Improve VM lifecycle tooling

Make spawned VMs easier to use and restore from the host. Add shared DNS and runtime helpers, publish <vm-name>.vm records through mapdns, and teach run/customize/interactive/restore to persist the metadata needed for SSH, DNS cleanup, and clean restores. Seed per-VM /home and /var disks from the rootfs snapshot so package state is present on first boot, add an interactive customization entrypoint plus ssh.sh and human-friendly list output, and let stop/kill/rm operate on multiple VM identifiers. Tear down stale TAP, dm, and loop state when VMs stop so restore can recreate them safely, and validate the updated scripts with bash -n plus targeted dry-run harnesses for teardown and restore paths.
2026-03-15 17:48:47 -03:00 · 2026-03-15 17:48:47 -03:00 · 9191b7e370
commit 9191b7e370
parent a8078f2393
11 changed files with 966 additions and 144 deletions
--- a/interactive.sh
+++ b/interactive.sh
@ -0,0 +1,311 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+log() {
+  printf '[interactive] %s\n' "$*"
+}
+
+usage() {
+  cat <<'EOF'
+Usage: ./interactive.sh <base-rootfs> [--out <path>] [--size <size>] [--home-size <size>] [--var-size <size>]
+
+Creates a writable copy of the base rootfs and boots a VM so you can
+customize it manually over SSH. No automatic package/config changes
+are applied.
+EOF
+}
+
+parse_size() {
+  local raw="$1"
+  if [[ "$raw" =~ ^([0-9]+)([KMG])?$ ]]; then
+    local num="${BASH_REMATCH[1]}"
+    local unit="${BASH_REMATCH[2]}"
+    case "$unit" in
+      K) echo $((num * 1024)) ;;
+      M|"") echo $((num * 1024 * 1024)) ;;
+      G) echo $((num * 1024 * 1024 * 1024)) ;;
+    esac
+    return 0
+  fi
+  return 1
+}
+
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$DIR/dns.sh"
+STATE="$DIR/state"
+VM_ROOT="$STATE/vms"
+mkdir -p "$VM_ROOT"
+
+FC_BIN="$DIR/firecracker"
+KERNEL="$DIR/wtf/root/boot/vmlinux-6.8.0-94-generic"
+INITRD="$DIR/wtf/root/boot/initrd.img-6.8.0-94-generic"
+SSH_KEY="$DIR/id_ed25519"
+
+BR_DEV="br-fc"
+BR_IP="172.16.0.1"
+CIDR="24"
+DNS_SERVER="1.1.1.1"
+DEFAULT_HOME_SIZE="2G"
+DEFAULT_VAR_SIZE="2G"
+
+BASE_ROOTFS=""
+OUT_ROOTFS=""
+SIZE_SPEC=""
+HOME_SIZE="$DEFAULT_HOME_SIZE"
+VAR_SIZE="$DEFAULT_VAR_SIZE"
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --out)
+      OUT_ROOTFS="${2:-}"
+      shift 2
+      ;;
+    --size)
+      SIZE_SPEC="${2:-}"
+      shift 2
+      ;;
+    --home-size)
+      HOME_SIZE="${2:-}"
+      shift 2
+      ;;
+    --var-size)
+      VAR_SIZE="${2:-}"
+      shift 2
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      if [[ -z "$BASE_ROOTFS" ]]; then
+        BASE_ROOTFS="$1"
+        shift
+      else
+        log "unknown option: $1"
+        usage
+        exit 1
+      fi
+      ;;
+  esac
+done
+
+if [[ -z "$BASE_ROOTFS" ]]; then
+  usage
+  exit 1
+fi
+if [[ ! -f "$BASE_ROOTFS" ]]; then
+  log "base rootfs not found: $BASE_ROOTFS"
+  exit 1
+fi
+if [[ ! -f "$KERNEL" ]]; then
+  log "kernel not found: $KERNEL"
+  exit 1
+fi
+if [[ ! -f "$INITRD" ]]; then
+  log "initrd not found: $INITRD"
+  exit 1
+fi
+
+if [[ -z "$OUT_ROOTFS" ]]; then
+  base_dir="$(dirname "$BASE_ROOTFS")"
+  base_name="$(basename "$BASE_ROOTFS")"
+  OUT_ROOTFS="${base_dir}/rw-${base_name}"
+fi
+if [[ -e "$OUT_ROOTFS" ]]; then
+  log "output rootfs already exists: $OUT_ROOTFS"
+  exit 1
+fi
+
+HOME_BYTES="$(parse_size "$HOME_SIZE")" || { log "invalid --home-size value: $HOME_SIZE"; exit 1; }
+VAR_BYTES="$(parse_size "$VAR_SIZE")" || { log "invalid --var-size value: $VAR_SIZE"; exit 1; }
+
+log "copying base rootfs to $OUT_ROOTFS"
+cp --reflink=auto "$BASE_ROOTFS" "$OUT_ROOTFS"
+
+if [[ -n "$SIZE_SPEC" ]]; then
+  SIZE_BYTES="$(parse_size "$SIZE_SPEC")"
+  BASE_BYTES="$(stat -c%s "$BASE_ROOTFS")"
+  if [[ -z "$SIZE_BYTES" || "$SIZE_BYTES" -lt "$BASE_BYTES" ]]; then
+    log "size must be >= base image size"
+    exit 1
+  fi
+  log "resizing rootfs to $SIZE_SPEC"
+  truncate -s "$SIZE_BYTES" "$OUT_ROOTFS"
+  e2fsck -p -f "$OUT_ROOTFS" >/dev/null
+  resize2fs "$OUT_ROOTFS" >/dev/null
+fi
+
+VM_ID="$(head -c 32 /dev/urandom | xxd -p -c 256)"
+VM_TAG="${VM_ID:0:8}"
+VM_NAME="interactive-${VM_TAG}"
+VM_DIR="$VM_ROOT/$VM_ID"
+mkdir -p "$VM_DIR"
+
+API_SOCK="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/banger/fc-$VM_TAG.sock"
+LOG_FILE="$VM_DIR/firecracker.log"
+TAP_DEV="tap-fc-$VM_TAG"
+HOME_PATH="$VM_DIR/home.ext4"
+VAR_PATH="$VM_DIR/var.ext4"
+DNS_NAME=""
+
+# Allocate guest IP
+NEXT_IP_FILE="$STATE/next_ip"
+NEXT_IP="$(cat "$NEXT_IP_FILE" 2>/dev/null || echo 2)"
+GUEST_IP="172.16.0.$NEXT_IP"
+echo "$((NEXT_IP + 1))" > "$NEXT_IP_FILE"
+
+sudo -v
+
+cleanup() {
+  sudo kill "${FC_PID:-}" 2>/dev/null || true
+  sudo ip link del "$TAP_DEV" 2>/dev/null || true
+  rm -f "$API_SOCK"
+  banger_dns_remove_record_name "${DNS_NAME:-}"
+  rm -rf "$VM_DIR"
+}
+trap cleanup EXIT
+
+sudo mkdir -p "$(dirname "$API_SOCK")"
+sudo chown "$(id -u):$(id -g)" "$(dirname "$API_SOCK")"
+
+# Host bridge
+if ! ip link show "$BR_DEV" >/dev/null 2>&1; then
+  log "creating host bridge $BR_DEV ($BR_IP/$CIDR)"
+  sudo ip link add name "$BR_DEV" type bridge
+  sudo ip addr add "${BR_IP}/${CIDR}" dev "$BR_DEV"
+  sudo ip link set "$BR_DEV" up
+else
+  sudo ip link set "$BR_DEV" up
+fi
+
+log "creating tap device $TAP_DEV"
+TAP_USER="${SUDO_UID:-$(id -u)}"
+TAP_GROUP="${SUDO_GID:-$(id -g)}"
+sudo ip tuntap add dev "$TAP_DEV" mode tap user "$TAP_USER" group "$TAP_GROUP"
+sudo ip link set "$TAP_DEV" master "$BR_DEV"
+sudo ip link set "$TAP_DEV" up
+sudo ip link set "$BR_DEV" up
+
+if ! command -v mkfs.ext4 >/dev/null 2>&1; then
+  log "mkfs.ext4 required to create home/var disks"
+  exit 1
+fi
+truncate -s "$HOME_BYTES" "$HOME_PATH"
+mkfs.ext4 -F "$HOME_PATH" >/dev/null
+truncate -s "$VAR_BYTES" "$VAR_PATH"
+mkfs.ext4 -F "$VAR_PATH" >/dev/null
+
+log "starting firecracker process"
+rm -f "$API_SOCK"
+nohup sudo -E "$FC_BIN" --api-sock "$API_SOCK" >"$LOG_FILE" 2>&1 &
+FC_PID="$!"
+
+log "waiting for firecracker api socket"
+for _ in $(seq 1 200); do
+  [[ -S "$API_SOCK" ]] && break
+  sleep 0.02
+done
+[[ -S "$API_SOCK" ]] || { log "firecracker api socket not ready"; exit 1; }
+
+log "configuring machine"
+sudo -E curl --unix-socket "$API_SOCK" -X PUT http://localhost/machine-config \
+  -H "Content-Type: application/json" \
+  -d '{
+    "vcpu_count": 2,
+    "mem_size_mib": 1024,
+    "smt": false
+  }' >/dev/null
+
+KCMD="console=ttyS0 reboot=k panic=1 pci=off root=/dev/vda rw ip=${GUEST_IP}::${BR_IP}:255.255.255.0:${VM_NAME}:eth0:off:${DNS_SERVER} hostname=${VM_NAME}"
+
+sudo -E curl --unix-socket "$API_SOCK" -X PUT http://localhost/boot-source \
+  -H "Content-Type: application/json" \
+  -d "{
+    \"kernel_image_path\": \"$KERNEL\",
+    \"boot_args\": \"$KCMD\",
+    \"initrd_path\": \"$INITRD\"
+  }" >/dev/null
+
+sudo -E curl --unix-socket "$API_SOCK" -X PUT http://localhost/drives/rootfs \
+  -H "Content-Type: application/json" \
+  -d "{
+    \"drive_id\": \"rootfs\",
+    \"path_on_host\": \"$OUT_ROOTFS\",
+    \"is_root_device\": true,
+    \"is_read_only\": false
+  }" >/dev/null
+
+sudo -E curl --unix-socket "$API_SOCK" -X PUT http://localhost/drives/home \
+  -H "Content-Type: application/json" \
+  -d "{
+    \"drive_id\": \"home\",
+    \"path_on_host\": \"$HOME_PATH\",
+    \"is_root_device\": false,
+    \"is_read_only\": false
+  }" >/dev/null
+
+sudo -E curl --unix-socket "$API_SOCK" -X PUT http://localhost/drives/var \
+  -H "Content-Type: application/json" \
+  -d "{
+    \"drive_id\": \"var\",
+    \"path_on_host\": \"$VAR_PATH\",
+    \"is_root_device\": false,
+    \"is_read_only\": false
+  }" >/dev/null
+
+sudo -E curl --unix-socket "$API_SOCK" -X PUT http://localhost/network-interfaces/eth0 \
+  -H "Content-Type: application/json" \
+  -d "{
+    \"iface_id\": \"eth0\",
+    \"host_dev_name\": \"$TAP_DEV\"
+  }" >/dev/null
+
+sudo -E curl --unix-socket "$API_SOCK" -X PUT http://localhost/actions \
+  -H "Content-Type: application/json" \
+  -d '{ "action_type": "InstanceStart" }' >/dev/null
+
+SUDO_CHILD_PID="$(pgrep -n -f "$API_SOCK" || true)"
+if [[ -n "$SUDO_CHILD_PID" ]]; then
+  FC_PID="$SUDO_CHILD_PID"
+fi
+
+VM_CONFIG_JSON="$(sudo -E curl --unix-socket "$API_SOCK" -sS http://localhost/vm/config)"
+CREATED_AT="$(date -Iseconds)"
+DNS_NAME="$(banger_dns_name "$VM_NAME")"
+banger_dns_write_record "$VM_NAME" "$GUEST_IP"
+jq -n \
+  --arg id "$VM_ID" \
+  --arg name "$VM_NAME" \
+  --arg pid "$FC_PID" \
+  --arg created_at "$CREATED_AT" \
+  --arg guest_ip "$GUEST_IP" \
+  --arg tap "$TAP_DEV" \
+  --arg api_sock "$API_SOCK" \
+  --arg log "$LOG_FILE" \
+  --arg rootfs "$OUT_ROOTFS" \
+  --arg kernel "$KERNEL" \
+  --arg dns_name "$DNS_NAME" \
+  --argjson config "$VM_CONFIG_JSON" \
+  '{meta:{id:$id,name:$name,pid:$pid,created_at:$created_at,guest_ip:$guest_ip,tap:$tap,api_sock:$api_sock,log:$log,rootfs:$rootfs,kernel:$kernel,dns_name:$dns_name},config:$config}' \
+  > "$VM_DIR/vm.json"
+
+log "enabling NAT for interactive session"
+sudo -E ./nat.sh up "$VM_TAG" >/dev/null
+
+log "waiting for SSH"
+log "guest ip: $GUEST_IP"
+log "ssh: ssh -i \"$SSH_KEY\" root@${GUEST_IP}"
+for _ in $(seq 1 60); do
+  if ssh -i "$SSH_KEY" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
+    "root@${GUEST_IP}" "true" >/dev/null 2>&1; then
+    log "ssh ready"
+    break
+  fi
+  sleep 1
+done
+
+log "output rootfs: $OUT_ROOTFS"
+log "press Ctrl+C to stop and clean up"
+
+while kill -0 "$FC_PID" >/dev/null 2>&1; do
+  sleep 1
+done