Add user-mode networking feature to Windows/WSL #18303
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: n1hility The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
n1hility
changed the title
n1hility
changed the title
n1hility
force-pushed
the
user-mode
branch
10 times, most recently
from
4bb5026
to
a4afae0
Compare
Resolves Win Installer CI issues where dep processing variance can pull in gpgme, which doesn't compile on Windows without a specialized msys2 setup. Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
PTAL @containers/podman-maintainers (Also FYI @baude this updates the installer/zip bundled gvproxy version to the same version (0.6.1) that we have been testing with hyper-v) |
|
@Luap99 thanks for the feedback. I updated the PR to address your notes. Ill keep an eye on the next test run, but shouldn't have an impact |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
Looks like tests came back green on the updates to Paul's notes PTAL @containers/podman-maintainers when you get a chance. |
|
LGTM |
|
/lgtm |
|
I getting this error after restarting my sysytem, do we need to add these file everytime ? cp: cannot stat '/mnt/wsl/resolv.conf': No such file or directory I have enabled user mode networking, got this error PS C:\Users> podman machine start then, i have added resolv.conf and wsl.conf |
github-actions
bot
added
the
locked - please file new issue/PR
Certain VPN setups or other specialized networking configs will block traffic from the virtual WSL networking device, resulting in the podman WSL backend from being unable to contact systems on the VPN, and potentially losing internet access altogether. While some VPN providers provide configuration options to allow traffic from VMs, users may be prevented by policy from changing these options, or they may require networking infrastructure changes that require time to implement.
This PR adds a user-mode networking capability to podman machine on Windows, that works around this issue by rerouting all traffic over a user-space process running on the host, similar to the setup in use on Linux and Mac.
It adds a
--user-mode-networkingflag topodman machine initandpodman machine setto configure the specified machine instance for user-mode networking.When specified,
initwill provision an additional WSL distribution for dynamically configuring and running the user-mode networking environment. The user-mode network dist replaces the WSL network configuration with a tap device that is tunneled to a gvproxy.exe process running on the host (using the stdio transport, which was recently contributed to gvisor-tap-vsock by the wsl-vpnkit author). All traffic from all running WSL distributions (including DNS) is rerouted over this process.podman machine startlaunches this special dist along with any machine instance configured to require it. The usage of the user-mode env dist is reference counted with cooperative file-locking: subsequent machine starts will share the same instance, and the last user-mode-net requiring machine will stop the networking dist, restoring the standard WSL network as part of its shutdown.Machine instances that do not require user-mode networking will still participate in the user-mode network when running (required since the kernel is shared across all WSL dists), but they will not prevent the user-mode network from closing. Instead, traffic will begin to flow over the standard WSL network setup.
Since the qemu backend on Linux and Mac are designed around user-mode networking, this option is restricted to always be true on those platforms.
This PR also includes a commit to address an unrelated win installer CI failure that was showing up in the verification of this PR (an environment-varying go build issue can be triggered where it over-eagerly builds unnessecary transitive deps, including gpgme that won't normally build cleanly on Windows)
A follow-up PR will add a section to the Windows tutorial.
[NO NEW TESTS NEEDED]