mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-02 18:44:49 -05:00

Use terraform in CLI to create QEMU cluster (#172 )

* Use terraform in CLI to create QEMU cluster

* Dont allow qemu creation on os/arch other than linux/amd64

* Allow usage of --name flag for QEMU resources

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

2022-09-26 15:52:31 +02:00

2.1 KiB

Raw Blame History

Local image testing with QEMU / libvirt

To create local testing clusters using QEMU, some prerequisites have to be met:

Setup libvirt

Ubuntu

Install required packages

General reference

sudo apt install qemu-kvm libvirt-daemon-system xsltproc
sudo systemctl enable libvirtd
sudo usermod -a -G libvirt $USER
# reboot

Setup emulated TPM

Using a virtual TPM (vTPM) with QEMU only works if swtpm is version 0.7 or newer! Ubuntu 22.04 currently ships swtpm 0.6.3, so you need to install swtpm from launchpad.

Uninstall current version of swtpm (if installed)
```
sudo apt remove swtpm swtpm-tools
```
Add ppa (this command shows the ppa for Ubuntu 22.04 jammy but others are available)
```
sudo add-apt-repository ppa:stefanberger/swtpm-jammy
sudo apt update
```
Install swtpm
```
sudo apt install swtpm swtpm-tools
```

Patch configuration under /etc/swtpm_setup.conf

# Program invoked for creating certificates
create_certs_tool = /usr/bin/swtpm_localca

Patch ownership of /var/lib/swtpm-localca

sudo chown -R swtpm:root /var/lib/swtpm-localca

Fedora

sudo dnf install -y dnf-plugins-core
sudo dnf -y install qemu-kvm libvirt-daemon-config-network libvirt-daemon-kvm xsltproc swtpm
sudo usermod -a -G libvirt $USER
# reboot

Update libvirt settings

Open /etc/libvirt/qemu.conf and change the following settings:

security_driver = "none"

Then restart libvirt

sudo systemctl restart libvirtd

Misc

List all domains: virsh list --all
Destroy domain with nvram: virsh undefine --nvram <name>

2.1 KiB Raw Blame History