providers/applehv: Add Apple Hypervisor

* Add applehv platform
* Ignintion read from vsock connection with the host

See coreos/fedora-coreos-tracker#1533 and
coreos/fedora-coreos-tracker#1548

Signed-off-by: Brent Baude <[email protected]>

docs/release-notes.md

@@ -10,6 +10,7 @@ nav_order: 9
 
 
 ### Features
+- Support the native Apple Hypervisor
 
 
 ### Changes

docs/supported-platforms.md

@@ -7,6 +7,7 @@ nav_order: 8
 Ignition is currently only supported for the following platforms:
 
 * [Alibaba Cloud] (`aliyun`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
+* [Apple Hypervisor] (`applehv`) - Ignition will read its configuration using an HTTP GET over a vsock connection with its host on port 1024.
 * [Amazon Web Services] (`aws`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
 * [Microsoft Azure] (`azure`)- Ignition will read its configuration from the custom data provided to the instance. Cloud SSH keys are handled separately.
 * [Microsoft Azure Stack] (`azurestack`) - Ignition will read its configuration from the custom data provided to the instance. Cloud SSH keys are handled separately.
@@ -34,6 +35,7 @@ Ignition is under active development, so this list may grow over time.
 For most cloud providers, cloud SSH keys and custom network configuration are handled by [Afterburn].
 
 [Alibaba Cloud]: https://www.alibabacloud.com/product/ecs
+[Apple Hypervisor]: https://developer.apple.com/documentation/hypervisor
 [Amazon Web Services]: https://aws.amazon.com/ec2/
 [Microsoft Azure]: https://azure.microsoft.com/en-us/services/virtual-machines/
 [Microsoft Azure Stack]: https://azure.microsoft.com/en-us/overview/azure-stack/

dracut/30ignition/module-setup.sh

@@ -100,4 +100,10 @@ install() {
 installkernel() {
  # required by hyperv platform to read kvp from the kernel
  instmods hv_utils
+
+ # required by applehv platform to read ignition file through vsock
+ instmods -c vsock
+ instmods -c vmw_vsock_virtio_transport_common
+ instmods -c vmw_vsock_virtio_transport
 }
+

go.mod

@@ -13,6 +13,7 @@ require (
  github.com/coreos/vcontext v0.0.0-20230201181013-d72178a18687
  github.com/google/renameio/v2 v2.0.0
  github.com/google/uuid v1.3.0
+ github.com/mdlayher/vsock v1.2.1
  github.com/mitchellh/copystructure v1.2.0
  github.com/pin/tftp v2.1.0+incompatible
  github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace
@@ -40,6 +41,7 @@ require (
  github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
  github.com/googleapis/gax-go/v2 v2.12.0 // indirect
  github.com/jmespath/go-jmespath v0.4.0 // indirect
+ github.com/mdlayher/socket v0.4.1 // indirect
  github.com/mitchellh/reflectwalk v1.0.2 // indirect
  github.com/pmezard/go-difflib v1.0.0 // indirect
  go.opencensus.io v0.24.0 // indirect

go.sum

@@ -94,6 +94,10 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U=
+github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA=
+github.com/mdlayher/vsock v1.2.1 h1:pC1mTJTvjo1r9n9fbm7S1j04rCgCzhCOS5DY0zqHlnQ=
+github.com/mdlayher/vsock v1.2.1/go.mod h1:NRfCibel++DgeMD8z/hP+PPTjlNJsdPOmxcnENvE+SE=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=

internal/providers/applehv/applehv.go

@@ -0,0 +1,101 @@
+// Copyright 2023 Red Hat
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package applehv
+
+import (
+ "context"
+ "fmt"
+ "io"
+ "net"
+ "net/http"
+ "os/exec"
+
+ "github.com/coreos/ignition/v2/config/v3_5_experimental/types"
+ "github.com/coreos/ignition/v2/internal/distro"
+ "github.com/coreos/ignition/v2/internal/platform"
+ "github.com/coreos/ignition/v2/internal/providers/util"
+ "github.com/coreos/ignition/v2/internal/resource"
+ "github.com/coreos/vcontext/report"
+ "github.com/mdlayher/vsock"
+)
+
+/*
+ To test this with qemu, we should simply add a vsock connection to the qemu call. We would then
+ need an httpd server that is capable of responding to a GET over vsock. Alternatively, the httpd
+ server could listen on a unix domain socket (uds) and a utility would need to be written that copies
+ from the vsock <-> uds
+*/
+
+func init() {
+ platform.Register(platform.Provider{
+ Name: "applehv",
+ Fetch: fetchConfig,
+ })
+}
+
+func fetchConfig(f *resource.Fetcher) (types.Config, report.Report, error) {
+ // the vsock module must be built into the kernel or loaded so we can communicate
+ // with the host
+ if _, err := f.Logger.LogCmd(exec.Command(distro.ModprobeCmd(), "vsock"), "Loading vsock kernel module"); err != nil {
+ f.Logger.Err("failed to install vsock kernel module: %v", err)
+ return types.Config{}, report.Report{}, fmt.Errorf("failed to install vsock kernel module: %v", err)
+ }
+
+ // we use an httpd GET overt vsock to fetch the ignition file. the
+ // vsock connection itself is begun here
+ // ID =2 is shorthand for "the host"
+ //
+ conn, err := vsock.Dial(2, 1024, &vsock.Config{})
+ if err != nil {
+ return types.Config{}, report.Report{}, err
+ }
+ defer func() {
+ if err := conn.Close(); err != nil {
+ f.Logger.Err("unable to close vsock connection: %v", err)
+ }
+ }()
+
+ req, err := http.NewRequest(http.MethodGet, "http://d/", nil)
+ if err != nil {
+ return types.Config{}, report.Report{}, err
+ }
+ req.Header.Set("Accept", "application/json")
+
+ client := http.Client{
+ Transport: &http.Transport{
+ DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) {
+ return conn, nil
+ },
+ },
+ }
+
+ resp, err := client.Do(req)
+ if err != nil {
+ return types.Config{}, report.Report{}, err
+ }
+
+ defer func() {
+ if err := resp.Body.Close(); err != nil {
+ f.Logger.Err("unable to close response body: %v", err)
+ }
+ }()
+
+ b, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return types.Config{}, report.Report{}, err
+ }
+
+ return util.ParseConfig(f.Logger, b)
+}

internal/register/providers.go

@@ -16,6 +16,7 @@ package register
 
 import (
  _ "github.com/coreos/ignition/v2/internal/providers/aliyun"
+ _ "github.com/coreos/ignition/v2/internal/providers/applehv"
  _ "github.com/coreos/ignition/v2/internal/providers/aws"
  _ "github.com/coreos/ignition/v2/internal/providers/azure"
  _ "github.com/coreos/ignition/v2/internal/providers/azurestack"