vmnet: Improve --network vmnet-shared validation

[nirs]

Previously we did not check that the helper can run with the --close-from=4 option, so the command could succeed when incorrect sudoers configuration. For example a user with liberal NOPASSWD rule, but without the closefrom_override option.

When the check failed, we log unhelpful log:

libmachine: Failed to run vmnet-helper:
%!w(*exec.ExitError=&{0x14000135e30 [115 117 100 111 58 32 97 ... 101 100 10]})

And we returned a bool, so the caller could not tell if the helper is not installed or not configured properly.

Fix by:

• Rename vment.HelperAvaialble to vment.ValidateHelper
• Return an error describing the issue, that can be handled with errors.Is()
• Include the ExitError.Stderr int the error. This includes helpful error messages from sudo.
• Add new reason.NotConfiguredVmnetHelper error
• Improve validation when vment.ValidateHelper() succeeded

Example error flow - vment-helper not installed:

% minikube start --driver vfkit --network vmnet-shared
😄  minikube v1.35.0 on Darwin 15.4.1 (arm64)
✨  Using the vfkit (experimental) driver based on user configuration
E0502 00:57:51.009031   19098 start_flags.go:524] Failed to validate "vmnet-shared" network:
stat /opt/vmnet-helper/bin/vmnet-helper: no such file or directory

🙈  Exiting due to NOT_FOUND_VMNET_HELPER:

💡  Suggestion:

    vmnet-helper was not found on the system, resolve by:

    Option 1) Installing vment-helper:

    https://github.com/nirs/vmnet-helper#installation

    Option 2) Using the nat network:

    minikube start<no value> --driver vfkit --network nat

If resolved the issue by installing vmnet-helper but I did not configured the sudoers rule:

% minikube start --driver vfkit --network vmnet-shared
😄  minikube v1.35.0 on Darwin 15.4.1 (arm64)
✨  Using the vfkit (experimental) driver based on user configuration
E0502 00:59:03.501549   19127 start_flags.go:524] Failed to validate "vmnet-shared" network:
failed to run vmnet-helper via sudo: exit status 1: sudo: you are not permitted to use the -C
option

🙈  Exiting due to NOT_CONFIGURED_VMNET_HELPER:

💡  Suggestion:

    vmnet-helper is not configured correctly.

    Please install a vmnnet-helper sudoers rule using these instructions:

    https://github.com/nirs/vmnet-helper#granting-permission-to-run-vmnet-helper

After installing the sudoers rule, minikube could start with --network
vmnet-shared. In the log we can see:

    % minikube logs | grep vmnet-helper
    I0502 01:29:55.500206   22131 main.go:141] libmachine: Validated vmnet-helper version "v0.5.0"
    I0502 01:29:56.218530   22131 main.go:141] libmachine: Started vmnet-helper (pid=22138)

[k8s-ci-robot]

Hi @nirs. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[minikube-bot]

Can one of the admins verify this patch?

[nirs]

@medyagh please review

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: medyagh, nirs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [medyagh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[medyagh]

/ok-to-test

[minikube-pr-bot]

kvm2 driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 20689) |
+----------------+----------+---------------------+
| minikube start | 52.9s    | 51.6s               |
| enable ingress | 17.6s    | 15.5s               |
+----------------+----------+---------------------+

Times for minikube start: 52.9s 51.1s 56.7s 50.6s 53.3s
Times for minikube (PR 20689) start: 52.6s 53.6s 49.4s 51.0s 51.4s

Times for minikube ingress: 19.5s 16.0s 19.0s 18.5s 15.1s
Times for minikube (PR 20689) ingress: 15.5s 16.0s 15.4s 14.4s 16.0s

docker driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 20689) |
+----------------+----------+---------------------+
| minikube start | 23.5s    | 23.2s               |
| enable ingress | 12.9s    | 12.6s               |
+----------------+----------+---------------------+

Times for minikube (PR 20689) start: 23.4s 23.5s 22.7s 23.3s 23.4s
Times for minikube start: 25.8s 24.9s 22.4s 22.3s 22.2s

Times for minikube ingress: 12.3s 13.8s 13.3s 12.2s 12.8s
Times for minikube (PR 20689) ingress: 12.8s 12.2s 12.7s 13.2s 12.3s

docker driver with containerd runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 20689) |
+----------------+----------+---------------------+
| minikube start | 22.5s    | 22.3s               |
| enable ingress | 32.8s    | 26.2s               |
+----------------+----------+---------------------+

Times for minikube start: 25.2s 23.9s 21.6s 21.3s 20.4s
Times for minikube (PR 20689) start: 21.4s 21.1s 21.0s 24.5s 23.7s

Times for minikube ingress: 23.2s 39.3s 39.2s 22.7s 39.8s
Times for minikube (PR 20689) ingress: 38.8s 23.2s 23.2s 22.8s 22.8s