add the key used in newly initialized machines to the user's known_hosts file. This ensures that golang will be able to ssh into the machine using
podman-remote. Also, remove the /dev/null redirection for podman machine ssh's known_hosts file.
resolves#15347
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Package `io/ioutil` was deprecated in golang 1.16, preventing podman from
building under Fedora 37. Fortunately, functionality identical
replacements are provided by the packages `io` and `os`. Replace all
usage of all `io/ioutil` symbols with appropriate substitutions
according to the golang docs.
Signed-off-by: Chris Evich <cevich@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The new apple silicon processesors (m1/m2) are capable of using a performent apple
hypervisor (included in macos). Our "virtual providers" for podman
machine are part of an interface design. This PR provides an
implementation of the interface to begin the work for supporting the
apple hypervisor. It is basically only a skeletal PR.
The actual code for using the hypervisor and launching a machine will
come as several new PRs following the inclusion of this one.
There will likely be code reuse between the applehv and qemu code; but
none of that code is being moved at this time. It will be moved "on
demand" during development.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Before making / mutable/immutable, podman-machine checks if the mount is
being done in /home or /mnt. However the current check is always going
to be true:
```
!strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt")
```
is false when mount.Target starts with "/home" and mount.Target starts
with "/mnt", which cannot happen at the same time.
The correct check is:
```
!strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt")
```
which can also be written as:
```
!(strings.HasPrefix(mount.Target, "/home") || strings.HasPrefix(mount.Target, "/mnt"))
```
The impact is not too bad, it results in extra 'chattr -i' calls which
should be unneeded.
[NO NEW TESTS NEEDED]
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
qemu fails when the same `fw_cfg` options is used more than once.
Since the current logic always adds a new option on each machine load
this will fail on the second start.
We can fix this by checking if the option is already set and replace but
I think it is easier to just not commit the option in the config and add
it dynamically on start. User that hit this bug have to recreate the
machine.
[NO NEW TESTS NEEDED]
Fixes#14636Fixes#14837
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When trying to connect to the qemu ready socket we should check if the
qemu process is still running, if it is not we can just error out. There
is no point in retrying.
To do so we have to directly call wait with WNOHANG.
Also change StartProcess to os/exec package which is higher level and
allows us to use a buffer as qemu stderr fd.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
qemu need the id to start with a letter for some reason.
If this is not the case qemu will fail:
```
qemu-system-x86_64: -device virtserialport,chardev=ad053e0bb519f_ready,name=org.fedoraproject.port.0: Property 'virtserialport.chardev' can't find value 'ad053e0bb519f_ready'
er
Identifiers consist of letters, digits, '-', '.', '_', starting with a letter.
```
To fix this we just add an "a" in front of it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This addresses:
Symlinks don't work on podman machine on macOS Monterey when using volumes feature #13784
This change does NOT exactly fix the bug, but it does allow the user to
work around it via 'podman init' option, e.g.:
podman machine init -v "$HOME/git:$HOME/git:ro:security_model=none"
If the default security model were to be changed to 'none', then that
would fix the bug, at the possible cost of breaking any use cases that
depend on 'mapped-xattr'.
The documentation of the purpose and behavior of the different security
models seems to be rather light:
https://wiki.qemu.org/Documentation/9psetup#Starting_the_Guest_directly
From testing, it appears that the mapped-xattr security model intends to
manage symlinks such that the guest can see the symlinks but the host
only sees regular files (with extended attributes). As far as I can
tell, this behavior only makes sense when the guest is the only thing
that ever needs to create and read symlinks. Otherwise, symlinks created
on the host are unusable on the guest, and vice versa.
As per the original commit: 8e7eeaa4dd14621bda15e396fcd7b9187bc500c5
[NO NEW TESTS NEEDED]
Also document existing ro and rw options.
Also remove misleading statement about /mnt. By my observation, this
line is incorrect. If the intended meaning is different, then I don't
understand.
The default volume is mounted read/write and is not within /mnt.
[core@localhost ~]$ mount | grep 9p
vol0 on /Users/chickey type 9p (rw,relatime,sync,dirsync,access=client,trans=virtio)
Signed-off-by: Corey Hickey <chickey@tagged.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Connecting with `podman machine ssh` can results in the following
warning:
```
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
```
Best would probably be to remove `LC_ALL` (and other locale and lang
env vars) from `/etc/ssh/sshd_config.d/50-redhat.conf` in the CoreOS
image, but I'm not terribly sure how, so this is a quick alternative.
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
Machine can only run on amd64 and arm64 platforms so we need to make
sure the test are only run on those platforms. We do not have CI checks
for this but it fails in debian build infra since debian supports many
other architectures as well.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- New `VMPidFilePath` field in MachineVM config holds the path for the
qemu PID file
- qemu is now started with the `-pidfile` argument set to `VMPidFilePath`
- Machines created before this won't have the VM PID file configured,
stopping these VMs will revert back to waiting on the state to change
away from `Running`, plus an added 2s sleep to give time for the VM to
exit and to avoid potential issues
- Machines created after this will have a VM PID file configured and
stopping the machine will wait indefinitely for the VM to exit
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
This PR covers two edge cases discovered by fiddling with machine
manually. It is possible (like after a manual cleanup of a machine)
that a leftover qemu socket file can indicate the prescense of a machine
running.
Also, reveal the error of a Exec.Command by wrapping the generic error
around what was in stderr.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
* Replace "setup", "lookup", "cleanup", "backup" with
"set up", "look up", "clean up", "back up"
when used as verbs. Replace also variations of those.
* Improve language in a few places.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Interrupting a `podman machine start` (ex: with CTRL-C) would leave
`Starting: true` in the machine's config file. Due to #14469 any
subsequent starts would fail since Podman would think the machine is
still in the process of starting.
Fixed here by listening for the interrupt signal and setting `Starting:
false` in the event.
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
The nolintlint linter does not deny the use of `//nolint`
Instead it allows us to enforce a common nolint style:
- force that a linter name must be specified
- do not add a space between `//` and `nolint`
- make sure nolint is only used when there is actually a problem
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When calling QEMU, the CPU arch should be host, and highmem should be on, or else the VM start fails.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
- The State() function now returns machine.Starting status instead of an
empty string if the VM is in the process of starting.
- The `CheckExclusiveActiveVM()` function returns `true` to prevent
starting a VM while another is in the process of starting.
- `podman machine ls` displays "Currently starting" under "Last Up" for
the starting VM
- `podman machine ls` supports `{{.Starting}}` boolean field in the format
- `podman machine inspect` displays "starting" in the "State" field for
the starting VM
Signed-off-by: Shane Smith <shane.smith@shopify.com>
Running `podman machine start` twice at the same time in different
terminals, for example, will make the second invocation fail and the
first one hang.
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
In #13466 the ability to force remove a machine while it's running was
added but it did not first stop the machine, all files get deleted but
the qemu VM would essentially be orphaned.
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
For consumers of the podman.sock who want a predictable way to find the
podman sock, we now include it under 'ConnectionConfig' in podman
machine inspect.
Fixes: #14231
Signed-off-by: Brent Baude <bbaude@redhat.com>
Currenlty this ssh warning is printed everytime:
`Warning: Permanently added '[localhost]:33915' (ED25519) to the list of known hosts.`
Since this is very anoying and makes it harder to capture the actual
command output we should silence this. With log level error we will only
see the important messages from ssh.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
this allows users to use a qemu installation that is
not in the default /usr/local/bin location
a user can configure engine.helper_binaries_dir key
or update PATH to include the installation location
to find the qemu binary
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
This commit replaces `ioutil.TempDir` with `t.TempDir` in tests. The
directory created by `t.TempDir` is automatically removed when the test
and all its subtests complete.
Prior to this commit, temporary directory created using `ioutil.TempDir`
needs to be removed manually by calling `os.RemoveAll`, which is omitted
in some tests. The error handling boilerplate e.g.
defer func() {
if err := os.RemoveAll(dir); err != nil {
t.Fatal(err)
}
}
is also tedious, but `t.TempDir` handles this for us nicely.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
podman system reset did not clean up machines fully, leaving some config
files, and breaking machines. Now it removes all machines files fully.
Signed-off-by: Ashley Cui <acui@redhat.com>
The errcheck linter makes sure that errors are always check and not
ignored by accident. It spotted a lot of unchecked errors, mostly in the
tests but also some real problem in the code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>