Modifies the "Remove machine" test to verify the system connections are
handled properly on removal.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
gvproxy and win-sshproxy have capabilities to serve this type of enpoint.
This change only adds one additional API enpoint publishing by appending
proxy command lines.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
Podman machine list now supports a new option, --all-providers, which lists all machines from all providers.
Signed-off-by: Ashley Cui <acui@redhat.com>
Example:
DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"
Sets three variables "VAR1", "VAR2", "VAR3".
Double quote is not escaped, as there is no chance it appears in a proxy value. User can still espace it if really necessary
Signed-off-by: Philippe Martin <phmartin@redhat.com>
In case of timeouts actually log the command again and make sure to send
SIGABRT to the process as go will create a useful stack strace where we
can see where things are hanging. It also kill the process unlike the
default Eventually().Should(Exit()) call the leaves the process around.
The output will be captured by default in the log so we just see the
stack trace there.
And while at it bump the timout up to 10 mins, we are hitting hard
flakes in CI where machine init takes longer than 5 mins for unknown
reasons but this seems to be good enough.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently all podman machine rm errors in AfterEach were ignored.
This means some leaked and caused issues later on, see #22844.
To fix it first rework the logic to only remove machines when needed at
the place were they are created using DeferCleanup(), however
DeferCleanup() does not work well together with AfterEach() as it always
run AfterEach() before DeferCleanup(). As AfterEach() deletes the dir
the podman machine rm call can not be done afterwards.
As such migrate all cleanup to use DeferCleanup() and while I have to
touch this fix the code to remove the per file duplciation and define
the setup/cleanup once in the global scope.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
On linux and macos the connections are stored under the home dir by
default so it is not a problem there but on windows we first check
the APPDATA env and use this dir as config storage. This has the problem
that it is not cleaned up after each test as such connections might leak
into the following test causing failues there.
Fixes#22844
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Close loophole that would allow you to assign more memory than the
system has to a podman machine
Fixes: #18206
Signed-off-by: Brent Baude <bbaude@redhat.com>
This PR is a couple of small fixes so that our CI would be capable of running the machine test suite on the libkrun provider.
RUN-2172
Signed-off-by: Brent Baude <bbaude@redhat.com>
Stop copying the pre-pulled uncompressed machine disk into the individual test dir. The machine pull code already makes a copy of the disk into the test's HOMEDIR/.local/share/containers/podman/machine, and works off that copy.
Before the change: TESTDIR/<image> is copied to TESTDIR/podman_test/<image> by the test, and then podman machine copies the image to TESTDIR/podman_test/.local/share/containers/podman/machine/provider/<image>
After the change: TESTDIR/<image> is copied to TESTDIR/podman_test/.local/share/containers/podman/machine/provider/<image> by podman machine
The image that is actually run is at TESTDIR/podman_test/.local/share/containers/podman/machine/provider/<image> in both instances.
Signed-off-by: Ashley Cui <acui@redhat.com>
I'm hitting a bug with 9p when trying to transfer large files.
In RHEL at least 9p isn't supported because it's known to have a
lot of design flaws; virtiofsd is the supported and recommended
way to share files between a host and guest.
Add a new hidden `PODMAN_MACHINE_VIRTFS` environment
variable that can be set to `virtiofs` to switch to virtiofsd.
Signed-off-by: Colin Walters <walters@verbum.org>
Previously, the mac podman-machine tests installed rosetta before
executing any tests. As a best-practice (and because the Macs in CI are
shared) tests should never permanently modify the system. As of this
commit, the system setup script used for the CI Macs does the rosetta
installation. Remove the test setup code that installed rosetta and
add a CI-level confirmation that it's been pre-installed.
Signed-off-by: Chris Evich <cevich@redhat.com>
AppleHV accepts a max 36 bytes for mount tags. Instead of using the fully qualified path for the mount tag, SHA256 the path, and truncate the shasum to 36 bytes.
Also correctly escape dashes in mounted paths.
Signed-off-by: Ashley Cui <acui@redhat.com>
Cache cleanups only happen if there is a cache miss, and we need to pull a new image
For quay.io/podman/machine-os, we remove all old images from the cache dir. This means we will delete any file that exists in the cache dir; this should be safe to do since the machine pull code should be the only thing touching this cache dir. OCI machine images will always have a different manifest, and won’t be updated with the same manifest, so if the version moves on, there isn’t a reason to keep the old version in the cache, it really doesn’t change.
For Fedora (WSL), we use the cache, so we go through the cache dir and remove any old cached images, on a cache miss. We also switch to using ~/.local/share/containers/podman/machine/wsl/cache as the cache dir rather than ~/.local/share/containers/podman/machine/wsl. Both these behaviors existed in v4.9, but are now added back into 5.x.
For generic files pulled from a URL or a non-default OCI image, we shouldn’t actually cache, so we delete the pulled file immediately after creating a machine image. This restores the behavior from v4.9.
For generic files from a local path, the original file will never be cleaned up
Unsure how to test, so:
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
Non-Linux systems, such as BSD kernels, constrain xatter updates
according to file permissions. This is in contrast to Linux selinux
attr writes, which are governed by an selinux policy. By dafault this
policy apllows users to relabel files owned by themselves even if file
perms would otherwise disallow write.
This results in robust container relabeling results on Linux, and
fragile results everywhere else. Therefore, change the mac policy to
force the nfs_t context on all files, and ignore all relabel
events.
As a side-effect, this will disallow any ability to store custom
selinux constants on files. However, this is of limited use in
a machine context, since files in these volumes are externally
managed on systems which do not support SELinux.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
I am really not sure why the caller even should have the option to set
this. We should always use the correct isolation type based on the
privileges the server runs under never the client. podman-remote build
seems to send the default based on its local privs which was wrong as
well. To fix this I also changed the client to send the default if the
isolation flag is not set.
Fixes#22109
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We need to take another lock to prevent concurrent starts from different
machines.
I manually tested it by starting three VM in parallel with:
podman machine start & podman machine start test1 & podman machine start test2
I also added a CI test that seems to work as expected (failed with the
old binary, worked with the new)
Before this patch I was able to start more than VM, with this patch it
now only starts one of them and the other ones will fail to start with
a proper error.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- Fixes conflicts such as removal of second machine deleting a socket of a
the first machine while it's running
- Move API socket into runtime directory for consistency
- Add API and gvproxy sockets to removal list
- Cleanup related logic
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Neither of the SparseWriter users actually _wants_ the underlying
WriteSeeker to be closed; so, don't.
That makes it clear where the responsibility for closing the file
lies, and allows us to remove the reliance on the destinations
reliably returning ErrClosed.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
