Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-19 15:56:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove cdbg-config.yaml (#26)

Browse Source 
This removes systemd service upload support in cdbg,
but keeps it in the protobuf protocol.
This commit is contained in:
Nils Hanke 2022-08-31 03:25:27 -07:00 committed by GitHub
parent ce02878019
commit 1ecc56b69f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 20 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/actions/constellation_create/action.yml vendored
View File

@ -121,10 +121,7 @@ runs:
- name: Cdbg deploy - name: Cdbg deploy
run: | run: |
printf 'cdbg:\n bootstrapperPath: "'$GITHUB_WORKSPACE'/build/bootstrapper"\n' > cdbg-conf.yaml cdbg deploy --bootstrapper $GITHUB_WORKSPACE/build/bootstrapper
echo "Deploying bootstrapper with config:"
cat ./cdbg-conf.yaml
cdbg deploy
shell: bash shell: bash
if: ${{ inputs.isDebugImage == 'true' }} if: ${{ inputs.isDebugImage == 'true' }}

2
CHANGELOG.md
View File

@ -35,12 +35,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
<!-- For changes in existing functionality. --> <!-- For changes in existing functionality. -->
- Use IP from Constellation ID file in init and verify instead of IPs from state file. - Use IP from Constellation ID file in init and verify instead of IPs from state file.
- Change cdbg to use load balancer for deploy. - Change cdbg to use load balancer for deploy.
- cdbg now uses the Constellation config directly and does not require any extra config
- Azure CVMs are attested using SNP attestation - Azure CVMs are attested using SNP attestation
### Deprecated ### Deprecated
<!-- For soon-to-be removed features. --> <!-- For soon-to-be removed features. -->
### Removed ### Removed
<!-- For now removed features. --> <!-- For now removed features. -->
- cdbg: Custom systemd service deployment
### Fixed ### Fixed
### Security ### Security

18
debugd/README.md
View File

@ -12,21 +12,6 @@ make cdbg
With `cdbg` and `yq` installed in your path: With `cdbg` and `yq` installed in your path:
0. Write the configuration file for cdbg `cdbg-conf.yaml`:
```yaml
cdbg:
authorizedKeys:
- username: my-username
publicKey: ssh-rsa AAAAB…LJuM=
bootstrapperPath: "./bootstrapper"
systemdUnits:
- name: some-custom.service
contents: |-
[Unit]
Description=…
```
1. Run `constellation config generate` to create a new default configuration 1. Run `constellation config generate` to create a new default configuration
2. Locate the latest debugd images for [GCP](/.github/docs/README.md#gcp) and [Azure](/.github/docs/README.md#azure) 2. Locate the latest debugd images for [GCP](/.github/docs/README.md#gcp) and [Azure](/.github/docs/README.md#azure)
@ -62,8 +47,11 @@ With `cdbg` and `yq` installed in your path:
5. Run `./cdbg deploy` 5. Run `./cdbg deploy`
By default, `cdbg` searches for the bootstrapper in the current path (`./bootstrapper`). You can define a custom path by appending the argument `--bootstrapper <path to bootstrapper>` to `cdbg deploy`.
6. Run `constellation init […]` as usual 6. Run `constellation init […]` as usual
### debugd images ### debugd images
For a full list of image naming conventions and how to retreive them check [image version documentation](/.github/docs/README.md#image-versions) For a full list of image naming conventions and how to retreive them check [image version documentation](/.github/docs/README.md#image-versions)

6
debugd/cmd/debugd/debugd.go
View File

@ -24,10 +24,10 @@ import (
) )
const debugBanner = ` const debugBanner = `
************************************** *****************************************
THIS A CONSTELLATION DEBUG IMAGE. THIS IS A CONSTELLATION DEBUG IMAGE.
DO NOT USE IN PRODUCTION. DO NOT USE IN PRODUCTION.
************************************** *****************************************
` `
func main() { func main() {

53
debugd/internal/cdbg/cmd/deploy.go
View File

@ -8,11 +8,9 @@ import (
"strconv" "strconv"
"github.com/edgelesssys/constellation/debugd/internal/bootstrapper" "github.com/edgelesssys/constellation/debugd/internal/bootstrapper"
"github.com/edgelesssys/constellation/debugd/internal/cdbg/config"
"github.com/edgelesssys/constellation/debugd/internal/debugd" "github.com/edgelesssys/constellation/debugd/internal/debugd"
depl "github.com/edgelesssys/constellation/debugd/internal/debugd/deploy"
pb "github.com/edgelesssys/constellation/debugd/service" pb "github.com/edgelesssys/constellation/debugd/service"
configc "github.com/edgelesssys/constellation/internal/config" "github.com/edgelesssys/constellation/internal/config"
"github.com/edgelesssys/constellation/internal/constants" "github.com/edgelesssys/constellation/internal/constants"
"github.com/edgelesssys/constellation/internal/file" "github.com/edgelesssys/constellation/internal/file"
"github.com/spf13/afero" "github.com/spf13/afero"
@ -33,40 +31,29 @@ func newDeployCmd() *cobra.Command {
Example: "cdbg deploy\ncdbg deploy --config /path/to/config\ncdbg deploy --bootstrapper /path/to/bootstrapper --ips 192.0.2.1,192.0.2.2,192.0.2.3 --config /path/to/config", Example: "cdbg deploy\ncdbg deploy --config /path/to/config\ncdbg deploy --bootstrapper /path/to/bootstrapper --ips 192.0.2.1,192.0.2.2,192.0.2.3 --config /path/to/config",
} }
deployCmd.Flags().StringSlice("ips", nil, "override the ips that the bootstrapper will be uploaded to (defaults to ips from constellation config)") deployCmd.Flags().StringSlice("ips", nil, "override the ips that the bootstrapper will be uploaded to (defaults to ips from constellation config)")
deployCmd.Flags().String("bootstrapper", "", "override the path to the bootstrapper binary uploaded to instances (defaults to path set in config)") deployCmd.Flags().String("bootstrapper", "./bootstrapper", "override the path to the bootstrapper binary uploaded to instances")
return deployCmd return deployCmd
} }
func runDeploy(cmd *cobra.Command, args []string) error { func runDeploy(cmd *cobra.Command, args []string) error {
debugConfigName, err := cmd.Flags().GetString("cdbg-config")
if err != nil {
return err
}
configName, err := cmd.Flags().GetString("config") configName, err := cmd.Flags().GetString("config")
if err != nil { if err != nil {
return fmt.Errorf("parsing config path argument: %w", err) return fmt.Errorf("parsing config path argument: %w", err)
} }
fileHandler := file.NewHandler(afero.NewOsFs()) fileHandler := file.NewHandler(afero.NewOsFs())
debugConfig, err := config.FromFile(fileHandler, debugConfigName) constellationConfig, err := config.FromFile(fileHandler, configName)
if err != nil {
return err
}
constellationConfig, err := configc.FromFile(fileHandler, configName)
if err != nil { if err != nil {
return err return err
} }
return deploy(cmd, fileHandler, constellationConfig, debugConfig, bootstrapper.NewFileStreamer(afero.NewOsFs())) return deploy(cmd, fileHandler, constellationConfig, bootstrapper.NewFileStreamer(afero.NewOsFs()))
} }
func deploy(cmd *cobra.Command, fileHandler file.Handler, constellationConfig *configc.Config, debugConfig *config.CDBGConfig, reader fileToStreamReader) error { func deploy(cmd *cobra.Command, fileHandler file.Handler, constellationConfig *config.Config, reader fileToStreamReader) error {
overrideBootstrapperPath, err := cmd.Flags().GetString("bootstrapper") bootstrapperPath, err := cmd.Flags().GetString("bootstrapper")
if err != nil { if err != nil {
return err return err
} }
if len(overrideBootstrapperPath) > 0 {
debugConfig.ConstellationDebugConfig.BootstrapperPath = overrideBootstrapperPath
}
if !constellationConfig.IsImageDebug() { if !constellationConfig.IsImageDebug() {
log.Println("WARN: constellation image does not look like a debug image. Are you using a debug image?") log.Println("WARN: constellation image does not look like a debug image. Are you using a debug image?")
@ -87,10 +74,9 @@ func deploy(cmd *cobra.Command, fileHandler file.Handler, constellationConfig *c
for _, ip := range ips { for _, ip := range ips {
input := deployOnEndpointInput{ input := deployOnEndpointInput{
debugdEndpoint: net.JoinHostPort(ip, strconv.Itoa(constants.DebugdPort)), debugdEndpoint: net.JoinHostPort(ip, strconv.Itoa(constants.DebugdPort)),
bootstrapperPath: debugConfig.ConstellationDebugConfig.BootstrapperPath, bootstrapperPath: bootstrapperPath,
reader: reader, reader: reader,
authorizedKeys: debugConfig.ConstellationDebugConfig.AuthorizedKeys, authorizedKeys: constellationConfig.SSHUsers,
systemdUnits: debugConfig.ConstellationDebugConfig.SystemdUnits,
} }
if err := deployOnEndpoint(cmd.Context(), input); err != nil { if err := deployOnEndpoint(cmd.Context(), input); err != nil {
return err return err
@ -104,11 +90,10 @@ type deployOnEndpointInput struct {
debugdEndpoint string debugdEndpoint string
bootstrapperPath string bootstrapperPath string
reader fileToStreamReader reader fileToStreamReader
authorizedKeys []configc.UserKey authorizedKeys []config.UserKey
systemdUnits []depl.SystemdUnit
} }
// deployOnEndpoint deploys SSH public keys, systemd units and a locally built bootstrapper binary to a debugd endpoint. // deployOnEndpoint deploys SSH public keys and a locally built bootstrapper binary to a debugd endpoint.
func deployOnEndpoint(ctx context.Context, in deployOnEndpointInput) error { func deployOnEndpoint(ctx context.Context, in deployOnEndpointInput) error {
log.Printf("Deploying on %v\n", in.debugdEndpoint) log.Printf("Deploying on %v\n", in.debugdEndpoint)
dialCTX, cancel := context.WithTimeout(ctx, debugd.GRPCTimeout) dialCTX, cancel := context.WithTimeout(ctx, debugd.GRPCTimeout)
@ -130,23 +115,7 @@ func deployOnEndpoint(ctx context.Context, in deployOnEndpointInput) error {
} }
authorizedKeysResponse, err := client.UploadAuthorizedKeys(ctx, &pb.UploadAuthorizedKeysRequest{Keys: pbKeys}, grpc.WaitForReady(true)) authorizedKeysResponse, err := client.UploadAuthorizedKeys(ctx, &pb.UploadAuthorizedKeysRequest{Keys: pbKeys}, grpc.WaitForReady(true))
if err != nil || authorizedKeysResponse.Status != pb.UploadAuthorizedKeysStatus_UPLOAD_AUTHORIZED_KEYS_SUCCESS { if err != nil || authorizedKeysResponse.Status != pb.UploadAuthorizedKeysStatus_UPLOAD_AUTHORIZED_KEYS_SUCCESS {
return fmt.Errorf("uploading bootstrapper to instance %v failed: %v / %w", in.debugdEndpoint, authorizedKeysResponse, err) return fmt.Errorf("uploading authorized keys to instance %v failed: %v / %w", in.debugdEndpoint, authorizedKeysResponse, err)
}
if len(in.systemdUnits) > 0 {
log.Println("Uploading systemd unit files")
pbUnits := []*pb.ServiceUnit{}
for _, unit := range in.systemdUnits {
pbUnits = append(pbUnits, &pb.ServiceUnit{
Name: unit.Name,
Contents: unit.Contents,
})
}
uploadSystemdServiceUnitsResponse, err := client.UploadSystemServiceUnits(ctx, &pb.UploadSystemdServiceUnitsRequest{Units: pbUnits})
if err != nil || uploadSystemdServiceUnitsResponse.Status != pb.UploadSystemdServiceUnitsStatus_UPLOAD_SYSTEMD_SERVICE_UNITS_SUCCESS {
return fmt.Errorf("uploading systemd service unit to instance %v failed: %v / %w", in.debugdEndpoint, uploadSystemdServiceUnitsResponse, err)
}
} }
stream, err := client.UploadBootstrapper(ctx) stream, err := client.UploadBootstrapper(ctx)

1
debugd/internal/cdbg/cmd/root.go
View File

@ -15,7 +15,6 @@ func newRootCmd() *cobra.Command {
It connects to CoreOS instances running debugd and deploys a self-compiled version of the bootstrapper.`, It connects to CoreOS instances running debugd and deploys a self-compiled version of the bootstrapper.`,
} }
cmd.PersistentFlags().String("config", constants.ConfigFilename, "Constellation config file") cmd.PersistentFlags().String("config", constants.ConfigFilename, "Constellation config file")
cmd.PersistentFlags().String("cdbg-config", constants.DebugdConfigFilename, "debugd config file")
cmd.AddCommand(newDeployCmd()) cmd.AddCommand(newDeployCmd())
return cmd return cmd
} }

35
debugd/internal/cdbg/config/config.go
View File

@ -1,35 +0,0 @@
package config
import (
"errors"
"fmt"
"io/fs"
"github.com/edgelesssys/constellation/debugd/internal/debugd/deploy"
configc "github.com/edgelesssys/constellation/internal/config"
"github.com/edgelesssys/constellation/internal/file"
)
// CDBGConfig describes the constellation-cli config file.
type CDBGConfig struct {
ConstellationDebugConfig ConstellationDebugdConfig `yaml:"cdbg"`
}
// ConstellationDebugdConfig is the cdbg specific configuration.
type ConstellationDebugdConfig struct {
AuthorizedKeys []configc.UserKey `yaml:"authorizedKeys"`
BootstrapperPath string `yaml:"bootstrapperPath"`
SystemdUnits []deploy.SystemdUnit `yaml:"systemdUnits,omitempty"`
}
// FromFile reads a debug configuration.
func FromFile(fileHandler file.Handler, name string) (*CDBGConfig, error) {
conf := &CDBGConfig{}
if err := fileHandler.ReadYAML(name, conf); err != nil {
if errors.Is(err, fs.ErrNotExist) {
return nil, fmt.Errorf("%s not found - consult the README on how to setup cdbg", name)
}
return nil, fmt.Errorf("loading config from file %s: %w", name, err)
}
return conf, nil
}