Screencasts for create, config and terminate.

Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2025-08-12 16:55:31 -04:00 · 2023-02-14 16:14:19 +00:00 · 2023-02-14 16:14:19 +00:00 · c86f8a8845
commit c86f8a8845
parent 9e1c91f04b
16 changed files with 8051 additions and 1279 deletions
--- a/docs/screencasts/docker/Dockerfile
+++ b/docs/screencasts/docker/Dockerfile
@ -1,18 +1,27 @@
 FROM ubuntu:20.04

 # Install requirements
-RUN apt update
-RUN apt install -y software-properties-common
-RUN apt-add-repository ppa:zanchey/asciinema
-RUN apt update
-RUN apt install -y curl expect asciinema sudo
-RUN curl -LO https://go.dev/dl/go1.19.5.linux-amd64.tar.gz && rm -rf /usr/local/go && tar -C /usr/local -xzf go1.19.5.linux-amd64.tar.gz
-RUN echo 'export PATH="${PATH}:/usr/local/go/bin:/root/go/bin"' >> /root/.bashrc
-ENV PATH="${PATH}:/usr/local/go/bin:/root/go/bin"
+RUN apt-get update && apt-get install -y software-properties-common &&\
+    apt-add-repository ppa:zanchey/asciinema && apt-get update &&\
+    apt-get install -y curl expect asciinema sudo unzip &&\
+    rm -rf /var/lib/apt/lists/*

-# Install cosign & rekor (speedup in recording)
-RUN go install github.com/sigstore/cosign/cmd/cosign@latest
-RUN go install github.com/sigstore/rekor/cmd/rekor-cli@latest
+RUN curl -sLO https://github.com/mikefarah/yq/releases/download/v4.30.8/yq_linux_amd64 &&\
+    sudo install yq_linux_amd64 /usr/local/bin/yq && rm yq_linux_amd64
+
+RUN curl -sLO https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl &&\
+    sudo install kubectl /usr/local/bin/kubectl && rm kubectl
+
+RUN curl -sLO https://releases.hashicorp.com/terraform/1.3.8/terraform_1.3.8_linux_amd64.zip &&\
+    unzip terraform_1.3.8_linux_amd64.zip &&\
+    sudo install terraform /usr/local/bin/terraform && rm terraform
+
+RUN curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64 &&\
+    sudo install constellation-linux-amd64 /usr/local/bin/constellation &&\
+    rm constellation-linux-amd64
+
+# As mount point for $HOME/.config/gcloud
+RUN mkdir /root/.config

 # Enable RGB colors in PS1
 ENV TERM=xterm-256color
@ -26,11 +35,11 @@ ENV SHELL=/bin/bash
 # need to  be escaped with additional \[ and \], see [2].
 # [1]: https://stackoverflow.com/a/33206814/2306355
 # [2]: https://stackoverflow.com/a/19501528/2306355
-RUN echo 'export PS1="\[\033[38;2;144;255;153m\]~/constellation\[\033[0m\]\r\n\[\033[38;2;139;4;221m\]$\[\033[0m\] "' >> /root/.bashrc
+RUN echo 'export PS1="\[\033[38;2;144;255;153m\]\`pwd\`\[\033[0m\]\r\n\[\033[38;2;139;4;221m\]$\[\033[0m\] "' >> /root/.bashrc

 # Copy install scripts
-COPY ./*.expect /root/
+COPY ./*.expect /scripts/

-WORKDIR /root
+WORKDIR /constellation
 ENTRYPOINT ["/usr/bin/expect", "-f"]
-CMD ["verify-cli.expect"]
+CMD ["/scripts/verify-cli.expect"]
--- a/docs/screencasts/docker/check-sbom.expect
+++ b/docs/screencasts/docker/check-sbom.expect
@ -22,8 +22,28 @@ spawn asciinema rec --overwrite /recordings/check-sbom.cast
 send "\r"
 expect_prompt

-### Step 0: Requirements
-run_command "echo Step 0: Installing requirements"
+run_command "# Step 1: Install SLSA verifier"
+expect_prompt
+run_command "curl -sLO https://github.com/slsa-framework/slsa-verifier/releases/latest/download/slsa-verifier-linux-amd64"
+expect_prompt
+run_command "sudo install slsa-verifier-linux-amd64 /usr/local/bin/slsa-verifier"
+expect_prompt
+
+run_command "# Step 2: Download Constellation SBOM and provenance"
+expect_prompt
+run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation.spdx.sbom"
+expect_prompt
+run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation.intoto.jsonl"
+expect_prompt
+
+run_command "# Step 3: Check integrity of SBOM"
+expect_prompt
+run_command "slsa-verifier verify-artifact constellation.spdx.sbom --provenance-path constellation.intoto.jsonl --source-uri github.com/edgelesssys/constellation"
+expect_prompt
+run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation.intoto.jsonl"
+expect_prompt
+
+run_command "# Step 4: Install grype (security scanner)"
 expect_prompt
 run_command "curl -sLO https://github.com/anchore/grype/releases/download/v0.56.0/grype_0.56.0_linux_amd64.tar.gz"
 expect_prompt
@ -34,14 +54,9 @@ expect_prompt
 run_command "grype --help"
 expect_prompt

-### Step 1: Download & check SBOM
-run_command "echo Step 1: Download Constellation SBOM"
-expect_prompt
-run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation.spdx.sbom"
+run_command "# Step 5: Check for vulnerabilities"
 expect_prompt
 run_command "grype constellation.spdx.sbom -o table -q"
-expect_prompt
-run_command "echo We are safe!"

 # Stop recording
 send "exit"
--- a/docs/screencasts/docker/configure-cluster.expect
+++ b/docs/screencasts/docker/configure-cluster.expect
@ -0,0 +1,46 @@
+#!/usr/bin/expect -f
+# Note: Expects to be able to run 'sudo install' without a password
+
+set timeout -1
+set send_human {0.05 0 1 0.05 0.3}
+set CTRLC \003
+set CTRLX \030
+set record_name [lindex $argv 0];
+
+proc expect_prompt {} {
+    # This matches the trailing 0m of our ANSI control sequence. See PS1 in Dockerfile.
+    expect "0m "
+}
+
+proc run_command {cmd} {
+    send -h "$cmd"
+    send "\r"
+    expect -timeout 1
+}
+
+# Start recording
+spawn asciinema rec --overwrite /recordings/configure-cluster.cast
+send "\r"
+expect_prompt
+
+run_command "# Step 1: Create IAM configuration"
+expect_prompt
+run_command "constellation iam create gcp --generate-config --projectID constellation-331613 --serviceAccountID constellation-demo --zone europe-west3-b"
+expect -re "y\/n"
+send "y"
+send "\r"
+expect_prompt
+
+run_command "# Step 2: Fill in configuration"
+expect_prompt
+run_command "yq '.provider.gcp.project = \"constellation-331613\"' -i constellation-conf.yaml"
+expect_prompt
+run_command "yq '.provider.gcp.zone = \"europe-west3-b\"' -i constellation-conf.yaml"
+expect_prompt
+run_command "yq '.provider.gcp.region = \"europe-west3\"' -i constellation-conf.yaml"
+expect_prompt
+run_command "cat constellation-conf.yaml | head -n15"
+expect_prompt
+
+# Stop recording
+send "exit"
--- a/docs/screencasts/docker/create-cluster.expect
+++ b/docs/screencasts/docker/create-cluster.expect
@ -0,0 +1,52 @@
+#!/usr/bin/expect -f
+# Note: Expects to be able to run 'sudo install' without a password
+
+set timeout -1
+set send_human {0.05 0 1 0.05 0.3}
+set CTRLC \003
+set CTRLX \030
+set record_name [lindex $argv 0];
+
+proc expect_prompt {} {
+    # This matches the trailing 0m of our ANSI control sequence. See PS1 in Dockerfile.
+    expect "0m "
+}
+
+proc run_command {cmd} {
+    send -h "$cmd"
+    send "\r"
+    expect -timeout 1
+}
+
+# Start recording
+spawn asciinema rec --overwrite /recordings/create-cluster.cast
+send "\r"
+expect_prompt
+
+run_command "# Step 1: Create cloud environment"
+expect_prompt
+run_command "constellation create --control-plane-nodes 3 --worker-nodes 2"
+expect -re "y\/n"
+send "y"
+send "\r"
+expect_prompt
+
+run_command "# Step 2: Initialize Constellation"
+expect_prompt
+run_command "constellation init"
+expect_prompt
+
+run_command "# Wait for cluster to finish bootstrapping..."
+expect_prompt
+# Without a sleep we only see a single node, not 5.
+run_command "sleep 300"
+expect_prompt
+
+run_command "# Step 3: Connect to Constellation"
+expect_prompt
+run_command "export KUBECONFIG=/constellation/constellation-admin.conf"
+expect_prompt
+run_command "kubectl get nodes"
+
+# Stop recording
+send "exit"
--- a/docs/screencasts/docker/delete-iam.expect
+++ b/docs/screencasts/docker/delete-iam.expect
@ -0,0 +1,31 @@
+#!/usr/bin/expect -f
+# Note: Expects to be able to run 'sudo install' without a password
+
+set timeout -1
+set send_human {0.05 0 1 0.05 0.3}
+set CTRLC \003
+set CTRLX \030
+set record_name [lindex $argv 0];
+
+proc expect_prompt {} {
+    # This matches the trailing 0m of our ANSI control sequence. See PS1 in Dockerfile.
+    expect "0m "
+}
+
+proc run_command {cmd} {
+    send -h "$cmd"
+    send "\r"
+    expect -timeout 1
+}
+
+# Start recording
+spawn asciinema rec --overwrite /recordings/create-cluster.cast
+send "\r"
+expect_prompt
+
+run_command "cd constellation-iam-terraform"
+expect_prompt
+run_command "terraform apply -destroy -auto-approve"
+
+# Stop recording
+send "exit"
--- a/docs/screencasts/docker/terminate-cluster.expect
+++ b/docs/screencasts/docker/terminate-cluster.expect
@ -0,0 +1,40 @@
+#!/usr/bin/expect -f
+# Note: Expects to be able to run 'sudo install' without a password
+
+set timeout -1
+set send_human {0.05 0 1 0.05 0.3}
+set CTRLC \003
+set CTRLX \030
+set record_name [lindex $argv 0];
+
+proc expect_prompt {} {
+    # This matches the trailing 0m of our ANSI control sequence. See PS1 in Dockerfile.
+    expect "0m "
+}
+
+proc run_command {cmd} {
+    send -h "$cmd"
+    send "\r"
+    expect -timeout 1
+}
+
+# Start recording
+spawn asciinema rec --overwrite /recordings/create-cluster.cast
+send "\r"
+expect_prompt
+
+run_command "# Step 1: Delete Constellation cluster"
+expect_prompt
+run_command "constellation terminate"
+expect -re "y\/n"
+send "y"
+send "\r"
+expect_prompt
+
+run_command "# Delete mastersecret to finalize deletion"
+expect_prompt
+run_command "rm constellation-mastersecret.json"
+expect_prompt
+
+# Stop recording
+send "exit"
--- a/docs/screencasts/docker/verify-cli.expect
+++ b/docs/screencasts/docker/verify-cli.expect
@ -22,26 +22,26 @@ spawn asciinema rec --overwrite /recordings/verify-cli.cast
 send "\r"
 expect_prompt

-run_command "# Step 0: Installing SLSA verifier"
+run_command "# Step 1: Install SLSA verifier"
 expect_prompt
 run_command "curl -sLO https://github.com/slsa-framework/slsa-verifier/releases/latest/download/slsa-verifier-linux-amd64"
 expect_prompt
 run_command "sudo install slsa-verifier-linux-amd64 /usr/local/bin/slsa-verifier"
 expect_prompt

-run_command "# Step 1: Download Constellation and provenance file"
+run_command "# Step 2: Download Constellation CLI and provenance"
 expect_prompt
 run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64"
 expect_prompt
 run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation.intoto.jsonl"
 expect_prompt

-run_command "# Step 2: Verify provenance"
+run_command "# Step 3: Verify provenance"
 expect_prompt
 run_command "slsa-verifier verify-artifact constellation-linux-amd64 --provenance-path constellation.intoto.jsonl --source-uri github.com/edgelesssys/constellation"
 expect_prompt

-run_command "# Step 3: Install the CLI"
+run_command "# Step 4: Install the CLI"
 expect_prompt
 run_command "sudo install constellation-linux-amd64 /usr/local/bin/constellation"
 expect_prompt