Add network interface management to vbmctl

Signed-off-by: Nuutti Hakala <nuutti.hakala@est.tech>

Author: nuhakala

hack/ci-e2e.sh

@@ -69,10 +69,6 @@ sudo sysctl fs.inotify.max_user_instances=8192
 # Build the container image with e2e tag (used in tests)
 IMG=quay.io/metal3-io/baremetal-operator IMG_TAG=e2e make docker
 
-# Build vbmctl
-make build-vbmctl
-# Create VMs to act as BMHs in the tests and the libvirt network
-./bin/vbmctl -c "${REPO_ROOT}/test/e2e/config/vbmctl.yaml" create bml
 
 # We need to create veth pair to connect metal3 net (defined above with vbmctl)
 # and kind docker subnet. Let us start by creating a docker network with
@@ -91,22 +87,11 @@ if ! docker network list | grep kind; then
 fi
 docker network list
 
-# Next create the veth pair
-if ! ip a | grep metalend; then
-    sudo ip link add metalend type veth peer name kindend
-    sudo ip link set metalend master metal3
-    sudo ip link set kindend master kind-bridge
-    sudo ip link set metalend up
-    sudo ip link set kindend up
-fi
-ip a
-
-# Then we need to set routing rules as well
-if ! sudo iptables -L FORWARD -v -n | grep kind-bridge; then
-    sudo iptables -I FORWARD -i kind-bridge -o metal3 -j ACCEPT
-    sudo iptables -I FORWARD -i metal3 -o kind-bridge -j ACCEPT
-fi
-sudo iptables -L FORWARD -n -v
+# Build vbmctl
+make build-vbmctl
+sudo setcap cap_net_admin+epi ./bin/vbmctl
+# Create VMs to act as BMHs in the tests and the libvirt network
+./bin/vbmctl -c "${REPO_ROOT}/test/e2e/config/vbmctl.yaml" create bml
 
 # This IP is defined by the network we created above. It is sushy-tools / image
 # server endpoint, not ironic.

test/e2e/config/vbmctl.yaml

@@ -34,3 +34,8 @@ spec:
     bridge: metal3
     address: 192.168.222.1
     netmask: 255.255.255.0
+  vethPairs:
+  - master1: metal3
+    master2: kind-bridge
+    veth1: metalend
+    veth2: kindend

test/go.mod

@@ -12,6 +12,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.28.1
 	github.com/onsi/gomega v1.39.1
 	github.com/spf13/cobra v1.10.2
+	github.com/vishvananda/netlink v1.3.0
 	golang.org/x/crypto v0.50.0
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.35.4
@@ -102,6 +103,7 @@ require (
 	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/spf13/viper v1.21.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/vishvananda/netns v0.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect

test/go.sum

@@ -259,6 +259,11 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
 github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
 github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=
+github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk=
+github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
+github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
+github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
+github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
@@ -305,7 +310,9 @@ golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
 golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
 golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
 golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
 golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=

test/vbmctl/README.md

@@ -17,7 +17,7 @@ This tool is under active development.
 | `vbmctl create bml` / `vbmctl delete bml` | ✅ Implemented |
 | `vbmctl status` | ✅ Implemented (basic) |
 | Configurable volumes |  ✅ Implemented |
-| Network management | ⚠️ Partially implemented (only libvirt networks) |
+| Network management | ⚠️ Partially implemented (container networking missing) |
 | BMC emulator support | ❌ TODO |
 | Image server | ✅ Implemented (basic) |
 | State management (persistent state) | ❌ TODO |
@@ -31,6 +31,8 @@ This tool is under active development.
 - **Library Support**: Can be imported as a Go module for programmatic use
 - **Libvirt network management**: create and delete libvirt networks
 - **Image Server Management**: Create, delete, list image server
+- **Creating/deleting veth pairs**: create and delete veth-pairs to connect
+  virtual networks. Works only with config file.
 
 ## Build Tags
 
@@ -168,6 +170,11 @@ spec:
   imageServer:
     dataDir: "/tmp"
     port: 80
+  vethPairs:
+  - master1: metal3
+    master2: kind-bridge
+    veth1: metalend
+    veth2: kindend
 ```
 
 The `spec.vms` section defines the VMs that will be created when you run `vbmctl

test/vbmctl/cmd/vbmctl/main.go

@@ -17,6 +17,7 @@ import (
 	"github.com/metal3-io/baremetal-operator/test/vbmctl/pkg/config"
 	containers "github.com/metal3-io/baremetal-operator/test/vbmctl/pkg/containers"
 	"github.com/metal3-io/baremetal-operator/test/vbmctl/pkg/libvirt"
+	"github.com/metal3-io/baremetal-operator/test/vbmctl/pkg/network"
 	"github.com/spf13/cobra"
 	libvirtgo "libvirt.org/go/libvirt"
 )
@@ -201,16 +202,21 @@ Example configuration:
         networkAttachments:
           - network: "baremetal-e2e"
             macAddress: "00:60:2f:31:81:01"
-	networks:
+    networks:
       - name: "baremetal-e2e"
-	  - bridge: "metal3"
+        bridge: "metal3"
     imageServer:
       image: "nginxinc/nginx-unprivileged"
       port: 8080
       containerPort: 8080
       dataDir: "/var/lib/vbmctl/images"
       containerDataDir: "/usr/share/nginx/html",
-      containerName: "vbmctl-image-server"`,
+      containerName: "vbmctl-image-server"
+    vethPairs:
+      - master1: "metal3"
+        master2: "kind-bridge"
+        veth1: "metalend"
+        veth2: "kindend"`,
 		RunE: func(_ *cobra.Command, _ []string) error {
 			ctx, cancel := contextWithSignal()
 			defer cancel()
@@ -256,6 +262,18 @@ Example configuration:
 				fmt.Printf("  - %s (UUID: %s)\n", network.Name, network.UUID)
 			}
 
+			// Connect the specified networks
+			err = network.ConnectAllWithVeth(ctx, cfg.Spec.VethPairs)
+			if err != nil {
+				return fmt.Errorf("failed to create veth pairs: %w", err)
+			}
+			//nolint:forbidigo // CLI output is intentional
+			fmt.Println("\nCreated veth pairs:")
+			for _, pair := range cfg.Spec.VethPairs {
+				//nolint:forbidigo // CLI output is intentional
+				fmt.Printf("  - between %s and %s\n", pair.Master1, pair.Master2)
+			}
+
 			vmManager, err := libvirt.NewVMManager(conn, libvirt.VMManagerOptions{
 				PoolName: cfg.Spec.Pool.Name,
 				PoolPath: cfg.Spec.Pool.Path,
@@ -529,9 +547,24 @@ func newDeleteBMLCmd() *cobra.Command {
 				fmt.Printf("  - %s\n", name)
 			}
 
+			// Delete veth pairs
+			err = network.DeleteAllVeth(ctx, cfg.Spec.VethPairs)
+			if err != nil {
+				// Don't fail whole command if veth deletion fails
+				//nolint:forbidigo // CLI output is intentional
+				fmt.Printf("failed to delete veth pairs: %v", err)
+			} else {
+				//nolint:forbidigo // CLI output is intentional
+				fmt.Println("\nDeleted veth pairs:")
+				for _, pair := range cfg.Spec.VethPairs {
+					//nolint:forbidigo // CLI output is intentional
+					fmt.Printf("  - between %s and %s\n", pair.Master1, pair.Master2)
+				}
+			}
+
 			networkManager, err := libvirt.NewNetworkManager(conn)
 			if err != nil {
-				return fmt.Errorf("failed to create Network manager: %w", err)
+				return fmt.Errorf("failed to create libvirt network manager: %w", err)
 			}
 
 			networks := make([]string, len(cfg.Spec.Networks))

test/vbmctl/pkg/api/types.go

@@ -78,6 +78,20 @@ type NetworkConfig struct {
 	Netmask string `json:"netmask,omitempty" yaml:"netmask,omitempty"`
 }
 
+type VethPair struct {
+	// Master 1 is the name of the first network interface to be connected
+	Master1 string `json:"master1" yaml:"master1"`
+
+	// Master 2 is the name of the second network interface to be connected
+	Master2 string `json:"master2" yaml:"master2"`
+
+	// Veth1 is the name of the veth pair to be pushed under Master1
+	Veth1 string `json:"veth1" yaml:"veth1"`
+
+	// Veth2 is the name of the veth pair to be pushed under Master2
+	Veth2 string `json:"veth2" yaml:"veth2"`
+}
+
 // PoolConfig represents the configuration for a storage pool.
 type PoolConfig struct {
 	// Name is the name of the storage pool.

test/vbmctl/pkg/config/config.go

@@ -101,6 +101,9 @@ type Spec struct {
 
 	// ImageServer contains configuration for the image server.
 	ImageServer *vbmctlapi.ImageServerConfig `json:"imageServer,omitempty" yaml:"imageServer,omitempty"`
+
+	// VethPairs is a list of interfaces that should be connected with a veth-pair.
+	VethPairs []vbmctlapi.VethPair `json:"vethPairs,omitempty" yaml:"vethPairs,omitempty"`
 }
 
 // LibvirtConfig contains libvirt connection settings.

test/vbmctl/pkg/network/ip.go

@@ -0,0 +1,134 @@
+//go:build vbmctl
+// +build vbmctl
+
+package network
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"log"
+
+	vbmctlapi "github.com/metal3-io/baremetal-operator/test/vbmctl/pkg/api"
+	"github.com/vishvananda/netlink"
+)
+
+var ErrVethExistsWithWrongParams = errors.New("veth interface exists with different parameters")
+
+func ConnectWithVeth(_ context.Context, network1 string, network2 string, vethpeer1 string, vethpeer2 string) error {
+	// Get masters
+	master1, err := netlink.LinkByName(network1)
+	if err != nil {
+		return fmt.Errorf("failed to get network interface %s: %w", network1, err)
+	}
+	master2, err := netlink.LinkByName(network2)
+	if err != nil {
+		return fmt.Errorf("failed to get network interface %s: %w", network2, err)
+	}
+
+	// Check if pair exists and has correct masters
+	veth1, err1 := netlink.LinkByName(vethpeer1)
+	veth2, err2 := netlink.LinkByName(vethpeer2)
+	if err1 == nil && err2 == nil {
+		// Return error if the masters is wrong. Someone has created and
+		// configured the interfaces already, and we don't want to break their
+		// configuration by modifying the interfaces.
+		if veth1.Attrs().MasterIndex != master1.Attrs().Index {
+			return ErrVethExistsWithWrongParams
+		}
+		if veth2.Attrs().MasterIndex != master2.Attrs().Index {
+			return ErrVethExistsWithWrongParams
+		}
+		// Veth pair exists and has correct masters
+		return nil
+	}
+
+	// Check for unknown errors
+	var notFound netlink.LinkNotFoundError
+	if !errors.As(err1, &notFound) || !errors.As(err2, &notFound) {
+		return fmt.Errorf("error checking interfaces: %w AND %w", err1, err2)
+	}
+
+	la := netlink.NewLinkAttrs()
+	la.Name = vethpeer1
+	veth := &netlink.Veth{
+		LinkAttrs: la,
+		PeerName:  vethpeer2,
+	}
+	err = netlink.LinkAdd(veth)
+	if err != nil {
+		return fmt.Errorf("could not add vethpair %s: %w", la.Name, err)
+	}
+
+	// Get the newly created interfaces and configure them
+	veth1, err = netlink.LinkByName(vethpeer1)
+	if err != nil {
+		return fmt.Errorf("failed to get veth interface %s: %w", vethpeer1, err)
+	}
+	veth2, err = netlink.LinkByName(vethpeer2)
+	if err != nil {
+		return fmt.Errorf("failed to get veth interface %s: %w", vethpeer2, err)
+	}
+
+	if err := netlink.LinkSetUp(veth1); err != nil {
+		return fmt.Errorf("failed to bring up veth interface %s: %w", vethpeer1, err)
+	}
+	if err := netlink.LinkSetUp(veth2); err != nil {
+		return fmt.Errorf("failed to bring up veth interface %s: %w", vethpeer2, err)
+	}
+
+	if err := netlink.LinkSetMaster(veth1, master1); err != nil {
+		return fmt.Errorf("failed to set master %s for veth %s: %w", network1, vethpeer1, err)
+	}
+	if err := netlink.LinkSetMaster(veth2, master2); err != nil {
+		return fmt.Errorf("failed to set master %s for veth %s: %w", network2, vethpeer2, err)
+	}
+	return nil
+}
+
+func ConnectAllWithVeth(ctx context.Context, vethPairs []vbmctlapi.VethPair) error {
+	createdPairs := make([]vbmctlapi.VethPair, 0, len(vethPairs))
+	for _, pair := range vethPairs {
+		err := ConnectWithVeth(ctx, pair.Master1, pair.Master2, pair.Veth1, pair.Veth2)
+		if err != nil {
+			// Clean up previously created pairs
+			log.Printf("Failed to create veth pair %s, cleaning up %d previously created pair(s)\n", pair.Veth1, len(createdPairs))
+			for _, created := range createdPairs {
+				if delErr := DeleteLink(ctx, created.Veth1); delErr != nil {
+					log.Printf("Warning: failed to clean up veth pair %s: %v\n", created.Veth1, delErr)
+				}
+			}
+			return fmt.Errorf("failed to create veth pair %s: %w", pair.Veth1, err)
+		}
+		createdPairs = append(createdPairs, pair)
+	}
+	return nil
+}
+
+func DeleteLink(_ context.Context, link string) error {
+	l, err := netlink.LinkByName(link)
+	var notFound netlink.LinkNotFoundError
+	if !errors.As(err, &notFound) {
+		log.Printf("cannot delete network interface, interface %s does not exist", link)
+		return nil
+	}
+	if err != nil {
+		return fmt.Errorf("failed to get network interface %s: %w", link, err)
+	}
+
+	if err := netlink.LinkDel(l); err != nil {
+		return fmt.Errorf("failed to delete network interface %s: %w", link, err)
+	}
+	return nil
+}
+
+func DeleteAllVeth(ctx context.Context, vethPairs []vbmctlapi.VethPair) error {
+	var lastErr error
+	for _, pair := range vethPairs {
+		if err := DeleteLink(ctx, pair.Veth1); err != nil {
+			log.Printf("Error deleting veth pair %s: %v\n", pair.Veth1, err)
+			lastErr = err
+		}
+	}
+	return lastErr
+}