Constellation-OS Assembler
This container image uses coreos assembler as a base (quay.io/coreos-assembler/coreos-assembler
) to facilitate a build environment for the Constellation-OS.
The root filesystem takes its contents (OSTree) from constellation-fedora-coreos-config.
The constellation specific changes are tracked in this repository: https://github.com/edgelesssys/constellation-coreos-assembler
And the Constellation-OS Assembler can be pulled from ghcr.io/edgelesssys/constellation-coreos-assembler
Setup
Prerequisites: podman
and qemu-kvm
are installed, nested virtualization is enabled.
Make sure your user is allowed read and write access on /dev/kvm
.
If the device is not mounted in the container try the following command, and restart the container:
sudo chmod 666 /dev/kvm
Using the Assembler to create a bootable operating system
- Create the assembler image as described here
- Source the
fcos/.env
file to enable thecosa
bash alias:source fcos/.env
- Set the
COORDINATOR_BINARY
environment variable to a path of the compiled coordinator binary. It will be mounted in the cosa container and copied into the resulting coreos image.COORDINATOR_BINARY="/path/to/coordinator"
- Go into the build folder and initialize cosa:
cd fcos/build cosa init https://github.com/edgelesssys/constellation-fedora-coreos-config cosa fetch
- Build the OS image:
cosa build
- Create an image for a cloud provider
cosa buildextend-gcp cosa buildextend-aws cosa buildextend-azure [...]
Using a locally checked out git repo of the coreos-config during development
Simply set the environment variable COREOS_ASSEMBLER_CONFIG_GIT
to the local folder and perform the rest of the steps as usual:
COREOS_ASSEMBLER_CONFIG_GIT=/path/to/constellation-fedora-coreos-config