gvforwarder as a systemd service #1003
Conversation
|
Skipping CI for Draft Pull Request. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/test all |
|
I'd recommend also picking up the changes from https://github.com/cfergeau/snc/commits/gvisor_service/ which update the unit files used in the PR to use a unit file close to https://github.com/containers/gvisor-tap-vsock/tree/main/contrib/systemd With the current code, I still have this question/concern #673 (comment) |
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
from
fb9c40e to
6278601
Compare
|
/retest |
1 similar comment
|
/retest |
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
from
04595ac to
24924c0
Compare
|
/retest |
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
from
24924c0 to
327901a
Compare
|
/retest |
1 similar comment
|
/retest |
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
from
327901a to
5264a19
Compare
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
from
ccc602e to
4e0a92e
Compare
|
/retest |
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
from
4e0a92e to
a999631
Compare
|
/retest |
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
from
a999631 to
d1501b4
Compare
|
/retest |
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
2 times, most recently
from
b83b47e to
53cf03b
Compare
vyasgun
changed the title
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
from
53cf03b to
6cf746e
Compare
|
/test e2e-snc |
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
from
6cf746e to
abece15
Compare
- Create a tap device using nmcli with a hardcoded mac address - Start gvforwarder systemd service which will use this device Signed-off-by: vyasgun <vyasgun20@gmail.com>
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
from
abece15 to
cf5affc
Compare
| # when tap device is in use. | ||
| ${SSH} core@${VM_IP} 'sudo bash -x -s' <<EOF | ||
| nmcli connection add type tun ifname tap0 con-name tap0 mode tap autoconnect yes 802-3-ethernet.cloned-mac-address 5A:94:EF:E4:0C:EE | ||
| EOF |
There was a problem hiding this comment.
Isn't this equivalent to ${SSH} core@${VM_IP} 'sudo nmcli connection add type tun ifname tap0 con-name tap0 mode tap autoconnect yes 802-3-ethernet.cloned-mac-address 5A:94:EF:E4:0C:EE'?
There was a problem hiding this comment.
In short; you are questioning why this needs to be wrapped in a sudo bash -x -s.
Would otherwise an error occur? I do not see characters that would be wrongly interpreted by the host shell (like zsh could do).
@anjannath How was this solved for the self-sufficient bundle?
There was a problem hiding this comment.
this is not being changed for the self-sufficient bundle, its been tested with the existing situation which is that there is a container image which runs the gvforwarder and that container also has a dhcp client script which configures the interface using the dhcp service from gvisor-tap-vsock
There was a problem hiding this comment.
i think we can also scp the NetworkManger config file to /etc/NetworkManager/system-connections instead of running nmcli commands, there's a config file in: https://github.com/containers/gvisor-tap-vsock/blob/main/contrib/networkmanager/vsock0.nmconnection
[connection]
id=tap0
type=tun
autoconnect=true
interface-name=tap0
[tun]
mode=2
[802-3-ethernet]
cloned-mac-address=5A:94:EF:E4:0C:EE
[ipv4]
method=auto
[proxy]
|
@praveenkumar can you take a look at this PR? you also looked into this in the past. |
| systemctl daemon-reload | ||
| systemctl enable gvisor-tap-vsock.service | ||
| systemctl enable gv-user-network@tap0.service |
There was a problem hiding this comment.
... I like how this can be targeted with %i, but this 'depends' on actions performed previously by creating this device.
For this increment, this would work. But most likely would change with the self-sufficient bundle.
There was a problem hiding this comment.
The nmcli command creates a Network Manager configuration file in the bundle, the self-sufficient bundle should be similar from that perspective?
| # when tap device is in use. | ||
| ${SSH} core@${VM_IP} 'sudo bash -x -s' <<EOF | ||
| nmcli connection add type tun ifname tap0 con-name tap0 mode tap autoconnect yes 802-3-ethernet.cloned-mac-address 5A:94:EF:E4:0C:EE | ||
| EOF |
There was a problem hiding this comment.
In short; you are questioning why this needs to be wrapped in a sudo bash -x -s.
Would otherwise an error occur? I do not see characters that would be wrongly interpreted by the host shell (like zsh could do).
@anjannath How was this solved for the self-sufficient bundle?
In a way the creation of the tap is part of a systemd unit, it's added to NetworkManager configuration files, which is started through systemd. |
vyasgun
force-pushed
the
spike/gvforwarder-service
branch
from
f4bab4e to
cf5affc
Compare
|
@vyasgun: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/close this is taken care by #1052 |
|
@praveenkumar: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
github-project-automation
bot
moved this from Ready for review
to Done
in Project planning: crc
Based on the following code:
#673
cfergeau@03a4054