constellation/image/assembler/README.md

# Constellation-OS Assembler

This container image uses [coreos assembler](https://coreos.github.io/coreos-assembler/) as a base (`quay.io/coreos-assembler/coreos-assembler`) to facilitate a build environment for the Constellation-OS.
The root filesystem takes its contents (OSTree) from [constellation-fedora-coreos-config](https://github.com/edgelesssys/constellation-fedora-coreos-config).
The constellation specific changes are tracked in this repository: https://github.com/edgelesssys/constellation-coreos-assembler
And the Constellation-OS Assembler can be pulled from ghcr.io/edgelesssys/constellation-coreos-assembler

## Setup

Prerequisites: `podman` and `qemu-kvm` are installed, nested virtualization is enabled.
Make sure your user is allowed read and write access on `/dev/kvm`.
If the device is not mounted in the container try the following command, and restart the container:
``` shell
sudo chmod 666 /dev/kvm
```

## Using the Assembler to create a bootable operating system

1. Create the assembler image as described [here](#creating-the-assembler-image)
2. Source the `fcos/.env` file to enable the `cosa` bash alias:
   ```
   source fcos/.env
   ```
3. Set the `BOOTSTRAPPER_BINARY` environment variable to a path of the compiled bootstrapper binary. It will be mounted in the cosa container and copied into the resulting coreos image.
   ```
   BOOTSTRAPPER_BINARY="/path/to/bootstrapper"
   ```
4. Go into the build folder and initialize cosa:
   ```
   cd fcos/build
   cosa init https://github.com/edgelesssys/constellation-fedora-coreos-config
   cosa fetch
   ```
5. Build the OS image:
   ```
   cosa build
   ```
6. Create an image for a cloud provider
    ```
    cosa buildextend-gcp
    cosa buildextend-aws
    cosa buildextend-azure
    [...]
    ```

## Using a locally checked out git repo of the coreos-config during development

Simply set the environment variable `COREOS_ASSEMBLER_CONFIG_GIT` to the local folder and perform the rest of the steps as usual:
```
COREOS_ASSEMBLER_CONFIG_GIT=/path/to/constellation-fedora-coreos-config
```
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`# Constellation-OS Assembler`

			This container image uses [coreos assembler](https://coreos.github.io/coreos-assembler/) as a base (`quay.io/coreos-assembler/coreos-assembler`) to facilitate a build environment for the Constellation-OS.
			`The root filesystem takes its contents (OSTree) from [constellation-fedora-coreos-config](https://github.com/edgelesssys/constellation-fedora-coreos-config).`
			`The constellation specific changes are tracked in this repository: https://github.com/edgelesssys/constellation-coreos-assembler`
			`And the Constellation-OS Assembler can be pulled from ghcr.io/edgelesssys/constellation-coreos-assembler`

			`## Setup`

			Prerequisites: `podman` and `qemu-kvm` are installed, nested virtualization is enabled.
			Make sure your user is allowed read and write access on `/dev/kvm`.
			`If the device is not mounted in the container try the following command, and restart the container:`
			``` shell
			`sudo chmod 666 /dev/kvm`
			```

			`## Using the Assembler to create a bootable operating system`

			`1. Create the assembler image as described [here](#creating-the-assembler-image)`
			2. Source the `fcos/.env` file to enable the `cosa` bash alias:
			```
			`source fcos/.env`
			```
Rename coordinator to bootstrapper and rename roles 2022-06-29 09:26:29 -04:00			3. Set the `BOOTSTRAPPER_BINARY` environment variable to a path of the compiled bootstrapper binary. It will be mounted in the cosa container and copied into the resulting coreos image.
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			```
Rename coordinator to bootstrapper and rename roles 2022-06-29 09:26:29 -04:00			`BOOTSTRAPPER_BINARY="/path/to/bootstrapper"`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			```
			`4. Go into the build folder and initialize cosa:`
			```
			`cd fcos/build`
			`cosa init https://github.com/edgelesssys/constellation-fedora-coreos-config`
			`cosa fetch`
			```
			`5. Build the OS image:`
			```
			`cosa build`
			```
			`6. Create an image for a cloud provider`
			```
			`cosa buildextend-gcp`
			`cosa buildextend-aws`
			`cosa buildextend-azure`
			`[...]`
			```

			`## Using a locally checked out git repo of the coreos-config during development`

			Simply set the environment variable `COREOS_ASSEMBLER_CONFIG_GIT` to the local folder and perform the rest of the steps as usual:
			```
			`COREOS_ASSEMBLER_CONFIG_GIT=/path/to/constellation-fedora-coreos-config`
			```