Commit Graph

152 Commits

Author SHA1 Message Date
Malte Poll
4a8ebfd921 OS images: use "ref", "stream" and "version"
Switch azure default region to west us
Update find-image script to work with new API spec
Add version for every os image build
generate measurements: Use new API paths
CLI: config fetch measurements: Use image short versions to fetch measurements
CLI: allows shortnames to specify image in config
Image build pipeline: Change paths to contain "ref" and "stream"
2022-12-09 13:37:43 +01:00
Paul Meyer
a9ed8c0191 e2e: enable systemd logcollection
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 18:05:32 +01:00
Paul Meyer
c52dfb09b9 debugd: run logcollector containers unprivileged
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
Paul Meyer
67ce1ac3b2 debugd: update filebeat container
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
Paul Meyer
de5c1f5fc8 debugd: build logstash image from fedora37
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
Paul Meyer
474f7ad356 ci: build logcollector images
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
Paul Meyer
4eeff3696d debugd: remove timeout for rpc calls
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 16:14:45 +01:00
Paul Meyer
1a4d31f1f6 debugd: add qemu logcollection memory requirement
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 09:41:57 +01:00
Paul Meyer
7ee2539645 debugd: document basic logcollection
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
Paul Meyer
56beb05170 debugd: implement qemu log collection
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
Paul Meyer
ac74de86fb debugd: add check for info fields
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
Paul Meyer
b93b24e058 debugd: add logcollector
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
Paul Meyer
983c2c4b57 debugd: sent info from cdbg to debugd
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-30 16:26:25 +01:00
Malte Poll
575b6e93f6 CLI: use global image version field
- Restructure config by removing CSP-specific image references
- Add global image field
- Download image lookup table on create
- Download QEMU image on QEMU create
2022-11-23 15:47:46 +01:00
Malte Poll
786264edbc Add hack script to locate latest debug image 2022-11-18 12:08:34 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code (#504)
* Rename Metadata->Cloud

* Remove unused methods, functions, and variables

* More privacy for testing stubs

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API (#477)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 09:08:18 +01:00
Fabian Kammel
b92b3772ca
Remove access manager (#470)
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
Fabian Kammel
0d12e37c96
Document exported funcs,types,interfaces and enable check. (#475)
* Include EXC0014 and fix issues.
* Include EXC0012 and fix issues.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 15:57:54 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API (#387)
* Refactor GCP metadata/cloud API

* Remove cloud controller manager from metadata package

* Remove PublicIP

* Move shared cloud packages

* Remove dead code

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-09 14:43:48 +01:00
Malte Poll
9e12e004bb
Set SELinux from disabled to permissive (#474) 2022-11-09 12:04:58 +01:00
Leonard Cohnen
828923d159 debugd: add AWS 2022-11-02 23:29:04 +01:00
Leonard Cohnen
477a06789f update grpc 2022-10-21 13:28:03 +02:00
Malte Poll
6a1405f7c9 Disable SSH key deployment with debugd / cdbg 2022-10-21 11:04:25 +02:00
Malte Poll
743f5fa627 Remove all traces of CoreOS from the codebase 2022-10-21 11:04:25 +02:00
Malte Poll
93801e1786 debugd: Allow autologin on serial console 2022-10-21 11:04:25 +02:00
Malte Poll
34367ea3cc Create mkosi image build pipeline 2022-10-21 11:04:25 +02:00
Fabian Kammel
369480a50b
Feat/revive (#212)
* enable revive as linter
* fix var-naming revive issues
* fix blank-imports revive issues
* fix receiver-naming revive issues
* fix exported revive issues
* fix indent-error-flow revive issues
* fix unexported-return revive issues
* fix indent-error-flow revive issues
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-05 15:02:46 +02:00
katexochen
ed78c48ed4 Remove unused code 2022-09-30 16:50:52 +02:00
katexochen
53c8c9e9a6 Update proto files to v2 2022-09-22 09:10:19 +02:00
katexochen
ba6e41ed5c Upgrade go module to v2 2022-09-22 09:10:19 +02:00
Leonard Cohnen
7163c161b6 Deploy Konnectivity 2022-09-09 17:26:02 +02:00
Otto Bittner
ef26917c5e AB#2369: Use contributing.md as ToC for dev docs.
* Structure content into typical sections and
split into separate files.
* Also document how to locally create measurements

Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-08 16:08:42 +02:00
Nils Hanke
86a1153cff cdbg: Warn user when debugCluster is false 2022-09-07 13:27:15 +02:00
Nils Hanke
fe70231f2a Rename IsImageDebug -> IsDebugImage for consistency 2022-09-07 13:27:15 +02:00
Nils Hanke
dd4ccdd390 E2E / debugd: Replace remains of ingressFirewall with debugCluster flag 2022-09-07 13:27:15 +02:00
Thomas Tendyck
bd63aa3c6b add license headers
sed -i '1i/*\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n*/\n' `grep -rL --include='*.go' 'DO NOT EDIT'`
gofumpt -w .
2022-09-05 09:17:25 +02:00
Nils Hanke
1ecc56b69f
Remove cdbg-config.yaml (#26)
This removes systemd service upload support in cdbg,
but keeps it in the protobuf protocol.
2022-08-31 12:25:27 +02:00
Malte Poll
5c87913250 Update debugd README 2022-08-30 09:47:38 +02:00
Fabian Kammel
22c912a56d move nodestate and role
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-29 16:07:55 +02:00
Malte Poll
26e9c67a00 Move cloud metadata packages and kubernetes resources marshaling to internal
Decouples cloud provider metadata packages from kubernetes related code

Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-29 16:07:55 +02:00
Malte Poll
f5270c6c01 debugd: Allow root login on serial console when using debug image (#407) 2022-08-26 14:07:53 +02:00
Fabian Kammel
5b40e0cc77 AB#2327 move debugd code into internal folder (#403)
* move debugd code into internal folder
* Fix paths in CMakeLists.txt
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-26 11:58:18 +02:00
katexochen
409f6fec65 Use function for commands
instead of func init() and global var
2022-08-24 14:30:02 +02:00
katexochen
54319e4324 Read cdbg deploy IPs from ID file 2022-08-24 14:30:02 +02:00
katexochen
e57c3991f7 Don't add loadbalancer IP routing rule on workers 2022-08-23 18:11:20 +02:00
katexochen
d770957975 Add debugd ssh key distribution 2022-08-23 18:11:20 +02:00
katexochen
cf9662641c Send cdbg deploy only to loadbalancer 2022-08-23 18:11:20 +02:00
katexochen
a02a46e454 Use multiple loadbalancers on GCP 2022-08-23 18:11:20 +02:00
katexochen
c2faa20d6e Fix naming in state file 2022-08-23 18:11:20 +02:00
Fabian Kammel
170a8bf5e0 AB#2306 Public image sharing in Google (#358)
* document how to publicly share images in gcloud
* Write disclamer in debugd
* Add disclamer about debug images to contributing file
* Print debug banner on startup
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-16 15:53:54 +02:00
Fabian Kammel
97c985a7f4 provide commands for all new image schemas (#363)
* provide commands for all new image schemas
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-15 11:09:10 +02:00
Malte Poll
eab33817fd Update debugd README (#340)
* Update debugd README
* Add command to list available releases

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-05 12:28:57 +02:00
Daniel Weiße
4151d365fb AB#2286 Return only primary IPs for instance metadata operations (#335)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-04 11:08:20 +02:00
Daniel Weiße
5da92d9d8b AB#2249 Rework image build pipeline (#326)
* Rework image build pipeline

* Dont cancel workflow runs on main

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-03 16:01:36 +02:00
katexochen
c37fab0a4c Add cdbg warning for non-debug image 2022-07-28 13:11:55 +02:00
Fabian Kammel
ba5a3aefe3 fix ci-lint issues (#287)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-20 16:44:41 +02:00
Malte Poll
260d2571c1 Only upload kubeadm certs if key is rotated
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
2022-07-14 17:25:18 +02:00
katexochen
916e5d6b55 Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
katexochen
f79674cbb8 Bootstrapper 2022-07-14 17:25:18 +02:00
Daniel Weiße
0a874496b3 Add verbosity flag to all services (#244)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-01 16:17:06 +02:00
Otto Bittner
7cada2c9e8 Add goleak to all tests (#227)
* Run goleak as part of all tests
We are already using goleak in various tests.
This commit adds a TestMain to all remaining tests
and calls goleak.VerifyTestMain in them.
* Add goleak to debugd/deploy package and fix bug.
* Run go mod tidy
* Fix integration tests
* Move goleak invocation for mount integration test
* Ignore leak in state integration tests

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 15:24:36 +02:00
Daniel Weiße
040e498b42 AB#2114 Add QEMU metadata API (#237)
* Add QEMU metadata API

* API server is started automatically when using terraform to deploy a QEMU cluster

* Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-30 11:14:26 +02:00
Daniel Weiße
b10b13b173 Replace logging with default logging interface (#233)
* Add test logger

* Refactor access manager logging

* Refactor activation service logging

* Refactor debugd logging

* Refactor kms server logging

* Refactor disk-mapper logging

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 16:51:30 +02:00
Christoph Meyer
9441e46e4b AB#2033 Remove redundant "failed" in error wrapping
Remove "failed" from wrapped errors
Where appropriate rephrase "unable to/could not" to "failed" in root
errors
Start error log messages with "Failed"
2022-06-22 12:02:10 +01:00
Fabian Kammel
d856b0cd86 Feat/measurements in e2e (#218)
* Make e2e pipeline use the latest image available.

* Use pcr-reader to read & store measurements.

* buildvcs false in ci

* only notify teams on main

* plain yq syntax, since if already checks for csp

* previous version of yq requires explicit eval

* fix pcr-reader call

* actually pass variable between jobs

* fix typo

* Make order of images consistent.

* read measurements after create

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-20 10:30:59 +02:00
Nils Hanke
f0b8412ef8 constellation-access-manager: Persistent SSH as ConfigMap (#184) 2022-06-13 16:23:19 +02:00
Daniel Weiße
1e19e64fbc Dynamic grpc client credentials (#204)
* Add an aTLS wrapper for grpc credentials

* Move grpc dialers to internal and use aTLS grpc credentials

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-13 11:40:27 +02:00
Daniel Weiße
6e9428a234 Fix gcp debug image command
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-10 15:51:34 +02:00
Malte Poll
49d1212cff debugd README: rename azureConfig to azure and gcpConfig to gcp. Only assign value if key exists. (#201) 2022-06-08 15:37:32 +02:00
katexochen
b308db03fe Move cli/cloud/cloudtypes into /internal 2022-06-08 11:59:23 +02:00
katexochen
d71e97a940 Move ScalingGroup to cloudtypes 2022-06-08 11:59:23 +02:00
katexochen
87b9203110 Import config as config 2022-06-08 11:59:23 +02:00
katexochen
6a9419e89c Remove cli/ec2 2022-06-08 11:59:23 +02:00
katexochen
48b4f10207 Separate shared gcp code 2022-06-08 11:53:55 +02:00
Leonard Cohnen
791d5564ba replace flannel with cilium 2022-06-02 13:08:25 +02:00
Thomas Tendyck
42fc497477 cli: fix and tweak config file wording 2022-05-27 16:53:04 +02:00
Malte Poll
6bb393fcb7 cdbg: allow parsing state to query QEMU instances for cdbg deploy
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-25 10:30:58 +02:00
Malte Poll
0c244ee2bc Use cmake to compile debugd / cdbg
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 13:15:04 +02:00
Thomas Tendyck
206dae8fd2 readme: move debugd and local image testing to other files and add a component overview 2022-05-19 08:56:28 +02:00
Nils Hanke
5fa23d4bec Use "new" config for YAML parsing directives 2022-05-18 10:48:52 +02:00
Fabian Kammel
b905c28515 AB#2061 Self Documenting Config File (#143)
Move firewall up into root config, remove VPC config & autogenerate comments in config file.
2022-05-16 18:54:25 +02:00
Nils Hanke
cdfd962fcc Add --cdbg-config next to --config for cdbg 2022-05-16 17:57:51 +02:00
Nils Hanke
68092f27dd AB#2046 : Add option to create SSH users for the first coordinator upon initialization (#133)
* Move `file`, `ssh` and `user` packages to internal
* Rename `SSHKey` to `(ssh.)UserKey`
* Rename KeyValue / Publickey to PublicKey
* Rename SSH key file from "debugd" to "ssh-keys"
* Add CreateSSHUsers function to Core
* Call CreateSSHUsers users on first control-plane node, when defined in config

Tests:
* Make StubUserCreator add entries to /etc/passwd
* Add NewLinuxUserManagerFake for unit tests
* Add unit tests & adjust existing ones to changes
2022-05-16 17:32:00 +02:00
Malte Poll
baa7dbc1ef Move debugd config to separate file
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-16 15:20:23 +02:00
Fabian Kammel
83857b142c AB#2064 Feat/config/dev config to config (#139)
Renamed dev-config to config, additionally changed cdbg config to yaml.
2022-05-13 11:56:43 +02:00
Daniel Weiße
423e29e3ab Update to latest grpc generator
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:48:31 +02:00
Malte Poll
77b0237dd5 extract shared grpcutil dialer from pubapi
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-28 14:35:35 +02:00
Malte Poll
5ac72c730d debugd: start existing coordinator binary at boot if coordinator was deployed before reboot 2022-04-28 10:19:26 +02:00
Malte Poll
63d282f1ed debugd: do not stop coordinator before upload as upload only works if coordinator binary does not exist yet 2022-04-28 10:19:26 +02:00
Malte Poll
6f32811029 debugd: Upgrade default systemd unit to incorporate CNI bin dir preparation 2022-04-28 10:19:26 +02:00
datosh
51068abc27 Ref/want err from err expected (#82)
consistent naming for test values using 'want' instead of 'expect/ed'
2022-04-26 16:54:05 +02:00
Benedict Schlueter
ff8830e718 debugd: add support for multiple coordinators
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
Malte Poll
78af3b173f debugd: Correctly handle direct coordinator upload if coordinator was uploaded previously (file already exists)
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-21 15:15:07 +02:00
katexochen
1a9b33d738 Restructure config and constants 2022-04-21 09:06:35 +02:00
Daniel Weiße
49a1a07049 AB#1902 Ping Coordinator from initramfs for key (#53)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-12 14:24:36 +02:00
Malte Poll
aaed8ad1e3 debugd: stop discovery loop once coordinator was downloaded successfully or coordinator binary exists 2022-04-01 16:47:18 +02:00
Malte Poll
6954683f18 debugd: filter own instance from list of discovered debugd instances 2022-04-01 16:47:18 +02:00
Malte Poll
7143b29caf debugd: return download error if download is not attempted due to retry backoff 2022-04-01 16:47:18 +02:00
Malte Poll
aac6e0b239 debugd: prevent deadlock by checking if file exists before aquiring read lock and cleanup downloaded coordinator binary if download fails 2022-03-28 16:12:40 +02:00