Update gvisor-tap service by using nmcli and binary from container image by praveenkumar · Pull Request #673 · crc-org/snc

praveenkumar · 2023-03-24T12:25:08Z

This patch do following

Create a tap device using nmcli with a hard coded mac address, this mac address is mapped in the crc daemon lease which provide 192.168.127.2 IP address to the VM.
copy the vm binary from container image and put it to /usr/local/bin
modify gvisor-tap-vsock service to use the vm binary instead running the container using podman

openshift-ci · 2023-03-24T12:25:17Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from praveenkumar. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

praveenkumar · 2023-03-24T12:29:44Z

Trying this patch right now with microshift bundle and so far so good tried 3 time start/stop in loop and worked everytime have to test this in system mode networking and also for podman/openshift preset.

/hold

This patch do following - Create a tap device using nmcli with a hard coded mac address, this mac address is mapped in the crc daemon lease which provide `192.168.127.2` IP address to the VM. - copy the `vm` binary from container image and put it to /usr/local/bin - modify gvisor-tap-vsock service to use the `vm` binary instead running the container using podman

praveenkumar · 2023-03-27T10:25:13Z

With the current change now it takes around 40-50 sec extra. I have to dig more. ( still hold)

cfergeau

Had these comments around, never posted them apparently :(

cfergeau · 2023-03-28T07:56:32Z

createdisk.sh

+  podman create --name=gvisor-tap-vsock quay.io/crcont/gvisor-tap-vsock:latest
+  podman cp gvisor-tap-vsock:/vm /usr/local/bin/
+  podman rm gvisor-tap-vsock
+  tee /etc/systemd/system/gvisor-tap-vsock.service <<ETE


Does ETE have any special meaning/is this typical to use this?

first time I see this

cfergeau · 2023-03-28T08:01:09Z

createdisk.sh

+[Unit]
+Description=gvisor-tap-vsock traffic forwarder
+Wants=network-online.target
+After=network-online.target


When the network-online target is reached, it means the system has some kind of external network connectivity. In our bundles, with usermode networking, gvisor-tap-vsock is required before we have external network connectivity.
This unit file tells systemd to first wait for network-online.target, and then to start gvisor-tap-vsock.service, I don't think this is correct, the order should be the opposite.

cfergeau · 2023-04-18T15:13:19Z

containers/gvisor-tap-vsock#202 is exploring something similar.

cfergeau · 2023-04-24T10:59:37Z

I've done some work on this in https://github.com/cfergeau/snc/tree/gvisor_service
However for testing I used the podman branch and https://github.com/cfergeau/snc/tree/podman-gvisor-service , which worked fine. I'll have to test the openshift changes ^^

openshift-ci · 2025-02-07T17:30:42Z

@praveenkumar: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-snc	`45c5117`	link	true	`/test e2e-snc`
ci/prow/e2e-microshift	`45c5117`	link	true	`/test e2e-microshift`
ci/prow/e2e-microshift-arm	`45c5117`	link	true	`/test e2e-microshift-arm`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-merge-robot · 2025-02-07T17:30:50Z

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

praveenkumar · 2025-06-17T06:45:18Z

/close

This is done now.

openshift-ci · 2025-06-17T06:45:23Z

@praveenkumar: Closed this PR.

Details

In response to this:

/close

This is done now.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci bot requested review from anjannath and cfergeau March 24, 2023 12:25

openshift-ci bot added the do-not-merge/hold label Mar 24, 2023

praveenkumar force-pushed the gvisor_service branch from 87b7be3 to 45c5117 Compare March 27, 2023 09:23

cfergeau reviewed Apr 12, 2023

View reviewed changes

cfergeau mentioned this pull request Jan 21, 2025

gvforwarder as a systemd service #1003

Closed

openshift-merge-robot added the needs-rebase label Feb 7, 2025

openshift-ci bot closed this Jun 17, 2025

github-project-automation bot moved this from Hold to Done in Project planning: crc Jun 17, 2025

Conversation

praveenkumar commented Mar 24, 2023

Uh oh!

openshift-ci bot commented Mar 24, 2023

Uh oh!

praveenkumar commented Mar 24, 2023

Uh oh!

praveenkumar commented Mar 27, 2023

Uh oh!

cfergeau left a comment

Choose a reason for hiding this comment

Uh oh!

cfergeau Mar 28, 2023

Choose a reason for hiding this comment

Uh oh!

gbraad Nov 19, 2024

Choose a reason for hiding this comment

Uh oh!

cfergeau Mar 28, 2023

Choose a reason for hiding this comment

Uh oh!

cfergeau commented Apr 18, 2023

Uh oh!

cfergeau commented Apr 24, 2023

Uh oh!

openshift-ci bot commented Feb 7, 2025

Uh oh!

openshift-merge-robot commented Feb 7, 2025

Uh oh!

praveenkumar commented Jun 17, 2025

Uh oh!

openshift-ci bot commented Jun 17, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants