Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-19 15:56:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove cdbg-config.yaml (#26)

Browse Source 
This removes systemd service upload support in cdbg,
but keeps it in the protobuf protocol.
This commit is contained in:
Nils Hanke 2022-08-31 03:25:27 -07:00 committed by GitHub
parent ce02878019
commit 1ecc56b69f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 20 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/actions/constellation_create/action.yml vendored
View File

@ -121,10 +121,7 @@ runs:
- name: Cdbg deploy
run: |
printf 'cdbg:\n bootstrapperPath: "'$GITHUB_WORKSPACE'/build/bootstrapper"\n' > cdbg-conf.yaml
echo "Deploying bootstrapper with config:"
cat ./cdbg-conf.yaml
cdbg deploy
cdbg deploy --bootstrapper $GITHUB_WORKSPACE/build/bootstrapper
shell: bash
if: ${{ inputs.isDebugImage == 'true' }}

2
CHANGELOG.md
View File

@ -35,12 +35,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
<!-- For changes in existing functionality. -->
- Use IP from Constellation ID file in init and verify instead of IPs from state file.
- Change cdbg to use load balancer for deploy.
- cdbg now uses the Constellation config directly and does not require any extra config
- Azure CVMs are attested using SNP attestation
### Deprecated
<!-- For soon-to-be removed features. -->
### Removed
<!-- For now removed features. -->
- cdbg: Custom systemd service deployment
### Fixed
### Security

18
debugd/README.md
View File

@ -12,21 +12,6 @@ make cdbg
With `cdbg` and `yq` installed in your path:
0. Write the configuration file for cdbg `cdbg-conf.yaml`:
```yaml
cdbg:
authorizedKeys:
- username: my-username
publicKey: ssh-rsa AAAAB…LJuM=
bootstrapperPath: "./bootstrapper"
systemdUnits:
- name: some-custom.service
contents: |-
[Unit]
Description=…
```
1. Run `constellation config generate` to create a new default configuration
2. Locate the latest debugd images for [GCP](/.github/docs/README.md#gcp) and [Azure](/.github/docs/README.md#azure)
@ -62,8 +47,11 @@ With `cdbg` and `yq` installed in your path:
5. Run `./cdbg deploy`
By default, `cdbg` searches for the bootstrapper in the current path (`./bootstrapper`). You can define a custom path by appending the argument `--bootstrapper <path to bootstrapper>` to `cdbg deploy`.
6. Run `constellation init […]` as usual
### debugd images
For a full list of image naming conventions and how to retreive them check [image version documentation](/.github/docs/README.md#image-versions)

6
debugd/cmd/debugd/debugd.go
View File

@ -24,10 +24,10 @@ import (
)
const debugBanner = `
**************************************
THIS A CONSTELLATION DEBUG IMAGE.
*****************************************
THIS IS A CONSTELLATION DEBUG IMAGE.
DO NOT USE IN PRODUCTION.
**************************************
*****************************************
`
func main() {

53
debugd/internal/cdbg/cmd/deploy.go
View File

@ -8,11 +8,9 @@ import (
"strconv"
"github.com/edgelesssys/constellation/debugd/internal/bootstrapper"
"github.com/edgelesssys/constellation/debugd/internal/cdbg/config"
"github.com/edgelesssys/constellation/debugd/internal/debugd"
depl "github.com/edgelesssys/constellation/debugd/internal/debugd/deploy"
pb "github.com/edgelesssys/constellation/debugd/service"
configc "github.com/edgelesssys/constellation/internal/config"
"github.com/edgelesssys/constellation/internal/config"
"github.com/edgelesssys/constellation/internal/constants"
"github.com/edgelesssys/constellation/internal/file"
"github.com/spf13/afero"
@ -33,40 +31,29 @@ func newDeployCmd() *cobra.Command {
Example: "cdbg deploy\ncdbg deploy --config /path/to/config\ncdbg deploy --bootstrapper /path/to/bootstrapper --ips 192.0.2.1,192.0.2.2,192.0.2.3 --config /path/to/config",
}
deployCmd.Flags().StringSlice("ips", nil, "override the ips that the bootstrapper will be uploaded to (defaults to ips from constellation config)")
deployCmd.Flags().String("bootstrapper", "", "override the path to the bootstrapper binary uploaded to instances (defaults to path set in config)")
deployCmd.Flags().String("bootstrapper", "./bootstrapper", "override the path to the bootstrapper binary uploaded to instances")
return deployCmd
}
func runDeploy(cmd *cobra.Command, args []string) error {
debugConfigName, err := cmd.Flags().GetString("cdbg-config")
if err != nil {
return err
}
configName, err := cmd.Flags().GetString("config")
if err != nil {
return fmt.Errorf("parsing config path argument: %w", err)
}
fileHandler := file.NewHandler(afero.NewOsFs())
debugConfig, err := config.FromFile(fileHandler, debugConfigName)
if err != nil {
return err
}
constellationConfig, err := configc.FromFile(fileHandler, configName)
constellationConfig, err := config.FromFile(fileHandler, configName)
if err != nil {
return err
}
return deploy(cmd, fileHandler, constellationConfig, debugConfig, bootstrapper.NewFileStreamer(afero.NewOsFs()))
return deploy(cmd, fileHandler, constellationConfig, bootstrapper.NewFileStreamer(afero.NewOsFs()))
}
func deploy(cmd *cobra.Command, fileHandler file.Handler, constellationConfig *configc.Config, debugConfig *config.CDBGConfig, reader fileToStreamReader) error {
overrideBootstrapperPath, err := cmd.Flags().GetString("bootstrapper")
func deploy(cmd *cobra.Command, fileHandler file.Handler, constellationConfig *config.Config, reader fileToStreamReader) error {
bootstrapperPath, err := cmd.Flags().GetString("bootstrapper")
if err != nil {
return err
}
if len(overrideBootstrapperPath) > 0 {
debugConfig.ConstellationDebugConfig.BootstrapperPath = overrideBootstrapperPath
}
if !constellationConfig.IsImageDebug() {
log.Println("WARN: constellation image does not look like a debug image. Are you using a debug image?")
@ -87,10 +74,9 @@ func deploy(cmd *cobra.Command, fileHandler file.Handler, constellationConfig *c
for _, ip := range ips {
input := deployOnEndpointInput{
debugdEndpoint: net.JoinHostPort(ip, strconv.Itoa(constants.DebugdPort)),
bootstrapperPath: debugConfig.ConstellationDebugConfig.BootstrapperPath,
bootstrapperPath: bootstrapperPath,
reader: reader,
authorizedKeys: debugConfig.ConstellationDebugConfig.AuthorizedKeys,
systemdUnits: debugConfig.ConstellationDebugConfig.SystemdUnits,
authorizedKeys: constellationConfig.SSHUsers,
}
if err := deployOnEndpoint(cmd.Context(), input); err != nil {
return err
@ -104,11 +90,10 @@ type deployOnEndpointInput struct {
debugdEndpoint string
bootstrapperPath string
reader fileToStreamReader
authorizedKeys []configc.UserKey
systemdUnits []depl.SystemdUnit
authorizedKeys []config.UserKey
}
// deployOnEndpoint deploys SSH public keys, systemd units and a locally built bootstrapper binary to a debugd endpoint.
// deployOnEndpoint deploys SSH public keys and a locally built bootstrapper binary to a debugd endpoint.
func deployOnEndpoint(ctx context.Context, in deployOnEndpointInput) error {
log.Printf("Deploying on %v\n", in.debugdEndpoint)
dialCTX, cancel := context.WithTimeout(ctx, debugd.GRPCTimeout)
@ -130,23 +115,7 @@ func deployOnEndpoint(ctx context.Context, in deployOnEndpointInput) error {
}
authorizedKeysResponse, err := client.UploadAuthorizedKeys(ctx, &pb.UploadAuthorizedKeysRequest{Keys: pbKeys}, grpc.WaitForReady(true))
if err != nil || authorizedKeysResponse.Status != pb.UploadAuthorizedKeysStatus_UPLOAD_AUTHORIZED_KEYS_SUCCESS {
return fmt.Errorf("uploading bootstrapper to instance %v failed: %v / %w", in.debugdEndpoint, authorizedKeysResponse, err)
}
if len(in.systemdUnits) > 0 {
log.Println("Uploading systemd unit files")
pbUnits := []*pb.ServiceUnit{}
for _, unit := range in.systemdUnits {
pbUnits = append(pbUnits, &pb.ServiceUnit{
Name: unit.Name,
Contents: unit.Contents,
})
}
uploadSystemdServiceUnitsResponse, err := client.UploadSystemServiceUnits(ctx, &pb.UploadSystemdServiceUnitsRequest{Units: pbUnits})
if err != nil || uploadSystemdServiceUnitsResponse.Status != pb.UploadSystemdServiceUnitsStatus_UPLOAD_SYSTEMD_SERVICE_UNITS_SUCCESS {
return fmt.Errorf("uploading systemd service unit to instance %v failed: %v / %w", in.debugdEndpoint, uploadSystemdServiceUnitsResponse, err)
}
return fmt.Errorf("uploading authorized keys to instance %v failed: %v / %w", in.debugdEndpoint, authorizedKeysResponse, err)
}
stream, err := client.UploadBootstrapper(ctx)

1
debugd/internal/cdbg/cmd/root.go
View File

@ -15,7 +15,6 @@ func newRootCmd() *cobra.Command {
It connects to CoreOS instances running debugd and deploys a self-compiled version of the bootstrapper.`,
}
cmd.PersistentFlags().String("config", constants.ConfigFilename, "Constellation config file")
cmd.PersistentFlags().String("cdbg-config", constants.DebugdConfigFilename, "debugd config file")
cmd.AddCommand(newDeployCmd())
return cmd
}

35
debugd/internal/cdbg/config/config.go
View File

@ -1,35 +0,0 @@
package config
import (
"errors"
"fmt"
"io/fs"
"github.com/edgelesssys/constellation/debugd/internal/debugd/deploy"
configc "github.com/edgelesssys/constellation/internal/config"
"github.com/edgelesssys/constellation/internal/file"
)
// CDBGConfig describes the constellation-cli config file.
type CDBGConfig struct {
ConstellationDebugConfig ConstellationDebugdConfig `yaml:"cdbg"`
}
// ConstellationDebugdConfig is the cdbg specific configuration.
type ConstellationDebugdConfig struct {
AuthorizedKeys []configc.UserKey `yaml:"authorizedKeys"`
BootstrapperPath string `yaml:"bootstrapperPath"`
SystemdUnits []deploy.SystemdUnit `yaml:"systemdUnits,omitempty"`
}
// FromFile reads a debug configuration.
func FromFile(fileHandler file.Handler, name string) (*CDBGConfig, error) {
conf := &CDBGConfig{}
if err := fileHandler.ReadYAML(name, conf); err != nil {
if errors.Is(err, fs.ErrNotExist) {
return nil, fmt.Errorf("%s not found - consult the README on how to setup cdbg", name)
}
return nil, fmt.Errorf("loading config from file %s: %w", name, err)
}
return conf, nil
}