Skip to content

Commit

Permalink
Set machine docker.sock according to rootful flag
Browse files Browse the repository at this point in the history
Signed-off-by: Jason T. Greene <[email protected]>
  • Loading branch information
n1hility committed May 15, 2023
1 parent 2783651 commit 5a176f0
Show file tree
Hide file tree
Showing 12 changed files with 264 additions and 49 deletions.
3 changes: 3 additions & 0 deletions cmd/podman/machine/platform_darwin.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (

"github.com/containers/common/pkg/config"
"github.com/containers/podman/v4/pkg/machine"
"github.com/containers/podman/v4/pkg/machine/applehv"
"github.com/containers/podman/v4/pkg/machine/qemu"
"github.com/sirupsen/logrus"
)
Expand All @@ -30,6 +31,8 @@ func GetSystemProvider() (machine.VirtProvider, error) {
switch resolvedVMType {
case machine.QemuVirt:
return qemu.GetVirtualizationProvider(), nil
case machine.AppleHvVirt:
return applehv.GetVirtualizationProvider(), nil
default:
return nil, fmt.Errorf("unsupported virtualization provider: `%s`", resolvedVMType.String())
}
Expand Down
5 changes: 3 additions & 2 deletions pkg/machine/applehv/machine.go
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,7 @@ func (m *MacMachine) Init(opts machine.InitOptions) (bool, error) {
TimeZone: opts.TimeZone,
WritePath: m.IgnitionFile.GetPath(),
UID: m.UID,
Rootful: m.Rootful,
}

if err := ign.GenerateIgnitionConfig(); err != nil {
Expand Down Expand Up @@ -278,10 +279,10 @@ func (m *MacMachine) Remove(name string, opts machine.RemoveOptions) (string, fu
logrus.Error(err)
}
}
if err := machine.RemoveConnection(m.Name); err != nil {
if err := machine.RemoveConnections(m.Name); err != nil {
logrus.Error(err)
}
if err := machine.RemoveConnection(m.Name + "-root"); err != nil {
if err := machine.RemoveConnections(m.Name + "-root"); err != nil {
logrus.Error(err)
}

Expand Down
2 changes: 2 additions & 0 deletions pkg/machine/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -359,6 +359,8 @@ type HostUser struct {
Rootful bool
// UID is the numerical id of the user that called machine
UID int
// Whether one of these fields has changed and actions should be taken
Modified bool `json:"HostUserModified"`
}

// SSHConfig contains remote access information for SSH
Expand Down
10 changes: 9 additions & 1 deletion pkg/machine/e2e/config_init_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ type initMachine struct {
memory *uint
now bool
timezone string
rootful bool //nolint:unused
rootful bool
volumes []string

cmd []string
Expand Down Expand Up @@ -62,6 +62,9 @@ func (i *initMachine) buildCmd(m *machineTestBuilder) []string {
if i.now {
cmd = append(cmd, "--now")
}
if i.rootful {
cmd = append(cmd, "--rootful")
}
cmd = append(cmd, m.name)
i.cmd = cmd
return cmd
Expand Down Expand Up @@ -110,3 +113,8 @@ func (i *initMachine) withVolume(v string) *initMachine {
i.volumes = append(i.volumes, v)
return i
}

func (i *initMachine) withRootful(r bool) *initMachine {
i.rootful = r
return i
}
9 changes: 9 additions & 0 deletions pkg/machine/e2e/config_set_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ type setMachine struct {
cpus *uint
diskSize *uint
memory *uint
rootful bool

cmd []string
}
Expand All @@ -23,6 +24,9 @@ func (i *setMachine) buildCmd(m *machineTestBuilder) []string {
if i.memory != nil {
cmd = append(cmd, "--memory", strconv.Itoa(int(*i.memory)))
}
if i.rootful {
cmd = append(cmd, "--rootful")
}
cmd = append(cmd, m.name)
i.cmd = cmd
return cmd
Expand All @@ -41,3 +45,8 @@ func (i *setMachine) withMemory(num uint) *setMachine {
i.memory = &num
return i
}

func (i *setMachine) withRootful(r bool) *setMachine {
i.rootful = r
return i
}
43 changes: 43 additions & 0 deletions pkg/machine/e2e/init_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package e2e_test
import (
"os"
"strconv"
"strings"
"time"

"github.com/containers/podman/v4/pkg/machine"
Expand Down Expand Up @@ -162,4 +163,46 @@ var _ = Describe("podman machine init", func() {
Expect(sshSession2.outputToString()).To(ContainSubstring("example"))
})

It("machine init rootless docker.sock check", func() {
i := initMachine{}
name := randomString()
session, err := mb.setName(name).setCmd(i.withImagePath(mb.imagePath)).run()
Expect(err).ToNot(HaveOccurred())
Expect(session).To(Exit(0))

s := startMachine{}
ssession, err := mb.setCmd(s).setTimeout(time.Minute * 10).run()
Expect(err).ToNot(HaveOccurred())
Expect(ssession).Should(Exit(0))

ssh2 := sshMachine{}
sshSession2, err := mb.setName(name).setCmd(ssh2.withSSHCommand([]string{"readlink /var/run/docker.sock"})).run()
Expect(err).ToNot(HaveOccurred())
Expect(sshSession2).To(Exit(0))

output := strings.TrimSpace(sshSession2.outputToString())
Expect(output).To(HavePrefix("/run/user"))
Expect(output).To(HaveSuffix("/podman/podman.sock"))

})

It("machine init rootful docker.sock check", func() {
i := initMachine{}
name := randomString()
session, err := mb.setName(name).setCmd(i.withImagePath(mb.imagePath).withRootful(true)).run()
Expect(err).ToNot(HaveOccurred())
Expect(session).To(Exit(0))

s := startMachine{}
ssession, err := mb.setCmd(s).setTimeout(time.Minute * 10).run()
Expect(err).ToNot(HaveOccurred())
Expect(ssession).Should(Exit(0))

ssh2 := sshMachine{}
sshSession2, err := mb.setName(name).setCmd(ssh2.withSSHCommand([]string{"readlink /var/run/docker.sock"})).run()
Expect(err).ToNot(HaveOccurred())
Expect(sshSession2).To(Exit(0))
output := strings.TrimSpace(sshSession2.outputToString())
Expect(output).To(Equal("/run/podman/podman.sock"))
})
})
25 changes: 25 additions & 0 deletions pkg/machine/e2e/set_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package e2e_test

import (
"strconv"
"strings"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
Expand Down Expand Up @@ -100,4 +101,28 @@ var _ = Describe("podman machine set", func() {
Expect(sshSession3.outputToString()).To(ContainSubstring("100 GiB"))
})

It("set rootful, docker sock change", func() {
name := randomString()
i := new(initMachine)
session, err := mb.setName(name).setCmd(i.withImagePath(mb.imagePath)).run()
Expect(err).ToNot(HaveOccurred())
Expect(session).To(Exit(0))

set := setMachine{}
setSession, err := mb.setName(name).setCmd(set.withRootful(true)).run()
Expect(err).ToNot(HaveOccurred())
Expect(setSession).To(Exit(0))

s := new(startMachine)
startSession, err := mb.setCmd(s).run()
Expect(err).ToNot(HaveOccurred())
Expect(startSession).To(Exit(0))

ssh2 := sshMachine{}
sshSession2, err := mb.setName(name).setCmd(ssh2.withSSHCommand([]string{"readlink /var/run/docker.sock"})).run()
Expect(err).ToNot(HaveOccurred())
Expect(sshSession2).To(Exit(0))
output := strings.TrimSpace(sshSession2.outputToString())
Expect(output).To(Equal("/run/podman/podman.sock"))
})
})
118 changes: 83 additions & 35 deletions pkg/machine/hyperv/machine.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"github.com/containers/podman/v4/pkg/machine"
"github.com/containers/podman/v4/utils"
"github.com/containers/storage/pkg/homedir"
"github.com/containers/storage/pkg/ioutils"
"github.com/docker/go-units"
"github.com/sirupsen/logrus"
)
Expand Down Expand Up @@ -154,11 +155,7 @@ func (m *HyperVMachine) Init(opts machine.InitOptions) (bool, error) {
}

// Write the JSON file for the second time. First time was in NewMachine
b, err := json.MarshalIndent(m, "", " ")
if err != nil {
return false, err
}
if err := os.WriteFile(m.ConfigPath.GetPath(), b, 0644); err != nil {
if err := m.writeConfig(); err != nil {
return false, err
}

Expand Down Expand Up @@ -391,7 +388,11 @@ func (m *HyperVMachine) Set(name string, opts machine.SetOptions) ([]error, erro
}

if opts.Rootful != nil && m.Rootful != *opts.Rootful {
setErrors = append(setErrors, hypervctl.ErrNotImplemented)
if err := m.setRootful(*opts.Rootful); err != nil {
setErrors = append(setErrors, fmt.Errorf("failed to set rootful option: %w", err))
} else {
m.Rootful = *opts.Rootful
}
}
if opts.DiskSize != nil && m.DiskSize != *opts.DiskSize {
setErrors = append(setErrors, hypervctl.ErrNotImplemented)
Expand All @@ -405,38 +406,31 @@ func (m *HyperVMachine) Set(name string, opts machine.SetOptions) ([]error, erro
memoryChanged = true
}

if !cpuChanged && !memoryChanged {
switch len(setErrors) {
case 0:
return nil, nil
case 1:
return nil, setErrors[0]
default:
return setErrors[1:], setErrors[0]
if cpuChanged || memoryChanged {
err := vm.UpdateProcessorMemSettings(func(ps *hypervctl.ProcessorSettings) {
if cpuChanged {
ps.VirtualQuantity = m.CPUs
}
}, func(ms *hypervctl.MemorySettings) {
if memoryChanged {
ms.DynamicMemoryEnabled = false
ms.VirtualQuantity = m.Memory
ms.Limit = m.Memory
ms.Reservation = m.Memory
}
})
if err != nil {
setErrors = append(setErrors, err)
}
}
// Write the new JSON out
// considering this a hard return if we cannot write the JSON file.
b, err := json.MarshalIndent(m, "", " ")
if err != nil {
return setErrors, err
}
if err := os.WriteFile(m.ConfigPath.GetPath(), b, 0644); err != nil {
return setErrors, err

if len(setErrors) > 0 {
return setErrors, setErrors[0]
}

return setErrors, vm.UpdateProcessorMemSettings(func(ps *hypervctl.ProcessorSettings) {
if cpuChanged {
ps.VirtualQuantity = m.CPUs
}
}, func(ms *hypervctl.MemorySettings) {
if memoryChanged {
ms.DynamicMemoryEnabled = false
ms.VirtualQuantity = m.Memory
ms.Limit = m.Memory
ms.Reservation = m.Memory
}
})
// Write the new JSON out
// considering this a hard return if we cannot write the JSON file.
return setErrors, m.writeConfig()
}

func (m *HyperVMachine) SSH(name string, opts machine.SSHOptions) error {
Expand Down Expand Up @@ -472,7 +466,20 @@ func (m *HyperVMachine) Start(name string, opts machine.StartOptions) error {
return err
}
// Wait on notification from the guest
return m.ReadyHVSock.Listen()
if err := m.ReadyHVSock.Listen(); err != nil {
return err
}

if m.HostUser.Modified {
if machine.UpdatePodmanDockerSockService(m, name, m.UID, m.Rootful) == nil {
// Reset modification state if there are no errors, otherwise ignore errors
// which are already logged
m.HostUser.Modified = false
_ = m.writeConfig()
}
}

return nil
}

func (m *HyperVMachine) State(_ bool) (machine.Status, error) {
Expand Down Expand Up @@ -661,3 +668,44 @@ func (m *HyperVMachine) forwardSocketPath() (*machine.VMFile, error) {
}
return machine.NewMachineFile(filepath.Join(path, sockName), &sockName)
}

func (m *HyperVMachine) writeConfig() error {
// Write the JSON file
opts := &ioutils.AtomicFileWriterOptions{ExplicitCommit: true}
w, err := ioutils.NewAtomicFileWriterWithOpts(m.ConfigPath.GetPath(), 0644, opts)
if err != nil {
return err
}
defer w.Close()

enc := json.NewEncoder(w)
enc.SetIndent("", " ")

if err := enc.Encode(m); err != nil {
return err
}

// Commit the changes to disk if no errors
return w.Commit()
}

func (m *HyperVMachine) setRootful(rootful bool) error {
changeCon, err := machine.AnyConnectionDefault(m.Name, m.Name+"-root")
if err != nil {
return err
}

if changeCon {
newDefault := m.Name
if rootful {
newDefault += "-root"
}
err := machine.ChangeDefault(newDefault)
if err != nil {
return err
}
}

m.HostUser.Modified = true
return nil
}
Loading

0 comments on commit 5a176f0

Please sign in to comment.