constellation/debugd
Daniel Weiße 5da92d9d8b AB#2249 Rework image build pipeline (#326)
* Rework image build pipeline

* Dont cancel workflow runs on main

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-03 16:01:36 +02:00
..
bootstrapper Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
cdbg Add cdbg warning for non-debug image 2022-07-28 13:11:55 +02:00
debugd Only upload kubeadm certs if key is rotated 2022-07-14 17:25:18 +02:00
service Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
README.md AB#2249 Rework image build pipeline (#326) 2022-08-03 16:01:36 +02:00

debug daemon (debugd)

Build cdbg

mkdir -p build
cmake ..
make cdbg

debugd & cdbg usage

With cdbg and yq installed in your path:

  1. Write the configuration file for cdbg cdbg-conf.yaml:

    cdbg:
      authorizedKeys:
        - username: my-username
          publicKey: ssh-rsa AAAAB…LJuM=
      bootstrapperPath: "./bootstrapper"
      systemdUnits:
        - name: some-custom.service
          contents: |-
            [Unit]
            Description=…        
    
  2. Run constellation config generate to create a new default configuration

  3. Locate the latest debugd images for GCP and Azure

  4. Modify the constellation-conf.yaml to use an image with the debugd already included and add required firewall rules:

    # Set timestamp from cloud provider image name
    export TIMESTAMP=01234
    
    yq -i \
        "(.provider | select(. | has(\"azure\")).azure.image) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/CONSTELLATION-IMAGES/providers/Microsoft.Compute/galleries/Constellation/images/constellation-coreos-debugd/versions/0.0.${TIMESTAMP}\"" \
        constellation-conf.yaml
    
    yq -i \
        "(.provider | select(. | has(\"gcp\")).gcp.image) = \"projects/constellation-images/global/images/constellation-coreos-debugd-${TIMESTAMP}\"" \
        constellation-conf.yaml
    
    yq -i \
        ".ingressFirewall += {
            \"name\": \"debugd\",
            \"description\": \"debugd default port\",
            \"protocol\": \"tcp\",
            \"iprange\": \"0.0.0.0/0\",
            \"fromport\": 4000,
            \"toport\": 0
        }" \
        constellation-conf.yaml
    
  5. Run constellation create […]

  6. Run ./cdbg deploy

  7. Run constellation init […] as usual

debugd GCP image

For GCP, run the following command to get a list of all constellation debug images, sorted by their creation date:

gcloud compute images list --filter="family~'constellation-debug-v.+'" --sort-by=creationTimestamp --project constellation-images

The images are grouped by the Constellation release they were built for. Choose the newest debugd image for your release with the naming scheme constellation-<commit-timestamp>.

debugd Azure Image

Azure debug images are grouped by the Constellation release they were built for. Run the following command to get a list of all constellation debugd images for release v1.5.0, sorted by their creation date:

RELEASE=v1.5.0
az sig image-version list --resource-group constellation-images --gallery-name Constellation_Debug --gallery-image-definition ${RELEASE} --query "sort_by([], &publishingProfile.publishedDate)[].id" -o table

Choose the newest debugd image and copy the full URI.