Skip to content

Commit

Permalink
Add user mode networking feature to Windows
Browse files Browse the repository at this point in the history
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
  • Loading branch information
n1hility committed Apr 24, 2023
1 parent fb3b92b commit 230ddbe
Show file tree
Hide file tree
Showing 16 changed files with 681 additions and 127 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ endif
# include this lightweight helper binary.
#
GV_GITURL=https://github.com/containers/gvisor-tap-vsock.git
GV_SHA=aab0ac9367fc5142f5857c36ac2352bcb3c60ab7
GV_SHA=407efb5dcdb0f4445935f7360535800b60447544

###
### Primary entry-point targets
Expand Down
19 changes: 18 additions & 1 deletion cmd/podman/machine/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,17 @@ var (
}

initOpts = machine.InitOptions{}
initOptionalFlags = InitOptionalFlags{}
defaultMachineName = machine.DefaultMachineName
now bool
defaultProvider = GetSystemDefaultProvider()
)

// Flags which have a meaning when unspecified that differs from the flag default
type InitOptionalFlags struct {
UserModeNetworking bool
}

// maxMachineNameSize is set to thirty to limit huge machine names primarily
// because macOS has a much smaller file size limit.
const maxMachineNameSize = 30
Expand Down Expand Up @@ -110,6 +117,10 @@ func init() {

rootfulFlagName := "rootful"
flags.BoolVar(&initOpts.Rootful, rootfulFlagName, false, "Whether this machine should prefer rootful container execution")

userModeNetFlagName := "user-mode-networking"
flags.BoolVar(&initOptionalFlags.UserModeNetworking, userModeNetFlagName, false,
"Whether this machine should use user-mode networking, routing traffic through a host user-space process")
}

func initMachine(cmd *cobra.Command, args []string) error {
Expand All @@ -118,7 +129,7 @@ func initMachine(cmd *cobra.Command, args []string) error {
vm machine.VM
)

provider := GetSystemDefaultProvider()
provider := defaultProvider
initOpts.Name = defaultMachineName
if len(args) > 0 {
if len(args[0]) > maxMachineNameSize {
Expand All @@ -132,6 +143,12 @@ func initMachine(cmd *cobra.Command, args []string) error {
for idx, vol := range initOpts.Volumes {
initOpts.Volumes[idx] = os.ExpandEnv(vol)
}

// Process optional flags (flags where unspecified / nil has meaning )
if cmd.Flags().Changed("user-mode-networking") {
initOpts.UserModeNetworking = &initOptionalFlags.UserModeNetworking
}

vm, err = provider.NewMachine(initOpts)
if err != nil {
return err
Expand Down
1 change: 1 addition & 0 deletions cmd/podman/machine/list.go
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,7 @@ func toMachineFormat(vms []*machine.ListResponse) ([]*entities.ListReporter, err
response.RemoteUsername = vm.RemoteUsername
response.IdentityPath = vm.IdentityPath
response.Starting = vm.Starting
response.UserModeNetworking = vm.UserModeNetworking

machineResponses = append(machineResponses, response)
}
Expand Down
16 changes: 12 additions & 4 deletions cmd/podman/machine/set.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,11 @@ var (
)

type SetFlags struct {
CPUs uint64
DiskSize uint64
Memory uint64
Rootful bool
CPUs uint64
DiskSize uint64
Memory uint64
Rootful bool
UserModeNetworking bool
}

func init() {
Expand Down Expand Up @@ -72,6 +73,10 @@ func init() {
"Memory in MB",
)
_ = setCmd.RegisterFlagCompletionFunc(memoryFlagName, completion.AutocompleteNone)

userModeNetFlagName := "user-mode-networking"
flags.BoolVar(&setFlags.UserModeNetworking, userModeNetFlagName, false, // defaults not-relevant due to use of Changed()
"Whether this machine should use user-mode networking, routing traffic through a host user-space process")
}

func setMachine(cmd *cobra.Command, args []string) error {
Expand Down Expand Up @@ -102,6 +107,9 @@ func setMachine(cmd *cobra.Command, args []string) error {
if cmd.Flags().Changed("disk-size") {
setOpts.DiskSize = &setFlags.DiskSize
}
if cmd.Flags().Changed("user-mode-networking") {
setOpts.UserModeNetworking = &setFlags.UserModeNetworking
}

setErrs, lasterr := vm.Set(vmName, setOpts)
for _, err := range setErrs {
Expand Down
2 changes: 2 additions & 0 deletions docs/source/markdown/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@ podman-kube-play.1.md
podman-login.1.md
podman-logout.1.md
podman-logs.1.md
podman-machine-init.1.md
podman-machine-list.1.md
podman-machine-set.1.md
podman-manifest-add.1.md
podman-manifest-annotate.1.md
podman-manifest-create.1.md
Expand Down
21 changes: 21 additions & 0 deletions docs/source/markdown/options/user-mode-networking.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
####> This option file is used in:
####> podman machine init, machine set
####> If file is edited, make sure the changes
####> are applicable to all of those.
#### **--user-mode-networking**

Whether this machine should relay traffic from the guest through a user-space
process running on the host. In some VPN configurations the VPN may drop
traffic from alternate network interfaces, including VM network devices. By
enabling user-mode networking (a setting of `true`), VPNs will observe all
podman machine traffic as coming from the host, bypassing the problem.

When the qemu backend is used (Linux, Mac), user-mode networking is
mandatory and the only allowed value is `true`. In contrast, The Windows/WSL
backend defaults to `false`, and follows the standard WSL network setup.
Changing this setting to `true` on Windows/WSL will inform Podman to replace
the WSL networking setup on start of this machine instance with a user-mode
networking distribution. Since WSL shares the same kernel across
distributions, all other running distributions will reuse this network.
Likewise, when the last machine instance with a `true` setting stops, the
original networking setup will be restored.
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@ Set the timezone for the machine and containers. Valid values are `local` or
a `timezone` such as `America/Chicago`. A value of `local`, which is the default,
means to use the timezone of the machine host.

@@option user-mode-networking

#### **--username**

Username to use for executing commands in remote VM. Default value is `core`
Expand Down
1 change: 1 addition & 0 deletions docs/source/markdown/podman-machine-inspect.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ Print results with a Go template.
| .Resources ... | Resources used by the machine |
| .SSHConfig ... | SSH configuration info for communitating with machine |
| .State ... | Machine state |
| .UserModeNetworking | Whether this machine uses user-mode networking |

#### **--help**

Expand Down
33 changes: 17 additions & 16 deletions docs/source/markdown/podman-machine-list.1.md.in
Original file line number Diff line number Diff line change
Expand Up @@ -32,22 +32,23 @@ Change the default output format. This can be of a supported type like 'json'
or a Go template.
Valid placeholders for the Go template are listed below:

| **Placeholder** | **Description** |
| --------------- | ------------------------------- |
| .CPUs | Number of CPUs |
| .Created | Time since VM creation |
| .Default | Is default machine |
| .DiskSize | Disk size of machine |
| .IdentityPath | Path to ssh identity file |
| .LastUp | Time machine was last up |
| .LastUp | Time since the VM was last run |
| .Memory | Allocated memory for machine |
| .Name | VM name |
| .Port | SSH Port to use to connect to VM|
| .RemoteUsername | VM Username for rootless Podman |
| .Running | Is machine running |
| .Stream | Stream name |
| .VMType | VM type |
| **Placeholder** | **Description** |
| ------------------- | ----------------------------------------- |
| .CPUs | Number of CPUs |
| .Created | Time since VM creation |
| .Default | Is default machine |
| .DiskSize | Disk size of machine |
| .IdentityPath | Path to ssh identity file |
| .LastUp | Time machine was last up |
| .LastUp | Time since the VM was last run |
| .Memory | Allocated memory for machine |
| .Name | VM name |
| .Port | SSH Port to use to connect to VM |
| .RemoteUsername | VM Username for rootless Podman |
| .Running | Is machine running |
| .Stream | Stream name |
| .UserModeNetworking | Whether machine uses user-mode networking |
| .VMType | VM type |

#### **--help**

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ container execution. This option will also update the current podman
remote connection default if it is currently pointing at the specified
machine name (or `podman-machine-default` if no name is specified).

@@option user-mode-networking

Unlike [**podman system connection default**](podman-system-connection-default.1.md)
this option will also make the API socket, if available, forward to the rootful/rootless
socket in the VM.
Expand Down
29 changes: 15 additions & 14 deletions pkg/domain/entities/machine.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,21 @@ package entities
import "github.com/containers/podman/v4/libpod/define"

type ListReporter struct {
Name string
Default bool
Created string
Running bool
Starting bool
LastUp string
Stream string
VMType string
CPUs uint64
Memory string
DiskSize string
Port int
RemoteUsername string
IdentityPath string
Name string
Default bool
Created string
Running bool
Starting bool
LastUp string
Stream string
VMType string
CPUs uint64
Memory string
DiskSize string
Port int
RemoteUsername string
IdentityPath string
UserModeNetworking bool
}

// MachineInfo contains info on the machine host and version info
Expand Down
87 changes: 45 additions & 42 deletions pkg/machine/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,22 @@ import (
)

type InitOptions struct {
CPUS uint64
DiskSize uint64
IgnitionPath string
ImagePath string
Volumes []string
VolumeDriver string
IsDefault bool
Memory uint64
Name string
TimeZone string
URI url.URL
Username string
ReExec bool
Rootful bool
// The numerical userid of the user that called machine
UID string
CPUS uint64
DiskSize uint64
IgnitionPath string
ImagePath string
Volumes []string
VolumeDriver string
IsDefault bool
Memory uint64
Name string
TimeZone string
URI url.URL
Username string
ReExec bool
Rootful bool
UID string // uid of the user that called machine
UserModeNetworking *bool // nil = use backend/system default, false = disable, true = enable
}

type Status = string
Expand Down Expand Up @@ -91,26 +91,28 @@ type Download struct {
type ListOptions struct{}

type ListResponse struct {
Name string
CreatedAt time.Time
LastUp time.Time
Running bool
Starting bool
Stream string
VMType string
CPUs uint64
Memory uint64
DiskSize uint64
Port int
RemoteUsername string
IdentityPath string
Name string
CreatedAt time.Time
LastUp time.Time
Running bool
Starting bool
Stream string
VMType string
CPUs uint64
Memory uint64
DiskSize uint64
Port int
RemoteUsername string
IdentityPath string
UserModeNetworking bool
}

type SetOptions struct {
CPUs *uint64
DiskSize *uint64
Memory *uint64
Rootful *bool
CPUs *uint64
DiskSize *uint64
Memory *uint64
Rootful *bool
UserModeNetworking *bool
}

type SSHOptions struct {
Expand Down Expand Up @@ -151,15 +153,16 @@ type DistributionDownload interface {
CleanCache() error
}
type InspectInfo struct {
ConfigPath VMFile
ConnectionInfo ConnectionConfig
Created time.Time
Image ImageConfig
LastUp time.Time
Name string
Resources ResourceConfig
SSHConfig SSHConfig
State Status
ConfigPath VMFile
ConnectionInfo ConnectionConfig
Created time.Time
Image ImageConfig
LastUp time.Time
Name string
Resources ResourceConfig
SSHConfig SSHConfig
State Status
UserModeNetworking bool
}

func (rc RemoteConnectionType) MakeSSHURL(host, path, port, userName string) url.URL {
Expand Down
25 changes: 16 additions & 9 deletions pkg/machine/qemu/machine.go
Original file line number Diff line number Diff line change
Expand Up @@ -364,6 +364,11 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
if err := v.resizeDisk(opts.DiskSize, originalDiskSize>>(10*3)); err != nil {
return false, err
}

if opts.UserModeNetworking != nil && !*opts.UserModeNetworking {
logrus.Warn("ignoring init option to disable user-mode networking: this mode is not supported by the QEMU backend")
}

// If the user provides an ignition file, we need to
// copy it into the conf dir
if len(opts.IgnitionPath) > 0 {
Expand Down Expand Up @@ -1145,6 +1150,7 @@ func getVMInfos() ([]*machine.ListResponse, error) {
listEntry.IdentityPath = vm.IdentityPath
listEntry.CreatedAt = vm.Created
listEntry.Starting = vm.Starting
listEntry.UserModeNetworking = true // always true

if listEntry.CreatedAt.IsZero() {
listEntry.CreatedAt = time.Now()
Expand Down Expand Up @@ -1602,15 +1608,16 @@ func (v *MachineVM) Inspect() (*machine.InspectInfo, error) {
}
connInfo.PodmanSocket = podmanSocket
return &machine.InspectInfo{
ConfigPath: v.ConfigPath,
ConnectionInfo: *connInfo,
Created: v.Created,
Image: v.ImageConfig,
LastUp: v.LastUp,
Name: v.Name,
Resources: v.ResourceConfig,
SSHConfig: v.SSHConfig,
State: state,
ConfigPath: v.ConfigPath,
ConnectionInfo: *connInfo,
Created: v.Created,
Image: v.ImageConfig,
LastUp: v.LastUp,
Name: v.Name,
Resources: v.ResourceConfig,
SSHConfig: v.SSHConfig,
State: state,
UserModeNetworking: true, // always true
}, nil
}

Expand Down
Loading

0 comments on commit 230ddbe

Please sign in to comment.