Fix VM lifecycle issues behind verify.sh

Make the Firecracker and bangerd processes outlive short-lived CLI request contexts so vm create no longer kills the VMM or daemon as soon as the RPC returns. Fix fresh-VM SSH by flattening the seeded /root work disk when the copied home tree lands under a nested root/ directory, and write a guest sshd override to keep root pubkey auth explicit while debugging. Harden teardown and smoke diagnostics: verify.sh now reports early Firecracker exit and delete failures directly, while dm snapshot cleanup tolerates already-gone handles and retries busy mapper removal long enough for Firecracker to release the device. Validation: go test ./..., make build, bash -n verify.sh, direct SSH against a fresh VM, and a live ./verify.sh run that now completes with [verify] ok.
2026-03-17 14:43:09 -03:00 · 2026-03-17 14:43:09 -03:00 · 60294e8c90
commit 60294e8c90
parent 617f677c9b
7 changed files with 149 additions and 21 deletions
--- a/internal/firecracker/client_test.go
+++ b/internal/firecracker/client_test.go
@ -2,7 +2,6 @@ package firecracker

 import (
 	"bytes"
-	"context"
 	"log/slog"
 	"strings"
 	"testing"
@ -60,7 +59,7 @@ func TestBuildConfig(t *testing.T) {
 }

 func TestBuildProcessRunnerUsesSudoWrapper(t *testing.T) {
-	cmd := buildProcessRunner(context.Background(), MachineConfig{
+	cmd := buildProcessRunner(MachineConfig{
 		BinaryPath: "/repo/firecracker",
 		SocketPath: "/tmp/fc.sock",
 		VMID:       "vm-1",
@ -78,6 +77,9 @@ func TestBuildProcessRunnerUsesSudoWrapper(t *testing.T) {
 	if want := "umask 000 && exec '/repo/firecracker' --api-sock '/tmp/fc.sock' --id 'vm-1'"; cmd.Args[4] != want {
 		t.Fatalf("script = %q, want %q", cmd.Args[4], want)
 	}
+	if cmd.Cancel != nil {
+		t.Fatal("process runner should not be tied to a request context")
+	}
 }

 func TestSDKLoggerBridgeEmitsStructuredDebugLogs(t *testing.T) {