Machines configured to mount local paths containing
spaces failed to start on Hyper-V and silently failed
to mount the folder on macOS/Linux.
On Windows/hyperv, where local paths are mounted
running a 9p client inside the VM, the local host
path needs to be surrounding with quotation marks
before using in a `podman machine ssh ...` command.
A similar behavior happened on Linux/QEMU where the
path was used in a SSH command to mount the folder
using virtiofs. Quoting the path when buidling the
command arguments fixed the problem.
On macOS/libkit,applehv the path was written as is
in a systemd unit name to instruct how to mount it.
Escaping space chars so that they are are parsed
successfully fixed this:
```diff
-- enable path with spaces.mount
++ enable path\x20with\x20spaces.mount
```
Fixes https://github.com/containers/podman/issues/25500
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Command `podman machine init` for Hyper-V machines invokes the command
`podman machine server9` and redirects it's output to a file. But the
file descriptor was closed before beeing used and the output file was
always empty.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
This is faster and, to my best knowledge, is equivalent to the old code.
Remove the error return (as we don't guarantee stable API here), and
simplify callers.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Windows is not guaranteed to have the SSH feature installed, so prefer the use
of the built-in ssh client for all operations other than podman machine ssh,
which requires terminal pty logic. This restores previous behavior in 4.x.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
this pr fixes two hyperv bugs. previous podman 5 versions of hyperv
failed to actually remove the vm from hyperv when machine rm -f was
called.
also fixes an annoying bug where removal of the hyperv ignition entries
were failing because this can only be done (with the current api) when
the vm is running. new api in latest libhvee fixes this.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Previously, the locks were on the provider layer, which doesn't make a vm operation with a config file update atomic. Move them up a layer, so the entire function locks while doing provider and config operations.
This adds a Remove and a Set function to the shim layer.
[NO NEW TESTS NEEDED] Unsure how to test this
Signed-off-by: Ashley Cui <acui@redhat.com>
Before, we required that the mount target exist and be a
directory for the 9p mount to successfully complete, which is not
how things are supposed to work - the user should be able to
mount anywhere. This should just be a simple mkdir, but with FCOS
the root directory is immutable so we need to undo that before we
can mkdir, and unfortunately we don't have a library that can do
chattr (and I didn't want to drag in a new dependency just for
that), so let's be gross and add it to the SSH command. I
aggressively dislike this but it does work.
[NO NEW TESTS NEEDED] Can worry about getting a more generic
mount test together for Machine later.
Signed-off-by: Matt Heon <mheon@redhat.com>
Matt found a bug where if a machine start did not run to completion, a
gvproxy was left around running. This gvproxy then subsequently stopped
the next attempt to start.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
- Listen before starting the vm
- Fix a device race caused by lazy hv_vsock init by waiting on network manager
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Replaces GetHyperVisorVMs() with Exists() to better abstract the underlying
use-case and slightly imrpove efficiency.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Also addresses a number of issues:
- StopHostNetworking isn't plumbed, win-sshproxy leaks on hyperv
- Wait api and print output doesn't work properly on Windows
- API forwarding doesn't work on WSL
- Terminal corruption with after start/stop on Windows
- Gvproxy is forcefully killed vs gracefully quit
- Switching rootful/rootless does not update /var/run/docker.sock on the guest
- File already closed error on init
- HyperV backend is publishing Unix sockets when it should be named pipes
- User-mode networking doesn't always work
- Stop state outside of lock boundaries
- WSL blocks parallel machined (should be supported)
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Fix a bug where if a vm exists, created by some other process/user, and
you attempt to make a podman machine with the same name.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Sets up USB passthrough for machine. Additionally moves `SetOptions` out
from `pkg/machine/config.go` to its own file in
`pkg/machine/define/setopts.go`.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moving from Go module v4 to v5 prepares us for public releases.
Move done using gomove [1] as with the v3 and v4 moves.
[1] https://github.com/KSubedi/gomove
Signed-off-by: Matt Heon <mheon@redhat.com>
Adds the functionality for `podman machine set --rootful` for AppleHV,
QEMU, and HyperV. Abstracts the functionality out to a method of
`MachineConfig`. WSL currently uses a function `SetRootful` that is
provided by the `machine` package, which will eventually get changed
when WSL moves to the refactored structure.
Re-enables the "set rootful with docker sock change" test.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Signed-off-by: Brent Baude <bbaude@redhat.com>
this pr represents the podman 5 maching refactoring for HyperV. with
the exception of already skipped tests, all local tests pass.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The following PR is the leading PR for refactoring podman machine with
the following goals:
* less duplication/more re-use
* common configuration file between providers
* more consistentency in how machines are handled by providers
The goal of this PR is the rough refactor. There are still rough spots
for sure, specifically around the podman socket and pipe. This
implemention is only for Linux. All other providers are still present
but will not compile or work. This is why tests for them have been
temporarily suspended.
The ready socket code is another area that needs to be smoothed over.
Right now, the ready socket code is still in QEMU. Preferably it would
be moved to a generic spot where all three approaches to readiness
socket use can be defined.
It should also be noted:
* all machine related tests pass.
* make validate for Linux passes
* Apple QEMU was largely removed
* More code pruning is possible; will become clearer when other
providers are complete.
the dir pkg/machine/p5 is not permanent. i had to seperate this from
machine initially due to circular import problems. i think when all
providers are done (or nearly done), it can be placed and named
properly.
Signed-off-by: Brent Baude <bbaude@redhat.com>
this is a logical place to get changes upstream before they grow out of
control. this pr is the first in an effort to deduplicate machine code
and streamline code flow.
a lot of code is simply moved to eliminate circular imports. names and
specific paths can ultimately be changed. i dont like some of the
descriptive interface names, etc. ultimately, i think once we have the
"old" code sanitized, we can re-use some of those.
clearly some of what is in here is temporary and will either be deleted,
changed, or moved again as this effort comes to a close.
right now, the machine code does not use any of the "new" code. you
will see in `init` and `rm` some commented out code that hooks it. i'm
afraid things will get worse before they get better (way worse).
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
The remote user functionality was not quite correct. This PR breaks out
the accumulation of user descriptions into a separate function. One
odditiy is ignition must be told to NOT create the core user (or it will
by default) by "adding" the core user with a set bool.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Provides Docker API client access, allowing compose to work by default
for HyperV. Basically the HyperV equiv of the work done here by #12916.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
We shouldn't hardcode `~/.local` - we should use the internal
config helper APIs which honor the XDG_DATA_DIR etc. standard
environment variables.
Signed-off-by: Colin Walters <walters@verbum.org>
Fixes a bug where if a machine failed during init due to a bad ignition path, it would not be properly torn down.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Changes SSH key behavior such that there is a single persisted key for all
machines across all providers. If there is no key that is located at
`.local/share/containers/podman/machine/` then it is created. The keys are
not deleted when the last machine on the host is removed.
The main motivation for this change is it leads to fewer files created on the
host as a result of vm configuration. Having `n` machines on your system doesn't
result in `2n` machine-related files in `.ssh` on your system anymore.
As a result of ssh keys being persisted by default, the `--save-keys` flag
on `podman machine rm` will no longer be supported.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Uses the systemd unit file parser to build unit files instead of having
them be just blocks of hard-coded strings.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves all of the ignitionfiles out of the `machine` package and into
its own called `ignition`. This required `VMType` to get moved out of
the `machine` package and into the `define` package in order to prevent
a circular dependency.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
After the VM has successfully started, check that gvproxy is
still running. If it is not, throw an error and refuse to
complete machine start.
[NO NEW TESTS NEEDED] I don't think we can deliberately trigger a
bad gvproxy start without a bad Podman binary. We could try and
kill gvproxy after it starts but before the machine is booted but
that's very prone to races.
Slightly restructure code so that starting shares happens later
and has its own configuration write - so the VM is still recorded
as running if starting shares fails.
Signed-off-by: Matt Heon <mheon@redhat.com>
When performing CheckExclusiveArch, we should get a list of VMs that
exist on disk (JSON). We should then iterate those and checking if they
are running in HyperV.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
The following PR is the very first step in what will a series of steps
to apply a "common" machine configuration file to all providers.
Function names, method names, struct names, and field names are all up
for debate. The purpose of this PR is to offer a glimpse at the
direction we intend to take.
This PR also contains temporary structs (i.e. aThing) that are not
exported. These are merely placeholders.
The configuration work in this PR is also unused of yet. But the code
is compiled. Once merged, we can begin the next step of development.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fixes nits that were suggested in #20420. The caller of
`ListenAndWaitOnSocket` did not use the value returned by the conn
channel, therefore it was better to just close the conn in the
`ListenAndWaitOnSocket` function instead.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Miloslav Trmač
Mario Loriedo
Kir Kolyshkin
ThaddeusTreloar
Shion Tanaka
openshift-merge-bot[bot]
Jason T. Greene
Brent Baude
Paul Holzinger
Ashley Cui
Matt Heon
Jake Correnti
Colin Walters
Oleksandr Redko
Christophe Fergeau