From b77cd01d55c757719ba61396511db41aafde03ea Mon Sep 17 00:00:00 2001 From: "Andres D. Molins" Date: Wed, 12 Jul 2023 14:01:25 +0200 Subject: [PATCH 1/4] Feature: Support BTRFS filesystem for instances. --- kernels/microvm-kernel-x86_64-5.10.config | 2 +- vm_supervisor/storage.py | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/kernels/microvm-kernel-x86_64-5.10.config b/kernels/microvm-kernel-x86_64-5.10.config index 1f4df1c62..14606258f 100644 --- a/kernels/microvm-kernel-x86_64-5.10.config +++ b/kernels/microvm-kernel-x86_64-5.10.config @@ -2113,7 +2113,7 @@ CONFIG_FS_MBCACHE=y # CONFIG_JFS_FS is not set # CONFIG_XFS_FS is not set # CONFIG_GFS2_FS is not set -# CONFIG_BTRFS_FS is not set +CONFIG_BTRFS_FS=y # CONFIG_NILFS2_FS is not set # CONFIG_F2FS_FS is not set # CONFIG_FS_DAX is not set diff --git a/vm_supervisor/storage.py b/vm_supervisor/storage.py index 439359372..6453f3a93 100644 --- a/vm_supervisor/storage.py +++ b/vm_supervisor/storage.py @@ -201,7 +201,8 @@ async def create_volume_file( volume: Union[PersistentVolume, RootfsVolume], namespace: str ) -> Path: volume_name = volume.name if isinstance(volume, PersistentVolume) else "rootfs" - path = Path(settings.PERSISTENT_VOLUMES_DIR) / namespace / f"{volume_name}.ext4" + # Assume that the main filesystem format is BTRFS + path = Path(settings.PERSISTENT_VOLUMES_DIR) / namespace / f"{volume_name}.btrfs" if not path.is_file(): logger.debug(f"Creating {volume.size_mib}MB volume") # Ensure that the parent directory exists @@ -236,9 +237,11 @@ async def create_mapped_device(device_name: str, table_command: str) -> None: await run_in_subprocess(command, stdin_input=table_command.encode()) -async def e2fs_check_and_resize(device_path: Path) -> None: +async def e2fs_check_and_resize(device_path: Path, mount_path: Path) -> None: await run_in_subprocess(["e2fsck", "-fy", str(device_path)]) - await run_in_subprocess(["resize2fs", str(device_path)]) + await run_in_subprocess(["mount", str(device_path), str(mount_path)]) + await run_in_subprocess(["btrfs", "filesystem", "resize", "max", str(mount_path)]) + await run_in_subprocess(["umount", str(device_path), str(mount_path)]) async def create_devmapper( @@ -271,7 +274,10 @@ async def create_devmapper( snapshot_table_command = f"0 {extended_block_size} snapshot {path_base_device_name} {extended_loop_device} P 8" await create_mapped_device(mapped_volume_name, snapshot_table_command) - await e2fs_check_and_resize(path_mapped_volume_name) + mount_path = Path(f"/mnt/{mapped_volume_name}") + if not mount_path.is_dir(): + mount_path.mkdir() + await e2fs_check_and_resize(path_mapped_volume_name, mount_path) await chown_to_jailman(path_base_device_name) await chown_to_jailman(path_mapped_volume_name) return path_mapped_volume_name From 92db9361fbb113974416eab1b930c61f2850101f Mon Sep 17 00:00:00 2001 From: "Andres D. Molins" Date: Wed, 12 Jul 2023 17:27:57 +0200 Subject: [PATCH 2/4] Fix: Fixed error to unmount the volume after resize. --- vm_supervisor/storage.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/vm_supervisor/storage.py b/vm_supervisor/storage.py index 6453f3a93..60326146b 100644 --- a/vm_supervisor/storage.py +++ b/vm_supervisor/storage.py @@ -238,10 +238,9 @@ async def create_mapped_device(device_name: str, table_command: str) -> None: async def e2fs_check_and_resize(device_path: Path, mount_path: Path) -> None: - await run_in_subprocess(["e2fsck", "-fy", str(device_path)]) await run_in_subprocess(["mount", str(device_path), str(mount_path)]) await run_in_subprocess(["btrfs", "filesystem", "resize", "max", str(mount_path)]) - await run_in_subprocess(["umount", str(device_path), str(mount_path)]) + await run_in_subprocess(["umount", str(mount_path)]) async def create_devmapper( From 9904a36829a6e2f3ae2d7d022faeae33529def24 Mon Sep 17 00:00:00 2001 From: "Andres D. Molins" Date: Wed, 12 Jul 2023 17:41:55 +0200 Subject: [PATCH 3/4] Fix: Fixed resize method name and pathlib issues. --- vm_supervisor/storage.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/vm_supervisor/storage.py b/vm_supervisor/storage.py index 60326146b..5f1a45708 100644 --- a/vm_supervisor/storage.py +++ b/vm_supervisor/storage.py @@ -202,7 +202,7 @@ async def create_volume_file( ) -> Path: volume_name = volume.name if isinstance(volume, PersistentVolume) else "rootfs" # Assume that the main filesystem format is BTRFS - path = Path(settings.PERSISTENT_VOLUMES_DIR) / namespace / f"{volume_name}.btrfs" + path = settings.PERSISTENT_VOLUMES_DIR / namespace / f"{volume_name}.btrfs" if not path.is_file(): logger.debug(f"Creating {volume.size_mib}MB volume") # Ensure that the parent directory exists @@ -237,7 +237,7 @@ async def create_mapped_device(device_name: str, table_command: str) -> None: await run_in_subprocess(command, stdin_input=table_command.encode()) -async def e2fs_check_and_resize(device_path: Path, mount_path: Path) -> None: +async def resize_file_system(device_path: Path, mount_path: Path) -> None: await run_in_subprocess(["mount", str(device_path), str(mount_path)]) await run_in_subprocess(["btrfs", "filesystem", "resize", "max", str(mount_path)]) await run_in_subprocess(["umount", str(mount_path)]) @@ -274,9 +274,8 @@ async def create_devmapper( await create_mapped_device(mapped_volume_name, snapshot_table_command) mount_path = Path(f"/mnt/{mapped_volume_name}") - if not mount_path.is_dir(): - mount_path.mkdir() - await e2fs_check_and_resize(path_mapped_volume_name, mount_path) + mount_path.mkdir(parents=True, exist_ok=True) + await resize_file_system(path_mapped_volume_name, mount_path) await chown_to_jailman(path_base_device_name) await chown_to_jailman(path_mapped_volume_name) return path_mapped_volume_name From 5dc9e9491056b7be44a886037310e25852ab25b3 Mon Sep 17 00:00:00 2001 From: Olivier Desenfans Date: Thu, 13 Jul 2023 12:25:38 +0200 Subject: [PATCH 4/4] Fix: CI was broken because of aleph-message (#377) Problem: we shipped aleph-message 0.4.0a2 instead of the latest 0.4.0. --- .github/workflows/test-new-runtime-examples.yml | 4 ++-- .github/workflows/test-on-droplet-debian-11.yml | 5 ++--- .github/workflows/test-on-droplet-debian-12.yml | 5 ++--- .github/workflows/test-on-droplet-ubuntu-22.04.yml | 5 ++--- docker/vm_supervisor-dev.dockerfile | 2 +- examples/volumes/Dockerfile | 2 +- packaging/Makefile | 2 +- vm_supervisor/README.md | 2 +- vm_supervisor/conf.py | 2 +- 9 files changed, 13 insertions(+), 16 deletions(-) diff --git a/.github/workflows/test-new-runtime-examples.yml b/.github/workflows/test-new-runtime-examples.yml index 8305aa984..966cf0bcb 100644 --- a/.github/workflows/test-new-runtime-examples.yml +++ b/.github/workflows/test-new-runtime-examples.yml @@ -38,9 +38,9 @@ jobs: --image debian-11-x64 \ --size c-2 \ --region fra1 \ - --vpc-uuid 8c422d04-5dfa-4eca-add7-1e41b5f60d39 \ + --vpc-uuid 992896c8-c089-4da3-9288-f81e28c095a4 \ --enable-ipv6 \ - --ssh-keys 18:09:36:58:79:44:bb:84:45:c8:6f:9a:f6:b8:0a:c5 \ + --ssh-keys b3:ff:08:7f:57:00:fd:7a:14:00:f2:35:0a:f6:e8:55 \ aleph-vm-ci-runtime - name: "Build custom runtime" diff --git a/.github/workflows/test-on-droplet-debian-11.yml b/.github/workflows/test-on-droplet-debian-11.yml index 28f06bc25..b99d58ae7 100644 --- a/.github/workflows/test-on-droplet-debian-11.yml +++ b/.github/workflows/test-on-droplet-debian-11.yml @@ -35,9 +35,9 @@ jobs: --image debian-11-x64 \ --size c-2 \ --region fra1 \ - --vpc-uuid 8c422d04-5dfa-4eca-add7-1e41b5f60d39 \ + --vpc-uuid 992896c8-c089-4da3-9288-f81e28c095a4 \ --enable-ipv6 \ - --ssh-keys 18:09:36:58:79:44:bb:84:45:c8:6f:9a:f6:b8:0a:c5 \ + --ssh-keys b3:ff:08:7f:57:00:fd:7a:14:00:f2:35:0a:f6:e8:55 \ aleph-vm-ci-debian-11 - name: Build Debian Package @@ -86,4 +86,3 @@ jobs: if: always() run: | doctl compute droplet delete -f aleph-vm-ci-debian-11 - diff --git a/.github/workflows/test-on-droplet-debian-12.yml b/.github/workflows/test-on-droplet-debian-12.yml index 07405fe7d..7eecd5825 100644 --- a/.github/workflows/test-on-droplet-debian-12.yml +++ b/.github/workflows/test-on-droplet-debian-12.yml @@ -35,9 +35,9 @@ jobs: --image debian-12-x64 \ --size c-2 \ --region fra1 \ - --vpc-uuid 8c422d04-5dfa-4eca-add7-1e41b5f60d39 \ + --vpc-uuid 992896c8-c089-4da3-9288-f81e28c095a4 \ --enable-ipv6 \ - --ssh-keys 18:09:36:58:79:44:bb:84:45:c8:6f:9a:f6:b8:0a:c5 \ + --ssh-keys b3:ff:08:7f:57:00:fd:7a:14:00:f2:35:0a:f6:e8:55 \ aleph-vm-ci-debian-12 - name: Build Debian Package @@ -86,4 +86,3 @@ jobs: if: always() run: | doctl compute droplet delete -f aleph-vm-ci-debian-12 - diff --git a/.github/workflows/test-on-droplet-ubuntu-22.04.yml b/.github/workflows/test-on-droplet-ubuntu-22.04.yml index a4bed0a4e..1a2da380e 100644 --- a/.github/workflows/test-on-droplet-ubuntu-22.04.yml +++ b/.github/workflows/test-on-droplet-ubuntu-22.04.yml @@ -35,9 +35,9 @@ jobs: --image ubuntu-22-04-x64 \ --size c-2 \ --region fra1 \ - --vpc-uuid 8c422d04-5dfa-4eca-add7-1e41b5f60d39 \ + --vpc-uuid 992896c8-c089-4da3-9288-f81e28c095a4 \ --enable-ipv6 \ - --ssh-keys 18:09:36:58:79:44:bb:84:45:c8:6f:9a:f6:b8:0a:c5 \ + --ssh-keys b3:ff:08:7f:57:00:fd:7a:14:00:f2:35:0a:f6:e8:55 \ aleph-vm-ci-ubuntu-22-04 - name: Build Ubuntu Package @@ -91,4 +91,3 @@ jobs: if: always() run: | doctl compute droplet delete -f aleph-vm-ci-ubuntu-22-04 - diff --git a/docker/vm_supervisor-dev.dockerfile b/docker/vm_supervisor-dev.dockerfile index dcc586070..ee457230d 100644 --- a/docker/vm_supervisor-dev.dockerfile +++ b/docker/vm_supervisor-dev.dockerfile @@ -19,7 +19,7 @@ RUN curl -fsSL -o /opt/firecracker/vmlinux.bin https://s3.amazonaws.com/spec.ccf RUN ln /opt/firecracker/release-*/firecracker-v* /opt/firecracker/firecracker RUN ln /opt/firecracker/release-*/jailer-v* /opt/firecracker/jailer -RUN pip3 install typing-extensions 'aleph-message==0.4.0a2' +RUN pip3 install typing-extensions 'aleph-message==0.4.0' RUN mkdir -p /var/lib/aleph/vm/jailer diff --git a/examples/volumes/Dockerfile b/examples/volumes/Dockerfile index d21bffb23..6b85c1fff 100644 --- a/examples/volumes/Dockerfile +++ b/examples/volumes/Dockerfile @@ -6,6 +6,6 @@ RUN apt-get update && apt-get -y upgrade && apt-get install -y \ && rm -rf /var/lib/apt/lists/* RUN python3 -m venv /opt/venv -RUN /opt/venv/bin/pip install 'aleph-message==0.4.0a2' +RUN /opt/venv/bin/pip install 'aleph-message==0.4.0' CMD mksquashfs /opt/venv /mnt/volume-venv.squashfs diff --git a/packaging/Makefile b/packaging/Makefile index 3a222090d..fae419292 100644 --- a/packaging/Makefile +++ b/packaging/Makefile @@ -17,7 +17,7 @@ debian-package-code: cp ../examples/instance_message_from_aleph.json ./aleph-vm/opt/aleph-vm/examples/instance_message_from_aleph.json cp -r ../examples/data ./aleph-vm/opt/aleph-vm/examples/data mkdir -p ./aleph-vm/opt/aleph-vm/examples/volumes - pip3 install --target ./aleph-vm/opt/aleph-vm/ 'aleph-message==0.4.0a2' + pip3 install --target ./aleph-vm/opt/aleph-vm/ 'aleph-message==0.4.0' python3 -m compileall ./aleph-vm/opt/aleph-vm/ debian-package-resources: firecracker-bins vmlinux diff --git a/vm_supervisor/README.md b/vm_supervisor/README.md index 0281c775e..16a4a1414 100644 --- a/vm_supervisor/README.md +++ b/vm_supervisor/README.md @@ -87,7 +87,7 @@ is used to parse and validate Aleph messages. ```shell apt install -y --no-install-recommends --no-install-suggests python3-pip pip3 install pydantic[dotenv] -pip3 install 'aleph-message==0.4.0a2' +pip3 install 'aleph-message==0.4.0' ``` ### 2.f. Create the jailer working directory: diff --git a/vm_supervisor/conf.py b/vm_supervisor/conf.py index f3dd3befd..2fc00b091 100644 --- a/vm_supervisor/conf.py +++ b/vm_supervisor/conf.py @@ -112,7 +112,7 @@ class Settings(BaseSettings): ) IPV6_FORWARDING_ENABLED: bool = Field( default=True, - description="Enable IPv6 forwarding on the host. Required for IPv6 connectivity in VMs." + description="Enable IPv6 forwarding on the host. Required for IPv6 connectivity in VMs.", ) NFTABLES_CHAIN_PREFIX = "aleph" USE_NDP_PROXY: bool = Field(