This field was only needed for machine to force cni, however you can set
netns="bridge" in the config to have the same effect. This is already
done in the machine setup.
see https://github.com/containers/common/pull/895
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
if users run podman machine stop && podman machine ls, the status of the
machine in the subsequent ls command would running. now we wait for
everything to complete for stop so that scripting is more accurate.
Fixes: #12815
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Podman often has to run behind an http/https proxy, often in corporate environments.
This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store.
Copy the file referred to by SSL_CERT_FILE on the host into the podman machine's OS trust store, overriding the built-in single-file trust store certificate.
Also set the `SSL_FILE_CERT` on remote machine
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Podman often has to run behind an http/https proxy, often in corporate environments.
This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store.
Solve this by reading standard proxy variables (HTTP_PROXY HTTPS_PROXY NO_PROXY http_proxy https_proxy no_proxy) and injecting them into the machine at init.
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Use the same type of mounts for all the machine volumes.
The default could change in the future, depending on OS.
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
There are other mount types available, such as NFS or SMB,
or one could use reverse sshfs for better compatibility.
It could either be a global option, or it could perhaps be
overridden for each volume (like the container volumes).
Refactor the creation of the options string or array.
Allow specifying the volume as read-only, if desired.
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Allow using the built-in 9pfs feature of qemu,
mounting host directories into vm mountpoints.
The volumes are generic, the mounts are specific.
Wait for the machine to be "running", otherwise
the SSH function might throw an error instead.
Increase the default msize from 8 KiB to 128 KiB
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Following PR ensures that certs from `~/.config/containers/certs.d` or `~/.config/docker/certs.d`
are copied into the remote machine at `/etc/containers/certs.d/`
As a result on platforms like `macOS` where podman works with a remote
machine setup. User's local certs must be transferd to VM without any
plumbing needed by user.
[NO-NEW-TESTS-NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Added an option to podman machine init to declare the timezone of the
resulting machine. the default is to use the value of the host name or
else a given timezone name like America/Chicago.
Fixes: #11895
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Replace `multi-user.target` with `default.target` across the code base.
It seems like the multi-user one is not available for (rootless) users
on F35 anymore is causing issues in all kinds of ways, for instance,
enabling the podman.service or generated systemd units.
Fixes: #12438
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Wait for sshd to be ready before we return from start. This should make
podman machine ssh immediately available without any race conditions.
Fixes#11532
[NO NEW TESTS NEEDED] I could not reproduce the issue so I am not sure
if this fixes it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commits adds port forwarding logic directly into podman. The
podman-machine cni plugin is no longer needed.
The following new features are supported:
- works with cni, netavark and slirp4netns
- ports can use the hostIP to bind instead of hard coding 0.0.0.0
- gvproxy no longer listens on 0.0.0.0:7777 (requires a new gvproxy
version)
- support the udp protocol
With this we no longer need podman-machine-cni and should remove it from
the packaging. There is also a change to make sure we are backwards
compatible with old config which include this plugin.
Fixes#11528Fixes#11728
[NO NEW TESTS NEEDED] We have no podman machine test at the moment.
Please test this manually on your system.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Now that aarch64 fcos is an official thing, we no longer need to use the side repo (for lack of a better word). We can now use the same image lookup technique as x86_64. I removed the special lookup, moved the x86_64 lookup to generic arch, and removed the arch specific files that we no longer needed.
[NO TESTS NEEDED]
Signed-off-by: baude <baude@redhat.com>
By popular request, turn decimals to octal. Most eyes are trained to
parse file permissions in octal.
[NO TESTS NEEDED] since machine isn't tested yet.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Enforce "docker.io" to be the only search registry. Short-name
resolution for remote clients is not fully supported since there is no
means to prompt. Enforcing a single registry works around the problem
since prompting only fires with more than one search registry.
Fixes: #11489
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
QEmu normally install BIOS images under `/usr/local` prefix, but
Homebrew installs them under `/opt/homebrew`. This change searches both
locations and then puts back to an unpathed name if it doesn't find the
BIOS. (I imitated other architectures' implemenations in that failback
behavior.)
[NO TESTS NEEDED]
Signed-off-by: Jonathan Springer <jonpspri@gmail.com>
Adding the `-cpu host` option to the `addArchOptions` function for
darwin removes the warning message, "host doesn't support requested
feature: CPUID.80000001H:ECX.svm [bit 2]" by qemu-system-x86_64 when
using the `podman machine start` command on MacOS
Closes#11421
[NO TESTS NEEDED]
Signed-off-by: Scott Schreckengaust <scottschreckengaust@users.noreply.github.com>
Cause qemu to fall back to using TCG acceleration when HVP acceleration
is not available on Darwin Aarch64. Qemu prints a warning which it is
desirable to leave to embarrass the upstream Qemu into approving the HVF
patches.
[NO TESTS NEEDED]
Signed-off-by: Jonathan Springer <jspringer@us.ibm.com>
Signed-off-by: Jonathan Springer <jonpspri@gmail.com>
