d1ace13713
* Remove `--config` and `--master-secret` falgs * Add `--workspace` flag * In CLI, only work on files with paths created from `cli/internal/cmd` * Properly print values for GCP on IAM create when not directly updating the config --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> |
||
---|---|---|
.. | ||
cmd | ||
internal | ||
service | ||
README.md |
debug daemon (debugd)
Debugd is a tool we built to allow for shorter iteration cycles during development.
The debugd gets embedded into OS images at the place where the bootstrapper normally sits.
Therefore, when a debug image is started, the debugd starts executing instead of the bootstrapper.
The debugd will then wait for a request from the cdbg
tool to upload a bootstrapper binary.
Once the upload is finished debugd will start the bootstrapper.
Subsequently you can initialize your cluster with constellation init
as usual.
Build cdbg
mkdir -p build
cmake ..
make cdbg
debugd & cdbg usage
Before continuing, remember to set up your cloud credentials for the CLI to work.
With cdbg
and yq
installed in your path:
-
Run
constellation config generate
to create a new default configuration -
Locate the latest debugd images by running
(cd internal/api/versionsapi/cli && go build -o versionsapi . && ./versionsapi latest --ref main --stream debug)
-
Modify the
constellation-conf.yaml
to use an image with the debugd already included and add required firewall rules:# Set full reference of cloud provider image name export IMAGE_URI=
yq -i \ ".image = \"${IMAGE_URI}\" | \ .debugCluster = true" \ constellation-conf.yaml
-
Run
constellation create […]
-
Run
./cdbg deploy
By default,
cdbg
searches for the bootstrapper in the current path (./bootstrapper
). You can define a custom path by appending the argument--bootstrapper <path to bootstrapper>
tocdbg deploy
. -
Run
constellation init […]
as usual
Logcollection to Opensearch
You can enable the logcollection of debugd to send logs to Opensearch.
On Azure, ensure your user assigned identity has the Key Vault Secrets User
role assigned on the key vault opensearch-creds
.
On AWS, attach the SecretManagerE2E
policy to your control-plane and worker node role.
When deploying with cdbg, enable by setting the logcollect=true
and your name logcollect.admin=yourname
.
./cdbg deploy --info logcollect=true,logcollect.admin=yourname
# OR
./cdbg deploy --info logcollect=true --info logcollect.admin=yourname
Other available fields can be found in the filed list
For QEMU, the credentials for Opensearch must be parsed via the info flag as well:
./cdbg deploy \
--info logcollect=true \
--info logcollect.admin=yourname \
--info qemu.opensearch-pw='xxxxxxx'
Remember to use single quotes for the password.
You will also need to increase the memory size of QEMU to 4GB.