constellation/image
Otto Bittner 1859dc1718 AB#2288: Fix/kernel panic (#328)
* More debug info & don't use guestfish
* Sync image runner script with deployed code
* Add missing = for --wait in sonobuoy action

Co-authored-by: <mp@edgeless.systems>
2022-08-02 15:34:17 +02:00
..
assembler Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
build remove aws image 2022-04-19 17:10:30 +02:00
dependencies remove aws image 2022-04-19 17:10:30 +02:00
dm-verity AB#2288: Fix/kernel panic (#328) 2022-08-02 15:34:17 +02:00
docs remove aws image 2022-04-19 17:10:30 +02:00
images remove aws image 2022-04-19 17:10:30 +02:00
runner AB#2288: Fix/kernel panic (#328) 2022-08-02 15:34:17 +02:00
docker.env Always pull newest image version of COSA (#182) 2022-05-31 10:36:29 +02:00
Makefile Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
podman.env Always pull newest image version of COSA (#182) 2022-05-31 10:36:29 +02:00
README.md Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00

Constellation images

We use the Fedora CoreOS Assembler to build the base image for Constellation nodes.

Setup

  1. Install prerequisites:

  2. Log in to GCP and Azure

    gcloud auth login
    az login
    
  3. Log in to the ghcr.io package registry

  4. Ensure read and write access to /dev/kvm (and repeat after every reboot)

    sudo chmod 666 /dev/kvm
    

Configuration

Create a configuration file in image/config.mk to override any of the variables found at the top of the Makefile. Important settings are:

  • BOOTSTRAPPER_BINARY: path to a bootstrapper binary. Can be substituted with a path to a debugd binary if a debug image should be built. The binary has to be built before!
  • CONTAINER_ENGINE: container engine used to run COSA. either podman or docker.
  • COSA_INIT_REPO: Git repository containing CoreOS config. Cloned in cosa-init target.
  • COSA_INIT_BRANCH: Git branch checked out from COSA_INIT_REPO. Can be used to test out changes on another branch before merging.
  • NETRC path to a netrc file containing a GitHub PAT. Used to authenticate to GitHub from within the COSA container.
  • GCP_IMAGE_NAME: Image name for the GCP image. Set to include a timestamp when using the build pipeline. Can be set to a custom value if you wat to upload a custom image for testing on GCP.
  • AZURE_IMAGE_NAME: Image name for the Azure image. Can be set to a custom value if you wat to upload a custom image for testing on Azure.

Example config.mk to create a debug image with docker and name it my-custom-image:

BOOTSTRAPPER_BINARY = ../build/debugd
CONTAINER_ENGINE = docker
GCP_IMAGE_NAME = my-custom-image
AZURE_IMAGE_NAME = my-custom-image

Build an image

It is always advisable to create an image from a clean build dir.

Clean up the build dir and remove old images (⚠ this will undo any local changes to the CoreOS configuration!):

sudo make clean
  • Build QEMU image (for local testing only)

    make coreos
    
  • Build Azure image (without upload)

    make image-azure
    
  • Build Azure image (with upload)

    make image-azure upload-azure
    
  • Build GCP image (without upload)

    make image-gcp
    
  • Build GCP image (with upload)

    make image-gcp upload-gcp
    

Resulting images for the CSPs can be found under images. QEMU images are stored at build/builds/latest/ with a name ending in .qcow2.