support cloud init on macOS

when using a RHEL VM cloud-init is preferred over ignitioni for customizing the VM.
With crc-org/vfkit#208 vfkit will be able to accept
raw config files to enable cloud-init.

This patch adds the logic to create a user-data config file to register users + their ssh key by leveraging cloud-init

Signed-off-by: Luca Stocchi <[email protected]>

Author: lstocchi

pkg/machine/apple/apple.go

@@ -9,13 +9,15 @@ import (
 	"net"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"syscall"
 	"time"
 
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/strongunits"
 	gvproxy "github.com/containers/gvisor-tap-vsock/pkg/types"
 	"github.com/containers/podman/v5/pkg/machine"
+	"github.com/containers/podman/v5/pkg/machine/cloudinit"
 	"github.com/containers/podman/v5/pkg/machine/define"
 	"github.com/containers/podman/v5/pkg/machine/ignition"
 	"github.com/containers/podman/v5/pkg/machine/sockets"
@@ -141,10 +143,6 @@ func GenerateSystemDFilesForVirtiofsMounts(mounts []machine.VirtIoFs) ([]ignitio
 
 // StartGenericAppleVM is wrapped by apple provider methods and starts the vm
 func StartGenericAppleVM(mc *vmconfigs.MachineConfig, cmdBinary string, bootloader vfConfig.Bootloader, endpoint string) (func() error, func() error, error) {
-	var (
-		ignitionSocket *define.VMFile
-	)
-
 	// Add networking
 	netDevice, err := vfConfig.VirtioNetNew(applehvMACAddress)
 	if err != nil {
@@ -209,11 +207,6 @@ func StartGenericAppleVM(mc *vmconfigs.MachineConfig, cmdBinary string, bootload
 		return nil, nil, err
 	}
 
-	machineDataDir, err := mc.DataDir()
-	if err != nil {
-		return nil, nil, err
-	}
-
 	cmd.Args = append(cmd.Args, endpointArgs...)
 
 	firstBoot, err := mc.IsFirstBoot()
@@ -231,31 +224,18 @@ func StartGenericAppleVM(mc *vmconfigs.MachineConfig, cmdBinary string, bootload
 	}
 
 	if firstBoot {
-		// If this is the first boot of the vm, we need to add the vsock
-		// device to vfkit so we can inject the ignition file
-		socketName := fmt.Sprintf("%s-%s", mc.Name, ignitionSocketName)
-		ignitionSocket, err = machineDataDir.AppendToNewVMFile(socketName, &socketName)
-		if err != nil {
-			return nil, nil, err
-		}
-		if err := ignitionSocket.Delete(); err != nil {
-			logrus.Errorf("unable to delete ignition socket: %q", err)
+		var firstBootCli []string
+		if mc.CloudInit {
+			firstBootCli, err = getFirstBootAppleVMCloudInit(mc)
+		} else {
+			firstBootCli, err = getFirstBootAppleVMIgnition(mc)
 		}
 
-		ignitionVsockDeviceCLI, err := GetIgnitionVsockDeviceAsCLI(ignitionSocket.GetPath())
 		if err != nil {
 			return nil, nil, err
 		}
-		cmd.Args = append(cmd.Args, ignitionVsockDeviceCLI...)
-
 		logrus.Debug("first boot detected")
-		logrus.Debugf("serving ignition file over %s", ignitionSocket.GetPath())
-		go func() {
-			if err := ServeIgnitionOverSock(ignitionSocket, mc); err != nil {
-				logrus.Error(err)
-			}
-			logrus.Debug("ignition vsock server exited")
-		}()
+		cmd.Args = append(cmd.Args, firstBootCli...)
 	}
 
 	logrus.Debugf("listening for ready on: %s", readySocket.GetPath())
@@ -351,6 +331,76 @@ func StartGenericAppleVM(mc *vmconfigs.MachineConfig, cmdBinary string, bootload
 	return cmd.Process.Release, returnFunc, nil
 }
 
+func getFirstBootAppleVMIgnition(mc *vmconfigs.MachineConfig) ([]string, error) {
+	machineDataDir, err := mc.DataDir()
+	if err != nil {
+		return nil, err
+	}
+
+	// If this is the first boot of the vm, we need to add the vsock
+	// device to vfkit so we can inject the ignition file
+	socketName := fmt.Sprintf("%s-%s", mc.Name, ignitionSocketName)
+	ignitionSocket, err := machineDataDir.AppendToNewVMFile(socketName, &socketName)
+	if err != nil {
+		return nil, err
+	}
+	if err := ignitionSocket.Delete(); err != nil {
+		logrus.Errorf("unable to delete ignition socket: %q", err)
+	}
+
+	ignitionVsockDeviceCLI, err := GetIgnitionVsockDeviceAsCLI(ignitionSocket.GetPath())
+	if err != nil {
+		return nil, err
+	}
+
+	logrus.Debugf("serving ignition file over %s", ignitionSocket.GetPath())
+	go func() {
+		if err := ServeIgnitionOverSock(ignitionSocket, mc); err != nil {
+			logrus.Error(err)
+		}
+		logrus.Debug("ignition vsock server exited")
+	}()
+
+	return ignitionVsockDeviceCLI, nil
+}
+
+func getFirstBootAppleVMCloudInit(mc *vmconfigs.MachineConfig) ([]string, error) {
+	sshKey, err := machine.GetSSHKeys(mc.SSH.IdentityPath)
+	if err != nil {
+		return nil, err
+	}
+
+	machineDataDir, err := mc.DataDir()
+	if err != nil {
+		return nil, err
+	}
+
+	// delete previous user-data, if any
+	if err := os.Remove(filepath.Join(machineDataDir.Path, "user-data")); err != nil && !os.IsNotExist(err) {
+		return nil, err
+	}
+
+	// we generate the user-data file
+	userDataFile, err := cloudinit.GenerateUserData(machineDataDir.Path, cloudinit.UserData{
+		Users: []cloudinit.User{
+			cloudinit.User{
+				Name:   mc.SSH.RemoteUsername,
+				Sudo:   "ALL=(ALL) NOPASSWD:ALL",
+				Shell:  "/bin/bash",
+				Groups: "users",
+				SSHKeys: []string{
+					sshKey,
+				},
+			},
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return []string{"--cloud-init", userDataFile}, nil
+}
+
 // CheckProcessRunning checks non blocking if the pid exited
 // returns nil if process is running otherwise an error if not
 func CheckProcessRunning(processName string, pid int) error {

pkg/machine/cloudinit/cloudinit.go

@@ -0,0 +1,40 @@
+package cloudinit
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/sirupsen/logrus"
+	"gopkg.in/yaml.v3"
+)
+
+type User struct {
+	Name    string   `yaml:"name"`
+	Sudo    string   `yaml:"sudo"`
+	Shell   string   `yaml:"shell"`
+	Groups  string   `yaml:"groups"`
+	SSHKeys []string `yaml:"ssh_authorized_keys"`
+}
+
+type UserData struct {
+	Users []User `yaml:"users"`
+}
+
+func GenerateUserData(dir string, data UserData) (string, error) {
+	yamlBytes, err := yaml.Marshal(&data)
+	if err != nil {
+		logrus.Errorf("Error marshaling to YAML: %v", err)
+		return "", err
+	}
+
+	headerLine := "#cloud-config\n"
+	yamlBytes = append([]byte(headerLine), yamlBytes...)
+
+	path := filepath.Join(dir, "user-data")
+	err = os.WriteFile(path, yamlBytes, 0644)
+	if err != nil {
+		logrus.Errorf("Error creating temp file: %v", err)
+		return "", err
+	}
+	return path, nil
+}

pkg/machine/define/initopts.go

@@ -21,4 +21,5 @@ type InitOptions struct {
 	UserModeNetworking *bool  // nil = use backend/system default, false = disable, true = enable
 	USBs               []string
 	ImagePuller        ImagePuller
+	CloudInit          bool
 }

pkg/machine/vmconfigs/config.go

@@ -53,6 +53,8 @@ type MachineConfig struct {
 	Starting bool
 
 	Rosetta bool
+
+	CloudInit bool
 }
 
 type machineImage interface { //nolint:unused

pkg/machine/vmconfigs/machine.go

@@ -96,6 +96,7 @@ func NewMachineConfig(opts define.InitOptions, dirs *define.MachineDirs, sshIden
 	mc.Created = time.Now()
 
 	mc.HostUser = HostUser{UID: getHostUID(), Rootful: opts.Rootful}
+	mc.CloudInit = opts.CloudInit
 
 	return mc, nil
 }