this fixes two bugs in Hyper-V VM ignition handling:
1. Changed `err := readAndSplitIgnition()` to
`err = readAndSplitIgnition()` so the deferred cleanup function can
properly detect errors and clean up ignition
2. The function was trying to remove keys with pattern `vm.ElementName + index`, but
the actual keys were created using `"ignition.config." + index` pattern.
It also improve the deletion by calculating in how many parts the ignition file is splitted when being added in the registry and delete just them instead of blidnly iterating through 0-50.
Signed-off-by: lstocchi <lstocchi@redhat.com>
use name_to_handle_at and open_by_handle_at to persist rootless
namespaces without needing a pause process.
The namespace file handles are stored in a file and can be used to
rejoin the namespaces, as long as the namespaces still exist.
Fall back to the pause process approach only when the kernel doesn't
support nsfs handles (EOPNOTSUPP).
The feature is currently only enabled when the PODMAN_NO_PAUSE_PROCESS
environment variable is set.
These changes in the kernel are required (landed in Linux 6.18):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ab378cfa793
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
It was failing on darwin, because amd64 is no longer supported.
"build constraints exclude all Go files" in pkg/machine/libkrun
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Update the service description to reflect that it now also restarts
containers with unless-stopped restart policy, not just always.
This was changed in PR #27619 but the description was not updated.
Fixes: #27908
Signed-off-by: Alessio Attilio <attilio.alessio@protonmail.com>
The test was assuming v1.41, set v1.40 explicitly for the call.
And assume that the default version is using the newer syntax.
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
All API versions before version 1.44 are now deprecated,
starting with Docker client version 1.29 giving an error:
"API version 1.41 is not supported by this client"
Previously it was backward-compatible for more than 10 years,
with version 1.24 being the version in classic Docker 1.12.
It seems like API code changes were already added?
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Implements automatic OS upgrade functionality for Podman machines that requires no user input beyond running the command. The upgrade logic automatically determines the appropriate upgrade path using a three-way comparison between client version, machine version, and OCI registry:
* When the client version is older than the machine version, no action is taken and an error is returned.
* When the client version matches the machine version, the OCI registry is queried to check for in-band updates by comparing image digests. This handles minor, patch level, and updates oci image use cases.
* When the client version is newer than the machine version, the machine is upgraded to match the client's major.minor version.
* No manual image selection or version specification required.
The command supports dry-run mode and JSON (only) output format for automation.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Previously, `secret create` required stdin to be a pipe when using `-`,
blocking interactive stdin forcing users to use insecure patterns like
`echo "secret" | podman secret create <name>`.
Remove the pipe check to allow interactive stdin.
Closes #18591, #27879
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
When startVM fails quickly, CleanupGVProxy may attempt to read the
gvproxy.pid file before gvproxy has written it, causing cleanup to
fail.
This commit adds retry logic that waits up to 2 seconds for the PID
file to appear.
Signed-off-by: lstocchi <lstocchi@redhat.com>
Podman 5.x and earlier required to run as admin to work with Hyper-v.
Starting from Podman 6 this is not mandatory anymore as Registry
entries are handled differently. However, it may
happen the user have a legacy machine running when switching to Podman 6
or starts an old machine in elevated mode and then tries to stop it as a
normal user with Podman 6. If that happens the system will end up in a corrupted state
as the gvproxy process will not be stopped.
To prevent such scenario and issues, this commit maintains the original
behavior Podman 5.x has. Legacy Hyper-v machines needs to be handled
with elevated rights.
Signed-off-by: lstocchi <lstocchi@redhat.com>
Instead of using rpm-ostree, we now use bootc for os apply. the
implementation is a little murky right now and will require some cleanup
to implement bootc's transports. for now, we only support oci images
from registries.
once we have an upgrade command, the transports can be added and the
docs for apply can be ammended to be more clear.
Fixes: RUN-3836
Signed-off-by: Brent Baude <bbaude@redhat.com>
The test for issue #19800 depended on finding a system user with an
octal UID. This approach was fragile because system users found on the
host may have a different UID in the testing image.
Use the rootless user ID instead which is likely to be octal anyway as
new user IDs start with 1000.
Signed-off-by: Ricardo Branco <rbranco@suse.de>
He'd like to help out with issue triage in the repo - especially
flagging issues as potential development priorities.
Signed-off-by: Matt Heon <matthew.heon@pm.me>
