allow podman machine to extract its disk image from an oci registry or
oci-dir locally. for now, the image must be relatively inflexible. it
must have 1 layer. the layer must possess one image. so a dockerfile
like:
FROM scratch
COPY ./myimage.xz /myimage.xz
when using an oci dir, the directory structure must adhere to the
typical directory structure of a an oci image (with one layer).
── blobs
│ └── sha256
│ ├── 53735773573b3853bb1cae16dd21061beb416239ceb78d4ef1f2a0609f7e843b
│ ├── 80577866ec13c041693e17de61444b4696137623803c3d87f92e4f28a1f4e87b
│ └── af57637ac1ab12f833e3cfa886027cc9834a755a437d0e1cf48b5d4778af7a4e
├── index.json
└── oci-layout
in order to identify this new input, you must use a transport/schema to
differentiate from current podman machine init --image-path behavior. we
will support `oci-dir://` and `docker://` as transports.
when using the docker transport, you can only use an empty transport for
input. for example, `podman machine init --image-path docker://`. A
fully quailified image name will be supported in the next iteration.
the transport absent anything means, i want to pull the default fcos
image stored in a registry. podman will determine its current version
and then look for its correlating manifest. in this default use case,
it would look for:
quay.io/libpod/podman-machine-images:<version>
that manifest would then point to specific images that contain the
correct arch and provider disk image. i.e.
quay.io/libpod/podman-machine-images:4.6-qcow2
this PR does not enable something like
docker://quay.io/mycorp/myimage:latest yet.
names, addresses, andf schema/transports are all subject to change. the
plan is to keep this all undocumented until things firm up.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Logging to os.Stdout and os.Stderr does not seem to work in
Powershell. I am not entirely certain why.
Logfiles are the best alternative I can think of.
Signed-off-by: Matt Heon <mheon@redhat.com>
Instead of trying to write out own code to do basic process
operations (e.g. checking if a PID is still running in a multi-OS
friendly manner), use shirou/gopsutil, a multi-platform library
that should abstract all the complexity away. Unlike our previous
approach on Windows, this one should actually work.
Signed-off-by: Matt Heon <mheon@redhat.com>
This includes two new hidden commands: a 9p server,
`podman machine server9p`, and a 9p client,
`podman machine client9p` with `server9p` currently only
configured to run on Windows and serve 9p via HyperV vsock, and
`client9p` only configured to run on Linux. The server is run by
`podman machine start` and has the same lifespan as gvproxy
(waits for the gvproxy PID to die before shutting down). The
client is run inside the VM, also by `podman machine start`, and
mounts uses kernel 9p mount code to complete the mount. It's
unfortunately not possible to use mount directly without the
wrapper; we need to set up the vsock and pass it to mount as an
FD.
In theory this can be generalized so that the server can run
anywhere and over almost any transport, but I haven't done this
here as I don't think we have a usecase other than HyperV right
now.
[NO NEW TESTS NEEDED] This requires changes to Podman in the VM,
so we need to wait until a build with this lands in FCOS to test.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
In the unusual case where the `runtimeDir` is not already created, we
should do so on `machine init`.
When starting gvproxy from podman, we now ensure it is running (for
applehv) but waiting for the unixgram socket to appear in the filesystem
before moving on.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
All `[]string`s in containers.conf have now been migrated to attributed
string slices which require some adjustments in Buildah and Podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add Quadlet key and disconnect relationship withr read-only
Update and add tests
Update man with new key
Remove the reference to VolatileTmpfs in the man page to reduce its
usage, since the same functionality can be achieved using the Tmpfs key
while keeping its support to maintain backward compatibility
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Docker deals with the --all flag on the client side while Podman does it
on the server side. Hence, make sure to not set the dangling filter
with two different values in the backend.
Fixes: #20469
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add podman farm build command that sends out builds to
nodes defined in the farm, builds the images on the farm
nodes, and pulls them back to the local machine to create
a manifest list.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Add emulation pkg to be used with farm build when
determining emulated platforms for the farm nodes.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Users can specify BUILDAH_ISOLATION environment variable to change the
default.
Fixes: https://github.com/containers/podman/issues/20024
Currently podman play kube is defaulting to chroot, which is the least
safe version of build, we should always default to secure whenever
possible. Chroot should only be used when building within a container.
No great way to tests this.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The endpoints to (dis-)connect networks from/to a container are
no longer no-ops. Furthermore, the 403 error handled since #20365
has been documented
Signed-off-by: Philipp Fruck <dev@p-fruck.de>
This is not used at all but causes a libimage import for non linux
builds which causes bloat for them, with the new !remote tag this is no
longer possible and we have to remove it to fix the build.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the hostNetwork option is set to true in the k8s yaml,
set the pod's hostname to the name of the machine/node as is
done in k8s. Also set the utsns to host.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
commit fa19e1baa2 partially introduced
the fix, but was merged too quickly and didn't work with remote.
Introduce a new binding to allow removing a session from the remote
client.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
In applehv, we were not killing gvproxy when stopping via podman machine rm with force.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
On darwin arm64, we need to set the location of the ovmf vars. It should be put into the imageDir (also known as as dataDir). But because qemu determines the image path late in Init(), the image path is set something like a stream marker.
Fixes#20361
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
