Open baude opened 11 months ago
dustymabe
commented
11 months ago We discussed this at the community meeting today:
13:14:31* dustymabe | #agreed There are still some details to work out but adding this
| platform seems like a good idea to enable FCOS use cases on apple
| hardware, including podman machine and podman desktop.What is the official name of the platform? Is there a short name that's commonly used in client API implementations?
No response
Since we'll need to come up with a platform identifier for this we kind of need some answer here.
How can the OS retrieve instance userdata? What happens if no userdata is provided?
In discussing this, bgilbert and I agreed that injection of ignition data would be done by vsock. Podman will inject the ignition file into vsock and ignition will be taught to read it on the Linux side from vsock.
This has been tested and works nicely and reliably.
Are there open PRs for this work?
Does the platform provide a way to configure SSH keys for the instance? How can the OS retrieve them? What happens if none are provided?
No
I assume the answer to the follow on questions of "How can the OS retrieve them" is that the user must include the SSH keys in their Ignition config?
In particular, how can the OS retrieve the system hostname?
It cannot
Does that mean these systems by default will have localhost as their hostname?
Does the platform require the OS to have a specific console configuration?
No console is provided b y default.
At all? No serial console or VGA console? People only use SSH to interact?
Is there a mechanism for the OS to report to the platform that it has successfully booted? Is the mechanism required?
In Podman, we use a notification via a socket and a systemd service.
This answer is podman machine/desktop specific because podman is providing some of the "platform", which is OK.
I think in general the non-podman answer to this question is: "No".
How are VM images uploaded to the platform and published to other users? Is there an API? What disk image format is expected?
It uses raw image.
If that's the case we'll most likely compress it. Is there a type of compression that is preferred? raw.xz?
Are there any other platform quirks we should know about?
Currently, some of the virtual devices are not in the initrd and need to be; vsock, virtual-gpu, etc.
Are there open PRs to address those issues?
baude
commented
11 months ago What is the official name of the platform? Is there a short name that's commonly used in client API implementations?
No response
Since we'll need to come up with a platform identifier for this we kind of need some answer here.
I have only seen it referred to as the Apple Hypervisor. I have been shortnaming it applehv. See https://developer.apple.com/documentation/hypervisor
How can the OS retrieve instance userdata? What happens if no userdata is provided?
In discussing this, bgilbert and I agreed that injection of ignition data would be done by vsock. Podman will inject the ignition file into vsock and ignition will be taught to read it on the Linux side from vsock. This has been tested and works nicely and reliably.
Are there open PRs for this work?
No, I will submit all my PRs once the "paperwork" looks good.
Does the platform provide a way to configure SSH keys for the instance? How can the OS retrieve them? What happens if none are provided?
No
I assume the answer to the follow on questions of "How can the OS retrieve them" is that the user must include the SSH keys in their Ignition config?
Correct.
In particular, how can the OS retrieve the system hostname?
It cannot
Does that mean these systems by default will have
localhostas their hostname?
Point of clarification. The system can use dhcp to get its hostname. If dhcp sends it, then it is honored.
Does the platform require the OS to have a specific console configuration?
No console is provided b y default.
At all? No serial console or VGA console? People only use SSH to interact?
By default there is no console. You can activate a GUI console similar to QEMU's and you can also activate a serial console.
Is there a mechanism for the OS to report to the platform that it has successfully booted? Is the mechanism required?
In Podman, we use a notification via a socket and a systemd service.
This answer is podman machine/desktop specific because podman is providing some of the "platform", which is OK.
I think in general the non-podman answer to this question is: "No".
If one activates the not-by-default console, then the user can see that it is booted.
How are VM images uploaded to the platform and published to other users? Is there an API? What disk image format is expected?
It uses raw image.
If that's the case we'll most likely compress it. Is there a type of compression that is preferred?
raw.xz?
MacOS has native gzip. I used gzip in my not-yet-submitted PRs.
Are there any other platform quirks we should know about?
Currently, some of the virtual devices are not in the initrd and need to be; vsock, virtual-gpu, etc.
Are there open PRs to address those issues?
No, again, no sense in submitted until the paperwork is in order.
dustymabe
commented
11 months ago I have only seen it referred to as the Apple Hypvervisor. I have been shortnaming it
applehv. See https://developer.apple.com/documentation/hypervisor
Given the information applehv seems reasonable.
Point of clarification. The system can use dhcp to get its hostname. If dhcp sends it, then it is honored.
Hmm. And how is it set in DHCP? Does the user provide that information? I wish it would just default to give a DHCP hostname that matches whatever the VM name is.
By default there is no console. You can activate a GUI console similar to QEMU's and you can also activate a serial console.
Hmm. OK. I guess we'd need to determine what the most sane defaults are and update https://github.com/coreos/fedora-coreos-config/blob/testing-devel/platforms.yaml
If one activates the not-by-default console, then the user can see that it is booted.
👍
MacOS has native gzip. I used gzip in my not-yet-submitted PRs.
👍
Why is the platform important? Who uses it?
All recent versions of MacOS now have a native apple hypervisor on both Intel and Apple silicon hardware. APIs are exposed via the operating system but there is no virtual machine manager (like virt-manager, etc) as of this writing.
This support is critical for supporting Podman machine and hence Podman Desktop. We currently support QEMU on MacOS but the native hypervisor implementation is much faster. Moreover, it eliminates the need for Qemu which can be difficult to compile on MacOS.
What is the official name of the platform? Is there a short name that's commonly used in client API implementations?
No response
How can the OS retrieve instance userdata? What happens if no userdata is provided?
In discussing this, bgilbert and I agreed that injection of ignition data would be done by vsock. Podman will inject the ignition file into vsock and ignition will be taught to read it on the Linux side from vsock.
This has been tested and works nicely and reliably.
Does the platform provide a way to configure SSH keys for the instance? How can the OS retrieve them? What happens if none are provided?
No
How can the OS retrieve network configuration? Is DHCP sufficient, or is there some other network-accessible metadata service?
DHCP
In particular, how can the OS retrieve the system hostname?
It cannot
Does the platform require the OS to have a specific console configuration?
No console is provided by default.
Is there a mechanism for the OS to report to the platform that it has successfully booted? Is the mechanism required?
In Podman, we use a notification via a socket and a systemd service.
Does the platform have an agent that runs inside the instance? Is it required? What does it do? What language is it implemented in, and where is the source code repository?
No agent
How are VM images uploaded to the platform and published to other users? Is there an API? What disk image format is expected?
It uses raw image.
Are there any other platform quirks we should know about?
Currently, some of the virtual devices are not in the initrd and need to be; vsock, virtual-gpu, etc.