2022-09-02 11:52:42 +02:00
# Auotmated local image testing with QEMU / libvirt / terraform
2022-05-24 09:57:16 +02:00
## Usage
Prerequisite:
2022-09-06 14:49:13 +02:00
- [qcow2 constellation image ](/image/README.md )
2022-05-24 09:57:16 +02:00
- [setup ](#setup-libvirt--terraform )
2022-06-30 11:14:26 +02:00
- [qemu-metadata-api ](/hack/qemu-metadata-api/README.md )
2022-05-24 09:57:16 +02:00
Optional: Write a `terraform.tfvars` file in the terraform workspace (`terraform/libvirt` ), defining required variables and overriding optional variables.
See [variables.tf ](./variables.tf ) for a description of all available variables.
```tfvars
2022-07-04 12:59:43 +02:00
constellation_coreos_image="/path/to/image.qcow2"
2022-05-24 09:57:16 +02:00
# optional other vars, uncomment and change as needed
2022-09-06 14:49:13 +02:00
# metadata_api_log_dir="path/to/folder/for/metadata"
2022-05-24 09:57:16 +02:00
# control_plane_count=3
# worker_count=2
# vcpus=2
# memory=2048
# state_disk_size=10
# ip_range_start=100
2022-05-30 10:29:34 +02:00
# machine="q35"
2022-05-24 09:57:16 +02:00
```
Create terraform resources from within terraform workspace (`terraform/libvirt` ):
```shell-session
cd terraform/libvirt
terraform init
terraform plan
terraform apply
# set CONST_DIR to your constellation workspace
export TF_DIR=$(pwd)
export CONST_DIR=$(pwd)
go run ../../hack/terraform-to-state/create-state.go "${TF_DIR}" "${CONST_DIR}"
# use constellation (everything after constellation create)
constellation config generate qemu
# run cdbg if using a debug image
cdbg deploy
constellation init
# cleanup
rm constellation-state.json constellation-mastersecret.base64 constellation-admin.conf wg0.conf
terraform destroy
```
## Setup libvirt & Terraform
< details >
< summary > Ubuntu< / summary >
[General reference ](https://ubuntu.com/server/docs/virtualization-libvirt )
```shell-session
# Install Terraform
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update & & sudo apt-get install terraform
# install libvirt, KVM and tools
sudo apt install qemu-kvm libvirt-daemon-system xsltproc
sudo systemctl enable libvirtd
sudo usermod -a -G libvirt $USER
# reboot
```
< / details >
< details >
< summary > Fedora< / summary >
```shell-session
sudo dnf install -y dnf-plugins-core
sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
sudo dnf -y install terraform qemu-kvm libvirt-daemon-config-network libvirt-daemon-kvm xsltproc
sudo usermod -a -G libvirt $USER
# reboot
```
< / details >
## Change libvirt settings (on Ubuntu)
Open `/etc/libvirt/qemu.conf` and change the following settings:
```
security_driver = "none"
```
Then restart libvirt
```shell-session
sudo systemctl restart libvirtd
```
## Setup emulated TPM (on Ubuntu)
Only works if swtpm is version 0.7 or newer!
Ubuntu currently ships swtpm 0.6.3 so you need to install swtpm [from launchpad ](https://launchpad.net/~stefanberger/+archive/ubuntu/swtpm-jammy/ ).
1. Uninstall current version of swtpm (if installed)
```
sudo apt remove swtpm swtpm-tools
```
2. Add ppa (this command shows the ppa for Ubuntu 22.04 jammy but others are available)
```
sudo add-apt-repository ppa:stefanberger/swtpm-jammy
sudo apt update
```
3. Install swtpm
```
sudo apt install swtpm swtpm-tools
```
4. Patch configuration under `/etc/swtpm_setup.conf`
```
# Program invoked for creating certificates
create_certs_tool = /usr/bin/swtpm_localca
```
5. Patch ownership of `/var/lib/swtpm-localca`
```shell-session
sudo chown -R swtpm:root /var/lib/swtpm-localca
```
2022-07-27 09:46:32 +02:00
## Misc
- List all domains: `virsh list --all`
- Destroy domain with nvram: `virsh undefine --nvram <name>`