f16ccf5679
keyservice joinservice upgrade-agent measurement-reader debugd disk-mapper rewrote joinservice main rewrote some unit tests rewrote upgrade-agent + some grpc functions rewrote measurement-reader rewrote debugd removed unused import removed forgotten zap reference in measurements reader rewrote disk-mapper + tests rewrote packages verify disk-mapper malicious join bootstrapper attestationconfigapi versionapi internal/cloud/azure disk-mapper tests image/upload/internal/cmd rewrote verify (WIP with loglevel increase) rewrote forgotten zap references in disk-mapper rewrote malicious join rewrote bootstrapper rewrote parts of internal/ rewrote attestationconfigapi (WIP) rewrote versionapi cli rewrote internal/cloud/azure rewrote disk-mapper tests (untested by me rn) rewrote image/upload/internal/cmd removed forgotten zap references in verify/cmd rewrote packages hack/oci-pin hack/qemu-metadata-api debugd/internal/debugd/deploy hack/bazel-deps-mirror cli/internal/cmd cli-k8s-compatibility rewrote hack/qemu-metadata-api/server rewrote debugd/internal/debugd/deploy rewrote hack/bazel-deps-mirror rewrote rest of hack/qemu-metadata-api rewrote forgotten zap references in joinservice server rewrote cli/internal/cmd rewrote cli-k8s-compatibility rewrote packages internal/staticupload e2d/internal/upgrade internal/constellation/helm internal/attestation/aws/snp internal/attestation/azure/trustedlaunch joinservice/internal/certcache/amkds some missed unit tests rewrote e2e/internal/upgrade rewrote internal/constellation/helm internal/attestation/aws/snp internal/attestation/azure/trustedlaunch joinservice/internal/certcache/amkds search and replace test logging over all left *_test.go |
||
|---|---|---|
| .. | ||
| cmd | ||
| filebeat | ||
| internal | ||
| logstash | ||
| metricbeat | ||
| service | ||
| README.md | ||
debug daemon (debugd)
Debugd is a tool we built to allow for shorter iteration cycles during development.
The debugd gets embedded into OS images at the place where the bootstrapper normally sits.
Therefore, when a debug image is started, the debugd starts executing instead of the bootstrapper.
The debugd will then wait for a request from the cdbg tool to upload a bootstrapper binary.
Once the upload is finished debugd will start the bootstrapper.
Subsequently you can initialize your cluster with constellation apply as usual.
Build cdbg
The cdbg tool is part of the //:devbuild target, if you follow the generic build instructions at build-develop-deploy.
If you need to build cdbg standalone for your current platform, you can run
bazel build //debugd/cmd/cdbg:cdbg_host
debugd & cdbg usage
Follow the debug-cluster workflow to deploy a bootstrapper with cdbg and debugd.
Logcollection to Opensearch
You can enable the logcollection of debugd to send logs to Opensearch.
On Azure, ensure your user assigned identity has the Key Vault Secrets User role assigned on the key vault opensearch-creds.
On AWS, attach the SecretManagerE2E policy to your control-plane and worker node role.
When deploying with cdbg, enable by setting the logcollect=true and your name logcollect.admin=yourname.
./cdbg deploy --info logcollect=true,logcollect.admin=yourname
# OR
./cdbg deploy --info logcollect=true --info logcollect.admin=yourname
Other available fields can be found in the filed list
For QEMU, the credentials for Opensearch must be parsed via the info flag as well:
./cdbg deploy \
--info logcollect=true \
--info logcollect.admin=yourname \
--info qemu.opensearch-pw='xxxxxxx'
Remember to use single quotes for the password.
You will also need to increase the memory size of QEMU to 4GB.