constellation/debugd
Otto Bittner 7cada2c9e8 Add goleak to all tests (#227)
* Run goleak as part of all tests
We are already using goleak in various tests.
This commit adds a TestMain to all remaining tests
and calls goleak.VerifyTestMain in them.
* Add goleak to debugd/deploy package and fix bug.
* Run go mod tidy
* Fix integration tests
* Move goleak invocation for mount integration test
* Ignore leak in state integration tests

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 15:24:36 +02:00
..
cdbg AB#2033 Remove redundant "failed" in error wrapping 2022-06-22 12:02:10 +01:00
coordinator Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
debugd Add goleak to all tests (#227) 2022-06-30 15:24:36 +02:00
service Update to latest grpc generator 2022-05-04 08:48:31 +02:00
README.md Feat/measurements in e2e (#218) 2022-06-20 10:30:59 +02:00

debug daemon (debugd)

Build cdbg

mkdir -p build
cmake ..
make cdbg

debugd & cdbg usage

With cdbg and yq installed in your path:

  1. Write the configuration file for cdbg cdbg-conf.yaml:

    cdbg:
      authorizedKeys:
        - username: my-username
          publicKey: ssh-rsa AAAAB…LJuM=
      coordinatorPath: "./coordinator"
      systemdUnits:
        - name: some-custom.service
          contents: |-
            [Unit]
            Description=…        
    
  2. Run constellation config generate to create a new default configuration

  3. Locate the latest debugd images for GCP and Azure

  4. Modify the constellation-conf.yaml to use an image with the debugd already included and add required firewall rules:

    # Set timestamp from cloud provider image name
    export TIMESTAMP=01234
    
    yq -i \
        "(.provider | select(. | has(\"azure\")).azure.image) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/CONSTELLATION-IMAGES/providers/Microsoft.Compute/galleries/Constellation/images/constellation-coreos-debugd/versions/0.0.${TIMESTAMP}\"" \
        constellation-conf.yaml
    
    yq -i \
        "(.provider | select(. | has(\"gcp\")).gcp.image) = \"projects/constellation-images/global/images/constellation-coreos-debugd-${TIMESTAMP}\"" \
        constellation-conf.yaml
    
    yq -i \
        ".ingressFirewall += {
            \"name\": \"debugd\",
            \"description\": \"debugd default port\",
            \"protocol\": \"tcp\",
            \"iprange\": \"0.0.0.0/0\",
            \"fromport\": 4000,
            \"toport\": 0
        }" \
        constellation-conf.yaml
    
  5. Run constellation create […]

  6. Run ./cdbg deploy

  7. Run constellation init […] as usual

debugd GCP image

For GCP, run the following command to get a list of all constellation debug images, sorted by their creation date:

gcloud compute images list --filter="name~'constellation-coreos-debugd.+'" --sort-by=creationTimestamp --project constellation-images

Choose the newest debugd image with the naming scheme constellation-coreos-debugd-<timestamp>.

debugd Azure Image

For Azure, run the following command to get a list of all constellation debugd images, sorted by their creation date:

az sig image-version list --resource-group constellation-images --gallery-name Constellation --gallery-image-definition constellation-coreos-debugd --query "sort_by([], &publishingProfile.publishedDate)[].id" -o table

Choose the newest debugd image and copy the full URI.