Malte Poll
4a8ebfd921
OS images: use "ref", "stream" and "version"
...
Switch azure default region to west us
Update find-image script to work with new API spec
Add version for every os image build
generate measurements: Use new API paths
CLI: config fetch measurements: Use image short versions to fetch measurements
CLI: allows shortnames to specify image in config
Image build pipeline: Change paths to contain "ref" and "stream"
2022-12-09 13:37:43 +01:00
Paul Meyer
a9ed8c0191
e2e: enable systemd logcollection
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 18:05:32 +01:00
Paul Meyer
c52dfb09b9
debugd: run logcollector containers unprivileged
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
Paul Meyer
67ce1ac3b2
debugd: update filebeat container
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
Paul Meyer
de5c1f5fc8
debugd: build logstash image from fedora37
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
Paul Meyer
474f7ad356
ci: build logcollector images
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
Paul Meyer
4eeff3696d
debugd: remove timeout for rpc calls
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 16:14:45 +01:00
Paul Meyer
1a4d31f1f6
debugd: add qemu logcollection memory requirement
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 09:41:57 +01:00
Paul Meyer
7ee2539645
debugd: document basic logcollection
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
Paul Meyer
56beb05170
debugd: implement qemu log collection
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
Paul Meyer
ac74de86fb
debugd: add check for info fields
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
Paul Meyer
b93b24e058
debugd: add logcollector
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
Paul Meyer
983c2c4b57
debugd: sent info from cdbg to debugd
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
Malte Poll
575b6e93f6
CLI: use global image version field
...
- Restructure config by removing CSP-specific image references
- Add global image field
- Download image lookup table on create
- Download QEMU image on QEMU create
2022-11-23 15:47:46 +01:00
Malte Poll
786264edbc
Add hack script to locate latest debug image
2022-11-18 12:08:34 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code ( #504 )
...
* Rename Metadata->Cloud
* Remove unused methods, functions, and variables
* More privacy for testing stubs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API ( #477 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 09:08:18 +01:00
Fabian Kammel
b92b3772ca
Remove access manager ( #470 )
...
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. ( #475 )
...
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API ( #387 )
...
* Refactor GCP metadata/cloud API
* Remove cloud controller manager from metadata package
* Remove PublicIP
* Move shared cloud packages
* Remove dead code
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-09 14:43:48 +01:00
Malte Poll
9e12e004bb
Set SELinux from disabled to permissive ( #474 )
2022-11-09 12:04:58 +01:00
Leonard Cohnen
828923d159
debugd: add AWS
2022-11-02 23:29:04 +01:00
Leonard Cohnen
477a06789f
update grpc
2022-10-21 13:28:03 +02:00
Malte Poll
6a1405f7c9
Disable SSH key deployment with debugd / cdbg
2022-10-21 11:04:25 +02:00
Malte Poll
743f5fa627
Remove all traces of CoreOS from the codebase
2022-10-21 11:04:25 +02:00
Malte Poll
93801e1786
debugd: Allow autologin on serial console
2022-10-21 11:04:25 +02:00
Malte Poll
34367ea3cc
Create mkosi image build pipeline
2022-10-21 11:04:25 +02:00
Fabian Kammel
369480a50b
Feat/revive ( #212 )
...
* enable revive as linter
* fix var-naming revive issues
* fix blank-imports revive issues
* fix receiver-naming revive issues
* fix exported revive issues
* fix indent-error-flow revive issues
* fix unexported-return revive issues
* fix indent-error-flow revive issues
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-05 15:02:46 +02:00
katexochen
ed78c48ed4
Remove unused code
2022-09-30 16:50:52 +02:00
katexochen
53c8c9e9a6
Update proto files to v2
2022-09-22 09:10:19 +02:00
katexochen
ba6e41ed5c
Upgrade go module to v2
2022-09-22 09:10:19 +02:00
Leonard Cohnen
7163c161b6
Deploy Konnectivity
2022-09-09 17:26:02 +02:00
Otto Bittner
ef26917c5e
AB#2369: Use contributing.md as ToC for dev docs.
...
* Structure content into typical sections and
split into separate files.
* Also document how to locally create measurements
Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-08 16:08:42 +02:00
Nils Hanke
86a1153cff
cdbg: Warn user when debugCluster is false
2022-09-07 13:27:15 +02:00
Nils Hanke
fe70231f2a
Rename IsImageDebug -> IsDebugImage for consistency
2022-09-07 13:27:15 +02:00
Nils Hanke
dd4ccdd390
E2E / debugd: Replace remains of ingressFirewall with debugCluster flag
2022-09-07 13:27:15 +02:00
Thomas Tendyck
bd63aa3c6b
add license headers
...
sed -i '1i/*\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n*/\n' `grep -rL --include='*.go' 'DO NOT EDIT'`
gofumpt -w .
2022-09-05 09:17:25 +02:00
Nils Hanke
1ecc56b69f
Remove cdbg-config.yaml ( #26 )
...
This removes systemd service upload support in cdbg,
but keeps it in the protobuf protocol.
2022-08-31 12:25:27 +02:00
Malte Poll
5c87913250
Update debugd README
2022-08-30 09:47:38 +02:00
Fabian Kammel
22c912a56d
move nodestate and role
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-29 16:07:55 +02:00
Malte Poll
26e9c67a00
Move cloud metadata packages and kubernetes resources marshaling to internal
...
Decouples cloud provider metadata packages from kubernetes related code
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-29 16:07:55 +02:00
Malte Poll
f5270c6c01
debugd: Allow root login on serial console when using debug image ( #407 )
2022-08-26 14:07:53 +02:00
Fabian Kammel
5b40e0cc77
AB#2327 move debugd code into internal folder ( #403 )
...
* move debugd code into internal folder
* Fix paths in CMakeLists.txt
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-26 11:58:18 +02:00
katexochen
409f6fec65
Use function for commands
...
instead of func init() and global var
2022-08-24 14:30:02 +02:00
katexochen
54319e4324
Read cdbg deploy IPs from ID file
2022-08-24 14:30:02 +02:00
katexochen
e57c3991f7
Don't add loadbalancer IP routing rule on workers
2022-08-23 18:11:20 +02:00
katexochen
d770957975
Add debugd ssh key distribution
2022-08-23 18:11:20 +02:00
katexochen
cf9662641c
Send cdbg deploy only to loadbalancer
2022-08-23 18:11:20 +02:00
katexochen
a02a46e454
Use multiple loadbalancers on GCP
2022-08-23 18:11:20 +02:00
katexochen
c2faa20d6e
Fix naming in state file
2022-08-23 18:11:20 +02:00
Fabian Kammel
170a8bf5e0
AB#2306 Public image sharing in Google ( #358 )
...
* document how to publicly share images in gcloud
* Write disclamer in debugd
* Add disclamer about debug images to contributing file
* Print debug banner on startup
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-16 15:53:54 +02:00
Fabian Kammel
97c985a7f4
provide commands for all new image schemas ( #363 )
...
* provide commands for all new image schemas
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-15 11:09:10 +02:00
Malte Poll
eab33817fd
Update debugd README ( #340 )
...
* Update debugd README
* Add command to list available releases
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-05 12:28:57 +02:00
Daniel Weiße
4151d365fb
AB#2286 Return only primary IPs for instance metadata operations ( #335 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-04 11:08:20 +02:00
Daniel Weiße
5da92d9d8b
AB#2249 Rework image build pipeline ( #326 )
...
* Rework image build pipeline
* Dont cancel workflow runs on main
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-03 16:01:36 +02:00
katexochen
c37fab0a4c
Add cdbg warning for non-debug image
2022-07-28 13:11:55 +02:00
Fabian Kammel
ba5a3aefe3
fix ci-lint issues ( #287 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-20 16:44:41 +02:00
Malte Poll
260d2571c1
Only upload kubeadm certs if key is rotated
...
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
2022-07-14 17:25:18 +02:00
katexochen
916e5d6b55
Rename coordinator to bootstrapper and rename roles
2022-07-14 17:25:18 +02:00
katexochen
f79674cbb8
Bootstrapper
2022-07-14 17:25:18 +02:00
Daniel Weiße
0a874496b3
Add verbosity flag to all services ( #244 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-01 16:17:06 +02:00
Otto Bittner
7cada2c9e8
Add goleak to all tests ( #227 )
...
* Run goleak as part of all tests
We are already using goleak in various tests.
This commit adds a TestMain to all remaining tests
and calls goleak.VerifyTestMain in them.
* Add goleak to debugd/deploy package and fix bug.
* Run go mod tidy
* Fix integration tests
* Move goleak invocation for mount integration test
* Ignore leak in state integration tests
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 15:24:36 +02:00
Daniel Weiße
040e498b42
AB#2114 Add QEMU metadata API ( #237 )
...
* Add QEMU metadata API
* API server is started automatically when using terraform to deploy a QEMU cluster
* Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-30 11:14:26 +02:00
Daniel Weiße
b10b13b173
Replace logging with default logging interface ( #233 )
...
* Add test logger
* Refactor access manager logging
* Refactor activation service logging
* Refactor debugd logging
* Refactor kms server logging
* Refactor disk-mapper logging
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 16:51:30 +02:00
Christoph Meyer
9441e46e4b
AB#2033 Remove redundant "failed" in error wrapping
...
Remove "failed" from wrapped errors
Where appropriate rephrase "unable to/could not" to "failed" in root
errors
Start error log messages with "Failed"
2022-06-22 12:02:10 +01:00
Fabian Kammel
d856b0cd86
Feat/measurements in e2e ( #218 )
...
* Make e2e pipeline use the latest image available.
* Use pcr-reader to read & store measurements.
* buildvcs false in ci
* only notify teams on main
* plain yq syntax, since if already checks for csp
* previous version of yq requires explicit eval
* fix pcr-reader call
* actually pass variable between jobs
* fix typo
* Make order of images consistent.
* read measurements after create
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-20 10:30:59 +02:00
Nils Hanke
f0b8412ef8
constellation-access-manager: Persistent SSH as ConfigMap ( #184 )
2022-06-13 16:23:19 +02:00
Daniel Weiße
1e19e64fbc
Dynamic grpc client credentials ( #204 )
...
* Add an aTLS wrapper for grpc credentials
* Move grpc dialers to internal and use aTLS grpc credentials
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-13 11:40:27 +02:00
Daniel Weiße
6e9428a234
Fix gcp debug image command
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-10 15:51:34 +02:00
Malte Poll
49d1212cff
debugd README: rename azureConfig to azure and gcpConfig to gcp. Only assign value if key exists. ( #201 )
2022-06-08 15:37:32 +02:00
katexochen
b308db03fe
Move cli/cloud/cloudtypes into /internal
2022-06-08 11:59:23 +02:00
katexochen
d71e97a940
Move ScalingGroup to cloudtypes
2022-06-08 11:59:23 +02:00
katexochen
87b9203110
Import config as config
2022-06-08 11:59:23 +02:00
katexochen
6a9419e89c
Remove cli/ec2
2022-06-08 11:59:23 +02:00
katexochen
48b4f10207
Separate shared gcp code
2022-06-08 11:53:55 +02:00
Leonard Cohnen
791d5564ba
replace flannel with cilium
2022-06-02 13:08:25 +02:00
Thomas Tendyck
42fc497477
cli: fix and tweak config file wording
2022-05-27 16:53:04 +02:00
Malte Poll
6bb393fcb7
cdbg: allow parsing state to query QEMU instances for cdbg deploy
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-25 10:30:58 +02:00
Malte Poll
0c244ee2bc
Use cmake to compile debugd / cdbg
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 13:15:04 +02:00
Thomas Tendyck
206dae8fd2
readme: move debugd and local image testing to other files and add a component overview
2022-05-19 08:56:28 +02:00
Nils Hanke
5fa23d4bec
Use "new" config for YAML parsing directives
2022-05-18 10:48:52 +02:00
Fabian Kammel
b905c28515
AB#2061 Self Documenting Config File ( #143 )
...
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
2022-05-16 18:54:25 +02:00
Nils Hanke
cdfd962fcc
Add --cdbg-config next to --config for cdbg
2022-05-16 17:57:51 +02:00
Nils Hanke
68092f27dd
AB#2046 : Add option to create SSH users for the first coordinator upon initialization ( #133 )
...
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config
Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
2022-05-16 17:32:00 +02:00
Malte Poll
baa7dbc1ef
Move debugd config to separate file
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-16 15:20:23 +02:00
Fabian Kammel
83857b142c
AB#2064 Feat/config/dev config to config ( #139 )
...
Renamed dev-config to config, additionally changed cdbg config to yaml.
2022-05-13 11:56:43 +02:00
Daniel Weiße
423e29e3ab
Update to latest grpc generator
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:48:31 +02:00
Malte Poll
77b0237dd5
extract shared grpcutil dialer from pubapi
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
5ac72c730d
debugd: start existing coordinator binary at boot if coordinator was deployed before reboot
2022-04-28 10:19:26 +02:00
Malte Poll
63d282f1ed
debugd: do not stop coordinator before upload as upload only works if coordinator binary does not exist yet
2022-04-28 10:19:26 +02:00
Malte Poll
6f32811029
debugd: Upgrade default systemd unit to incorporate CNI bin dir preparation
2022-04-28 10:19:26 +02:00
datosh
51068abc27
Ref/want err from err expected ( #82 )
...
consistent naming for test values using 'want' instead of 'expect/ed'
2022-04-26 16:54:05 +02:00
Benedict Schlueter
ff8830e718
debugd: add support for multiple coordinators
...
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
Malte Poll
78af3b173f
debugd: Correctly handle direct coordinator upload if coordinator was uploaded previously (file already exists)
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-21 15:15:07 +02:00
katexochen
1a9b33d738
Restructure config and constants
2022-04-21 09:06:35 +02:00
Daniel Weiße
49a1a07049
AB#1902 Ping Coordinator from initramfs for key ( #53 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-12 14:24:36 +02:00
Malte Poll
aaed8ad1e3
debugd: stop discovery loop once coordinator was downloaded successfully or coordinator binary exists
2022-04-01 16:47:18 +02:00
Malte Poll
6954683f18
debugd: filter own instance from list of discovered debugd instances
2022-04-01 16:47:18 +02:00
Malte Poll
7143b29caf
debugd: return download error if download is not attempted due to retry backoff
2022-04-01 16:47:18 +02:00
Malte Poll
aac6e0b239
debugd: prevent deadlock by checking if file exists before aquiring read lock and cleanup downloaded coordinator binary if download fails
2022-03-28 16:12:40 +02:00