gvforwarder as a systemd service

vyasgun · vyasgun · commit 53cf03be6d95 · 2025-02-10T18:40:08.000+05:30
- Create a tap device using nmcli with a hardcoded mac address
- Start gvforwarder systemd service which will use this device

Signed-off-by: vyasgun &lt;vyasgun20@gmail.com&gt;
diff --git a/ci_microshift.sh b/ci_microshift.sh
@@ -10,6 +10,7 @@ sudo yum install -y make golang
 # Set the zstd compression level to 10 to have faster
 # compression while keeping a reasonable bundle size.
 export CRC_ZSTD_EXTRA_FLAGS="-10"
+
 ./createdisk.sh crc-tmp-install-data
 
 # Delete the crc domain which created by snc so it can created
diff --git a/createdisk.sh b/createdisk.sh
@@ -97,12 +97,40 @@ if podman manifest inspect quay.io/crcont/routes-controller:${OPENSHIFT_VERSION}
     image_tag=${OPENSHIFT_VERSION}
 fi
 
+# create the tap device interface with specified mac address
+# this mac address is used to allocate a specific IP to the VM
+# when tap device is in use.
+${SSH} core@${VM_IP} 'sudo bash -x -s' <<EOF
+  nmcli connection delete tap0
+  nmcli connection add type tun ifname tap0 con-name tap0 mode tap autoconnect yes 802-3-ethernet.cloned-mac-address 5A:94:EF:E4:0C:EE
+EOF
+
+
 # Add gvisor-tap-vsock service
 ${SSH} core@${VM_IP} 'sudo bash -x -s' <<EOF
-  podman create --name=gvisor-tap-vsock --privileged --net=host -v /etc/resolv.conf:/etc/resolv.conf -it quay.io/crcont/gvisor-tap-vsock:latest
-  podman generate systemd --restart-policy=no gvisor-tap-vsock > /etc/systemd/system/gvisor-tap-vsock.service
+  podman create --name=gvisor-tap-vsock quay.io/crcont/gvisor-tap-vsock:latest
+  podman cp gvisor-tap-vsock:/vm /usr/local/bin/gvforwarder
+  podman rm gvisor-tap-vsock
+  tee /etc/systemd/system/gv-user-network@.service <<TEE
+[Unit]
+Description=gvisor-tap-vsock Network Traffic Forwarder
+After=NetworkManager.service
+BindsTo=sys-devices-virtual-net-%i.device
+After=sys-devices-virtual-net-%i.device
+
+[Service]
+Environment=GV_VSOCK_PORT="1024"
+EnvironmentFile=-/etc/sysconfig/gv-user-network
+ExecStart=/usr/local/bin/gvforwarder -preexisting -iface %i -url vsock://2:\\\${GV_VSOCK_PORT}/connect -debug
+
+[Install]
+WantedBy=multi-user.target
+
+TEE
   systemctl daemon-reload
-  systemctl enable gvisor-tap-vsock.service
+  systemctl enable gv-user-network@tap0.service
+  systemctl start gv-user-network@tap0.service
+
 EOF
 
 # Add dummy crio-wipe service to instance
diff --git a/gv-user-network@.service b/gv-user-network@.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=gvisor-tap-vsock Network Traffic Forwarder
+After=NetworkManager.service
+BindsTo=sys-devices-virtual-net-%i.device
+After=sys-devices-virtual-net-%i.device
+[Service]
+Environment=GV_VSOCK_PORT="1024"
+EnvironmentFile=-/etc/sysconfig/gv-user-network
+ExecStart=/usr/libexec/podman/gvforwarder -preexisting -iface %i -url vsock://2:${GV_VSOCK_PORT}/connect
+[Install]
+WantedBy=multi-user.target
