podman 1.0.3

data/lib/vagrant/podman/communicator.rb

@@ -0,0 +1,199 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+require "digest/md5"
+require "tempfile"
+
+module VagrantPlugins
+  module PodmanProvider
+    # This communicator uses the host VM as proxy to communicate to the
+    # actual Podman container via SSH.
+    class Communicator < Vagrant.plugin("2", :communicator)
+      def initialize(machine)
+        @machine = machine
+        @host_vm = machine.provider.host_vm
+
+        # We only work on the Podman provider
+        if machine.provider_name != :podman
+          raise Errors::CommunicatorNotPodman
+        end
+      end
+
+      #-------------------------------------------------------------------
+      # Communicator Methods
+      #-------------------------------------------------------------------
+
+      def ready?
+        # We can't be ready if we can't talk to the host VM
+        return false if !@host_vm.communicate.ready?
+
+        # We're ready if we can establish an SSH connection to the container
+        command = container_ssh_command
+        return false if !command
+        @host_vm.communicate.test("#{command} exit")
+      end
+
+      def download(from, to)
+        # Same process as upload, but in reverse
+
+        # First, we use `cat` to copy that file from the Podman container.
+        temp = "/tmp/podman_d#{Time.now.to_i}_#{rand(100000)}"
+        @host_vm.communicate.execute("#{container_ssh_command} 'cat #{from}' >#{temp}")
+
+        # Then, we download this from the host VM.
+        @host_vm.communicate.download(temp, to)
+
+        # Remove the temporary file
+        @host_vm.communicate.execute("rm -f #{temp}", error_check: false)
+      end
+
+      def execute(command, **opts, &block)
+        fence = {}
+        fence[:stderr] = "VAGRANT FENCE: #{Time.now.to_i} #{rand(100000)}"
+        fence[:stdout] = "VAGRANT FENCE: #{Time.now.to_i} #{rand(100000)}"
+
+        # We want to emulate how the SSH communicator actually executes
+        # things, so we build up the list of commands to execute in a
+        # giant shell script.
+        tf = Tempfile.new("vagrant")
+        tf.binmode
+        tf.write("export TERM=vt100\n")
+        tf.write("echo #{fence[:stdout]}\n")
+        tf.write("echo #{fence[:stderr]} >&2\n")
+        tf.write("#{command}\n")
+        tf.write("exit\n")
+        tf.close
+
+        # Upload the temp file to the remote machine
+        remote_temp = "/tmp/podman_#{Time.now.to_i}_#{rand(100000)}"
+        @host_vm.communicate.upload(tf.path, remote_temp)
+
+        # Determine the shell to execute. Prefer the explicitly passed in shell
+        # over the default configured shell. If we are using `sudo` then we
+        # need to wrap the shell in a `sudo` call.
+        shell_cmd = @machine.config.ssh.shell
+        shell_cmd = opts[:shell] if opts[:shell]
+        shell_cmd = "sudo -E -H #{shell_cmd}" if opts[:sudo]
+
+        acc    = {}
+        fenced = {}
+        result = @host_vm.communicate.execute(
+          "#{container_ssh_command} '#{shell_cmd}' <#{remote_temp}",
+          opts) do |type, data|
+          # If we don't have a block, we don't care about the data
+          next if !block
+
+          # We only care about stdout and stderr output
+          next if ![:stdout, :stderr].include?(type)
+
+          # If we reached our fence, then just output
+          if fenced[type]
+            block.call(type, data)
+            next
+          end
+
+          # Otherwise, accumulate
+          acc[type] = data
+
+          # Look for the fence
+          index = acc[type].index(fence[type])
+          next if !index
+
+          fenced[type] = true
+          index += fence[type].length
+          data  = acc[type][index..-1].chomp
+          acc[type] = ""
+          block.call(type, data)
+        end
+
+        @host_vm.communicate.execute("rm -f #{remote_temp}", error_check: false)
+
+        return result
+      end
+
+      def sudo(command, **opts, &block)
+        opts = { sudo: true }.merge(opts)
+        execute(command, opts, &block)
+      end
+
+      def test(command, **opts)
+        opts = { error_check: false }.merge(opts)
+        execute(command, opts) == 0
+      end
+
+      def upload(from, to)
+        # First, we upload this to the host VM to some temporary directory.
+        to_temp = "/tmp/podman_#{Time.now.to_i}_#{rand(100000)}"
+        @host_vm.communicate.upload(from, to_temp)
+
+        # Then, we use `cat` to get that file into the Podman container.
+        @host_vm.communicate.execute(
+          "#{container_ssh_command} 'cat >#{to}' <#{to_temp}")
+
+        # Remove the temporary file
+        @host_vm.communicate.execute("rm -f #{to_temp}", error_check: false)
+      end
+
+      #-------------------------------------------------------------------
+      # Other Methods
+      #-------------------------------------------------------------------
+
+      # This returns the raw SSH command string that can be used to
+      # connect via SSH to the container if you're on the same machine
+      # as the container.
+      #
+      # @return [String]
+      def container_ssh_command
+        # Get the container's SSH info
+        info = @machine.ssh_info
+        return nil if !info
+        info[:port] ||= 22
+
+        # Make sure our private keys are synced over to the host VM
+        ssh_args = sync_private_keys(info).map do |path|
+          "-i #{path}"
+        end
+
+        # Use ad-hoc SSH options for the hop on the podman proxy
+        if info[:forward_agent]
+          ssh_args << "-o ForwardAgent=yes"
+        end
+        ssh_args.concat(["-o Compression=yes",
+                         "-o ConnectTimeout=5",
+                         "-o StrictHostKeyChecking=no",
+                         "-o UserKnownHostsFile=/dev/null"])
+
+        # Build the SSH command
+        "ssh #{info[:username]}@#{info[:host]} -p#{info[:port]} #{ssh_args.join(" ")}"
+      end
+
+      protected
+
+      def sync_private_keys(info)
+        @keys ||= {}
+
+        id = Digest::MD5.hexdigest(
+          @machine.env.root_path.to_s + @machine.name.to_s)
+
+        result = []
+        info[:private_key_path].each do |path|
+          if !@keys[path.to_s]
+            # We haven't seen this before, upload it!
+            guest_path = "/tmp/key_#{id}_#{Digest::MD5.hexdigest(path.to_s)}"
+            @host_vm.communicate.upload(path.to_s, guest_path)
+
+            # Make sure it has the proper chmod
+            @host_vm.communicate.execute("chmod 0600 #{guest_path}")
+
+            # Set it
+            @keys[path.to_s] = guest_path
+          end
+
+          result << @keys[path.to_s]
+        end
+
+        result
+      end
+    end
+  end
+end

data/lib/vagrant/podman/config.rb

@@ -0,0 +1,368 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+require "pathname"
+
+require "vagrant/util/platform"
+
+module VagrantPlugins
+  module PodmanProvider
+    class Config < Vagrant.plugin("2", :config)
+      attr_accessor :image, :cmd, :ports, :volumes, :privileged, :network, :user, :userns
+
+      # Additional arguments to pass to `podman build` when creating
+      # an image using the build dir setting.
+      #
+      # @return [Array<String>]
+      attr_accessor :build_args
+
+      # The directory with a Podmanfile to build and use as the basis
+      # for this container. If this is set, neither "image" nor "git_repo"
+      # should be set.
+      #
+      # @return [String]
+      attr_accessor :build_dir
+
+      # The URL for a git repository with a Podmanfile to build and use
+      # as the basis for this container. If this is set, neither "image"
+      # nor "build_dir" should be set.
+      #
+      # @return [String]
+      attr_accessor :git_repo
+
+      # Use podman-compose to manage the lifecycle and environment for
+      # containers instead of using podman directly.
+      #
+      # @return [Boolean]
+      attr_accessor :compose
+
+      # Configuration Hash used for build the podman-compose composition
+      # file. This can be used for adding networks or volumes.
+      #
+      # @return [Hash]
+      attr_accessor :compose_configuration
+
+      # An optional file name of a Podmanfile to be used when building
+      # the image. This requires Podman >1.5.0.
+      #
+      # @return [String]
+      attr_accessor :podmanfile
+
+      # Additional arguments to pass to `podman run` when creating
+      # the container for the first time. This is an array of args.
+      #
+      # @return [Array<String>]
+      attr_accessor :create_args
+
+      # Environmental variables to set in the container.
+      #
+      # @return [Hash]
+      attr_accessor :env
+
+      # Ports to expose from the container but not to the host machine.
+      # This is useful for links.
+      #
+      # @return [Array<Integer>]
+      attr_accessor :expose
+
+      # Force using a proxy VM, even on Linux hosts.
+      #
+      # @return [Boolean]
+      attr_accessor :force_host_vm
+
+      # True if the Podman container exposes SSH access. If this is true,
+      # then Vagrant can do a bunch more things like setting the hostname,
+      # provisioning, etc.
+      attr_accessor :has_ssh
+
+      # Options for the build dir synced folder if a host VM is in use.
+      #
+      # @return [Hash]
+      attr_accessor :host_vm_build_dir_options
+
+      # The name for the container. This must be unique for all containers
+      # on the proxy machine if it is made.
+      #
+      # @return [String]
+      attr_accessor :name
+
+      # If true, the image will be pulled on every `up` and `reload`
+      # to ensure the latest image.
+      #
+      # @return [Bool]
+      attr_accessor :pull
+
+      # True if the podman container is meant to stay in the "running"
+      # state (is a long running process). By default this is true.
+      #
+      # @return [Boolean]
+      attr_accessor :remains_running
+
+      # The time to wait before sending a SIGTERM to the container
+      # when it is stopped.
+      #
+      # @return [Integer]
+      attr_accessor :stop_timeout
+
+      # The name of the machine in the Vagrantfile set with
+      # "vagrant_vagrantfile" that will be the podman host. Defaults
+      # to "default"
+      #
+      # See the "vagrant_vagrantfile" docs for more info.
+      #
+      # @return [String]
+      attr_accessor :vagrant_machine
+
+      # The path to the Vagrantfile that contains a VM that will be
+      # started as the Podman host if needed (Windows, OS X, Linux
+      # without container support).
+      #
+      # Defaults to a built-in Vagrantfile that will load boot2podman.
+      #
+      # NOTE: This only has an effect if Vagrant needs a Podman host.
+      # Vagrant determines this automatically based on the environment
+      # it is running in.
+      #
+      # @return [String]
+      attr_accessor :vagrant_vagrantfile
+
+      #--------------------------------------------------------------
+      # Auth Settings
+      #--------------------------------------------------------------
+
+      # Server to authenticate to. If blank, will use the default
+      # Podman authentication endpoint (which is the Podman Hub at the
+      # time of this comment).
+      #
+      # @return [String]
+      attr_accessor :auth_server
+
+      # Email for logging in to a remote Podman server.
+      #
+      # @return [String]
+      attr_accessor :email
+
+      # Email for logging in to a remote Podman server.
+      #
+      # @return [String]
+      attr_accessor :username
+
+      # Password for logging in to a remote Podman server. If this is
+      # not blank, then Vagrant will run `podman login` prior to any
+      # Podman runs.
+      #
+      # The presence of auth will also force the Podman environments to
+      # serialize on `up` so that different users/passwords don't overlap.
+      #
+      # @return [String]
+      attr_accessor :password
+
+      def initialize
+        @build_args = []
+        @build_dir  = UNSET_VALUE
+        @git_repo   = UNSET_VALUE
+        @cmd        = UNSET_VALUE
+        @compose    = UNSET_VALUE
+        @compose_configuration = {}
+        @create_args = UNSET_VALUE
+        @podmanfile = UNSET_VALUE
+        @env        = {}
+        @expose     = []
+        @force_host_vm = UNSET_VALUE
+        @has_ssh    = UNSET_VALUE
+        @host_vm_build_dir_options = UNSET_VALUE
+        @image      = UNSET_VALUE
+        @network    = UNSET_VALUE
+        @user    = UNSET_VALUE
+        @userns    = UNSET_VALUE
+        @name       = UNSET_VALUE
+        @links      = []
+        @pull       = UNSET_VALUE
+        @ports      = UNSET_VALUE
+        @privileged = UNSET_VALUE
+        @remains_running = UNSET_VALUE
+        @stop_timeout = UNSET_VALUE
+        @volumes    = []
+        @vagrant_machine = UNSET_VALUE
+        @vagrant_vagrantfile = UNSET_VALUE
+
+        @auth_server = UNSET_VALUE
+        @email    = UNSET_VALUE
+        @username = UNSET_VALUE
+        @password = UNSET_VALUE
+      end
+
+      def link(name)
+        @links << name
+      end
+
+      def merge(other)
+        super.tap do |result|
+          # This is a bit confusing. The tests explain the purpose of this
+          # better than the code lets on, I believe.
+          has_image     = (other.image != UNSET_VALUE)
+          has_build_dir = (other.build_dir != UNSET_VALUE)
+          has_git_repo  = (other.git_repo != UNSET_VALUE)
+
+          if (has_image ^ has_build_dir ^ has_git_repo) && !(has_image && has_build_dir && has_git_repo)
+            # image
+            if has_image
+              if @build_dir != UNSET_VALUE
+                result.build_dir = nil
+              end
+              if @git_repo != UNSET_VALUE
+                result.git_repo = nil
+              end
+            end
+
+            # build_dir
+            if has_build_dir
+              if @image != UNSET_VALUE
+                result.image = nil
+              end
+              if @git_repo != UNSET_VALUE
+                result.git_repo = nil
+              end
+            end
+
+            # git_repo
+            if has_git_repo
+              if @build_dir != UNSET_VALUE
+                result.build_dir = nil
+              end
+              if @image != UNSET_VALUE
+                result.image = nil
+              end
+            end
+          end
+
+          env = {}
+          env.merge!(@env) if @env
+          env.merge!(other.env) if other.env
+          result.env = env
+
+          expose = self.expose.dup
+          expose += other.expose
+          result.instance_variable_set(:@expose, expose)
+
+          links = _links.dup
+          links += other._links
+          result.instance_variable_set(:@links, links)
+        end
+      end
+
+      def finalize!
+        @build_args = [] if @build_args == UNSET_VALUE
+        @build_dir  = nil if @build_dir == UNSET_VALUE
+        @git_repo   = nil if @git_repo == UNSET_VALUE
+        @cmd        = [] if @cmd == UNSET_VALUE
+        @compose    = false if @compose == UNSET_VALUE
+        @create_args = [] if @create_args == UNSET_VALUE
+        @podmanfile = nil if @podmanfile == UNSET_VALUE
+        @env       ||= {}
+        @has_ssh    = false if @has_ssh == UNSET_VALUE
+        @image      = nil if @image == UNSET_VALUE
+        @network      = nil if @network == UNSET_VALUE
+        @user       = nil if @user == UNSET_VALUE
+        @userns     = nil if @userns == UNSET_VALUE        
+        @name       = nil if @name == UNSET_VALUE
+        @pull       = false if @pull == UNSET_VALUE
+        @ports      = [] if @ports == UNSET_VALUE
+        @privileged = false if @privileged == UNSET_VALUE
+        @remains_running = true if @remains_running == UNSET_VALUE
+        @stop_timeout = 1 if @stop_timeout == UNSET_VALUE
+        @vagrant_machine = nil if @vagrant_machine == UNSET_VALUE
+        @vagrant_vagrantfile = nil if @vagrant_vagrantfile == UNSET_VALUE
+
+        @auth_server = nil if @auth_server == UNSET_VALUE
+        @email = "" if @email == UNSET_VALUE
+        @username = "" if @username == UNSET_VALUE
+        @password = "" if @password == UNSET_VALUE
+
+        if @host_vm_build_dir_options == UNSET_VALUE
+          @host_vm_build_dir_options = nil
+        end
+
+        # On non-linux platforms (where there is no native podman), force the
+        # host VM. Other users can optionally disable this by setting the
+        # value explicitly to false in their Vagrantfile.
+        if @force_host_vm == UNSET_VALUE
+          @force_host_vm = !Vagrant::Util::Platform.linux? &&
+            !Vagrant::Util::Platform.darwin? &&
+            !Vagrant::Util::Platform.windows?
+        end
+
+        # The machine name must be a symbol
+        @vagrant_machine = @vagrant_machine.to_sym if @vagrant_machine
+
+        @expose.uniq!
+
+        if @compose_configuration.is_a?(Hash)
+          # Ensures configuration is using basic types
+          @compose_configuration = JSON.parse(@compose_configuration.to_json)
+        end
+      end
+
+      def validate(machine)
+        errors = _detected_errors
+
+        if [@build_dir, @git_repo, @image].compact.size > 1
+          errors << I18n.t("podman_provider.errors.config.both_build_and_image_and_git")
+        end
+
+        if !@build_dir && !@git_repo && !@image
+          errors << I18n.t("podman_provider.errors.config.build_dir_or_image")
+        end
+
+        if @build_dir
+          build_dir_pn = Pathname.new(@build_dir)
+          if !build_dir_pn.directory?
+            errors << I18n.t("podman_provider.errors.config.build_dir_invalid")
+          end
+        end
+
+        # Comparison logic taken directly from podman's urlutil.go
+        if @git_repo && !( @git_repo =~ /^http(?:s)?:\/\/.*.git(?:#.+)?$/ || @git_repo =~ /^git(?:hub\.com|@|:\/\/)/)
+          errors << I18n.t("podman_provider.errors.config.git_repo_invalid")
+        end
+
+        if !@compose_configuration.is_a?(Hash)
+          errors << I18n.t("podman_provider.errors.config.compose_configuration_hash")
+        end
+
+        if @compose && @force_host_vm
+          errors << I18n.t("podman_provider.errors.config.compose_force_vm")
+        end
+
+        if !@create_args.is_a?(Array)
+          errors << I18n.t("podman_provider.errors.config.create_args_array")
+        end
+
+        @links.each do |link|
+          parts = link.split(":")
+          if parts.length != 2 || parts[0] == "" || parts[1] == ""
+            errors << I18n.t(
+              "podman_provider.errors.config.invalid_link", link: link)
+          end
+        end
+
+        if @vagrant_vagrantfile
+          vf_pn = Pathname.new(@vagrant_vagrantfile)
+          if !vf_pn.file?
+            errors << I18n.t("podman_provider.errors.config.invalid_vagrantfile")
+          end
+        end
+
+        { "podman provider" => errors }
+      end
+
+      #--------------------------------------------------------------
+      # Functions below should not be called by config files
+      #--------------------------------------------------------------
+
+      def _links
+        @links
+      end
+    end
+  end
+end