machine: add vfkit timesync device for Apple VMs#28527
machine: add vfkit timesync device for Apple VMs#28527vyasgun wants to merge 2 commits intocontainers:mainfrom
Conversation
Fixes: containers#28345 Signed-off-by: Gunjan Vyas <vyasgun20@gmail.com>
vyasgun
force-pushed
the
pr/krunkit-timesync
branch
from
8726ab7 to
8a97ed3
Compare
|
@vyasgun thanks for the PR! Our CI is barking as there's no test to go along with the change. Would that be possible to add? Otherwise, LGTM |
| } | ||
| vm.Devices = append(vm.Devices, mounts...) | ||
|
|
||
| timesync, err := vfConfig.TimeSyncNew(1234) |
There was a problem hiding this comment.
Please consider using a named constant for the port
|
I dunno if testing for this one is particularly reasonable - hard to validate proper date/time stuff in my experience. I'm going to add No New Tests. |
|
@vyasgun machine e2e tests are failing on macOS with libkrun. You can try to reproduce the problem locally using |
|
I started with the takeover of the podman-machine-os PR. And I think it would be good to add this for QEMU, to benefit from this on linux. @vyasgun, can you do updates, or can I take over this PR too? I think it would be good to finish this to get this into Podman 6.1. |
|
@l0rd I suspect the e2e failures on CI are from an older krunkit (need I updated |
|
@Honny1 I have updated this PR with the suggested changes |
|
@vyasgun CI is failing at code validation, and the machine tests aren't executed. To avoid that, you can use |
… version Signed-off-by: Gunjan Vyas <vyasgun20@gmail.com>
vyasgun
force-pushed
the
pr/krunkit-timesync
branch
from
dd54fd3 to
4e3b715
Compare
|
I think the failures are flakes? Restarted the bunch. |
|
@vyasgun your suspect was correct: the |
|
The macos worker pool uses brew to install the runtime deps IF the update is not in brew we will not consume it |
|
Overall this looks like something we need some basic tests? The fact that this passes with the machine-os change seems concerning, we need some way to confirm the socket is actually active and can be used to talk to the host hypertvisor otherwise how do we ever catch regressions in qemu/kruntkit/vfkit or our own code around this... |
Install qemu-guest-agent and configure it to listen on vsock port 1234 (matching the constant in containers/podman). The service is gated by a DMI sys_vendor check (ExecCondition) so it only runs on Podman machine providers that expose the vsock channel: vfkit (Apple Inc.), libkrun (Libkrun), and qemu (QEMU). A custom SELinux module allows virt_qemu_ga_t to use vsock sockets. Related PR: containers/podman#28527 Replace: containers#175 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Honny1
left a comment
Honny1
left a comment
There was a problem hiding this comment.
Should we also wire an explicit qemu-ga vsock unix socket (e.g. <name>-qemu-ga.sock) in addition to --timesync? That would give us a concrete host endpoint to test and debug, and helps prevent regressions around guest-agent connectivity.
| const applehvMACAddress = "5a:94:ef:e4:0c:ee" | ||
| const ( | ||
| applehvMACAddress = "5a:94:ef:e4:0c:ee" | ||
| timeSyncVsockPort = 1234 |
There was a problem hiding this comment.
I think this should be shared in pkg/machine/define.
Install qemu-guest-agent and configure it to listen on vsock port 1234 (matching the constant in containers/podman). The service is gated by a DMI sys_vendor check (ExecCondition) so it only runs on Podman machine providers that expose the vsock channel: vfkit (Apple Inc.), libkrun (Libkrun), and qemu (QEMU). A custom SELinux module allows virt_qemu_ga_t to use vsock sockets. Related PR: containers/podman#28527 Replace: containers#175 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Install qemu-guest-agent and configure it to listen on vsock port 1234 (matching the constant in containers/podman). The service is gated by a DMI sys_vendor check (ExecCondition) so it only runs on Podman machine providers that expose the vsock channel: vfkit (Apple Inc.), libkrun (Libkrun), and qemu (QEMU). A custom SELinux module allows virt_qemu_ga_t to use vsock sockets. Related PR: containers/podman#28527 Replace: containers#175 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
|
Anyway, I tested that with an image from containers/podman-machine-os#238. And the time is correctly synchronized. |
Install qemu-guest-agent and configure it to listen on vsock port 1234 (matching the constant in containers/podman). The service is gated by a DMI sys_vendor check (ExecCondition) so it only runs on Podman machine providers that expose the vsock channel: vfkit (Apple Inc.), libkrun (Libkrun), and qemu (QEMU). A custom SELinux module allows virt_qemu_ga_t to use vsock sockets. Related PR: containers/podman#28527 Replace: containers#175 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Looks like the brew "repo" for krunkit changed, |
And |
Install qemu-guest-agent and configure it to listen on vsock port 1234 (matching the constant in containers/podman). The service is gated by a DMI sys_vendor check (ExecCondition) so it only runs on Podman machine providers that expose the vsock channel: vfkit (Apple Inc.), libkrun (Libkrun), and qemu (QEMU). A custom SELinux module allows virt_qemu_ga_t to use vsock sockets. Related PR: containers/podman#28527 Replace: containers#175 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
8 participants
Checklist
Ensure you have completed the following checklist for your pull request to be reviewed:
commits. (
git commit -s). (If needed, usegit commit -s --amend). The author email must matchthe sign-off email address. See CONTRIBUTING.md
for more information.
Fixes: #00000in commit message (if applicable)make validatepr(format/lint checks)Noneif no user-facing changes)Does this PR introduce a user-facing change?
Related PR: containers/podman-machine-os#175