cloud-hypervisor: add platformOEMStrings and --platform merging
#336
+93
−5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
NixCI is ready to run on this PR. |
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Feb 18, 2025
This commit implements `microvm.credentialFiles` a mechanism for passing credentials into guest vms from the host. Currently only support for qemu is implemented as I want to test the waters to see if you're interested in this feature, Astro. In addition to qmeu cloud-hypervisor can be supported via smbios. But it depends on [this feature being added](cloud-hypervisor/cloud-hypervisor#6951 (comment)), and also microvm-nix#336 being merged to microvm.nix cloud-hypervisor could be supported immediately, but then the secrets would be visible in the ps output. A cursory code search shows that the following additional hypervisors could be supported: - crosvm: via fw_cfg, or smbios - alioth: via fw_cfg - stratovirt: via fw_cfg (maybe smbios) kvmtool and firecracker both seem like they cannot be supported. Related: - microvm-nix#259 - microvm-nix#52
astro
requested changes
Feb 18, 2025
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
May 20, 2025
This commit implements `microvm.credentialFiles` a mechanism for passing credentials into guest vms from the host. Currently only support for qemu is implemented as I want to test the waters to see if you're interested in this feature, Astro. In addition to qmeu cloud-hypervisor can be supported via smbios. But it depends on [this feature being added](cloud-hypervisor/cloud-hypervisor#6951 (comment)), and also microvm-nix#336 being merged to microvm.nix cloud-hypervisor could be supported immediately, but then the secrets would be visible in the ps output. A cursory code search shows that the following additional hypervisors could be supported: - crosvm: via fw_cfg, or smbios - alioth: via fw_cfg - stratovirt: via fw_cfg (maybe smbios) kvmtool and firecracker both seem like they cannot be supported. Related: - microvm-nix#259 - microvm-nix#52
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 16, 2025
This commit implements `microvm.credentialFiles` a mechanism for passing credentials into guest vms from the host. Currently only support for qemu is implemented as I want to test the waters to see if you're interested in this feature, Astro. In addition to qmeu cloud-hypervisor can be supported via smbios. But it depends on [this feature being added](cloud-hypervisor/cloud-hypervisor#6951 (comment)), and also microvm-nix#336 being merged to microvm.nix cloud-hypervisor could be supported immediately, but then the secrets would be visible in the ps output. A cursory code search shows that the following additional hypervisors could be supported: - crosvm: via fw_cfg, or smbios - alioth: via fw_cfg - stratovirt: via fw_cfg (maybe smbios) kvmtool and firecracker both seem like they cannot be supported. Related: - microvm-nix#259 - microvm-nix#52
Ramblurr
force-pushed
the
feat/expose-cloud-hypervisor-platform-opts
branch
from
00c891b to
df9df1b
Compare
|
Hi again @astro, I want to pick this little project back up.. so I'm going to be reviving these PRs today :) Please see my comments to your comments!. I've just pushed new commits that should address your concerns. Note I added the refactor as a new commit, but I expect this to be squashed during the merge with the newest commit's commit message. I wanted to keep the old extraPlatformOpts around in case we changed our minds. |
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 16, 2025
This commit implements `microvm.credentialFiles` a mechanism for passing credentials into guest vms from the host. Currently only support for qemu is implemented as I want to test the waters to see if you're interested in this feature, Astro. In addition to qmeu cloud-hypervisor can be supported via smbios. But it depends on [this feature being added](cloud-hypervisor/cloud-hypervisor#6951 (comment)), and also microvm-nix#336 being merged to microvm.nix cloud-hypervisor could be supported immediately, but then the secrets would be visible in the ps output. A cursory code search shows that the following additional hypervisors could be supported: - crosvm: via fw_cfg, or smbios - alioth: via fw_cfg - stratovirt: via fw_cfg (maybe smbios) kvmtool and firecracker both seem like they cannot be supported. Related: - microvm-nix#259 - microvm-nix#52
Ramblurr
changed the title
--platform merging
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 16, 2025
Previously, cloud-hypervisor always configured vsock with cid=3, causing problems when runnning multiple VMs from running on the same host due to CID conflicts. This change respects `microvm.vsock.cid` when set and allows users to configure vsock via `microvm.cloud-hypervisor.extraArgs`. The implementation: - Uses `microvm.vsock.cid` when specified - Extracts and merges `--vsock` options from extraArgs - Throws an error if both vsock.cid and --vsock cid=... are provided - Warns users when vsock is not configured (disabling systemd-notify) Fixes: microvm-nix#378 Builds on and requires PR microvm-nix#336 (for the extractOptValues function)
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 16, 2025
This commit implements `microvm.credentialFiles` a mechanism for passing credentials into guest vms from the host. Currently only support for qemu is implemented as I want to test the waters to see if you're interested in this feature, Astro. In addition to qmeu cloud-hypervisor can be supported via smbios. But it depends on [this feature being added](cloud-hypervisor/cloud-hypervisor#6951 (comment)), and also microvm-nix#336 being merged to microvm.nix cloud-hypervisor could be supported immediately, but then the secrets would be visible in the ps output. A cursory code search shows that the following additional hypervisors could be supported: - crosvm: via fw_cfg, or smbios - alioth: via fw_cfg - stratovirt: via fw_cfg (maybe smbios) kvmtool and firecracker both seem like they cannot be supported. Related: - microvm-nix#259 - microvm-nix#52
Ramblurr
force-pushed
the
feat/expose-cloud-hypervisor-platform-opts
branch
2 times, most recently
from
2379b94 to
20d53d9
Compare
|
@SuperSandro2000 I've pushed a new commit that rebases onto |
Closed
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 18, 2025
This commit implements `microvm.credentialFiles` a mechanism for passing credentials into guest vms from the host. Currently only support for qemu is implemented as I want to test the waters to see if you're interested in this feature, Astro. In addition to qmeu cloud-hypervisor can be supported via smbios. But it depends on [this feature being added](cloud-hypervisor/cloud-hypervisor#6951 (comment)), and also microvm-nix#336 being merged to microvm.nix cloud-hypervisor could be supported immediately, but then the secrets would be visible in the ps output. A cursory code search shows that the following additional hypervisors could be supported: - crosvm: via fw_cfg, or smbios - alioth: via fw_cfg - stratovirt: via fw_cfg (maybe smbios) kvmtool and firecracker both seem like they cannot be supported. Related: - microvm-nix#259 - microvm-nix#52
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 18, 2025
Previously, cloud-hypervisor always configured vsock with cid=3, causing problems when runnning multiple VMs from running on the same host due to CID conflicts. This change respects `microvm.vsock.cid` when set and allows users to configure vsock via `microvm.cloud-hypervisor.extraArgs`. The implementation: - Uses `microvm.vsock.cid` when specified - Extracts and merges `--vsock` options from extraArgs - Throws an error if both vsock.cid and --vsock cid=... are provided - Warns users when vsock is not configured (disabling systemd-notify) Fixes: microvm-nix#378 Builds on and requires PR microvm-nix#336 (for the extractOptValues function)
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 18, 2025
Previously, cloud-hypervisor always configured vsock with cid=3, causing problems when runnning multiple VMs from running on the same host due to CID conflicts. This change respects `microvm.vsock.cid` when set and allows users to configure vsock via `microvm.cloud-hypervisor.extraArgs`. The implementation: - Uses `microvm.vsock.cid` when specified - Extracts and merges `--vsock` options from extraArgs - Throws an error if both vsock.cid and --vsock cid=... are provided - Warns users when vsock is not configured (disabling systemd-notify) Fixes: microvm-nix#378 Builds on and requires PR microvm-nix#336 (for the extractOptValues function)
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 18, 2025
This commit implements `microvm.credentialFiles` a mechanism for passing credentials into guest vms from the host. Currently only support for qemu is implemented as I want to test the waters to see if you're interested in this feature, Astro. In addition to qmeu cloud-hypervisor can be supported via smbios. But it depends on [this feature being added](cloud-hypervisor/cloud-hypervisor#6951 (comment)), and also microvm-nix#336 being merged to microvm.nix cloud-hypervisor could be supported immediately, but then the secrets would be visible in the ps output. A cursory code search shows that the following additional hypervisors could be supported: - crosvm: via fw_cfg, or smbios - alioth: via fw_cfg - stratovirt: via fw_cfg (maybe smbios) kvmtool and firecracker both seem like they cannot be supported. Related: - microvm-nix#259 - microvm-nix#52
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 18, 2025
Previously, cloud-hypervisor always configured vsock with cid=3, causing problems when runnning multiple VMs from running on the same host due to CID conflicts. This change respects `microvm.vsock.cid` when set and allows users to configure vsock via `microvm.cloud-hypervisor.extraArgs`. The implementation: - Uses `microvm.vsock.cid` when specified - Extracts and merges `--vsock` options from extraArgs - Throws an error if both vsock.cid and --vsock cid=... are provided - Warns users when vsock is not configured (disabling systemd-notify) Fixes: microvm-nix#378 Builds on and requires PR microvm-nix#336 (for the extractOptValues function)
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 18, 2025
This commit implements `microvm.credentialFiles` a mechanism for passing credentials into guest vms from the host. Currently only support for qemu is implemented as I want to test the waters to see if you're interested in this feature, Astro. In addition to qmeu cloud-hypervisor can be supported via smbios. But it depends on [this feature being added](cloud-hypervisor/cloud-hypervisor#6951 (comment)), and also microvm-nix#336 being merged to microvm.nix cloud-hypervisor could be supported immediately, but then the secrets would be visible in the ps output. A cursory code search shows that the following additional hypervisors could be supported: - crosvm: via fw_cfg, or smbios - alioth: via fw_cfg - stratovirt: via fw_cfg (maybe smbios) kvmtool and firecracker both seem like they cannot be supported. Related: - microvm-nix#259 - microvm-nix#52
The cloud-hypervisor command line interface unfortunately doesn't support multiple instances of the same arg with a different value, so we have to resort to these extra module options rather than using extraArgs. To make matters even worse, the `--platform` argument (of which there can be only one), is overloaded with different types of sub-args that also need to be provided multiple times. This commit allows the operator to add oem strings (for example to pass systemd credentials), as well as raw platform options as needed.
Cloud-hypervisor only supports a single --platform argument with comma-separated options. This commit adds proper handling for platform configuration: - Add platformOEMStrings option for passing OEM strings in a structured way - Introduce extractOptValues helper function to extract and remove command-line options from argument lists - Parse any --platform arguments from extraArgs and merge them with configured platform options The extractOptValues function enables proper handling of --platform arguments in extraArgs while avoiding conflicts with the internally generated --platform option.
Ramblurr
force-pushed
the
feat/expose-cloud-hypervisor-platform-opts
branch
from
20d53d9 to
42eca33
Compare
|
fixed the merge conflict |
SuperSandro2000
approved these changes
Jul 21, 2025
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 22, 2025
This commit implements `microvm.credentialFiles` a mechanism for passing credentials into guest vms from the host. Currently only support for qemu is implemented as I want to test the waters to see if you're interested in this feature, Astro. In addition to qmeu cloud-hypervisor can be supported via smbios. But it depends on [this feature being added](cloud-hypervisor/cloud-hypervisor#6951 (comment)), and also microvm-nix#336 being merged to microvm.nix cloud-hypervisor could be supported immediately, but then the secrets would be visible in the ps output. A cursory code search shows that the following additional hypervisors could be supported: - crosvm: via fw_cfg, or smbios - alioth: via fw_cfg - stratovirt: via fw_cfg (maybe smbios) kvmtool and firecracker both seem like they cannot be supported. Related: - microvm-nix#259 - microvm-nix#52
Ramblurr
added a commit
to Ramblurr/microvm.nix
that referenced
this pull request
Jul 22, 2025
This commit implements `microvm.credentialFiles` a mechanism for passing credentials into guest vms from the host. Currently only support for qemu is implemented as I want to test the waters to see if you're interested in this feature, Astro. In addition to qmeu cloud-hypervisor can be supported via smbios. But it depends on [this feature being added](cloud-hypervisor/cloud-hypervisor#6951 (comment)), and also microvm-nix#336 being merged to microvm.nix cloud-hypervisor could be supported immediately, but then the secrets would be visible in the ps output. A cursory code search shows that the following additional hypervisors could be supported: - crosvm: via fw_cfg, or smbios - alioth: via fw_cfg - stratovirt: via fw_cfg (maybe smbios) kvmtool and firecracker both seem like they cannot be supported. Related: - microvm-nix#259 - microvm-nix#52
|
Let's try this 🎉 thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The cloud-hypervisor command line interface unfortunately doesn't support
multiple instances of the same arg with a different value, so we have to resort
to these extra module options rather than using extraArgs.
To make matters even worse, the
--platformargument (of which there can beonly one), is overloaded with different types of sub-args that also need to be
provided multiple times.
This commit allows the operator to add oem strings (for example to pass systemd
credentials), as well as raw platform options as needed.