AB#1915 Local PCR calculation (#243)

* Add QEMU cloud-logging * Add QEMU metadata endpoints to collect logs during cluster boot * Send PCRs to QEMU metadata if boot fails on Azure or GCP Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-11-13 00:50:38 -05:00 · 2022-07-04 12:59:43 +02:00 · 2022-07-04 12:59:43 +02:00 · 4be29b04dc
commit 4be29b04dc
parent 70efb92adc
9 changed files with 348 additions and 21 deletions
--- a/terraform/libvirt/README.md
+++ b/terraform/libvirt/README.md
@ -11,7 +11,7 @@ Prerequisite:
 Optional: Write a `terraform.tfvars` file in the terraform workspace (`terraform/libvirt`), defining required variables and overriding optional variables.
 See [variables.tf](./variables.tf) for a description of all available variables.
 ```tfvars
-constellation_coreos_image_qcow2="/path/to/image.qcow2"
+constellation_coreos_image="/path/to/image.qcow2"
 # optional other vars, uncomment and change as needed
 # control_plane_count=3
 # worker_count=2
--- a/terraform/libvirt/main.tf
+++ b/terraform/libvirt/main.tf
@ -39,6 +39,11 @@ resource "docker_container" "qemu-metadata" {
    target = "/var/run/libvirt/libvirt-sock"
    type = "bind" 
  }
+  mounts {
+    source = var.metadata_api_log_dir
+    target = "/pcrs"
+    type = "bind"
+  }
 }

 module "control_plane" {
@ -80,8 +85,8 @@ resource "libvirt_pool" "cluster" {
 resource "libvirt_volume" "constellation_coreos_image" {
  name   = "constellation-coreos-image"
  pool   = libvirt_pool.cluster.name
-  source = var.constellation_coreos_image_qcow2
-  format = "qcow2"
+  source = var.constellation_coreos_image
+  format = var.image_format
 }

 resource "libvirt_network" "constellation" {
--- a/terraform/libvirt/variables.tf
+++ b/terraform/libvirt/variables.tf
@ -1,6 +1,12 @@
-variable "constellation_coreos_image_qcow2" {
+variable "constellation_coreos_image" {
  type        = string
-  description = "constellation OS qcow file path"
+  description = "constellation OS file path"
+}
+
+variable "image_format" {
+  type        = string
+  default     = "qcow2"
+  description = "image format"
 }

 variable "control_plane_count" {
@ -45,3 +51,8 @@ variable "machine" {
  default     = "q35"
  description = "machine type. use 'q35' for secure boot and 'pc' for non secure boot. See 'qemu-system-x86_64 -machine help'"
 }
+
+variable "metadata_api_log_dir" {
+  type = string
+  description = "directory to store metadata log files. This must be an absolute path"
+}