search

confidential-containers / cloud-api-adaptor

Ability to create Kata pods using cloud provider APIs aka the peer-pods approach
Apache License 2.0
48 stars 88 forks source link

test/e2e/libvirt: create network and storage if not exist #1165

Open wainersm opened 1 year ago

wainersm commented 1 year ago

You are allowed to pass a value for Libvirt Network and Storage pool via properties, respectively, libvirt_network and libvirt_storage but if they weren't created beforehand then the execution stops at https://github.com/confidential-containers/cloud-api-adaptor/tree/main/test/provisioner#L115 or https://github.com/confidential-containers/cloud-api-adaptor/tree/main/test/provisioner#L119.

We should create the network and storage pool if they doesn't exist. Also if they were created (i.e. not the default value) then they should be deleted on the DeleteVPC().

bookinabox commented 1 year ago

I worked a little on this, though not enough to push anything. I might not circle back to this for a little bit, so if anyone wants to take it on, feel free. edit: going to push something for this soon, but will rely on #1244

One issue that I think comes up is determining the static route ip and dhcp range of the network. We might need to look through the ip addresses to determine what is free. LIBVIRT_IP might also need to be exported to use the new ip. Also, in kcli_cluster, we will probably need to override the network when we call kcli.

edit: just going to try all the up addresses and if they conflict, my understanding is I can just handle the error libvirt-go will throw and try another.

We were thinking as of now, that if the network/vol is defined but destroyed, it should error out. The thought process being it would be ambiguous whether they were trying to create a new temporary one or start the defined resource. It also seems possible unintended side-effects might occur otherwise.

bookinabox commented 1 year ago

Decided to make the storage pool directory in the /tmp dir, but having some troubles with the qemu uid not haivng permissions to access it. There is most likely an easy way to change the permissions to allow this to work though.

edit: It looks like the image files are being created by the root user instead of the qemu user for whatever reason. edit2: this only happens for the ctl and worker imgs if the dir is in /tmp it looks like. But it seems like for podvm.qcow2 it is being created by root still even when I move the pool outside of temp, but that does not seem to pose any issues.