2022-04-05 09:12:20 -04:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2022-04-11 08:25:19 -04:00
|
|
|
"context"
|
2022-04-05 09:12:20 -04:00
|
|
|
"flag"
|
2022-04-11 08:25:19 -04:00
|
|
|
"fmt"
|
2022-04-05 09:12:20 -04:00
|
|
|
"path/filepath"
|
2022-04-11 08:25:19 -04:00
|
|
|
"strings"
|
|
|
|
"time"
|
2022-04-05 09:12:20 -04:00
|
|
|
|
2022-04-11 08:25:19 -04:00
|
|
|
azurecloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/azure"
|
|
|
|
gcpcloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/gcp"
|
2022-06-30 05:14:26 -04:00
|
|
|
qemucloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/qemu"
|
2022-04-11 08:25:19 -04:00
|
|
|
"github.com/edgelesssys/constellation/coordinator/core"
|
2022-06-01 09:08:42 -04:00
|
|
|
"github.com/edgelesssys/constellation/internal/attestation/azure"
|
|
|
|
"github.com/edgelesssys/constellation/internal/attestation/gcp"
|
|
|
|
"github.com/edgelesssys/constellation/internal/attestation/qemu"
|
|
|
|
"github.com/edgelesssys/constellation/internal/attestation/vtpm"
|
2022-06-28 10:51:30 -04:00
|
|
|
"github.com/edgelesssys/constellation/internal/constants"
|
|
|
|
"github.com/edgelesssys/constellation/internal/logger"
|
2022-04-12 08:24:36 -04:00
|
|
|
"github.com/edgelesssys/constellation/state/keyservice"
|
2022-04-05 09:12:20 -04:00
|
|
|
"github.com/edgelesssys/constellation/state/mapper"
|
2022-04-11 08:25:19 -04:00
|
|
|
"github.com/edgelesssys/constellation/state/setup"
|
|
|
|
"github.com/spf13/afero"
|
2022-06-28 10:51:30 -04:00
|
|
|
"go.uber.org/zap"
|
2022-04-05 09:12:20 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2022-04-11 08:25:19 -04:00
|
|
|
gcpStateDiskPath = "/dev/disk/by-id/google-state-disk"
|
|
|
|
azureStateDiskPath = "/dev/disk/azure/scsi1/lun0"
|
2022-04-21 10:28:47 -04:00
|
|
|
qemuStateDiskPath = "/dev/vda"
|
2022-04-05 09:12:20 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
2022-07-01 10:17:06 -04:00
|
|
|
csp := flag.String("csp", "", "Cloud Service Provider the image is running on")
|
|
|
|
verbosity := flag.Int("v", 0, logger.CmdLineVerbosityDescription)
|
2022-04-11 08:25:19 -04:00
|
|
|
|
2022-07-01 10:17:06 -04:00
|
|
|
flag.Parse()
|
|
|
|
log := logger.New(logger.JSONLog, logger.VerbosityFromInt(*verbosity))
|
2022-06-28 10:51:30 -04:00
|
|
|
log.With(zap.String("version", constants.VersionInfo), zap.String("cloudProvider", *csp)).
|
|
|
|
Infof("Starting disk-mapper")
|
2022-04-21 10:28:47 -04:00
|
|
|
|
2022-04-11 08:25:19 -04:00
|
|
|
// set up metadata API and quote issuer for aTLS connections
|
|
|
|
var err error
|
|
|
|
var diskPathErr error
|
|
|
|
var diskPath string
|
|
|
|
var issuer core.QuoteIssuer
|
|
|
|
var metadata core.ProviderMetadata
|
|
|
|
switch strings.ToLower(*csp) {
|
|
|
|
case "azure":
|
|
|
|
diskPath, diskPathErr = filepath.EvalSymlinks(azureStateDiskPath)
|
|
|
|
metadata, err = azurecloud.NewMetadata(context.Background())
|
|
|
|
if err != nil {
|
2022-06-28 10:51:30 -04:00
|
|
|
log.With(zap.Error).Fatalf("Failed to create Azure metadata API")
|
2022-04-11 08:25:19 -04:00
|
|
|
}
|
|
|
|
issuer = azure.NewIssuer()
|
|
|
|
|
|
|
|
case "gcp":
|
|
|
|
diskPath, diskPathErr = filepath.EvalSymlinks(gcpStateDiskPath)
|
|
|
|
issuer = gcp.NewIssuer()
|
|
|
|
gcpClient, err := gcpcloud.NewClient(context.Background())
|
|
|
|
if err != nil {
|
2022-06-28 10:51:30 -04:00
|
|
|
log.With(zap.Error).Fatalf("Failed to create GCP client")
|
2022-04-11 08:25:19 -04:00
|
|
|
}
|
|
|
|
metadata = gcpcloud.New(gcpClient)
|
|
|
|
|
2022-04-21 10:28:47 -04:00
|
|
|
case "qemu":
|
|
|
|
diskPath = qemuStateDiskPath
|
|
|
|
issuer = qemu.NewIssuer()
|
2022-06-30 05:14:26 -04:00
|
|
|
metadata = &qemucloud.Metadata{}
|
2022-04-21 10:28:47 -04:00
|
|
|
|
|
|
|
default:
|
|
|
|
diskPathErr = fmt.Errorf("csp %q is not supported by Constellation", *csp)
|
2022-04-11 08:25:19 -04:00
|
|
|
}
|
|
|
|
if diskPathErr != nil {
|
2022-06-28 10:51:30 -04:00
|
|
|
log.With(zap.Error(diskPathErr)).Fatalf("Unable to determine state disk path")
|
2022-04-05 09:12:20 -04:00
|
|
|
}
|
|
|
|
|
2022-04-11 08:25:19 -04:00
|
|
|
// initialize device mapper
|
2022-04-05 09:12:20 -04:00
|
|
|
mapper, err := mapper.New(diskPath)
|
|
|
|
if err != nil {
|
2022-06-28 10:51:30 -04:00
|
|
|
log.With(zap.Error(err)).Fatalf("Failed to initialize device mapper")
|
2022-04-05 09:12:20 -04:00
|
|
|
}
|
|
|
|
defer mapper.Close()
|
|
|
|
|
2022-04-11 08:25:19 -04:00
|
|
|
setupManger := setup.New(
|
2022-06-28 10:51:30 -04:00
|
|
|
log.Named("setupManager"),
|
2022-04-11 08:25:19 -04:00
|
|
|
*csp,
|
|
|
|
afero.Afero{Fs: afero.NewOsFs()},
|
2022-06-28 10:51:30 -04:00
|
|
|
keyservice.New(log.Named("keyService"), issuer, metadata, 20*time.Second), // try to request a key every 20 seconds
|
2022-04-11 08:25:19 -04:00
|
|
|
mapper,
|
|
|
|
setup.DiskMounter{},
|
|
|
|
vtpm.OpenVTPM,
|
|
|
|
)
|
|
|
|
|
|
|
|
// prepare the state disk
|
2022-04-12 08:24:36 -04:00
|
|
|
if mapper.IsLUKSDevice() {
|
2022-04-11 08:25:19 -04:00
|
|
|
err = setupManger.PrepareExistingDisk()
|
2022-04-12 08:24:36 -04:00
|
|
|
} else {
|
2022-04-11 08:25:19 -04:00
|
|
|
err = setupManger.PrepareNewDisk()
|
2022-04-12 08:24:36 -04:00
|
|
|
}
|
|
|
|
if err != nil {
|
2022-06-28 10:51:30 -04:00
|
|
|
log.With(zap.Error(err)).Fatalf("Failed to prepare state disk")
|
2022-04-12 08:24:36 -04:00
|
|
|
}
|
|
|
|
}
|