There is no reason to deifne a dummy service to run sleep just to get
the podman.socket enabled. Enabeling a service is just creating the
symlink so we can do that for the user sessions as well.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Those are not used since commit 0c587f024 ("refactor(machine,wsl):
improve operations of Windows API").
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Allow the user to provide an Ansible playbook file on init which will
then be run on boot.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Signed-off-by: Brent Baude <bbaude@redhat.com>
This commit disables ssh port forwarding on WSL by passing -1 to the -ssh-port flag of gvproxy. Port forwarding is not required on WSL and disabling it prevents port conflict with CRC.
Fixes: https://github.com/containers/podman/issues/20327
Signed-off-by: Gunjan Vyas <vyasgun20@gmail.com>
gvproxy and win-sshproxy have capabilities to serve this type of enpoint.
This change only adds one additional API enpoint publishing by appending
proxy command lines.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
We do a soft stop via systemd to allow graceful shutdown behavior.
Hoewever for unknown reason we are hitting such a case in CI right now.
Regardless of the CI issue we should always to the hard terminate in
such case so only log the timeout as warning.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
First of some commands ignored cmd.Wait() error which means it was
impossible to notice any command errors. And others only returned
the wait error as it which when a command fails is just
`exit status <code>` which is not helpful at all.
This commit should add proper error wrapping with stderr to get useful
strings back hopefully.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
1. Prefer using the built-in functions of `golang.org/x/sys/windows` rather than using `syscall` to directly call system APIs
2. Reduce bitwise operations to improve code maintainability
3. Minimize defining your own Flags, and prioritize using those already defined in `golang.org/x/sys/windows`
Signed-off-by: Kevin Cui <bh@bugs.cc>
Cache cleanups only happen if there is a cache miss, and we need to pull a new image
For quay.io/podman/machine-os, we remove all old images from the cache dir. This means we will delete any file that exists in the cache dir; this should be safe to do since the machine pull code should be the only thing touching this cache dir. OCI machine images will always have a different manifest, and won’t be updated with the same manifest, so if the version moves on, there isn’t a reason to keep the old version in the cache, it really doesn’t change.
For Fedora (WSL), we use the cache, so we go through the cache dir and remove any old cached images, on a cache miss. We also switch to using ~/.local/share/containers/podman/machine/wsl/cache as the cache dir rather than ~/.local/share/containers/podman/machine/wsl. Both these behaviors existed in v4.9, but are now added back into 5.x.
For generic files pulled from a URL or a non-default OCI image, we shouldn’t actually cache, so we delete the pulled file immediately after creating a machine image. This restores the behavior from v4.9.
For generic files from a local path, the original file will never be cleaned up
Unsure how to test, so:
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
creating vsocks in windows requires admin privileges. there could be
some workarounds made in the future,but the general deal has
always been, you need to be admin. lets enforce this with an error
until those work-arounds can be implemented.
Signed-off-by: Brent Baude <bbaude@redhat.com>
This function is not used, it has been refactored in the general
starting good higher up the stack.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- Fixes conflicts such as removal of second machine deleting a socket of a
the first machine while it's running
- Move API socket into runtime directory for consistency
- Add API and gvproxy sockets to removal list
- Cleanup related logic
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
For podman machine init, deprecate the --image-path option for --image.
--image now accepts the correct image from containers.conf
Also, add the ability to specify an OCI image from the --image flag using the docker:// transport.
Signed-off-by: Ashley Cui <acui@redhat.com>
Previously, the locks were on the provider layer, which doesn't make a vm operation with a config file update atomic. Move them up a layer, so the entire function locks while doing provider and config operations.
This adds a Remove and a Set function to the shim layer.
[NO NEW TESTS NEEDED] Unsure how to test this
Signed-off-by: Ashley Cui <acui@redhat.com>
Matt found a bug where if a machine start did not run to completion, a
gvproxy was left around running. This gvproxy then subsequently stopped
the next attempt to start.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
Copy all proxy envs into the VM on each start, this allows for updates
without having to recrate the VM. This is implemented via shell script
that is passed via ssh to the VM after it is started.
With that we now use the same logic for all providers the old fw_cfg
logic for qemu has been removed and the WSL code as well which keeps the
behavior the same.
There is a small risk now because we only update the env via ssh that
processes started before will have the old incorrect env but it should
really only effect core system processes which likely do not need them
anyway. The podman system service should not be started at this point
so it should be good enough.
It also fixes the broken behavior with SSL_CERT_FILE/SSL_CERT_DIR which
were updated on each start which is not correct as the files are only
copied with ignition so these should not be updated and just set
statically when the VM was created.
e2e test has been added to ensure the behavior works as expected.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Given the switch to pulling oci artifacts for podman, we no longer need
a fair bit of fedora coreos code for automatically downloading images.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Works around a problem where recent Windows updates do not always redirect the
system wsl to the app store wsl version correctly.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Replaces GetHyperVisorVMs() with Exists() to better abstract the underlying
use-case and slightly imrpove efficiency.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Re-enable USBs check in wsl `SetProviderAttrs` function to prevent the
user trying to set USB settings which isn't supported.
Additionally removes a TODO in wsl's `CreateVM` function to check if the
`opts.USBs` length is greater than 0. This check is done in a more
generic way higher up the stack.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Instead of panic'ing for provider.MountType(), we return the "Unknown"
voluem type
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Also addresses a number of issues:
- StopHostNetworking isn't plumbed, win-sshproxy leaks on hyperv
- Wait api and print output doesn't work properly on Windows
- API forwarding doesn't work on WSL
- Terminal corruption with after start/stop on Windows
- Gvproxy is forcefully killed vs gracefully quit
- Switching rootful/rootless does not update /var/run/docker.sock on the guest
- File already closed error on init
- HyperV backend is publishing Unix sockets when it should be named pipes
- User-mode networking doesn't always work
- Stop state outside of lock boundaries
- WSL blocks parallel machined (should be supported)
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Sets up USB passthrough for machine. Additionally moves `SetOptions` out
from `pkg/machine/config.go` to its own file in
`pkg/machine/define/setopts.go`.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moving from Go module v4 to v5 prepares us for public releases.
Move done using gomove [1] as with the v3 and v4 moves.
[1] https://github.com/KSubedi/gomove
Signed-off-by: Matt Heon <mheon@redhat.com>
this pr represents the podman 5 maching refactoring for HyperV. with
the exception of already skipped tests, all local tests pass.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The following PR is the leading PR for refactoring podman machine with
the following goals:
* less duplication/more re-use
* common configuration file between providers
* more consistentency in how machines are handled by providers
The goal of this PR is the rough refactor. There are still rough spots
for sure, specifically around the podman socket and pipe. This
implemention is only for Linux. All other providers are still present
but will not compile or work. This is why tests for them have been
temporarily suspended.
The ready socket code is another area that needs to be smoothed over.
Right now, the ready socket code is still in QEMU. Preferably it would
be moved to a generic spot where all three approaches to readiness
socket use can be defined.
It should also be noted:
* all machine related tests pass.
* make validate for Linux passes
* Apple QEMU was largely removed
* More code pruning is possible; will become clearer when other
providers are complete.
the dir pkg/machine/p5 is not permanent. i had to seperate this from
machine initially due to circular import problems. i think when all
providers are done (or nearly done), it can be placed and named
properly.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Paul Holzinger
Matheus Vitório
Kir Kolyshkin
Mario Loriedo
Jake Correnti
Gunjan Vyas
openshift-merge-bot[bot]
Arthur Sengileyev
Kevin Cui
Shion Tanaka
Ashley Cui
Giuseppe Scrivano
Brent Baude
Jason T. Greene
Matt Heon
Daniel J Walsh