Thales Maciel
30f0c0b54a
Stop relying on ad hoc rootfs handling by adding image promotion, managed work-seed fingerprint metadata, and lazy self-healing for older managed images after the first create. Rebuild guest images with baked SSH access, a guest NIC bootstrap, and default opencode services, and add the staged Void kernel/initramfs/modules workflow so void-exp uses a matching Void boot stack. Replace the opaque blocking vm.create RPC with a begin/status flow that prints live stages in the CLI while still waiting for vsock health and opencode on guest port 4096. Validate with GOCACHE=/tmp/banger-gocache go test ./... and live void-exp create/delete smoke runs.
132 lines
3.9 KiB
Go
132 lines
3.9 KiB
Go
package daemon
|
|
|
|
import (
|
|
"context"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"errors"
|
|
"os"
|
|
"path/filepath"
|
|
"strconv"
|
|
"testing"
|
|
|
|
"banger/internal/guest"
|
|
"banger/internal/model"
|
|
)
|
|
|
|
func TestEnsureWorkDiskClonesSeedImageAndResizes(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
vmDir := t.TempDir()
|
|
seedPath := filepath.Join(t.TempDir(), "root.work-seed.ext4")
|
|
if err := os.WriteFile(seedPath, []byte("seed-data"), 0o644); err != nil {
|
|
t.Fatalf("WriteFile(seed): %v", err)
|
|
}
|
|
workDiskPath := filepath.Join(vmDir, "root.ext4")
|
|
runner := &scriptedRunner{
|
|
t: t,
|
|
steps: []runnerStep{
|
|
{call: runnerCall{name: "e2fsck", args: []string{"-p", "-f", workDiskPath}}},
|
|
{call: runnerCall{name: "resize2fs", args: []string{workDiskPath}}},
|
|
},
|
|
}
|
|
d := &Daemon{runner: runner}
|
|
vm := testVM("seeded", "image-seeded", "172.16.0.60")
|
|
vm.Runtime.WorkDiskPath = workDiskPath
|
|
vm.Spec.WorkDiskSizeBytes = 2 * 1024 * 1024
|
|
image := testImage("image-seeded")
|
|
image.WorkSeedPath = seedPath
|
|
|
|
if _, err := d.ensureWorkDisk(context.Background(), &vm, image); err != nil {
|
|
t.Fatalf("ensureWorkDisk: %v", err)
|
|
}
|
|
runner.assertExhausted()
|
|
|
|
info, err := os.Stat(workDiskPath)
|
|
if err != nil {
|
|
t.Fatalf("Stat(work disk): %v", err)
|
|
}
|
|
if info.Size() != vm.Spec.WorkDiskSizeBytes {
|
|
t.Fatalf("work disk size = %d, want %d", info.Size(), vm.Spec.WorkDiskSizeBytes)
|
|
}
|
|
}
|
|
|
|
func TestTapPoolWarmsAndReusesIdleTap(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
runner := &scriptedRunner{
|
|
t: t,
|
|
steps: []runnerStep{
|
|
{call: runnerCall{name: "ip", args: []string{"link", "show", "tap-pool-0"}}, err: errors.New("exit status 1")},
|
|
sudoStep("", nil, "ip", "tuntap", "add", "dev", "tap-pool-0", "mode", "tap", "user", strconv.Itoa(os.Getuid()), "group", strconv.Itoa(os.Getgid())),
|
|
sudoStep("", nil, "ip", "link", "set", "tap-pool-0", "master", model.DefaultBridgeName),
|
|
sudoStep("", nil, "ip", "link", "set", "tap-pool-0", "up"),
|
|
sudoStep("", nil, "ip", "link", "set", model.DefaultBridgeName, "up"),
|
|
},
|
|
}
|
|
d := &Daemon{
|
|
runner: runner,
|
|
config: model.DaemonConfig{
|
|
BridgeName: model.DefaultBridgeName,
|
|
TapPoolSize: 1,
|
|
},
|
|
closing: make(chan struct{}),
|
|
}
|
|
|
|
d.ensureTapPool(context.Background())
|
|
tapName, err := d.acquireTap(context.Background(), "tap-fallback")
|
|
if err != nil {
|
|
t.Fatalf("acquireTap: %v", err)
|
|
}
|
|
if tapName != "tap-pool-0" {
|
|
t.Fatalf("tapName = %q, want tap-pool-0", tapName)
|
|
}
|
|
if err := d.releaseTap(context.Background(), tapName); err != nil {
|
|
t.Fatalf("releaseTap: %v", err)
|
|
}
|
|
tapName, err = d.acquireTap(context.Background(), "tap-fallback")
|
|
if err != nil {
|
|
t.Fatalf("acquireTap second time: %v", err)
|
|
}
|
|
if tapName != "tap-pool-0" {
|
|
t.Fatalf("tapName second = %q, want tap-pool-0", tapName)
|
|
}
|
|
runner.assertExhausted()
|
|
}
|
|
|
|
func TestEnsureAuthorizedKeyOnWorkDiskSkipsRepairForMatchingSeededFingerprint(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 1024)
|
|
if err != nil {
|
|
t.Fatalf("GenerateKey: %v", err)
|
|
}
|
|
privateKeyPEM := pem.EncodeToMemory(&pem.Block{
|
|
Type: "RSA PRIVATE KEY",
|
|
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
|
|
})
|
|
sshKeyPath := filepath.Join(t.TempDir(), "id_rsa")
|
|
if err := os.WriteFile(sshKeyPath, privateKeyPEM, 0o600); err != nil {
|
|
t.Fatalf("WriteFile(private key): %v", err)
|
|
}
|
|
fingerprint, err := guest.AuthorizedPublicKeyFingerprint(sshKeyPath)
|
|
if err != nil {
|
|
t.Fatalf("AuthorizedPublicKeyFingerprint: %v", err)
|
|
}
|
|
|
|
runner := &scriptedRunner{t: t}
|
|
d := &Daemon{
|
|
runner: runner,
|
|
config: model.DaemonConfig{SSHKeyPath: sshKeyPath},
|
|
}
|
|
vm := testVM("seeded-fastpath", "image-seeded-fastpath", "172.16.0.62")
|
|
vm.Runtime.WorkDiskPath = filepath.Join(t.TempDir(), "root.ext4")
|
|
image := model.Image{SeededSSHPublicKeyFingerprint: fingerprint}
|
|
|
|
if err := d.ensureAuthorizedKeyOnWorkDisk(context.Background(), &vm, image, workDiskPreparation{ClonedFromSeed: true}); err != nil {
|
|
t.Fatalf("ensureAuthorizedKeyOnWorkDisk: %v", err)
|
|
}
|
|
runner.assertExhausted()
|
|
}
|