Merge pull request #112 from GaloisInc/97-opensut-boot-systemd-unit

Add systemd unit for opensut_boot

So far, we've been using the kernel argument `systemd.run=/opt/opensut/bin/opensut_boot` in each VM to run `opensut_boot` at boot time.  With this approach, the network interfaces aren't enabled before `opensut_boot` runs, which is a problem for the autopilot component.  This branch adds explicit systemd unit files for `opensut_boot`, which are similar to those generated by the `systemd.run` option but with an extra dependency on the network.  We can then boot with `systemd.unit=opensut-boot.service` instead of the old `systemd.run` option, and systemd will bring up the network before starting `opensut_boot`.

src/vm_runner/.gitignore

@@ -1,2 +1,3 @@
 *.img
 *.deb
+/target/

src/vm_runner/build_deb.sh

@@ -1,27 +1,35 @@
 #!/bin/bash
 set -euo pipefail
 
-boot_bin=target/aarch64-unknown-linux-gnu/release/opensut_boot
-if ! [[ -f "$boot_bin" ]]; then
-    echo "Error: $boot_bin not found; build it first" 1>&2
-    exit 1
-else
-    age=$(( "$(date +%s)" - "$(stat -c %Y "$boot_bin")" ))
-    age_hr=$(( age / 3600 ))
-    age_min=$(( age / 60 % 60 ))
-    age_sec=$(( age % 60 ))
-    age_str=$(printf %dh%02dm%02ds "$age_hr" "$age_min" "$age_sec")
-    echo "Using $boot_bin (built $age_str ago)"
-fi
-
 edo() {
     echo " >> $*" 1>&2
     "$@"
 }
 
+check_bin() {
+    local bin="$1"
+    if ! [[ -f "$bin" ]]; then
+        echo "Error: $bin not found; build it first" 1>&2
+        exit 1
+    else
+        age=$(( "$(date +%s)" - "$(stat -c %Y "$bin")" ))
+        age_hr=$(( age / 3600 ))
+        age_min=$(( age / 60 % 60 ))
+        age_sec=$(( age % 60 ))
+        age_str=$(printf %dh%02dm%02ds "$age_hr" "$age_min" "$age_sec")
+        echo "Using $bin (built $age_str ago)"
+    fi
+}
+
+boot_bin=target/aarch64-unknown-linux-gnu/release/opensut_boot
+check_bin "$boot_bin"
+runner_bin=target/aarch64-unknown-linux-gnu/release/opensut_vm_runner
+check_bin "$runner_bin"
+
 image=$(mktemp -d)
 edo mkdir -p "$image/opt/opensut/bin"
 edo cp -v "$boot_bin" "$image/opt/opensut/bin/"
+edo cp -v "$runner_bin" "$image/opt/opensut/bin/"
 
 cargo_version="$(cargo read-manifest | \
     python3 -c 'import json, sys; print(json.load(sys.stdin)["version"])')"
@@ -44,6 +52,11 @@ Description: VERSE OpenSUT boot-time agent
  services.
 EOF
 
+systemd_dir="$image/usr/lib/systemd/system"
+edo mkdir -p "$systemd_dir"
+edo cp -v opensut-boot.service "$systemd_dir"
+edo cp -v opensut-boot.target "$systemd_dir"
+
 edo dpkg-deb --root-owner-group --build "$image" "verse-opensut-boot_${version}-1_arm64.deb"
 
 edo rm -rf "$image"

src/vm_runner/opensut-boot.service

@@ -0,0 +1,26 @@
+# Systemd unit file that runs `opensut_boot` and then shuts down the VM.  To
+# use this, boot with the kernel argument `systemd.unit=opensut-boot.target`
+# (note `.target` rather than `.service`).  This is similar to booting with
+# `systemd.run=/opt/opensut/bin/opensut_boot` (and indeed these files are based
+# on the ones autogenerated by `systemd-run-generator`), but using a custom
+# unit file gives us more flexibility regarding dependencies.  In particular,
+# we use this to delay running `opensut_boot` until after the network
+# interfaces have been set up.
+
+[Unit]
+Description=OpenSUT Boot Agent
+# Shut down the system once `opensut_boot` terminates.
+SuccessAction=exit
+FailureAction=exit
+# Debian's `networking.service` brings up the interfaces with `ifup`.  Since
+# the OpenSUT VMs all use static IPs, the network should be ready immediately
+# (no need to wait for DHCP, etc).  We could instead depend on systemd's
+# `network-online.target`, which waits "until the network is sufficiently set
+# up", but so far this doesn't seem necessary.
+Wants=networking.service
+After=networking.service
+
+[Service]
+Type=oneshot
+StandardOutput=journal+console
+ExecStart=/opt/opensut/bin/opensut_boot

src/vm_runner/opensut-boot.target

@@ -0,0 +1,6 @@
+# Systemd unit file that runs `opensut_boot` and then shuts down the VM.  See
+# `opensut-boot.service` for details.
+[Unit]
+Description=OpenSUT Boot Agent
+Requires=opensut-boot.service
+After=opensut-boot.service

src/vm_runner/tests/hello/base_nested.toml

@@ -9,7 +9,7 @@ kvm = false
 ram_mb = 1536
 kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz"
 initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img"
-append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdc'
+append = 'earlycon root=/dev/vda2 systemd.unit=opensut-boot.target opensut.app_device=/dev/vdc'
 
 [process.disk.vda]
 format = "qcow2"

src/vm_runner/tests/hello/base_single.toml

@@ -5,7 +5,7 @@ type = "vm"
 kvm = false
 kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz"
 initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img"
-append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdb'
+append = 'earlycon root=/dev/vda2 systemd.unit=opensut-boot.target opensut.app_device=/dev/vdb'
 
 [process.disk.vda]
 format = "qcow2"

src/vm_runner/tests/hello/host.toml

@@ -5,7 +5,7 @@ type = "vm"
 kvm = true
 kernel = "/boot/vmlinuz"
 initrd = "/boot/initrd.img"
-append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdb'
+append = 'earlycon root=/dev/vda2 systemd.unit=opensut-boot.target opensut.app_device=/dev/vdb'
 
 [process.disk.vda]
 format = "raw"

src/vm_runner/tests/mps/base_nested.toml

@@ -12,7 +12,7 @@ kvm = false
 ram_mb = 1536
 kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz"
 initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img"
-append = 'earlycon root=/dev/vda2 nokaslr kvm-arm.mode=protected systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdc'
+append = 'earlycon root=/dev/vda2 nokaslr kvm-arm.mode=protected systemd.unit=opensut-boot.target opensut.app_device=/dev/vdc'
 
 [process.disk.vda]
 format = "qcow2"

src/vm_runner/tests/mps/base_single.toml

@@ -8,7 +8,7 @@ type = "vm"
 kvm = false
 kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz"
 initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img"
-append = 'earlycon root=/dev/vda2 nokaslr kvm-arm.mode=protected systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdb'
+append = 'earlycon root=/dev/vda2 nokaslr kvm-arm.mode=protected systemd.unit=opensut-boot.target opensut.app_device=/dev/vdb'
 
 [process.disk.vda]
 format = "qcow2"

src/vm_runner/tests/mps/host.toml

@@ -8,7 +8,7 @@ type = "vm"
 kvm = true
 kernel = "/boot/vmlinuz"
 initrd = "/boot/initrd.img"
-append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdb'
+append = 'earlycon root=/dev/vda2 systemd.unit=opensut-boot.target opensut.app_device=/dev/vdb'
 
 [process.disk.vda]
 format = "raw"

src/vm_runner/tests/mps_tests/base_nested.toml

@@ -9,7 +9,7 @@ kvm = false
 ram_mb = 1536
 kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz"
 initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img"
-append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdc'
+append = 'earlycon root=/dev/vda2 systemd.unit=opensut-boot.target opensut.app_device=/dev/vdc'
 
 [process.disk.vda]
 format = "qcow2"

src/vm_runner/tests/mps_tests/base_single.toml

@@ -5,7 +5,7 @@ type = "vm"
 kvm = false
 kernel = "../../../pkvm_setup/vms/pkvm-boot/vmlinuz"
 initrd = "../../../pkvm_setup/vms/pkvm-boot/initrd.img"
-append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdb'
+append = 'earlycon root=/dev/vda2 systemd.unit=opensut-boot.target opensut.app_device=/dev/vdb'
 
 [process.disk.vda]
 format = "qcow2"

src/vm_runner/tests/mps_tests/host.toml

@@ -5,7 +5,7 @@ type = "vm"
 kvm = true
 kernel = "/boot/vmlinuz"
 initrd = "/boot/initrd.img"
-append = 'earlycon root=/dev/vda2 systemd.run=/opt/opensut/bin/opensut_boot opensut.app_device=/dev/vdb'
+append = 'earlycon root=/dev/vda2 systemd.unit=opensut-boot.target opensut.app_device=/dev/vdb'
 
 [process.disk.vda]
 format = "raw"