system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-21 18:24:38 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Merge pull request #31430 from CodethinkLabs/vmspawn/machinectl_vmspawn_support

Browse source 
machinectl: initial vmspawn support
This commit is contained in:
Luca Boccassi 2024-02-29 11:27:02 +00:00 committed by GitHub
parent 836a06db0d f82dcc3fc3
commit 9b61d422ff
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 209 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
man/machinectl.xml
View file

@ -279,7 +279,7 @@
trigger a reboot by sending SIGINT to the container's init
process, which is roughly equivalent to pressing Ctrl+Alt+Del
on a non-containerized system, and is compatible with
containers running any system manager. Use <command>restart</command> as alias
containers running any system manager. Use <command>restart</command> as alias
for <command>reboot</command>.</para>
<xi:include href="version-info.xml" xpointer="v209"/></listitem>
@ -887,6 +887,24 @@
<xi:include href="version-info.xml" xpointer="v219"/></listitem>
</varlistentry>
<varlistentry>
<term><option>-V</option></term>
<term><option>--runner=</option><option>nspawn</option>|<option>vmspawn</option></term>
<listitem><para>When operating on machines choose whether to use
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
or
<citerefentry><refentrytitle>systemd-vmspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
By default
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
is used.
</para>
<para><option>-V</option> is a shorthand for <option>--runner=vmspawn</option>.</para>
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--now</option></term>

35
man/systemd-vmspawn.xml
View file

@ -274,6 +274,41 @@
<xi:include href="version-info.xml" xpointer="v255"/>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--uuid=</option></term>
<listitem><para>Set the specified UUID for the virtual machine. The
init system will initialize
<filename>/etc/machine-id</filename> from this if this file is
not set yet. Note that this option takes effect only if
<filename>/etc/machine-id</filename> in the virtual machine is
unpopulated.</para>
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>Property Options</title>
<variablelist>
<varlistentry>
<term><option>--register=</option></term>
<listitem><para>Controls whether the virtual machine is registered with
<citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>. Takes a
boolean argument, which defaults to <literal>yes</literal> when running as root, and <literal>no</literal> when
running as a regular user. This ensures that the virtual machine is accessible via
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
<para>Note: root privileges are required to use this option as registering with
<citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>
requires privileged D-Bus method calls.</para>
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry>
</variablelist>
</refsect2>

52
src/machine/machinectl.c
View file

@ -62,6 +62,25 @@
#include "verbs.h"
#include "web-util.h"
typedef enum MachineRunner {
RUNNER_NSPAWN,
RUNNER_VMSPAWN,
_RUNNER_MAX,
_RUNNER_INVALID = -EINVAL,
} MachineRunner;
static const char* const machine_runner_table[_RUNNER_MAX] = {
[RUNNER_NSPAWN] = "nspawn",
[RUNNER_VMSPAWN] = "vmspawn",
};
DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(machine_runner, MachineRunner);
static const char* const machine_runner_unit_prefix_table[_RUNNER_MAX] = {
[RUNNER_NSPAWN] = "systemd-nspawn",
[RUNNER_VMSPAWN] = "systemd-vmspawn",
};
static char **arg_property = NULL;
static bool arg_all = false;
static BusPrintPropertyFlags arg_print_flags = 0;
@ -81,6 +100,7 @@ static OutputMode arg_output = OUTPUT_SHORT;
static bool arg_now = false;
static bool arg_force = false;
static ImportVerify arg_verify = IMPORT_VERIFY_SIGNATURE;
static MachineRunner arg_runner = RUNNER_NSPAWN;
static const char* arg_format = NULL;
static const char *arg_uid = NULL;
static char **arg_setenv = NULL;
@ -1052,6 +1072,12 @@ static int kill_machine(int argc, char *argv[], void *userdata) {
}
static int reboot_machine(int argc, char *argv[], void *userdata) {
if (arg_runner == RUNNER_VMSPAWN)
return log_error_errno(
SYNTHETIC_ERRNO(EOPNOTSUPP),
"%s only support supported for --runner=nspawn",
streq(argv[0], "reboot") ? "Reboot" : "Restart");
arg_kill_whom = "leader";
arg_signal = SIGINT; /* sysvinit + systemd */
@ -1462,6 +1488,9 @@ static int edit_settings(int argc, char *argv[], void *userdata) {
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Edit is only supported on the host machine.");
if (arg_runner == RUNNER_VMSPAWN)
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Edit is only supported for --runner=nspawn");
r = mac_init();
if (r < 0)
return r;
@ -1525,6 +1554,9 @@ static int cat_settings(int argc, char *argv[], void *userdata) {
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Cat is only supported on the host machine.");
if (arg_runner == RUNNER_VMSPAWN)
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Cat is only supported for --runner=nspawn");
pager_open(arg_pager_flags);
STRV_FOREACH(name, strv_skip(argv, 1)) {
@ -1682,12 +1714,13 @@ static int make_service_name(const char *name, char **ret) {
assert(name);
assert(ret);
assert(arg_runner >= 0 && arg_runner < (MachineRunner) ELEMENTSOF(machine_runner_unit_prefix_table));
if (!hostname_is_valid(name, 0))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Invalid machine name %s.", name);
r = unit_name_build("systemd-nspawn", name, ".service", ret);
r = unit_name_build(machine_runner_unit_prefix_table[arg_runner], name, ".service", ret);
if (r < 0)
return log_error_errno(r, "Failed to build unit name: %m");
@ -2642,6 +2675,7 @@ static int help(int argc, char *argv[], void *userdata) {
" --force Download image even if already exists\n"
" --now Start or power off container after enabling or\n"
" disabling it\n"
" --runner=RUNNER Select between nspawn and vmspawn as the runner\n"
"\nSee the %2$s for details.\n",
program_invocation_short_name,
link,
@ -2665,6 +2699,7 @@ static int parse_argv(int argc, char *argv[]) {
ARG_MKDIR,
ARG_NO_ASK_PASSWORD,
ARG_VERIFY,
ARG_RUNNER,
ARG_NOW,
ARG_FORCE,
ARG_FORMAT,
@ -2692,6 +2727,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "output", required_argument, NULL, 'o' },
{ "no-ask-password", no_argument, NULL, ARG_NO_ASK_PASSWORD },
{ "verify", required_argument, NULL, ARG_VERIFY },
{ "runner", required_argument, NULL, ARG_RUNNER },
{ "now", no_argument, NULL, ARG_NOW },
{ "force", no_argument, NULL, ARG_FORCE },
{ "format", required_argument, NULL, ARG_FORMAT },
@ -2712,7 +2748,7 @@ static int parse_argv(int argc, char *argv[]) {
optind = 0;
for (;;) {
static const char option_string[] = "-hp:als:H:M:qn:o:E:";
static const char option_string[] = "-hp:als:H:M:qn:o:E:V";
c = getopt_long(argc, argv, option_string + reorder, options, NULL);
if (c < 0)
@ -2873,6 +2909,18 @@ static int parse_argv(int argc, char *argv[]) {
arg_verify = r;
break;
case 'V':
arg_runner = RUNNER_VMSPAWN;
break;
case ARG_RUNNER:
r = machine_runner_from_string(optarg);
if (r < 0)
return log_error_errno(r, "Failed to parse --runner= setting: %s", optarg);
arg_runner = r;
break;
case ARG_NOW:
arg_now = true;
break;

1
src/vmspawn/meson.build
View file

@ -5,6 +5,7 @@ libvmspawn_core_sources = files(
'vmspawn-util.c',
'vmspawn-scope.c',
'vmspawn-mount.c',
'vmspawn-register.c',
)
libvmspawn_core = static_library(
'vmspawn-core',

51
src/vmspawn/vmspawn-register.c Normal file
View file

@ -0,0 +1,51 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "sd-bus.h"
#include "sd-id128.h"
#include "bus-error.h"
#include "bus-locator.h"
#include "macro.h"
#include "process-util.h"
#include "string-util.h"
#include "vmspawn-register.h"
int register_machine(sd_bus *bus, const char *machine_name, sd_id128_t uuid, const char *service, const char *directory) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
int r;
assert(bus);
assert(machine_name);
assert(service);
r = bus_call_method(
bus,
bus_machine_mgr,
"RegisterMachine",
&error,
NULL,
"sayssus",
machine_name,
SD_BUS_MESSAGE_APPEND_ID128(uuid),
service,
"vm",
(uint32_t) getpid_cached(),
strempty(directory));
if (r < 0)
return log_error_errno(r, "Failed to register machine: %s", bus_error_message(&error, r));
return 0;
}
int unregister_machine(sd_bus *bus, const char *machine_name) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
int r;
assert(bus);
r = bus_call_method(bus, bus_machine_mgr, "UnregisterMachine", &error, NULL, "s", machine_name);
if (r < 0)
log_debug("Failed to unregister machine: %s", bus_error_message(&error, r));
return 0;
}

7
src/vmspawn/vmspawn-register.h Normal file
View file

@ -0,0 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "sd-bus.h"
#include "sd-id128.h"
int register_machine(sd_bus *bus, const char *machine_name, sd_id128_t uuid, const char *service, const char *directory);
int unregister_machine(sd_bus *bus, const char *machine_name);

1
src/vmspawn/vmspawn-settings.h
View file

@ -17,6 +17,7 @@ typedef enum ConsoleMode {
typedef enum SettingsMask {
SETTING_START_MODE = UINT64_C(1) << 0,
SETTING_MACHINE_ID = UINT64_C(1) << 6,
SETTING_BIND_MOUNTS = UINT64_C(1) << 11,
SETTING_DIRECTORY = UINT64_C(1) << 26,
SETTING_CREDENTIALS = UINT64_C(1) << 30,

45
src/vmspawn/vmspawn.c
View file

@ -57,6 +57,7 @@
#include "tmpfile-util.h"
#include "unit-name.h"
#include "vmspawn-mount.h"
#include "vmspawn-register.h"
#include "vmspawn-scope.h"
#include "vmspawn-settings.h"
#include "vmspawn-util.h"
@ -86,6 +87,8 @@ static char *arg_runtime_directory = NULL;
static char *arg_forward_journal = NULL;
static bool arg_runtime_directory_created = false;
static bool arg_privileged = false;
static bool arg_register = false;
static sd_id128_t arg_uuid = {};
static char **arg_kernel_cmdline_extra = NULL;
static char **arg_extra_drives = NULL;
static char *arg_background = NULL;
@ -139,6 +142,9 @@ static int help(void) {
" --firmware=PATH|list Select firmware definition file (or list available)\n"
"\n%3$sSystem Identity:%4$s\n"
" -M --machine=NAME Set the machine name for the VM\n"
" --uuid=UUID Set a specific machine UUID for the VM\n"
"\n%3$sProperties:%4$s\n"
" --register=BOOLEAN Register VM with systemd-machined\n"
"\n%3$sUser Namespacing:%4$s\n"
" --private-users=UIDBASE[:NUIDS]\n"
" Configure the UID/GID range to map into the\n"
@ -186,6 +192,8 @@ static int parse_argv(int argc, char *argv[]) {
ARG_INITRD,
ARG_QEMU_GUI,
ARG_NETWORK_USER_MODE,
ARG_UUID,
ARG_REGISTER,
ARG_BIND,
ARG_BIND_RO,
ARG_EXTRA_DRIVE,
@ -223,6 +231,8 @@ static int parse_argv(int argc, char *argv[]) {
{ "qemu-gui", no_argument, NULL, ARG_QEMU_GUI }, /* compat option */
{ "network-tap", no_argument, NULL, 'n' },
{ "network-user-mode", no_argument, NULL, ARG_NETWORK_USER_MODE },
{ "uuid", required_argument, NULL, ARG_UUID },
{ "register", required_argument, NULL, ARG_REGISTER },
{ "bind", required_argument, NULL, ARG_BIND },
{ "bind-ro", required_argument, NULL, ARG_BIND_RO },
{ "extra-drive", required_argument, NULL, ARG_EXTRA_DRIVE },
@ -372,6 +382,26 @@ static int parse_argv(int argc, char *argv[]) {
arg_network_stack = NETWORK_STACK_USER;
break;
case ARG_UUID:
r = id128_from_string_nonzero(optarg, &arg_uuid);
if (r == -ENXIO)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Machine UUID may not be all zeroes.");
if (r < 0)
return log_error_errno(r, "Invalid UUID: %s", optarg);
arg_settings_mask |= SETTING_MACHINE_ID;
break;
case ARG_REGISTER:
r = parse_boolean(optarg);
if (r < 0) {
log_error("Failed to parse --register= argument: %s", optarg);
return r;
}
arg_register = r;
break;
case ARG_BIND:
case ARG_BIND_RO:
r = runtime_mount_parse(&arg_runtime_mounts, optarg, c == ARG_BIND_RO);
@ -1093,6 +1123,12 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
if (r < 0)
return r;
if (arg_register) {
r = register_machine(bus, arg_machine, arg_uuid, trans_scope, arg_directory);
if (r < 0)
return r;
}
bool use_kvm = arg_kvm > 0;
if (arg_kvm < 0) {
r = qemu_check_kvm_support();
@ -1749,6 +1785,9 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
if (r < 0)
return log_error_errno(r, "Failed to run event loop: %m");
if (arg_register)
(void) unregister_machine(bus, arg_machine);
if (use_vsock) {
if (exit_status == INT_MAX) {
log_debug("Couldn't retrieve inner EXIT_STATUS from VSOCK");
@ -1827,6 +1866,9 @@ static int verify_arguments(void) {
if (!strv_isempty(arg_initrds) && !arg_linux)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --initrd= cannot be used without --linux=.");
if (arg_register && !arg_privileged)
return log_error_errno(SYNTHETIC_ERRNO(EPERM), "--register= requires root privileges, refusing.");
return 0;
}
@ -1838,6 +1880,9 @@ static int run(int argc, char *argv[]) {
arg_privileged = getuid() == 0;
/* don't attempt to register as a machine when running as a user */
arg_register = arg_privileged;
r = parse_argv(argc, argv);
if (r <= 0)
return r;