+5 -5

spindle/engines/qemu/bakers/baker.go

reviewed

··· 11 11 "tangled.org/core/log" 12 12 ) 13 13 14 14 + type ImageMetadata struct { 15 15 + Cmdline string `json:"cmdline"` 16 16 + Shell string `json:"shell"` 17 17 + } 18 18 + 14 19 const ( 15 20 DiskName = "disk" 16 21 KernelName = "kernel" ··· 26 31 func ConfigPath(dir string) string { return filepath.Join(dir, ConfigName) } 27 32 func UserDataPath(dir string) string { return filepath.Join(dir, UserDataName) } 28 33 func SeedISOPath(dir string) string { return filepath.Join(dir, SeedISOName) } 29 29 - 30 30 - type ImageMetadata struct { 31 31 - Cmdline string `json:"cmdline"` 32 32 - Shell string `json:"shell"` 33 33 - } 34 34 35 35 type ImageBaker interface { 36 36 Prepare(ctx context.Context, imageDir string) error

+8 -4

spindle/engines/qemu/cloudinit.go spindle/engines/qemu/virt/cloudinit.go

reviewed

··· 1 1 - package qemu 1 1 + package virt 2 2 3 3 import ( 4 4 "fmt" 5 5 "os" 6 6 "os/exec" 7 7 "path/filepath" 8 8 + ) 8 9 9 9 - "tangled.org/core/spindle/engines/qemu/bakers" 10 10 - ) 10 10 + const SeedISOName = "seed.iso" 11 11 + 12 12 + func SeedISOPath(dir string) string { 13 13 + return filepath.Join(dir, SeedISOName) 14 14 + } 11 15 12 16 func generateSeedISO(dir string, extraUserData string) error { 13 17 metaData := "instance-id: spindle-vm\nlocal-hostname: spindle\n" ··· 32 36 } 33 37 34 38 // nocloud source expects volid "cidata" with joliet and rock ridge extensions 35 35 - cmd := exec.Command("genisoimage", "-output", bakers.SeedISOPath(dir), "-volid", "cidata", "-joliet", "-rock", "meta-data", "user-data") 39 39 + cmd := exec.Command("genisoimage", "-output", SeedISOPath(dir), "-volid", "cidata", "-joliet", "-rock", "meta-data", "user-data") 36 40 cmd.Dir = dir 37 41 cmd.Stdout = os.Stdout 38 42 cmd.Stderr = os.Stderr

+34 -318

spindle/engines/qemu/engine.go

reviewed

··· 1 1 package qemu 2 2 3 3 import ( 4 4 - "bufio" 5 4 "context" 6 6 - "encoding/base64" 7 5 "encoding/json" 8 6 "fmt" 9 7 "log/slog" 10 10 - "net" 11 8 "os" 12 12 - "os/exec" 13 9 "path/filepath" 14 10 "sync" 15 11 "time" 16 12 17 17 - "github.com/digitalocean/go-qemu/qmp" 18 13 "gopkg.in/yaml.v3" 19 14 20 15 "tangled.org/core/api/tangled" ··· 22 17 "tangled.org/core/spindle/config" 23 18 "tangled.org/core/spindle/engine" 24 19 "tangled.org/core/spindle/engines/qemu/bakers" 20 20 + "tangled.org/core/spindle/engines/qemu/virt" 25 21 "tangled.org/core/spindle/models" 26 22 "tangled.org/core/spindle/secrets" 27 23 ) ··· 81 77 return nil, err 82 78 } 83 79 84 84 - swf.Data = vmState{img: img} 80 80 + swf.Data = &virt.VMState{Img: img} 85 81 return swf, nil 86 82 } 87 83 88 84 // discover and resolve kernel, initrd, and disk and other config from an image subfolder 89 89 - func (e *Engine) resolveImage(name string) (ResolvedImage, error) { 90 90 - var img ResolvedImage 85 85 + func (e *Engine) resolveImage(name string) (virt.ResolvedImage, error) { 86 86 + var img virt.ResolvedImage 91 87 if name == "" { 92 88 name = e.cfg.QemuPipelines.DefaultImage 93 89 } ··· 102 98 configPath := bakers.ConfigPath(imageDir) 103 99 104 100 if _, err := os.Stat(diskPath); err == nil { 105 105 - img.disk = diskPath 101 101 + img.Disk = diskPath 106 102 } 107 103 if _, err := os.Stat(kernelPath); err == nil { 108 108 - img.kernel = kernelPath 104 104 + img.Kernel = kernelPath 109 105 } 110 106 if _, err := os.Stat(initrdPath); err == nil { 111 111 - img.initrd = initrdPath 107 107 + img.Initrd = initrdPath 112 108 } 113 109 if b, err := os.ReadFile(configPath); err == nil { 114 110 var meta bakers.ImageMetadata 115 111 if err := json.Unmarshal(b, &meta); err == nil { 116 112 if meta.Cmdline != "" { 117 117 - img.cmdline = meta.Cmdline 113 113 + img.Cmdline = meta.Cmdline 118 114 } 119 115 if meta.Shell != "" { 120 120 - img.shell = meta.Shell 116 116 + img.Shell = meta.Shell 121 117 } 122 118 } 123 119 } 124 120 if b, err := os.ReadFile(filepath.Join(imageDir, bakers.UserDataName)); err == nil { 125 125 - img.userData = string(b) 121 121 + img.UserData = string(b) 126 122 } 127 123 128 128 - if img.disk == "" { 124 124 + if img.Disk == "" { 129 125 return img, fmt.Errorf("missing '%s' in %s", bakers.DiskName, imageDir) 130 126 } 131 131 - if img.kernel != "" && (img.initrd == "" || img.cmdline == "") { 127 127 + if img.Kernel != "" && (img.Initrd == "" || img.Cmdline == "") { 132 128 return img, fmt.Errorf("kernel requires initrd and cmdline, but 'initrd' and/or 'cmdline' is missing for %s", name) 133 129 } 134 134 - if img.shell == "" { 130 130 + if img.Shell == "" { 135 131 return img, fmt.Errorf("shell is not configured for %s", name) 136 132 } 137 133 return img, nil ··· 147 143 wfLogger.ControlWriter(setupStepIdx, setupStep, models.StepStatusStart).Write([]byte{0}) 148 144 defer wfLogger.ControlWriter(setupStepIdx, setupStep, models.StepStatusEnd).Write([]byte{0}) 149 145 150 150 - // some systems have tmpfs at /tmp which is not ideal for large workloads 151 151 - targetTempDir := e.cfg.QemuPipelines.OverlayDir 152 152 - if targetTempDir == "" { 153 153 - targetTempDir = os.TempDir() 154 154 - } 155 155 - 156 156 - tempDir, err := os.MkdirTemp(targetTempDir, "qemu-wf-*") 157 157 - if err != nil { 158 158 - return err 159 159 - } 160 160 - e.registerCleanup(wid, func(ctx context.Context) error { 161 161 - return os.RemoveAll(tempDir) 162 162 - }) 163 163 - 164 164 - state := wf.Data.(vmState) 165 165 - img := state.img 166 166 - 167 167 - if err := generateSeedISO(tempDir, img.userData); err != nil { 168 168 - return fmt.Errorf("generating seed iso: %w", err) 169 169 - } 170 170 - 171 171 - qmpSock := filepath.Join(tempDir, "qmp.sock") 172 172 - qgaSock := filepath.Join(tempDir, "qga.sock") 173 173 - 174 174 - // todo(dawn): ideally would be nice if we used qemu with the microvm enabled here... 175 175 - // but that is not compatible with cloud-init since it expects real hw enumeration... 176 176 - // and we would not be able to use standard cloud images, which is kind of annoying. 177 177 - // we also have to manage a virtiofsd process for the filesystem, instead of having to 178 178 - // manage a qcow overlay (see https://ubuntu.com/server/docs/explanation/virtualisation/qemu-microvm/). 179 179 - // also also need to be able to have some scripts for generating our own images 180 180 - // (though we should already do this anyway since some like alpine don't provide 181 181 - // "cloud ready" image files, at least with kernel and initrd) 182 182 - argv := []string{ 183 183 - // todo(dawn): ideally probably have "tiers" and let the spindle concile the tier using 184 184 - // what the user wants and what the user has exposed to them by the spindle operator? 185 185 - "-m", e.cfg.QemuPipelines.Memory, "-smp", fmt.Sprintf("%d", e.cfg.QemuPipelines.SMP), 186 186 - "-display", "none", "-monitor", "none", "-nodefaults", "-no-user-config", 187 187 - // use snapshot=on to do copy-on-write without having us manage qcow overlays manually 188 188 - "-drive", fmt.Sprintf("file=%s,media=disk,snapshot=on,if=virtio", img.disk), 189 189 - "-drive", fmt.Sprintf("file=%s,media=cdrom", bakers.SeedISOPath(tempDir)), 190 190 - "-netdev", "user,id=net0", 191 191 - "-device", "virtio-net-pci,netdev=net0", 192 192 - "-qmp", fmt.Sprintf("unix:%s,server,nowait", qmpSock), 193 193 - "-chardev", fmt.Sprintf("socket,path=%s,server,nowait,id=qga0", qgaSock), 194 194 - "-device", "virtio-serial", 195 195 - "-device", "virtserialport,chardev=qga0,name=org.qemu.guest_agent.0", 196 196 - } 197 197 - 198 198 - if e.cfg.Server.Dev { 199 199 - argv = append(argv, "-serial", "stdio") 200 200 - } else { 201 201 - argv = append(argv, "-serial", "none") 202 202 - } 203 203 - 204 204 - // support booting using qemu bios still, but otherwise we make it faster! 205 205 - // incase someone wants to do this for whatever reason... 206 206 - if img.kernel != "" { 207 207 - argv = append(argv, "-kernel", img.kernel) 208 208 - if img.initrd != "" { 209 209 - argv = append(argv, "-initrd", img.initrd) 210 210 - } 211 211 - if img.cmdline != "" { 212 212 - argv = append(argv, "-append", img.cmdline) 213 213 - } 214 214 - } else { 215 215 - // booting with bios: explicitly select disk 216 216 - argv = append(argv, "-boot", "order=c") 217 217 - } 218 218 - 219 219 - enableKVM := e.cfg.QemuPipelines.EnableKVM 220 220 - if _, err := os.Stat("/dev/kvm"); err != nil { 221 221 - if enableKVM { 222 222 - l.Warn("kvm was requested but /dev/kvm is not accessible; falling back to software emulation", "error", err) 223 223 - } 224 224 - enableKVM = false 225 225 - } 226 226 - if enableKVM { 227 227 - argv = append(argv, "-enable-kvm", "-cpu", "host") 228 228 - } 229 229 - 230 230 - // todo(dawn): same with above, we assume x86_64 here, but should allow other archs, 231 231 - // probably just auto detect as a default 232 232 - qemuCmd := exec.Command("qemu-system-x86_64", argv...) 233 233 - qemuCmd.Env = append(os.Environ(), "TMPDIR="+tempDir) 234 234 - qemuCmd.Stdout = os.Stdout 235 235 - qemuCmd.Stderr = os.Stderr 236 236 - 237 237 - startedBootAt := time.Now() 238 238 - if err := qemuCmd.Start(); err != nil { 239 239 - return fmt.Errorf("starting qemu: %w", err) 240 240 - } 241 241 - 242 242 - var mon *qmp.SocketMonitor 243 243 - 244 244 - // cleanup qemu if we fail to setup at any point below 245 245 - setupOk := false 246 246 - defer func() { 247 247 - if !setupOk { 248 248 - _ = qemuCmd.Process.Kill() 249 249 - if mon != nil { 250 250 - _ = mon.Disconnect() 251 251 - } 252 252 - } 253 253 - }() 254 254 - 255 255 - qmpCtx, cancelQmp := context.WithTimeout(ctx, 10*time.Second) 256 256 - defer cancelQmp() 257 257 - 258 258 - // wait for qmp to be ready 259 259 - for { 260 260 - mon, err = qmp.NewSocketMonitor("unix", qmpSock, 2*time.Second) 261 261 - if err == nil { 262 262 - if err = mon.Connect(); err == nil { 263 263 - break 264 264 - } 265 265 - } 266 266 - select { 267 267 - case <-qmpCtx.Done(): 268 268 - return fmt.Errorf("qmp connect timeout: %w", err) 269 269 - case <-time.After(10 * time.Millisecond): 270 270 - } 271 271 - } 146 146 + state := wf.Data.(*virt.VMState) 147 147 + img := state.Img 272 148 273 273 - status, err := e.qmpQueryStatus(mon) 149 149 + actualState, err := virt.StartVM(ctx, virt.VMConfig{ 150 150 + Memory: e.cfg.QemuPipelines.Memory, 151 151 + SMP: e.cfg.QemuPipelines.SMP, 152 152 + EnableKVM: e.cfg.QemuPipelines.EnableKVM, 153 153 + Dev: e.cfg.Server.Dev, 154 154 + OverlayDir: e.cfg.QemuPipelines.OverlayDir, 155 155 + }, img, l) 274 156 if err != nil { 275 157 return err 276 158 } 277 159 278 278 - l.Info("qemu guest status", "status", status) 279 279 - if status != "running" { 280 280 - return fmt.Errorf("qemu guest not running (status: %s)", status) 281 281 - } 282 282 - 283 283 - qgaCtx, cancelQga := context.WithTimeout(ctx, time.Minute) 284 284 - defer cancelQga() 285 285 - 286 286 - // wait for guest agent to be ready (aka boot) 287 287 - for { 288 288 - if _, err := os.Stat(qgaSock); err == nil { 289 289 - pingCtx, cancelPing := context.WithTimeout(qgaCtx, 5*time.Second) 290 290 - err = e.qgaGuestPing(pingCtx, qgaSock) 291 291 - cancelPing() 292 292 - if err == nil { 293 293 - l.Info("vm booted and guest-agent ready", "elapsed", time.Since(startedBootAt).Round(time.Millisecond)) 294 294 - break 295 295 - } 296 296 - l.Debug("qga guest-ping failed", "error", err) 297 297 - } else { 298 298 - l.Debug("qga socket not found yet", "path", qgaSock) 299 299 - } 300 300 - 301 301 - select { 302 302 - case <-qgaCtx.Done(): 303 303 - return fmt.Errorf("qga connect timeout: %w", err) 304 304 - case <-time.After(100 * time.Millisecond): 305 305 - } 306 306 - } 307 307 - 308 160 e.registerCleanup(wid, func(ctx context.Context) error { 309 161 // graceful powerdown so guest can sync filesystem 310 310 - if err := e.qmpSystemPowerdown(mon); err != nil { 162 162 + if err := actualState.QMPSystemPowerdown(); err != nil { 311 163 l.Error("failed to powerdown qemu guest", "workflow", wid, "error", err) 312 164 } 313 165 314 166 done := make(chan error, 1) 315 315 - go func() { done <- qemuCmd.Wait() }() 167 167 + go func() { 168 168 + _, err := actualState.Process.Wait() 169 169 + done <- err 170 170 + }() 316 171 317 172 select { 318 173 case <-done: 319 174 case <-time.After(5 * time.Second): 320 320 - _ = qemuCmd.Process.Kill() 175 175 + _ = actualState.Process.Kill() 321 176 <-done // drain to avoid zombie 322 177 } 323 178 324 324 - _ = mon.Disconnect() 179 179 + _ = actualState.QMPMon.Disconnect() 180 180 + _ = os.RemoveAll(actualState.TempDir) 325 181 return nil 326 182 }) 327 183 328 328 - wf.Data = vmState{ 329 329 - process: qemuCmd.Process, 330 330 - qmpMon: mon, 331 331 - qgaPath: qgaSock, 332 332 - tempDir: tempDir, 333 333 - img: img, 334 334 - } 335 335 - 336 336 - setupOk = true 184 184 + wf.Data = actualState 337 185 return nil 338 186 } 339 187 340 340 - func (e *Engine) qmpRun(mon *qmp.SocketMonitor, command qmp.Command) ([]byte, error) { 341 341 - b, err := json.Marshal(command) 342 342 - if err != nil { 343 343 - return nil, err 344 344 - } 345 345 - return mon.Run(b) 346 346 - } 347 347 - 348 348 - // sends a command to the qemu guest agent and returns the response 349 349 - func (e *Engine) qgaRun(ctx context.Context, sock string, command qmp.Command) ([]byte, error) { 350 350 - b, err := json.Marshal(command) 351 351 - if err != nil { 352 352 - return nil, err 353 353 - } 354 354 - 355 355 - conn, err := (&net.Dialer{}).DialContext(ctx, "unix", sock) 356 356 - if err != nil { 357 357 - return nil, err 358 358 - } 359 359 - defer conn.Close() 360 360 - 361 361 - if dl, ok := ctx.Deadline(); ok { 362 362 - _ = conn.SetDeadline(dl) 363 363 - } 364 364 - 365 365 - if _, err := conn.Write(append(b, '\n')); err != nil { 366 366 - return nil, err 367 367 - } 368 368 - 369 369 - return bufio.NewReader(conn).ReadBytes('\n') 370 370 - } 371 371 - 372 372 - // query the qemu guest status 373 373 - func (e *Engine) qmpQueryStatus(mon *qmp.SocketMonitor) (string, error) { 374 374 - raw, err := e.qmpRun(mon, qmp.Command{Execute: "query-status"}) 375 375 - if err != nil { 376 376 - return "", fmt.Errorf("qmp query-status failed: %w", err) 377 377 - } 378 378 - 379 379 - var resp struct { 380 380 - Return struct { 381 381 - Status string `json:"status"` 382 382 - } `json:"return"` 383 383 - } 384 384 - if err := json.Unmarshal(raw, &resp); err != nil { 385 385 - return "", fmt.Errorf("qmp query-status parse: %w", err) 386 386 - } 387 387 - return resp.Return.Status, nil 388 388 - } 389 389 - 390 390 - // send a command to qemu to powerdown the guest gracefully 391 391 - func (e *Engine) qmpSystemPowerdown(mon *qmp.SocketMonitor) error { 392 392 - _, err := e.qmpRun(mon, qmp.Command{Execute: "system_powerdown"}) 393 393 - return err 394 394 - } 395 395 - 396 396 - // ping the guest agent to see if it's ready 397 397 - func (e *Engine) qgaGuestPing(ctx context.Context, sock string) error { 398 398 - _, err := e.qgaRun(ctx, sock, qmp.Command{Execute: "guest-ping"}) 399 399 - return err 400 400 - } 401 401 - 402 402 - // execute a command on the guest and return its pid 403 403 - func (e *Engine) qgaGuestExec(ctx context.Context, sock string, shell string, command string, env []string) (int, error) { 404 404 - cmdArgs := []string{shell, "-c", command} 405 405 - raw, err := e.qgaRun(ctx, sock, qmp.Command{ 406 406 - Execute: "guest-exec", 407 407 - Args: map[string]any{ 408 408 - "path": shell, 409 409 - "arg": cmdArgs[1:], 410 410 - "env": env, 411 411 - "capture-output": true, 412 412 - }, 413 413 - }) 414 414 - if err != nil { 415 415 - return 0, fmt.Errorf("qga guest-exec: %w", err) 416 416 - } 417 417 - 418 418 - var resp struct { 419 419 - Return struct { 420 420 - Pid int `json:"pid"` 421 421 - } `json:"return"` 422 422 - } 423 423 - if err := json.Unmarshal(raw, &resp); err != nil { 424 424 - return 0, fmt.Errorf("qga guest-exec parse: %w", err) 425 425 - } 426 426 - return resp.Return.Pid, nil 427 427 - } 428 428 - 429 429 - type guestExecStatus struct { 430 430 - Exited bool 431 431 - ExitCode int 432 432 - // these are since the last time we asked for status 433 433 - OutData []byte 434 434 - ErrData []byte 435 435 - } 436 436 - 437 437 - // get the status of a command executed with guest-exec 438 438 - func (e *Engine) qgaGuestExecStatus(ctx context.Context, sock string, pid int) (guestExecStatus, error) { 439 439 - var status guestExecStatus 440 440 - raw, err := e.qgaRun(ctx, sock, qmp.Command{ 441 441 - Execute: "guest-exec-status", 442 442 - Args: map[string]any{"pid": pid}, 443 443 - }) 444 444 - if err != nil { 445 445 - return status, fmt.Errorf("qga guest-exec-status: %w", err) 446 446 - } 447 447 - 448 448 - var resp struct { 449 449 - Return struct { 450 450 - Exited bool `json:"exited"` 451 451 - ExitCode int `json:"exitcode"` 452 452 - OutData string `json:"out-data"` 453 453 - ErrData string `json:"err-data"` 454 454 - } `json:"return"` 455 455 - } 456 456 - if err := json.Unmarshal(raw, &resp); err != nil { 457 457 - return status, fmt.Errorf("qga guest-exec-status parse: %w", err) 458 458 - } 459 459 - 460 460 - status.Exited = resp.Return.Exited 461 461 - status.ExitCode = resp.Return.ExitCode 462 462 - if resp.Return.OutData != "" { 463 463 - status.OutData, _ = base64.StdEncoding.DecodeString(resp.Return.OutData) 464 464 - } 465 465 - if resp.Return.ErrData != "" { 466 466 - status.ErrData, _ = base64.StdEncoding.DecodeString(resp.Return.ErrData) 467 467 - } 468 468 - 469 469 - return status, nil 470 470 - } 471 471 - 472 188 func (e *Engine) RunStep(ctx context.Context, wid models.WorkflowId, w *models.Workflow, idx int, secrets []secrets.UnlockedSecret, wfLogger models.WorkflowLogger) error { 473 473 - state := w.Data.(vmState) 189 189 + state := w.Data.(*virt.VMState) 474 190 step := w.Steps[idx] 475 191 476 192 env := make([]string, 0, len(w.Environment)+len(secrets)) ··· 486 202 } 487 203 } 488 204 489 489 - pid, err := e.qgaGuestExec(ctx, state.qgaPath, state.img.shell, step.Command(), env) 205 205 + pid, err := state.QGAGuestExec(ctx, step.Command(), env) 490 206 if err != nil { 491 207 return err 492 208 } 493 209 494 210 for { 495 495 - status, err := e.qgaGuestExecStatus(ctx, state.qgaPath, pid) 211 211 + status, err := state.QGAGuestExecStatus(ctx, pid) 496 212 if err != nil { 497 213 return err 498 214 }

-8

spindle/engines/qemu/errors.go

reviewed

··· 1 1 - package qemu 2 2 - 3 3 - import "errors" 4 4 - 5 5 - var ( 6 6 - ErrOOMKilled = errors.New("container died due to OOM kill") 7 7 - ErrBootTimeout = errors.New("timed out waiting for VM to boot") 8 8 - )

-24

spindle/engines/qemu/models.go

reviewed

··· 1 1 package qemu 2 2 3 3 - import ( 4 4 - "os" 5 5 - 6 6 - "github.com/digitalocean/go-qemu/qmp" 7 7 - ) 8 8 - 9 9 - type vmState struct { 10 10 - process *os.Process 11 11 - qmpMon *qmp.SocketMonitor 12 12 - qgaPath string 13 13 - tempDir string 14 14 - 15 15 - img ResolvedImage 16 16 - } 17 17 - 18 18 - type ResolvedImage struct { 19 19 - kernel string 20 20 - initrd string 21 21 - disk string 22 22 - cmdline string // kernel command line 23 23 - shell string // shell to use for workflow steps 24 24 - userData string // extra cloud-init user-data 25 25 - } 26 26 - 27 3 type manifestWorkflow struct { 28 4 Image string `yaml:"image"` 29 5 Steps []struct {

+33

spindle/engines/qemu/virt/models.go

reviewed

··· 1 1 + package virt 2 2 + 3 3 + import ( 4 4 + "os" 5 5 + 6 6 + "github.com/digitalocean/go-qemu/qmp" 7 7 + ) 8 8 + 9 9 + type VMConfig struct { 10 10 + Memory string 11 11 + SMP int 12 12 + EnableKVM bool 13 13 + Dev bool 14 14 + OverlayDir string 15 15 + } 16 16 + 17 17 + type ResolvedImage struct { 18 18 + Kernel string 19 19 + Initrd string 20 20 + Disk string 21 21 + Cmdline string // kernel command line 22 22 + Shell string // shell to use for workflow steps 23 23 + UserData string // extra cloud-init user-data 24 24 + } 25 25 + 26 26 + type VMState struct { 27 27 + Process *os.Process 28 28 + QMPMon *qmp.SocketMonitor 29 29 + QGAPath string 30 30 + TempDir string 31 31 + 32 32 + Img ResolvedImage 33 33 + }

+320

spindle/engines/qemu/virt/vm.go

reviewed

··· 1 1 + package virt 2 2 + 3 3 + import ( 4 4 + "bufio" 5 5 + "context" 6 6 + "encoding/base64" 7 7 + "encoding/json" 8 8 + "fmt" 9 9 + "log/slog" 10 10 + "net" 11 11 + "os" 12 12 + "os/exec" 13 13 + "path/filepath" 14 14 + "time" 15 15 + 16 16 + "github.com/digitalocean/go-qemu/qmp" 17 17 + ) 18 18 + 19 19 + func StartVM(ctx context.Context, cfg VMConfig, img ResolvedImage, l *slog.Logger) (*VMState, error) { 20 20 + // some systems have tmpfs at /tmp which is not ideal for large workloads 21 21 + targetTempDir := cfg.OverlayDir 22 22 + if targetTempDir == "" { 23 23 + targetTempDir = os.TempDir() 24 24 + } 25 25 + 26 26 + tempDir, err := os.MkdirTemp(targetTempDir, "qemu-vm-*") 27 27 + if err != nil { 28 28 + return nil, err 29 29 + } 30 30 + 31 31 + state := &VMState{ 32 32 + TempDir: tempDir, 33 33 + Img: img, 34 34 + } 35 35 + 36 36 + cleanup := func() { 37 37 + _ = state.Close() 38 38 + _ = os.RemoveAll(tempDir) 39 39 + } 40 40 + 41 41 + if err := generateSeedISO(tempDir, img.UserData); err != nil { 42 42 + cleanup() 43 43 + return nil, fmt.Errorf("generating seed iso: %w", err) 44 44 + } 45 45 + 46 46 + qmpSock := filepath.Join(tempDir, "qmp.sock") 47 47 + qgaSock := filepath.Join(tempDir, "qga.sock") 48 48 + 49 49 + state.QGAPath = qgaSock 50 50 + 51 51 + // todo(dawn): ideally would be nice if we used qemu with the microvm enabled here... 52 52 + // but that is not compatible with cloud-init since it expects real hw enumeration... 53 53 + // and we would not be able to use standard cloud images, which is kind of annoying. 54 54 + // we also have to manage a virtiofsd process for the filesystem, instead of having to 55 55 + // manage a qcow overlay (see https://ubuntu.com/server/docs/explanation/virtualisation/qemu-microvm/). 56 56 + // also also need to be able to have some scripts for generating our own images 57 57 + // (though we should already do this anyway since some like alpine don't provide 58 58 + // "cloud ready" image files, at least with kernel and initrd) 59 59 + argv := []string{ 60 60 + // todo(dawn): ideally probably have "tiers" and let the spindle concile the tier using 61 61 + // what the user wants and what the user has exposed to them by the spindle operator? 62 62 + "-m", cfg.Memory, "-smp", fmt.Sprintf("%d", cfg.SMP), 63 63 + "-display", "none", "-monitor", "none", "-nodefaults", "-no-user-config", 64 64 + // use snapshot=on to do copy-on-write without having us manage qcow overlays manually 65 65 + "-drive", fmt.Sprintf("file=%s,media=disk,snapshot=on,if=virtio", img.Disk), 66 66 + "-drive", fmt.Sprintf("file=%s,media=cdrom", SeedISOPath(tempDir)), 67 67 + "-netdev", "user,id=net0", 68 68 + "-device", "virtio-net-pci,netdev=net0", 69 69 + "-qmp", fmt.Sprintf("unix:%s,server,nowait", qmpSock), 70 70 + "-chardev", fmt.Sprintf("socket,path=%s,server,nowait,id=qga0", qgaSock), 71 71 + "-device", "virtio-serial", 72 72 + "-device", "virtserialport,chardev=qga0,name=org.qemu.guest_agent.0", 73 73 + } 74 74 + 75 75 + if cfg.Dev { 76 76 + argv = append(argv, "-serial", "stdio") 77 77 + } else { 78 78 + argv = append(argv, "-serial", "none") 79 79 + } 80 80 + 81 81 + // support booting using qemu bios still, but otherwise we make it faster! 82 82 + // incase someone wants to do this for whatever reason... 83 83 + if img.Kernel != "" { 84 84 + argv = append(argv, "-kernel", img.Kernel) 85 85 + if img.Initrd != "" { 86 86 + argv = append(argv, "-initrd", img.Initrd) 87 87 + } 88 88 + if img.Cmdline != "" { 89 89 + argv = append(argv, "-append", img.Cmdline) 90 90 + } 91 91 + } else { 92 92 + argv = append(argv, "-boot", "order=c") 93 93 + } 94 94 + 95 95 + enableKVM := cfg.EnableKVM 96 96 + if _, err := os.Stat("/dev/kvm"); err != nil { 97 97 + if enableKVM { 98 98 + l.Warn("kvm was requested but /dev/kvm is not accessible; falling back to software emulation", "error", err) 99 99 + } 100 100 + enableKVM = false 101 101 + } 102 102 + if enableKVM { 103 103 + argv = append(argv, "-enable-kvm", "-cpu", "host") 104 104 + } 105 105 + 106 106 + // todo(dawn): same with above, we assume x86_64 here, but should allow other archs, 107 107 + // probably just auto detect as a default 108 108 + qemuCmd := exec.Command("qemu-system-x86_64", argv...) 109 109 + qemuCmd.Env = append(os.Environ(), "TMPDIR="+tempDir) 110 110 + qemuCmd.Stdout = os.Stdout 111 111 + qemuCmd.Stderr = os.Stderr 112 112 + 113 113 + startedBootAt := time.Now() 114 114 + if err := qemuCmd.Start(); err != nil { 115 115 + cleanup() 116 116 + return nil, fmt.Errorf("starting qemu: %w", err) 117 117 + } 118 118 + state.Process = qemuCmd.Process 119 119 + 120 120 + qmpCtx, cancelQmp := context.WithTimeout(ctx, 10*time.Second) 121 121 + defer cancelQmp() 122 122 + 123 123 + var mon *qmp.SocketMonitor 124 124 + // wait for qmp to be ready 125 125 + for { 126 126 + mon, err = qmp.NewSocketMonitor("unix", qmpSock, 2*time.Second) 127 127 + if err == nil { 128 128 + if err = mon.Connect(); err == nil { 129 129 + state.QMPMon = mon 130 130 + break 131 131 + } 132 132 + } 133 133 + select { 134 134 + case <-qmpCtx.Done(): 135 135 + cleanup() 136 136 + return nil, fmt.Errorf("qmp connect timeout: %w", err) 137 137 + case <-time.After(10 * time.Millisecond): 138 138 + } 139 139 + } 140 140 + 141 141 + status, err := state.QMPQueryStatus() 142 142 + if err != nil { 143 143 + cleanup() 144 144 + return nil, err 145 145 + } 146 146 + 147 147 + l.Info("qemu guest status", "status", status) 148 148 + if status != "running" { 149 149 + cleanup() 150 150 + return nil, fmt.Errorf("qemu guest not running (status: %s)", status) 151 151 + } 152 152 + 153 153 + qgaCtx, cancelQga := context.WithTimeout(ctx, time.Minute) 154 154 + defer cancelQga() 155 155 + 156 156 + // wait for guest agent to be ready (aka boot) 157 157 + for { 158 158 + if _, err := os.Stat(qgaSock); err == nil { 159 159 + pingCtx, cancelPing := context.WithTimeout(qgaCtx, 5*time.Second) 160 160 + err = state.QGAGuestPing(pingCtx) 161 161 + cancelPing() 162 162 + if err == nil { 163 163 + l.Info("vm booted and guest-agent ready", "elapsed", time.Since(startedBootAt).Round(time.Millisecond)) 164 164 + break 165 165 + } 166 166 + l.Debug("qga guest-ping failed", "error", err) 167 167 + } 168 168 + 169 169 + select { 170 170 + case <-qgaCtx.Done(): 171 171 + cleanup() 172 172 + return nil, fmt.Errorf("qga connect timeout: %w", err) 173 173 + case <-time.After(100 * time.Millisecond): 174 174 + } 175 175 + } 176 176 + 177 177 + return state, nil 178 178 + } 179 179 + 180 180 + func (s *VMState) Close() error { 181 181 + if s.QMPMon != nil { 182 182 + _ = s.QMPMon.Disconnect() 183 183 + } 184 184 + if s.Process != nil { 185 185 + _ = s.Process.Kill() 186 186 + } 187 187 + return nil 188 188 + } 189 189 + 190 190 + func (s *VMState) QMPRun(command qmp.Command) ([]byte, error) { 191 191 + b, err := json.Marshal(command) 192 192 + if err != nil { 193 193 + return nil, err 194 194 + } 195 195 + return s.QMPMon.Run(b) 196 196 + } 197 197 + 198 198 + // sends a command to the qemu guest agent and returns the response 199 199 + func (s *VMState) QGARun(ctx context.Context, command qmp.Command) ([]byte, error) { 200 200 + b, err := json.Marshal(command) 201 201 + if err != nil { 202 202 + return nil, err 203 203 + } 204 204 + 205 205 + conn, err := (&net.Dialer{}).DialContext(ctx, "unix", s.QGAPath) 206 206 + if err != nil { 207 207 + return nil, err 208 208 + } 209 209 + defer conn.Close() 210 210 + 211 211 + if dl, ok := ctx.Deadline(); ok { 212 212 + _ = conn.SetDeadline(dl) 213 213 + } 214 214 + 215 215 + if _, err := conn.Write(append(b, '\n')); err != nil { 216 216 + return nil, err 217 217 + } 218 218 + 219 219 + return bufio.NewReader(conn).ReadBytes('\n') 220 220 + } 221 221 + 222 222 + // query the qemu guest status 223 223 + func (s *VMState) QMPQueryStatus() (string, error) { 224 224 + raw, err := s.QMPRun(qmp.Command{Execute: "query-status"}) 225 225 + if err != nil { 226 226 + return "", fmt.Errorf("qmp query-status failed: %w", err) 227 227 + } 228 228 + 229 229 + var resp struct { 230 230 + Return struct { 231 231 + Status string `json:"status"` 232 232 + } `json:"return"` 233 233 + } 234 234 + if err := json.Unmarshal(raw, &resp); err != nil { 235 235 + return "", fmt.Errorf("qmp query-status parse: %w", err) 236 236 + } 237 237 + return resp.Return.Status, nil 238 238 + } 239 239 + 240 240 + // send a command to qemu to powerdown the guest gracefully 241 241 + func (s *VMState) QMPSystemPowerdown() error { 242 242 + _, err := s.QMPRun(qmp.Command{Execute: "system_powerdown"}) 243 243 + return err 244 244 + } 245 245 + 246 246 + // ping the guest agent to see if it's ready 247 247 + func (s *VMState) QGAGuestPing(ctx context.Context) error { 248 248 + _, err := s.QGARun(ctx, qmp.Command{Execute: "guest-ping"}) 249 249 + return err 250 250 + } 251 251 + 252 252 + // execute a command on the guest and return its pid 253 253 + func (s *VMState) QGAGuestExec(ctx context.Context, command string, env []string) (int, error) { 254 254 + cmdArgs := []string{s.Img.Shell, "-c", command} 255 255 + raw, err := s.QGARun(ctx, qmp.Command{ 256 256 + Execute: "guest-exec", 257 257 + Args: map[string]any{ 258 258 + "path": s.Img.Shell, 259 259 + "arg": cmdArgs[1:], 260 260 + "env": env, 261 261 + "capture-output": true, 262 262 + }, 263 263 + }) 264 264 + if err != nil { 265 265 + return 0, fmt.Errorf("qga guest-exec: %w", err) 266 266 + } 267 267 + 268 268 + var resp struct { 269 269 + Return struct { 270 270 + Pid int `json:"pid"` 271 271 + } `json:"return"` 272 272 + } 273 273 + if err := json.Unmarshal(raw, &resp); err != nil { 274 274 + return 0, fmt.Errorf("qga guest-exec parse: %w", err) 275 275 + } 276 276 + return resp.Return.Pid, nil 277 277 + } 278 278 + 279 279 + type GuestExecStatus struct { 280 280 + Exited bool 281 281 + ExitCode int 282 282 + // these are since the last time we asked for status 283 283 + OutData []byte 284 284 + ErrData []byte 285 285 + } 286 286 + 287 287 + // get the status of a command executed with guest-exec 288 288 + func (s *VMState) QGAGuestExecStatus(ctx context.Context, pid int) (GuestExecStatus, error) { 289 289 + var status GuestExecStatus 290 290 + raw, err := s.QGARun(ctx, qmp.Command{ 291 291 + Execute: "guest-exec-status", 292 292 + Args: map[string]any{"pid": pid}, 293 293 + }) 294 294 + if err != nil { 295 295 + return status, fmt.Errorf("qga guest-exec-status: %w", err) 296 296 + } 297 297 + 298 298 + var resp struct { 299 299 + Return struct { 300 300 + Exited bool `json:"exited"` 301 301 + ExitCode int `json:"exitcode"` 302 302 + OutData string `json:"out-data"` 303 303 + ErrData string `json:"err-data"` 304 304 + } `json:"return"` 305 305 + } 306 306 + if err := json.Unmarshal(raw, &resp); err != nil { 307 307 + return status, fmt.Errorf("qga guest-exec-status parse: %w", err) 308 308 + } 309 309 + 310 310 + status.Exited = resp.Return.Exited 311 311 + status.ExitCode = resp.Return.ExitCode 312 312 + if resp.Return.OutData != "" { 313 313 + status.OutData, _ = base64.StdEncoding.DecodeString(resp.Return.OutData) 314 314 + } 315 315 + if resp.Return.ErrData != "" { 316 316 + status.ErrData, _ = base64.StdEncoding.DecodeString(resp.Return.ErrData) 317 317 + } 318 318 + 319 319 + return status, nil 320 320 + }