I298 hyperv#28691
Closed
lstocchi wants to merge 105 commits into
Closed
Conversation
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
WriteConfig does not appear to have any users. This commit removes it. WriteConfig was the only user of the VM interface, and it was unused and removed in f3c82a9. The VM interface can also be removed. This was made obsolete by the big refactoring which happened around commits b1ce6ef, d7cb664, ... Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Move comment next to the code it applies to instead of having an extra blank line between comment and code. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
It was marked as nolint:unused as part of containers#21747 One comment says this code will be removed later when the port cleanup logic is added. This was more than a year ago, I’ll assume it’s now ok to remove these. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Its only user is GetSSHKeys in the same package. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
It’s no longer used since 10d6586 "Makefile: use order-only prereq for podman-remote" The golang bug it was introduced for was fixed in go 1.20, see golang/go#12524 (comment) and https://go-review.googlesource.com/c/go/+/446178 This means the comment below was most likely no longer relevant, and mDNS should now work even without cgo, but I did not test it. > Need to use CGO for mDNS resolution, but cross builds need CGO disabled > See golang/go#12524 for details Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Printing structs containing VMFile will be easier/more readable.
This has the side-effect of suppressing compile time errors when doing:
fmt.Sprintf("%s", vmFile)
which could be an issue.
This abstracts the image pulling code away from shim.Init and from the machine providers. It's possible to override the default image puller from define.InitOpts. This is meant for external users of podman-machine who reuse its code to start virtual machines.
This will allow podman machine users (crc) to provide their own SSH keys. The public SSH key should be made optional, I believe it's only needed when the VM is configured through ignition (and possibly for WSL)
based on what is the caller the code should behave differently, and so we should allow to define a specific path for the config/data/runtime directories. This way, when launching podman and macadam, we can separate their context and they can work separately without misbehavior. Signed-off-by: lstocchi <lstocchi@redhat.com>
when using a RHEL VM cloud-init is preferred over ignitioni for customizing the VM. With crc-org/vfkit#208 vfkit will be able to accept raw config files to enable cloud-init. This patch adds the logic to create a user-data config file to register users + their ssh key by leveraging cloud-init Signed-off-by: Luca Stocchi <lstocchi@redhat.com>
in the current implementation gvproxy gets killed (SIGKILL), however this does not allow gvproxy to dispose its resources. This patch uses the Terminate func to send a SIGTERM to gvproxy so that it can gracefully stop and deletes its resources. This would prevent the caller from being responsible of the clean and prevent some annoying issues. A problem caused by a socket not being disposed is crc-org/macadam#86 Signed-off-by: Luca Stocchi <lstocchi@redhat.com>
every time we create a new VM using macadam on WSL it gets prepend the string "podman". However, this could cause some error if users try to create two machine with the same name using both podman and macadam. This patch allows to customize the prefix, so in macadam (and any other tool that uses podman in the backend) we can easily prevent an overlapping in dist name by adding a different prefix. Signed-off-by: lstocchi <lstocchi@redhat.com>
podman-machine is forwarding some podman-specific sockets from the VM to the host, which requires ssh access to the VM and the use of gvproxy. This is not needed by macadam, and is currently detrimental as we want to allow to run unmodified VM images. This commit adds a new `Capabilities` struct to the vmconfigs, which will be used for such optional features. podman-machine will enable socket forwarding, but macadam will be able to opt out of it, and the podman-machine code is modified to only try to forward sockets when the capability is enabled.
This does more than just disabling forwarding of the podman socket, this also disables the "linger" configuration, and podman-specific configuration such as registries. `ForwardSockets` could be renamed to something more generic such as `SetupPodman`
podman-machine currently adds a `podman-ready` systemd unit to its virtual machine. This unit sends a signal to the host to indicate the guest OS has finished booting. This is unwanted for macadam which aims at running unmodified VM images. This commit uses the Capabilities mechanism to make this podman-machine feature optional.
This adds a helper returning an []byte for the user-data. This will be useful in the next commits to generate an ISO with cloud-init data.
This will be useful with qemu/krunkit/… when starting VM images configured with cloudinit.
This will allow to boot VM images configured using cloud-init, such as RHEL cloud images. This will fix crc-org/macadam#111
this patch skips the ApplyProxies func with non podman machine. This is a temporary fix to allow using bootc images with macadam. Currently macadam fails at starting a bootc image VM because it expects user input when executing a sudo command and, moreover, the command tries to create folder which should not be allowed in a read-only filesystem Signed-off-by: Luca Stocchi <lstocchi@redhat.com>
when starting a VM if the ssh port chosen is already in use, it tries to reassign it. During this process it also fixes the connections saved previously and their ports. However if podman is not in use, this step should be skipped. E.g. when using macadam there is no concept of connections Signed-off-by: Luca Stocchi <lstocchi@redhat.com>
Even if the "ready" socket can now be disabled, we want to use a pid file regardless of the use of the "ready" socket. This commit extracts `SetPidFile` from `SetSerialPort` in order to allow this. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
with the current code, the caller is not able to detect if the remove action succeeded or has been cancelled by the user. This patch returns a custom error for the cancelled outcome so the caller can detect it Signed-off-by: Luca Stocchi <lstocchi@redhat.com>
This message shows quite a lot, it was added in 6b02c48 as on macOS it’s easy to hit that limit. Instead of always logging a message, we’ll now only print a log if the socket length is close to the max length. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
this patch enables systemd by updating wsl.conf file in the VM. It updates the bootstrap script to start a process that simulate an active operation to maintain the VM running even if the user logs out. Signed-off-by: lstocchi <lstocchi@redhat.com>
So far, hyperv only worked with usermode networking enabled, even if the user did not explicitly use the --user-mode-networking flag. However, macadam needs a way to disable usermode networking on hyperv. Because of this, the UseProviderNetworkSetup func has been updated to accept MachineConfig as param so its return a value calculated using the actual userModeNetworking value. The UserModeNetworking flag has been added to HyperVConfig so it can be persisted when saving the MachineConfig. If system networking is enabled it does not create a hvsock for the networking.
The groups field of a cloudInit user could have a list of string as a value. This patch update the field type Signed-off-by: lstocchi <lstocchi@redhat.com>
this commit skips all code related to ignition when cloud-init is in use. It affects all providers, mainly applehv, libkrun and hyperv. For hyperv it also adds checks when removing hvsock entries in the Registry. Signed-off-by: lstocchi <lstocchi@redhat.com>
`range` over a `nil` array is ok in go, so the `nil` check is not needed. The `User` type was also redundant and flagged by golangci-lint. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
The end goal is to make the rest of the code easier to follow by grouping most of the low-level code generating cloud-init data files to this userdata.go file. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
This will allow better separation between the high level decisions (usermode networking enabled/disabled and --cloud-init used or not) and the low-level byte details Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
This adds a defaultHypervUserData helper to only keep high level logic in generateUserData and make the different cases easier (with/without user-mode networking, with/without custom user-data) to follow. There should be no behaviour changes. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
it removes the initial newline char from the string HyperVVsockNMConnection. The newline creates no issues for ignition but break the configuration when using cloud-init. This fixes the problem.
when merging two cloud-init config files like the case where one user-data is passed by the user and one is created by us to support user-mode networking, we need to make sure we define a merging strategy, otherwise cloud-init will just use the last clause by overwriting the old one. For example if there are two files like runcmd: - bash1 - bash2 runcmd: - bash3 - bash4 if we do not define a merging strategy, cloud-init will only run bash3 and bash4. This could be an issue if user passes a user-data file containing same clauses we use in our user-mode networking config file (like runcmd). This path defines a strategy to merge lists of value and do not do anything with string Signed-off-by: lstocchi <lstocchi@redhat.com>
Signed-off-by: lstocchi <lstocchi@redhat.com>
Add support for --cloud-init + --user-mode-networking
this adds support for hardStop on qemu. It uses the quit command to ask QEMU to terminate. As described by the documentation https://www.qemu.org/docs/master/interop/qemu-qmp-ref.html#command-QMP-control.quit it is not guaranteed we receive any response from QMP, so the code checks if there was a premature EOF or any network issue and keeps its execution. Signed-off-by: lstocchi <lstocchi@redhat.com>
support hard stop on qemu
PR https://github.com/cfergeau/podman/pull/19/files introduced a check to only verify/reassign busy ssh port when using user-mode networking. This was needed for when using hyperv with system networking mode because we set a custom IP/use default ssh port and do not need to verify that port 22 is busy on the host. However this creates a misbehavior on WSL when using mirrored mode crc-org/macadam#289 This patch just reinforces the local port check to specify that WSL needs to be verified even when using system networking. Signed-off-by: lstocchi <lstocchi@redhat.com>
It updates VMExists to also handle edge cases when the VM has been deleted externally but podman is not aware of it and the config files are still there. It now supports these use cases: 1. Normal case: VM exists with config -> returns (config, true, nil) 2. Orphaned config: Config exists but VM deleted externally -> returns (nil, false, nil) 3. External VM: VM already exists on hypervisor but no config, so it was not created by podman -> returns (nil, true, error) 4. Hypervisor error with config: Config exists but hypervisor check fails -> returns (config, true, nil) - config is trusted, warning is logged Signed-off-by: lstocchi <lstocchi@redhat.com>
skip reassign SSH port only when on hyperv/system networking
enhance VMExists to handle external deletion
Change the Exists method in the VMProvider interface from (bool, error) to (*bool, error) so we can use the nil value to indicate the Exists check is not applicable for a specific provider. Before, applehv, libkrun and qemu were returning false, even though they were not performing any check and this could cause misunderstanding. Signed-off-by: Luca Stocchi <lstocchi@redhat.com>
Update VMExists to work with VMProvider.Exists returning bool pointer and make the control flow explicit. When the provider reports the VM does not exist (exists != nil && !exists), return (nil, false, nil) immediately instead of continuing to other providers. If the provider reports the VM does exists or the provider (e.g. applehv, libkrun and qemu) doesn't support the exists check, we rely on the config to decide what to do. If there is no config, based on the provider, we report the VM does not exist, or it exist externally of podman (e.g. hyperv manager) Signed-off-by: Luca Stocchi <lstocchi@redhat.com>
On RHEL/CentOS, QEMU is packaged as "qemu-kvm" rather than "qemu-system-x86_64", so macadam (that is built over podman) fails to find the binary unless the user manually creates a symlink. (ref. crc-org/macadam#176) Change QemuCommand from a single string to a slice of candidate binary names, tried in order. On Linux, this adds "qemu-kvm" as an alternative after the standard "qemu-system-*" name. Other platforms are unchanged. Signed-off-by: lstocchi <lstocchi@redhat.com>
Adds helper methods to the UserData struct for appending write files and run commands. This will be useful in next commits to handle incremental updates to the userdata configuration Signed-off-by: lstocchi <lstocchi@redhat.com>
…lementation to machine_windows Refactors waitOnProcess to handle any process, not just gvproxy. This makes the function reusable for other processes like done in next commit. Signed-off-by: lstocchi <lstocchi@redhat.com>
In PostStartNetworking there are operations that requires ssh to work. However this func is executed just before we check ssh is working properly. By switching the order we can be sure the post-networking operations never fails. It also moves the VM's IP extraction to StartVM as this is needed for SSH verification. Signed-off-by: lstocchi <lstocchi@redhat.com>
Implements 9p file sharing for Hyper-V machines with cloud-init. On the host, the workflow is similar to podman. The server9p command is executed which starts listening on a vsock port for each mount. On the guest side podman client9p is replaced by a systemd service (9p-vsock@.service) that proxies vsock connection to Unix socket for each mount. To proxy the connection it leverages socat which is installed via cloud-init. The socket is then mounted by executing mount -t 9p ... through ssh. It supports both user-mode and system networking. For this reason, we do not expect the server9p to be shut down when gvproxy stops running but the server is stopped gracefully when the VM gets stopped To handle this mechanism we leverage socat that must be installed in the VM. Even though we could leverage the packages field in the cloud-init user-data, this does not work when using user-mode networking. Packages is executed before the runcmd which is where we initialize the networking. For this reason socat and other packages must be installed through the runcmd field. Signed-off-by: lstocchi <lstocchi@redhat.com>
Implements a darwin-specific cloud-init generator to support host mounts using virtiofs.i Each configured mount is translated into a cloud-init mounts entry with vfstype "virtiofs", SELinux context set via NFSSELinuxContext, and "ro" when applicable. Signed-off-by: Luca Stocchi <lstocchi@redhat.com>
make VMProvider.Exists return *bool to allow "not applicable"
try alternative QEMU binary names
Support file sharing with cloud-init
This change improves the flexibility and reliability on Windows (Hyper-V) by handling hvsock port collisions. Dynamic Branding: Replaces hardcoded "podman" strings with env.GetToolName(), allowing other tools to use their own prefixes for registry entries and UI dialogs. Port Reassignment: Automatically detects busy hvsock ports on VM start and reassigns them from the available registry pool to prevent startup failures. State Persistence: Ensures machine configurations are updated and saved immediately when ports are reassigned. Registry Enhancements: Adds a force flag to registry removal and improves port-availability checking via winio. Signed-off-by: lstocchi <lstocchi@redhat.com>
Contributor
Author
|
Pushed by mistake, sorry |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Checklist
Ensure you have completed the following checklist for your pull request to be reviewed:
commits. (
git commit -s). (If needed, usegit commit -s --amend). The author email must matchthe sign-off email address. See CONTRIBUTING.md
for more information.
Fixes: #00000in commit message (if applicable)make validatepr(format/lint checks)Noneif no user-facing changes)Does this PR introduce a user-facing change?