duende_core/adapters/

pepita.rs

//! pepita MicroVM adapter implementation.
//!
//! Provides daemon management via pepita microVMs with vsock communication.
//!
//! pepita is PAIML's lightweight microVM implementation similar to Firecracker,
//! optimized for running single-purpose daemons with minimal overhead.

use crate::adapter::{DaemonHandle, PlatformAdapter, PlatformError, PlatformResult, TracerHandle};
use crate::daemon::Daemon;
use crate::platform::Platform;
use crate::types::{DaemonStatus, FailureReason, Signal};

use async_trait::async_trait;
use std::collections::HashMap;
use std::sync::Arc;
use std::sync::atomic::{AtomicU32, Ordering};
use tokio::sync::RwLock;

/// Vsock CID allocator.
static NEXT_CID: AtomicU32 = AtomicU32::new(3); // CID 0-2 are reserved

/// pepita MicroVM adapter.
///
/// Manages daemons inside lightweight microVMs via vsock communication.
///
/// # Architecture
///
/// ```text
/// Host                          MicroVM
/// ┌─────────────────┐          ┌─────────────────┐
/// │  PepitaAdapter  │          │  pepita guest   │
/// │  ┌───────────┐  │  vsock   │  ┌───────────┐  │
/// │  │ VmManager ├──┼──────────┼──┤ DaemonCtl │  │
/// │  └───────────┘  │          │  └───────────┘  │
/// └─────────────────┘          └─────────────────┘
/// ```
///
/// # Requirements
///
/// - Linux with KVM support (`/dev/kvm`)
/// - pepita VMM installed
/// - Kernel and rootfs images for guests
///
/// # Example
///
/// ```rust,ignore
/// use duende_core::adapters::PepitaAdapter;
/// use duende_core::PlatformAdapter;
///
/// let adapter = PepitaAdapter::new();
/// let handle = adapter.spawn(my_daemon).await?;
/// ```
pub struct PepitaAdapter {
    /// Vsock base port for daemon communication
    vsock_base_port: u32,
    /// Running VMs indexed by daemon ID
    vms: Arc<RwLock<HashMap<uuid::Uuid, VmInfo>>>,
    /// Default kernel path
    default_kernel: Option<String>,
    /// Default rootfs path
    default_rootfs: Option<String>,
}

/// Information about a running VM.
#[derive(Debug, Clone)]
#[allow(dead_code)] // Fields used for future VM management operations
struct VmInfo {
    /// VM identifier
    vm_id: String,
    /// Vsock CID
    vsock_cid: u32,
    /// Process ID of VMM process (if spawned locally)
    vmm_pid: Option<u32>,
    /// Current VM state
    state: VmState,
}

/// VM state.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
#[allow(dead_code)] // Variants used for future VM state management
enum VmState {
    /// VM is starting
    Starting,
    /// VM is running
    Running,
    /// VM is paused
    Paused,
    /// VM has stopped
    Stopped,
    /// VM failed
    Failed,
}

impl PepitaAdapter {
    /// Creates a new pepita adapter with default settings.
    #[must_use]
    pub fn new() -> Self {
        Self {
            vsock_base_port: 5000,
            vms: Arc::new(RwLock::new(HashMap::new())),
            default_kernel: None,
            default_rootfs: None,
        }
    }

    /// Creates a pepita adapter with custom vsock base port.
    #[must_use]
    pub fn with_vsock_port(vsock_base_port: u32) -> Self {
        Self {
            vsock_base_port,
            vms: Arc::new(RwLock::new(HashMap::new())),
            default_kernel: None,
            default_rootfs: None,
        }
    }

    /// Creates a pepita adapter with kernel and rootfs paths.
    #[must_use]
    pub fn with_images(kernel: impl Into<String>, rootfs: impl Into<String>) -> Self {
        Self {
            vsock_base_port: 5000,
            vms: Arc::new(RwLock::new(HashMap::new())),
            default_kernel: Some(kernel.into()),
            default_rootfs: Some(rootfs.into()),
        }
    }

    /// Returns the vsock base port.
    #[must_use]
    pub const fn vsock_base_port(&self) -> u32 {
        self.vsock_base_port
    }

    /// Allocates a new vsock CID.
    fn allocate_cid() -> u32 {
        NEXT_CID.fetch_add(1, Ordering::Relaxed)
    }

    /// Generates a VM ID from daemon name.
    fn vm_id(daemon_name: &str) -> String {
        format!(
            "duende-vm-{}",
            daemon_name.replace(' ', "-").replace('_', "-")
        )
    }

    /// Checks if KVM is available.
    fn kvm_available() -> bool {
        std::path::Path::new("/dev/kvm").exists()
    }

    /// Checks if pepita VMM is installed.
    async fn pepita_available() -> bool {
        tokio::process::Command::new("pepita")
            .arg("--version")
            .output()
            .await
            .map(|o| o.status.success())
            .unwrap_or(false)
    }

    /// Maps Signal to signal number for vsock command.
    fn signal_number(sig: Signal) -> i32 {
        match sig {
            Signal::Term => 15,
            Signal::Kill => 9,
            Signal::Int => 2,
            Signal::Quit => 3,
            Signal::Hup => 1,
            Signal::Usr1 => 10,
            Signal::Usr2 => 12,
            Signal::Stop => 19,
            Signal::Cont => 18,
        }
    }
}

impl Default for PepitaAdapter {
    fn default() -> Self {
        Self::new()
    }
}

#[async_trait]
impl PlatformAdapter for PepitaAdapter {
    fn platform(&self) -> Platform {
        Platform::PepitaMicroVM
    }

    async fn spawn(&self, daemon: Box<dyn Daemon>) -> PlatformResult<DaemonHandle> {
        // Check prerequisites
        if !Self::kvm_available() {
            return Err(PlatformError::spawn_failed(
                "KVM not available: /dev/kvm not found. Ensure KVM is enabled and you have permissions.",
            ));
        }

        if !Self::pepita_available().await {
            return Err(PlatformError::spawn_failed(
                "pepita VMM not found. Install pepita or add it to PATH.",
            ));
        }

        let kernel = self.default_kernel.as_ref().ok_or_else(|| {
            PlatformError::Config(
                "No kernel image configured. Use with_images() to set kernel path.".into(),
            )
        })?;

        let rootfs = self.default_rootfs.as_ref().ok_or_else(|| {
            PlatformError::Config(
                "No rootfs image configured. Use with_images() to set rootfs path.".into(),
            )
        })?;

        let daemon_name = daemon.name().to_string();
        let daemon_id = daemon.id();
        let vm_id = Self::vm_id(&daemon_name);
        let vsock_cid = Self::allocate_cid();

        // Build pepita command
        // pepita run --kernel <path> --rootfs <path> --vsock-cid <cid> --memory <mb> --cpus <n>
        let output = tokio::process::Command::new("pepita")
            .arg("run")
            .arg("--kernel")
            .arg(kernel)
            .arg("--rootfs")
            .arg(rootfs)
            .arg("--vsock-cid")
            .arg(vsock_cid.to_string())
            .arg("--memory")
            .arg("256") // Default 256MB
            .arg("--cpus")
            .arg("1")
            .arg("--name")
            .arg(&vm_id)
            .arg("--daemon") // Run in background
            .output()
            .await
            .map_err(|e| PlatformError::spawn_failed(format!("Failed to execute pepita: {}", e)))?;

        if !output.status.success() {
            let stderr = String::from_utf8_lossy(&output.stderr);
            return Err(PlatformError::spawn_failed(format!(
                "pepita run failed: {}",
                stderr
            )));
        }

        // Store VM info
        let vm_info = VmInfo {
            vm_id: vm_id.clone(),
            vsock_cid,
            vmm_pid: None, // pepita manages this internally
            state: VmState::Running,
        };

        self.vms.write().await.insert(*daemon_id.as_uuid(), vm_info);

        Ok(DaemonHandle::pepita(daemon_id, vm_id, vsock_cid))
    }

    async fn signal(&self, handle: &DaemonHandle, sig: Signal) -> PlatformResult<()> {
        let (vm_id, _vsock_cid) = match (handle.pepita_vm_id(), handle.vsock_cid()) {
            (Some(id), Some(cid)) => (id, cid),
            _ => {
                return Err(PlatformError::spawn_failed(
                    "Invalid handle type for pepita adapter",
                ));
            }
        };

        // Send signal via vsock or pepita CLI
        // pepita signal --name <vm_id> --signal <sig>
        let output = tokio::process::Command::new("pepita")
            .arg("signal")
            .arg("--name")
            .arg(vm_id)
            .arg("--signal")
            .arg(Self::signal_number(sig).to_string())
            .output()
            .await
            .map_err(|e| {
                PlatformError::signal_failed(format!("Failed to execute pepita: {}", e))
            })?;

        if !output.status.success() {
            let stderr = String::from_utf8_lossy(&output.stderr);
            return Err(PlatformError::signal_failed(format!(
                "pepita signal failed: {}",
                stderr
            )));
        }

        // Update state if stopping
        if matches!(sig, Signal::Term | Signal::Kill) {
            if let Some(vm_info) = self.vms.write().await.get_mut(handle.id().as_uuid()) {
                vm_info.state = VmState::Stopped;
            }
        }

        Ok(())
    }

    async fn status(&self, handle: &DaemonHandle) -> PlatformResult<DaemonStatus> {
        let vm_id = handle
            .pepita_vm_id()
            .ok_or_else(|| PlatformError::spawn_failed("Invalid handle type for pepita adapter"))?;

        // Query pepita for VM status
        // pepita status --name <vm_id> --json
        let output = tokio::process::Command::new("pepita")
            .arg("status")
            .arg("--name")
            .arg(vm_id)
            .arg("--json")
            .output()
            .await
            .map_err(|e| {
                PlatformError::status_failed(format!("Failed to execute pepita: {}", e))
            })?;

        if !output.status.success() {
            // VM not found = stopped
            return Ok(DaemonStatus::Stopped);
        }

        let stdout = String::from_utf8_lossy(&output.stdout);

        // Parse JSON status
        if stdout.contains("\"state\": \"running\"") || stdout.contains("\"state\":\"running\"") {
            Ok(DaemonStatus::Running)
        } else if stdout.contains("\"state\": \"paused\"") {
            Ok(DaemonStatus::Paused)
        } else if stdout.contains("\"state\": \"failed\"") {
            Ok(DaemonStatus::Failed(FailureReason::ExitCode(1)))
        } else {
            Ok(DaemonStatus::Stopped)
        }
    }

    async fn attach_tracer(&self, handle: &DaemonHandle) -> PlatformResult<TracerHandle> {
        let vsock_cid = handle
            .vsock_cid()
            .ok_or_else(|| PlatformError::spawn_failed("Invalid handle type for pepita adapter"))?;

        if vsock_cid == 0 {
            return Err(PlatformError::tracer_failed("VM not running"));
        }

        // Return a remote vsock-based tracer handle
        Ok(TracerHandle::remote_vsock(handle.id()))
    }
}

impl PepitaAdapter {
    /// Stops and destroys a VM.
    pub async fn destroy(&self, vm_id: &str) -> PlatformResult<()> {
        let output = tokio::process::Command::new("pepita")
            .arg("destroy")
            .arg("--name")
            .arg(vm_id)
            .arg("--force")
            .output()
            .await
            .map_err(|e| PlatformError::spawn_failed(format!("Failed to execute pepita: {}", e)))?;

        if !output.status.success() {
            // Ignore errors - VM might already be destroyed
        }

        Ok(())
    }

    /// Lists all running VMs.
    pub async fn list_vms(&self) -> PlatformResult<Vec<String>> {
        let output = tokio::process::Command::new("pepita")
            .arg("list")
            .arg("--format")
            .arg("name")
            .output()
            .await
            .map_err(|e| PlatformError::spawn_failed(format!("Failed to execute pepita: {}", e)))?;

        if !output.status.success() {
            return Ok(Vec::new());
        }

        let stdout = String::from_utf8_lossy(&output.stdout);
        Ok(stdout.lines().map(|s| s.to_string()).collect())
    }
}

// Extend DaemonHandle for pepita-specific accessors
impl crate::adapter::DaemonHandle {
    /// Returns the pepita VM ID, if applicable.
    #[must_use]
    pub fn pepita_vm_id(&self) -> Option<&str> {
        match self.handle_data() {
            crate::adapter::HandleData::Pepita { vm_id, .. } => Some(vm_id),
            _ => None,
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_pepita_adapter_new() {
        let adapter = PepitaAdapter::new();
        assert_eq!(adapter.vsock_base_port(), 5000);
        assert_eq!(adapter.platform(), Platform::PepitaMicroVM);
    }

    #[test]
    fn test_pepita_adapter_with_vsock_port() {
        let adapter = PepitaAdapter::with_vsock_port(9000);
        assert_eq!(adapter.vsock_base_port(), 9000);
    }

    #[test]
    fn test_pepita_adapter_with_images() {
        let adapter = PepitaAdapter::with_images("/boot/vmlinuz", "/var/lib/rootfs.img");
        assert!(adapter.default_kernel.is_some());
        assert!(adapter.default_rootfs.is_some());
    }

    #[test]
    fn test_pepita_adapter_default() {
        let adapter = PepitaAdapter::default();
        assert_eq!(adapter.platform(), Platform::PepitaMicroVM);
    }

    #[test]
    fn test_vm_id_generation() {
        assert_eq!(PepitaAdapter::vm_id("my-daemon"), "duende-vm-my-daemon");
        assert_eq!(PepitaAdapter::vm_id("my daemon"), "duende-vm-my-daemon");
    }

    #[test]
    fn test_allocate_cid() {
        let cid1 = PepitaAdapter::allocate_cid();
        let cid2 = PepitaAdapter::allocate_cid();
        assert!(cid2 > cid1);
    }

    #[test]
    fn test_signal_number() {
        assert_eq!(PepitaAdapter::signal_number(Signal::Term), 15);
        assert_eq!(PepitaAdapter::signal_number(Signal::Kill), 9);
    }

    #[tokio::test]
    async fn test_pepita_adapter_spawn_fails_without_kvm() {
        // Skip if KVM is available (would need pepita)
        if PepitaAdapter::kvm_available() {
            return;
        }

        let adapter = PepitaAdapter::with_images("/boot/vmlinuz", "/rootfs.img");

        struct TestDaemon {
            id: crate::types::DaemonId,
            metrics: crate::metrics::DaemonMetrics,
        }

        #[async_trait::async_trait]
        impl crate::daemon::Daemon for TestDaemon {
            fn id(&self) -> crate::types::DaemonId {
                self.id
            }
            fn name(&self) -> &str {
                "test"
            }
            async fn init(&mut self, _: &crate::config::DaemonConfig) -> crate::error::Result<()> {
                Ok(())
            }
            async fn run(
                &mut self,
                _: &mut crate::daemon::DaemonContext,
            ) -> crate::error::Result<crate::types::ExitReason> {
                Ok(crate::types::ExitReason::Graceful)
            }
            async fn shutdown(&mut self, _: std::time::Duration) -> crate::error::Result<()> {
                Ok(())
            }
            async fn health_check(&self) -> crate::types::HealthStatus {
                crate::types::HealthStatus::healthy(1)
            }
            fn metrics(&self) -> &crate::metrics::DaemonMetrics {
                &self.metrics
            }
        }

        let daemon = TestDaemon {
            id: crate::types::DaemonId::new(),
            metrics: crate::metrics::DaemonMetrics::new(),
        };

        let result = adapter.spawn(Box::new(daemon)).await;
        assert!(result.is_err());
        // Should fail because KVM is not available
        let err = result.unwrap_err();
        assert!(err.to_string().contains("KVM") || err.to_string().contains("pepita"));
    }

    // ==================== Extended Tests for Coverage ====================

    #[test]
    fn test_signal_number_all_signals() {
        assert_eq!(PepitaAdapter::signal_number(Signal::Int), 2);
        assert_eq!(PepitaAdapter::signal_number(Signal::Quit), 3);
        assert_eq!(PepitaAdapter::signal_number(Signal::Hup), 1);
        assert_eq!(PepitaAdapter::signal_number(Signal::Usr1), 10);
        assert_eq!(PepitaAdapter::signal_number(Signal::Usr2), 12);
        assert_eq!(PepitaAdapter::signal_number(Signal::Stop), 19);
        assert_eq!(PepitaAdapter::signal_number(Signal::Cont), 18);
    }

    #[test]
    fn test_vm_id_variations() {
        assert_eq!(PepitaAdapter::vm_id("test"), "duende-vm-test");
        assert_eq!(PepitaAdapter::vm_id("test_daemon"), "duende-vm-test-daemon");
        assert_eq!(PepitaAdapter::vm_id("test-daemon"), "duende-vm-test-daemon");
        assert_eq!(PepitaAdapter::vm_id(""), "duende-vm-");
        assert_eq!(PepitaAdapter::vm_id("a b c"), "duende-vm-a-b-c");
    }

    #[test]
    fn test_kvm_available_check() {
        // This just tests that the function doesn't panic
        let _ = PepitaAdapter::kvm_available();
    }

    #[tokio::test]
    async fn test_pepita_available_check() {
        // pepita is likely not installed, so this should return false
        let available = PepitaAdapter::pepita_available().await;
        // We just verify it doesn't panic; result depends on system
        let _ = available;
    }

    #[test]
    fn test_vm_info_state() {
        let info = VmInfo {
            vm_id: "test".to_string(),
            vsock_cid: 10,
            vmm_pid: Some(1234),
            state: VmState::Running,
        };
        assert_eq!(info.vm_id, "test");
        assert_eq!(info.vsock_cid, 10);
        assert_eq!(info.vmm_pid, Some(1234));
        assert_eq!(info.state, VmState::Running);
    }

    #[test]
    fn test_vm_state_variants() {
        assert_eq!(VmState::Starting, VmState::Starting);
        assert_eq!(VmState::Running, VmState::Running);
        assert_eq!(VmState::Paused, VmState::Paused);
        assert_eq!(VmState::Stopped, VmState::Stopped);
        assert_eq!(VmState::Failed, VmState::Failed);
        assert_ne!(VmState::Running, VmState::Stopped);
    }

    #[test]
    fn test_vm_info_clone() {
        let info = VmInfo {
            vm_id: "clone-test".to_string(),
            vsock_cid: 20,
            vmm_pid: None,
            state: VmState::Paused,
        };
        let cloned = info.clone();
        assert_eq!(cloned.vm_id, "clone-test");
        assert_eq!(cloned.vsock_cid, 20);
    }

    #[test]
    fn test_vm_info_debug() {
        let info = VmInfo {
            vm_id: "debug-test".to_string(),
            vsock_cid: 30,
            vmm_pid: Some(5678),
            state: VmState::Running,
        };
        let debug = format!("{:?}", info);
        assert!(debug.contains("debug-test"));
        assert!(debug.contains("30"));
    }

    #[test]
    fn test_pepita_adapter_images_with_string() {
        let adapter = PepitaAdapter::with_images(
            String::from("/boot/vmlinuz"),
            String::from("/var/lib/rootfs.img"),
        );
        assert_eq!(adapter.default_kernel.as_deref(), Some("/boot/vmlinuz"));
        assert_eq!(adapter.default_rootfs.as_deref(), Some("/var/lib/rootfs.img"));
    }

    #[test]
    fn test_allocate_cid_sequence() {
        // Allocate several CIDs and verify they're increasing
        let cids: Vec<u32> = (0..5).map(|_| PepitaAdapter::allocate_cid()).collect();
        for i in 1..cids.len() {
            assert!(cids[i] > cids[i - 1]);
        }
    }

    #[tokio::test]
    async fn test_list_vms_without_pepita() {
        let adapter = PepitaAdapter::new();
        // Without pepita installed, this should return empty vec or error
        let result = adapter.list_vms().await;
        match result {
            Ok(vms) => {
                // Either empty or has some VMs
                let _ = vms;
            }
            Err(_) => {
                // Error is acceptable if pepita not installed
            }
        }
    }

    #[tokio::test]
    async fn test_destroy_nonexistent_vm() {
        let adapter = PepitaAdapter::new();
        // Should not panic even for nonexistent VM
        let result = adapter.destroy("nonexistent-vm").await;
        // Result depends on pepita availability, but should not panic
        let _ = result;
    }
}