Starting with [1] we now build and publish the wsl image from the
machine-os repo, as such this special case is no longer needed.
[1] https://github.com/containers/podman-machine-os/pull/142
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
There is one user in the code and one in the tests.
First the test is testing an external function that doesn't seem to make
a lot of sense.
Second when we pull the machine image and renmae doesn't work it would
mean it is on a different disk. That should never happen.
The oci pull is to
~/.local/share/containers/podman/machine/<provider>/cache/<sha>/...
and then it gets moved to
~/.local/share/containers/podman/machine/qemu/cache/<sha>.<extension>
These can under normal circumstances never be on different disk as it
would mean the pulled sha is known ahead of time and then that the blob
path is a mount point which is unrealistic and not something we have to
support.
It also removes three transitive dependencies.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
... to validate that the manifests match expected digests, if any.
Do this everywhere, even where we read local storage which is
mostly trusted, because it is cheap enough and being consistent
makes it less likely for the code to be copied into other
contexts shere the sources are not trusted.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Cache cleanups only happen if there is a cache miss, and we need to pull a new image
For quay.io/podman/machine-os, we remove all old images from the cache dir. This means we will delete any file that exists in the cache dir; this should be safe to do since the machine pull code should be the only thing touching this cache dir. OCI machine images will always have a different manifest, and won’t be updated with the same manifest, so if the version moves on, there isn’t a reason to keep the old version in the cache, it really doesn’t change.
For Fedora (WSL), we use the cache, so we go through the cache dir and remove any old cached images, on a cache miss. We also switch to using ~/.local/share/containers/podman/machine/wsl/cache as the cache dir rather than ~/.local/share/containers/podman/machine/wsl. Both these behaviors existed in v4.9, but are now added back into 5.x.
For generic files pulled from a URL or a non-default OCI image, we shouldn’t actually cache, so we delete the pulled file immediately after creating a machine image. This restores the behavior from v4.9.
For generic files from a local path, the original file will never be cleaned up
Unsure how to test, so:
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
This PR adds libkrun support to podman machine. This is an experimental feature and should not be marketed yet. Before we unmark the experimental status on this function, we will need to have full CI support and a full podman point release has pased.
This work relies on the fact that vfkit and libkrun share a reasonably (if not perfectly) same API. The --log-level debug option will not show a GUI screen for boots as krun is not capable of this.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Adding the final machine endpoint as quay.io/podman/machine-os in the
Podman code. As a reminder, we decided we would set this in containers
conf once things settle down and this code would then be removed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
As outlined in #21856, it can take a number of seconds until an image
gets pulled. That is because init is hitting the registry first to look
up the image. To improve the UX, add a new line indicating what
happens.
[NO NEW TESTS NEEDED]
Fixes: #21856
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
For podman machine init, deprecate the --image-path option for --image.
--image now accepts the correct image from containers.conf
Also, add the ability to specify an OCI image from the --image flag using the docker:// transport.
Signed-off-by: Ashley Cui <acui@redhat.com>
We used to use ignition to perform any customization required for podman
machine because our input was a generic FCOS image. Now that we are
building our own images, some of this customization can be migrated to
the Containerfile itself and be less of a burden in our code at boot up.
At the time of this PR, the Containerfile can be found at
https://github.com/baude/podman-machine-images/tree/main. It is only
present for a so-called daily image. There is little liklihood that
this would the final location for the Containerfile so consider it a
working version only.
Split WSL and rest apart in the e2e tests so we no longer ppull the
generic FCOS image for testing.
Note: the change to the pull image name is so PRs are not immediately
broken that are already in the queue.
[NO NEW TESTS REQUIRED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
If we hit an error here, it will be really useful to know
- That we're trying to fetch a container image
- Which image we're trying to fetch
[NO NEW TESTS NEEDED]
Signed-off-by: Colin Walters <walters@verbum.org>
given that we are moving to building our own machine images, we have
decided to use zstd compression as it is superior in speed to the
alternatives. as such, this pr adds zstd to our machine code; and also
has to account for dealing with sparseness on darwin; which the default
zstd golang library does not.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
This PR fixes a small bug in pulling disk artifacts where the machine os
was accidently being set to GOOS instead of "linux". Also removed the
manifest type verification because it served no purpose.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
this pr represents a shift in how we download podman machine images.
these images will now be stored in oci registry and will replace the
default method of downloading an image. you can still use a reference
to a disk image as a path or url too with the --image-path switch.
the final registry and location of the images has not been determined;
and will need to be updated in podman as well.
i dont think we need to allow --image-path to accept a registry/image
for the podman 5.0 release. i do think there will be demand for this.
upgrades also need to be plumbed. for example, updating from an oci
registry.
once we make decisions on final image locations/registrties as well as
some behaviors of init and the oci pull, we must update the machine-init
documentation.
Signed-off-by: Brent Baude <bbaude@redhat.com>
