providers/applehv: Add Apple Hypervisor

* Add applehv platform
* Ignintion read from vsock connection with the host

See coreos/fedora-coreos-tracker#1533 and
coreos/fedora-coreos-tracker#1548

Signed-off-by: Brent Baude <[email protected]>

docs/release-notes.md

@@ -10,6 +10,7 @@ nav_order: 9
 
 
 ### Features
+- Support the native Apple Hypervisor
 
 - Support Hetzner Cloud
 

docs/supported-platforms.md

@@ -7,6 +7,7 @@ nav_order: 8
 Ignition is currently only supported for the following platforms:
 
 * [Alibaba Cloud] (`aliyun`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
+* [Apple Hypervisor] (`applehv`) - Ignition will read its configuration using an HTTP GET over a vsock connection with its host on port 1024.
 * [Amazon Web Services] (`aws`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
 * [Microsoft Azure] (`azure`)- Ignition will read its configuration from the custom data provided to the instance. Cloud SSH keys are handled separately.
 * [Microsoft Azure Stack] (`azurestack`) - Ignition will read its configuration from the custom data provided to the instance. Cloud SSH keys are handled separately.
@@ -35,6 +36,7 @@ Ignition is under active development, so this list may grow over time.
 For most cloud providers, cloud SSH keys and custom network configuration are handled by [Afterburn].
 
 [Alibaba Cloud]: https://www.alibabacloud.com/product/ecs
+[Apple Hypervisor]: https://developer.apple.com/documentation/hypervisor
 [Amazon Web Services]: https://aws.amazon.com/ec2/
 [Microsoft Azure]: https://azure.microsoft.com/en-us/services/virtual-machines/
 [Microsoft Azure Stack]: https://azure.microsoft.com/en-us/overview/azure-stack/

dracut/30ignition/module-setup.sh

@@ -100,4 +100,10 @@ install() {
 installkernel() {
      # required by hyperv platform to read kvp from the kernel
      instmods hv_utils
+
+     # required by applehv platform to read ignition file through vsock
+     instmods -c vsock
+     instmods -c vmw_vsock_virtio_transport_common
+     instmods -c vmw_vsock_virtio_transport
 }
+

go.mod

@@ -13,6 +13,7 @@ require (
 	github.com/coreos/vcontext v0.0.0-20230201181013-d72178a18687
 	github.com/google/renameio/v2 v2.0.0
 	github.com/google/uuid v1.3.1
+	github.com/mdlayher/vsock v1.2.1
 	github.com/mitchellh/copystructure v1.2.0
 	github.com/pin/tftp v2.1.0+incompatible
 	github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace
@@ -40,6 +41,7 @@ require (
 	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/mdlayher/socket v0.4.1 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	go.opencensus.io v0.24.0 // indirect

go.sum

@@ -79,6 +79,10 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U=
+github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA=
+github.com/mdlayher/vsock v1.2.1 h1:pC1mTJTvjo1r9n9fbm7S1j04rCgCzhCOS5DY0zqHlnQ=
+github.com/mdlayher/vsock v1.2.1/go.mod h1:NRfCibel++DgeMD8z/hP+PPTjlNJsdPOmxcnENvE+SE=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=

internal/providers/applehv/applehv.go

@@ -0,0 +1,108 @@
+// Copyright 2023 Red Hat
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package applehv
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"os/exec"
+
+	"github.com/coreos/ignition/v2/config/v3_5_experimental/types"
+	"github.com/coreos/ignition/v2/internal/distro"
+	"github.com/coreos/ignition/v2/internal/platform"
+	"github.com/coreos/ignition/v2/internal/providers/util"
+	"github.com/coreos/ignition/v2/internal/resource"
+	"github.com/coreos/vcontext/report"
+	"github.com/mdlayher/vsock"
+)
+
+/*
+	This provider is specific to virtual machines running under Apple Hypervisor on macOS on Apple hardware.
+
+	It should however be possible to emulate the platform setup with QEMU, using [1] to assign a vsock to the
+	guest and then forward the request from the Ignition process running in the virtual machine to an HTTP
+	server running on the host, using the vsock support in socat for example.
+
+	[1] https://wiki.qemu.org/Features/VirtioVsock
+*/
+
+func init() {
+	platform.Register(platform.Provider{
+		Name:  "applehv",
+		Fetch: fetchConfig,
+	})
+}
+
+func fetchConfig(f *resource.Fetcher) (types.Config, report.Report, error) {
+	// the vsock module must be built into the kernel or loaded so we can communicate
+	// with the host
+	if _, err := f.Logger.LogCmd(exec.Command(distro.ModprobeCmd(), "vsock"), "Loading vsock kernel module"); err != nil {
+		f.Logger.Err("failed to install vsock kernel module: %v", err)
+		return types.Config{}, report.Report{}, fmt.Errorf("failed to install vsock kernel module: %v", err)
+	}
+
+	// we use a http GET over vsock to fetch the ignition file.  the
+	// vsock connection itself is begun here. the "host" will need an HTTPD
+	// server listen on the the other end of the vsock connection on port 1024. The
+	// port is trivial and was just chosen by author
+	// ID =2 is shorthand for "the host"
+	//
+	conn, err := vsock.Dial(2, 1024, &vsock.Config{})
+	if err != nil {
+		return types.Config{}, report.Report{}, err
+	}
+	defer func() {
+		if err := conn.Close(); err != nil {
+			f.Logger.Err("unable to close vsock connection: %v", err)
+		}
+	}()
+
+	// The host portion of the URL is arbitrary here.  The schema is important however.  Because
+	// this is more or less HTTP over a UDS, then the host name is discarded.
+	req, err := http.NewRequest(http.MethodGet, "http://d/", nil)
+	if err != nil {
+		return types.Config{}, report.Report{}, err
+	}
+	req.Header.Set("Accept", "application/json")
+
+	client := http.Client{
+		Transport: &http.Transport{
+			DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) {
+				return conn, nil
+			},
+		},
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return types.Config{}, report.Report{}, err
+	}
+
+	defer func() {
+		if err := resp.Body.Close(); err != nil {
+			f.Logger.Err("unable to close response body: %v", err)
+		}
+	}()
+
+	b, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return types.Config{}, report.Report{}, err
+	}
+
+	return util.ParseConfig(f.Logger, b)
+}

internal/register/providers.go

@@ -16,6 +16,7 @@ package register
 
 import (
 	_ "github.com/coreos/ignition/v2/internal/providers/aliyun"
+	_ "github.com/coreos/ignition/v2/internal/providers/applehv"
 	_ "github.com/coreos/ignition/v2/internal/providers/aws"
 	_ "github.com/coreos/ignition/v2/internal/providers/azure"
 	_ "github.com/coreos/ignition/v2/internal/providers/azurestack"