in various use cases, the required machine dirs are not created. the
machine dirs are runtimedir, datadir, and configdir. Example in Linux
would be:
configDir /<HOME>/.config/containers/podman/machine/<provider>
dataDir /<HOME>/.local/share/containers/podman/machine/<provider>
runtimeDir /run/user/1000/podman/machine
now we blindly create them without checking for their existence (because
it is faster).
this fixes a bug where runtimedir does not exist on macos after a reboot
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <baude@redhat.com>
this pr represents the podman 5 maching refactoring for HyperV. with
the exception of already skipped tests, all local tests pass.
Signed-off-by: Brent Baude <bbaude@redhat.com>
this is the second provider done (qemu first). all tests pass on arm64 hardware locally ... the hybrid pull from oci registries limit this to arm64 only.
calling gvproxy, waiting for it, and then vfkit seems to still be problematic. this would be an area that should be cleaned up once all providers are implemented.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The intial refactor used specifically qemu for testing and infra bring
up. But the whole point was to have things interfaced. This PR results
in an interface experience like podman 4 using the same term `provider`
to generically represent 'a provider' like qemu/applehv/etc.
This PR is required to move forward with new providers.
Also renamed pkg/machine/p5 to pkg/machine/shim.
[NO NEW TESTS REQUIRED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
The following PR is the leading PR for refactoring podman machine with
the following goals:
* less duplication/more re-use
* common configuration file between providers
* more consistentency in how machines are handled by providers
The goal of this PR is the rough refactor. There are still rough spots
for sure, specifically around the podman socket and pipe. This
implemention is only for Linux. All other providers are still present
but will not compile or work. This is why tests for them have been
temporarily suspended.
The ready socket code is another area that needs to be smoothed over.
Right now, the ready socket code is still in QEMU. Preferably it would
be moved to a generic spot where all three approaches to readiness
socket use can be defined.
It should also be noted:
* all machine related tests pass.
* make validate for Linux passes
* Apple QEMU was largely removed
* More code pruning is possible; will become clearer when other
providers are complete.
the dir pkg/machine/p5 is not permanent. i had to seperate this from
machine initially due to circular import problems. i think when all
providers are done (or nearly done), it can be placed and named
properly.
Signed-off-by: Brent Baude <bbaude@redhat.com>
this is a logical place to get changes upstream before they grow out of
control. this pr is the first in an effort to deduplicate machine code
and streamline code flow.
a lot of code is simply moved to eliminate circular imports. names and
specific paths can ultimately be changed. i dont like some of the
descriptive interface names, etc. ultimately, i think once we have the
"old" code sanitized, we can re-use some of those.
clearly some of what is in here is temporary and will either be deleted,
changed, or moved again as this effort comes to a close.
right now, the machine code does not use any of the "new" code. you
will see in `init` and `rm` some commented out code that hooks it. i'm
afraid things will get worse before they get better (way worse).
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
These should all work with the latest netavark. The ipvlan case needs a
subnet because it does not support DHCP.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman v5 will not support cgroups-v1. This commit will print a warning
if it detects a cgroups-v1 system. The warning can be hidden by setting
envvar `PODMAN_CGROUPSV1_WARNING`.
This warning is patched out for RHEL 9 builds as cgroups-v1 will still
be supported on RHEL 9 systems.
Resolves: https://issues.redhat.com/browse/RUN-1957
[NO NEW TESTS NEEDED]
Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
Co-authored-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
The `--stars` option was incorrectly documented as meaning
the number of stars to filter by. This has been corrected
to indicate that it is the minimum number of stars to filter
by.
Tweaked wording of podman-search.md stars filter text
Signed-off-by: Kaniel Kirby <piratey7007@runbox.com>
CNI is deprecated and is build tagged out for 5.0. Don't test it in our CI.
This commit also disables upgrade tests for now - those need more work since the old version of Podman only uses CNI. Upgrade tests will be re-vamped in a later commit.
Signed-off-by: Ashley Cui <acui@redhat.com>
The current field separator comma of the inspect annotation conflicts with the mount options of --volumes-from as the mount options itself can be comma separated.
Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
Irrespective of reason/cause, a commit was merged into main that broke
podman-machine, and went unnoticed for several days. Improve the
situation by including podman-machine testing in the daily cirrus-cron
builds. These are monitored by e-mail when `Total Success` reports a
failure.
Also: Add a comment for Windows & Mac build tasks, documenting the
reason they don't execute on RHEL release branches.
Signed-off-by: Chris Evich <cevich@redhat.com>
By using main instead of the v1.1 branch, we drop an unnecessary
dependency on cilium/ebpf, saving ~1mb of binary size.
Signed-off-by: Matt Heon <mheon@redhat.com>
The update to runc broke creation of devices for containers in
the pod cgroup. We don't support the device cgroup for pods at
present, so just disable it for now, resolving the issue.
Thanks to Giuseppe for finding this one!
[NO NEW TESTS NEEDED] This is a fix for broken tests
Signed-off-by: Matt Heon <mheon@redhat.com>
We were pinned to a specific commit to ensure that tests kept
passing. Hopefully they pass now, as we need to grab latest runc
for CVE fixes.
Also grab Buildah main to fix a build issue on FreeBSD. After a
botched manual vendor, I used Ed's treadmill script and squashed
it into this commit to make Git happy. Thanks bunches Ed.
Signed-off-by: Matt Heon <mheon@redhat.com>
From https://github.com/containers/automation_images/pull/325
Major change: netavark and aardvark are now included in prior-fedora,
so CNI can be fully eliminated from CI (#21410)
FIXME FIXME FIXME: skip two e2e tests, waiting for new netavark
Signed-off-by: Ed Santiago <santiago@redhat.com>
As of this commit, there are several pages worth of lint findings for
the mac. Once they're all addressed, this commit may be reverted to
enable continuous checking.
Signed-off-by: Chris Evich <cevich@redhat.com>
There are darwin-specific code paths which were not being linted prior
to this commit. Fix this with a new, darwin-specific section of the lint
runner script.
Signed-off-by: Chris Evich <cevich@redhat.com>
Fix the way we set skipTLSVerify on the client side
to ensure that the push stage in farm build takes into
account the configuration in the farm node's registries.conf
when the user hasn't set it on the client side.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Previously when a leak was detected under any circumstance, the workflow
would splat out a giant wall of gray, unreadable git-log text. This often
enormous text might contain, somewhere, possibly, maybe, a little tiny
snippet of code that leaks a secret.
Improve the situation greatly by providing easy-to-use URLs that covers
the relevant changes based on the triggering context (new pr, force-push,
or merge). Store the former (often) giant git-log output into a file
and stuff it into the artifacts in case it's ever useful.
Signed-off-by: Chris Evich <cevich@redhat.com>
Podman Desktop [1] is looking into improving the user experience which
requires to know the source of an image. Consider the user triggers an
image pull and Podman Desktop wants to figure out whether the image name
refers to a Red Hat registry, for instance, to prompt installing the RH
auth extension.
Since the input values of images may be a short name [2], Podman Desktop
has no means to figure out the (potential) source of the image. Hence,
add a new `/resolve` endpoint to allow external callers to figure out
the (potential) fully-qualified image name of a given value.
With the new endpoint, Podman Desktop can ask Podman directly to resolve
the image name and then make an informed decision whether to prompt the
user to perform certain tasks or not. This for sure can also be used
for any other registry (e.g., Quay, Docker Hub).
[1] https://github.com/containers/podman-desktop/issues/5771
[2] https://www.redhat.com/sysadmin/container-image-short-names
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
