From 45c5117aaa4a5b52583d0caad364f455b4ff1390 Mon Sep 17 00:00:00 2001
From: Praveen Kumar <kumarpraveen.nitdgp@gmail.com>
Date: Fri, 24 Mar 2023 16:34:15 +0530
Subject: [PATCH] Update gvisor-tap service by using nmcli and binary from
 container image

This patch do following
- Create a tap device using nmcli with a hard coded mac address, this
mac address is mapped in the crc daemon lease which provide
`192.168.127.2` IP address to the VM.
- copy the `vm` binary from container image and put it to /usr/local/bin
- modify gvisor-tap-vsock service to use the `vm` binary instead running
the container using podman
---
 createdisk.sh | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/createdisk.sh b/createdisk.sh
index ef400ac5..97ce1b39 100755
--- a/createdisk.sh
+++ b/createdisk.sh
@@ -92,10 +92,32 @@ if podman manifest inspect quay.io/crcont/dnsmasq:${OPENSHIFT_VERSION} >/dev/nul
     image_tag=${OPENSHIFT_VERSION}
 fi
 
+# create the tap device interface with specified mac address
+# this mac addresss is used to allocate a specific IP to the VM
+# when tap device is in use.
+${SSH} core@${VM_IP} 'sudo bash -x -s' <<EOF
+  nmcli connection add type tun ifname tap0 con-name tap0 mode tap autoconnect yes 802-3-ethernet.cloned-mac-address 5A:94:EF:E4:0C:EE
+EOF
+
 # Add gvisor-tap-vsock and crc-dnsmasq services
 ${SSH} core@${VM_IP} 'sudo bash -x -s' <<EOF
-  podman create --name=gvisor-tap-vsock --privileged --net=host -v /etc/resolv.conf:/etc/resolv.conf -it quay.io/crcont/gvisor-tap-vsock:latest
-  podman generate systemd --restart-policy=no gvisor-tap-vsock > /etc/systemd/system/gvisor-tap-vsock.service
+  podman create --name=gvisor-tap-vsock quay.io/crcont/gvisor-tap-vsock:latest
+  podman cp gvisor-tap-vsock:/vm /usr/local/bin/
+  podman rm gvisor-tap-vsock
+  tee /etc/systemd/system/gvisor-tap-vsock.service <<ETE
+[Unit]
+Description=gvisor-tap-vsock traffic forwarder
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Restart=on-failure
+TimeoutStopSec=70
+ExecStart=/usr/local/bin/vm -preexisting -debug
+
+[Install]
+WantedBy=default.target
+ETE
   touch /var/srv/dnsmasq.conf
   podman create --ip 10.88.0.8 --name crc-dnsmasq -v /var/srv/dnsmasq.conf:/etc/dnsmasq.conf -p 53:53/udp --privileged quay.io/crcont/dnsmasq:${image_tag}
   podman generate systemd --restart-policy=no crc-dnsmasq > /etc/systemd/system/crc-dnsmasq.service