Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podvm-mkosi: override kata-agent config path #1656

Merged
merged 1 commit into from
Jan 11, 2024
Merged

podvm-mkosi: override kata-agent config path #1656

merged 1 commit into from
Jan 11, 2024

Conversation

mkulke
Copy link
Contributor

@mkulke mkulke commented Jan 9, 2024
edited

fixes: #1637

blocked-by: confidential-containers/guest-components#429

On a podvm using an guest-components build from the PR, KATA_AGENT_CONFIG_PATH is set and picked up by attestation-agent and cdh:

$ cat /proc/$(pgrep -i attest)/environ | xargs --null echo
LANG=C.UTF-8 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin SYSTEMD_SULOGIN_FORCE=1 INVOCATION_ID=ad04b8c4ff6c4f2c8617dfcfed24c183 JOURNAL_STREAM=8:3090 SYSTEMD_EXEC_PID=552 KATA_AGENT_CONFIG_PATH=/run/peerpod/agent-config.toml RUST_BACKTRACE=full OCICRYPT_KEYPROVIDER_CONFIG=/tmp/ocicrypt_config.json

Verified w/ a kbs deployment that the mkosi-podvm performs a remote attestation.

Once this is the guest-components PR is merged, we need to bump its revision in versions.yaml

stevenhorsman
stevenhorsman approved these changes Jan 9, 2024
View reviewed changes
Copy link
Member

@stevenhorsman stevenhorsman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM (once the guest-components PR has merged and versions.yaml has bumped). Thanks!

@mkulke mkulke marked this pull request as ready for review January 11, 2024 15:53
@mkulke mkulke force-pushed the mkulke/adjust-mkosi-agent-path branch from 8504b86 to 4777c31 Compare January 11, 2024 15:56
@mkulke
podvm-mkosi: override kata-agent config path
fb264e2 
fixes: confidential-containers#1637

On a podvm using an guest-components build from the PR,
`KATA_AGENT_CONFIG_PATH` is set and picked up by attestation-agent and
cdh

Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
@mkulke mkulke force-pushed the mkulke/adjust-mkosi-agent-path branch from 4777c31 to fb264e2 Compare January 11, 2024 16:06
bpradipt
bpradipt approved these changes Jan 11, 2024
View reviewed changes
Copy link
Member

@bpradipt bpradipt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@mkulke mkulke merged commit 3979033 into confidential-containers:main Jan 11, 2024
16 checks passed
@mkulke mkulke deleted the mkulke/adjust-mkosi-agent-path branch January 11, 2024 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bpradipt bpradipt bpradipt approved these changes

@stevenhorsman stevenhorsman stevenhorsman approved these changes

@surajssd surajssd Awaiting requested review from surajssd

@katexochen katexochen Awaiting requested review from katexochen

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

podvm-mkosi: attestation-agent and cdh do not support /run
4 participants
@mkulke @bpradipt @stevenhorsman @katexochen