Add support for CNI-configured network interfaces.

Signed-off-by: Erik Sipsma <[email protected]>

Author: sipsma

.buildkite/pipeline.yml

@@ -34,13 +34,16 @@ steps:
   - wait
 
   - label: 'build'
-    command: 'make'
+    commands:
+      - 'make'
+      - 'make -C cni'
     agents:
       queue: "${BUILDKITE_AGENT_META_DATA_QUEUE:-default}"
 
   - label: ':hammer: tests'
     commands:
       - 'ln -s /var/lib/fc-ci/vmlinux.bin testdata/vmlinux'
+      - 'ln -s /var/lib/fc-ci/rootfs.ext4 testdata/root-drive.img'
       - 'ln -s /usr/local/bin/firecracker-v0.17.0 testdata/firecracker'
       - 'ln -s /usr/local/bin/jailer-v0.17.0 testdata/jailer'
       - "DISABLE_ROOT_TESTS=true FC_TEST_TAP=fc-test-tap${BUILDKITE_BUILD_NUMBER} make test EXTRAGOARGS='-v -count=1'"
@@ -50,8 +53,10 @@ steps:
   - label: ':hammer: root tests'
     commands:
       - 'ln -s /var/lib/fc-ci/vmlinux.bin testdata/vmlinux'
+      - 'ln -s /var/lib/fc-ci/rootfs.ext4 testdata/root-drive.img'
       - 'cp /usr/local/bin/firecracker-v0.17.0 testdata/firecracker'
       - 'cp /usr/local/bin/jailer-v0.17.0 testdata/jailer'
+      - 'make -C cni install CNI_BIN_ROOT=$(pwd)/testdata/bin'
       - "sudo FC_TEST_TAP=fc-root-tap${BUILDKITE_BUILD_NUMBER} make test EXTRAGOARGS='-v -count=1'"
     agents:
       queue: "${BUILDKITE_AGENT_META_DATA_QUEUE:-default}"

CHANGELOG.md

@@ -1,3 +1,10 @@
+# 0.18.0
+* Adds support for configuring Network Interfaces via CNI (#126)
+* Moves NetworkInterface.HostDevName and NetworkInterface.MacAddress fields to
+  NetworkInterface.StaticConfiguration.HostDevName and NetworkInterface.StaticConfiguration.MacAddress
+  fields, respectively. This is a backwards incompatible change, users will need
+  to update the location of these fields. (#126)
+
 # 0.17.0
 
 * Fixes a bug where fifos were not working properly with jailer enabled (#96)

README.md

@@ -35,8 +35,110 @@ Network configuration
 ---
 
 Firecracker, by design, only supports Linux tap devices. The SDK
-provides facilities to attach a tap device to the Firecracker VM, but
-the client is responsible for further configuration.
+provides facilities to:
+* Attach a pre-created tap device, optionally with static IP configuration, to
+  the VM. This is referred to as a "static network interface".
+* Create a tap device via [CNI](https://github.com/containernetworking/cni) plugins, 
+  which will then be attached to the VM automatically by the SDK. This is referred 
+  to as a "CNI-configured network interface"
+  
+### CNI
+If a VM is configured with a CNI-configured network interface, by default CNI configuration
+files will be sought from `/etc/cni/conf.d` and CNI plugins will be sought under
+`/opt/cni/bin` (both of these values can be overridden via API fields). CNI network lists
+must be specified in a configuration file at this time.
+
+It's currently highly recommended to use CNI configuration that includes
+[tc-redirect-tap](cni/Makefile) as a chained plugin. This will allow you to
+adapt pre-existing CNI plugins/configuration to a tap device usable by a
+Firecracker VM.
+
+#### Example
+
+With the following file at `/etc/cni/conf.d/fcnet.conflist`:
+```
+{
+  "name": "fcnet",
+  "cniVersion": "0.3.1",
+  "plugins"": [
+    {
+      "type": "ptp",
+      "ipMasq": true,
+      "ipam": {
+        "type": "host-local",
+        "subnet": "192.168.127.0/24",
+        "resolvConf": "/etc/resolv.conf"
+      }
+    },
+    {
+      "type": "tc-redirect-tap"
+    }
+  ]
+}
+```
+
+and the 
+[`ptp`](https://github.com/containernetworking/plugins/tree/master/plugins/main/ptp), 
+[`host-local`](https://github.com/containernetworking/plugins/tree/master/plugins/ipam/host-local) 
+and [`tc-redirect-tap`](cni/Makefile)
+CNI plugin binaries installed under `/opt/cni/bin`, you can specify, in the Go SDK API, 
+a `Machine` with the following `NetworkInterface`:
+```go
+{
+  NetworkInterfaces: []firecracker.NetworkInterface{{
+    CNIConfiguration: &firecracker.CNIConfiguration{
+      NetworkName: "fcnet",
+      IfName: "veth0",
+    },
+  }}
+}
+```
+
+Note that `NetworkName` in the `CNIConfiguration` of the API matches the `name` field 
+specified inside the `/etc/cni/conf.d/fcnet.conflist` file.
+
+With the above configuration, when the Firecracker VM is started the SDK will invoke
+CNI and place the final VM inside the resultant network namespace. The end result being:
+* Outside the network namespace, a single veth endpoint created by the `ptp` plugin will
+  exist with a static IP from the `host-local` plugin (i.e. `192.168.127.1`)
+* Inside the VM's network namespace:
+    * The other side of the veth device will exist with name `veth0`, as specified by the
+      `IfName` parameter above, and a different IP (i.e. `192.168.127.2`)
+    * The tap device created by `tc-redirect-tap`, which will not have an IP but will have
+      all of its traffic mirrored with the `veth0` device
+* Inside the actual Firecracker VM guest:
+    * A network interface with the same IP as that of `veth0` (i.e. `192.168.127.2`)
+    * Traffic sent on this device will be mirrored with the external `veth0` device,
+      so from a practical perspective the VM's internal network interface will externally
+      appear the same as `veth0`
+    * The internal name of the interface is determined by the Guest OS, not the Firecracker
+      Go SDK.
+
+Note that the `ptp` and `host-local` plugins are not required, they are just used in this
+example. The `tc-redirect-tap` plugin can be chained after any CNI plugin that creates a
+network interface. It will setup the tap device to be mirrored with the `IfName` device
+created by any previous plugin. Any IP configuration on that `IfName` device will be
+applied statically to the VM's internal network interface on boot.
+
+Also note that use of CNI-configured network interfaces will require the SDK to be running with at least
+`CAP_SYS_ADMIN` and `CAP_NET_ADMIN` Linux capabilities (in order to have the 
+ability to create and configure network namespaces).
+
+### Network Setup Limitations
+These limitations are a result of the current implementation and may be lifted in the future:
+* For a given VM, if a CNI-configured network interface is specified or a static interface
+  that includes IP configuration is specified, the VM can only have a single
+  network interface, not multiple.
+  * Users can specify multiple static interfaces as long as none of them 
+    include IP configuration.
+* DNS nameserver settings will only be effective if the VM's rootfs makes
+  `/etc/resolv.conf` be a symlink to `/proc/net/pnp`.
+* Only up to 2 DNS nameservers can be configured within the VM internally.
+  * If a static network interface specifies more than 2, an error will be 
+    returned.
+  * If a CNI-configured network interface receives more than 2 nameservers from the CNI 
+    invocation result, the nameservers after the second will be ignored without 
+    error (in order to be compatible with pre-existing CNI plugins/configuration).
 
 Questions?
 ---

cni/Makefile

@@ -18,6 +18,9 @@ SOURCES:=$(shell find . -name '*.go' ! -name '*_test.go')
 GOMOD := $(shell go env GOMOD)
 GOSUM := $(GOMOD:.mod=.sum)
 
+# Set this to override the directory in which the tc-redirect-tap plugin is
+# installed by the "install" target
+CNI_BIN_ROOT?=/opt/cni/bin
 
 .PHONY: all
 all: tc-redirect-tap
@@ -26,7 +29,8 @@ tc-redirect-tap: $(SOURCES) $(GOMOD) $(GOSUM)
 	go build -o tc-redirect-tap $(CURDIR)/cmd/tc-redirect-tap
 
 .PHONY: install
-install:
+install: tc-redirect-tap
+	install -D -m755 -t $(CNI_BIN_ROOT) tc-redirect-tap
 
 .PHONY: test
 test:

example_test.go

@@ -180,14 +180,14 @@ func ExampleNetworkInterface_rateLimiting() {
 	// create the outbound rate limiter
 	outbound := firecracker.NewRateLimiter(bandwidthBuilder.Build(), opsBuilder.Build())
 
-	networkIfaces := []firecracker.NetworkInterface{
-		{
-			MacAddress:     "01-23-45-67-89-AB-CD-EF",
-			HostDevName:    "tap-name",
-			InRateLimiter:  inbound,
-			OutRateLimiter: outbound,
+	networkIfaces := []firecracker.NetworkInterface{{
+		StaticConfiguration: &firecracker.StaticNetworkConfiguration{
+			MacAddress:  "01-23-45-67-89-AB-CD-EF",
+			HostDevName: "tap-name",
 		},
-	}
+		InRateLimiter:  inbound,
+		OutRateLimiter: outbound,
+	}}
 
 	cfg := firecracker.Config{
 		SocketPath:      "/path/to/socket",

go.mod

@@ -1,17 +1,21 @@
 module github.com/firecracker-microvm/firecracker-go-sdk
 
+go 1.11
+
 require (
-	github.com/containernetworking/cni v0.7.1
+	github.com/containernetworking/cni v0.7.2-0.20190807151350-8c6c47d1c7fc
 	github.com/containernetworking/plugins v0.8.2
 	github.com/go-openapi/errors v0.17.1
 	github.com/go-openapi/runtime v0.17.1
 	github.com/go-openapi/strfmt v0.17.1
 	github.com/go-openapi/swag v0.17.1
 	github.com/go-openapi/validate v0.17.1
+	github.com/gofrs/uuid v3.2.0+incompatible
 	github.com/hashicorp/go-multierror v1.0.0
 	github.com/pkg/errors v0.8.1
 	github.com/sirupsen/logrus v1.1.1
+	github.com/sparrc/go-ping v0.0.0-20190613174326-4e5b6552494c
 	github.com/stretchr/testify v1.3.0
-	github.com/vishvananda/netlink v1.0.0
+	github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf
 	golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f
 )

go.sum

@@ -9,8 +9,8 @@ github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf h1:eg0MeVzs
 github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/containernetworking/cni v0.7.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.7.1 h1:fE3r16wpSEyaqY4Z4oFrLMmIGfBYIKpPrHK31EJ9FzE=
-github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
+github.com/containernetworking/cni v0.7.2-0.20190807151350-8c6c47d1c7fc h1:zUNdrf9w09mWodVhZ9hX4Yk4Uu84n/OgdfPattAwwt8=
+github.com/containernetworking/cni v0.7.2-0.20190807151350-8c6c47d1c7fc/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/plugins v0.8.2 h1:5lnwfsAYO+V7yXhysJKy3E1A2Gy9oVut031zfdOzI9w=
 github.com/containernetworking/plugins v0.8.2/go.mod h1:TxALKWZpWL79BC3GOYKJzzXr7U8R23PdhwaLp6F3adc=
 github.com/coreos/go-iptables v0.4.2/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
@@ -52,6 +52,8 @@ github.com/go-openapi/validate v0.17.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+
 github.com/go-openapi/validate v0.17.1 h1:RfQTLHm/gEu0oSUmbTOy0PMufjkE5/pPfnqYpor3WLc=
 github.com/go-openapi/validate v0.17.1/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
 github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
+github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
+github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/google/uuid v1.0.0 h1:b4Gk+7WdP/d3HZH8EJsZpvV7EtDOgaZLtnaNGIu1adA=
@@ -90,39 +92,33 @@ github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiB
 github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.1.1 h1:VzGj7lhU7KEB9e9gMpAV/v5XT2NVSvLJhJLCWbnkgXg=
 github.com/sirupsen/logrus v1.1.1/go.mod h1:zrgwTnHtNr00buQ1vSptGe8m1f/BbgsPukg8qsT7A+A=
-github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
+github.com/sparrc/go-ping v0.0.0-20190613174326-4e5b6552494c h1:gqEdF4VwBu3lTKGHS9rXE9x1/pEaSwCXRLOZRF6qtlw=
+github.com/sparrc/go-ping v0.0.0-20190613174326-4e5b6552494c/go.mod h1:eMyUVp6f/5jnzM+3zahzl7q6UXLbgSc3MKg/+ow9QW0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf h1:3J37+NPjNyGW/dbfXtj3yWuF9OEepIdGOXRaJGbORV8=
 github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
-github.com/vishvananda/netlink v1.0.0 h1:bqNY2lgheFIu1meHUFSH3d7vG93AFyqg3oGbJCOJgSM=
-github.com/vishvananda/netlink v1.0.0/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc h1:R83G5ikgLMxrBvLh22JhdfI8K6YXEPHx5P03Uu3DRs4=
 github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793 h1:u+LnwYTOOW7Ukr/fppxEb1Nwz0AtPflrblfvUudpo+I=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941 h1:qBTHLajHecfu+xzRI9PqVDcqx7SdHj9d4B+EzSn3tAc=
 golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/net v0.0.0-20181005035420-146acd28ed58 h1:otZG8yDCO4LVps5+9bxOeNiCvgmOyt96J3roHTYs7oE=
 golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1 h1:Y/KGZSOdz/2r0WJ9Mkmz6NJBusp0kiNx1Cn82lzJQ6w=
 golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 h1:I6FyU15t786LL7oL/hn43zqTuEGr4PN7F4XJ1p4E3Y8=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f h1:25KHgbfyiSm6vwQLbM3zZIe1v9p/3ea4Rz+nnM5K/i4=
 golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
 gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
-gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

handlers.go

@@ -30,9 +30,12 @@ const (
 	AddVsocksHandlerName               = "fcinit.AddVsocks"
 	SetMetadataHandlerName             = "fcinit.SetMetadata"
 	LinkFilesToRootFSHandlerName       = "fcinit.LinkFilesToRootFS"
+	SetupNetworkHandlerName            = "fcinit.SetupNetwork"
+	SetupKernelArgsHandlerName         = "fcinit.SetupKernelArgs"
 
-	ValidateCfgHandlerName       = "validate.Cfg"
-	ValidateJailerCfgHandlerName = "validate.JailerCfg"
+	ValidateCfgHandlerName        = "validate.Cfg"
+	ValidateJailerCfgHandlerName  = "validate.JailerCfg"
+	ValidateNetworkCfgHandlerName = "validate.NetworkCfg"
 )
 
 // HandlersAdapter is an interface used to modify a given set of handlers.
@@ -99,6 +102,13 @@ var JailerConfigValidationHandler = Handler{
 	},
 }
 
+var NetworkConfigValidationHandler = Handler{
+	Name: ValidateNetworkCfgHandlerName,
+	Fn: func(ctx context.Context, m *Machine) error {
+		return m.Cfg.ValidateNetwork()
+	},
+}
+
 // StartVMMHandler is a named handler that will handle starting of the VMM.
 // This handler will also set the exit channel on completion.
 var StartVMMHandler = Handler{
@@ -173,15 +183,34 @@ var AttachDrivesHandler = Handler{
 	},
 }
 
-// CreateNetworkInterfacesHandler is a named handler that sets up network
-// interfaces to the firecracker process.
+// CreateNetworkInterfacesHandler is a named handler that registers network
+// interfaces with the Firecracker VMM.
 var CreateNetworkInterfacesHandler = Handler{
 	Name: CreateNetworkInterfacesHandlerName,
 	Fn: func(ctx context.Context, m *Machine) error {
 		return m.createNetworkInterfaces(ctx, m.Cfg.NetworkInterfaces...)
 	},
 }
 
+// SetupNetworkHandler is a named handler that will setup the network namespace
+// and network interface configuration prior to the Firecracker VMM starting.
+var SetupNetworkHandler = Handler{
+	Name: SetupNetworkHandlerName,
+	Fn: func(ctx context.Context, m *Machine) error {
+		return m.setupNetwork(ctx)
+	},
+}
+
+// SetupKernelArgsHandler is a named handler that will update any kernel boot
+// args being provided to the VM based on the other configuration provided, if
+// needed.
+var SetupKernelArgsHandler = Handler{
+	Name: SetupKernelArgsHandlerName,
+	Fn: func(ctx context.Context, m *Machine) error {
+		return m.setupKernelArgs(ctx)
+	},
+}
+
 // AddVsocksHandler is a named handler that adds vsocks to the firecracker
 // process.
 var AddVsocksHandler = Handler{
@@ -203,6 +232,8 @@ func NewSetMetadataHandler(metadata interface{}) Handler {
 }
 
 var defaultFcInitHandlerList = HandlerList{}.Append(
+	SetupNetworkHandler,
+	SetupKernelArgsHandler,
 	StartVMMHandler,
 	CreateLogFilesHandler,
 	BootstrapLoggingHandler,
@@ -213,8 +244,13 @@ var defaultFcInitHandlerList = HandlerList{}.Append(
 	AddVsocksHandler,
 )
 
+var defaultValidationHandlerList = HandlerList{}.Append(
+	NetworkConfigValidationHandler,
+)
+
 var defaultHandlers = Handlers{
-	FcInit: defaultFcInitHandlerList,
+	Validation: defaultValidationHandlerList,
+	FcInit:     defaultFcInitHandlerList,
 }
 
 // Handler represents a named handler that contains a name and a function which

handlers_test.go

@@ -581,12 +581,12 @@ func TestHandlers(t *testing.T) {
 				},
 			},
 			Config: Config{
-				NetworkInterfaces: []NetworkInterface{
-					{
+				NetworkInterfaces: []NetworkInterface{{
+					StaticConfiguration: &StaticNetworkConfiguration{
 						MacAddress:  "macaddress",
 						HostDevName: "host",
 					},
-				},
+				}},
 			},
 		},
 		{