The code which comment refers to was removed by commit 2e4e1bb97c
("podman machine ssh handling"), so the comment is no longer valid.
Remove it.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Using golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize
+ some manual cleanup in libpod/lock/shm/shm_lock_test.go as it
generated an unused variable
+ restored one removed comment
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
unconfined is a special value and not a path as such it must not be
converted otherwise --security-opt seccomp=unconfined fails as it tries
to access a file called unconfined.
Fixes: 3e8b2d7d96 ("Fix seccomp profile path on Windows")
Fixes: #26855
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This patch adds a new --tls-verify flag to the `podman machine init`
sub command which matches many of our other commands. This allows the
user to optionally control whether TLS verification is enabled or
disabled for download of the machine image.
The default remains to leave the TLS verification decision to the
backend library which defaults to enabling it, this patch just
allows the user to explicitly set it on the CLI.
Fixes: #26517
Signed-off-by: Lewis Roy <lewis@redhat.com>
The machine images should contain a new enough podman on the server side
to support this so the skips can be removed.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fixed the --build-context flag to properly send files for remote builds. Previously
only the main context was sent over as a tar while additional contexts were passed as
local paths and this would cause builds to fail since the files wouldn't exist.
New changes modifies the Build API to use multipart HTTP requests allowing multiple
build contexts to be used. Each additional context is packaged and
transferred based on its type:
- Local Directories: Sent as tar archives
- Git Repositories: link sent to the server where its then cloned
- Container Images: Image reference sent to the server, it then pulls the image there
- URLs/archives: URL sent to the server, which handles the download
Fixes: #23433
Signed-off-by: Joshua Arrevillaga <2004jarrevillaga@gmail.com>
Setup a local web server both for HTTP and HTTPS and make sure the
client rejects the connection and does not try to pull the image.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The Windows source folder path was not converted in the corresponding
machine folder path when the volume was of type overlay as it does for
other bind mount volumes.
Fix#25988
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
The image quay.io/libpod/alpine_nginx doesn't have a `linux/arm64` version
and the test "Single character volume mount" on Windows ARM64 was
failing. Changing it to TESTIMAGE (quay.io/libpod/testimage) fixes it.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
The test is checking that named volumes could be used. FS mount is not
needed and there is no code testing anything around it.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
The alpine_nginx image is a static amd64 only image, just yesterday our
CI broke because the rosetta emulation stopped working. All these tests
should have no need to test emulation and should just run on native arch
here. This should also make them faster.
If we want to test emulation work it should be done in the
podman-machine-os tests instead.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently all podman machine rm errors in AfterEach were ignored.
This means some leaked and caused issues later on, see #22844.
To fix it first rework the logic to only remove machines when needed at
the place were they are created using DeferCleanup(), however
DeferCleanup() does not work well together with AfterEach() as it always
run AfterEach() before DeferCleanup(). As AfterEach() deletes the dir
the podman machine rm call can not be done afterwards.
As such migrate all cleanup to use DeferCleanup() and while I have to
touch this fix the code to remove the per file duplciation and define
the setup/cleanup once in the global scope.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
I'm hitting a bug with 9p when trying to transfer large files.
In RHEL at least 9p isn't supported because it's known to have a
lot of design flaws; virtiofsd is the supported and recommended
way to share files between a host and guest.
Add a new hidden `PODMAN_MACHINE_VIRTFS` environment
variable that can be set to `virtiofs` to switch to virtiofsd.
Signed-off-by: Colin Walters <walters@verbum.org>
Non-Linux systems, such as BSD kernels, constrain xatter updates
according to file permissions. This is in contrast to Linux selinux
attr writes, which are governed by an selinux policy. By dafault this
policy apllows users to relabel files owned by themselves even if file
perms would otherwise disallow write.
This results in robust container relabeling results on Linux, and
fragile results everywhere else. Therefore, change the mac policy to
force the nfs_t context on all files, and ignore all relabel
events.
As a side-effect, this will disallow any ability to store custom
selinux constants on files. However, this is of limited use in
a machine context, since files in these volumes are externally
managed on systems which do not support SELinux.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
I am really not sure why the caller even should have the option to set
this. We should always use the correct isolation type based on the
privileges the server runs under never the client. podman-remote build
seems to send the default based on its local privs which was wrong as
well. To fix this I also changed the client to send the default if the
isolation flag is not set.
Fixes#22109
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Before, we required that the mount target exist and be a
directory for the 9p mount to successfully complete, which is not
how things are supposed to work - the user should be able to
mount anywhere. This should just be a simple mkdir, but with FCOS
the root directory is immutable so we need to undo that before we
can mkdir, and unfortunately we don't have a library that can do
chattr (and I didn't want to drag in a new dependency just for
that), so let's be gross and add it to the SSH command. I
aggressively dislike this but it does work.
[NO NEW TESTS NEEDED] Can worry about getting a more generic
mount test together for Machine later.
Signed-off-by: Matt Heon <mheon@redhat.com>
Commit f48a706abc added a new API endpoint to remove exec session
correctly. And the bindings try to call that endpoint for exec every
time. Now since client and server must not be the same version this
causes a problem if a new 4.8 client calls an older 4.7 server as it has
no idea about such endpoint and throws an ugly error. This is a common
scenario for podman machine setups.
The client does know the server version so it should make sure to not
call such endpoint if the server is older than 4.8.
I added a exec test to the machine tests as this can be reproduced with
podman machine as at the moment at least the VM image does not contain
podman 4.8. And it should at least make sure podman exec keeps working
for podman machine without regressions.
Fixes#20821
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This PR is a mishmash of updates needed so that the hyperv provider can
begin to passd the machine e2e tests.
Summary as follows:
* Added custom error handling for machine errors so that all providers
can generate the same formatted error messages. The ones implemented
thus far are needed for the basic and init tests. More will come as
they are identified.
* Vendored new libhvee for better memory inspection. The memory type
changed from uint32 to uint64.
* Some machine e2e tests used linux-specific utilities to check various
error conditions and messages (like pgrep). Those were made into
functions and implemented on an operating system level.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Added a test that checks that gvproxy properly starts and stops when running podman machine, and that containers properly forward ports to the host when running podman using machine.
Signed-off-by: Ashley Cui <acui@redhat.com>
I found the ginkgolinter[1] by accident, this looks for not optimal
matching and suggest how to do it better.
Overall these fixes seem to be all correct and they will give much
better error messages when something fails.
Check out the repo to see what the linter reports.
[1] https://github.com/nunnatsa/ginkgolinter
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
add the key used in newly initialized machines to the user's known_hosts file. This ensures that golang will be able to ssh into the machine using
podman-remote. Also, remove the /dev/null redirection for podman machine ssh's known_hosts file.
resolves#15347
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Run machine tests on every PR as label-driven machine test
triggering is currently hard to predict and debug.
Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Rename all files to _test.go and rename the package to e2e_test. This
makes the linter less strict about things like dot imports.
Add some unused nolint directives to silence some warnings, these can be
used to find untested options so someone could add tests for them.
Fixes#14996
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This PR introduces a test suite for podman machine. It can currently be
run on developers' local machines and is not part of the official CI
testing; however, the expectation is that any work on machine should
come with an accompanying test.
At present, the test must be run on Linux. It is untested on Darwin.
There is no Makefile target for the test. It can be run like `ginkgo -v
pkg/machine/test/.`. It should be run as a unprivileged user.
Signed-off-by: Brent Baude <bbaude@redhat.com>
