options.
Also remove misleading statement about /mnt. By my observation, this
line is incorrect. If the intended meaning is different, then I don't
understand.
The default volume is mounted read/write and is not within /mnt.
[core@localhost ~]$ mount | grep 9p
vol0 on /Users/chickey type 9p (rw,relatime,sync,dirsync,access=client,trans=virtio)
Signed-off-by: Corey Hickey <chickey@tagged.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Connecting with `podman machine ssh` can results in the following
warning:
```
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
```
Best would probably be to remove `LC_ALL` (and other locale and lang
env vars) from `/etc/ssh/sshd_config.d/50-redhat.conf` in the CoreOS
image, but I'm not terribly sure how, so this is a quick alternative.
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
- New `VMPidFilePath` field in MachineVM config holds the path for the
qemu PID file
- qemu is now started with the `-pidfile` argument set to `VMPidFilePath`
- Machines created before this won't have the VM PID file configured,
stopping these VMs will revert back to waiting on the state to change
away from `Running`, plus an added 2s sleep to give time for the VM to
exit and to avoid potential issues
- Machines created after this will have a VM PID file configured and
stopping the machine will wait indefinitely for the VM to exit
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
This PR covers two edge cases discovered by fiddling with machine
manually. It is possible (like after a manual cleanup of a machine)
that a leftover qemu socket file can indicate the prescense of a machine
running.
Also, reveal the error of a Exec.Command by wrapping the generic error
around what was in stderr.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
* Replace "setup", "lookup", "cleanup", "backup" with
"set up", "look up", "clean up", "back up"
when used as verbs. Replace also variations of those.
* Improve language in a few places.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Interrupting a `podman machine start` (ex: with CTRL-C) would leave
`Starting: true` in the machine's config file. Due to #14469 any
subsequent starts would fail since Podman would think the machine is
still in the process of starting.
Fixed here by listening for the interrupt signal and setting `Starting:
false` in the event.
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
The nolintlint linter does not deny the use of `//nolint`
Instead it allows us to enforce a common nolint style:
- force that a linter name must be specified
- do not add a space between `//` and `nolint`
- make sure nolint is only used when there is actually a problem
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Paul Holzinger
Jason T. Greene
OpenShift Merge Robot
Ashley Cui
Brent Baude
Arthur Sengileyev
Sorin Sbarnea
Björn Mosler
Erik Sjölund
Mike Perry
Charlie Doern
Chris Evich
Daniel J Walsh
Christophe Fergeau
openshift-ci[bot]
Corey Hickey
Shane Smith
Sascha Grunert