Update gvisor-tap service by using nmcli and binary from container image

This patch do following - Create a tap device using nmcli with a hard coded mac address, this mac address is mapped in the crc daemon lease which provide `192.168.127.2` IP address to the VM. - copy the `vm` binary from container image and put it to /usr/local/bin - modify gvisor-tap-vsock service to use the `vm` binary instead running the container using podman
crc-org · Mar 24, 2023 · 87b7be3 · 87b7be3
1 parent 2d8a74e
commit 87b7be3
Showing 1 changed file with 24 additions and 2 deletions.
diff --git a/createdisk.sh b/createdisk.sh
@@ -92,10 +92,32 @@ if podman manifest inspect quay.io/crcont/dnsmasq:${OPENSHIFT_VERSION} >/dev/nul
     image_tag=${OPENSHIFT_VERSION}
 fi
 
+# create the tap device interface with specified mac address
+# this mac addresss is used to allocate a specific IP to the VM
+# when tap device is in use.
+${SSH} core@${VM_IP} 'sudo bash -x -s' <<EOF
+  nmcli connection add type tun ifname tap0 con-name tap0 mode tap autoconnect yes 802-3-ethernet.cloned-mac-address 5A:94:EF:E4:0C:EE
+EOF
+
 # Add gvisor-tap-vsock and crc-dnsmasq services
 ${SSH} core@${VM_IP} 'sudo bash -x -s' <<EOF
-  podman create --name=gvisor-tap-vsock --privileged --net=host -v /etc/resolv.conf:/etc/resolv.conf -it quay.io/crcont/gvisor-tap-vsock:latest
-  podman generate systemd --restart-policy=no gvisor-tap-vsock > /etc/systemd/system/gvisor-tap-vsock.service
+  podman create --name=gvisor-tap-vsock quay.io/crcont/gvisor-tap-vsock:latest
+  podman cp gvisor-tap-vsock:/vm /usr/local/bin/
+  podman rm gvisor-tap-vsock
+  tee /etc/systemd/system/gvisor-tap-vsock.service <<ETE
+[Unit]
+Description=gvisor-tap-vsock traffic forwarder
+After=network-pre.target
+Before=NetworkManager.service
+
+[Service]
+Restart=on-failure
+TimeoutStopSec=70
+ExecStart=/usr/local/bin/vm -preexisting -debug
+
+[Install]
+WantedBy=default.target
+ETE
   touch /var/srv/dnsmasq.conf
   podman create --ip 10.88.0.8 --name crc-dnsmasq -v /var/srv/dnsmasq.conf:/etc/dnsmasq.conf -p 53:53/udp --privileged quay.io/crcont/dnsmasq:${image_tag}
   podman generate systemd --restart-policy=no crc-dnsmasq > /etc/systemd/system/crc-dnsmasq.service