Speed up VM create with work seeds

Beat VM create wall time without changing VM semantics. Generate a work-seed ext4 sidecar during image builds and rootfs rebuilds, then clone and resize that seed for each new VM instead of rebuilding /root from scratch. Plumb the new seed artifact through config, runtime metadata, store state, runtime-bundle defaults, doctor checks, and default-image reconciliation so older images still fall back cleanly. Add a daemon TAP pool to keep idle bridge-attached devices warm, expose stage timing in lifecycle logs, add a create/SSH benchmark script plus Make target, and teach verify.sh that tap-pool-* devices are reusable capacity rather than cleanup leaks. Validated with go test ./..., make build, ./verify.sh, and make bench-create ARGS="--runs 2".
2026-03-18 21:22:12 -03:00 · 2026-03-18 21:22:12 -03:00 · c8d9a122f9
commit c8d9a122f9
parent a14a80fd6b
24 changed files with 695 additions and 44 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -4,6 +4,7 @@ import (
 	"errors"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"

 	toml "github.com/pelletier/go-toml"
@ -22,6 +23,7 @@ type fileConfig struct {
 	NamegenPath        string `toml:"namegen_path"`
 	CustomizeScript    string `toml:"customize_script"`
 	VSockPingHelper    string `toml:"vsock_ping_helper_path"`
+	DefaultWorkSeed    string `toml:"default_work_seed"`
 	DefaultImageName   string `toml:"default_image_name"`
 	DefaultRootfs      string `toml:"default_rootfs"`
 	DefaultBaseRootfs  string `toml:"default_base_rootfs"`
@ -35,6 +37,7 @@ type fileConfig struct {
 	BridgeName         string `toml:"bridge_name"`
 	BridgeIP           string `toml:"bridge_ip"`
 	CIDR               string `toml:"cidr"`
+	TapPoolSize        int    `toml:"tap_pool_size"`
 	DefaultDNS         string `toml:"default_dns"`
 }

@ -47,6 +50,7 @@ func Load(layout paths.Layout) (model.DaemonConfig, error) {
 		BridgeName:          model.DefaultBridgeName,
 		BridgeIP:            model.DefaultBridgeIP,
 		CIDR:                model.DefaultCIDR,
+		TapPoolSize:         4,
 		DefaultDNS:          model.DefaultDNS,
 		DefaultImageName:    "default",
 	}
@ -91,6 +95,9 @@ func Load(layout paths.Layout) (model.DaemonConfig, error) {
 	if file.VSockPingHelper != "" {
 		cfg.VSockPingHelperPath = file.VSockPingHelper
 	}
+	if file.DefaultWorkSeed != "" {
+		cfg.DefaultWorkSeed = file.DefaultWorkSeed
+	}
 	if file.DefaultImageName != "" {
 		cfg.DefaultImageName = file.DefaultImageName
 	}
@ -121,6 +128,9 @@ func Load(layout paths.Layout) (model.DaemonConfig, error) {
 	if file.CIDR != "" {
 		cfg.CIDR = file.CIDR
 	}
+	if file.TapPoolSize > 0 {
+		cfg.TapPoolSize = file.TapPoolSize
+	}
 	if file.DefaultDNS != "" {
 		cfg.DefaultDNS = file.DefaultDNS
 	}
@ -176,6 +186,9 @@ func applyRuntimeDefaults(cfg *model.DaemonConfig) error {
 			cfg.DefaultRootfs,
 		)
 	}
+	if cfg.DefaultWorkSeed == "" && cfg.DefaultRootfs != "" {
+		cfg.DefaultWorkSeed = firstExistingRuntimePath(associatedWorkSeedPath(cfg.DefaultRootfs))
+	}
 	return nil
 }

@ -185,6 +198,7 @@ func applyBundleMetadataDefaults(cfg *model.DaemonConfig, runtimeDir string, met
 	cfg.NamegenPath = defaultRuntimePath(cfg.NamegenPath, runtimeDir, meta.NamegenPath)
 	cfg.CustomizeScript = defaultRuntimePath(cfg.CustomizeScript, runtimeDir, meta.CustomizeScript)
 	cfg.VSockPingHelperPath = defaultRuntimePath(cfg.VSockPingHelperPath, runtimeDir, meta.VSockPingHelperPath)
+	cfg.DefaultWorkSeed = defaultRuntimePath(cfg.DefaultWorkSeed, runtimeDir, meta.DefaultWorkSeed)
 	cfg.DefaultKernel = defaultRuntimePath(cfg.DefaultKernel, runtimeDir, meta.DefaultKernel)
 	cfg.DefaultInitrd = defaultRuntimePath(cfg.DefaultInitrd, runtimeDir, meta.DefaultInitrd)
 	cfg.DefaultModulesDir = defaultRuntimePath(cfg.DefaultModulesDir, runtimeDir, meta.DefaultModulesDir)
@ -199,6 +213,7 @@ func applyLegacyRuntimeDefaults(cfg *model.DaemonConfig) {
 	cfg.NamegenPath = defaultRuntimePath(cfg.NamegenPath, cfg.RuntimeDir, "namegen")
 	cfg.CustomizeScript = defaultRuntimePath(cfg.CustomizeScript, cfg.RuntimeDir, "customize.sh")
 	cfg.VSockPingHelperPath = defaultRuntimePath(cfg.VSockPingHelperPath, cfg.RuntimeDir, "banger-vsock-pingd")
+	cfg.DefaultWorkSeed = defaultRuntimePath(cfg.DefaultWorkSeed, cfg.RuntimeDir, "rootfs-docker.work-seed.ext4")
 	cfg.DefaultKernel = defaultRuntimePath(cfg.DefaultKernel, cfg.RuntimeDir, "wtf/root/boot/vmlinux-6.8.0-94-generic")
 	cfg.DefaultInitrd = defaultRuntimePath(cfg.DefaultInitrd, cfg.RuntimeDir, "wtf/root/boot/initrd.img-6.8.0-94-generic")
 	cfg.DefaultModulesDir = defaultRuntimePath(cfg.DefaultModulesDir, cfg.RuntimeDir, "wtf/root/lib/modules/6.8.0-94-generic")
@ -223,3 +238,14 @@ func firstExistingRuntimePath(paths ...string) string {
 	}
 	return ""
 }
+
+func associatedWorkSeedPath(rootfsPath string) string {
+	rootfsPath = strings.TrimSpace(rootfsPath)
+	if rootfsPath == "" {
+		return ""
+	}
+	if strings.HasSuffix(rootfsPath, ".ext4") {
+		return strings.TrimSuffix(rootfsPath, ".ext4") + ".work-seed.ext4"
+	}
+	return rootfsPath + ".work-seed"
+}
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@ -20,6 +20,7 @@ func TestLoadDerivesArtifactPathsFromRuntimeDir(t *testing.T) {
 		VSockPingHelperPath: "bin/banger-vsock-pingd",
 		DefaultPackages:     "config/packages.apt",
 		DefaultRootfs:       "images/rootfs-docker.ext4",
+		DefaultWorkSeed:     "images/rootfs-docker.work-seed.ext4",
 		DefaultKernel:       "kernels/vmlinux",
 		DefaultInitrd:       "kernels/initrd.img",
 		DefaultModulesDir:   "modules/current",
@ -32,6 +33,7 @@ func TestLoadDerivesArtifactPathsFromRuntimeDir(t *testing.T) {
 		meta.VSockPingHelperPath,
 		meta.DefaultPackages,
 		meta.DefaultRootfs,
+		meta.DefaultWorkSeed,
 		meta.DefaultKernel,
 		meta.DefaultInitrd,
 		filepath.Join(meta.DefaultModulesDir, "modules.dep"),
@ -79,6 +81,9 @@ func TestLoadDerivesArtifactPathsFromRuntimeDir(t *testing.T) {
 	if cfg.DefaultRootfs != filepath.Join(runtimeDir, meta.DefaultRootfs) {
 		t.Fatalf("DefaultRootfs = %q", cfg.DefaultRootfs)
 	}
+	if cfg.DefaultWorkSeed != filepath.Join(runtimeDir, meta.DefaultWorkSeed) {
+		t.Fatalf("DefaultWorkSeed = %q", cfg.DefaultWorkSeed)
+	}
 	if cfg.DefaultBaseRootfs != filepath.Join(runtimeDir, meta.DefaultRootfs) {
 		t.Fatalf("DefaultBaseRootfs = %q", cfg.DefaultBaseRootfs)
 	}
@ -106,6 +111,7 @@ func TestLoadFallsBackToLegacyRuntimeLayoutWithoutBundleMetadata(t *testing.T) {
 		"banger-vsock-pingd",
 		"packages.apt",
 		"rootfs-docker.ext4",
+		"rootfs-docker.work-seed.ext4",
 		"wtf/root/boot/vmlinux-6.8.0-94-generic",
 		"wtf/root/boot/initrd.img-6.8.0-94-generic",
 		"wtf/root/lib/modules/6.8.0-94-generic/modules.dep",
@ -131,6 +137,9 @@ func TestLoadFallsBackToLegacyRuntimeLayoutWithoutBundleMetadata(t *testing.T) {
 	if cfg.VSockPingHelperPath != filepath.Join(runtimeDir, "banger-vsock-pingd") {
 		t.Fatalf("VSockPingHelperPath = %q", cfg.VSockPingHelperPath)
 	}
+	if cfg.DefaultWorkSeed != filepath.Join(runtimeDir, "rootfs-docker.work-seed.ext4") {
+		t.Fatalf("DefaultWorkSeed = %q", cfg.DefaultWorkSeed)
+	}
 	if cfg.DefaultKernel != filepath.Join(runtimeDir, "wtf/root/boot/vmlinux-6.8.0-94-generic") {
 		t.Fatalf("DefaultKernel = %q", cfg.DefaultKernel)
 	}