update vm light to run in private network

Eslam-Nawara · Eslam-Nawara · commit 5ef2965eacb6 · 2025-05-11T09:31:25.000+03:00
diff --git a/pkg/netlight/network.go b/pkg/netlight/network.go
@@ -128,16 +128,12 @@ func (n *networker) Create(name string, wl gridtypes.WorkloadID, net zos.Network
 	return n.setupWireguard(name, net, netr)
 }
 
-func (n *networker) Delete(wl gridtypes.WorkloadWithID) error {
-	if err := ipam.DeAllocateIPv4(wl.ID.String(), n.ipamLease); err != nil {
+func (n *networker) Delete(name string) error {
+	if err := ipam.DeAllocateIPv4(name, n.ipamLease); err != nil {
 		return err
 	}
 
-	netID, err := zos.NetworkIDFromWorkloadID(wl.ID)
-	if err != nil {
-		return err
-	}
-	netNR, err := n.networkOf(netID)
+	netNR, err := n.networkOf(name)
 	if err != nil {
 		return err
 	}
@@ -146,7 +142,12 @@ func (n *networker) Delete(wl gridtypes.WorkloadWithID) error {
 		log.Error().Err(err).Msg("release wireguard port failed")
 	}
 
-	return resource.Delete(string(wl.ID))
+	if err := resource.Delete(name); err != nil {
+		return err
+	}
+
+	path := filepath.Join(n.networkDir, name)
+	return os.Remove(path)
 }
 
 func (n *networker) AttachPrivate(name, id string, vmIp net.IP) (device localPkg.TapDevice, err error) {
@@ -205,17 +206,17 @@ func (n *networker) AttachZDB(id string) (string, error) {
 
 // GetSubnet of a local network resource identified by the network ID, ipv4 and ipv6
 // subnet respectively
-func (n *networker) GetSubnet(networkID pkg.NetID) (net.IPNet, error) {
-	localNR, err := n.networkOf(networkID)
+func (n *networker) GetSubnet(name string) (net.IPNet, error) {
+	localNR, err := n.networkOf(name)
 	if err != nil {
-		return net.IPNet{}, errors.Wrapf(err, "couldn't load network with id (%s)", networkID)
+		return net.IPNet{}, errors.Wrapf(err, "couldn't load network with name (%s)", name)
 	}
 
 	return localNR.Subnet.IPNet, nil
 }
 
-func (n *networker) networkOf(id zos.NetID) (nr pkg.Network, err error) {
-	path := filepath.Join(n.networkDir, string(id))
+func (n *networker) networkOf(name string) (nr pkg.Network, err error) {
+	path := filepath.Join(n.networkDir, name)
 	file, err := os.OpenFile(path, os.O_RDWR, 0660)
 	if err != nil {
 		return nr, err
@@ -525,6 +526,37 @@ func (n *networker) WireguardPorts() ([]uint, error) {
 	return n.portSet.List()
 }
 
+// GetNet of a network identified by the network ID
+func (n *networker) GetNet(name string) (net.IPNet, error) {
+	localNR, err := n.networkOf(name)
+	if err != nil {
+		return net.IPNet{}, errors.Wrapf(err, "couldn't load network (%s)", name)
+	}
+
+	return localNR.NetworkIPRange.IPNet, nil
+}
+
+// GetDefaultGwIP returns the IPs of the default gateways inside the network
+// resource identified by the network ID on the local node, for IPv4
+func (n *networker) GetDefaultGwIP(name string) (net.IP, error) {
+	localNR, err := n.networkOf(name)
+	if err != nil {
+		return nil, errors.Wrapf(err, "couldn't load network (%s)", name)
+	}
+
+	// only IP4 atm
+	ip := localNR.Subnet.IP.To4()
+	if ip == nil {
+		return nil, errors.New("nr subnet is not valid IPv4")
+	}
+
+	// defaut gw is currently implied to be at `x.x.x.1`
+	// also a subnet in a NR is assumed to be a /24
+	ip[len(ip)-1] = 1
+
+	return ip, nil
+}
+
 func (n *networker) syncWGPorts() error {
 	names, err := namespace.List("n-")
 	if err != nil {
@@ -591,7 +623,9 @@ func (n *networker) releasePort(port uint16) error {
 }
 
 func (n networker) setupWireguard(name string, net zos.NetworkLight, netr *resource.Resource) error {
-	storedNR, err := n.networkOf(zos.NetID(name))
+	log.Debug().Msg("setting up wireguard")
+
+	storedNR, err := n.networkOf(name)
 	if err != nil && !os.IsNotExist(err) {
 		return errors.Wrap(err, "failed to load previous network setup")
 	}
diff --git a/pkg/network_light.go b/pkg/network_light.go
@@ -15,8 +15,7 @@ import (
 type NetworkerLight interface {
 	// Create(name string, net zos.NetworkLight, seed []byte) error
 	Create(name string, wl gridtypes.WorkloadID, net zos.NetworkLight) error
-	// Delete(name string) error
-	Delete(wl gridtypes.WorkloadWithID) error
+	Delete(name string) error
 	AttachPrivate(name, id string, vmIp net.IP) (device TapDevice, err error)
 	AttachMycelium(name, id string, seed []byte) (device TapDevice, err error)
 	Detach(id string) error
@@ -26,11 +25,14 @@ type NetworkerLight interface {
 	Namespace(id string) string
 	Ready() error
 	ZOSAddresses(ctx context.Context) <-chan NetlinkAddresses
-	GetSubnet(networkID NetID) (net.IPNet, error)
 	SetPublicConfig(cfg PublicConfig) error
 	UnSetPublicConfig() error
 	LoadPublicConfig() (PublicConfig, error)
+
 	WireguardPorts() ([]uint, error)
+	GetDefaultGwIP(name string) (net.IP, error)
+	GetNet(name string) (net.IPNet, error)
+	GetSubnet(name string) (net.IPNet, error)
 }
 
 type TapDevice struct {
diff --git a/pkg/primitives/network-light/network.go b/pkg/primitives/network-light/network.go
@@ -57,8 +57,9 @@ func (p *Manager) Update(ctx context.Context, wl *gridtypes.WorkloadWithID) (int
 
 func (p *Manager) Deprovision(ctx context.Context, wl *gridtypes.WorkloadWithID) error {
 	mgr := stubs.NewNetworkerLightStub(p.zbus)
+	twin, _ := provision.GetDeploymentID(ctx)
 
-	if err := mgr.Delete(ctx, *wl); err != nil {
+	if err := mgr.Delete(ctx, string(zos.NetworkID(twin, wl.Name))); err != nil {
 		return fmt.Errorf("failed to delete network resource: %w", err)
 	}
 
diff --git a/pkg/primitives/vm-light/utils.go b/pkg/primitives/vm-light/utils.go
@@ -179,7 +179,6 @@ func (p *Manager) newMyceliumNetworkInterface(ctx context.Context, dl gridtypes.
 
 	tapName := wl.ID.Unique(string(config.Network))
 	iface, err := network.AttachMycelium(ctx, string(netID), tapName, config.Seed)
-
 	if err != nil {
 		return pkg.VMIface{}, errors.Wrap(err, "could not set up tap device")
 	}
@@ -202,20 +201,60 @@ func (p *Manager) newPrivNetworkInterface(ctx context.Context, dl gridtypes.Depl
 	network := localStubs.NewNetworkerLightStub(p.zbus)
 	netID := zos.NetworkID(dl.TwinID, inf.Network)
 
+	name := netID.String()
+
+	subnet, err := network.GetSubnet(ctx, name)
+	if err != nil {
+		return pkg.VMIface{}, errors.Wrapf(err, "could not get network resource subnet")
+	}
+
+	inf.IP = inf.IP.To4()
+	if inf.IP == nil {
+		return pkg.VMIface{}, fmt.Errorf("invalid IPv4 supplied to wg interface")
+	}
+
+	if !subnet.Contains(inf.IP) {
+		return pkg.VMIface{}, fmt.Errorf("IP %s is not part of local nr subnet %s", inf.IP.String(), subnet.String())
+	}
+
+	// always the .1/24 ip is reserved
+	if inf.IP[3] == 1 {
+		return pkg.VMIface{}, fmt.Errorf("ip %s is reserved", inf.IP.String())
+	}
+
+	privNet, err := network.GetNet(ctx, name)
+	if err != nil {
+		return pkg.VMIface{}, errors.Wrapf(err, "could not get network range")
+	}
+
+	addrCIDR := net.IPNet{
+		IP:   inf.IP,
+		Mask: subnet.Mask,
+	}
+
+	gw4, err := network.GetDefaultGwIP(ctx, name)
+	if err != nil {
+		return pkg.VMIface{}, errors.Wrap(err, "could not get network resource default gateway")
+	}
+
 	tapName := wl.ID.Unique(string(inf.Network))
 	iface, err := network.AttachPrivate(ctx, string(netID), tapName, inf.IP)
 	if err != nil {
 		return pkg.VMIface{}, errors.Wrap(err, "could not set up tap device for private interface")
 	}
 
+	routes := append(iface.Routes, pkg.Route{Net: privNet, Gateway: gw4})
+	log.Info().Any("routes", routes).Send()
 	out := pkg.VMIface{
 		Tap: iface.Name,
 		MAC: iface.Mac.String(),
 		IPs: []net.IPNet{
 			*iface.IP,
+			addrCIDR,
 			// privIP6,
 		},
-		Routes:            iface.Routes,
+		Routes: routes,
+
 		IP4DefaultGateway: iface.Routes[0].Gateway,
 		// IP6DefaultGateway: gw6,
 		PublicIPv4: false,
diff --git a/pkg/stubs/network_light_stub.go b/pkg/stubs/network_light_stub.go
@@ -96,7 +96,7 @@ func (s *NetworkerLightStub) Create(ctx context.Context, arg0 string, arg1 gridt
 	return
 }
 
-func (s *NetworkerLightStub) Delete(ctx context.Context, arg0 gridtypes.WorkloadWithID) (ret0 error) {
+func (s *NetworkerLightStub) Delete(ctx context.Context, arg0 string) (ret0 error) {
 	args := []interface{}{arg0}
 	result, err := s.client.RequestContext(ctx, s.module, s.object, "Delete", args...)
 	if err != nil {
@@ -126,7 +126,41 @@ func (s *NetworkerLightStub) Detach(ctx context.Context, arg0 string) (ret0 erro
 	return
 }
 
-func (s *NetworkerLightStub) GetSubnet(ctx context.Context, arg0 zos.NetID) (ret0 net.IPNet, ret1 error) {
+func (s *NetworkerLightStub) GetDefaultGwIP(ctx context.Context, arg0 string) (ret0 []uint8, ret1 error) {
+	args := []interface{}{arg0}
+	result, err := s.client.RequestContext(ctx, s.module, s.object, "GetDefaultGwIP", args...)
+	if err != nil {
+		panic(err)
+	}
+	result.PanicOnError()
+	ret1 = result.CallError()
+	loader := zbus.Loader{
+		&ret0,
+	}
+	if err := result.Unmarshal(&loader); err != nil {
+		panic(err)
+	}
+	return
+}
+
+func (s *NetworkerLightStub) GetNet(ctx context.Context, arg0 string) (ret0 net.IPNet, ret1 error) {
+	args := []interface{}{arg0}
+	result, err := s.client.RequestContext(ctx, s.module, s.object, "GetNet", args...)
+	if err != nil {
+		panic(err)
+	}
+	result.PanicOnError()
+	ret1 = result.CallError()
+	loader := zbus.Loader{
+		&ret0,
+	}
+	if err := result.Unmarshal(&loader); err != nil {
+		panic(err)
+	}
+	return
+}
+
+func (s *NetworkerLightStub) GetSubnet(ctx context.Context, arg0 string) (ret0 net.IPNet, ret1 error) {
 	args := []interface{}{arg0}
 	result, err := s.client.RequestContext(ctx, s.module, s.object, "GetSubnet", args...)
 	if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -57,8 +57,9 @@ func (p Manager) Update(ctx context.Context, wl gridtypes.WorkloadWithID) (int`
`57`	`57`
`58`	`58`	`func (p Manager) Deprovision(ctx context.Context, wl gridtypes.WorkloadWithID) error {`
`59`	`59`	`mgr := stubs.NewNetworkerLightStub(p.zbus)`
	`60`	`+ twin, _ := provision.GetDeploymentID(ctx)`
`60`	`61`
`61`		`- if err := mgr.Delete(ctx, *wl); err != nil {`
	`62`	`+ if err := mgr.Delete(ctx, string(zos.NetworkID(twin, wl.Name))); err != nil {`
`62`	`63`	`return fmt.Errorf("failed to delete network resource: %w", err)`
`63`	`64`	`}`
`64`	`65`