For podman machine init, deprecate the --image-path option for --image.
--image now accepts the correct image from containers.conf
Also, add the ability to specify an OCI image from the --image flag using the docker:// transport.
Signed-off-by: Ashley Cui <acui@redhat.com>
Previously, the locks were on the provider layer, which doesn't make a vm operation with a config file update atomic. Move them up a layer, so the entire function locks while doing provider and config operations.
This adds a Remove and a Set function to the shim layer.
[NO NEW TESTS NEEDED] Unsure how to test this
Signed-off-by: Ashley Cui <acui@redhat.com>
We used to use ignition to perform any customization required for podman
machine because our input was a generic FCOS image. Now that we are
building our own images, some of this customization can be migrated to
the Containerfile itself and be less of a burden in our code at boot up.
At the time of this PR, the Containerfile can be found at
https://github.com/baude/podman-machine-images/tree/main. It is only
present for a so-called daily image. There is little liklihood that
this would the final location for the Containerfile so consider it a
working version only.
Split WSL and rest apart in the e2e tests so we no longer ppull the
generic FCOS image for testing.
Note: the change to the pull image name is so PRs are not immediately
broken that are already in the queue.
[NO NEW TESTS REQUIRED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
If we hit an error here, it will be really useful to know
- That we're trying to fetch a container image
- Which image we're trying to fetch
[NO NEW TESTS NEEDED]
Signed-off-by: Colin Walters <walters@verbum.org>
As indicated in #21849, loading the machine config can flake/fail with
an EOF JSON error indicating an incomplete file. Address the issue by
atomically writing the config. This way, it is not possible to load an
incomplete or partially written file. The lock can be acquired later on
to sync state.
[NO NEW TESTS NEEDED] as it's a hard-to-hit race.
Fixes: #21849
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Before, we required that the mount target exist and be a
directory for the 9p mount to successfully complete, which is not
how things are supposed to work - the user should be able to
mount anywhere. This should just be a simple mkdir, but with FCOS
the root directory is immutable so we need to undo that before we
can mkdir, and unfortunately we don't have a library that can do
chattr (and I didn't want to drag in a new dependency just for
that), so let's be gross and add it to the SSH command. I
aggressively dislike this but it does work.
[NO NEW TESTS NEEDED] Can worry about getting a more generic
mount test together for Machine later.
Signed-off-by: Matt Heon <mheon@redhat.com>
Matt found a bug where if a machine start did not run to completion, a
gvproxy was left around running. This gvproxy then subsequently stopped
the next attempt to start.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
So that this file can be inculded in our windows/macos packages and also
by other packagers.
Right now the default policy is allow everything but we plan to add
signing in the future.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The default policy file /etc/containers/policy.json location does not
work on windows and for packages that ship a default.
Now we search for the policy.json in the following overwrite locations:
macos and linux:
- ~/.config/containers/policy.json
- /etc/containers/policy.json
windows:
- %APPDATA%\containers\policy.json
Also it offers an additional DefaultPolicyJSONPath var that should be
overwritten at built time with the path of the file that is shipped by
packagers. Thile file is used when none of the overwrite paths exist.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This change migrates to new QEMU stream netdev added in 7.2.0.
It also unifies how gvproxy is used in QEMU and AppleHV.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
Added some tests to verify that files extractions works
with different compression format.
Created a decompressor interface with 2 main methods:
reader(): returns an io.Reader for the specific compression algorithm
copy(): extracts the compressed file into the file provided as param
Created 5 decompressor types:
- gzip: extract gzip files
- xz: extract xz files
- zip: extract zip files
- generic: extract any other file using github.com/containers/image/v5/pkg/compression
- uncompressed: only do a copy of the file
Minor fix to the progress bar instances: added a call to bar.Abort(false)
that happens before Progress.Wait() to avoid that it hangs when a bar is
not set as completed although extraction is done.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
- Listen before starting the vm
- Fix a device race caused by lazy hv_vsock init by waiting on network manager
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
... instead of using a multi-variable state machine.
The net effect of this code is exactly the same as the previous implementation,
except:
- the operation after Write() returns an error might differ
- If the file ends with zeroes, we don't Seek(-1), and
we don't create a hole at all if it is too small, preferring
to save a syscall.
But this formulation is hopefully easier to prove correct.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
- Add more test cases
- Test that we create the expected (large) holes;
don't enforce anything for the <zerosThresholt ones.
O)nly changes test code, should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Fixes the "machine rm --save-ignition --save-image" test so that it no longer
uses the `{{ .Image }}` format string.
Fixes the "init should cleanup on failure" test so that it no longer
uses the `{{ .Image }}` and `{{ .ConfigPath }}` format strings.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
We don't care about the provenance of the machine image, so this is no
longer applicable to have when displaying info.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Changes the order in which the machine-specific files are removed in
`Remove()`. Removes the system connections first, then removes the
`configPath` last. `configPath` is removed last, because in the case of
an error with any of the previous files, the removal can be attempted
again since the machine still "exists".
Made the errors in `Remove` hard errors instead of soft errors.
Added the implementation for the QEMU-specific file removal.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
When gvproxy exits it will delete the pidfile itself so we need to
account for that and juts ignore the case, it just means gvproxy was
able to exit successfully on its own.
Also remove the useless defer and return the error so we can get an
error exit code not just a print on stderr.
Currently it shows this error which is not helpful to any user:
unable to clean up gvproxy: "unable to read gvproxy pid file /run/user/1000/podman/gvproxy.pid: open /run/user/1000/podman/gvproxy.pid: no such file or directory"
[NO NEW TESTS NEEDED] TODO: make machine tests check stderr for such
things.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Copy all proxy envs into the VM on each start, this allows for updates
without having to recrate the VM. This is implemented via shell script
that is passed via ssh to the VM after it is started.
With that we now use the same logic for all providers the old fw_cfg
logic for qemu has been removed and the WSL code as well which keeps the
behavior the same.
There is a small risk now because we only update the env via ssh that
processes started before will have the old incorrect env but it should
really only effect core system processes which likely do not need them
anyway. The podman system service should not be started at this point
so it should be good enough.
It also fixes the broken behavior with SSL_CERT_FILE/SSL_CERT_DIR which
were updated on each start which is not correct as the files are only
copied with ignition so these should not be updated and just set
statically when the VM was created.
e2e test has been added to ensure the behavior works as expected.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
given that we are moving to building our own machine images, we have
decided to use zstd compression as it is superior in speed to the
alternatives. as such, this pr adds zstd to our machine code; and also
has to account for dealing with sparseness on darwin; which the default
zstd golang library does not.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
