Manage image artifacts and show VM create progress
Stop relying on ad hoc rootfs handling by adding image promotion, managed work-seed fingerprint metadata, and lazy self-healing for older managed images after the first create. Rebuild guest images with baked SSH access, a guest NIC bootstrap, and default opencode services, and add the staged Void kernel/initramfs/modules workflow so void-exp uses a matching Void boot stack. Replace the opaque blocking vm.create RPC with a begin/status flow that prints live stages in the CLI while still waiting for vsock health and opencode on guest port 4096. Validate with GOCACHE=/tmp/banger-gocache go test ./... and live void-exp create/delete smoke runs.
This commit is contained in:
parent
9f09b0d25c
commit
30f0c0b54a
37 changed files with 2334 additions and 99 deletions
|
|
@ -56,6 +56,7 @@ func (d *Daemon) registeredCapabilities() []vmCapability {
|
|||
}
|
||||
return []vmCapability{
|
||||
workDiskCapability{},
|
||||
opencodeCapability{},
|
||||
dnsCapability{},
|
||||
natCapability{},
|
||||
}
|
||||
|
|
@ -103,6 +104,14 @@ func (d *Daemon) prepareCapabilityHosts(ctx context.Context, vm *model.VMRecord,
|
|||
|
||||
func (d *Daemon) postStartCapabilities(ctx context.Context, vm model.VMRecord, image model.Image) error {
|
||||
for _, capability := range d.registeredCapabilities() {
|
||||
switch capability.Name() {
|
||||
case "dns":
|
||||
vmCreateStage(ctx, "apply_dns", "publishing vm dns record")
|
||||
case "nat":
|
||||
if vm.Spec.NATEnabled {
|
||||
vmCreateStage(ctx, "apply_nat", "configuring nat")
|
||||
}
|
||||
}
|
||||
if hook, ok := capability.(postStartCapability); ok {
|
||||
if err := hook.PostStart(ctx, d, vm, image); err != nil {
|
||||
return err
|
||||
|
|
@ -191,10 +200,11 @@ func (workDiskCapability) ContributeMachine(cfg *firecracker.MachineConfig, vm m
|
|||
}
|
||||
|
||||
func (workDiskCapability) PrepareHost(ctx context.Context, d *Daemon, vm *model.VMRecord, image model.Image) error {
|
||||
if err := d.ensureWorkDisk(ctx, vm, image); err != nil {
|
||||
prep, err := d.ensureWorkDisk(ctx, vm, image)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return d.ensureAuthorizedKeyOnWorkDisk(ctx, vm)
|
||||
return d.ensureAuthorizedKeyOnWorkDisk(ctx, vm, image, prep)
|
||||
}
|
||||
|
||||
func (workDiskCapability) AddDoctorChecks(_ context.Context, d *Daemon, report *system.Report) {
|
||||
|
|
|
|||
|
|
@ -143,3 +143,15 @@ func TestContributeHooksPopulateGuestAndMachineConfig(t *testing.T) {
|
|||
t.Fatalf("guest fstab = %q, want %q", fstab, want)
|
||||
}
|
||||
}
|
||||
|
||||
func TestRegisteredCapabilitiesIncludeOpencode(t *testing.T) {
|
||||
d := &Daemon{}
|
||||
var names []string
|
||||
for _, capability := range d.registeredCapabilities() {
|
||||
names = append(names, capability.Name())
|
||||
}
|
||||
want := []string{"work-disk", "opencode", "dns", "nat"}
|
||||
if !reflect.DeepEqual(names, want) {
|
||||
t.Fatalf("capabilities = %v, want %v", names, want)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,6 +32,8 @@ type Daemon struct {
|
|||
runner system.CommandRunner
|
||||
logger *slog.Logger
|
||||
mu sync.Mutex
|
||||
createOpsMu sync.Mutex
|
||||
createOps map[string]*vmCreateOperationState
|
||||
vmLocksMu sync.Mutex
|
||||
vmLocks map[string]*sync.Mutex
|
||||
tapPoolMu sync.Mutex
|
||||
|
|
@ -249,6 +251,27 @@ func (d *Daemon) dispatch(ctx context.Context, req rpc.Request) rpc.Response {
|
|||
}
|
||||
vm, err := d.CreateVM(ctx, params)
|
||||
return marshalResultOrError(api.VMShowResult{VM: vm}, err)
|
||||
case "vm.create.begin":
|
||||
params, err := rpc.DecodeParams[api.VMCreateParams](req)
|
||||
if err != nil {
|
||||
return rpc.NewError("bad_request", err.Error())
|
||||
}
|
||||
op, err := d.BeginVMCreate(ctx, params)
|
||||
return marshalResultOrError(api.VMCreateBeginResult{Operation: op}, err)
|
||||
case "vm.create.status":
|
||||
params, err := rpc.DecodeParams[api.VMCreateStatusParams](req)
|
||||
if err != nil {
|
||||
return rpc.NewError("bad_request", err.Error())
|
||||
}
|
||||
op, err := d.VMCreateStatus(ctx, params.ID)
|
||||
return marshalResultOrError(api.VMCreateStatusResult{Operation: op}, err)
|
||||
case "vm.create.cancel":
|
||||
params, err := rpc.DecodeParams[api.VMCreateStatusParams](req)
|
||||
if err != nil {
|
||||
return rpc.NewError("bad_request", err.Error())
|
||||
}
|
||||
err = d.CancelVMCreate(ctx, params.ID)
|
||||
return marshalResultOrError(api.Empty{}, err)
|
||||
case "vm.list":
|
||||
vms, err := d.store.ListVMs(ctx)
|
||||
return marshalResultOrError(api.VMListResult{VMs: vms}, err)
|
||||
|
|
@ -376,6 +399,13 @@ func (d *Daemon) dispatch(ctx context.Context, req rpc.Request) rpc.Response {
|
|||
}
|
||||
image, err := d.RegisterImage(ctx, params)
|
||||
return marshalResultOrError(api.ImageShowResult{Image: image}, err)
|
||||
case "image.promote":
|
||||
params, err := rpc.DecodeParams[api.ImageRefParams](req)
|
||||
if err != nil {
|
||||
return rpc.NewError("bad_request", err.Error())
|
||||
}
|
||||
image, err := d.PromoteImage(ctx, params.IDOrName)
|
||||
return marshalResultOrError(api.ImageShowResult{Image: image}, err)
|
||||
case "image.delete":
|
||||
params, err := rpc.DecodeParams[api.ImageRefParams](req)
|
||||
if err != nil {
|
||||
|
|
@ -405,6 +435,7 @@ func (d *Daemon) backgroundLoop() {
|
|||
if err := d.stopStaleVMs(context.Background()); err != nil && d.logger != nil {
|
||||
d.logger.Error("background stale sweep failed", "error", err.Error())
|
||||
}
|
||||
d.pruneVMCreateOperations(time.Now().Add(-10 * time.Minute))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package daemon
|
|||
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"net"
|
||||
|
|
@ -13,6 +14,7 @@ import (
|
|||
|
||||
"banger/internal/api"
|
||||
"banger/internal/model"
|
||||
"banger/internal/paths"
|
||||
"banger/internal/rpc"
|
||||
"banger/internal/store"
|
||||
)
|
||||
|
|
@ -368,6 +370,178 @@ func TestRegisterImageRejectsManagedOverwrite(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestPromoteImageCopiesArtifactsAndPreservesIdentity(t *testing.T) {
|
||||
dir := t.TempDir()
|
||||
rootfs, kernel, initrd, modulesDir, packages := writeDefaultImageArtifacts(t, dir)
|
||||
workSeed := filepath.Join(dir, "rootfs-docker.work-seed.ext4")
|
||||
workSeedContent := []byte("seed-data")
|
||||
if err := os.WriteFile(workSeed, workSeedContent, 0o644); err != nil {
|
||||
t.Fatalf("WriteFile(workSeed): %v", err)
|
||||
}
|
||||
|
||||
db := openDefaultImageStore(t, dir)
|
||||
now := time.Date(2026, time.March, 20, 12, 0, 0, 0, time.UTC)
|
||||
existing := model.Image{
|
||||
ID: "promote-image-id",
|
||||
Name: "default",
|
||||
Managed: false,
|
||||
RootfsPath: rootfs,
|
||||
WorkSeedPath: workSeed,
|
||||
KernelPath: kernel,
|
||||
InitrdPath: initrd,
|
||||
ModulesDir: modulesDir,
|
||||
PackagesPath: packages,
|
||||
Docker: true,
|
||||
CreatedAt: now,
|
||||
UpdatedAt: now,
|
||||
}
|
||||
if err := db.UpsertImage(context.Background(), existing); err != nil {
|
||||
t.Fatalf("UpsertImage: %v", err)
|
||||
}
|
||||
vm := testVM("uses-default", existing.ID, "172.16.0.44")
|
||||
if err := db.UpsertVM(context.Background(), vm); err != nil {
|
||||
t.Fatalf("UpsertVM: %v", err)
|
||||
}
|
||||
|
||||
d := &Daemon{
|
||||
layout: modelPathsLayoutForTest(dir),
|
||||
store: db,
|
||||
}
|
||||
|
||||
image, err := d.PromoteImage(context.Background(), "default")
|
||||
if err != nil {
|
||||
t.Fatalf("PromoteImage: %v", err)
|
||||
}
|
||||
if !image.Managed {
|
||||
t.Fatal("promoted image should be managed")
|
||||
}
|
||||
if image.ID != existing.ID || image.Name != existing.Name {
|
||||
t.Fatalf("promoted image identity changed: %+v", image)
|
||||
}
|
||||
if !image.CreatedAt.Equal(existing.CreatedAt) {
|
||||
t.Fatalf("CreatedAt = %s, want preserved %s", image.CreatedAt, existing.CreatedAt)
|
||||
}
|
||||
if !image.UpdatedAt.After(existing.UpdatedAt) {
|
||||
t.Fatalf("UpdatedAt = %s, want newer than %s", image.UpdatedAt, existing.UpdatedAt)
|
||||
}
|
||||
wantArtifactDir := filepath.Join(d.layout.ImagesDir, existing.ID)
|
||||
if image.ArtifactDir != wantArtifactDir {
|
||||
t.Fatalf("ArtifactDir = %q, want %q", image.ArtifactDir, wantArtifactDir)
|
||||
}
|
||||
if image.RootfsPath != filepath.Join(wantArtifactDir, "rootfs.ext4") {
|
||||
t.Fatalf("RootfsPath = %q, want managed copy", image.RootfsPath)
|
||||
}
|
||||
if image.WorkSeedPath != filepath.Join(wantArtifactDir, "work-seed.ext4") {
|
||||
t.Fatalf("WorkSeedPath = %q, want managed copy", image.WorkSeedPath)
|
||||
}
|
||||
if image.KernelPath != kernel || image.InitrdPath != initrd || image.ModulesDir != modulesDir || image.PackagesPath != packages {
|
||||
t.Fatalf("boot support paths changed unexpectedly: %+v", image)
|
||||
}
|
||||
|
||||
rootfsContent, err := os.ReadFile(rootfs)
|
||||
if err != nil {
|
||||
t.Fatalf("ReadFile(rootfs): %v", err)
|
||||
}
|
||||
managedRootfsContent, err := os.ReadFile(image.RootfsPath)
|
||||
if err != nil {
|
||||
t.Fatalf("ReadFile(managed rootfs): %v", err)
|
||||
}
|
||||
if !bytes.Equal(managedRootfsContent, rootfsContent) {
|
||||
t.Fatal("managed rootfs copy content mismatch")
|
||||
}
|
||||
managedWorkSeedContent, err := os.ReadFile(image.WorkSeedPath)
|
||||
if err != nil {
|
||||
t.Fatalf("ReadFile(managed work seed): %v", err)
|
||||
}
|
||||
if !bytes.Equal(managedWorkSeedContent, workSeedContent) {
|
||||
t.Fatal("managed work seed copy content mismatch")
|
||||
}
|
||||
|
||||
got, err := db.GetImageByName(context.Background(), "default")
|
||||
if err != nil {
|
||||
t.Fatalf("GetImageByName: %v", err)
|
||||
}
|
||||
if got.RootfsPath != image.RootfsPath || !got.Managed || got.ArtifactDir != image.ArtifactDir {
|
||||
t.Fatalf("stored promoted image = %+v, want %+v", got, image)
|
||||
}
|
||||
gotVM, err := db.GetVMByID(context.Background(), vm.ID)
|
||||
if err != nil {
|
||||
t.Fatalf("GetVMByID: %v", err)
|
||||
}
|
||||
if gotVM.ImageID != existing.ID {
|
||||
t.Fatalf("VM image ID = %q, want preserved %q", gotVM.ImageID, existing.ID)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPromoteImageRejectsManagedImage(t *testing.T) {
|
||||
dir := t.TempDir()
|
||||
rootfs, kernel, initrd, modulesDir, packages := writeDefaultImageArtifacts(t, dir)
|
||||
db := openDefaultImageStore(t, dir)
|
||||
now := time.Date(2026, time.March, 20, 12, 0, 0, 0, time.UTC)
|
||||
if err := db.UpsertImage(context.Background(), model.Image{
|
||||
ID: "managed-id",
|
||||
Name: "default",
|
||||
Managed: true,
|
||||
ArtifactDir: filepath.Join(dir, "images", "managed-id"),
|
||||
RootfsPath: rootfs,
|
||||
KernelPath: kernel,
|
||||
InitrdPath: initrd,
|
||||
ModulesDir: modulesDir,
|
||||
PackagesPath: packages,
|
||||
CreatedAt: now,
|
||||
UpdatedAt: now,
|
||||
}); err != nil {
|
||||
t.Fatalf("UpsertImage: %v", err)
|
||||
}
|
||||
d := &Daemon{
|
||||
layout: modelPathsLayoutForTest(dir),
|
||||
store: db,
|
||||
}
|
||||
|
||||
_, err := d.PromoteImage(context.Background(), "default")
|
||||
if err == nil || !strings.Contains(err.Error(), "already managed") {
|
||||
t.Fatalf("PromoteImage(managed) error = %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPromoteImageSkipsMissingWorkSeed(t *testing.T) {
|
||||
dir := t.TempDir()
|
||||
rootfs, kernel, initrd, modulesDir, packages := writeDefaultImageArtifacts(t, dir)
|
||||
db := openDefaultImageStore(t, dir)
|
||||
now := time.Date(2026, time.March, 20, 12, 0, 0, 0, time.UTC)
|
||||
existing := model.Image{
|
||||
ID: "promote-missing-seed",
|
||||
Name: "default",
|
||||
Managed: false,
|
||||
RootfsPath: rootfs,
|
||||
WorkSeedPath: filepath.Join(dir, "missing.work-seed.ext4"),
|
||||
KernelPath: kernel,
|
||||
InitrdPath: initrd,
|
||||
ModulesDir: modulesDir,
|
||||
PackagesPath: packages,
|
||||
CreatedAt: now,
|
||||
UpdatedAt: now,
|
||||
}
|
||||
if err := db.UpsertImage(context.Background(), existing); err != nil {
|
||||
t.Fatalf("UpsertImage: %v", err)
|
||||
}
|
||||
d := &Daemon{
|
||||
layout: modelPathsLayoutForTest(dir),
|
||||
store: db,
|
||||
}
|
||||
|
||||
image, err := d.PromoteImage(context.Background(), "default")
|
||||
if err != nil {
|
||||
t.Fatalf("PromoteImage: %v", err)
|
||||
}
|
||||
if image.WorkSeedPath != "" {
|
||||
t.Fatalf("WorkSeedPath = %q, want empty for missing source work seed", image.WorkSeedPath)
|
||||
}
|
||||
if _, err := os.Stat(filepath.Join(image.ArtifactDir, "work-seed.ext4")); !os.IsNotExist(err) {
|
||||
t.Fatalf("managed work-seed should not exist, stat error = %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func openDefaultImageStore(t *testing.T, dir string) *store.Store {
|
||||
t.Helper()
|
||||
db, err := store.Open(filepath.Join(dir, "state.db"))
|
||||
|
|
@ -405,6 +579,12 @@ func writeDefaultImageArtifacts(t *testing.T, dir string) (rootfs, kernel, initr
|
|||
return rootfs, kernel, initrd, modulesDir, packages
|
||||
}
|
||||
|
||||
func modelPathsLayoutForTest(dir string) paths.Layout {
|
||||
return paths.Layout{
|
||||
ImagesDir: filepath.Join(dir, "images"),
|
||||
}
|
||||
}
|
||||
|
||||
func TestStartVMDNSFailsWhenAddressBusy(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
|
|
|
|||
|
|
@ -2,12 +2,17 @@ package daemon
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"testing"
|
||||
|
||||
"banger/internal/guest"
|
||||
"banger/internal/model"
|
||||
)
|
||||
|
||||
|
|
@ -34,7 +39,7 @@ func TestEnsureWorkDiskClonesSeedImageAndResizes(t *testing.T) {
|
|||
image := testImage("image-seeded")
|
||||
image.WorkSeedPath = seedPath
|
||||
|
||||
if err := d.ensureWorkDisk(context.Background(), &vm, image); err != nil {
|
||||
if _, err := d.ensureWorkDisk(context.Background(), &vm, image); err != nil {
|
||||
t.Fatalf("ensureWorkDisk: %v", err)
|
||||
}
|
||||
runner.assertExhausted()
|
||||
|
|
@ -90,3 +95,38 @@ func TestTapPoolWarmsAndReusesIdleTap(t *testing.T) {
|
|||
}
|
||||
runner.assertExhausted()
|
||||
}
|
||||
|
||||
func TestEnsureAuthorizedKeyOnWorkDiskSkipsRepairForMatchingSeededFingerprint(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
privateKey, err := rsa.GenerateKey(rand.Reader, 1024)
|
||||
if err != nil {
|
||||
t.Fatalf("GenerateKey: %v", err)
|
||||
}
|
||||
privateKeyPEM := pem.EncodeToMemory(&pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
|
||||
})
|
||||
sshKeyPath := filepath.Join(t.TempDir(), "id_rsa")
|
||||
if err := os.WriteFile(sshKeyPath, privateKeyPEM, 0o600); err != nil {
|
||||
t.Fatalf("WriteFile(private key): %v", err)
|
||||
}
|
||||
fingerprint, err := guest.AuthorizedPublicKeyFingerprint(sshKeyPath)
|
||||
if err != nil {
|
||||
t.Fatalf("AuthorizedPublicKeyFingerprint: %v", err)
|
||||
}
|
||||
|
||||
runner := &scriptedRunner{t: t}
|
||||
d := &Daemon{
|
||||
runner: runner,
|
||||
config: model.DaemonConfig{SSHKeyPath: sshKeyPath},
|
||||
}
|
||||
vm := testVM("seeded-fastpath", "image-seeded-fastpath", "172.16.0.62")
|
||||
vm.Runtime.WorkDiskPath = filepath.Join(t.TempDir(), "root.ext4")
|
||||
image := model.Image{SeededSSHPublicKeyFingerprint: fingerprint}
|
||||
|
||||
if err := d.ensureAuthorizedKeyOnWorkDisk(context.Background(), &vm, image, workDiskPreparation{ClonedFromSeed: true}); err != nil {
|
||||
t.Fatalf("ensureAuthorizedKeyOnWorkDisk: %v", err)
|
||||
}
|
||||
runner.assertExhausted()
|
||||
}
|
||||
|
|
|
|||
86
internal/daemon/image_seed.go
Normal file
86
internal/daemon/image_seed.go
Normal file
|
|
@ -0,0 +1,86 @@
|
|||
package daemon
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"banger/internal/guest"
|
||||
"banger/internal/model"
|
||||
"banger/internal/system"
|
||||
)
|
||||
|
||||
func (d *Daemon) seedAuthorizedKeyOnExt4Image(ctx context.Context, imagePath string) (string, error) {
|
||||
if strings.TrimSpace(d.config.SSHKeyPath) == "" {
|
||||
return "", nil
|
||||
}
|
||||
fingerprint, err := guest.AuthorizedPublicKeyFingerprint(d.config.SSHKeyPath)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("derive authorized ssh key fingerprint: %w", err)
|
||||
}
|
||||
publicKey, err := guest.AuthorizedPublicKey(d.config.SSHKeyPath)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("derive authorized ssh key: %w", err)
|
||||
}
|
||||
mountDir, cleanup, err := system.MountTempDir(ctx, d.runner, imagePath, false)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
defer cleanup()
|
||||
|
||||
if err := d.flattenNestedWorkHome(ctx, mountDir); err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
sshDir := filepath.Join(mountDir, ".ssh")
|
||||
if _, err := d.runner.RunSudo(ctx, "mkdir", "-p", sshDir); err != nil {
|
||||
return "", err
|
||||
}
|
||||
if _, err := d.runner.RunSudo(ctx, "chmod", "700", sshDir); err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
authorizedKeysPath := filepath.Join(sshDir, "authorized_keys")
|
||||
existing, err := d.runner.RunSudo(ctx, "cat", authorizedKeysPath)
|
||||
if err != nil {
|
||||
existing = nil
|
||||
}
|
||||
merged := mergeAuthorizedKey(existing, publicKey)
|
||||
tmpFile, err := os.CreateTemp("", "banger-image-authorized-keys-*")
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
tmpPath := tmpFile.Name()
|
||||
if _, err := tmpFile.Write(merged); err != nil {
|
||||
_ = tmpFile.Close()
|
||||
_ = os.Remove(tmpPath)
|
||||
return "", err
|
||||
}
|
||||
if err := tmpFile.Close(); err != nil {
|
||||
_ = os.Remove(tmpPath)
|
||||
return "", err
|
||||
}
|
||||
defer os.Remove(tmpPath)
|
||||
if _, err := d.runner.RunSudo(ctx, "install", "-m", "600", tmpPath, authorizedKeysPath); err != nil {
|
||||
return "", err
|
||||
}
|
||||
return fingerprint, nil
|
||||
}
|
||||
|
||||
func (d *Daemon) refreshManagedWorkSeedFingerprint(ctx context.Context, image model.Image, fingerprint string) error {
|
||||
if !image.Managed || strings.TrimSpace(image.WorkSeedPath) == "" || strings.TrimSpace(fingerprint) == "" {
|
||||
return nil
|
||||
}
|
||||
seededFingerprint, err := d.seedAuthorizedKeyOnExt4Image(ctx, image.WorkSeedPath)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if seededFingerprint == "" || seededFingerprint == image.SeededSSHPublicKeyFingerprint {
|
||||
return nil
|
||||
}
|
||||
image.SeededSSHPublicKeyFingerprint = seededFingerprint
|
||||
image.UpdatedAt = model.Now()
|
||||
return d.store.UpsertImage(ctx, image)
|
||||
}
|
||||
|
|
@ -14,8 +14,10 @@ import (
|
|||
|
||||
"banger/internal/firecracker"
|
||||
"banger/internal/guest"
|
||||
"banger/internal/guestnet"
|
||||
"banger/internal/hostnat"
|
||||
"banger/internal/model"
|
||||
"banger/internal/opencode"
|
||||
"banger/internal/system"
|
||||
"banger/internal/vsockagent"
|
||||
)
|
||||
|
|
@ -103,6 +105,10 @@ func (d *Daemon) runImageBuildNative(ctx context.Context, spec imageBuildSpec) (
|
|||
return err
|
||||
}
|
||||
defer client.Close()
|
||||
authorizedKey, err := guest.AuthorizedPublicKey(d.config.SSHKeyPath)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
helperBytes, err := os.ReadFile(d.config.VSockAgentPath)
|
||||
if err != nil {
|
||||
|
|
@ -117,7 +123,7 @@ func (d *Daemon) runImageBuildNative(ctx context.Context, spec imageBuildSpec) (
|
|||
if err := writeBuildLog(spec.BuildLog, "configuring guest"); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := client.RunScript(ctx, buildProvisionScript(vm.Name, d.config.DefaultDNS, packages, spec.InstallDocker), spec.BuildLog); err != nil {
|
||||
if err := client.RunScript(ctx, buildProvisionScript(vm.Name, d.config.DefaultDNS, string(authorizedKey), packages, spec.InstallDocker), spec.BuildLog); err != nil {
|
||||
return err
|
||||
}
|
||||
if strings.TrimSpace(spec.ModulesDir) != "" {
|
||||
|
|
@ -250,7 +256,7 @@ func (d *Daemon) shutdownImageBuildVM(ctx context.Context, vm imageBuildVM) erro
|
|||
return d.waitForExit(ctx, vm.PID, vm.APISock, 15*time.Second)
|
||||
}
|
||||
|
||||
func buildProvisionScript(vmName, dnsServer string, packages []string, installDocker bool) string {
|
||||
func buildProvisionScript(vmName, dnsServer, authorizedKey string, packages []string, installDocker bool) string {
|
||||
var script bytes.Buffer
|
||||
script.WriteString("set -euo pipefail\n")
|
||||
fmt.Fprintf(&script, "printf 'nameserver %%s\\n' %s > /etc/resolv.conf\n", shellQuote(dnsServer))
|
||||
|
|
@ -260,11 +266,14 @@ func buildProvisionScript(vmName, dnsServer string, packages []string, installDo
|
|||
script.WriteString("sed -i '\\|^/dev/vdb[[:space:]]\\+/home[[:space:]]|d; \\|^/dev/vdc[[:space:]]\\+/var[[:space:]]|d' /etc/fstab\n")
|
||||
script.WriteString("if ! grep -q '^tmpfs /run ' /etc/fstab; then echo 'tmpfs /run tmpfs defaults,nodev,nosuid,mode=0755 0 0' >> /etc/fstab; fi\n")
|
||||
script.WriteString("if ! grep -q '^tmpfs /tmp ' /etc/fstab; then echo 'tmpfs /tmp tmpfs defaults,nodev,nosuid,mode=1777 0 0' >> /etc/fstab; fi\n")
|
||||
appendAuthorizedKeySetup(&script, authorizedKey)
|
||||
script.WriteString("apt-get update\n")
|
||||
script.WriteString("DEBIAN_FRONTEND=noninteractive apt-get -y upgrade\n")
|
||||
fmt.Fprintf(&script, "PACKAGES=%s\n", shellArray(packages))
|
||||
script.WriteString("DEBIAN_FRONTEND=noninteractive apt-get -y install \"${PACKAGES[@]}\"\n")
|
||||
appendGuestNetworkSetup(&script)
|
||||
appendMiseSetup(&script)
|
||||
appendOpenCodeServiceSetup(&script)
|
||||
appendTmuxSetup(&script)
|
||||
appendVSockPingSetup(&script)
|
||||
if installDocker {
|
||||
|
|
@ -279,6 +288,15 @@ func buildProvisionScript(vmName, dnsServer string, packages []string, installDo
|
|||
return script.String()
|
||||
}
|
||||
|
||||
func appendAuthorizedKeySetup(script *bytes.Buffer, authorizedKey string) {
|
||||
script.WriteString("mkdir -p /root/.ssh\n")
|
||||
script.WriteString("chmod 700 /root/.ssh\n")
|
||||
script.WriteString("cat > /root/.ssh/authorized_keys <<'EOF'\n")
|
||||
script.WriteString(strings.TrimSpace(authorizedKey))
|
||||
script.WriteString("\nEOF\n")
|
||||
script.WriteString("chmod 600 /root/.ssh/authorized_keys\n")
|
||||
}
|
||||
|
||||
func buildModulesCommand(modulesBase string) string {
|
||||
return fmt.Sprintf("bash -se <<'EOF'\nset -euo pipefail\nmkdir -p /lib/modules\ntar -C /lib/modules -xf -\ndepmod -a %s\nmkdir -p /etc/modules-load.d\nprintf 'nf_tables\\nnft_chain_nat\\nveth\\nbr_netfilter\\noverlay\\n' > /etc/modules-load.d/docker-netfilter.conf\nmkdir -p /etc/sysctl.d\ncat > /etc/sysctl.d/99-docker.conf <<'SYSCTL'\nnet.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1\nSYSCTL\nsysctl --system >/dev/null 2>&1 || true\nEOF", shellQuote(modulesBase))
|
||||
}
|
||||
|
|
@ -286,6 +304,9 @@ func buildModulesCommand(modulesBase string) string {
|
|||
func appendMiseSetup(script *bytes.Buffer) {
|
||||
fmt.Fprintf(script, "curl -fsSL https://mise.run | MISE_INSTALL_PATH=%s MISE_VERSION=%s sh\n", shellQuote(defaultMiseInstallPath), shellQuote(defaultMiseVersion))
|
||||
fmt.Fprintf(script, "%s use -g %s\n", shellQuote(defaultMiseInstallPath), shellQuote(defaultOpenCodeTool))
|
||||
fmt.Fprintf(script, "%s reshim\n", shellQuote(defaultMiseInstallPath))
|
||||
fmt.Fprintf(script, "if [[ ! -e %s ]]; then echo 'opencode shim not found after mise install' >&2; exit 1; fi\n", shellQuote(opencode.ShimPath))
|
||||
fmt.Fprintf(script, "ln -snf %s %s\n", shellQuote(opencode.ShimPath), shellQuote(opencode.GuestBinaryPath))
|
||||
script.WriteString("mkdir -p /etc/profile.d\n")
|
||||
script.WriteString("cat > /etc/profile.d/mise.sh <<'EOF'\n")
|
||||
fmt.Fprintf(script, "if [ -n \"${BASH_VERSION:-}\" ] && [ -x %s ]; then\n", shellQuote(defaultMiseInstallPath))
|
||||
|
|
@ -296,6 +317,28 @@ func appendMiseSetup(script *bytes.Buffer) {
|
|||
appendLineIfMissing(script, "/etc/bash.bashrc", defaultMiseActivateLine)
|
||||
}
|
||||
|
||||
func appendGuestNetworkSetup(script *bytes.Buffer) {
|
||||
script.WriteString("mkdir -p /usr/local/libexec /etc/systemd/system\n")
|
||||
script.WriteString("cat > " + guestnet.GuestScriptPath + " <<'EOF'\n")
|
||||
script.WriteString(guestnet.BootstrapScript())
|
||||
script.WriteString("EOF\n")
|
||||
script.WriteString("chmod 0755 " + guestnet.GuestScriptPath + "\n")
|
||||
script.WriteString("cat > /etc/systemd/system/" + guestnet.SystemdServiceName + " <<'EOF'\n")
|
||||
script.WriteString(guestnet.SystemdServiceUnit())
|
||||
script.WriteString("EOF\n")
|
||||
script.WriteString("chmod 0644 /etc/systemd/system/" + guestnet.SystemdServiceName + "\n")
|
||||
script.WriteString("if command -v systemctl >/dev/null 2>&1; then systemctl daemon-reload || true; systemctl enable --now " + guestnet.SystemdServiceName + " || true; fi\n")
|
||||
}
|
||||
|
||||
func appendOpenCodeServiceSetup(script *bytes.Buffer) {
|
||||
script.WriteString("mkdir -p /etc/systemd/system\n")
|
||||
script.WriteString("cat > /etc/systemd/system/" + opencode.ServiceName + " <<'EOF'\n")
|
||||
script.WriteString(opencode.ServiceUnit())
|
||||
script.WriteString("EOF\n")
|
||||
script.WriteString("chmod 0644 /etc/systemd/system/" + opencode.ServiceName + "\n")
|
||||
script.WriteString("if command -v systemctl >/dev/null 2>&1; then systemctl daemon-reload || true; systemctl enable --now " + opencode.ServiceName + " || true; fi\n")
|
||||
}
|
||||
|
||||
func appendTmuxSetup(script *bytes.Buffer) {
|
||||
fmt.Fprintf(script, "TMUX_PLUGIN_DIR=%s\n", shellQuote(defaultTMUXPluginDir))
|
||||
fmt.Fprintf(script, "TMUX_RESURRECT_DIR=%s\n", shellQuote(defaultTMUXResurrectDir))
|
||||
|
|
|
|||
|
|
@ -8,14 +8,28 @@ import (
|
|||
func TestBuildProvisionScriptInstallsDefaultTools(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
script := buildProvisionScript("devbox", "1.1.1.1", []string{"git", "curl"}, false)
|
||||
script := buildProvisionScript("devbox", "1.1.1.1", "ssh-ed25519 AAAATESTKEY banger", []string{"git", "curl"}, false)
|
||||
for _, snippet := range []string{
|
||||
"mkdir -p /root/.ssh",
|
||||
"cat > /root/.ssh/authorized_keys <<'EOF'",
|
||||
"ssh-ed25519 AAAATESTKEY banger",
|
||||
"cat > /usr/local/libexec/banger-network-bootstrap <<'EOF'",
|
||||
"ip addr replace \"$guest_ip/$prefix\" dev \"$iface\"",
|
||||
"cat > /etc/systemd/system/banger-network.service <<'EOF'",
|
||||
"systemctl enable --now banger-network.service || true",
|
||||
"curl -fsSL https://mise.run | MISE_INSTALL_PATH='/usr/local/bin/mise' MISE_VERSION='v2025.12.0' sh",
|
||||
"'/usr/local/bin/mise' use -g 'github:anomalyco/opencode'",
|
||||
"'/usr/local/bin/mise' reshim",
|
||||
"if [[ ! -e '/root/.local/share/mise/shims/opencode' ]]; then echo 'opencode shim not found after mise install' >&2; exit 1; fi",
|
||||
"ln -snf '/root/.local/share/mise/shims/opencode' '/usr/local/bin/opencode'",
|
||||
"cat > /etc/profile.d/mise.sh <<'EOF'",
|
||||
"if [ -n \"${BASH_VERSION:-}\" ] && [ -x '/usr/local/bin/mise' ]; then",
|
||||
`eval "$(/usr/local/bin/mise activate bash)"`,
|
||||
`if ! grep -Fqx 'eval "$(/usr/local/bin/mise activate bash)"' '/etc/bash.bashrc'; then`,
|
||||
"cat > /etc/systemd/system/banger-opencode.service <<'EOF'",
|
||||
"RequiresMountsFor=/root",
|
||||
"ExecStart=/usr/local/bin/opencode serve --hostname 0.0.0.0 --port 4096",
|
||||
"systemctl enable --now banger-opencode.service || true",
|
||||
`git clone --depth 1 'https://github.com/tmux-plugins/tpm' "$TMUX_PLUGIN_DIR/tpm"`,
|
||||
`git clone --depth 1 'https://github.com/tmux-plugins/tmux-resurrect' "$TMUX_PLUGIN_DIR/tmux-resurrect"`,
|
||||
`git clone --depth 1 'https://github.com/tmux-plugins/tmux-continuum' "$TMUX_PLUGIN_DIR/tmux-continuum"`,
|
||||
|
|
|
|||
|
|
@ -103,26 +103,33 @@ func (d *Daemon) BuildImage(ctx context.Context, params api.ImageBuildParams) (i
|
|||
_ = os.RemoveAll(artifactDir)
|
||||
return model.Image{}, err
|
||||
}
|
||||
seededSSHPublicKeyFingerprint, err := d.seedAuthorizedKeyOnExt4Image(ctx, workSeedPath)
|
||||
if err != nil {
|
||||
_ = logFile.Sync()
|
||||
_ = os.RemoveAll(artifactDir)
|
||||
return model.Image{}, err
|
||||
}
|
||||
if err := writePackagesMetadata(rootfsPath, d.config.DefaultPackagesFile); err != nil {
|
||||
_ = logFile.Sync()
|
||||
_ = os.RemoveAll(artifactDir)
|
||||
return model.Image{}, err
|
||||
}
|
||||
image = model.Image{
|
||||
ID: id,
|
||||
Name: name,
|
||||
Managed: true,
|
||||
ArtifactDir: artifactDir,
|
||||
RootfsPath: rootfsPath,
|
||||
WorkSeedPath: workSeedPath,
|
||||
KernelPath: kernelPath,
|
||||
InitrdPath: initrdPath,
|
||||
ModulesDir: modulesDir,
|
||||
PackagesPath: d.config.DefaultPackagesFile,
|
||||
BuildSize: params.Size,
|
||||
Docker: params.Docker,
|
||||
CreatedAt: now,
|
||||
UpdatedAt: now,
|
||||
ID: id,
|
||||
Name: name,
|
||||
Managed: true,
|
||||
ArtifactDir: artifactDir,
|
||||
RootfsPath: rootfsPath,
|
||||
WorkSeedPath: workSeedPath,
|
||||
KernelPath: kernelPath,
|
||||
InitrdPath: initrdPath,
|
||||
ModulesDir: modulesDir,
|
||||
PackagesPath: d.config.DefaultPackagesFile,
|
||||
BuildSize: params.Size,
|
||||
SeededSSHPublicKeyFingerprint: seededSSHPublicKeyFingerprint,
|
||||
Docker: params.Docker,
|
||||
CreatedAt: now,
|
||||
UpdatedAt: now,
|
||||
}
|
||||
if err := d.store.UpsertImage(ctx, image); err != nil {
|
||||
return model.Image{}, err
|
||||
|
|
@ -220,6 +227,105 @@ func (d *Daemon) RegisterImage(ctx context.Context, params api.ImageRegisterPara
|
|||
return image, nil
|
||||
}
|
||||
|
||||
func (d *Daemon) PromoteImage(ctx context.Context, idOrName string) (image model.Image, err error) {
|
||||
d.mu.Lock()
|
||||
defer d.mu.Unlock()
|
||||
|
||||
op := d.beginOperation("image.promote")
|
||||
defer func() {
|
||||
if err != nil {
|
||||
op.fail(err, imageLogAttrs(image)...)
|
||||
return
|
||||
}
|
||||
op.done(imageLogAttrs(image)...)
|
||||
}()
|
||||
|
||||
image, err = d.FindImage(ctx, idOrName)
|
||||
if err != nil {
|
||||
return model.Image{}, err
|
||||
}
|
||||
if image.Managed {
|
||||
return model.Image{}, fmt.Errorf("image %s is already managed", image.Name)
|
||||
}
|
||||
if err := validateImagePromotePaths(image.RootfsPath, image.KernelPath, image.InitrdPath, image.ModulesDir, image.PackagesPath); err != nil {
|
||||
return model.Image{}, err
|
||||
}
|
||||
if strings.TrimSpace(d.layout.ImagesDir) == "" {
|
||||
return model.Image{}, errors.New("images dir is not configured")
|
||||
}
|
||||
if err := os.MkdirAll(d.layout.ImagesDir, 0o755); err != nil {
|
||||
return model.Image{}, err
|
||||
}
|
||||
|
||||
artifactDir := filepath.Join(d.layout.ImagesDir, image.ID)
|
||||
if _, statErr := os.Stat(artifactDir); statErr == nil {
|
||||
return model.Image{}, fmt.Errorf("artifact dir already exists: %s", artifactDir)
|
||||
} else if !os.IsNotExist(statErr) {
|
||||
return model.Image{}, statErr
|
||||
}
|
||||
|
||||
stageDir, err := os.MkdirTemp(d.layout.ImagesDir, image.ID+".promote-")
|
||||
if err != nil {
|
||||
return model.Image{}, err
|
||||
}
|
||||
cleanupStage := true
|
||||
defer func() {
|
||||
if cleanupStage {
|
||||
_ = os.RemoveAll(stageDir)
|
||||
}
|
||||
}()
|
||||
|
||||
rootfsPath := filepath.Join(stageDir, "rootfs.ext4")
|
||||
op.stage("copy_rootfs", "source_rootfs_path", image.RootfsPath, "target_rootfs_path", rootfsPath)
|
||||
if err := system.CopyFilePreferClone(image.RootfsPath, rootfsPath); err != nil {
|
||||
return model.Image{}, err
|
||||
}
|
||||
|
||||
workSeedPath := ""
|
||||
if image.WorkSeedPath != "" {
|
||||
if _, statErr := os.Stat(image.WorkSeedPath); statErr != nil {
|
||||
if os.IsNotExist(statErr) {
|
||||
op.stage("skip_missing_work_seed", "source_work_seed_path", image.WorkSeedPath)
|
||||
image.WorkSeedPath = ""
|
||||
} else {
|
||||
return model.Image{}, statErr
|
||||
}
|
||||
}
|
||||
}
|
||||
if image.WorkSeedPath != "" {
|
||||
workSeedPath = filepath.Join(stageDir, "work-seed.ext4")
|
||||
op.stage("copy_work_seed", "source_work_seed_path", image.WorkSeedPath, "target_work_seed_path", workSeedPath)
|
||||
if err := system.CopyFilePreferClone(image.WorkSeedPath, workSeedPath); err != nil {
|
||||
return model.Image{}, err
|
||||
}
|
||||
image.SeededSSHPublicKeyFingerprint, err = d.seedAuthorizedKeyOnExt4Image(ctx, workSeedPath)
|
||||
if err != nil {
|
||||
return model.Image{}, err
|
||||
}
|
||||
} else {
|
||||
image.SeededSSHPublicKeyFingerprint = ""
|
||||
}
|
||||
|
||||
op.stage("activate_artifacts", "artifact_dir", artifactDir)
|
||||
if err := os.Rename(stageDir, artifactDir); err != nil {
|
||||
return model.Image{}, err
|
||||
}
|
||||
cleanupStage = false
|
||||
|
||||
image.Managed = true
|
||||
image.ArtifactDir = artifactDir
|
||||
image.RootfsPath = filepath.Join(artifactDir, "rootfs.ext4")
|
||||
if workSeedPath != "" {
|
||||
image.WorkSeedPath = filepath.Join(artifactDir, "work-seed.ext4")
|
||||
}
|
||||
image.UpdatedAt = model.Now()
|
||||
if err := d.store.UpsertImage(ctx, image); err != nil {
|
||||
_ = os.RemoveAll(artifactDir)
|
||||
return model.Image{}, err
|
||||
}
|
||||
return image, nil
|
||||
}
|
||||
|
||||
func validateImageRegisterPaths(rootfsPath, workSeedPath, kernelPath, initrdPath, modulesDir, packagesPath string) error {
|
||||
checks := system.NewPreflight()
|
||||
checks.RequireFile(rootfsPath, "rootfs image", `pass --rootfs <path>`)
|
||||
|
|
@ -239,6 +345,22 @@ func validateImageRegisterPaths(rootfsPath, workSeedPath, kernelPath, initrdPath
|
|||
return checks.Err("image register failed")
|
||||
}
|
||||
|
||||
func validateImagePromotePaths(rootfsPath, kernelPath, initrdPath, modulesDir, packagesPath string) error {
|
||||
checks := system.NewPreflight()
|
||||
checks.RequireFile(rootfsPath, "rootfs image", `re-register the image with a valid rootfs`)
|
||||
checks.RequireFile(kernelPath, "kernel image", `re-register the image with a valid kernel`)
|
||||
if initrdPath != "" {
|
||||
checks.RequireFile(initrdPath, "initrd image", `re-register the image with a valid initrd`)
|
||||
}
|
||||
if modulesDir != "" {
|
||||
checks.RequireDir(modulesDir, "kernel modules dir", `re-register the image with a valid modules dir`)
|
||||
}
|
||||
if packagesPath != "" {
|
||||
checks.RequireFile(packagesPath, "packages manifest", `re-register the image with a valid packages manifest`)
|
||||
}
|
||||
return checks.Err("image promote failed")
|
||||
}
|
||||
|
||||
func writePackagesMetadata(rootfsPath, packagesPath string) error {
|
||||
if rootfsPath == "" || packagesPath == "" {
|
||||
return nil
|
||||
|
|
|
|||
18
internal/daemon/opencode.go
Normal file
18
internal/daemon/opencode.go
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
package daemon
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"banger/internal/model"
|
||||
"banger/internal/opencode"
|
||||
)
|
||||
|
||||
type opencodeCapability struct{}
|
||||
|
||||
func (opencodeCapability) Name() string { return "opencode" }
|
||||
|
||||
func (opencodeCapability) PostStart(ctx context.Context, d *Daemon, vm model.VMRecord, _ model.Image) error {
|
||||
return opencode.WaitReady(ctx, d.logger, vm.Runtime.VSockPath, func(stage, detail string) {
|
||||
vmCreateStage(ctx, stage, detail)
|
||||
})
|
||||
}
|
||||
|
|
@ -49,10 +49,12 @@ func (d *Daemon) CreateVM(ctx context.Context, params api.VMCreateParams) (vm mo
|
|||
if imageName == "" {
|
||||
imageName = d.config.DefaultImageName
|
||||
}
|
||||
vmCreateStage(ctx, "resolve_image", "resolving image")
|
||||
image, err := d.FindImage(ctx, imageName)
|
||||
if err != nil {
|
||||
return model.VMRecord{}, err
|
||||
}
|
||||
vmCreateStage(ctx, "resolve_image", "using image "+image.Name)
|
||||
op.stage("image_resolved", imageLogAttrs(image)...)
|
||||
name := strings.TrimSpace(params.Name)
|
||||
if name == "" {
|
||||
|
|
@ -126,6 +128,8 @@ func (d *Daemon) CreateVM(ctx context.Context, params api.VMCreateParams) (vm mo
|
|||
MetricsPath: filepath.Join(vmDir, "metrics.json"),
|
||||
},
|
||||
}
|
||||
vmCreateBindVM(ctx, vm)
|
||||
vmCreateStage(ctx, "reserve_vm", fmt.Sprintf("allocated %s (%s)", vm.Name, vm.Runtime.GuestIP))
|
||||
if err := d.store.UpsertVM(ctx, vm); err != nil {
|
||||
return model.VMRecord{}, err
|
||||
}
|
||||
|
|
@ -168,6 +172,7 @@ func (d *Daemon) startVMLocked(ctx context.Context, vm model.VMRecord, image mod
|
|||
op.done(vmLogAttrs(vm)...)
|
||||
}()
|
||||
op.stage("preflight")
|
||||
vmCreateStage(ctx, "preflight", "checking host prerequisites")
|
||||
if err := d.validateStartPrereqs(ctx, vm, image); err != nil {
|
||||
return model.VMRecord{}, err
|
||||
}
|
||||
|
|
@ -209,11 +214,13 @@ func (d *Daemon) startVMLocked(ctx context.Context, vm model.VMRecord, image mod
|
|||
}
|
||||
|
||||
op.stage("system_overlay", "overlay_path", vm.Runtime.SystemOverlay)
|
||||
vmCreateStage(ctx, "prepare_rootfs", "preparing system overlay")
|
||||
if err := d.ensureSystemOverlay(ctx, &vm); err != nil {
|
||||
return model.VMRecord{}, err
|
||||
}
|
||||
|
||||
op.stage("dm_snapshot", "dm_name", dmName)
|
||||
vmCreateStage(ctx, "prepare_rootfs", "creating root filesystem snapshot")
|
||||
handles, err := d.createDMSnapshot(ctx, image.RootfsPath, vm.Runtime.SystemOverlay, dmName)
|
||||
if err != nil {
|
||||
return model.VMRecord{}, err
|
||||
|
|
@ -241,10 +248,12 @@ func (d *Daemon) startVMLocked(ctx context.Context, vm model.VMRecord, image mod
|
|||
}
|
||||
|
||||
op.stage("patch_root_overlay")
|
||||
vmCreateStage(ctx, "prepare_rootfs", "writing guest configuration")
|
||||
if err := d.patchRootOverlay(ctx, vm, image); err != nil {
|
||||
return cleanupOnErr(err)
|
||||
}
|
||||
op.stage("prepare_host_features")
|
||||
vmCreateStage(ctx, "prepare_host_features", "preparing host-side vm features")
|
||||
if err := d.prepareCapabilityHosts(ctx, &vm, image); err != nil {
|
||||
return cleanupOnErr(err)
|
||||
}
|
||||
|
|
@ -265,6 +274,7 @@ func (d *Daemon) startVMLocked(ctx context.Context, vm model.VMRecord, image mod
|
|||
return cleanupOnErr(err)
|
||||
}
|
||||
op.stage("firecracker_launch", "log_path", vm.Runtime.LogPath, "metrics_path", vm.Runtime.MetricsPath)
|
||||
vmCreateStage(ctx, "boot_firecracker", "starting firecracker")
|
||||
firecrackerCtx := context.Background()
|
||||
machineConfig := firecracker.MachineConfig{
|
||||
BinaryPath: fcPath,
|
||||
|
|
@ -304,15 +314,18 @@ func (d *Daemon) startVMLocked(ctx context.Context, vm model.VMRecord, image mod
|
|||
return cleanupOnErr(err)
|
||||
}
|
||||
op.stage("vsock_access", "vsock_path", vm.Runtime.VSockPath, "vsock_cid", vm.Runtime.VSockCID)
|
||||
vmCreateStage(ctx, "wait_vsock_agent", "waiting for guest vsock agent")
|
||||
if err := d.ensureSocketAccess(ctx, vm.Runtime.VSockPath, "firecracker vsock socket"); err != nil {
|
||||
return cleanupOnErr(err)
|
||||
}
|
||||
op.stage("post_start_features")
|
||||
vmCreateStage(ctx, "wait_guest_ready", "waiting for guest services")
|
||||
if err := d.postStartCapabilities(ctx, vm, image); err != nil {
|
||||
return cleanupOnErr(err)
|
||||
}
|
||||
system.TouchNow(&vm)
|
||||
op.stage("persist")
|
||||
vmCreateStage(ctx, "finalize", "saving vm state")
|
||||
if err := d.store.UpsertVM(ctx, vm); err != nil {
|
||||
return cleanupOnErr(err)
|
||||
}
|
||||
|
|
@ -777,58 +790,75 @@ func (d *Daemon) patchRootOverlay(ctx context.Context, vm model.VMRecord, image
|
|||
return nil
|
||||
}
|
||||
|
||||
func (d *Daemon) ensureWorkDisk(ctx context.Context, vm *model.VMRecord, image model.Image) error {
|
||||
type workDiskPreparation struct {
|
||||
ClonedFromSeed bool
|
||||
}
|
||||
|
||||
func (d *Daemon) ensureWorkDisk(ctx context.Context, vm *model.VMRecord, image model.Image) (workDiskPreparation, error) {
|
||||
if exists(vm.Runtime.WorkDiskPath) {
|
||||
return nil
|
||||
return workDiskPreparation{}, nil
|
||||
}
|
||||
if exists(image.WorkSeedPath) {
|
||||
vmCreateStage(ctx, "prepare_work_disk", "cloning work seed")
|
||||
if err := system.CopyFilePreferClone(image.WorkSeedPath, vm.Runtime.WorkDiskPath); err != nil {
|
||||
return err
|
||||
return workDiskPreparation{}, err
|
||||
}
|
||||
seedInfo, err := os.Stat(image.WorkSeedPath)
|
||||
if err != nil {
|
||||
return err
|
||||
return workDiskPreparation{}, err
|
||||
}
|
||||
if vm.Spec.WorkDiskSizeBytes < seedInfo.Size() {
|
||||
return fmt.Errorf("requested work disk size %d is smaller than seed image %d", vm.Spec.WorkDiskSizeBytes, seedInfo.Size())
|
||||
return workDiskPreparation{}, fmt.Errorf("requested work disk size %d is smaller than seed image %d", vm.Spec.WorkDiskSizeBytes, seedInfo.Size())
|
||||
}
|
||||
if vm.Spec.WorkDiskSizeBytes > seedInfo.Size() {
|
||||
vmCreateStage(ctx, "prepare_work_disk", "resizing work disk")
|
||||
if err := system.ResizeExt4Image(ctx, d.runner, vm.Runtime.WorkDiskPath, vm.Spec.WorkDiskSizeBytes); err != nil {
|
||||
return err
|
||||
return workDiskPreparation{}, err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
return workDiskPreparation{ClonedFromSeed: true}, nil
|
||||
}
|
||||
vmCreateStage(ctx, "prepare_work_disk", "creating empty work disk")
|
||||
if _, err := d.runner.Run(ctx, "truncate", "-s", strconv.FormatInt(vm.Spec.WorkDiskSizeBytes, 10), vm.Runtime.WorkDiskPath); err != nil {
|
||||
return err
|
||||
return workDiskPreparation{}, err
|
||||
}
|
||||
if _, err := d.runner.Run(ctx, "mkfs.ext4", "-F", vm.Runtime.WorkDiskPath); err != nil {
|
||||
return err
|
||||
return workDiskPreparation{}, err
|
||||
}
|
||||
rootMount, cleanupRoot, err := system.MountTempDir(ctx, d.runner, vm.Runtime.DMDev, true)
|
||||
if err != nil {
|
||||
return err
|
||||
return workDiskPreparation{}, err
|
||||
}
|
||||
defer cleanupRoot()
|
||||
workMount, cleanupWork, err := system.MountTempDir(ctx, d.runner, vm.Runtime.WorkDiskPath, false)
|
||||
if err != nil {
|
||||
return err
|
||||
return workDiskPreparation{}, err
|
||||
}
|
||||
defer cleanupWork()
|
||||
vmCreateStage(ctx, "prepare_work_disk", "copying /root into work disk")
|
||||
if err := system.CopyDirContents(ctx, d.runner, filepath.Join(rootMount, "root"), workMount, true); err != nil {
|
||||
return err
|
||||
return workDiskPreparation{}, err
|
||||
}
|
||||
if err := d.flattenNestedWorkHome(ctx, workMount); err != nil {
|
||||
return err
|
||||
return workDiskPreparation{}, err
|
||||
}
|
||||
return nil
|
||||
return workDiskPreparation{}, nil
|
||||
}
|
||||
|
||||
func (d *Daemon) ensureAuthorizedKeyOnWorkDisk(ctx context.Context, vm *model.VMRecord) error {
|
||||
func (d *Daemon) ensureAuthorizedKeyOnWorkDisk(ctx context.Context, vm *model.VMRecord, image model.Image, prep workDiskPreparation) error {
|
||||
fingerprint, err := guest.AuthorizedPublicKeyFingerprint(d.config.SSHKeyPath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("derive authorized ssh key fingerprint: %w", err)
|
||||
}
|
||||
if prep.ClonedFromSeed && image.SeededSSHPublicKeyFingerprint != "" && image.SeededSSHPublicKeyFingerprint == fingerprint {
|
||||
vmCreateStage(ctx, "prepare_work_disk", "using seeded SSH access")
|
||||
return nil
|
||||
}
|
||||
publicKey, err := guest.AuthorizedPublicKey(d.config.SSHKeyPath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("derive authorized ssh key: %w", err)
|
||||
}
|
||||
vmCreateStage(ctx, "prepare_work_disk", "repairing SSH access on work disk")
|
||||
workMount, cleanupWork, err := system.MountTempDir(ctx, d.runner, vm.Runtime.WorkDiskPath, false)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -873,6 +903,12 @@ func (d *Daemon) ensureAuthorizedKeyOnWorkDisk(ctx context.Context, vm *model.VM
|
|||
if _, err := d.runner.RunSudo(ctx, "install", "-m", "600", tmpPath, authorizedKeysPath); err != nil {
|
||||
return err
|
||||
}
|
||||
if prep.ClonedFromSeed && image.Managed {
|
||||
vmCreateStage(ctx, "prepare_work_disk", "refreshing managed work seed")
|
||||
if err := d.refreshManagedWorkSeedFingerprint(ctx, image, fingerprint); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
205
internal/daemon/vm_create_ops.go
Normal file
205
internal/daemon/vm_create_ops.go
Normal file
|
|
@ -0,0 +1,205 @@
|
|||
package daemon
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"banger/internal/api"
|
||||
"banger/internal/model"
|
||||
)
|
||||
|
||||
type vmCreateProgressKey struct{}
|
||||
|
||||
type vmCreateOperationState struct {
|
||||
mu sync.Mutex
|
||||
cancel context.CancelFunc
|
||||
op api.VMCreateOperation
|
||||
}
|
||||
|
||||
func newVMCreateOperationState() (*vmCreateOperationState, error) {
|
||||
id, err := model.NewID()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
now := model.Now()
|
||||
return &vmCreateOperationState{
|
||||
op: api.VMCreateOperation{
|
||||
ID: id,
|
||||
Stage: "queued",
|
||||
Detail: "waiting to start",
|
||||
StartedAt: now,
|
||||
UpdatedAt: now,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func withVMCreateProgress(ctx context.Context, op *vmCreateOperationState) context.Context {
|
||||
if op == nil {
|
||||
return ctx
|
||||
}
|
||||
return context.WithValue(ctx, vmCreateProgressKey{}, op)
|
||||
}
|
||||
|
||||
func vmCreateProgressFromContext(ctx context.Context) *vmCreateOperationState {
|
||||
if ctx == nil {
|
||||
return nil
|
||||
}
|
||||
op, _ := ctx.Value(vmCreateProgressKey{}).(*vmCreateOperationState)
|
||||
return op
|
||||
}
|
||||
|
||||
func vmCreateStage(ctx context.Context, stage, detail string) {
|
||||
if op := vmCreateProgressFromContext(ctx); op != nil {
|
||||
op.stage(stage, detail)
|
||||
}
|
||||
}
|
||||
|
||||
func vmCreateBindVM(ctx context.Context, vm model.VMRecord) {
|
||||
if op := vmCreateProgressFromContext(ctx); op != nil {
|
||||
op.bindVM(vm)
|
||||
}
|
||||
}
|
||||
|
||||
func (op *vmCreateOperationState) setCancel(cancel context.CancelFunc) {
|
||||
op.mu.Lock()
|
||||
defer op.mu.Unlock()
|
||||
op.cancel = cancel
|
||||
}
|
||||
|
||||
func (op *vmCreateOperationState) bindVM(vm model.VMRecord) {
|
||||
op.mu.Lock()
|
||||
defer op.mu.Unlock()
|
||||
op.op.VMID = vm.ID
|
||||
op.op.VMName = vm.Name
|
||||
}
|
||||
|
||||
func (op *vmCreateOperationState) stage(stage, detail string) {
|
||||
op.mu.Lock()
|
||||
defer op.mu.Unlock()
|
||||
stage = strings.TrimSpace(stage)
|
||||
detail = strings.TrimSpace(detail)
|
||||
if stage == "" {
|
||||
stage = op.op.Stage
|
||||
}
|
||||
if stage == op.op.Stage && detail == op.op.Detail {
|
||||
return
|
||||
}
|
||||
op.op.Stage = stage
|
||||
op.op.Detail = detail
|
||||
op.op.UpdatedAt = model.Now()
|
||||
}
|
||||
|
||||
func (op *vmCreateOperationState) done(vm model.VMRecord) {
|
||||
op.mu.Lock()
|
||||
defer op.mu.Unlock()
|
||||
vmCopy := vm
|
||||
op.op.VMID = vm.ID
|
||||
op.op.VMName = vm.Name
|
||||
op.op.Stage = "ready"
|
||||
op.op.Detail = "vm is ready"
|
||||
op.op.Done = true
|
||||
op.op.Success = true
|
||||
op.op.Error = ""
|
||||
op.op.VM = &vmCopy
|
||||
op.op.UpdatedAt = model.Now()
|
||||
}
|
||||
|
||||
func (op *vmCreateOperationState) fail(err error) {
|
||||
op.mu.Lock()
|
||||
defer op.mu.Unlock()
|
||||
op.op.Done = true
|
||||
op.op.Success = false
|
||||
if err != nil {
|
||||
op.op.Error = err.Error()
|
||||
}
|
||||
if strings.TrimSpace(op.op.Detail) == "" {
|
||||
op.op.Detail = "vm create failed"
|
||||
}
|
||||
op.op.UpdatedAt = model.Now()
|
||||
}
|
||||
|
||||
func (op *vmCreateOperationState) snapshot() api.VMCreateOperation {
|
||||
op.mu.Lock()
|
||||
defer op.mu.Unlock()
|
||||
snapshot := op.op
|
||||
if snapshot.VM != nil {
|
||||
vmCopy := *snapshot.VM
|
||||
snapshot.VM = &vmCopy
|
||||
}
|
||||
return snapshot
|
||||
}
|
||||
|
||||
func (op *vmCreateOperationState) cancelOperation() {
|
||||
op.mu.Lock()
|
||||
cancel := op.cancel
|
||||
op.mu.Unlock()
|
||||
if cancel != nil {
|
||||
cancel()
|
||||
}
|
||||
}
|
||||
|
||||
func (d *Daemon) BeginVMCreate(_ context.Context, params api.VMCreateParams) (api.VMCreateOperation, error) {
|
||||
op, err := newVMCreateOperationState()
|
||||
if err != nil {
|
||||
return api.VMCreateOperation{}, err
|
||||
}
|
||||
createCtx, cancel := context.WithCancel(context.Background())
|
||||
op.setCancel(cancel)
|
||||
|
||||
d.createOpsMu.Lock()
|
||||
if d.createOps == nil {
|
||||
d.createOps = map[string]*vmCreateOperationState{}
|
||||
}
|
||||
d.createOps[op.op.ID] = op
|
||||
d.createOpsMu.Unlock()
|
||||
|
||||
go d.runVMCreateOperation(withVMCreateProgress(createCtx, op), op, params)
|
||||
return op.snapshot(), nil
|
||||
}
|
||||
|
||||
func (d *Daemon) runVMCreateOperation(ctx context.Context, op *vmCreateOperationState, params api.VMCreateParams) {
|
||||
vm, err := d.CreateVM(ctx, params)
|
||||
if err != nil {
|
||||
op.fail(err)
|
||||
return
|
||||
}
|
||||
op.done(vm)
|
||||
}
|
||||
|
||||
func (d *Daemon) VMCreateStatus(_ context.Context, id string) (api.VMCreateOperation, error) {
|
||||
d.createOpsMu.Lock()
|
||||
op, ok := d.createOps[strings.TrimSpace(id)]
|
||||
d.createOpsMu.Unlock()
|
||||
if !ok {
|
||||
return api.VMCreateOperation{}, fmt.Errorf("vm create operation not found: %s", id)
|
||||
}
|
||||
return op.snapshot(), nil
|
||||
}
|
||||
|
||||
func (d *Daemon) CancelVMCreate(_ context.Context, id string) error {
|
||||
d.createOpsMu.Lock()
|
||||
op, ok := d.createOps[strings.TrimSpace(id)]
|
||||
d.createOpsMu.Unlock()
|
||||
if !ok {
|
||||
return fmt.Errorf("vm create operation not found: %s", id)
|
||||
}
|
||||
op.cancelOperation()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d *Daemon) pruneVMCreateOperations(olderThan time.Time) {
|
||||
d.createOpsMu.Lock()
|
||||
defer d.createOpsMu.Unlock()
|
||||
for id, op := range d.createOps {
|
||||
snapshot := op.snapshot()
|
||||
if !snapshot.Done {
|
||||
continue
|
||||
}
|
||||
if snapshot.UpdatedAt.Before(olderThan) {
|
||||
delete(d.createOps, id)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -716,7 +716,7 @@ func TestEnsureAuthorizedKeyOnWorkDiskRepairsNestedRootLayout(t *testing.T) {
|
|||
vm := testVM("seed-repair", "image-seed-repair", "172.16.0.61")
|
||||
vm.Runtime.WorkDiskPath = workDiskDir
|
||||
|
||||
if err := d.ensureAuthorizedKeyOnWorkDisk(context.Background(), &vm); err != nil {
|
||||
if err := d.ensureAuthorizedKeyOnWorkDisk(context.Background(), &vm, model.Image{}, workDiskPreparation{}); err != nil {
|
||||
t.Fatalf("ensureAuthorizedKeyOnWorkDisk: %v", err)
|
||||
}
|
||||
if _, err := os.Stat(filepath.Join(workDiskDir, "root")); !os.IsNotExist(err) {
|
||||
|
|
@ -748,6 +748,61 @@ func TestCreateVMRejectsNonPositiveCPUAndMemory(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestBeginVMCreateCompletesAndReturnsStatus(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx := context.Background()
|
||||
db := openDaemonStore(t)
|
||||
image := testImage("default")
|
||||
image.ID = "default-image-id"
|
||||
image.Name = "default"
|
||||
if err := db.UpsertImage(ctx, image); err != nil {
|
||||
t.Fatalf("UpsertImage: %v", err)
|
||||
}
|
||||
|
||||
d := &Daemon{
|
||||
store: db,
|
||||
layout: paths.Layout{
|
||||
VMsDir: t.TempDir(),
|
||||
},
|
||||
config: model.DaemonConfig{
|
||||
DefaultImageName: image.Name,
|
||||
BridgeIP: model.DefaultBridgeIP,
|
||||
},
|
||||
}
|
||||
|
||||
op, err := d.BeginVMCreate(ctx, api.VMCreateParams{Name: "queued", NoStart: true})
|
||||
if err != nil {
|
||||
t.Fatalf("BeginVMCreate: %v", err)
|
||||
}
|
||||
if op.ID == "" {
|
||||
t.Fatal("operation id should be populated")
|
||||
}
|
||||
|
||||
deadline := time.Now().Add(2 * time.Second)
|
||||
for time.Now().Before(deadline) {
|
||||
status, err := d.VMCreateStatus(ctx, op.ID)
|
||||
if err != nil {
|
||||
t.Fatalf("VMCreateStatus: %v", err)
|
||||
}
|
||||
if !status.Done {
|
||||
time.Sleep(10 * time.Millisecond)
|
||||
continue
|
||||
}
|
||||
if !status.Success {
|
||||
t.Fatalf("status = %+v, want success", status)
|
||||
}
|
||||
if status.VM == nil || status.VM.Name != "queued" {
|
||||
t.Fatalf("status VM = %+v, want queued vm", status.VM)
|
||||
}
|
||||
if status.VM.State != model.VMStateStopped {
|
||||
t.Fatalf("status VM state = %s, want stopped", status.VM.State)
|
||||
}
|
||||
return
|
||||
}
|
||||
t.Fatal("vm create operation did not finish before timeout")
|
||||
}
|
||||
|
||||
func TestCreateVMUsesDefaultsWhenCPUAndMemoryOmitted(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
db := openDaemonStore(t)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue