This allows users to set the associated machine's system connection to the system default when running `podman machine init --now` or `podman machine start`. It also changes the default bbehavior of these commands in that the user will be prompted and asked if they would like to switch the system connection. It also introduces a command line switch called `--update-connection`. If the switch is unset, then the user will be prmpted. If the command value is explicitly set to `false`, the user will not be prompted and the system connection will not be altered. If the value is set to `true`, the system connection will be made the default and the user will not be prompted.
Fixes: https://issues.redhat.com/browse/RUN-3632
Signed-off-by: Brent Baude <bbaude@redhat.com>
A condition was changed in the refgactor of init where duplicate names would be allowed but no machine was created. Duplicate names are not permitted and should return an error.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Add the ability for users to override the default provider when creating mahcines. The new flag is `--provider` and allows you to specifiy a valid vmtype for the platform. This PR also removes the previous list test where we tested listing all providers. I added a PR for testing --provider which includes a standard `machine ls` which defaults now to showing all providers.
Signed-off-by: Brent Baude <bbaude@redhat.com>
For Podman 6, we still have providers and will continue to have a default provider for each platform. But where a platform has multiple providers, we want users to be able to cross provider boudnaries imposed in Podman 4/5. The key change is to look up virtual machines by name, as before, but to then also iterate all possible providers. As of this PR, init will still only create with the default provider, but a subsequent PR will introdouce an provider override.
I also removed the "--all-providers" command line option on `podman
machine ls` because it no longer makes sense. And I marked the all
provider list test to be skipped.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Tremendous amount of changes in here, but all should amount to
the same thing: changing Go import paths from v5 to v6.
Also bumped go.mod to github.com/containers/podman/v6 and updated
version to v6.0.0-dev.
Signed-off-by: Matt Heon <mheon@redhat.com>
Problem: While removing cgroupsv1 code, I noticed my neovim Go config
automatically changed fileperms to the new octal format and I didn't
want that polluting my diffs.
Decision: I thought it best to switch to the new octal format in a dedicated PR.
Action:
- Cursor switched to new octal format for all fileperm ocurrences in Go
source and test files.
- vendor/, docs/ and non-Go files were ignored.
- Reviewed manually.
Ref: https://go.dev/ref/spec#Go_1.13
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
The code which comment refers to was removed by commit 2e4e1bb97c
("podman machine ssh handling"), so the comment is no longer valid.
Remove it.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Using golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize
+ some manual cleanup in libpod/lock/shm/shm_lock_test.go as it
generated an unused variable
+ restored one removed comment
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
unconfined is a special value and not a path as such it must not be
converted otherwise --security-opt seccomp=unconfined fails as it tries
to access a file called unconfined.
Fixes: 3e8b2d7d96 ("Fix seccomp profile path on Windows")
Fixes: #26855
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This patch adds a new --tls-verify flag to the `podman machine init`
sub command which matches many of our other commands. This allows the
user to optionally control whether TLS verification is enabled or
disabled for download of the machine image.
The default remains to leave the TLS verification decision to the
backend library which defaults to enabling it, this patch just
allows the user to explicitly set it on the CLI.
Fixes: #26517
Signed-off-by: Lewis Roy <lewis@redhat.com>
The machine images should contain a new enough podman on the server side
to support this so the skips can be removed.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fixed the --build-context flag to properly send files for remote builds. Previously
only the main context was sent over as a tar while additional contexts were passed as
local paths and this would cause builds to fail since the files wouldn't exist.
New changes modifies the Build API to use multipart HTTP requests allowing multiple
build contexts to be used. Each additional context is packaged and
transferred based on its type:
- Local Directories: Sent as tar archives
- Git Repositories: link sent to the server where its then cloned
- Container Images: Image reference sent to the server, it then pulls the image there
- URLs/archives: URL sent to the server, which handles the download
Fixes: #23433
Signed-off-by: Joshua Arrevillaga <2004jarrevillaga@gmail.com>
Setup a local web server both for HTTP and HTTPS and make sure the
client rejects the connection and does not try to pull the image.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The Windows source folder path was not converted in the corresponding
machine folder path when the volume was of type overlay as it does for
other bind mount volumes.
Fix#25988
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
When a custom username is requested we must stil enable lingering for
it. The linger setup in the coreos image with the hard coded core user
doesn't really make sense as it doesn't work when another name is used.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The podman machine copy test "attempt copying file to a new directory"
was failing because on recent version of Windows the error message
doesn't match the expected error message. To make it work on new and
old version of Windows both old and new error messages are now
considered as valid.
Fixes https://github.com/containers/podman/issues/26056
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
The image quay.io/libpod/alpine_nginx doesn't have a `linux/arm64` version
and the test "Single character volume mount" on Windows ARM64 was
failing. Changing it to TESTIMAGE (quay.io/libpod/testimage) fixes it.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Machines configured to mount local paths containing
spaces failed to start on Hyper-V and silently failed
to mount the folder on macOS/Linux.
On Windows/hyperv, where local paths are mounted
running a 9p client inside the VM, the local host
path needs to be surrounding with quotation marks
before using in a `podman machine ssh ...` command.
A similar behavior happened on Linux/QEMU where the
path was used in a SSH command to mount the folder
using virtiofs. Quoting the path when buidling the
command arguments fixed the problem.
On macOS/libkit,applehv the path was written as is
in a systemd unit name to instruct how to mount it.
Escaping space chars so that they are are parsed
successfully fixed this:
```diff
-- enable path with spaces.mount
++ enable path\x20with\x20spaces.mount
```
Fixes https://github.com/containers/podman/issues/25500
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Add `--swap` argument to `podman machine init` command.
Passing an int64 value to this flag will trigger the Podman machine
ignition file to be generated with a zram-generator.conf file containing
the --swap value as the zram-size argument.
This file is read by the zram-generator systemd service on boot
resulting in a zram swap device being created.
Fixes: https://github.com/containers/podman/issues/15980
Signed-off-by: Lewis Roy <lewis@redhat.com>
The test is checking that named volumes could be used. FS mount is not
needed and there is no code testing anything around it.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
When trying to initialize a machine with more memory that the system has
we were outputting an error message in the wrong unit. It should have
been in MB and B. This was found as part of #25803 but is not the
solution for that issue.
Signed-off-by: Brent Baude <bbaude@redhat.com>
This could have been done by simply running
GOOS=freebsd ./bin/golangci-lint run [options] ./...
on Linux, but some freebsd code is using cgo (i.e. is linked to C
libraries), so real freebsd environment is required.
This also fixes the issue of ignoring linter errors for Windows and
Darwin (exit 0), introduced by commit c9b108d5b3.
Fixes: c9b108d5b3 ("Bump golangci-lint to v2.0.2")
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This was added by commit 84e42877a ("make lint: re-enable revive"),
making nolintlint became almost useless.
Remove the ungodly amount of unused nolint annotations.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
As of commit d4c7ca39f ("update c/{buildah,common,image,storage} to
latest main") no dependencies use exclude_graphdriver_devicemapper tag.
This (hopefully) concludes the work of removing devicemapper graph
driver.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The test pulls a new image each time instead of using the cache image.
This makes it much slower than it should be and can be flaky.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The alpine_nginx image is a static amd64 only image, just yesterday our
CI broke because the rosetta emulation stopped working. All these tests
should have no need to test emulation and should just run on native arch
here. This should also make them faster.
If we want to test emulation work it should be done in the
podman-machine-os tests instead.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When certain directories, like /tmp, get mounted over, FCOS/Linux can
act in unexpected ways. Added a sanity check for a list of directories
think might be impacted by this. Also, moved the volume parsing earlier
in the init process so we can catch problems before the expensive
decompression of machine images.
The following destinations are forbidden for volumes:
`/bin`, `/boot`, `/dev`, `/etc`, `/home`, `/proc`, `/root`, `/run`, `/sbin`, `/sys`, `/tmp`, `/usr`, and `/var`. Subdirectories
Fixes: #18230
Signed-off-by: Brent Baude <bbaude@redhat.com>
