Merge pull request #133 from rancher-sandbox/vde

Add networking options for vde_vmnet support

Author: AkihiroSuda

cmd/limactl/start.go

@@ -114,7 +114,9 @@ func loadOrCreateInstance(clicontext *cli.Context) (*store.Instance, error) {
 	} else {
 		logrus.Info("Terminal is not available, proceeding without opening an editor")
 	}
-	y, err := limayaml.Load(yBytes)
+	// limayaml.Load() needs to pass the store file path to limayaml.FillDefault() to calculate default MAC addresses
+	filePath := filepath.Join(instDir, filenames.LimaYAML)
+	y, err := limayaml.Load(yBytes, filePath)
 	if err != nil {
 		return nil, err
 	}
@@ -131,7 +133,7 @@ func loadOrCreateInstance(clicontext *cli.Context) (*store.Instance, error) {
 	if err := os.MkdirAll(instDir, 0700); err != nil {
 		return nil, err
 	}
-	if err := os.WriteFile(filepath.Join(instDir, filenames.LimaYAML), yBytes, 0644); err != nil {
+	if err := os.WriteFile(filePath, yBytes, 0644); err != nil {
 		return nil, err
 	}
 	return store.Inspect(instName)

pkg/cidata/cidata.TEMPLATE.d/network-config

@@ -0,0 +1,9 @@
+version: 2
+ethernets:
+  {{- range $nw := .Networks}}
+  {{$nw.Name}}:
+    match:
+      macaddress: '{{$nw.MACAddress}}'
+    dhcp4: true
+    set-name: {{$nw.Name}}
+  {{- end }}

pkg/cidata/cidata.go

@@ -15,7 +15,9 @@ import (
 	"github.com/AkihiroSuda/lima/pkg/iso9660util"
 	"github.com/AkihiroSuda/lima/pkg/limayaml"
 	"github.com/AkihiroSuda/lima/pkg/localpathutil"
+	"github.com/AkihiroSuda/lima/pkg/qemu"
 	"github.com/AkihiroSuda/lima/pkg/sshutil"
+	"github.com/AkihiroSuda/lima/pkg/store/filenames"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -32,8 +34,8 @@ var (
 	}
 )
 
-func GenerateISO9660(isoPath, name string, y *limayaml.LimaYAML) error {
-	if err := limayaml.ValidateRaw(*y); err != nil {
+func GenerateISO9660(instDir, name string, y *limayaml.LimaYAML) error {
+	if err := limayaml.Validate(*y); err != nil {
 		return err
 	}
 	u, err := user.Current()
@@ -70,6 +72,11 @@ func GenerateISO9660(isoPath, name string, y *limayaml.LimaYAML) error {
 		args.Mounts = append(args.Mounts, expanded)
 	}
 
+	args.Networks = append(args.Networks, Network{MACAddress: qemu.SlirpMACAddress, Name: "eth0"})
+	for _, vde := range y.Network.VDE {
+		args.Networks = append(args.Networks, Network{MACAddress: vde.MACAddress, Name: vde.Name})
+	}
+
 	if err := ValidateTemplateArgs(args); err != nil {
 		return err
 	}
@@ -147,7 +154,7 @@ func GenerateISO9660(isoPath, name string, y *limayaml.LimaYAML) error {
 		})
 	}
 
-	return iso9660util.Write(isoPath, "cidata", layout)
+	return iso9660util.Write(filepath.Join(instDir, filenames.CIDataISO), "cidata", layout)
 }
 
 func GuestAgentBinary(arch string) (io.ReadCloser, error) {

pkg/cidata/template.go

@@ -23,13 +23,18 @@ type Containerd struct {
 	System bool
 	User   bool
 }
+type Network struct {
+	MACAddress string
+	Name       string
+}
 type TemplateArgs struct {
 	Name       string // instance name
 	User       string // user name
 	UID        int
 	SSHPubKeys []string
 	Mounts     []string // abs path, accessible by the User
 	Containerd Containerd
+	Networks   []Network
 }
 
 func ValidateTemplateArgs(args TemplateArgs) error {

pkg/limayaml/default.yaml

@@ -31,6 +31,20 @@ memory: "4GiB"
 # Default: "100GiB"
 disk: "100GiB"
 
+network:
+  # The instance can get routable IP addresses from the vmnet framework using
+  # https://github.com/AkihiroSuda/vde_vmnet. Both vde_switch and vde_vmnet
+  # daemons must be running before the instance is started. The interface type
+  # (host, shared, or bridged) is configured in vde_vmnet and not lima.
+  vde:
+    # url points to the vde_switch socket directory
+    # - url: "/var/run/vde.ctl"
+    #   # MAC address of the instance; lima will pick one based on the instance name,
+    #   # so DHCP assigned ip addresses should remain constant over instance restarts.
+    #   macAddress: ""
+    #   # Interface name, defaults to "vde0", "vde1", etc.
+    #   name: ""
+
 # Expose host directories to the guest
 # Default: none
 mounts:

pkg/limayaml/defaults.go

@@ -1,13 +1,16 @@
 package limayaml
 
 import (
+	"crypto/sha256"
 	"fmt"
+	"net"
 	"runtime"
+	"strconv"
 
 	"github.com/AkihiroSuda/lima/pkg/guestagent/api"
 )
 
-func FillDefault(y *LimaYAML) {
+func FillDefault(y *LimaYAML, filePath string) {
 	y.Arch = resolveArch(y.Arch)
 	for i := range y.Images {
 		img := &y.Images[i]
@@ -55,6 +58,21 @@ func FillDefault(y *LimaYAML) {
 		FillPortForwardDefaults(&y.PortForwards[i])
 		// After defaults processing the singular HostPort and GuestPort values should not be used again.
 	}
+	for i := range y.Network.VDE {
+		vde := &y.Network.VDE[i]
+		if vde.MACAddress == "" {
+			// every interface in every limayaml file must get its own unique MAC address
+			uniqueID := fmt.Sprintf("%s#%d", filePath, i)
+			sha := sha256.Sum256([]byte(uniqueID))
+			// According to https://gitlab.com/wireshark/wireshark/-/blob/master/manuf
+			// no well-known MAC addresses start with 0x22.
+			hw := append(net.HardwareAddr{0x22}, sha[0:5]...)
+			vde.MACAddress = hw.String()
+		}
+		if vde.Name == "" {
+			vde.Name = "vde" + strconv.Itoa(i)
+		}
+	}
 }
 
 func FillPortForwardDefaults(rule *PortForward) {

pkg/limayaml/limayaml.go

@@ -20,6 +20,7 @@ type LimaYAML struct {
 	Containerd   Containerd    `yaml:"containerd,omitempty"`
 	Probes       []Probe       `yaml:"probes,omitempty"`
 	PortForwards []PortForward `yaml:"portForwards,omitempty"`
+	Network      Network       `yaml:"network,omitempty"`
 }
 
 type Arch = string
@@ -105,3 +106,12 @@ type PortForward struct {
 	Proto          Proto  `yaml:"proto,omitempty"`
 	Ignore         bool   `yaml:"ignore,omitempty"`
 }
+
+type Network struct {
+	VDE []VDE `yaml:"vde,omitempty"`
+}
+type VDE struct {
+	URL        string `yaml:"url,omitempty"`
+	MACAddress string `yaml:"macAddress,omitempty"`
+	Name       string `yaml:"name,omitempty"`
+}

pkg/limayaml/load.go

@@ -7,11 +7,11 @@ import (
 // Load loads the yaml and fulfills unspecified fields with the default values.
 //
 // Load does not validate. Use Validate for validation.
-func Load(b []byte) (*LimaYAML, error) {
+func Load(b []byte, filePath string) (*LimaYAML, error) {
 	var y LimaYAML
 	if err := yaml.Unmarshal(b, &y); err != nil {
 		return nil, err
 	}
-	FillDefault(&y)
+	FillDefault(&y, filePath)
 	return &y, nil
 }

pkg/limayaml/template_test.go

@@ -7,7 +7,7 @@ import (
 )
 
 func TestDefaultTemplateYAML(t *testing.T) {
-	_, err := Load(DefaultTemplate)
+	_, err := Load(DefaultTemplate, "does-not-exist")
 	assert.NilError(t, err)
 	// Do not call Validate(y) here, as it fails when `~/lima` is missing
 }

pkg/limayaml/validate.go

@@ -2,6 +2,7 @@ package limayaml
 
 import (
 	"fmt"
+	"net"
 	"os"
 	"os/user"
 	"path/filepath"
@@ -13,11 +14,6 @@ import (
 )
 
 func Validate(y LimaYAML) error {
-	FillDefault(&y)
-	return ValidateRaw(y)
-}
-
-func ValidateRaw(y LimaYAML) error {
 	switch y.Arch {
 	case X8664, AARCH64:
 	default:
@@ -154,7 +150,7 @@ func ValidateRaw(y LimaYAML) error {
 		if rule.HostPortRange[0] > rule.HostPortRange[1] {
 			return errors.Errorf("field `%s.hostPortRange[1]` must be greater than or equal to field `%s.hostPortRange[0]`", field, field)
 		}
-		if rule.GuestPortRange[1] - rule.GuestPortRange[0] != rule.HostPortRange[1] - rule.HostPortRange[0] {
+		if rule.GuestPortRange[1]-rule.GuestPortRange[0] != rule.HostPortRange[1]-rule.HostPortRange[0] {
 			return errors.Errorf("field `%s.hostPortRange` must specify the same number of ports as field `%s.guestPortRange`", field, field)
 		}
 		if rule.Proto != TCP {
@@ -163,6 +159,38 @@ func ValidateRaw(y LimaYAML) error {
 		// Not validating that the various GuestPortRanges and HostPortRanges are not overlapping. Rules will be
 		// processed sequentially and the first matching rule for a guest port determines forwarding behavior.
 	}
+	for i, vde := range y.Network.VDE {
+		field := fmt.Sprintf("network.vde[%d]", i)
+		if vde.URL == "" {
+			return errors.Errorf("field `%s.url` must not be empty", field)
+		}
+		// The field is called VDE.URL in anticipation of QEMU upgrading VDE2 to VDEplug4,
+		// but right now the only valid value is a path to the vde_switch socket directory.
+		fi, err := os.Stat(vde.URL)
+		if err != nil {
+			return errors.Wrapf(err, "field `%s.url` %q failed stat", field, vde.URL)
+		}
+		if !fi.IsDir() {
+			return errors.Wrapf(err, "field `%s.url` %q is not a directory", field, vde.URL)
+		}
+		ctlSocket := filepath.Join(vde.URL, "ctl")
+		fi, err = os.Stat(ctlSocket)
+		if err != nil {
+			return errors.Wrapf(err, "field `%s.url` control socket %q failed stat", field, ctlSocket)
+		}
+		if fi.Mode()&os.ModeSocket == 0 {
+			return errors.Errorf("field `%s.url` file %q is not a UNIX socket", field, ctlSocket)
+		}
+		if vde.MACAddress != "" {
+			hw, err := net.ParseMAC(vde.MACAddress)
+			if err != nil {
+				return errors.Wrap(err, "field `vmnet.mac` invalid")
+			}
+			if len(hw) != 6 {
+				return errors.Errorf("field `%s.macAddress` must be a 48 bit (6 bytes) MAC address; actual length of %q is %d bytes", field, vde.MACAddress, len(hw))
+			}
+		}
+	}
 	return nil
 }