gvforwarder as a systemd service by vyasgun · Pull Request #1003 · crc-org/snc

vyasgun · 2025-01-21T07:02:06Z

Create a tap device using nmcli with a hardcoded mac address
Start gvforwarder systemd service which will use this device

Based on the following code:
#673
cfergeau@03a4054

openshift-ci · 2025-01-21T07:02:10Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

openshift-ci · 2025-01-21T07:02:12Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign gbraad for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

vyasgun · 2025-01-21T07:02:17Z

/test all

cfergeau · 2025-01-21T08:57:33Z

I'd recommend also picking up the changes from https://github.com/cfergeau/snc/commits/gvisor_service/ which update the unit files used in the PR to use a unit file close to https://github.com/containers/gvisor-tap-vsock/tree/main/contrib/systemd

With the current code, I still have this question/concern #673 (comment)

vyasgun · 2025-01-22T03:17:07Z

/retest

vyasgun · 2025-01-23T04:39:35Z

/retest

vyasgun · 2025-01-23T06:21:46Z

/retest

vyasgun · 2025-01-24T06:59:33Z

/retest

vyasgun · 2025-01-24T08:26:57Z

/retest

vyasgun · 2025-01-27T11:23:29Z

/retest

vyasgun · 2025-01-28T05:43:25Z

/retest

vyasgun · 2025-02-03T10:37:47Z

/retest

vyasgun · 2025-02-06T07:43:49Z

/retest

vyasgun · 2025-02-06T08:36:17Z

/retest

vyasgun · 2025-02-06T09:31:13Z

/retest

vyasgun · 2025-02-07T08:47:16Z

/retest

vyasgun · 2025-02-07T13:15:37Z

/retest

vyasgun · 2025-02-10T10:27:29Z

/retest

createdisk.sh

cfergeau

Looks good to me, thanks a lot for putting this into shape/testing it.

gv-user-network@.service

vyasgun · 2025-02-11T03:35:29Z

/test e2e-snc

- Create a tap device using nmcli with a hardcoded mac address - Start gvforwarder systemd service which will use this device Signed-off-by: vyasgun <vyasgun20@gmail.com>

cfergeau · 2025-02-11T08:53:46Z

createdisk.sh

+# when tap device is in use.
+${SSH} core@${VM_IP} 'sudo bash -x -s' <<EOF
+  nmcli connection add type tun ifname tap0 con-name tap0 mode tap autoconnect yes 802-3-ethernet.cloned-mac-address 5A:94:EF:E4:0C:EE
+EOF


Isn't this equivalent to ${SSH} core@${VM_IP} 'sudo nmcli connection add type tun ifname tap0 con-name tap0 mode tap autoconnect yes 802-3-ethernet.cloned-mac-address 5A:94:EF:E4:0C:EE'?

In short; you are questioning why this needs to be wrapped in a sudo bash -x -s.
Would otherwise an error occur? I do not see characters that would be wrongly interpreted by the host shell (like zsh could do).

@anjannath How was this solved for the self-sufficient bundle?

this is not being changed for the self-sufficient bundle, its been tested with the existing situation which is that there is a container image which runs the gvforwarder and that container also has a dhcp client script which configures the interface using the dhcp service from gvisor-tap-vsock

i think we can also scp the NetworkManger config file to /etc/NetworkManager/system-connections instead of running nmcli commands, there's a config file in: https://github.com/containers/gvisor-tap-vsock/blob/main/contrib/networkmanager/vsock0.nmconnection

[connection] id=tap0 type=tun autoconnect=true interface-name=tap0 [tun] mode=2 [802-3-ethernet] cloned-mac-address=5A:94:EF:E4:0C:EE [ipv4] method=auto [proxy]

cfergeau · 2025-02-11T08:54:38Z

@praveenkumar can you take a look at this PR? you also looked into this in the past.

gbraad

I would approve, but I question the use of the command... first why invoked like this... though, even ... why is the creation of the tap not part of a systemd unit by itself? As in that case you can depend on it...

gbraad · 2025-02-17T05:00:33Z

createdisk.sh

+TEE
  systemctl daemon-reload
-  systemctl enable gvisor-tap-vsock.service
+  systemctl enable gv-user-network@tap0.service


... I like how this can be targeted with %i, but this 'depends' on actions performed previously by creating this device.

For this increment, this would work. But most likely would change with the self-sufficient bundle.

The nmcli command creates a Network Manager configuration file in the bundle, the self-sufficient bundle should be similar from that perspective?

gbraad · 2025-02-17T05:03:00Z

createdisk.sh

+# when tap device is in use.
+${SSH} core@${VM_IP} 'sudo bash -x -s' <<EOF
+  nmcli connection add type tun ifname tap0 con-name tap0 mode tap autoconnect yes 802-3-ethernet.cloned-mac-address 5A:94:EF:E4:0C:EE
+EOF


In short; you are questioning why this needs to be wrapped in a sudo bash -x -s.
Would otherwise an error occur? I do not see characters that would be wrongly interpreted by the host shell (like zsh could do).

@anjannath How was this solved for the self-sufficient bundle?

cfergeau · 2025-02-17T10:31:13Z

why is the creation of the tap not part of a systemd unit by itself? As in that case you can depend on it...

In a way the creation of the tap is part of a systemd unit, it's added to NetworkManager configuration files, which is started through systemd.
The gv-user-network unit has dependencies on the network device:

After=NetworkManager.service
BindsTo=sys-devices-virtual-net-%i.device
After=sys-devices-virtual-net-%i.device

createdisk.sh

openshift-ci · 2025-04-29T12:23:02Z

@vyasgun: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-snc	`cf5affc`	link	true	`/test e2e-snc`
ci/prow/e2e-microshift	`cf5affc`	link	true	`/test e2e-microshift`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

praveenkumar · 2025-05-16T06:03:18Z

/close

this is taken care by #1052

openshift-ci · 2025-05-16T06:03:23Z

@praveenkumar: Closed this PR.

Details

In response to this:

/close

this is taken care by #1052

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci bot added the do-not-merge/work-in-progress label Jan 21, 2025

vyasgun force-pushed the spike/gvforwarder-service branch from fb9c40e to 6278601 Compare January 21, 2025 09:54

vyasgun force-pushed the spike/gvforwarder-service branch from 04595ac to 24924c0 Compare January 23, 2025 06:21

vyasgun force-pushed the spike/gvforwarder-service branch from 24924c0 to 327901a Compare January 24, 2025 06:40

vyasgun force-pushed the spike/gvforwarder-service branch from 327901a to 5264a19 Compare January 27, 2025 11:23

cfergeau assigned vyasgun Feb 5, 2025

vyasgun force-pushed the spike/gvforwarder-service branch from ccc602e to 4e0a92e Compare February 7, 2025 08:47

vyasgun force-pushed the spike/gvforwarder-service branch from 4e0a92e to a999631 Compare February 7, 2025 13:15

vyasgun force-pushed the spike/gvforwarder-service branch from a999631 to d1501b4 Compare February 10, 2025 10:26

vyasgun force-pushed the spike/gvforwarder-service branch 2 times, most recently from b83b47e to 53cf03b Compare February 10, 2025 13:10

vyasgun changed the title ~~[WIP] [Spike] gvforwarder as a systemd service~~ gvforwarder as a systemd service Feb 10, 2025

vyasgun marked this pull request as ready for review February 10, 2025 13:17

openshift-ci bot removed the do-not-merge/work-in-progress label Feb 10, 2025

openshift-ci bot requested review from gbraad and praveenkumar February 10, 2025 13:17

vyasgun force-pushed the spike/gvforwarder-service branch from 53cf03b to 6cf746e Compare February 10, 2025 13:41

cfergeau reviewed Feb 10, 2025

View reviewed changes

createdisk.sh Outdated Show resolved Hide resolved

cfergeau reviewed Feb 10, 2025

View reviewed changes

gv-user-network@.service Outdated Show resolved Hide resolved

vyasgun force-pushed the spike/gvforwarder-service branch from 6cf746e to abece15 Compare February 11, 2025 03:37

gvforwarder as a systemd service

cf5affc

- Create a tap device using nmcli with a hardcoded mac address - Start gvforwarder systemd service which will use this device Signed-off-by: vyasgun <vyasgun20@gmail.com>

vyasgun force-pushed the spike/gvforwarder-service branch from abece15 to cf5affc Compare February 11, 2025 03:38

cfergeau reviewed Feb 11, 2025

View reviewed changes

gbraad reviewed Feb 17, 2025

View reviewed changes

praveenkumar reviewed Feb 25, 2025

View reviewed changes

createdisk.sh Show resolved Hide resolved

vyasgun force-pushed the spike/gvforwarder-service branch from f4bab4e to cf5affc Compare February 26, 2025 10:17

praveenkumar changed the base branch from release-4.17 to release-4.18 April 29, 2025 11:31

praveenkumar changed the base branch from release-4.18 to release-4.17 April 29, 2025 11:31

cfergeau mentioned this pull request Apr 30, 2025

gvforwarder as a systemd service #1052

Merged

openshift-ci bot closed this May 16, 2025

github-project-automation bot moved this from Ready for review to Done in Project planning: crc May 16, 2025

Conversation

vyasgun commented Jan 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci bot commented Jan 21, 2025

Uh oh!

openshift-ci bot commented Jan 21, 2025

Uh oh!

vyasgun commented Jan 21, 2025

Uh oh!

cfergeau commented Jan 21, 2025

Uh oh!

vyasgun commented Jan 22, 2025

Uh oh!

vyasgun commented Jan 23, 2025

Uh oh!

vyasgun commented Jan 23, 2025

Uh oh!

vyasgun commented Jan 24, 2025

Uh oh!

vyasgun commented Jan 24, 2025

Uh oh!

vyasgun commented Jan 27, 2025

Uh oh!

vyasgun commented Jan 28, 2025

Uh oh!

vyasgun commented Feb 3, 2025

Uh oh!

vyasgun commented Feb 6, 2025

Uh oh!

vyasgun commented Feb 6, 2025

Uh oh!

vyasgun commented Feb 6, 2025

Uh oh!

vyasgun commented Feb 7, 2025

Uh oh!

vyasgun commented Feb 7, 2025

Uh oh!

vyasgun commented Feb 10, 2025

Uh oh!

Uh oh!

cfergeau left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

vyasgun commented Feb 11, 2025

Uh oh!

cfergeau Feb 11, 2025

Choose a reason for hiding this comment

Uh oh!

gbraad Feb 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

anjannath Feb 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

anjannath Feb 17, 2025

Choose a reason for hiding this comment

Uh oh!

cfergeau commented Feb 11, 2025

Uh oh!

gbraad left a comment

Choose a reason for hiding this comment

Uh oh!

gbraad Feb 17, 2025

Choose a reason for hiding this comment

Uh oh!

gbraad Feb 17, 2025

Choose a reason for hiding this comment

Uh oh!

cfergeau Feb 17, 2025

Choose a reason for hiding this comment

Uh oh!

gbraad Feb 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

cfergeau commented Feb 17, 2025

vyasgun commented Jan 21, 2025 •

edited

Loading

gbraad Feb 17, 2025 •

edited

Loading

anjannath Feb 17, 2025 •

edited

Loading

gbraad Feb 17, 2025 •

edited

Loading