kola: provide internet access to qemu VM #167

tormath1 · 2021-04-13T15:23:17Z

In this PR, we allow QEMU VMs to access Internet - it was preventing some tests to run because of this dependency.

How to use

Run kola against tests requiring Internet access, example:

$ sudo ./bin/kola run -b cl -p qemu --qemu-image ...  cl.rkt.etcd3
=== RUN   cl.rkt.etcd3
qemu-img: warning: Deprecated use of backing file without explicit backing format (detected format of qcow2)
--- PASS: cl.rkt.etcd3 (27.66s)
PASS, output in _kola_temp/qemu-2021-04-13-1711-9135

What's missing

~~update readme with more information~~ the user does not have to perform any manual action. They are done in 3d69f85
add a teardown method (to remove what kola created)
run all tests with RequiresInternetAccess flag and remove this flag

platform/local/dnsmasq.go

system/ns/enter.go

platform/local/dnsmasq.go

tormath1 · 2021-04-14T16:29:30Z

@pothos thanks for the review - comments have been addressed. :)

platform/local/dnsmasq.go

tormath1 · 2021-04-15T13:11:54Z

@pothos thanks for reviewing again - comments have been addressed. PR is now ready to be fully reviewed :) If it looks good for you, I will rebase my fixups and reword some commits since logic has changed on the road.

platform/local/dnsmasq.go

pothos

I think we should also remove the RequiresInternetAccess flag and PlatformsNoInternet definitions from kola/register/register.go. Or keep the RequiresInternetAccess flag untouched and just remove qemu from PlatformsNoInternet.

tormath1 · 2021-04-15T14:33:38Z

I think we should also remove the RequiresInternetAccess flag and PlatformsNoInternet definitions from kola/register/register.go. Or keep the RequiresInternetAccess flag untouched and just remove qemu from PlatformsNoInternet.

@pothos I removed RequiresInternetAccess flag in (55ea9ee and its parent commit) but not all flag since we are hitting the issue :

=== RUN   cl.locksmith.cluster
--- FAIL: cl.locksmith.cluster (0.10s)
        harness.go:523: Cluster failed starting machines: rendering Container Linux config for platform "": error: platform must be specified to use templating

which should be tracked and addressed in another issue. It's better for now to keep this definitions then.

pothos · 2021-04-15T15:49:05Z

The failing tests can be excluded with ExcludePlatforms: []string{"qemu"}, until then

pothos · 2021-04-15T17:05:40Z

cl.locksmith.cluster needs to be excluded

pothos · 2021-04-16T16:15:07Z

Looks good, thanks!
The only thing I can think of is maybe checking if there is a 172.something network already present like from Docker and not pick addresses in that range (maybe a retry loop). This is not a big problem but it could happen that a container IP address clashes and then the container can't access the network while kola runs…

tormath1 · 2021-04-19T08:37:29Z

@pothos I added the retry logic: we provide the list of the host networks to the generate function then we check if the veth generated host IP is in one of this networks.

platform/local/dnsmasq.go

generation is based on a seed

this new topology allows QEMU VM to access internet. This allows tests with RequiresInternetAccess flag to now be run. on the implementation PoV: we basically create a virtual ethernet pair generated from a seed (a TCP socket listener in the root namespace) Then we configure routing and firewall to use this pair in order to forward packet until root network namespace

this was preventing internet access from `qemu-unpriv` platform

Mathieu Tortuyaux added 2 commits April 12, 2021 09:35

mod: bump netlink to support NewLinkAttrs

9b0fddb

mod: add go-iptables

970275f

tormath1 requested a review from pothos April 13, 2021 15:23

tormath1 self-assigned this Apr 13, 2021

pothos reviewed Apr 13, 2021

View reviewed changes