Implementation for new systemd configuration method

Makefile

@@ -138,6 +138,9 @@ vet:
 generate: controller-gen
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
+mock-generate: gomock
+	go generate ./...
+
 CONTROLLER_GEN = $(BIN_DIR)/controller-gen
 controller-gen: ## Download controller-gen locally if necessary.
 	$(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.9.0)
@@ -150,6 +153,10 @@ ENVTEST = $(BIN_DIR)/setup-envtest
 envtest: ## Download envtest-setup locally if necessary.
 	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
 
+GOMOCK = $(shell pwd)/bin/mockgen
+gomock:
+	$(call go-get-tool,$(GOMOCK),github.com/golang/mock/mockgen@v1.6.0)
+
 # go-install-tool will 'go install' any package $2 and install it to $1.
 define go-install-tool
 @[ -f $(1) ] || { \

api/v1/helper.go

@@ -57,6 +57,13 @@ const (
 	SupportedNicIDConfigmap = "supported-nic-ids"
 )
 
+type ConfigurationModeType string
+
+const (
+	DaemonConfigurationMode  ConfigurationModeType = "daemon"
+	SystemdConfigurationMode ConfigurationModeType = "systemd"
+)
+
 func (e NetFilterType) String() string {
 	switch e {
 	case OpenstackNetworkID:
@@ -66,7 +73,7 @@ func (e NetFilterType) String() string {
 	}
 }
 
-func InitNicIDMap(client kubernetes.Interface, namespace string) error {
+func InitNicIDMapFromConfigMap(client kubernetes.Interface, namespace string) error {
 	cm, err := client.CoreV1().ConfigMaps(namespace).Get(
 		context.Background(),
 		SupportedNicIDConfigmap,
@@ -79,9 +86,14 @@ func InitNicIDMap(client kubernetes.Interface, namespace string) error {
 	for _, v := range cm.Data {
 		NicIDMap = append(NicIDMap, v)
 	}
+
 	return nil
 }
 
+func InitNicIDMapFromList(idList []string) {
+	NicIDMap = append(NicIDMap, idList...)
+}
+
 func IsSupportedVendor(vendorID string) bool {
 	for _, n := range NicIDMap {
 		ids := strings.Split(n, " ")

api/v1/sriovoperatorconfig_types.go

@@ -39,6 +39,10 @@ type SriovOperatorConfigSpec struct {
 	DisableDrain bool `json:"disableDrain,omitempty"`
 	// Flag to enable OVS hardware offload. Set to 'true' to provision switchdev-configuration.service and enable OpenvSwitch hw-offload on nodes.
 	EnableOvsOffload bool `json:"enableOvsOffload,omitempty"`
+	// Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot
+	// Default mode: daemon
+	// +kubebuilder:validation:Enum=daemon;systemd
+	ConfigurationMode ConfigurationModeType `json:"configurationMode,omitempty"`
 }
 
 // SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig

bindata/manifests/daemon/daemonset.yaml

@@ -26,7 +26,7 @@ spec:
       hostPID: true
       nodeSelector:
         kubernetes.io/os: linux
-        node-role.kubernetes.io/worker:
+        node-role.kubernetes.io/worker: ""
       tolerations:
       - operator: Exists
       serviceAccountName: sriov-network-config-daemon
@@ -37,16 +37,66 @@ spec:
       - name: {{ . }}
       {{- end }}
       {{- end }}
+      initContainers:
+        - name: sriov-cni
+          image: {{.SRIOVCNIImage}}
+          command:
+            - /bin/sh
+            - -c
+            - cp /usr/bin/sriov /host/opt/cni/bin/
+          securityContext:
+            privileged: true
+          resources:
+            requests:
+              cpu: 10m
+              memory: 10Mi
+          volumeMounts:
+            - name: cnibin
+              mountPath: /host/opt/cni/bin
+        - name: sriov-infiniband-cni
+          image: {{.SRIOVInfiniBandCNIImage}}
+          command:
+            - /bin/sh
+            - -c
+            - cp /usr/bin/ib-sriov /host/opt/cni/bin/
+          securityContext:
+            privileged: true
+          resources:
+            requests:
+              cpu: 10m
+              memory: 10Mi
+          volumeMounts:
+            - name: cnibin
+              mountPath: /host/opt/cni/bin
+      {{- if .UsedSystemdMode}}
+        - name: sriov-service-copy
+          image: {{.Image}}
+          command:
+            - /bin/bash
+            - -c
+            - mkdir -p /host/var/lib/sriov/ && cp /usr/bin/sriov-network-config-daemon /host/var/lib/sriov/sriov-network-config-daemon && chcon -t bin_t /host/var/lib/sriov/sriov-network-config-daemon | true # Allow systemd to run the file, use pipe true to not failed if the system doesn't have selinux or apparmor enabled
+          securityContext:
+            privileged: true
+          resources:
+            requests:
+              cpu: 10m
+              memory: 10Mi
+          volumeMounts:
+            - name: host
+              mountPath: /host
+      {{- end }}
       containers:
       - name: sriov-network-config-daemon
         image: {{.Image}}
         command:
           - sriov-network-config-daemon
-        imagePullPolicy: IfNotPresent
         securityContext:
           privileged: true
         args:
           - "start"
+        {{- if .UsedSystemdMode}}
+          - --use-systemd-service
+        {{- end }}
         env:
           - name: NODE_NAME
             valueFrom:
@@ -71,28 +121,6 @@ spec:
           preStop:
             exec:
               command: ["/bindata/scripts/clean-k8s-services.sh"]
-      - name: sriov-cni
-        image: {{.SRIOVCNIImage}}
-        securityContext:
-          privileged: true
-        resources:
-          requests:
-            cpu: 10m
-            memory: 10Mi
-        volumeMounts:
-        - name: cnibin
-          mountPath: /host/opt/cni/bin
-      - name: sriov-infiniband-cni
-        image: {{.SRIOVInfiniBandCNIImage}}
-        securityContext:
-          privileged: true
-        resources:
-          requests:
-            cpu: 10m
-            memory: 10Mi
-        volumeMounts:
-        - name: cnibin
-          mountPath: /host/opt/cni/bin
       volumes:
       - name: host
         hostPath:

bindata/manifests/sriov-config-service/kubernetes/sriov-config-service.yaml

@@ -0,0 +1,15 @@
+contents: |
+  [Unit]
+  Description=Configures SRIOV NIC
+  Wants=network-pre.target
+  Before=network-pre.target
+
+  [Service]
+  Type=oneshot
+  ExecStart=/var/lib/sriov/sriov-network-config-daemon service
+  StandardOutput=journal+console
+
+  [Install]
+  WantedBy=multi-user.target
+enabled: true
+name: sriov-config.service

bindata/manifests/sriov-config-service/openshift/sriov-config-service.yaml

@@ -0,0 +1,30 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: sriov-config-service
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    systemd:
+      units:
+        - contents: |
+            [Unit]
+            Description=Configures SRIOV NIC
+            # Removal of this file signals firstboot completion
+            ConditionPathExists=!/etc/ignition-machine-config-encapsulated.json
+            # This service is used to configure the SR-IOV VFs on NICs
+            Wants=network-pre.target
+            Before=network-pre.target
+
+            [Service]
+            Type=oneshot
+            ExecStart=/var/lib/sriov/sriov-network-config-daemon service -v {{ .LogLevel }}
+            StandardOutput=journal+console
+
+            [Install]
+            WantedBy=multi-user.target
+          enabled: true
+          name: "sriov-config.service"

cmd/sriov-network-config-daemon/main.go

@@ -1,3 +1,18 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
 package main
 
 import (