This PR adds libkrun support to podman machine. This is an experimental feature and should not be marketed yet. Before we unmark the experimental status on this function, we will need to have full CI support and a full podman point release has pased.
This work relies on the fact that vfkit and libkrun share a reasonably (if not perfectly) same API. The --log-level debug option will not show a GUI screen for boots as krun is not capable of this.
Signed-off-by: Brent Baude <bbaude@redhat.com>
We used to use ignition to perform any customization required for podman
machine because our input was a generic FCOS image. Now that we are
building our own images, some of this customization can be migrated to
the Containerfile itself and be less of a burden in our code at boot up.
At the time of this PR, the Containerfile can be found at
https://github.com/baude/podman-machine-images/tree/main. It is only
present for a so-called daily image. There is little liklihood that
this would the final location for the Containerfile so consider it a
working version only.
Split WSL and rest apart in the e2e tests so we no longer ppull the
generic FCOS image for testing.
Note: the change to the pull image name is so PRs are not immediately
broken that are already in the queue.
[NO NEW TESTS REQUIRED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
- Listen before starting the vm
- Fix a device race caused by lazy hv_vsock init by waiting on network manager
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Copy all proxy envs into the VM on each start, this allows for updates
without having to recrate the VM. This is implemented via shell script
that is passed via ssh to the VM after it is started.
With that we now use the same logic for all providers the old fw_cfg
logic for qemu has been removed and the WSL code as well which keeps the
behavior the same.
There is a small risk now because we only update the env via ssh that
processes started before will have the old incorrect env but it should
really only effect core system processes which likely do not need them
anyway. The podman system service should not be started at this point
so it should be good enough.
It also fixes the broken behavior with SSL_CERT_FILE/SSL_CERT_DIR which
were updated on each start which is not correct as the files are only
copied with ignition so these should not be updated and just set
statically when the VM was created.
e2e test has been added to ensure the behavior works as expected.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
given that we are moving to building our own machine images, we have
decided to use zstd compression as it is superior in speed to the
alternatives. as such, this pr adds zstd to our machine code; and also
has to account for dealing with sparseness on darwin; which the default
zstd golang library does not.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Moving from Go module v4 to v5 prepares us for public releases.
Move done using gomove [1] as with the v3 and v4 moves.
[1] https://github.com/KSubedi/gomove
Signed-off-by: Matt Heon <mheon@redhat.com>
this pr represents the podman 5 maching refactoring for HyperV. with
the exception of already skipped tests, all local tests pass.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The following PR is the leading PR for refactoring podman machine with
the following goals:
* less duplication/more re-use
* common configuration file between providers
* more consistentency in how machines are handled by providers
The goal of this PR is the rough refactor. There are still rough spots
for sure, specifically around the podman socket and pipe. This
implemention is only for Linux. All other providers are still present
but will not compile or work. This is why tests for them have been
temporarily suspended.
The ready socket code is another area that needs to be smoothed over.
Right now, the ready socket code is still in QEMU. Preferably it would
be moved to a generic spot where all three approaches to readiness
socket use can be defined.
It should also be noted:
* all machine related tests pass.
* make validate for Linux passes
* Apple QEMU was largely removed
* More code pruning is possible; will become clearer when other
providers are complete.
the dir pkg/machine/p5 is not permanent. i had to seperate this from
machine initially due to circular import problems. i think when all
providers are done (or nearly done), it can be placed and named
properly.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The remote user functionality was not quite correct. This PR breaks out
the accumulation of user descriptions into a separate function. One
odditiy is ignition must be told to NOT create the core user (or it will
by default) by "adding" the core user with a set bool.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
There is a network stability issue in qemu + virtio, affecting
some users after long periods of usage, which can lead to
suspended queue delivery. Until the issue is resolved, add a
temporary recovery service which restarts networking when host
communication becomes inoperable.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
There are no security concerns here; this is a convenience
for people debugging things. Some podman-machine developers
were manually setting a password over SSH for example,
but this is just better than that.
[NO NEW TESTS NEEDED]
Signed-off-by: Colin Walters <walters@verbum.org>
fix https://github.com/containers/podman-desktop/issues/5282
With FCOS we have a limit of 2048 files
But when launching containers like kind containers, we're reaching
easily the limit.
AFAIK as it's inside a dedicated machine, limit should be max
Limit should be only at the container level.
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
Uses the systemd unit file parser to build unit files instead of having
them be just blocks of hard-coded strings.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves all of the ignitionfiles out of the `machine` package and into
its own called `ignition`. This required `VMType` to get moved out of
the `machine` package and into the `define` package in order to prevent
a circular dependency.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
