refactor: runtime pre-built images and remove node22-demo#35
Closed
refactor: runtime pre-built images and remove node22-demo#35
Conversation
- cloudflare-cleanup: only reload cloudflared if already running during cleanup - cloudflare plugin: use full hostnames list for cleanup on partial setup failure - cloudflare service: don't rethrow from finally in start() to avoid masking errors - install.sh: kill only vmsan-managed cloudflared via PID file instead of killall - install.sh: remove invalid JWT format validation for Cloudflare API tokens
…upport to installer
When Cloudflare is configured, the cloudflare plugin sets skipDnat=true via the beforeCreate hook. This skips DNAT iptables rules and port conflict checks, allowing multiple VMs to use the same port since each gets its own tunnel hostname. DNAT remains active when Cloudflare is not configured.
Delete tunnel via API during uninstall and handle 409 conflict in createTunnel by cleaning up stale tunnels before retrying.
…nfig updates Use config_src: cloudflare instead of local. cloudflared runs with --token and receives config updates via edge-push when pushConfig() is called. No more restart/reload on VM create or stop.
Reorder uninstall: stop VMs first (while vmsan CLI is still available), kill orphan VM processes, clean TAP/veth interfaces, delete vmsan-* network namespaces, then remove iptables rules.
- Extract sleepSync/sleepAsync to shared utils, remove duplicate SharedArrayBuffer - Fix removeDns inverted retry loop that polled when records didn't exist - Add bulk addRoutes to avoid N+1 file I/O per hostname - Deduplicate CNAME record payload in addDns - Use cleanupCloudflareResources in vm:beforeStop instead of reimplementing - Parallelize DNS cleanup with Promise.all - Remove unused error factories (tokenInvalid, tokenInactive, noZoneForDomain) - Remove unsafe Record<string,unknown> cast in plugin hook - Merge duplicate uninstall loops in install.sh
- Validate PID ownership before killing cloudflared during uninstall - Mask API token input with read -rs - Guard against empty ports in setupTunnelRoutes and vm:afterStart - Resolve account by domain zone first to avoid multi-account mismatch
Remove the node22-demo runtime, welcome page generation, and all related dead code. Runtime images are now pre-built during install.
- Add findRuntimeRootfs() for node22, node24, python3.13 runtimes - Build runtime ext4 images during vmsan install via Docker - Disable agent injection for --from-image (keeps image intact) - Fix cache key bug in resolveImageRootfs (minimal vs full) - Use proper error types instead of bare Error()
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (31)
📝 WalkthroughWalkthroughThis PR introduces Cloudflare Tunnel integration for VM networking with tunnel lifecycle management, adds support for pre-built runtime images (node22, node24, python3.13), extends the installation script with interactive cloudflared setup, and removes the welcome page feature. It also implements skipDnat for selective DNAT rule bypassing and enhances error handling throughout. Changes
Sequence DiagramsequenceDiagram
participant VM as VM Lifecycle
participant Plugin as Cloudflare Plugin
participant Service as CloudflareService
participant CF as Cloudflare API
participant DNS as DNS Provider
Note over VM,DNS: VM Creation Flow with Cloudflare Tunnel
VM->>Plugin: vm:beforeCreate
activate Plugin
Plugin->>Service: isConfigured()
Plugin->>Service: isInstalled()
alt Cloudflare configured
Plugin->>Service: Validate cloudflared present
Plugin->>VM: Set skipDnat=true
end
deactivate Plugin
VM->>VM: Create VM with ports
VM->>Plugin: vm:afterCreate
activate Plugin
Plugin->>Service: createTunnel()
activate Service
Service->>CF: Create Cloudflare tunnel
CF-->>Service: tunnelId, tunnelToken
Service->>Service: Store tunnel config
deactivate Service
Plugin->>Service: setupTunnelRoutes()
activate Service
Service->>Service: addRoutes() for VM ports
Service->>Service: pushConfigWithRetry()
activate Service
Service->>CF: Update tunnel ingress config
CF-->>Service: OK
deactivate Service
Service->>DNS: addDns() for hostnames
DNS-->>Service: CNAME created
Service->>VM: Update state.tunnelHostnames
deactivate Service
deactivate Plugin
VM->>Plugin: vm:afterStart
activate Plugin
alt Cloudflare configured
Plugin->>Service: Restore tunnelHostnames from state
end
deactivate Plugin
VM->>Plugin: vm:beforeStop
activate Plugin
alt Cloudflare configured
Plugin->>Service: cleanupCloudflareResources()
activate Service
Service->>Service: removeRoute(vmId)
Service->>CF: pushConfigWithRetry()
CF-->>Service: OK
Service->>DNS: removeDns() for each hostname
DNS-->>Service: CNAME removed
deactivate Service
end
deactivate Plugin
Note over VM,DNS: VM Cleanup Complete
Estimated Code Review Effort🎯 4 (Complex) | ⏱️ ~50 minutes Possibly Related PRs
Poem
✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
node22-demoruntime and all welcome-page generation codenode22,node24,python3.13) built duringvmsan installvia Docker--from-imagenow keeps the user image intact without injecting the agentresolveImageRootfs(minimal vs full builds)Error()$prefix)Test plan
vmsan installbuilds 3 runtime images in~/.vmsan/rootfs/vmsan create --runtime node22 --connectworks with agentvmsan create --from-image node:22creates VM without agent (with warning)vmsan create --from-image node:22 --connectshows clear errorbun run buildpassesSummary by CodeRabbit
Release Notes
New Features
--skip-dnatoption to bypass port forwarding configurationImprovements
Deprecations