now that we use `bootc switch` for changing out-of-band updates, we can
consider also using some of their supported transports.
* containers-storage
* oci
* oci-archive
* registry
RUN-3963
Signed-off-by: Brent Baude <bbaude@redhat.com>
this fixes two bugs in Hyper-V VM ignition handling:
1. Changed `err := readAndSplitIgnition()` to
`err = readAndSplitIgnition()` so the deferred cleanup function can
properly detect errors and clean up ignition
2. The function was trying to remove keys with pattern `vm.ElementName + index`, but
the actual keys were created using `"ignition.config." + index` pattern.
It also improve the deletion by calculating in how many parts the ignition file is splitted when being added in the registry and delete just them instead of blidnly iterating through 0-50.
Signed-off-by: lstocchi <lstocchi@redhat.com>
Implements automatic OS upgrade functionality for Podman machines that requires no user input beyond running the command. The upgrade logic automatically determines the appropriate upgrade path using a three-way comparison between client version, machine version, and OCI registry:
* When the client version is older than the machine version, no action is taken and an error is returned.
* When the client version matches the machine version, the OCI registry is queried to check for in-band updates by comparing image digests. This handles minor, patch level, and updates oci image use cases.
* When the client version is newer than the machine version, the machine is upgraded to match the client's major.minor version.
* No manual image selection or version specification required.
The command supports dry-run mode and JSON (only) output format for automation.
Signed-off-by: Brent Baude <bbaude@redhat.com>
When startVM fails quickly, CleanupGVProxy may attempt to read the
gvproxy.pid file before gvproxy has written it, causing cleanup to
fail.
This commit adds retry logic that waits up to 2 seconds for the PID
file to appear.
Signed-off-by: lstocchi <lstocchi@redhat.com>
Podman 5.x and earlier required to run as admin to work with Hyper-v.
Starting from Podman 6 this is not mandatory anymore as Registry
entries are handled differently. However, it may
happen the user have a legacy machine running when switching to Podman 6
or starts an old machine in elevated mode and then tries to stop it as a
normal user with Podman 6. If that happens the system will end up in a corrupted state
as the gvproxy process will not be stopped.
To prevent such scenario and issues, this commit maintains the original
behavior Podman 5.x has. Legacy Hyper-v machines needs to be handled
with elevated rights.
Signed-off-by: lstocchi <lstocchi@redhat.com>
Instead of using rpm-ostree, we now use bootc for os apply. the
implementation is a little murky right now and will require some cleanup
to implement bootc's transports. for now, we only support oci images
from registries.
once we have an upgrade command, the transports can be added and the
docs for apply can be ammended to be more clear.
Fixes: RUN-3836
Signed-off-by: Brent Baude <bbaude@redhat.com>
This PR removes support for Intel Apple Macs. The removal includes
impacts to code, tests, Makefile, builds, release builds, and so forth.
Fixes Jira: RUN-3621
Signed-off-by: Brent Baude <bbaude@redhat.com>
Update GetAll() and GetByVMType() to add a check to prevent non hyper-v admin users to
interact with hyperv machines.
Users can work with hyperv machines only with elevated rights or if
members of the hyperv administrators group
Signed-off-by: lstocchi <lstocchi@redhat.com>
The WSL machine start was using the function FindExecutablePeer that
ignores user configuration (helper_binaries_dir). FindHelperBinary
instead is used when starting the machine for the rest of the providers
and honors user configuration.
This commit requires 4877783c37
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
The virtiofs mount points do not actually are network mounts so we can
mount them earlier and using multi-user.target to enable them was wrong.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
if users have legacy VMs (podman machines having hvsock registry entries
with the machineName field) when using podman with this patch, their
Registry entries will never be deleted by the functions added in
previous commits.
This commit adds a helper func to clean the Registry when these legacy
machines get removed
Signed-off-by: lstocchi <lstocchi@redhat.com>
Previously, each new HyperV Podman machine required creating new hvsock
registry entries, necessitating administrator privileges.
This change modifies the HyperV provider to reuse existing hvsock
entries if found. This is possible due to Podman's current
limitation of running only one HyperV machine at a time.
As a result, administrator privileges are only needed for the first initial
machine setup (when the registry is empty). Subsequent machines can be created by users in the
"Hyper-V Administrators" group without being Admin.
Hvsock entries are no longer deleted on each machine removal; cleanup
is handled when the last machine gets removed.
Signed-off-by: lstocchi <lstocchi@redhat.com>
this commit moves the HasAdminRights func from the wsl package to a generic windows package as this could also be used by the HyperV provider.
Signed-off-by: lstocchi <lstocchi@redhat.com>
There is a couple of newGenericDecompressor function usages, where
returned possibly non-nil `err` is not checked before dereferencing
returned decompressor. It may lead to nil ptr dereferencing.
This commit adds check for `err` to prevent dereferencing potentially
nullable decompressor.
Found by Linux Verification Center (linuxtesting.org) with SVACE
Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
When starting a machine and the user has not explicitly passed
-u=true|false AND stdin is a not a tty, we should not prompt to update
connections.
Fixes: #27556
Signed-off-by: Brent Baude <bbaude@redhat.com>
Now that Podman 6.0 no longer supports Intel Macs, use libkrun as the
default machine provider.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
this pr is a follow on to #27493. it adds support for hyperv "fake"
images and suggests a benefit in terms of test speed. for hyperv, we
create a generic 4MB vhdx and stick it into the temp dir. this saves us
from any image copy or compression.
i also followed up on a few comments Paul made about using windows|unix
instead of each platform.
Signed-off-by: Brent Baude <bbaude@redhat.com>
While doing the provider obfuscation, I injected a regression where
podman ssh machine failed. The regression was added in
0f22c1c772. I have fixed the regression
and added a test to prevent future occurance.
Fixes: #27491
Signed-off-by: Brent Baude <bbaude@redhat.com>
In tests that do not start a machine, we can use "fake" images to speed
up tests. In the case of darwin and Linux, that can be /dev/null. The
hypervisors don't care.
In the case of Windows, some research will need to be done to determine
the same approach but this is a start.
Signed-off-by: Brent Baude <bbaude@redhat.com>
In my previous PR, #27405, the optional WSL tests do not pass because of
an early return consistent with WSL's networking. This PR corrects the
problem.
Fixes: #27469
Signed-off-by: Brent Baude <bbaude@redhat.com>
This allows users to set the associated machine's system connection to the system default when running `podman machine init --now` or `podman machine start`. It also changes the default bbehavior of these commands in that the user will be prompted and asked if they would like to switch the system connection. It also introduces a command line switch called `--update-connection`. If the switch is unset, then the user will be prmpted. If the command value is explicitly set to `false`, the user will not be prompted and the system connection will not be altered. If the value is set to `true`, the system connection will be made the default and the user will not be prompted.
Fixes: https://issues.redhat.com/browse/RUN-3632
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fixes a regression introduced by b2e6d53 that made always failing the
match of the WSL image from the registry with the image in the local
cache. The result was that the WSL machine image was always pulled from
quay.io even if an identical image was in the local cache.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
A condition was changed in the refgactor of init where duplicate names would be allowed but no machine was created. Duplicate names are not permitted and should return an error.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Add the ability for users to override the default provider when creating mahcines. The new flag is `--provider` and allows you to specifiy a valid vmtype for the platform. This PR also removes the previous list test where we tested listing all providers. I added a PR for testing --provider which includes a standard `machine ls` which defaults now to showing all providers.
Signed-off-by: Brent Baude <bbaude@redhat.com>
For Podman 6, we still have providers and will continue to have a default provider for each platform. But where a platform has multiple providers, we want users to be able to cross provider boudnaries imposed in Podman 4/5. The key change is to look up virtual machines by name, as before, but to then also iterate all possible providers. As of this PR, init will still only create with the default provider, but a subsequent PR will introdouce an provider override.
I also removed the "--all-providers" command line option on `podman
machine ls` because it no longer makes sense. And I marked the all
provider list test to be skipped.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Tremendous amount of changes in here, but all should amount to
the same thing: changing Go import paths from v5 to v6.
Also bumped go.mod to github.com/containers/podman/v6 and updated
version to v6.0.0-dev.
Signed-off-by: Matt Heon <mheon@redhat.com>
