constellation/debugd
Fabian Kammel d856b0cd86 Feat/measurements in e2e (#218)
* Make e2e pipeline use the latest image available.

* Use pcr-reader to read & store measurements.

* buildvcs false in ci

* only notify teams on main

* plain yq syntax, since if already checks for csp

* previous version of yq requires explicit eval

* fix pcr-reader call

* actually pass variable between jobs

* fix typo

* Make order of images consistent.

* read measurements after create

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-20 10:30:59 +02:00
..
cdbg Move cli/cloud/cloudtypes into /internal 2022-06-08 11:59:23 +02:00
coordinator Ref/want err from err expected (#82) 2022-04-26 16:54:05 +02:00
debugd constellation-access-manager: Persistent SSH as ConfigMap (#184) 2022-06-13 16:23:19 +02:00
service Update to latest grpc generator 2022-05-04 08:48:31 +02:00
README.md Feat/measurements in e2e (#218) 2022-06-20 10:30:59 +02:00

debug daemon (debugd)

Build cdbg

mkdir -p build
cmake ..
make cdbg

debugd & cdbg usage

With cdbg and yq installed in your path:

  1. Write the configuration file for cdbg cdbg-conf.yaml:

    cdbg:
      authorizedKeys:
        - username: my-username
          publicKey: ssh-rsa AAAAB…LJuM=
      coordinatorPath: "./coordinator"
      systemdUnits:
        - name: some-custom.service
          contents: |-
            [Unit]
            Description=…        
    
  2. Run constellation config generate to create a new default configuration

  3. Locate the latest debugd images for GCP and Azure

  4. Modify the constellation-conf.yaml to use an image with the debugd already included and add required firewall rules:

    # Set timestamp from cloud provider image name
    export TIMESTAMP=01234
    
    yq -i \
        "(.provider | select(. | has(\"azure\")).azure.image) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/CONSTELLATION-IMAGES/providers/Microsoft.Compute/galleries/Constellation/images/constellation-coreos-debugd/versions/0.0.${TIMESTAMP}\"" \
        constellation-conf.yaml
    
    yq -i \
        "(.provider | select(. | has(\"gcp\")).gcp.image) = \"projects/constellation-images/global/images/constellation-coreos-debugd-${TIMESTAMP}\"" \
        constellation-conf.yaml
    
    yq -i \
        ".ingressFirewall += {
            \"name\": \"debugd\",
            \"description\": \"debugd default port\",
            \"protocol\": \"tcp\",
            \"iprange\": \"0.0.0.0/0\",
            \"fromport\": 4000,
            \"toport\": 0
        }" \
        constellation-conf.yaml
    
  5. Run constellation create […]

  6. Run ./cdbg deploy

  7. Run constellation init […] as usual

debugd GCP image

For GCP, run the following command to get a list of all constellation debug images, sorted by their creation date:

gcloud compute images list --filter="name~'constellation-coreos-debugd.+'" --sort-by=creationTimestamp --project constellation-images

Choose the newest debugd image with the naming scheme constellation-coreos-debugd-<timestamp>.

debugd Azure Image

For Azure, run the following command to get a list of all constellation debugd images, sorted by their creation date:

az sig image-version list --resource-group constellation-images --gallery-name Constellation --gallery-image-definition constellation-coreos-debugd --query "sort_by([], &publishingProfile.publishedDate)[].id" -o table

Choose the newest debugd image and copy the full URI.