feat: add finch-daemon (runfinch#1181)

* feat: add finch-daemon

Signed-off-by: Justin Alvarez <[email protected]>

* cleanup service file

Signed-off-by: Justin Alvarez <[email protected]>

* fix submodule

Signed-off-by: Justin Alvarez <[email protected]>

* add e2e smoke-test for finch-daemon

Signed-off-by: Justin Alvarez <[email protected]>

* match submodule commit in main branch

Signed-off-by: Justin Alvarez <[email protected]>

* add newline

Signed-off-by: Justin Alvarez <[email protected]>

* go mod tidy

Signed-off-by: Justin Alvarez <[email protected]>

* fix lint

Signed-off-by: Justin Alvarez <[email protected]>

* replace broken go.openconcensus.io package

Signed-off-by: Justin Alvarez <[email protected]>

* temporary fix for go.opencensus.io issue

Signed-off-by: Justin Alvarez <[email protected]>

* remove go.openconcensus.io workarounds

Signed-off-by: Justin Alvarez <[email protected]>

* remove custom DefaultLimitNOFILE

Signed-off-by: Justin Alvarez <[email protected]>

* add daemon test target

Signed-off-by: Justin Alvarez <[email protected]>

* fix test command

Signed-off-by: Justin Alvarez <[email protected]>

* update finch-core

Signed-off-by: Justin Alvarez <[email protected]>

* temporarily update finch-daemon remote tracking branch

Signed-off-by: Justin Alvarez <[email protected]>

* ensure vm state

Signed-off-by: Justin Alvarez <[email protected]>

* typo

Signed-off-by: Justin Alvarez <[email protected]>

* typo

Signed-off-by: Justin Alvarez <[email protected]>

* add "force" flag so commands exit silently

Signed-off-by: Justin Alvarez <[email protected]>

* make vm logic smarter

Signed-off-by: Justin Alvarez <[email protected]>

* temporarily disable non-daemon CI

Signed-off-by: Justin Alvarez <[email protected]>

* fix vm logic

Signed-off-by: Justin Alvarez <[email protected]>

* update finch-core

Signed-off-by: Justin Alvarez <[email protected]>

* update test command to use new finch-daemon variables

Signed-off-by: Justin Alvarez <[email protected]>

* temporarily switch tracking branch until finch-daemon changes are merged

Signed-off-by: Justin Alvarez <[email protected]>

* update finch-core to track latest finch-daemon commit

Signed-off-by: Justin Alvarez <[email protected]>

* remove create-report-dir (naming scheme is broken)

Signed-off-by: Justin Alvarez <[email protected]>

* re-add temporarily removed tests

Signed-off-by: Justin Alvarez <[email protected]>

* re-add macOS tests

Signed-off-by: Justin Alvarez <[email protected]>

* remove extra whitespace

Signed-off-by: Justin Alvarez <[email protected]>

* resolve finch-core conflict

Signed-off-by: Justin Alvarez <[email protected]>

* fix the conditional addition of the daemon mount

Signed-off-by: Justin Alvarez <[email protected]>

* increase test timeout

Signed-off-by: Justin Alvarez <[email protected]>

---------

Signed-off-by: Justin Alvarez <[email protected]>

Author: pendo324

.github/workflows/ci.yaml

@@ -173,7 +173,7 @@ jobs:
       fail-fast: false
       matrix:
         version: ['13', '14']
-        test-command: ['test-e2e-vm-serial', 'test-e2e-container']
+        test-command: ['test-e2e-vm-serial', 'test-e2e-container', 'test-e2e-daemon']
         arch: ['X64', 'arm64']
         runner-type: ['test']
     uses: ./.github/workflows/e2e-macos.yaml

.github/workflows/e2e-macos.yaml

@@ -35,7 +35,7 @@ jobs:
         "${{ inputs.version }}",
         "${{ inputs.runner-type }}",
       ]
-    timeout-minutes: 60
+    timeout-minutes: 80
     outputs:
       has_creds: ${{ steps.vars.outputs.has_creds}}
       vm_report: ${{ steps.set-multiple-vars.outputs.VM_REPORT }}

Makefile

@@ -36,6 +36,9 @@ VERSION_INJECTION += -X $(PACKAGE)/pkg/version.GitCommit=$(GITCOMMIT)
 LDFLAGS = "-w $(VERSION_INJECTION)"
 MIN_MACOS_VERSION ?= 11.0
 
+FINCH_DAEMON_LOCATION_ROOT ?= $(FINCH_OS_IMAGE_LOCATION_ROOT)/finch-daemon
+FINCH_DAEMON_LOCATION ?= $(FINCH_DAEMON_LOCATION_ROOT)/finch-daemon
+
 GOOS ?= $(shell $(GO) env GOOS)
 ifeq ($(GOOS),windows)
 BINARYNAME := $(addsuffix .exe, $(BINARYNAME))
@@ -75,7 +78,7 @@ endif
 
 FINCH_CORE_DIR := $(CURDIR)/deps/finch-core
 
-remote-all: arch-test finch install.finch-core-dependencies finch.yaml networks.yaml config.yaml
+remote-all: arch-test finch install.finch-core-dependencies finch.yaml networks.yaml config.yaml $(OUTDIR)/finch-daemon/[email protected]
 
 ifeq ($(BUILD_OS), Windows_NT)
 include Makefile.windows
@@ -168,6 +171,9 @@ finch-all:
 .PHONY: release
 release: check-licenses all download-licenses
 
+$(OUTDIR)/finch-daemon/[email protected]:
+	cp [email protected] $(OUTDIR)/finch-daemon/[email protected]
+
 .PHONY: coverage
 coverage:
 	go test $(shell go list ./... | grep -v e2e | grep -v benchmark | grep -v mocks) -coverprofile=test-coverage.out
@@ -303,6 +309,32 @@ test-e2e-container: create-report-dir
 test-e2e-vm: create-report-dir
 	go test -ldflags $(LDFLAGS) -timeout 2h ./e2e/vm -test.v -ginkgo.v -ginkgo.timeout=2h -ginkgo.flake-attempts=3 -ginkgo.json-report=$(REPORT_DIR)/$(RUN_ID)-$(RUN_ATTEMPT)-e2e-vm-report.json --installed="$(INSTALLED)" --registry="$(REGISTRY)"
 
+GINKGO = go run github.com/onsi/ginkgo/v2/ginkgo
+# Common ginkgo options: -v for verbose mode, --focus="test name" for running single tests
+GFLAGS ?= --race --randomize-all --randomize-suites
+
+ifeq ($(INSTALLED),true)
+DAEMON_DOCKER_HOST := "unix:///Applications/Finch/lima/data/finch/sock/finch.sock"
+else
+DAEMON_DOCKER_HOST := "unix://$(OUTDIR)/lima/data/finch/sock/finch.sock"
+endif
+
+.PHONY: test-e2e-daemon
+test-e2e-daemon:
+	-@$(OUTDIR)/bin/$(BINARYNAME) vm stop -f || true
+	-@$(OUTDIR)/bin/$(BINARYNAME) vm remove -f
+	-@$(OUTDIR)/bin/$(BINARYNAME) vm init
+
+	cd $(FINCH_CORE_DIR)/src/finch-daemon && \
+	STATIC=1 GOOS=linux GOARCH=$(GOARCH) make && \
+	DOCKER_HOST=$(DAEMON_DOCKER_HOST) \
+	DOCKER_API_VERSION="v1.41" \
+	TEST_E2E=1 \
+	go test ./e2e -test.v -ginkgo.v -ginkgo.randomize-all -ginkgo.json-report=$(REPORT_DIR)/$(RUN_ID)-$(RUN_ATTEMPT)-e2e-daemon-report.json \
+	  --subject="$(OUTDIR)/bin/$(BINARYNAME)" \
+	  --daemon-context-subject-prefix="$(OUTDIR)/lima/bin/limactl shell finch sudo" \
+	  --daemon-context-subject-env="LIMA_HOME=$(OUTDIR)/lima/data"
+
 .PHONY: test-benchmark
 test-benchmark:
 	cd benchmark/all && go test -ldflags $(LDFLAGS) -bench=. -benchmem --installed="$(INSTALLED)"

Makefile.darwin

@@ -18,9 +18,21 @@ FINCH_OS_IMAGE_LOCATION_ROOT ?= $(DEST)
 FINCH_IMAGE_LOCATION ?= $(FINCH_OS_IMAGE_LOCATION_ROOT)/os/$(FINCH_OS_BASENAME)
 FINCH_IMAGE_DIGEST ?= "sha512:$(FINCH_OS_DIGEST)"
 
+# check if finch-daemon socket is in a default path
+SHOULD_ADD_DAEMON_MOUNT = $(shell if echo "$(FINCH_DAEMON_LOCATION_ROOT)" | grep -q \/Users\/ ; then echo "0"; else echo "1"; fi)
+
+.PHONY: finch.yaml
+finch.yaml: $(OS_OUTDIR)/finch.yaml
+
+# only add the finch-daemon mount when its not in a default path
+# this scenario is common in dev, where the typical path is /Users/...
+ifeq ($(SHOULD_ADD_DAEMON_MOUNT),1)
+finch.yaml: add-daemon-mount
+endif
+
 $(OS_OUTDIR)/finch.yaml: $(OS_OUTDIR) finch.yaml.d/common.yaml finch.yaml.d/mac.yaml
 	# merge the appropriate YAMLs into a temporary finch.yaml file on the current working directory
-	cd finch.yaml.d && yq eval-all '. as $$item ireduce ({}; . *+ $$item)' mac.yaml common.yaml > ../finch.yaml.temp
+	cd finch.yaml.d && yq eval-all '. as $$item ireduce ({}; . *+ $$item)' common.yaml mac.yaml > ./../finch.yaml.temp
 
 	# using -i.bak is very intentional, it allows the following commands to succeed for both GNU / BSD sed
 	# this sed command uses the alternative separator of "|" because the image location uses "/"
@@ -31,8 +43,19 @@ $(OS_OUTDIR)/finch.yaml: $(OS_OUTDIR) finch.yaml.d/common.yaml finch.yaml.d/mac.
 	sed -i.bak -e "s/<container_runtime_archive_aarch64_digest>/$(CONTAINER_RUNTIME_ARCHIVE_AARCH64_DIGEST)/g" finch.yaml.temp
 	sed -i.bak -e "s|<container_runtime_archive_x86_64_location>|$(CONTAINER_RUNTIME_ARCHIVE_X86_64_LOCATION)|g" finch.yaml.temp
 	sed -i.bak -e "s/<container_runtime_archive_x86_64_digest>/$(CONTAINER_RUNTIME_ARCHIVE_X86_64_DIGEST)/g" finch.yaml.temp
+	sed -i.bak -e "s|<finch_daemon_root>|$(FINCH_DAEMON_LOCATION_ROOT)|g" finch.yaml.temp
+	sed -i.bak -e "s|<finch_daemon_location>|$(FINCH_DAEMON_LOCATION)|g" finch.yaml.temp
 
 	# Replacement was successful, so cleanup .bak
 	@rm finch.yaml.temp.bak
 
 	mv finch.yaml.temp $@
+
+.PHONY: add-daemon-mount
+add-daemon-mount:
+	cd finch.yaml.d && yq eval-all '. as $$item ireduce ({}; . *+ $$item)' $(OS_OUTDIR)/finch.yaml finch-daemon-mount.yaml > ./../finch.yaml.temp
+	sed -i.bak -e "s|<finch_daemon_root>|$(FINCH_DAEMON_LOCATION_ROOT)|g" finch.yaml.temp
+	# Replacement was successful, so cleanup .bak
+	@rm finch.yaml.temp.bak
+
+	mv finch.yaml.temp $(OS_OUTDIR)/finch.yaml

e2e/vm/daemon_darwin_test.go

@@ -0,0 +1,73 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+//go:build darwin
+
+package vm
+
+import (
+	"context"
+	"path/filepath"
+	"sync"
+	"time"
+
+	"github.com/docker/docker/api/types/image"
+	"github.com/docker/docker/client"
+	"github.com/onsi/ginkgo/v2"
+	"github.com/onsi/gomega"
+	"github.com/runfinch/common-tests/option"
+)
+
+var testDaemon = func(_ *option.Option, installed bool) {
+	imageRef := "public.ecr.aws/docker/library/alpine:latest"
+	ginkgo.Describe("Daemon smoke test", func() {
+		ginkgo.It("docker client should be able to pull and list images", func(gCtx ginkgo.SpecContext) {
+			// create a context which is cancelled with the ginkgo test timeout
+			testCtx, cancelCtx := context.WithCancel(context.Background())
+			defer cancelCtx()
+			go func() {
+				defer cancelCtx()
+				<-gCtx.Done()
+			}()
+
+			daemonSocketPath := filepath.Join(limaDataDirPath(installed), "finch", "sock", "finch.sock")
+			apiClient, err := client.NewClientWithOpts(
+				client.WithHost("unix://"+daemonSocketPath),
+				client.WithVersion("v1.43"),
+			)
+			gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
+			defer func() {
+				gomega.Expect(apiClient.Close()).ShouldNot(gomega.HaveOccurred())
+			}()
+
+			_, err = apiClient.ImagePull(testCtx, imageRef, image.PullOptions{})
+			gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
+
+			// ImagePull is asynchronous -- poll to check that the image has been pulled every second
+			imagePulled := false
+			wg := sync.WaitGroup{}
+			wg.Add(1)
+			go func(wg *sync.WaitGroup) {
+				for {
+					time.Sleep(1 * time.Second)
+					images, err := apiClient.ImageList(testCtx, image.ListOptions{})
+					if err != nil {
+						gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
+					}
+					for _, img := range images {
+						for _, tag := range img.RepoTags {
+							if tag == imageRef {
+								imagePulled = true
+								wg.Done()
+								return
+							}
+						}
+					}
+				}
+			}(&wg)
+			wg.Wait()
+
+			gomega.Expect(imagePulled).Should(gomega.BeTrue())
+		})
+	})
+}

e2e/vm/vm_darwin_test.go

@@ -72,6 +72,7 @@ func TestVM(t *testing.T) {
 		testCredHelper(o, *e2e.Installed, *e2e.Registry)
 		testSoci(o, *e2e.Installed)
 		testVMNetwork(o, *e2e.Installed)
+		testDaemon(o, *e2e.Installed)
 		testVMDisk(o)
 	})
 

finch.yaml.d/common.yaml

@@ -89,8 +89,9 @@ provision:
       printf '[Unit]\nDescription=Delete hanging data on boot\nDefaultDependencies=no\nBefore=basic.target\n\n[Service]\nType=oneshot\nExecStart=/bin/bash -c "sudo rm -rf /var/lib/cni/networks/bridge/**; sudo rm -rf /var/lib/cni/results/bridge-finch-*"\n\n[Install]\nWantedBy=basic.target\n' | sudo tee /usr/local/lib/systemd/system/finch-cleanup-on-boot.service
       sudo systemctl enable --now finch-cleanup-on-boot.service
 
-      sudo systemctl restart containerd.service
+      sudo systemctl daemon-reload
 
+      sudo systemctl restart containerd.service
 env:
   # Containerd namespace is used by the lima cidata script
   # 40-install-containerd.sh. Specifically this variable is defining the

finch.yaml.d/finch-daemon-mount.yaml

@@ -0,0 +1,3 @@
+mounts:
+  - location: "<finch_daemon_root>"
+    writable: true

finch.yaml.d/mac.yaml

@@ -7,6 +7,14 @@ provision:
   - mode: boot
     script: |
       modprobe virtiofs
+  # port this to common.yaml after windows socket forwarding is added
+  - mode: user
+    script: |
+      sudo cp <finch_daemon_location> /usr/local/bin/finch-daemon
+      sudo cp <finch_daemon_root>/[email protected] /usr/local/lib/systemd/system/[email protected]
+
+      sudo systemctl daemon-reload
+      sudo systemctl enable --now finch@${UID}
 mounts:
   - location: "~"
     mountPoint: null
@@ -22,9 +30,9 @@ mounts:
       cache: "fscache"
   - location: "/tmp/lima"
     writable: true
-  - location: "/var/folders"
+  - location: "/private"
     writable: true
-  - location: "/private/var/folders"
+  - location: "/var/folders"
     writable: true
 
 ssh:
@@ -44,3 +52,7 @@ hostResolver:
   hosts:
     host.finch.internal: host.lima.internal
     host.docker.internal: host.lima.internal
+
+portForwards:
+- guestSocket: "/run/finch.sock"
+  hostSocket: "{{.Dir}}/sock/finch.sock"

[email protected]

@@ -0,0 +1,16 @@
+[Unit]
+Description=Finch daemon %I
+Documentation=https://runfinch.com https://github.com/runfinch/finch-daemon
+After=network.target local-fs.target containerd.service buildkit.service
+
+[Service]
+ExecStart=/usr/local/bin/finch-daemon --socket-owner %i
+ExecStartPost=-rm -rf /var/run/docker.sock
+ExecStartPost=ln -s /run/finch.sock /var/run/docker.sock
+Type=notify
+Delegate=yes
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target