summaryrefslogtreecommitdiff
path: root/pkg/machine
Commit message (Collapse)AuthorAge
* Machine refactor part 2Brent Baude2022-03-30
| | | | | | | | | | | | | | | | This PR further implements a more structured approach to handling the files needed by machine. More files are now made as MachineFile which can then have a symlink (using a shorter path) to them. Also added Set and Get methods for many of the files. The next part of the refactor will implement the use of symlinks on MacOS. Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* Migrate machine configsBrent Baude2022-03-28
| | | | | | | | | If podman detects a Machinev1 config, it will automatically migrate it to the new format. Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED]
* Machine refactor - part 1Brent Baude2022-03-28
| | | | | | | | | | | | | | | | the way machine was written was very adjunct and as such is in dire need of refactoring to better structures and structure methods where appropriate. the weekest part is specifically around all the files that machine requires and how some are just dynamically built on the fly. this pr defines a new machinefile type which allows us to work with the file and also takes into account the use of symlinks which are going to be needed on macos due to its relatively short file length restriction. also, added unit tests for new methods as well as anywhere else I saw a need. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Switch all calls to filepath.Walk to filepath.WalkDirDaniel J Walsh2022-03-27
| | | | | | | | | WalkDir should be faster the Walk, since we often do not need to stat files. [NO NEW TESTS NEEDED] Existing tests should find errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Remove error stutterDaniel J Walsh2022-03-25
| | | | | | | | | | | | | | | | | When podman gets an error it prints out "Error: " before printing the error string. If the error message starts with error, we end up with Error: error ... This PR Removes all of these stutters. logrus.Error() also prints out that this is an error, so no need for the error stutter. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13620 from Luap99/qemu-pathOpenShift Merge Robot2022-03-24
|\ | | | | podman machine start: lookup qemu path again if not found
| * fix podman machine start log level detectionPaul Holzinger2022-03-23
| | | | | | | | | | | | | | Use logrus.IsLevelEnabled because this will cover all levels below it as well. Currently this condition would fail for the trace log level. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * podman machine start: lookup qemu path again if not foundPaul Holzinger2022-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We store the full path to qemu in the machine config. When the path changes on the host the machine can longer be started. To fix it we get the path again when we fail to start the machine due the missing binary. We want to store and use the full path first because otherwise existing machines can break when the qemu version changed. [NO NEW TESTS NEEDED] We still have no machine tests. Fixes #13394 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Explicitly use IPv4 to check if podman-machine VM is listeningBurt Holzman2022-03-23
|/ | | | | | | | | | | | | | | | When starting a VM that has been configured with volume mounts, the podman client attempts to connect via TCP to localhost, which runs gvproxy to proxy an ephemeral port to the VM's ssh port. Previously, gvproxy was listening on all interfaces and IP addresses, but this behavior has changed to listening only on the IPv4 loopback address. Without this change, if a newer build of gvproxy is used, a podman machine configured with volume mounts will hang forever after "podman machine start" with "Waiting for VM ...". [NO NEW TESTS NEEDED] Signed-off-by: Burt Holzman <burt@fnal.gov>
* fix a number of errcheck issuesValentin Rothberg2022-03-22
| | | | | | Numerous issues remain, especially in tests/e2e. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* fix a number of `godot` issuesValentin Rothberg2022-03-22
| | | | | | | Still an unknown number remains but I am running out of patience. Adding dots is not the best use of my time. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* linter: enable nilerrValentin Rothberg2022-03-22
| | | | | | | A number of cases looked suspicious, so I marked them with `FIXME`s to leave some breadcrumbs. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* bump golangci-lint to v1.45.0Valentin Rothberg2022-03-21
| | | | | | | | | | * supports Go 1.18 * disable a number of new linters * fix minor stylecheck issues [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #13523 from n1hility/tolerate-old-machineOpenShift Merge Robot2022-03-18
|\ | | | | Tolerate old machine images, but warn they should be recreated
| * Handle incompatible machinesJason T. Greene2022-03-18
| | | | | | | | | | | | Start in a reduced mode for recovery, warn, and provide instructions to recreate them Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | go fmt: use go 1.18 conditional-build syntaxValentin Rothberg2022-03-18
|/ | | | Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Use github.com/vbauerster/mpb/v7 in pkg/machinePaul Holzinger2022-03-09
| | | | | | | | | | | We already use v7 in c/image so podman should use the same version to prevent duplication. This saves 170 KB binary size. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #13465 from n1hility/improve-install-msgOpenShift Merge Robot2022-03-09
|\ | | | | Improve agent install message to add restart instructions
| * Improve agent install message to add restart instructionsJason T. Greene2022-03-08
| | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | machine rm -f stops and removes machineBrent Baude2022-03-08
|/ | | | | | | | | | | | If you want to remove a running machine, you can now pass the --force/-f to podman machine rm and the machine will be stopped and removed without confirmations. Fixes: #13448 [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* MacOS improvementsBrent Baude2022-03-07
| | | | | | | | * Enable support of virtfs in Podman and darwin. At the time of this writing, it requires a special patch not yet included in upstream qemu. * Prefer to use a specially built qemu to support virtfs. The qemu is installed under libexec/podman. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* Fixes: #13301 ("machine rm removes the mounted socket file on macos")Thibault Gagnaux2022-03-06
| | | | | [NO NEW TESTS NEEDED] Signed-off-by: Thibault Gagnaux <tgagnaux@gmail.com>
* Update to podman4 copr streamJason T. Greene2022-02-16
| | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Introduce podman machine init --root=t|f and podman machine set --root=t|fJason T. Greene2022-02-16
| | | | | | Switch default to rootless for mac and windows Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Initial implementation of mac forwarding using a privileged docker sock ↵Jason T. Greene2022-02-16
| | | | | | claim helper Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Merge pull request #13209 from esendjer/mainOpenShift Merge Robot2022-02-14
|\ | | | | ignition: propagate proxy settings from a host into a vm
| * ignition: propagate proxy settings from a host into a vmesendjer2022-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set proxy settings (such as `HTTP_PROXY`, and others) for the whole guest OS with setting up `DefaultEnvironment` with a `systemd` configuration file `default-env.conf`, a `profile.d` scenario file - `default-env.sh` and a `environment.d` configuration file `default-env.conf` The **actual** environment variables are read by podman at a start, then they are encrypted with base64 into a single string and after are provided into a VM through QEMU Firmware Configuration (fw_cfg) Device Inside a VM a systemd service `envset-fwcfg.service` reads the providead encrypted string from fw_cfg, decrypts and then adds to the files - `/etc/systemd/system.conf.d/default-env.conf` - `/etc/profile.d/default-env.sh` - `/etc/environment.d/default-env.conf` At the end this service execute `systemctl daemon-reload` to propagate new variables for systemd manager [NO NEW TESTS NEEDED] Closes #13168 Signed-off-by: esendjer <esendjer@gmail.com>
* | Temporarily pull machine images from side repoBrent Baude2022-02-11
|/ | | | | | | | | | | Until podman4 is in the fcos trees, we need to pull the machine images from a side repository. There is a hard coded bit that forces the side repo download right now. Simple comment or removal of the bit will revert to normal download behavior. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* ignition, machine: delegate cpu,io cgroup controllers to machine's default usersAditya R2022-01-28
| | | | | | | | | | | | | | | | Makes sure that ignition setups up systemd config so cgroup controllers like `cpu, io` are also delegated to `non-root` along with `memory, pid`. This allows general users of `podman` on `macOS` and `podman-remote` to do operations which are dependent on `cpu, io` cgroup controllers. [NO TESTS NEEDED] [NO NEW TESTS NEEDED] We don't have a CI infra to test this, please pull the tree and run `podman info` inside the machine to confirm. Signed-off-by: Aditya R <arajan@redhat.com>
* Merge pull request #12961 from rhatdan/codespellOpenShift Merge Robot2022-01-21
|\ | | | | Run codespell
| * Run codespell on codeDaniel J Walsh2022-01-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12959 from afbjorklund/machine-waitOpenShift Merge Robot2022-01-21
|\ \ | | | | | | Restore machine start logic that was hanging
| * | Restore machine start logic that was hangingAnders F Björklund2022-01-21
| |/ | | | | | | | | | | | | | | | | | | After refactoring Stop(), mounting volumes was hanging in Start(). Restore the conditional, and add error reporting from isListening. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* / Remove rootless_networking option from containers.confPaul Holzinger2022-01-20
|/ | | | | | | | | | | | This field was only needed for machine to force cni, however you can set netns="bridge" in the config to have the same effect. This is already done in the machine setup. see https://github.com/containers/common/pull/895 [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Implement API forwarding for podman machine on WindowsJason T. Greene2022-01-19
| | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Recursively copy cert files.Andrzej Klajnert2022-01-15
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Andrzej Klajnert <github@aklajnert.pl>
* Merge pull request #12835 from baude/issue12815OpenShift Merge Robot2022-01-13
|\ | | | | Wait for podman stop to complete
| * Wait for podman stop to completeBrent Baude2022-01-12
| | | | | | | | | | | | | | | | | | | | | | | | if users run podman machine stop && podman machine ls, the status of the machine in the subsequent ls command would running. now we wait for everything to complete for stop so that scripting is more accurate. Fixes: #12815 [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | add additional fields to podman machine ls --jsonDaniel J Walsh2022-01-11
|/ | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* pkg: use PROXY_VARS from c/commonAditya Rajan2022-01-11
| | | | Signed-off-by: Aditya Rajan <arajan@redhat.com>
* ignition: add support from setting SSL_CERT_FILEAditya Rajan2022-01-11
| | | | | | | | | | | | | Podman often has to run behind an http/https proxy, often in corporate environments. This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store. Copy the file referred to by SSL_CERT_FILE on the host into the podman machine's OS trust store, overriding the built-in single-file trust store certificate. Also set the `SSL_FILE_CERT` on remote machine [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* ignition: propogate HTTP proxy variables from host to remoteAditya Rajan2022-01-11
| | | | | | | | | | | Podman often has to run behind an http/https proxy, often in corporate environments. This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store. Solve this by reading standard proxy variables (HTTP_PROXY HTTPS_PROXY NO_PROXY http_proxy https_proxy no_proxy) and injecting them into the machine at init. [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Merge pull request #11454 from afbjorklund/virtfs-volumesOpenShift Merge Robot2022-01-06
|\ | | | | Implement virtfs volumes for podman machine
| * Make it possible to select the volume driverAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | Use the same type of mounts for all the machine volumes. The default could change in the future, depending on OS. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * Check the mount type for future compatibilityAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are other mount types available, such as NFS or SMB, or one could use reverse sshfs for better compatibility. It could either be a global option, or it could perhaps be overridden for each volume (like the container volumes). Refactor the creation of the options string or array. Allow specifying the volume as read-only, if desired. [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * Implement virtfs volumes for podman machineAnders F Björklund2021-12-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow using the built-in 9pfs feature of qemu, mounting host directories into vm mountpoints. The volumes are generic, the mounts are specific. Wait for the machine to be "running", otherwise the SSH function might throw an error instead. Increase the default msize from 8 KiB to 128 KiB [NO NEW TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | ignition: add certs from current user into the machine while initAditya Rajan2021-12-27
|/ | | | | | | | | | | | | Following PR ensures that certs from `~/.config/containers/certs.d` or `~/.config/docker/certs.d` are copied into the remote machine at `/etc/containers/certs.d/` As a result on platforms like `macOS` where podman works with a remote machine setup. User's local certs must be transferd to VM without any plumbing needed by user. [NO-NEW-TESTS-NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Introduce Windows WSL implementation of podman machineJason T. Greene2021-12-24
| | | | | | [NO NEW TESTS NEEDED] for now Signed-off-by: Jason Greene <jason.greene@redhat.com>
* Set machine timezoneBrent Baude2021-12-16
| | | | | | | | | | | | | | Added an option to podman machine init to declare the timezone of the resulting machine. the default is to use the value of the host name or else a given timezone name like America/Chicago. Fixes: #11895 Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>