support cloud init on macOS

lstocchi · lstocchi · commit 07572b4311d6 · 2025-02-26T18:08:56.000+01:00
when using a RHEL VM cloud-init is preferred over ignitioni for customizing the VM. With crc-org/vfkit#208 vfkit will be able to accept raw config files to enable cloud-init. This patch adds the logic to create a user-data config file to register users + their ssh key by leveraging cloud-init Signed-off-by: Luca Stocchi <lstocchi@redhat.com>
diff --git a/pkg/machine/apple/apple.go b/pkg/machine/apple/apple.go
@@ -16,6 +16,7 @@ import (
 	"github.com/containers/common/pkg/strongunits"
 	gvproxy "github.com/containers/gvisor-tap-vsock/pkg/types"
 	"github.com/containers/podman/v5/pkg/machine"
+	"github.com/containers/podman/v5/pkg/machine/cloudinit"
 	"github.com/containers/podman/v5/pkg/machine/define"
 	"github.com/containers/podman/v5/pkg/machine/ignition"
 	"github.com/containers/podman/v5/pkg/machine/sockets"
@@ -141,10 +142,6 @@ func GenerateSystemDFilesForVirtiofsMounts(mounts []machine.VirtIoFs) ([]ignitio
 
 // StartGenericAppleVM is wrapped by apple provider methods and starts the vm
 func StartGenericAppleVM(mc *vmconfigs.MachineConfig, cmdBinary string, bootloader vfConfig.Bootloader, endpoint string) (func() error, func() error, error) {
-	var (
-		ignitionSocket *define.VMFile
-	)
-
 	// Add networking
 	netDevice, err := vfConfig.VirtioNetNew(applehvMACAddress)
 	if err != nil {
@@ -209,11 +206,6 @@ func StartGenericAppleVM(mc *vmconfigs.MachineConfig, cmdBinary string, bootload
 		return nil, nil, err
 	}
 
-	machineDataDir, err := mc.DataDir()
-	if err != nil {
-		return nil, nil, err
-	}
-
 	cmd.Args = append(cmd.Args, endpointArgs...)
 
 	firstBoot, err := mc.IsFirstBoot()
@@ -231,31 +223,18 @@ func StartGenericAppleVM(mc *vmconfigs.MachineConfig, cmdBinary string, bootload
 	}
 
 	if firstBoot {
-		// If this is the first boot of the vm, we need to add the vsock
-		// device to vfkit so we can inject the ignition file
-		socketName := fmt.Sprintf("%s-%s", mc.Name, ignitionSocketName)
-		ignitionSocket, err = machineDataDir.AppendToNewVMFile(socketName, &socketName)
-		if err != nil {
-			return nil, nil, err
-		}
-		if err := ignitionSocket.Delete(); err != nil {
-			logrus.Errorf("unable to delete ignition socket: %q", err)
+		var firstBootCli []string
+		if mc.CloudInit {
+			firstBootCli, err = getFirstBootAppleVMCloudInit(mc)
+		} else {
+			firstBootCli, err = getFirstBootAppleVMIgnition(mc)
 		}
 
-		ignitionVsockDeviceCLI, err := GetIgnitionVsockDeviceAsCLI(ignitionSocket.GetPath())
 		if err != nil {
 			return nil, nil, err
 		}
-		cmd.Args = append(cmd.Args, ignitionVsockDeviceCLI...)
-
 		logrus.Debug("first boot detected")
-		logrus.Debugf("serving ignition file over %s", ignitionSocket.GetPath())
-		go func() {
-			if err := ServeIgnitionOverSock(ignitionSocket, mc); err != nil {
-				logrus.Error(err)
-			}
-			logrus.Debug("ignition vsock server exited")
-		}()
+		cmd.Args = append(cmd.Args, firstBootCli...)
 	}
 
 	logrus.Debugf("listening for ready on: %s", readySocket.GetPath())
@@ -351,6 +330,68 @@ func StartGenericAppleVM(mc *vmconfigs.MachineConfig, cmdBinary string, bootload
 	return cmd.Process.Release, returnFunc, nil
 }
 
+func getFirstBootAppleVMIgnition(mc *vmconfigs.MachineConfig) ([]string, error) {
+	machineDataDir, err := mc.DataDir()
+	if err != nil {
+		return nil, err
+	}
+
+	// If this is the first boot of the vm, we need to add the vsock
+	// device to vfkit so we can inject the ignition file
+	socketName := fmt.Sprintf("%s-%s", mc.Name, ignitionSocketName)
+	ignitionSocket, err := machineDataDir.AppendToNewVMFile(socketName, &socketName)
+	if err != nil {
+		return nil, err
+	}
+	if err := ignitionSocket.Delete(); err != nil {
+		logrus.Errorf("unable to delete ignition socket: %q", err)
+	}
+
+	ignitionVsockDeviceCLI, err := GetIgnitionVsockDeviceAsCLI(ignitionSocket.GetPath())
+	if err != nil {
+		return nil, err
+	}
+
+	logrus.Debugf("serving ignition file over %s", ignitionSocket.GetPath())
+	go func() {
+		if err := ServeIgnitionOverSock(ignitionSocket, mc); err != nil {
+			logrus.Error(err)
+		}
+		logrus.Debug("ignition vsock server exited")
+	}()
+
+	return ignitionVsockDeviceCLI, nil
+}
+
+func getFirstBootAppleVMCloudInit(mc *vmconfigs.MachineConfig) ([]string, error) {
+	sshKey, err := machine.GetSSHKeys(mc.SSH.IdentityPath)
+	if err != nil {
+		return nil, err
+	}
+
+	tempDir, err := os.MkdirTemp("", "cloud-init-macadam-")
+	if err != nil {
+		return nil, err
+	}
+
+	// we generate the user-data file
+	userDataFile, err := cloudinit.GenerateUserData(tempDir, cloudinit.UserData{
+		Users: []cloudinit.User{
+			cloudinit.User{
+				Name:   mc.SSH.RemoteUsername,
+				Sudo:   "ALL=(ALL) NOPASSWD:ALL",
+				Shell:  "/bin/bash",
+				Groups: "users",
+				SSHKeys: []string{
+					sshKey,
+				},
+			},
+		},
+	})
+
+	return []string{"--cloud-init", userDataFile}, nil
+}
+
 // CheckProcessRunning checks non blocking if the pid exited
 // returns nil if process is running otherwise an error if not
 func CheckProcessRunning(processName string, pid int) error {
diff --git a/pkg/machine/cloudinit/cloudinit.go b/pkg/machine/cloudinit/cloudinit.go
@@ -0,0 +1,38 @@
+package cloudinit
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/sirupsen/logrus"
+	"gopkg.in/yaml.v3"
+)
+
+type User struct {
+	Name    string   `yaml:"name"`
+	Sudo    string   `yaml:"sudo"`
+	Shell   string   `yaml:"shell"`
+	Groups  string   `yaml:"groups"`
+	SSHKeys []string `yaml:"ssh_authorized_keys"`
+}
+
+type UserData struct {
+	Users []User `yaml:"users"`
+}
+
+func GenerateUserData(dir string, data UserData) (string, error) {
+	yamlBytes, err := yaml.Marshal(&data)
+	if err != nil {
+		logrus.Errorf("Error marshaling to YAML: %v", err)
+	}
+
+	headerLine := "#cloud-config\n"
+	yamlBytes = append([]byte(headerLine), yamlBytes...)
+
+	path := filepath.Join(dir, "user-data")
+	err = os.WriteFile(path, yamlBytes, 0644)
+	if err != nil {
+		logrus.Errorf("Error creating temp file: %v", err)
+	}
+	return path, nil
+}
diff --git a/pkg/machine/define/initopts.go b/pkg/machine/define/initopts.go
@@ -21,4 +21,5 @@ type InitOptions struct {
 	UserModeNetworking *bool  // nil = use backend/system default, false = disable, true = enable
 	USBs               []string
 	ImagePuller        ImagePuller
+	CloudInit          bool
 }
diff --git a/pkg/machine/vmconfigs/config.go b/pkg/machine/vmconfigs/config.go
@@ -53,6 +53,8 @@ type MachineConfig struct {
 	Starting bool
 
 	Rosetta bool
+
+	CloudInit bool
 }
 
 type machineImage interface { //nolint:unused
diff --git a/pkg/machine/vmconfigs/machine.go b/pkg/machine/vmconfigs/machine.go
@@ -96,6 +96,7 @@ func NewMachineConfig(opts define.InitOptions, dirs *define.MachineDirs, sshIden
 	mc.Created = time.Now()
 
 	mc.HostUser = HostUser{UID: getHostUID(), Rootful: opts.Rootful}
+	mc.CloudInit = opts.CloudInit
 
 	return mc, nil
 }

Original file line number	Diff line number	Diff line change
`@@ -21,4 +21,5 @@ type InitOptions struct {`
`21`	`21`	`UserModeNetworking *bool // nil = use backend/system default, false = disable, true = enable`
`22`	`22`	`USBs []string`
`23`	`23`	`ImagePuller ImagePuller`
	`24`	`+ CloudInit bool`
`24`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,8 @@ type MachineConfig struct {`
`53`	`53`	`Starting bool`
`54`	`54`
`55`	`55`	`Rosetta bool`
	`56`	`+`
	`57`	`+ CloudInit bool`
`56`	`58`	`}`
`57`	`59`
`58`	`60`	`type machineImage interface { //nolint:unused`
Original file line number	Diff line number	Diff line change
`@@ -96,6 +96,7 @@ func NewMachineConfig(opts define.InitOptions, dirs *define.MachineDirs, sshIden`
`96`	`96`	`mc.Created = time.Now()`
`97`	`97`
`98`	`98`	`mc.HostUser = HostUser{UID: getHostUID(), Rootful: opts.Rootful}`
	`99`	`+ mc.CloudInit = opts.CloudInit`
`99`	`100`
`100`	`101`	`return mc, nil`
`101`	`102`	`}`