AB#2426 Mini Constellation (#198)

* Mini Constellation commands to quickly deploy a local Constellation cluster * Download libvirt container image if not present locally * Fix libvirt KVM permission issues by creating kvm group using host GID inside container * Remove QEMU specific values from state file Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2025-08-09 15:32:46 -04:00 · 2022-10-07 09:38:43 +02:00 · 2022-10-07 09:38:43 +02:00 · 0edae36e43
commit 0edae36e43
parent 0c651c55dd
23 changed files with 469 additions and 139 deletions
--- a/cli/internal/libvirt/Dockerfile
+++ b/cli/internal/libvirt/Dockerfile
@ -6,7 +6,6 @@ RUN dnf -y update && \
        qemu-kvm \
        swtpm \
        swtpm-tools \
-        xsltproc \
        libvirt-client && \
    dnf clean all

--- a/cli/internal/libvirt/libvirt.go
+++ b/cli/internal/libvirt/libvirt.go
@ -9,14 +9,21 @@ package libvirt
 import (
 	"context"
 	"errors"
+	"io"

 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/filters"
 	docker "github.com/docker/docker/client"
 	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/spf13/afero"
 )

+// LibvirtTCPConnectURI is the default URI to connect to containerized libvirt.
+// Non standard port to avoid conflict with host libvirt.
+// Changes here should also be reflected in the Dockerfile in "cli/internal/libvirt/Dockerfile".
+const LibvirtTCPConnectURI = "qemu+tcp://localhost:16599/system"
+
 // Runner handles starting and stopping of containerized libvirt instances.
 type Runner struct {
 	nameFile string
@ -40,6 +47,32 @@ func (r *Runner) Start(ctx context.Context, name, imageName string) error {
 	defer docker.Close()

 	containerName := name + "-libvirt"
+
+	// check if image exists locally, if not pull it
+	// this allows us to use a custom image without having to push it to a registry
+	images, err := docker.ImageList(ctx, types.ImageListOptions{
+		Filters: filters.NewArgs(
+			filters.KeyValuePair{
+				Key:   "reference",
+				Value: imageName,
+			},
+		),
+	})
+	if err != nil {
+		return err
+	}
+	if len(images) == 0 {
+		reader, err := docker.ImagePull(ctx, imageName, types.ImagePullOptions{})
+		if err != nil {
+			return err
+		}
+		defer reader.Close()
+		if _, err := io.Copy(io.Discard, reader); err != nil {
+			return err
+		}
+	}
+
+	// create and start the libvirt container
 	if _, err := docker.ContainerCreate(ctx,
 		&container.Config{
 			Image: imageName,
@ -61,13 +94,12 @@ func (r *Runner) Start(ctx context.Context, name, imageName string) error {
 		return err
 	}

+	// write the name of the container to a file so we can remove it later
 	if err := r.file.Write(r.nameFile, []byte(containerName)); err != nil {
 		_ = docker.ContainerRemove(ctx, containerName, types.ContainerRemoveOptions{Force: true})
 		return err
 	}

-	// time.Sleep(15 * time.Second)
-
 	return nil
 }

--- a/cli/internal/libvirt/start.sh
+++ b/cli/internal/libvirt/start.sh
@ -1,5 +1,10 @@
 #!/bin/bash

+# Assign qemu the GID of the host system's 'kvm' group to avoid permission issues for environments defaulting to 660 for /dev/kvm (e.g. Debian-based distros)
+KVM_HOST_GID="$(stat -c '%g' /dev/kvm)"
+groupadd -o -g "$KVM_HOST_GID" host-kvm
+usermod -a -G host-kvm qemu
+
 # Start libvirt daemon
 libvirtd --daemon --listen
 virtlogd --daemon