Forward NOTIFY_SOCKET over vsock for cloud-hypervisor

bouk · astro · commit a439229a1af9 · 2024-03-21T23:01:37.000+01:00
This will forward the systemd ready notification inside the VM so the systemd service status reflects whether the VM has finished booting. Fixes #205
diff --git a/lib/runner.nix b/lib/runner.nix
@@ -16,6 +16,7 @@ let
   };
 
   inherit (hypervisorConfig) command canShutdown shutdownCommand;
+  supportsNotifySocket = hypervisorConfig.supportsNotifySocket or false;
   preStart = hypervisorConfig.preStart or microvmConfig.preStart;
   tapMultiQueue = hypervisorConfig.tapMultiQueue or false;
 
@@ -56,7 +57,7 @@ pkgs.buildPackages.runCommand "microvm-${microvmConfig.hypervisor}-${microvmConf
   # for `nix run`
   meta.mainProgram = "microvm-run";
   passthru = {
-    inherit canShutdown;
+    inherit canShutdown supportsNotifySocket;
     inherit (microvmConfig) hypervisor;
   };
 } ''
diff --git a/lib/runners/cloud-hypervisor.nix b/lib/runners/cloud-hypervisor.nix
@@ -88,6 +88,11 @@ in {
       # stumbling over a preexisting socket
       rm -f '${socket}'
     ''}
+
+    # Start socat to forward systemd notify socket over vsock
+    if [ -n "$NOTIFY_SOCKET" ]; then
+      ${pkgs.socat}/bin/socat UNIX-LISTEN:notify.vsock_8888,fork UNIX-SENDTO:$NOTIFY_SOCKET &
+    fi
   '' + lib.optionalString graphics.enable ''
     rm -f ${graphics.socket}
     ${pkgs.crosvm}/bin/crosvm device gpu \
@@ -100,6 +105,8 @@ in {
     done
   '';
 
+  supportsNotifySocket = true;
+
   command =
     if user != null
     then throw "cloud-hypervisor will not change user"
@@ -118,6 +125,8 @@ in {
         "--cmdline" "console=ttyS0 reboot=t panic=-1 ${toString microvmConfig.kernelParams}"
         "--seccomp" "true"
         "--memory" memOps
+        "--platform" "oem_strings=[io.systemd.credential:vmm.notify_socket=vsock-stream:2:8888]"
+        "--vsock" "cid=3,socket=notify.vsock"
       ]
       ++
       lib.optionals graphics.enable [
diff --git a/nixos-modules/host/default.nix b/nixos-modules/host/default.nix
@@ -235,6 +235,7 @@ in
         # we also have to include a trigger here.
         restartTriggers = [guestConfig.system.build.toplevel];
         overrideStrategy = "asDropin";
+        serviceConfig.Type = lib.mkIf guestConfig.microvm.declaredRunner.supportsNotifySocket "notify";
       };
       "microvm-tap-interfaces@${name}" = {
         serviceConfig.X-RestartIfChanged = [ "" microvmConfig.restartIfChanged ];
@@ -446,6 +447,7 @@ in
           Group = group;
           SyslogIdentifier = "microvm@%i";
           LimitNOFILE = 1048576;
+          NotifyAccess = "all";
           LimitMEMLOCK = "infinity";
         };
       };
