Replaces GetHyperVisorVMs() with Exists() to better abstract the underlying
use-case and slightly imrpove efficiency.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
When dealing with environment variables that set $HOME, we do not get
the desired result. Windows will honor USERPROFILE.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
this pr represents a shift in how we download podman machine images.
these images will now be stored in oci registry and will replace the
default method of downloading an image. you can still use a reference
to a disk image as a path or url too with the --image-path switch.
the final registry and location of the images has not been determined;
and will need to be updated in podman as well.
i dont think we need to allow --image-path to accept a registry/image
for the podman 5.0 release. i do think there will be demand for this.
upgrades also need to be plumbed. for example, updating from an oci
registry.
once we make decisions on final image locations/registrties as well as
some behaviors of init and the oci pull, we must update the machine-init
documentation.
Signed-off-by: Brent Baude <bbaude@redhat.com>
we should not panic podman when it has to deal with a podman4 machine
config. instead, we throw a soft error for `machine ls` and in all
other cases, we throw a hard error stating that the machine config is
incompatible.
a future PR will provide instructions on how to recover from this.
current idea is something like `podman machine reset` which blows
everything away machine-wise.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Also addresses a number of issues:
- StopHostNetworking isn't plumbed, win-sshproxy leaks on hyperv
- Wait api and print output doesn't work properly on Windows
- API forwarding doesn't work on WSL
- Terminal corruption with after start/stop on Windows
- Gvproxy is forcefully killed vs gracefully quit
- Switching rootful/rootless does not update /var/run/docker.sock on the guest
- File already closed error on init
- HyperV backend is publishing Unix sockets when it should be named pipes
- User-mode networking doesn't always work
- Stop state outside of lock boundaries
- WSL blocks parallel machined (should be supported)
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
This PR is only a few cleanup items where code is no longer used. More
to come I'm sure
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fix a bug where if a vm exists, created by some other process/user, and
you attempt to make a podman machine with the same name.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Added the module github.com/crc-org/crc/ as a dependency.
Updated `decompress.go` and `copy_test.go` in compression
so that `CopySparse` from crc-org/crc/v2/pkg/os is used instead
of the local version in `copy.go`.
Deleted `copy.go` that is not used anymore.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Sets up USB passthrough for machine. Additionally moves `SetOptions` out
from `pkg/machine/config.go` to its own file in
`pkg/machine/define/setopts.go`.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Changes the signature for `getDefaultDevices` to take
a `vmconfigs.MachineConfig`.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
This is completely untested as I do not have access to a freebsd system
but it compiles and changes look simple enough to assume it works.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Moving from Go module v4 to v5 prepares us for public releases.
Move done using gomove [1] as with the v3 and v4 moves.
[1] https://github.com/KSubedi/gomove
Signed-off-by: Matt Heon <mheon@redhat.com>
Re-enable the commented-out code that passed the path to a logfile to
gvproxy when the user passes `--log-level=debug`
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Adds the functionality for `podman machine set --rootful` for AppleHV,
QEMU, and HyperV. Abstracts the functionality out to a method of
`MachineConfig`. WSL currently uses a function `SetRootful` that is
provided by the `machine` package, which will eventually get changed
when WSL moves to the refactored structure.
Re-enables the "set rootful with docker sock change" test.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Signed-off-by: Brent Baude <bbaude@redhat.com>
gz by definition is not able to preserve the sparse nature of files. using some code from the crc project and gluing it together with our decompression code, we can re-create the sparseness of a file. one downside is the operation is a little bit slower, but i think the gains from the sparse file are well worth it in IO alone.
there are a number of todo's in this PR that would be ripe for quick hitting fixes.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <baude@redhat.com>
in various use cases, the required machine dirs are not created. the
machine dirs are runtimedir, datadir, and configdir. Example in Linux
would be:
configDir /<HOME>/.config/containers/podman/machine/<provider>
dataDir /<HOME>/.local/share/containers/podman/machine/<provider>
runtimeDir /run/user/1000/podman/machine
now we blindly create them without checking for their existence (because
it is faster).
this fixes a bug where runtimedir does not exist on macos after a reboot
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <baude@redhat.com>
this pr represents the podman 5 maching refactoring for HyperV. with
the exception of already skipped tests, all local tests pass.
Signed-off-by: Brent Baude <bbaude@redhat.com>
this is the second provider done (qemu first). all tests pass on arm64 hardware locally ... the hybrid pull from oci registries limit this to arm64 only.
calling gvproxy, waiting for it, and then vfkit seems to still be problematic. this would be an area that should be cleaned up once all providers are implemented.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The intial refactor used specifically qemu for testing and infra bring
up. But the whole point was to have things interfaced. This PR results
in an interface experience like podman 4 using the same term `provider`
to generically represent 'a provider' like qemu/applehv/etc.
This PR is required to move forward with new providers.
Also renamed pkg/machine/p5 to pkg/machine/shim.
[NO NEW TESTS REQUIRED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
The following PR is the leading PR for refactoring podman machine with
the following goals:
* less duplication/more re-use
* common configuration file between providers
* more consistentency in how machines are handled by providers
The goal of this PR is the rough refactor. There are still rough spots
for sure, specifically around the podman socket and pipe. This
implemention is only for Linux. All other providers are still present
but will not compile or work. This is why tests for them have been
temporarily suspended.
The ready socket code is another area that needs to be smoothed over.
Right now, the ready socket code is still in QEMU. Preferably it would
be moved to a generic spot where all three approaches to readiness
socket use can be defined.
It should also be noted:
* all machine related tests pass.
* make validate for Linux passes
* Apple QEMU was largely removed
* More code pruning is possible; will become clearer when other
providers are complete.
the dir pkg/machine/p5 is not permanent. i had to seperate this from
machine initially due to circular import problems. i think when all
providers are done (or nearly done), it can be placed and named
properly.
Signed-off-by: Brent Baude <bbaude@redhat.com>
this is a logical place to get changes upstream before they grow out of
control. this pr is the first in an effort to deduplicate machine code
and streamline code flow.
a lot of code is simply moved to eliminate circular imports. names and
specific paths can ultimately be changed. i dont like some of the
descriptive interface names, etc. ultimately, i think once we have the
"old" code sanitized, we can re-use some of those.
clearly some of what is in here is temporary and will either be deleted,
changed, or moved again as this effort comes to a close.
right now, the machine code does not use any of the "new" code. you
will see in `init` and `rm` some commented out code that hooks it. i'm
afraid things will get worse before they get better (way worse).
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
We now no longer write containers.conf, instead system connections and
farms are written to a new file called podman-connections.conf.
This is a major rework and I had to change a lot of things to get this
to compile again with my c/common changes.
It is a breaking change for users as connections/farms added before this
commit can now no longer be removed or modified directly. However because
the logic keeps reading from containers.conf the old connections can
still be used to connect to a remote host.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
While this is potentially a security problem, it solves the issues of
users sharing content from the host into containers and attempting to
relabel it. From a security point of view this means all content volume
mounted from the host into the podman machine on apple hypervisor is
read/write from an SELinux point of view if it is volume mounted into
the container. If the user attempts to use :Z or :z it will work and
relabel the content to be only usable bu the specify container.
Helps Fix: https://github.com/containers/podman/issues/21269
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
`getRuntimeDir()` (which is also responsible for creating TMPDIR if it doesn't exist) was being called on `Init()` but not on `Start()` which meant that after the host was restarted and TMPDIR was wiped, `startHostNetworking()` would try to start gvproxy and immediately bail.
Signed-off-by: kaorihinata <kaori.hinata@gmail.com>
The remote user functionality was not quite correct. This PR breaks out
the accumulation of user descriptions into a separate function. One
odditiy is ignition must be told to NOT create the core user (or it will
by default) by "adding" the core user with a set bool.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
There is a network stability issue in qemu + virtio, affecting
some users after long periods of usage, which can lead to
suspended queue delivery. Until the issue is resolved, add a
temporary recovery service which restarts networking when host
communication becomes inoperable.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
When starting podman machine with applehv, this warning is printed:
WARN[0025] API socket failed ping test
This is due to a bug in applehv.setupAPIForwarding which is not
returning the path to the socket, which causes `WaitAndPingAPI` to be
called with `""` as the socket path, triggering the warning.
This commit changes setupAPIForwarding to be similar to the
implementation in the other machine implementations.
I don't know how to add a test for this, but this can be handled in
podman-machine end to end tests by making sure that there are no
warnings when running `podman machine start` with applehv.
[NO NEW TESTS NEEDED]
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
`applehv.Start()` has this line of code:
```
cmd.ExtraFiles = []*os.File{ioEater, ioEater, ioEater}
```
whose purpose is not clear.
The intent may have been to redirect stdin/stdout/stderr to /dev/null in
the child process.
This should be done by setting cmd.Stdin/cmd.Stdout/cmd/Stderr to nil,
which is the case by default.
The way it's done could also cause issues as
`Vfkit.VirtualMachine.Cmd()` sometimes adds files it needs to keep open
to `ExtraFiles`, so at the very least this should be an `append()`
This commit removes this code.
[NO NEW TESTS NEEDED]
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
There are no security concerns here; this is a convenience
for people debugging things. Some podman-machine developers
were manually setting a password over SSH for example,
but this is just better than that.
[NO NEW TESTS NEEDED]
Signed-off-by: Colin Walters <walters@verbum.org>
Jason T. Greene
Brent Baude
openshift-merge-bot[bot]
Matt Heon
Mario Loriedo
Jake Correnti
Paul Holzinger
Brent Baude
Daniel J Walsh
Shion Tanaka
kaorihinata
Christophe Fergeau
Colin Walters