Add experimental Void guest workflow and vsock agent
Make iterating on a Firecracker-friendly Void guest practical without replacing the Debian default image path. Add local Void rootfs build/register/verify plumbing, a language-agnostic dev package baseline, and guest SSH/work-disk hardening so new images use the runtime bundle key, keep a normal root bash environment, and repair stale nested /root layouts on restart. Replace the guest PING/PONG responder with an HTTP /healthz agent over vsock, rename the runtime bundle and config surface from ping helper to agent while still accepting the legacy keys, and route the post-SSH reminder through the new vm.health path. Validated with GOCACHE=/tmp/banger-gocache go test ./..., make build, bash -n customize.sh make-rootfs-void.sh, and git diff --check.
This commit is contained in:
parent
c8d9a122f9
commit
3ed78fdcfc
42 changed files with 2222 additions and 388 deletions
101
README.md
101
README.md
|
|
@ -22,7 +22,7 @@ generated `./runtime/` bundle, while installed binaries use
|
|||
|
||||
The bundle contains:
|
||||
- `firecracker`
|
||||
- `banger-vsock-pingd` for the guest-side SSH reminder responder
|
||||
- `banger-vsock-agent` for the guest-side vsock HTTP health agent and SSH reminder checks
|
||||
- `bundle.json` with the bundle's default kernel/initrd/modules/rootfs paths
|
||||
- a kernel, initrd, and modules tree referenced by `bundle.json`
|
||||
- `rootfs-docker.ext4`
|
||||
|
|
@ -69,7 +69,7 @@ make build
|
|||
```
|
||||
|
||||
Run `make build` after `./runtime/` has been bootstrapped. It also rebuilds the
|
||||
bundled `banger-vsock-pingd` guest helper in `./runtime/`.
|
||||
bundled `banger-vsock-agent` guest helper in `./runtime/`.
|
||||
|
||||
Install into `~/.local/bin` by default, with the runtime bundle under
|
||||
`~/.local/lib/banger`:
|
||||
|
|
@ -166,10 +166,9 @@ Useful config keys:
|
|||
- `runtime_dir`
|
||||
- `tap_pool_size`
|
||||
- `firecracker_bin`
|
||||
- `ssh_key_path`
|
||||
- `namegen_path`
|
||||
- `customize_script` (manual helper compatibility; `banger image build` is Go-native)
|
||||
- `vsock_ping_helper_path`
|
||||
- `vsock_agent_path`
|
||||
- `default_rootfs`
|
||||
- `default_work_seed`
|
||||
- `default_base_rootfs`
|
||||
|
|
@ -178,6 +177,10 @@ Useful config keys:
|
|||
- `default_modules_dir`
|
||||
- `default_packages_file`
|
||||
|
||||
Guest SSH access always uses the private key shipped in the resolved runtime
|
||||
bundle. `ssh_key_path` is no longer a supported override for `banger vm ssh`,
|
||||
VM start key injection, or daemon guest provisioning.
|
||||
|
||||
## Doctor
|
||||
`banger doctor` runs the same readiness checks the Go control plane uses for VM
|
||||
start, host-integrated features, and image builds. It reports runtime bundle
|
||||
|
|
@ -211,7 +214,8 @@ Rebuilt images install a pinned `mise` at `/usr/local/bin/mise`, activate it
|
|||
for bash login and interactive shells, install `opencode` through `mise`,
|
||||
configure `tmux-resurrect` plus `tmux-continuum` for `root` with periodic
|
||||
autosaves and manual-only restore by default, and bake in the
|
||||
`banger-vsock-pingd` systemd service used by the post-SSH reminder path. They
|
||||
`banger-vsock-agent` systemd service used by the post-SSH reminder path and
|
||||
guest health checks. They
|
||||
also emit a `work-seed.ext4` sidecar that lets new VMs clone a prepared `/root`
|
||||
work disk instead of rebuilding it from scratch on every create.
|
||||
|
||||
|
|
@ -293,6 +297,93 @@ is not available, pass an explicit `--base-rootfs` to `./make-rootfs.sh`.
|
|||
Existing VMs keep using their current image and disks; rebuilds only affect VMs
|
||||
created from the rebuilt image afterward.
|
||||
|
||||
## Experimental Void Rootfs
|
||||
There is also a separate, opt-in builder for an experimental Void Linux guest
|
||||
path:
|
||||
```bash
|
||||
make rootfs-void
|
||||
```
|
||||
|
||||
That writes:
|
||||
- `./runtime/rootfs-void.ext4`
|
||||
- `./runtime/rootfs-void.work-seed.ext4`
|
||||
|
||||
This path is intentionally local-only and does not change the default Debian
|
||||
image flow. It reuses the current runtime bundle kernel, initrd, and modules,
|
||||
but builds a lean `x86_64-glibc` Void userspace with:
|
||||
- `bash` installed for interactive/admin use
|
||||
- `openssh` enabled under runit
|
||||
- the bundled `banger-vsock-agent` health agent enabled under runit
|
||||
- `root` normalized to `/bin/bash` while keeping `/bin/sh` as the distro's system shell
|
||||
- a generated `/root` work-seed for fast creates
|
||||
|
||||
It does not install the Debian-oriented extras from rebuilt default images:
|
||||
- no Docker
|
||||
- no `mise`
|
||||
- no `opencode`
|
||||
- no tmux plugin defaults
|
||||
|
||||
The builder fetches official static XBPS tools and packages from the Void
|
||||
mirror during the build. It currently supports only `x86_64-glibc`.
|
||||
|
||||
The package set comes from [`packages.void`](/home/thales/projects/personal/banger/packages.void).
|
||||
You can override the mirror, size, or output path directly:
|
||||
```bash
|
||||
./make-rootfs-void.sh --mirror https://repo-default.voidlinux.org --size 2G
|
||||
```
|
||||
|
||||
The fastest local iteration loop does not require changing your default image
|
||||
config at all:
|
||||
```bash
|
||||
make rootfs-void
|
||||
make void-register
|
||||
./banger vm create --image void-exp --name void-dev
|
||||
./banger vm ssh void-dev
|
||||
```
|
||||
|
||||
There is also a smoke path for the experimental image:
|
||||
```bash
|
||||
make verify-void
|
||||
```
|
||||
|
||||
`make void-register` uses the unmanaged image registration path to create or
|
||||
update a `void-exp` image record in place, so repeated rebuilds do not require
|
||||
editing `~/.config/banger/config.toml`.
|
||||
|
||||
There is also a one-step helper target:
|
||||
```bash
|
||||
make void-vm VOID_VM_NAME=void-a
|
||||
```
|
||||
|
||||
If you really want the Void image to become your default for `vm create`
|
||||
without `--image`, use the checked-in override template at
|
||||
[`examples/void-exp.config.toml`](/home/thales/projects/personal/banger/examples/void-exp.config.toml)
|
||||
and merge its four settings into `~/.config/banger/config.toml`.
|
||||
|
||||
`banger image build` remains Debian-only in this pass. Do not point
|
||||
`default_base_rootfs` at the Void artifact yet.
|
||||
|
||||
## Registering Unmanaged Images
|
||||
You can also register any local rootfs as an unmanaged image record without
|
||||
changing global defaults:
|
||||
```bash
|
||||
banger image register --name local-test --rootfs /abs/path/rootfs.ext4
|
||||
```
|
||||
|
||||
Optional paths let you point at an existing work seed, kernel, initrd, modules,
|
||||
and package manifest:
|
||||
```bash
|
||||
banger image register \
|
||||
--name void-exp \
|
||||
--rootfs ./runtime/rootfs-void.ext4 \
|
||||
--work-seed ./runtime/rootfs-void.work-seed.ext4 \
|
||||
--packages ./packages.void
|
||||
```
|
||||
|
||||
If an unmanaged image with the same name already exists, `image register`
|
||||
updates it in place so future `vm create --image <name>` calls pick up the new
|
||||
artifacts immediately.
|
||||
|
||||
## Maintaining The Runtime Bundle
|
||||
The checked-in [`runtime-bundle.toml`](/home/thales/projects/personal/banger/runtime-bundle.toml)
|
||||
is a template. Keep `bundle_metadata` accurate there, but use a separate local
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue