Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-19 15:56:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
ebb8d7ca96
constellation/terraform/libvirt
History
Otto Bittner ef26917c5e AB#2369: Use contributing.md as ToC for dev docs. 
* Structure content into typical sections and
split into separate files.
* Also document how to locally create measurements

Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-08 16:08:42 +02:00
..
modules/instance_group Add machine variable to terraform module (#179) 2022-05-30 10:29:34 +02:00
main.tf update qemu metadata image version and use correct CSP name in qemu state (#377) 2022-08-18 15:59:01 +02:00
outputs.tf terraform template libvirt 2022-05-25 10:30:58 +02:00
README.md AB#2369: Use contributing.md as ToC for dev docs. 2022-09-08 16:08:42 +02:00
variables.tf AB#1915 Local PCR calculation (#243) 2022-07-04 12:59:43 +02:00

README.md

Auotmated local image testing with QEMU / libvirt / terraform

Usage

Prerequisite:

Optional: Write a terraform.tfvars file in the terraform workspace (terraform/libvirt), defining required variables and overriding optional variables. See variables.tf for a description of all available variables.

constellation_coreos_image="/path/to/image.qcow2"
# optional other vars, uncomment and change as needed
# metadata_api_log_dir="path/to/folder/for/metadata"
# control_plane_count=3
# worker_count=2
# vcpus=2
# memory=2048
# state_disk_size=10
# ip_range_start=100
# machine="q35"

Create terraform resources from within terraform workspace (terraform/libvirt):

cd terraform/libvirt
terraform init
terraform plan
terraform apply

# set CONST_DIR to your constellation workspace
export TF_DIR=$(pwd)
export CONST_DIR=$(pwd)
go run ../../hack/terraform-to-state/create-state.go  "${TF_DIR}" "${CONST_DIR}"

# use constellation (everything after constellation create)
constellation config generate qemu
# run cdbg if using a debug image
cdbg deploy
constellation init

# cleanup
rm constellation-state.json constellation-mastersecret.base64 constellation-admin.conf wg0.conf
terraform destroy

Setup libvirt & Terraform

Ubuntu

General reference

# Install Terraform
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install terraform
# install libvirt, KVM and tools
sudo apt install qemu-kvm libvirt-daemon-system xsltproc
sudo systemctl enable libvirtd
sudo usermod -a -G libvirt $USER
# reboot
Fedora 
sudo dnf install -y dnf-plugins-core
sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
sudo dnf -y install terraform qemu-kvm libvirt-daemon-config-network libvirt-daemon-kvm xsltproc
sudo usermod -a -G libvirt $USER
# reboot

Change libvirt settings (on Ubuntu)

Open /etc/libvirt/qemu.conf and change the following settings:

security_driver = "none"

Then restart libvirt

sudo systemctl restart libvirtd

Setup emulated TPM (on Ubuntu)

Only works if swtpm is version 0.7 or newer! Ubuntu currently ships swtpm 0.6.3 so you need to install swtpm from launchpad.

  1. Uninstall current version of swtpm (if installed) 
    sudo apt remove swtpm swtpm-tools
  2. Add ppa (this command shows the ppa for Ubuntu 22.04 jammy but others are available) 
    sudo add-apt-repository ppa:stefanberger/swtpm-jammy
sudo apt update
  3. Install swtpm 
    sudo apt install swtpm swtpm-tools
  4. Patch configuration under /etc/swtpm_setup.conf 
    # Program invoked for creating certificates
create_certs_tool = /usr/bin/swtpm_localca
  5. Patch ownership of /var/lib/swtpm-localca 
    sudo chown -R swtpm:root /var/lib/swtpm-localca

Misc

  • List all domains: virsh list --all
  • Destroy domain with nvram: virsh undefine --nvram <name>