Move avoidable daemon shell-outs into Go
Reduce the control plane's dependency on helper scripts while keeping the hard Linux integration points in the approved shell-out layer. Replace the bash-driven image build path with a native Go builder that clones and optionally resizes the rootfs, boots a temporary Firecracker VM, provisions the guest over SSH, installs packages and modules, and preserves the package-manifest sidecar. Also replace a few small convenience shell-outs with Go helpers: read process stats from /proc, use os.Truncate for ext4 image growth, add file-clone and normalized-line helpers, drop the sh -c work-disk flattening path, and launch Firecracker via a direct sudo command. Add tests for the new SSH/archive and system helpers, plus a policy test that keeps os/exec imports confined to cli/firecracker/system. Update the docs to describe customize.sh as a manual helper rather than the daemon's image-build backend. Validated with go mod tidy, go test ./..., and make build.
This commit is contained in:
parent
0a0b0b617b
commit
942d242c03
17 changed files with 936 additions and 145 deletions
|
|
@ -102,12 +102,12 @@ func openLogFile(path string) (*os.File, error) {
|
|||
}
|
||||
|
||||
func buildConfig(cfg MachineConfig) sdk.Config {
|
||||
drives := sdk.NewDrivesBuilder(
|
||||
cfg.RootDrivePath,
|
||||
).
|
||||
WithRootDrive(cfg.RootDrivePath, sdk.WithDriveID("rootfs"), sdk.WithReadOnly(false)).
|
||||
AddDrive(cfg.WorkDrivePath, false, sdk.WithDriveID("work")).
|
||||
Build()
|
||||
drivesBuilder := sdk.NewDrivesBuilder(cfg.RootDrivePath).
|
||||
WithRootDrive(cfg.RootDrivePath, sdk.WithDriveID("rootfs"), sdk.WithReadOnly(false))
|
||||
if strings.TrimSpace(cfg.WorkDrivePath) != "" {
|
||||
drivesBuilder = drivesBuilder.AddDrive(cfg.WorkDrivePath, false, sdk.WithDriveID("work"))
|
||||
}
|
||||
drives := drivesBuilder.Build()
|
||||
|
||||
return sdk.Config{
|
||||
SocketPath: cfg.SocketPath,
|
||||
|
|
@ -132,14 +132,7 @@ func buildConfig(cfg MachineConfig) sdk.Config {
|
|||
}
|
||||
|
||||
func buildProcessRunner(cfg MachineConfig, logFile *os.File) *exec.Cmd {
|
||||
script := strings.Join([]string{
|
||||
"umask 000",
|
||||
"exec " + shellQuote(cfg.BinaryPath) +
|
||||
" --api-sock " + shellQuote(cfg.SocketPath) +
|
||||
" --id " + shellQuote(cfg.VMID),
|
||||
}, " && ")
|
||||
|
||||
cmd := exec.Command("sudo", "-n", "sh", "-c", script)
|
||||
cmd := exec.Command("sudo", "-n", cfg.BinaryPath, "--api-sock", cfg.SocketPath, "--id", cfg.VMID)
|
||||
cmd.Stdin = nil
|
||||
if logFile != nil {
|
||||
cmd.Stdout = logFile
|
||||
|
|
@ -148,10 +141,6 @@ func buildProcessRunner(cfg MachineConfig, logFile *os.File) *exec.Cmd {
|
|||
return cmd
|
||||
}
|
||||
|
||||
func shellQuote(value string) string {
|
||||
return "'" + strings.ReplaceAll(value, "'", `'"'"'`) + "'"
|
||||
}
|
||||
|
||||
func newLogger(base *slog.Logger) *logrus.Entry {
|
||||
logger := logrus.New()
|
||||
logger.SetOutput(io.Discard)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue