Checking for the mountdir is not relevent, a recent c/storage change[1] no
longer deletes the mount point directory so the check will cause a false
positive. findmnt exits 1 when the given path is not a mountpoint so
let's use that to check.
[1] 3f2e81abb3
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Previously, the locks were on the provider layer, which doesn't make a vm operation with a config file update atomic. Move them up a layer, so the entire function locks while doing provider and config operations.
This adds a Remove and a Set function to the shim layer.
[NO NEW TESTS NEEDED] Unsure how to test this
Signed-off-by: Ashley Cui <acui@redhat.com>
It works (verified in #17831). Imperfectly, because Macs don't
have a useful awk, so we can't get timestamps. I will, in time,
look into adding the timestamp functionality to logformatter
itself.
Also imperfect because it's not linkifying: source code paths
are dead text. I need to fix that, too, in logformatter, by
having it recognize /Users/Mac paths.
Imperfect as it may be, it was quick, and I think could provide
good bang for the buck in these Mac-intensive debugging days.
Signed-off-by: Ed Santiago <santiago@redhat.com>
We used to use ignition to perform any customization required for podman
machine because our input was a generic FCOS image. Now that we are
building our own images, some of this customization can be migrated to
the Containerfile itself and be less of a burden in our code at boot up.
At the time of this PR, the Containerfile can be found at
https://github.com/baude/podman-machine-images/tree/main. It is only
present for a so-called daily image. There is little liklihood that
this would the final location for the Containerfile so consider it a
working version only.
Split WSL and rest apart in the e2e tests so we no longer ppull the
generic FCOS image for testing.
Note: the change to the pull image name is so PRs are not immediately
broken that are already in the queue.
[NO NEW TESTS REQUIRED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
If we hit an error here, it will be really useful to know
- That we're trying to fetch a container image
- Which image we're trying to fetch
[NO NEW TESTS NEEDED]
Signed-off-by: Colin Walters <walters@verbum.org>
Upgrade-from-v4.1 was temporarily disabled in #21618: we brought
in new CI VMs, and v4.1 setup no longer works. Nobody quite
understands why, and we've hit diminishing returns in the
investigation (#21863). The current thinking is that it
is related to netavark, and versions < 1.3 do not work
in the current f39 VMs. (No clue why, because f39 kernel
did not change in #21618).
Anyhow, reenable the pre-4.8 upgrade test, using v4.3.1
which has netavark-1.4.0 which seems to work fine. For now.
Also, some upgrade test cleanup:
- Skip, not fail, if initial setup fails. Makes for less noisy logs.
- Remove duplicate --pid=host
- Ports: 808x -> 909x, because 8081 is used by restraint on 1mt
Signed-off-by: Ed Santiago <santiago@redhat.com>
Like docker podman network inspect should output the information of
running container with their ip/mac address on this network.
However the output format is not docker compatible as this cannot
include all the info we have and the previous output was already not
compatible so this is not new.
New example output:
```
[
{
...
"containers": {
"7c0d295779cee4a6db7adc07a99e635909413a390eeab9f951edbc4aac406bf1": {
"name": "c2",
"interfaces": {
"eth0": {
"subnets": [
{
"ipnet": "10.89.0.4/24",
"gateway": "10.89.0.1"
},
{
"ipnet": "fda3:b4da:da1e:7e9d::4/64",
"gateway": "fda3:b4da:da1e:7e9d::1"
}
],
"mac_address": "1a:bd:ca:ea:4b:3a"
}
}
},
"b17c6651ae6d9cc7d5825968e01d6b1e67f44460bb0c140bcc32bd9d436ac11d": {
"name": "c1",
"interfaces": {
"eth0": {
"subnets": [
{
"ipnet": "10.89.0.3/24",
"gateway": "10.89.0.1"
},
{
"ipnet": "fda3:b4da:da1e:7e9d::3/64",
"gateway": "fda3:b4da:da1e:7e9d::1"
}
],
"mac_address": "f6:50:e6:22:d9:55"
}
}
}
}
}
]
```
Fixes#14126
Fixes https://issues.redhat.com/browse/RHEL-3153
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
As indicated in #21849, loading the machine config can flake/fail with
an EOF JSON error indicating an incomplete file. Address the issue by
atomically writing the config. This way, it is not possible to load an
incomplete or partially written file. The lock can be acquired later on
to sync state.
[NO NEW TESTS NEEDED] as it's a hard-to-hit race.
Fixes: #21849
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Before, we required that the mount target exist and be a
directory for the 9p mount to successfully complete, which is not
how things are supposed to work - the user should be able to
mount anywhere. This should just be a simple mkdir, but with FCOS
the root directory is immutable so we need to undo that before we
can mkdir, and unfortunately we don't have a library that can do
chattr (and I didn't want to drag in a new dependency just for
that), so let's be gross and add it to the SSH command. I
aggressively dislike this but it does work.
[NO NEW TESTS NEEDED] Can worry about getting a more generic
mount test together for Machine later.
Signed-off-by: Matt Heon <mheon@redhat.com>
Matt found a bug where if a machine start did not run to completion, a
gvproxy was left around running. This gvproxy then subsequently stopped
the next attempt to start.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
I'm tired of this flake, it's hitting us ~once/day. Root cause
still unknown.
Workaround: add a READY file to the http server, and run 'curl'
until we get it. Tested in #17831 for the last two weeks, flake
has not been seen even once since then.
Closes: #21649
Signed-off-by: Ed Santiago <santiago@redhat.com>
This is needed by podman desktop CI, to ensure their 'latest' testing
jobs continuously and exactly match the podman repository state +
related binaries.
Signed-off-by: Chris Evich <cevich@redhat.com>
vfkit needs the com.apple.security.virtualization entitlement or it
wont' be able to start virtual machines:
Error: Error Domain=VZErrorDomain Code=2 Description="Invalid virtual machine configuration. The process doesn’t have the “com.apple.security.virtualization” entitlement." UserInfo={
NSLocalizedFailure = "Invalid virtual machine configuration.";
NSLocalizedFailureReason = "The process doesn\U2019t have the \U201ccom.apple.security.virtualization\U201d entitlement.";
}
This fixes https://github.com/containers/podman/issues/21842
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
When there is no signing identity to pass to the macOS `codesign` tool,
we can use `-` instead as the identity to perform ad-hoc signing.
From `man codesign`:
> If identity is the single letter "-" (dash), ad-hoc signing is
> performed. Ad-hoc signing does not use an identity at all
This makes it easier to test the sign() code-path in package.sh as
we'll run the same code regardless of `NO_CODESIGN` being set or not.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Source: https://github.com/containers/automation_images/pull/331#issuecomment-1966677347
Kludgy VM build, because rawhide rc6 kernel is still not stable.
I would like to merge this anyway, because the rawhide hang is
hurting us badly. (I am not guaranteeing that this fixes the hang).
Also: new Windows VM has WiX 3.14 (up from 3.11).
Signed-off-by: Ed Santiago <santiago@redhat.com>
At least in all recent Fedora releases, SOURCE_DATE_EPOCH would be set. But the
build should work even if it not set, e.g. in copr builds on c8s. Add 'date +%s'
as a fallback.
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
This is a copy-paste of commit eaa62a52 in podman fedora dist-git.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This config needs to be included for podman machine pulls to work and
set MACHINE_POLICY_JSON_DIR so that the file should be located next to
the binary.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
