summaryrefslogtreecommitdiff
path: root/pkg/machine
Commit message (Collapse)AuthorAge
* Update to podman4 copr streamJason T. Greene2022-02-16
| | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Introduce podman machine init --root=t|f and podman machine set --root=t|fJason T. Greene2022-02-16
| | | | | | Switch default to rootless for mac and windows Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Initial implementation of mac forwarding using a privileged docker sock ↵Jason T. Greene2022-02-16
| | | | | | claim helper Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Merge pull request #13209 from esendjer/mainOpenShift Merge Robot2022-02-14
|\ | | | | ignition: propagate proxy settings from a host into a vm
| * ignition: propagate proxy settings from a host into a vmesendjer2022-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set proxy settings (such as `HTTP_PROXY`, and others) for the whole guest OS with setting up `DefaultEnvironment` with a `systemd` configuration file `default-env.conf`, a `profile.d` scenario file - `default-env.sh` and a `environment.d` configuration file `default-env.conf` The **actual** environment variables are read by podman at a start, then they are encrypted with base64 into a single string and after are provided into a VM through QEMU Firmware Configuration (fw_cfg) Device Inside a VM a systemd service `envset-fwcfg.service` reads the providead encrypted string from fw_cfg, decrypts and then adds to the files - `/etc/systemd/system.conf.d/default-env.conf` - `/etc/profile.d/default-env.sh` - `/etc/environment.d/default-env.conf` At the end this service execute `systemctl daemon-reload` to propagate new variables for systemd manager [NO NEW TESTS NEEDED] Closes #13168 Signed-off-by: esendjer <esendjer@gmail.com>
* | Temporarily pull machine images from side repoBrent Baude2022-02-11
|/ | | | | | | | | | | Until podman4 is in the fcos trees, we need to pull the machine images from a side repository. There is a hard coded bit that forces the side repo download right now. Simple comment or removal of the bit will revert to normal download behavior. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* ignition, machine: delegate cpu,io cgroup controllers to machine's default usersAditya R2022-01-28
| | | | | | | | | | | | | | | | Makes sure that ignition setups up systemd config so cgroup controllers like `cpu, io` are also delegated to `non-root` along with `memory, pid`. This allows general users of `podman` on `macOS` and `podman-remote` to do operations which are dependent on `cpu, io` cgroup controllers. [NO TESTS NEEDED] [NO NEW TESTS NEEDED] We don't have a CI infra to test this, please pull the tree and run `podman info` inside the machine to confirm. Signed-off-by: Aditya R <arajan@redhat.com>
* Merge pull request #12961 from rhatdan/codespellOpenShift Merge Robot2022-01-21
|\ | | | | Run codespell
| * Run codespell on codeDaniel J Walsh2022-01-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12959 from afbjorklund/machine-waitOpenShift Merge Robot2022-01-21
|\ \ | | | | | | Restore machine start logic that was hanging
| * | Restore machine start logic that was hangingAnders F Björklund2022-01-21
| |/ | | | | | | | | | | | | | | | | | | After refactoring Stop(), mounting volumes was hanging in Start(). Restore the conditional, and add error reporting from isListening. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* / Remove rootless_networking option from containers.confPaul Holzinger2022-01-20
|/ | | | | | | | | | | | This field was only needed for machine to force cni, however you can set netns="bridge" in the config to have the same effect. This is already done in the machine setup. see https://github.com/containers/common/pull/895 [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Implement API forwarding for podman machine on WindowsJason T. Greene2022-01-19
| | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Recursively copy cert files.Andrzej Klajnert2022-01-15
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Andrzej Klajnert <github@aklajnert.pl>
* Merge pull request #12835 from baude/issue12815OpenShift Merge Robot2022-01-13
|\ | | | | Wait for podman stop to complete
| * Wait for podman stop to completeBrent Baude2022-01-12
| | | | | | | | | | | | | | | | | | | | | | | | if users run podman machine stop && podman machine ls, the status of the machine in the subsequent ls command would running. now we wait for everything to complete for stop so that scripting is more accurate. Fixes: #12815 [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | add additional fields to podman machine ls --jsonDaniel J Walsh2022-01-11
|/ | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* pkg: use PROXY_VARS from c/commonAditya Rajan2022-01-11
| | | | Signed-off-by: Aditya Rajan <arajan@redhat.com>
* ignition: add support from setting SSL_CERT_FILEAditya Rajan2022-01-11
| | | | | | | | | | | | | Podman often has to run behind an http/https proxy, often in corporate environments. This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store. Copy the file referred to by SSL_CERT_FILE on the host into the podman machine's OS trust store, overriding the built-in single-file trust store certificate. Also set the `SSL_FILE_CERT` on remote machine [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* ignition: propogate HTTP proxy variables from host to remoteAditya Rajan2022-01-11
| | | | | | | | | | | Podman often has to run behind an http/https proxy, often in corporate environments. This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store. Solve this by reading standard proxy variables (HTTP_PROXY HTTPS_PROXY NO_PROXY http_proxy https_proxy no_proxy) and injecting them into the machine at init. [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Merge pull request #11454 from afbjorklund/virtfs-volumesOpenShift Merge Robot2022-01-06
|\ | | | | Implement virtfs volumes for podman machine
| * Make it possible to select the volume driverAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | Use the same type of mounts for all the machine volumes. The default could change in the future, depending on OS. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * Check the mount type for future compatibilityAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are other mount types available, such as NFS or SMB, or one could use reverse sshfs for better compatibility. It could either be a global option, or it could perhaps be overridden for each volume (like the container volumes). Refactor the creation of the options string or array. Allow specifying the volume as read-only, if desired. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * Implement virtfs volumes for podman machineAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow using the built-in 9pfs feature of qemu, mounting host directories into vm mountpoints. The volumes are generic, the mounts are specific. Wait for the machine to be "running", otherwise the SSH function might throw an error instead. Increase the default msize from 8 KiB to 128 KiB [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | ignition: add certs from current user into the machine while initAditya Rajan2021-12-27
|/ | | | | | | | | | | | | Following PR ensures that certs from `~/.config/containers/certs.d` or `~/.config/docker/certs.d` are copied into the remote machine at `/etc/containers/certs.d/` As a result on platforms like `macOS` where podman works with a remote machine setup. User's local certs must be transferd to VM without any plumbing needed by user. [NO-NEW-TESTS-NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Introduce Windows WSL implementation of podman machineJason T. Greene2021-12-24
| | | | | | [NO NEW TESTS NEEDED] for now Signed-off-by: Jason Greene <jason.greene@redhat.com>
* Set machine timezoneBrent Baude2021-12-16
| | | | | | | | | | | | | | Added an option to podman machine init to declare the timezone of the resulting machine. the default is to use the value of the host name or else a given timezone name like America/Chicago. Fixes: #11895 Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* systemd: replace multi-user with default.targetValentin Rothberg2021-11-30
| | | | | | | | | | Replace `multi-user.target` with `default.target` across the code base. It seems like the multi-user one is not available for (rootless) users on F35 anymore is causing issues in all kinds of ways, for instance, enabling the podman.service or generated systemd units. Fixes: #12438 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12314 from Luap99/machine-wait-sshdOpenShift Merge Robot2021-11-18
|\ | | | | podman machine start wait for ssh
| * podman machine start wait for sshPaul Holzinger2021-11-16
| | | | | | | | | | | | | | | | | | | | | | | | Wait for sshd to be ready before we return from start. This should make podman machine ssh immediately available without any race conditions. Fixes #11532 [NO NEW TESTS NEEDED] I could not reproduce the issue so I am not sure if this fixes it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | fix: take absolute path for dd on apple siliconetenzy2021-11-17
|/ | | | | | | | Fixes #12329 [NO NEW TESTS NEEDED] podman machine Signed-off-by: Michael Rödel <hello@mroedel.de>
* podman machine improve port forwardingPaul Holzinger2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | This commits adds port forwarding logic directly into podman. The podman-machine cni plugin is no longer needed. The following new features are supported: - works with cni, netavark and slirp4netns - ports can use the hostIP to bind instead of hard coding 0.0.0.0 - gvproxy no longer listens on 0.0.0.0:7777 (requires a new gvproxy version) - support the udp protocol With this we no longer need podman-machine-cni and should remove it from the packaging. There is also a change to make sure we are backwards compatible with old config which include this plugin. Fixes #11528 Fixes #11728 [NO NEW TESTS NEEDED] We have no podman machine test at the moment. Please test this manually on your system. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Make stop message more similar to startAnders F Björklund2021-11-02
| | | | | | [NO TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* Merge pull request #12090 from afbjorklund/image-streamOpenShift Merge Robot2021-10-29
|\ | | | | Record the image stream along with the path
| * Record the image stream along with the pathAnders F Björklund2021-10-26
| | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | Set DOCKER_HOST in the VMMatej Vasek2021-10-23
|/ | | | | | [NO TESTS NEEDED] Signed-off-by: Matej Vasek <mvasek@redhat.com>
* Don't use docker/pkg/archive, use containers/storage/pkg/archiveDaniel J Walsh2021-10-14
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11802 from flouthoc/podman-machine-rm-cleanupOpenShift Merge Robot2021-10-01
|\ | | | | machine: silently cleanup dangling sockets before `rm` if possible
| * machine: silently cleanup dangling sockets before rm if possibleAditya Rajan2021-09-30
| | | | | | | | | | | | | | | | | | Try to cleanup dandling pid and machine socket if possible silently before `rm`. [NO TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | machine: Info on successfully stopping qemu machineAditya Rajan2021-09-30
|/ | | | | | | | | Spit info log whenever we successfully stop qemu machine for ack. Closes: https://github.com/containers/podman/issues/11542 [NO TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Merge pull request #11703 from n1hility/disable-fcos-mobyOpenShift Merge Robot2021-09-29
|\ | | | | [NO TESTS NEEDED] Disable docker and alias to podman in FCOS ignition
| * Disable docker and alias to podman in FCOS ignitionJason T. Greene2021-09-24
| | | | | | | | | | Signed-off-by: Jason Greene <jason.greene@redhat.com> Co-authored-by: Dusty Mabe <dusty@dustymabe.com>
* | Merge pull request #11691 from afbjorklund/machine-listOpenShift Merge Robot2021-09-22
|\ \ | | | | | | Add more information about the VM to podman machine list
| * | Also show the (initial) disk sizeAnders F Björklund2021-09-22
| | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | Show cpus and memory in machine listAnders F Björklund2021-09-22
| |/ | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | Merge pull request #11701 from ashley-cui/streamOpenShift Merge Robot2021-09-22
|\ \ | | | | | | Fix machine image
| * | Fix machine imageAshley Cui2021-09-22
| |/ | | | | | | | | | | | | Make sure setting machine image to `testing` pulls down the testing stream, and not the next stream Signed-off-by: Ashley Cui <acui@redhat.com>
* / standardize logrus messages to upper caseDaniel J Walsh2021-09-22
|/ | | | | | | | Remove ERROR: Error stutter from logrus messages also. [ NO TESTS NEEDED] This is just code cleanup. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Use new aarch64 fcos reposbaude2021-09-14
| | | | | | | | Now that aarch64 fcos is an official thing, we no longer need to use the side repo (for lack of a better word). We can now use the same image lookup technique as x86_64. I removed the special lookup, moved the x86_64 lookup to generic arch, and removed the arch specific files that we no longer needed. [NO TESTS NEEDED] Signed-off-by: baude <baude@redhat.com>