Register MicroVMs with systemd-machined

[vikanezrimaya]

This would allow managing MicroVMs with machinectl.

For more information about the interface, see org.freedesktop.machine1(5).

Relevant details:

• RegisterMachine()/RegisterMachineWithNetwork() registers the caller's unit as a machine. This is what we need, since we are running one systemd unit per MicroVM. The latter also takes an array of network interfaces through which the machine is reachable. If a tap interface is configured, it makes sense to mention it here so systemd-machined would know how to reach the VM over the network.
• We probably should call RegisterMachine as part of the init script.
• Writing VM and Container Managers also mentions we can initialize Product UUID in SMBIOS to pass through a machine-id, and RegisterMachine also takes a UUID that ideally should match.

[astro]

I was just trying to do this due to the upcoming systemd v257 changes:

• Unprivileged clients are now allowed to register VMs and containers.
  Machines started via the [email protected] unit will now be
  registered with systemd-machined.

• systemd-machined gained a pretty complete set of Varlink APIs
  exposing its functionality. This is an alternative to the
  pre-existing D-Bus interface.

Before v257, we would have put the DBus calls into the systemd units in the host module because they needed root privileges. Now, there's the option to do that as a user in the scripts in the generated microvm packages (in the microvm module). Would that be useful at all?

Not sure what varlink makes easier, but I didn't manage to get the backwards compatible dbus interface to work: dbus-send --system --dest=org.freedesktop.machine1 /org/freedesktop/machine1 org.freedesktop.machine1.Manager.CreateMachine string:example array:byte:99,100 string:microvm string:vm uint16:0 string:/tmp array:string:"",string:""

I need help figuring out the dbus calls.

[spacekitteh]

send --system --dest=org.freedesktop.machine1 /org/freedesktop/machine1 org.freedesktop.machine1.Manager.CreateMachine string:example array:byte:99,100 string:microvm string:vm uint16:0 string:/tmp array:string:"",string:""

The (optional) second argument is a 32 byte array for a UUID. Furthermore, the PID passed should be the hypervisor's PID, from what I can tell, from the interface manpage (https://www.freedesktop.org/software/systemd/man/latest/org.freedesktop.machine1):

CreateMachine() may be used to register a new virtual machine or container with systemd-machined, creating a scope unit for it. It accepts the following arguments: a machine name chosen by the registrar, an optional UUID as a 32 byte array, a string that identifies the service that registers the machine, a class string, the PID of the leader process of the machine, an optional root directory of the container, and an array of additional properties to use for the scope registration. The virtual machine name must be suitable as a hostname, and hence should follow the usual DNS hostname rules, as well as the Linux hostname restrictions. Specifically, only 7 bit ASCII is permitted, a maximum length of 64 characters is enforced, only characters from the set "a-zA-Z0-9-_." are allowed, the name may not begin with a dot, and it may not contain two dots immediately following each other. Container and VM managers should ideally use the hostname used internally in the machine for this parameter. This recommendation is made in order to make the machine name naturally resolvable using nss-mymachines(8). If a container manager needs to embed characters outside of the indicated range, escaping is required, possibly using "_" as the escape character. Another (somewhat natural) option would be to utilize Internet IDNA encoding. The UUID is passed as a 32 byte array or, if no suitable UUID is available, an empty array (zero length) or zeroed out array shall be passed. The UUID should identify the virtual machine/container uniquely and should ideally be the same UUID that /etc/machine-id in the VM/container is initialized from. The service string can be free-form, but it is recommended to pass a short lowercase identifier like "systemd-nspawn", "libvirt-lxc" or similar. The class string should be either "container" or "vm" indicating whether the machine to register is of the respective class. The leader PID should be the host PID of the init process of the container or the encapsulating process of the VM. If the root directory of the container is known and available in the host's hierarchy, it should be passed. Otherwise, pass the empty string instead. Finally, the scope properties are passed as array in the same way as to PID1's StartTransientUnit() method. Calling this method will internally register a transient scope unit for the calling client (utilizing the passed scope_properties) and move the leader PID into it. The method returns an object path for the registered machine object that implements the org.freedesktop.machine1.Machine interface (see below). Also see the New Control Group Interfaces for details about scope units and how to alter resource control settings on the created machine at runtime.