Add vsock dialer abstraction

Author: sjmiller609

cmd/api/api/exec.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/gorilla/websocket"
 	"github.com/onkernel/hypeman/lib/exec"
+	"github.com/onkernel/hypeman/lib/hypervisor"
 	"github.com/onkernel/hypeman/lib/instances"
 	"github.com/onkernel/hypeman/lib/logger"
 	mw "github.com/onkernel/hypeman/lib/middleware"
@@ -110,8 +111,17 @@ func (s *ApiService) ExecHandler(w http.ResponseWriter, r *http.Request) {
 	// Create WebSocket read/writer wrapper
 	wsConn := &wsReadWriter{ws: ws, ctx: ctx}
 
+	// Create vsock dialer for this hypervisor type
+	dialer, err := hypervisor.NewVsockDialer(hypervisor.Type(inst.HypervisorType), inst.VsockSocket, inst.VsockCID)
+	if err != nil {
+		log.ErrorContext(ctx, "failed to create vsock dialer", "error", err)
+		ws.WriteMessage(websocket.BinaryMessage, []byte(fmt.Sprintf("Error: %v\r\n", err)))
+		ws.WriteMessage(websocket.TextMessage, []byte(`{"exitCode":127}`))
+		return
+	}
+
 	// Execute via vsock
-	exit, err := exec.ExecIntoInstance(ctx, inst.VsockSocket, exec.ExecOptions{
+	exit, err := exec.ExecIntoInstance(ctx, dialer, exec.ExecOptions{
 		Command: execReq.Command,
 		Stdin:   wsConn,
 		Stdout:  wsConn,

cmd/api/api/exec_test.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/onkernel/hypeman/lib/exec"
+	"github.com/onkernel/hypeman/lib/hypervisor"
 	"github.com/onkernel/hypeman/lib/instances"
 	"github.com/onkernel/hypeman/lib/oapi"
 	"github.com/onkernel/hypeman/lib/paths"
@@ -119,13 +120,16 @@ func TestExecInstanceNonTTY(t *testing.T) {
 	var stdout, stderr outputBuffer
 	var execErr error
 
+	dialer, err := hypervisor.NewVsockDialer(actualInst.HypervisorType, actualInst.VsockSocket, actualInst.VsockCID)
+	require.NoError(t, err)
+
 	t.Log("Testing exec command: whoami")
 	maxRetries := 10
 	for i := 0; i < maxRetries; i++ {
 		stdout = outputBuffer{}
 		stderr = outputBuffer{}
 
-		exit, execErr = exec.ExecIntoInstance(ctx(), actualInst.VsockSocket, exec.ExecOptions{
+		exit, execErr = exec.ExecIntoInstance(ctx(), dialer, exec.ExecOptions{
 			Command: []string{"/bin/sh", "-c", "whoami"},
 			Stdin:   nil,
 			Stdout:  &stdout,
@@ -250,9 +254,12 @@ func TestExecWithDebianMinimal(t *testing.T) {
 	assert.Contains(t, logs, "overlay-init: app exited with code", "App should have exited")
 
 	// Test exec commands work even though the main app (bash) has exited
+	dialer2, err := hypervisor.NewVsockDialer(actualInst.HypervisorType, actualInst.VsockSocket, actualInst.VsockCID)
+	require.NoError(t, err)
+
 	t.Log("Testing exec command: echo")
 	var stdout, stderr outputBuffer
-	exit, err := exec.ExecIntoInstance(ctx(), actualInst.VsockSocket, exec.ExecOptions{
+	exit, err := exec.ExecIntoInstance(ctx(), dialer2, exec.ExecOptions{
 		Command: []string{"echo", "hello from debian"},
 		Stdout:  &stdout,
 		Stderr:  &stderr,
@@ -266,7 +273,7 @@ func TestExecWithDebianMinimal(t *testing.T) {
 	// Verify we're actually in Debian
 	t.Log("Verifying OS release...")
 	stdout = outputBuffer{}
-	exit, err = exec.ExecIntoInstance(ctx(), actualInst.VsockSocket, exec.ExecOptions{
+	exit, err = exec.ExecIntoInstance(ctx(), dialer2, exec.ExecOptions{
 		Command: []string{"cat", "/etc/os-release"},
 		Stdout:  &stdout,
 		TTY:     false,

lib/devices/gpu_e2e_test.go

@@ -12,6 +12,7 @@ import (
 	"github.com/onkernel/hypeman/cmd/api/config"
 	"github.com/onkernel/hypeman/lib/devices"
 	"github.com/onkernel/hypeman/lib/exec"
+	"github.com/onkernel/hypeman/lib/hypervisor"
 	"github.com/onkernel/hypeman/lib/images"
 	"github.com/onkernel/hypeman/lib/instances"
 	"github.com/onkernel/hypeman/lib/network"
@@ -218,6 +219,9 @@ func TestGPUPassthrough(t *testing.T) {
 	actualInst, err := instanceMgr.GetInstance(ctx, inst.Id)
 	require.NoError(t, err)
 
+	dialer, err := hypervisor.NewVsockDialer(actualInst.HypervisorType, actualInst.VsockSocket, actualInst.VsockCID)
+	require.NoError(t, err)
+
 	// Create a context with timeout for exec operations
 	execCtx, cancel := context.WithTimeout(ctx, 30*time.Second)
 	defer cancel()
@@ -232,7 +236,7 @@ func TestGPUPassthrough(t *testing.T) {
 		stdout = outputBuffer{}
 		stderr = outputBuffer{}
 
-		_, execErr = exec.ExecIntoInstance(execCtx, actualInst.VsockSocket, exec.ExecOptions{
+		_, execErr = exec.ExecIntoInstance(execCtx, dialer, exec.ExecOptions{
 			Command: []string{"/bin/sh", "-c", checkGPUCmd},
 			Stdin:   nil,
 			Stdout:  &stdout,

lib/devices/gpu_inference_test.go

@@ -23,6 +23,7 @@ import (
 	"github.com/onkernel/hypeman/cmd/api/config"
 	"github.com/onkernel/hypeman/lib/devices"
 	"github.com/onkernel/hypeman/lib/exec"
+	"github.com/onkernel/hypeman/lib/hypervisor"
 	"github.com/onkernel/hypeman/lib/images"
 	"github.com/onkernel/hypeman/lib/instances"
 	"github.com/onkernel/hypeman/lib/network"
@@ -285,14 +286,17 @@ func TestGPUInference(t *testing.T) {
 	actualInst, err := instanceMgr.GetInstance(ctx, inst.Id)
 	require.NoError(t, err)
 
+	dialer, err := hypervisor.NewVsockDialer(actualInst.HypervisorType, actualInst.VsockSocket, actualInst.VsockCID)
+	require.NoError(t, err)
+
 	// Step 10: Wait for Ollama server
 	t.Log("Step 10: Waiting for Ollama server to be ready...")
 	ollamaReady := false
 	for i := 0; i < 60; i++ { // 60 seconds for CUDA init
 		healthCtx, healthCancel := context.WithTimeout(ctx, 5*time.Second)
 		var healthStdout, healthStderr inferenceOutputBuffer
 
-		_, err = exec.ExecIntoInstance(healthCtx, actualInst.VsockSocket, exec.ExecOptions{
+		_, err = exec.ExecIntoInstance(healthCtx, dialer, exec.ExecOptions{
 			Command: []string{"/bin/sh", "-c", "ollama list 2>&1"},
 			Stdout:  &healthStdout,
 			Stderr:  &healthStderr,
@@ -319,7 +323,7 @@ func TestGPUInference(t *testing.T) {
 
 	// Check nvidia-smi (should work now with CUDA image)
 	var nvidiaSmiStdout, nvidiaSmiStderr inferenceOutputBuffer
-	_, _ = exec.ExecIntoInstance(gpuCheckCtx, actualInst.VsockSocket, exec.ExecOptions{
+	_, _ = exec.ExecIntoInstance(gpuCheckCtx, dialer, exec.ExecOptions{
 		Command: []string{"/bin/sh", "-c", "nvidia-smi 2>&1 || echo 'nvidia-smi failed'"},
 		Stdout:  &nvidiaSmiStdout,
 		Stderr:  &nvidiaSmiStderr,
@@ -333,7 +337,7 @@ func TestGPUInference(t *testing.T) {
 
 	// Check NVIDIA kernel modules
 	var modulesStdout inferenceOutputBuffer
-	exec.ExecIntoInstance(gpuCheckCtx, actualInst.VsockSocket, exec.ExecOptions{
+	exec.ExecIntoInstance(gpuCheckCtx, dialer, exec.ExecOptions{
 		Command: []string{"/bin/sh", "-c", "cat /proc/modules | grep nvidia"},
 		Stdout:  &modulesStdout,
 	})
@@ -343,7 +347,7 @@ func TestGPUInference(t *testing.T) {
 
 	// Check device nodes
 	var devStdout inferenceOutputBuffer
-	exec.ExecIntoInstance(gpuCheckCtx, actualInst.VsockSocket, exec.ExecOptions{
+	exec.ExecIntoInstance(gpuCheckCtx, dialer, exec.ExecOptions{
 		Command: []string{"/bin/sh", "-c", "ls -la /dev/nvidia* 2>&1"},
 		Stdout:  &devStdout,
 	})
@@ -355,7 +359,7 @@ func TestGPUInference(t *testing.T) {
 	t.Log("Step 12: Ensuring TinyLlama model is available...")
 
 	var listStdout inferenceOutputBuffer
-	exec.ExecIntoInstance(gpuCheckCtx, actualInst.VsockSocket, exec.ExecOptions{
+	exec.ExecIntoInstance(gpuCheckCtx, dialer, exec.ExecOptions{
 		Command: []string{"/bin/sh", "-c", "ollama list 2>&1"},
 		Stdout:  &listStdout,
 	})
@@ -366,7 +370,7 @@ func TestGPUInference(t *testing.T) {
 		defer pullCancel()
 
 		var pullStdout inferenceOutputBuffer
-		_, pullErr := exec.ExecIntoInstance(pullCtx, actualInst.VsockSocket, exec.ExecOptions{
+		_, pullErr := exec.ExecIntoInstance(pullCtx, dialer, exec.ExecOptions{
 			Command: []string{"/bin/sh", "-c", "ollama pull tinyllama 2>&1"},
 			Stdout:  &pullStdout,
 		})

lib/devices/gpu_module_test.go

@@ -19,6 +19,7 @@ import (
 	"github.com/onkernel/hypeman/cmd/api/config"
 	"github.com/onkernel/hypeman/lib/devices"
 	"github.com/onkernel/hypeman/lib/exec"
+	"github.com/onkernel/hypeman/lib/hypervisor"
 	"github.com/onkernel/hypeman/lib/images"
 	"github.com/onkernel/hypeman/lib/instances"
 	"github.com/onkernel/hypeman/lib/network"
@@ -194,6 +195,9 @@ func TestNVIDIAModuleLoading(t *testing.T) {
 	actualInst, err := instanceMgr.GetInstance(ctx, inst.Id)
 	require.NoError(t, err)
 
+	dialer, err := hypervisor.NewVsockDialer(actualInst.HypervisorType, actualInst.VsockSocket, actualInst.VsockCID)
+	require.NoError(t, err)
+
 	execCtx, cancel := context.WithTimeout(ctx, 30*time.Second)
 	defer cancel()
 
@@ -204,7 +208,7 @@ func TestNVIDIAModuleLoading(t *testing.T) {
 	for i := 0; i < 10; i++ {
 		stdout = outputBuffer{}
 		stderr = outputBuffer{}
-		_, err = exec.ExecIntoInstance(execCtx, actualInst.VsockSocket, exec.ExecOptions{
+		_, err = exec.ExecIntoInstance(execCtx, dialer, exec.ExecOptions{
 			Command: []string{"/bin/sh", "-c", dmesgCmd},
 			Stdin:   nil,
 			Stdout:  &stdout,
@@ -234,7 +238,7 @@ func TestNVIDIAModuleLoading(t *testing.T) {
 	// Check lsmod for nvidia modules
 	stdout = outputBuffer{}
 	stderr = outputBuffer{}
-	_, err = exec.ExecIntoInstance(execCtx, actualInst.VsockSocket, exec.ExecOptions{
+	_, err = exec.ExecIntoInstance(execCtx, dialer, exec.ExecOptions{
 		Command: []string{"/bin/sh", "-c", "cat /proc/modules | grep nvidia || echo 'No nvidia modules loaded'"},
 		Stdin:   nil,
 		Stdout:  &stdout,
@@ -254,7 +258,7 @@ func TestNVIDIAModuleLoading(t *testing.T) {
 	// Check for /dev/nvidia* devices
 	stdout = outputBuffer{}
 	stderr = outputBuffer{}
-	_, err = exec.ExecIntoInstance(execCtx, actualInst.VsockSocket, exec.ExecOptions{
+	_, err = exec.ExecIntoInstance(execCtx, dialer, exec.ExecOptions{
 		Command: []string{"/bin/sh", "-c", "ls -la /dev/nvidia* 2>&1 || echo 'No nvidia devices found'"},
 		Stdin:   nil,
 		Stdout:  &stdout,
@@ -430,13 +434,16 @@ func TestNVMLDetection(t *testing.T) {
 	actualInst, err := instanceMgr.GetInstance(ctx, inst.Id)
 	require.NoError(t, err)
 
+	dialer2, err := hypervisor.NewVsockDialer(actualInst.HypervisorType, actualInst.VsockSocket, actualInst.VsockCID)
+	require.NoError(t, err)
+
 	// Step 5: Run NVML test
 	t.Log("Step 5: Running NVML detection test...")
 	execCtx, cancel := context.WithTimeout(ctx, 30*time.Second)
 	defer cancel()
 
 	var stdout, stderr outputBuffer
-	_, err = exec.ExecIntoInstance(execCtx, actualInst.VsockSocket, exec.ExecOptions{
+	_, err = exec.ExecIntoInstance(execCtx, dialer2, exec.ExecOptions{
 		Command: []string{"/bin/sh", "-c", "python3 /usr/local/bin/test-nvml.py 2>&1"},
 		Stdin:   nil,
 		Stdout:  &stdout,
@@ -469,7 +476,7 @@ func TestNVMLDetection(t *testing.T) {
 	t.Log("Step 6: Running CUDA driver test...")
 	stdout = outputBuffer{}
 	stderr = outputBuffer{}
-	_, err = exec.ExecIntoInstance(execCtx, actualInst.VsockSocket, exec.ExecOptions{
+	_, err = exec.ExecIntoInstance(execCtx, dialer2, exec.ExecOptions{
 		Command: []string{"/bin/sh", "-c", "python3 /usr/local/bin/test-cuda.py 2>&1"},
 		Stdin:   nil,
 		Stdout:  &stdout,

lib/exec/README.md

@@ -11,7 +11,7 @@ API Server (/instances/{id}/exec)
     ↓
 lib/exec/client.go (ExecIntoInstance)
     ↓
-Cloud Hypervisor vsock socket
+Hypervisor vsock (CH: Unix socket, QEMU: AF_VSOCK)
     ↓
 Guest: exec-agent (lib/system/exec_agent)
     ↓
@@ -37,14 +37,13 @@ Container (chroot /overlay/newroot)
     "timeout": 30           // optional: timeout in seconds
   }
   ```
-- Calls `exec.ExecIntoInstance()` with the instance's vsock socket path
+- Creates a `VsockDialer` for the instance's hypervisor type and calls `exec.ExecIntoInstance()`
 - Logs audit trail: JWT subject, instance ID, command, start/end time, exit code
 
 ### 2. Client (`lib/exec/client.go`)
 
-- **ExecIntoInstance()**: Main client function
-- Connects to Cloud Hypervisor's vsock Unix socket
-- Performs vsock handshake: `CONNECT 2222\n` → `OK <cid>`
+- **ExecIntoInstance()**: Main client function, takes a `VsockDialer` interface
+- Uses hypervisor-specific dialer to connect to guest (see `lib/hypervisor/*/vsock.go`)
 - Creates gRPC client over the vsock connection (pooled per VM for efficiency)
 - Streams stdin/stdout/stderr bidirectionally
 - Returns exit status when command completes