Add experimental Void guest workflow and vsock agent
Make iterating on a Firecracker-friendly Void guest practical without replacing the Debian default image path. Add local Void rootfs build/register/verify plumbing, a language-agnostic dev package baseline, and guest SSH/work-disk hardening so new images use the runtime bundle key, keep a normal root bash environment, and repair stale nested /root layouts on restart. Replace the guest PING/PONG responder with an HTTP /healthz agent over vsock, rename the runtime bundle and config surface from ping helper to agent while still accepting the legacy keys, and route the post-SSH reminder through the new vm.health path. Validated with GOCACHE=/tmp/banger-gocache go test ./..., make build, bash -n customize.sh make-rootfs-void.sh, and git diff --check.
This commit is contained in:
parent
c8d9a122f9
commit
3ed78fdcfc
42 changed files with 2222 additions and 388 deletions
|
|
@ -6,6 +6,7 @@ import (
|
|||
"io"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
|
|
@ -75,7 +76,7 @@ func BuildWorkSeedImage(ctx context.Context, runner CommandRunner, rootfsPath, o
|
|||
defer cleanupRoot()
|
||||
|
||||
rootHome := filepath.Join(rootMount, "root")
|
||||
sizeBytes, err := estimateWorkSeedSize(rootHome)
|
||||
sizeBytes, err := estimateWorkSeedSize(ctx, runner, rootHome)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -105,7 +106,7 @@ func BuildWorkSeedImage(ctx context.Context, runner CommandRunner, rootfsPath, o
|
|||
return CopyDirContents(ctx, runner, rootHome, workMount, true)
|
||||
}
|
||||
|
||||
func estimateWorkSeedSize(rootHome string) (int64, error) {
|
||||
func estimateWorkSeedSize(ctx context.Context, runner CommandRunner, rootHome string) (int64, error) {
|
||||
var usedBytes int64
|
||||
err := filepath.Walk(rootHome, func(path string, info os.FileInfo, err error) error {
|
||||
if err != nil {
|
||||
|
|
@ -117,8 +118,19 @@ func estimateWorkSeedSize(rootHome string) (int64, error) {
|
|||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
if os.IsPermission(err) {
|
||||
out, sudoErr := runner.RunSudo(ctx, "du", "-sb", rootHome)
|
||||
if sudoErr != nil {
|
||||
return 0, fmt.Errorf("%w; sudo du fallback failed: %v", err, sudoErr)
|
||||
}
|
||||
return roundWorkSeedSize(parseDuSize(out)), nil
|
||||
}
|
||||
return 0, err
|
||||
}
|
||||
return roundWorkSeedSize(usedBytes), nil
|
||||
}
|
||||
|
||||
func roundWorkSeedSize(usedBytes int64) int64 {
|
||||
sizeBytes := usedBytes*2 + workSeedSlackBytes
|
||||
if sizeBytes < minWorkSeedBytes {
|
||||
sizeBytes = minWorkSeedBytes
|
||||
|
|
@ -126,7 +138,19 @@ func estimateWorkSeedSize(rootHome string) (int64, error) {
|
|||
if rem := sizeBytes % workSeedRoundBytes; rem != 0 {
|
||||
sizeBytes += workSeedRoundBytes - rem
|
||||
}
|
||||
return sizeBytes, nil
|
||||
return sizeBytes
|
||||
}
|
||||
|
||||
func parseDuSize(out []byte) int64 {
|
||||
fields := strings.Fields(string(out))
|
||||
if len(fields) == 0 {
|
||||
return 0
|
||||
}
|
||||
sizeBytes, err := strconv.ParseInt(fields[0], 10, 64)
|
||||
if err != nil {
|
||||
return 0
|
||||
}
|
||||
return sizeBytes
|
||||
}
|
||||
|
||||
func ReadNormalizedLines(path string) ([]string, error) {
|
||||
|
|
|
|||
|
|
@ -409,3 +409,42 @@ func TestUseLoopMount(t *testing.T) {
|
|||
t.Fatalf("useLoopMount(missing) = true, want false")
|
||||
}
|
||||
}
|
||||
|
||||
func TestEstimateWorkSeedSizeFallsBackToSudoDuWhenUnreadable(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
rootHome := filepath.Join(t.TempDir(), "root")
|
||||
if err := os.Mkdir(rootHome, 0o700); err != nil {
|
||||
t.Fatalf("Mkdir: %v", err)
|
||||
}
|
||||
if err := os.WriteFile(filepath.Join(rootHome, "visible.txt"), []byte("seed"), 0o600); err != nil {
|
||||
t.Fatalf("WriteFile: %v", err)
|
||||
}
|
||||
if err := os.Chmod(rootHome, 0o000); err != nil {
|
||||
t.Fatalf("Chmod: %v", err)
|
||||
}
|
||||
defer os.Chmod(rootHome, 0o700)
|
||||
|
||||
var sudoCalled bool
|
||||
runner := funcRunner{
|
||||
runSudo: func(ctx context.Context, args ...string) ([]byte, error) {
|
||||
sudoCalled = true
|
||||
want := []string{"du", "-sb", rootHome}
|
||||
if !reflect.DeepEqual(args, want) {
|
||||
t.Fatalf("RunSudo args = %v, want %v", args, want)
|
||||
}
|
||||
return []byte("4096\t" + rootHome + "\n"), nil
|
||||
},
|
||||
}
|
||||
|
||||
sizeBytes, err := estimateWorkSeedSize(context.Background(), runner, rootHome)
|
||||
if err != nil {
|
||||
t.Fatalf("estimateWorkSeedSize: %v", err)
|
||||
}
|
||||
if !sudoCalled {
|
||||
t.Fatal("estimateWorkSeedSize did not fall back to sudo du")
|
||||
}
|
||||
if sizeBytes != minWorkSeedBytes {
|
||||
t.Fatalf("sizeBytes = %d, want %d", sizeBytes, minWorkSeedBytes)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue