ignition: Start the http server directly over vsock

Currently, the ignition http server listens on a unix socket. The
network traffic is then tunneled over vsock.
However, as the http server runs in the vfkit process, we can
directly create a vsock listener to communicate with the VM.
This should be more efficient as this removes the tcpproxy layer, and
more importantly, this removes the creation of the on-disk unix socket,
which had a hardcoded name.

Signed-off-by: Christophe Fergeau <[email protected]>

Author: cfergeau

cmd/vfkit/main.go

@@ -197,13 +197,7 @@ func runVFKit(vmConfig *config.VirtualMachine, opts *cmdline.Options) error {
 func runVirtualMachine(vmConfig *config.VirtualMachine, vm *vf.VirtualMachine) error {
 	if vm.Config().Ignition != nil {
 		go func() {
-			file, err := os.Open(vmConfig.Ignition.ConfigPath)
-			if err != nil {
-				log.Error(err)
-			}
-			defer file.Close()
-			reader := file
-			if err := startIgnitionProvisionerServer(reader, vmConfig.Ignition.SocketPath); err != nil {
+			if err := startIgnitionProvisionerServer(vm, vmConfig.Ignition.ConfigPath, vmConfig.Ignition.VsockPort); err != nil {
 				log.Error(err)
 			}
 			log.Debug("ignition vsock server exited")
@@ -224,7 +218,7 @@ func runVirtualMachine(vmConfig *config.VirtualMachine, vm *vf.VirtualMachine) e
 		port := vsock.Port
 		socketURL := vsock.SocketURL
 		if socketURL == "" {
-			// the timesync code adds a vsock device without an associated URL.
+			// timesync and ignition add a vsock device without an associated URL.
 			continue
 		}
 		var listenStr string
@@ -277,22 +271,22 @@ func runVirtualMachine(vmConfig *config.VirtualMachine, vm *vf.VirtualMachine) e
 	return <-errCh
 }
 
-func startIgnitionProvisionerServer(ignitionPath string, ignitionSocketPath string) error {
-	ignitionReader, err := os.Open(ignitionPath)
+func startIgnitionProvisionerServer(vm *vf.VirtualMachine, configPath string, vsockPort uint32) error {
+	ignitionReader, err := os.Open(configPath)
 	if err != nil {
 		return err
 	}
 	defer ignitionReader.Close()
 
-	listener, err := net.Listen("unix", ignitionSocketPath)
+	vsockDevices := vm.SocketDevices()
+	if len(vsockDevices) != 1 {
+		return fmt.Errorf("VM has too many/not enough virtio-vsock devices (%d)", len(vsockDevices))
+	}
+	listener, err := vsockDevices[0].Listen(vsockPort)
 	if err != nil {
 		return err
 	}
 
-	util.RegisterExitHandler(func() {
-		os.Remove(ignitionSocketPath)
-	})
-
 	defer func() {
 		if err := listener.Close(); err != nil {
 			log.Error(err)

pkg/config/config.go

@@ -16,7 +16,6 @@ import (
 	"math"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"strconv"
 	"strings"
 
@@ -43,7 +42,8 @@ type TimeSync struct {
 
 type Ignition struct {
 	ConfigPath string `json:"configPath"`
-	SocketPath string `json:"socketPath"`
+	SocketPath string `json:"socketPath,omitempty"`
+	VsockPort  uint32 `json:"-"`
 }
 
 // The VMComponent interface represents a VM element (device, bootloader, ...)
@@ -54,8 +54,9 @@ type VMComponent interface {
 }
 
 const (
-	ignitionVsockPort  uint   = 1024
-	ignitionSocketName string = "ignition.sock"
+	// the ignition vsock port is hardcoded to 1024 in ignition source code:
+	// https://github.com/coreos/ignition/blob/d4ff84b2c28a28ad828b974befe3575563faacdd/internal/providers/applehv/applehv.go#L59-L68
+	ignitionVsockPort uint32 = 1024
 )
 
 // NewVirtualMachine creates a new VirtualMachine instance. The virtual machine
@@ -222,13 +223,13 @@ func (vm *VirtualMachine) TimeSync() *TimeSync {
 	return vm.Timesync
 }
 
-func IgnitionNew(configPath string, socketPath string) (*Ignition, error) {
-	if configPath == "" || socketPath == "" {
+func IgnitionNew(configPath string, _ string) (*Ignition, error) {
+	if configPath == "" {
 		return nil, fmt.Errorf("config path and socket path cannot be empty")
 	}
 	return &Ignition{
 		ConfigPath: configPath,
-		SocketPath: socketPath,
+		VsockPort:  ignitionVsockPort,
 	}, nil
 }
 
@@ -241,13 +242,7 @@ func (vm *VirtualMachine) AddIgnitionFileFromCmdLine(cmdlineOpts string) error {
 		return fmt.Errorf("ignition only accepts one option in command line argument")
 	}
 
-	socketPath := filepath.Join(os.TempDir(), ignitionSocketName)
-	dev, err := VirtioVsockNew(ignitionVsockPort, socketPath, true)
-	if err != nil {
-		return err
-	}
-	vm.Devices = append(vm.Devices, dev)
-	ignition, err := IgnitionNew(opts[0], socketPath)
+	ignition, err := IgnitionNew(opts[0], "")
 	if err != nil {
 		return err
 	}

pkg/config/config_test.go

@@ -20,9 +20,8 @@ func TestAddIgnitionFile_OneOption(t *testing.T) {
 	vm := &VirtualMachine{}
 	err := vm.AddIgnitionFileFromCmdLine("file1")
 	require.NoError(t, err)
-	assert.Len(t, vm.Devices, 1)
-	assert.Equal(t, uint32(ignitionVsockPort), vm.Devices[0].(*VirtioVsock).Port)
 	assert.Equal(t, "file1", vm.Ignition.ConfigPath)
+	assert.Equal(t, ignitionVsockPort, vm.Ignition.VsockPort)
 }
 
 func TestNetworkBlockDevice(t *testing.T) {

pkg/config/json_test.go

@@ -91,9 +91,10 @@ var jsonTests = map[string]jsonTest{
 			ignition, err := IgnitionNew("config", "socket")
 			require.NoError(t, err)
 			vm.Ignition = ignition
+			ignition.VsockPort = 0 // slight hack for the test to pass as VsockPort is not serialized
 			return vm
 		},
-		expectedJSON: `{"vcpus":3,"memoryBytes":4194304000,"bootloader":{"kind":"linuxBootloader","vmlinuzPath":"/vmlinuz","initrdPath":"/initrd","kernelCmdLine":"console=hvc0"}, "ignition":{"kind":"ignition","configPath":"config","socketPath":"socket"}}`,
+		expectedJSON: `{"vcpus":3,"memoryBytes":4194304000,"bootloader":{"kind":"linuxBootloader","vmlinuzPath":"/vmlinuz","initrdPath":"/initrd","kernelCmdLine":"console=hvc0"}, "ignition":{"kind":"ignition","configPath":"config"}}`,
 	},
 	"TestVirtioRNG": {
 		newVM: func(t *testing.T) *VirtualMachine {

pkg/vf/vm.go

@@ -148,6 +148,17 @@ func (cfg *VirtualMachineConfiguration) toVz() (*vz.VirtualMachineConfiguration,
 		}
 	}
 
+	if cfg.config.Ignition != nil && cfg.config.Ignition.VsockPort != 0 {
+		// automatically add the vsock device we'll need for communication over VsockPort
+		vsockDev := VirtioVsock{
+			Port:   cfg.config.Ignition.VsockPort,
+			Listen: false,
+		}
+		if err := vsockDev.AddToVirtualMachineConfig(cfg); err != nil {
+			return nil, err
+		}
+	}
+
 	cfg.SetStorageDevicesVirtualMachineConfiguration(cfg.storageDevicesConfiguration)
 	cfg.SetDirectorySharingDevicesVirtualMachineConfiguration(cfg.directorySharingDevicesConfiguration)
 	cfg.SetPointingDevicesVirtualMachineConfiguration(cfg.pointingDevicesConfiguration)