constellation/image
Fabian Kammel 170a8bf5e0 AB#2306 Public image sharing in Google (#358)
* document how to publicly share images in gcloud
* Write disclamer in debugd
* Add disclamer about debug images to contributing file
* Print debug banner on startup
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-16 15:53:54 +02:00
..
assembler Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
build remove aws image 2022-04-19 17:10:30 +02:00
dependencies remove aws image 2022-04-19 17:10:30 +02:00
dm-verity AB#2288: Fix/kernel panic (#328) 2022-08-02 15:34:17 +02:00
docs remove aws image 2022-04-19 17:10:30 +02:00
images remove aws image 2022-04-19 17:10:30 +02:00
runner AB#2288: Fix/kernel panic (#328) 2022-08-02 15:34:17 +02:00
docker.env Apply suggestions from code review 2022-08-05 12:37:22 +02:00
Makefile AB#2306 Public image sharing in Google (#358) 2022-08-16 15:53:54 +02:00
podman.env Apply suggestions from code review 2022-08-05 12:37:22 +02:00
README.md Use local CoreOS assembler image instead of ghcr 2022-08-05 12:37:22 +02:00

Constellation images

We use the Fedora CoreOS Assembler to build the base image for Constellation nodes.

Setup

  1. Install prerequisites:

  2. Log in to GCP and Azure

    gcloud auth login
    az login
    
  3. Log in to the ghcr.io package registry

  4. Ensure read and write access to /dev/kvm (and repeat after every reboot)

    sudo chmod 666 /dev/kvm
    

Configuration

Create a configuration file in image/config.mk to override any of the variables found at the top of the Makefile. Important settings are:

  • BOOTSTRAPPER_BINARY: path to a bootstrapper binary. Can be substituted with a path to a debugd binary if a debug image should be built. The binary has to be built before!
  • CONTAINER_ENGINE: container engine used to run COSA. either podman or docker.
  • COSA_INIT_REPO: Git repository containing CoreOS config. Cloned in cosa-init target.
  • COSA_INIT_BRANCH: Git branch checked out from COSA_INIT_REPO. Can be used to test out changes on another branch before merging.
  • NETRC path to a netrc file containing a GitHub PAT. Used to authenticate to GitHub from within the COSA container.
  • GCP_IMAGE_NAME: Image name for the GCP image. Set to include a timestamp when using the build pipeline. Can be set to a custom value if you wat to upload a custom image for testing on GCP.
  • AZURE_IMAGE_NAME: Image name for the Azure image. Can be set to a custom value if you wat to upload a custom image for testing on Azure.

Example config.mk to create a debug image with docker and name it my-custom-image:

BOOTSTRAPPER_BINARY = ../build/debugd
CONTAINER_ENGINE = docker
GCP_IMAGE_NAME = my-custom-image
AZURE_IMAGE_NAME = my-custom-image

Build an image

It is always advisable to create an image from a clean build dir.

Clean up the build dir and remove old images (⚠ this will undo any local changes to the CoreOS configuration!):

sudo make clean

Ensure you have the modified cosa container image installed:

make cosa-image
  • Build QEMU image (for local testing only)

    make coreos
    
  • Build Azure image (without upload)

    make image-azure
    
  • Build Azure image (with upload)

    make image-azure upload-azure
    
  • Build GCP image (without upload)

    make image-gcp
    
  • Build GCP image (with upload)

    make image-gcp upload-gcp
    

Resulting images for the CSPs can be found under images. QEMU images are stored at build/builds/latest/ with a name ending in .qcow2.