engineering: validate trident stream-image
#477
Conversation
|
/AzurePipelines run [GITHUB]-trident-pr |
|
Azure Pipelines successfully started running 1 pipeline(s). |
bfjelds
changed the title
trident stream-imagetrident stream-image
|
/AzurePipelines run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
There was a problem hiding this comment.
Pull request overview
This pull request validates the trident stream-image command by creating comprehensive test infrastructure for direct streaming deployment with VHD-COSI images. The PR removes the dangerous-options feature flag from the stream-image command, adds ARM64 architecture support for VMs, and creates end-to-end testing pipelines.
Changes:
- Removes the
dangerous-optionsfeature flag fromtrident stream-imagecommand, making it available for general use - Adds ARM64 architecture support including VM templates, libvirt configurations, and pipeline infrastructure for both AMD64 and ARM64
- Creates new test infrastructure including storm helpers, test images (trident-rawcosi-testimage and trident-direct-streaming-installer), and pipeline templates for validating direct streaming deployment
- Implements raw COSI storage support in Trident with grub configuration and fstab handling improvements
Reviewed changes
Copilot reviewed 50 out of 50 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/virtdeploy/templates/vm_arm64.xml | New ARM64 VM template with QEMU/AAVMF firmware configuration |
| tools/virtdeploy/helpers/libvirthelper.py | Added platform detection for ARM64 support, device naming adjustments |
| tools/storm/utils/libvirt.go | Improved screenshot capture with better error handling |
| tools/storm/helpers/direct_streaming.go | New storm helper for testing direct streaming deployments |
| tools/storm/helpers/prepare_images.go | Added skip functionality for verity images |
| tools/pkg/virtdeploy/*.go | Refactored VM XML generation to support both AMD64 and ARM64 architectures |
| tools/pkg/netlaunch/*.go | Added DirectStreaming configuration and ISO patching support |
| tools/cmd/virtdeploy/main.go | Added runtime.GOARCH detection for VM architecture |
| crates/trident/src/cli.rs | Removed dangerous-options feature flag from stream-image |
| crates/trident/src/subsystems/storage/fstab.rs | Added merge_and_write support for raw COSI storage |
| crates/trident/src/engine/boot/mod.rs | Added grub.cfg patching for raw COSI with PARTLABEL handling |
| tests/images/trident-rawcosi-testimage/* | New test image configuration for raw COSI testing |
| tests/images/trident-installer/* | New direct streaming installer configuration and systemd service |
| tests/images/testimages.py | Added image configs for direct streaming installer and rawcosi testimage |
| Makefile | Added targets for building direct streaming test images and ISO/COSI patterns |
| .pipelines/templates/* | New and updated pipeline templates for ARM64 and AMD64 direct streaming tests |
.pipelines/templates/stages/direct-streaming/netlaunch-testing.yml
Outdated
Show resolved
Hide resolved
tests/images/trident-installer/base/files/trident-direct-streaming.service
Show resolved
Hide resolved
|
/AzurePipelines run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
bfjelds
force-pushed
the
user/bfjelds/direct-streaming-test-fairwater
branch
from
cf9bc2f to
5a836ab
Compare
|
/AzurePipelines run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
| ExecStart=/bin/bash -c "echo Running: trident stream-image $(cat /trident_cdrom/direct-streaming.conf | grep URL | cut -d '=' -f 2) --hash $(cat /trident_cdrom/direct-streaming.conf | grep HASH | cut -d '=' -f 2) --verbosity DEBUG" | ||
| ExecStart=/bin/bash -c "trident stream-image $(cat /trident_cdrom/direct-streaming.conf | grep URL | cut -d '=' -f 2) --hash $(cat /trident_cdrom/direct-streaming.conf | grep HASH | cut -d '=' -f 2) --verbosity DEBUG" |
There was a problem hiding this comment.
The command line parsing using grep and cut is fragile. If the direct-streaming.conf file contains additional whitespace, comments, or malformed lines, this could fail or extract incorrect values. Consider using a more robust configuration parsing approach, such as sourcing the file if it's in shell variable format, or using a proper configuration file parser.
| {% for cdrom in cdroms %} | ||
| <disk type="file" device="cdrom"> | ||
| {% if cdrom.source %} | ||
| <source file="{{ cdrom.source }}" /> | ||
| {% endif %} | ||
| <driver name="qemu" type="raw" /> | ||
| <target dev="{{ cdrom.dev }}" bus="sata" /> | ||
| <readonly /> | ||
| <address type="drive" controller="1" bus="0" target="0" unit="{{loop.index}}" /> |
There was a problem hiding this comment.
The ARM64 template uses SATA bus for CDROMs (line 42) but virtio bus for disks (line 31). This is inconsistent and may cause compatibility issues. The Go code also hardcodes SATA for CDROMs regardless of architecture. Consider using virtio for CDROMs on ARM64 as well, or verify that mixing SATA CDROMs with virtio disks works correctly on ARM64.
| <loader readonly='yes' secure='no' type='pflash'>/usr/share/AAVMF/AAVMF_CODE.ms.fd</loader> | ||
| <nvram template='/usr/share/AAVMF/AAVMF_VARS.ms.fd'>/var/lib/libvirt/qemu/nvram/{{ name }}_VARS.fd</nvram> |
There was a problem hiding this comment.
The loader path uses .ms.fd (Microsoft Secure Boot) but the secure attribute is set to 'no'. This is inconsistent - if secure boot is disabled, the non-secure firmware (AAVMF_CODE.fd without .ms) should be used instead. This matches the pattern used in the Go code (resources.go) where different firmware paths are selected based on the SecureBoot setting.
|
|
||
| "github.com/microsoft/storm" | ||
| "github.com/sirupsen/logrus" | ||
| "github.com/stretchr/testify/assert/yaml" |
There was a problem hiding this comment.
The import path uses github.com/stretchr/testify/assert/yaml which appears incorrect. The testify library typically exposes YAML unmarshaling through gopkg.in/yaml.v3 or similar packages, not through the assert subpackage. This import should be corrected to use the proper YAML library (e.g., gopkg.in/yaml.v3 or gopkg.in/yaml.v2).
| } | ||
| }() | ||
|
|
||
| time.Sleep(10 * time.Second) // Give netlaunch some time to start |
There was a problem hiding this comment.
Hardcoded 10-second sleep is fragile. Consider implementing a proper readiness check (e.g., polling the netlaunch port or checking for a specific log message) to ensure the server is actually ready before proceeding.
| - script: | | ||
| BASEIMG_VERSION="*.*.*" | ||
| echo "##vso[task.setvariable variable=BASEIMG_VERSION]$BASEIMG_VERSION" | ||
| echo "BASEIMG_VERSION: $BASEIMG_VERSION" |
There was a problem hiding this comment.
BASEIMG_VERSION is set twice in the preview section (lines 38 and 49-54). The first assignment to "..*" (line 38) will be immediately overwritten by the second assignment. Remove the first assignment for clarity and to avoid confusion.
| HASH=$(./scripts/cosi-sha384.py $COSI_FILE) | ||
| sudo ./bin/storm-trident helper direct-streaming -a \ | ||
| --log-dir $(ob_outputDirectory) \ | ||
| --netlaunch-config-file ./tools/vm-netlaunch.yaml \ |
There was a problem hiding this comment.
The test references a file ./tools/vm-netlaunch.yaml that does not appear to exist in the repository. This will cause the test to fail when trying to read the netlaunch config file. Ensure this file is added or update the path to reference an existing configuration file.
| --netlaunch-config-file ./tools/vm-netlaunch.yaml \ | |
| --netlaunch-config-file ./tools/netlaunch.yaml \ |
| netlaunchContext := context.Background() | ||
| go func() { | ||
| logrus.Info("Starting netlaunch...") | ||
| netlaunchErr := netlaunch.RunNetlaunch(netlaunchContext, netlaunchConfig) | ||
| logrus.Info("netlaunch stopped.") | ||
| if netlaunchErr != nil && netlaunchErr != context.Canceled { | ||
| tc.FailFromError(netlaunchErr) | ||
| } | ||
| }() |
There was a problem hiding this comment.
The context created here is never cancelled, which means the netlaunch goroutine will continue running even after the test completes. This could lead to resource leaks. Consider using context.WithCancel and deferring the cancel call to ensure proper cleanup.
| let regex = | ||
| regex::Regex::new(r"\broot=((PARTUUID|PARTLABEL)=([a-fA-F0-9\-]{36}))\b").unwrap(); | ||
| let updated = regex | ||
| .replace_all( | ||
| &grub_cfg, | ||
| format!("root=PARTLABEL={root_device_label}").as_str(), | ||
| ) |
There was a problem hiding this comment.
The regex pattern expects a UUID format (36 characters with hyphens), but the replacement uses root_device_label which is described in the comment as a PARTLABEL. Partition labels are not necessarily UUIDs and may not match the 36-character format. This could result in the regex not matching the intended root device, leaving the wrong root parameter in grub.cfg. Consider making the regex more flexible to match non-UUID partition labels, or verify that device_id is always a UUID.
| artifacts/trident-direct-streaming-testimage.cosi \ | ||
| $(DIRECT_STREAMING_HOST_CONFIGURATION) | ||
| rm -rf $(TMP_NO_HC_VHD_COSI) | ||
| rm -rf $(TMP_HC) |
There was a problem hiding this comment.
The AMD64 target attempts to remove TMP_HC variable (line 1167) which is not defined in this target. Only the ARM64 target (line 1141) defines TMP_HC. This will cause a harmless warning but should be removed for correctness.
| rm -rf $(TMP_HC) |
🔍 Description
Create tests to validate that
stream-imagecorrectly applies a VHD-COSI.dangerous-optionsfrom stream-imagestream-image