Skip to content

Commit

Permalink
feat: prototype a custom qemu constellation build
Browse files Browse the repository at this point in the history
  • Loading branch information
@revoltez
revoltez committed Mar 3, 2024
1 parent f2c72f5 commit 5f5d2fa
Show file tree
Hide file tree
Showing 11 changed files with 62 additions and 1 deletion.
0 test/e2e/constellation/eth/anvil.yml → ...tellation/miniconstellation/eth/anvil.yml
View file
File renamed without changes.
0 test/e2e/constellation/helmfile.yaml → ...tellation/miniconstellation/helmfile.yaml
View file
File renamed without changes.
0 test/e2e/constellation/ipfs/ipfs.yml → ...tellation/miniconstellation/ipfs/ipfs.yml
View file
File renamed without changes.
0 ...e2e/constellation/ipfs/serviceaccount.yml → ...miniconstellation/ipfs/serviceaccount.yml
View file
File renamed without changes.
0 test/e2e/constellation/keda/ingress.yml → ...lation/miniconstellation/keda/ingress.yml
View file
File renamed without changes.
0 test/e2e/constellation/loki/values.yml → ...llation/miniconstellation/loki/values.yml
View file
File renamed without changes.
0 test/e2e/constellation/run-test.sh → ...nstellation/miniconstellation/run-test.sh
View file
File renamed without changes.
0 ...stellation/trustedpods/serviceaccount.yml → ...stellation/trustedpods/serviceaccount.yml
View file
File renamed without changes.
0 .../constellation/trustedpods/tpodserver.yml → ...iconstellation/trustedpods/tpodserver.yml
View file
File renamed without changes.
61 changes: 61 additions & 0 deletions test/e2e/constellation/qemu/run-test.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
#!/bin/sh

# Check the number of arguments
if [ "$#" -lt 2 ]; then
echo "Usage: $0 <helm-chart-path> <constellation-path>"
exit 1
fi

current_dir=$(pwd)

# Generate helm template and inject it into constellation base image
helmfile template -f $1 > $2/image/base/mkosi.skeleton/usr/lib/helmfile-template

# cleanup leftover
cd $current_dir
cd constell-cluster
constellation terminate
cd $current_dir
sudo rm -r constell-cluster 2>/dev/null
mkdir constell-cluster

cd $2
# Get go dependecies
bazel run //:tidy

# Build the image
bazel build //image/system:qemu_stable

# Get the new image measurements
link=$(readlink -f bazel-out/k8-opt/bin/image/system/qemu_qemu-vtpm_stable)
output=$(bazel run --run_under="sudo -E" //image/measured-boot/cmd $link/constellation.raw $current_dir/custom-measurements.json 2>&1)

# Extract relevant PCR values
PCR4=$(echo "$output" | sed -n '/PCR\[ *4\]/ s/.*: \(.*\)/\1/p')
PCR9=$(echo "$output" | sed -n '/PCR\[ *9\]/ s/.*: \(.*\)/\1/p')
PCR11=$(echo "$output" | sed -n '/PCR\[ *11\]/ s/.*: \(.*\)/\1/p')

echo "PCR4: $PCR4"
echo "PCR9: $PCR9"
echo "PCR11: $PCR11"

cd "$current_dir"
cd constell-cluster

constellation config generate qemu

# Replace the values in the configuration file
sed -i.bak -e "/^\s*4:/ {n;s/\( *expected: \).*$/\1$PCR4/}" \
-e "/^\s*9:/ {n;s/\( *expected: \).*$/\1$PCR9/}" \
-e "/^\s*11:/ {n;s/\( *expected: \).*$/\1$PCR11/}" constellation-conf.yaml
# Replace the control plance count & nodes to 1
sed -i 's/initialCount: [0-9]*/initialCount: 1/' "constellation-conf.yaml"

output=$(constellation version)
version=$(echo "$output" | grep -oP 'Version:\s+\K\S+' | head -n 1)

# Copy the image & rename it to the current constellation version to bypass downloading upstream image
cp $link/constellation.raw "$version.raw"

# Start the constellation cluster
constellation apply -y
2 changes: 1 addition & 1 deletion test/integration/lifecycle/devserver/devserver.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ spec:
spec:
containers:
- name: devserver
image: host.minikube.internal:5000/comradecoop/apocryph/devserver
image: ghcr.io/comrade-coop/apocryph/server:master
env:
- name: SERVER_PORT
value: "8090"
Expand Down

0 comments on commit 5f5d2fa

Please sign in to comment.