constellation/debugd
Daniel Weiße d1ace13713
cli: add --workspace flag to set base directory for Constellation workspace (#2148)
* Remove `--config` and `--master-secret` falgs

* Add `--workspace` flag

* In CLI, only work on files with paths created from `cli/internal/cmd`

* Properly print values for GCP on IAM create when not directly updating the config

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-04 13:53:51 +02:00
..
cmd deps: update dependency hermetic_cc_toolchain to v2.0.0 (#1860) 2023-06-09 17:39:30 +02:00
internal cli: add --workspace flag to set base directory for Constellation workspace (#2148) 2023-08-04 13:53:51 +02:00
service deps: update module github.com/sigstore/rekor to v1.2.2 (#2033) 2023-07-06 15:41:14 +02:00
README.md dev-docs: refactor and add information for newbies (#1912) 2023-06-19 17:39:43 +02:00

debug daemon (debugd)

Debugd is a tool we built to allow for shorter iteration cycles during development. The debugd gets embedded into OS images at the place where the bootstrapper normally sits. Therefore, when a debug image is started, the debugd starts executing instead of the bootstrapper. The debugd will then wait for a request from the cdbg tool to upload a bootstrapper binary. Once the upload is finished debugd will start the bootstrapper. Subsequently you can initialize your cluster with constellation init as usual.

Build cdbg

mkdir -p build
cmake ..
make cdbg

debugd & cdbg usage

Before continuing, remember to set up your cloud credentials for the CLI to work.

With cdbg and yq installed in your path:

  1. Run constellation config generate to create a new default configuration

  2. Locate the latest debugd images by running (cd internal/api/versionsapi/cli && go build -o versionsapi . && ./versionsapi latest --ref main --stream debug)

  3. Modify the constellation-conf.yaml to use an image with the debugd already included and add required firewall rules:

    # Set full reference of cloud provider image name
    export IMAGE_URI=
    
    yq -i \
        ".image = \"${IMAGE_URI}\" | \
        .debugCluster = true" \
        constellation-conf.yaml
    
  4. Run constellation create […]

  5. Run ./cdbg deploy

    By default, cdbg searches for the bootstrapper in the current path (./bootstrapper). You can define a custom path by appending the argument --bootstrapper <path to bootstrapper> to cdbg deploy.

  6. Run constellation init […] as usual

Logcollection to Opensearch

You can enable the logcollection of debugd to send logs to Opensearch.

On Azure, ensure your user assigned identity has the Key Vault Secrets User role assigned on the key vault opensearch-creds.

On AWS, attach the SecretManagerE2E policy to your control-plane and worker node role.

When deploying with cdbg, enable by setting the logcollect=true and your name logcollect.admin=yourname.

./cdbg deploy --info logcollect=true,logcollect.admin=yourname

# OR

./cdbg deploy --info logcollect=true --info logcollect.admin=yourname

Other available fields can be found in the filed list

For QEMU, the credentials for Opensearch must be parsed via the info flag as well:

./cdbg deploy \
    --info logcollect=true \
    --info logcollect.admin=yourname \
    --info qemu.opensearch-pw='xxxxxxx'

Remember to use single quotes for the password.

You will also need to increase the memory size of QEMU to 4GB.