Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

experimental support for OpenStack #1443

Merged
merged 13 commits into from
Mar 21, 2023
Merged

experimental support for OpenStack #1443

merged 13 commits into from
Mar 21, 2023

Conversation

malt3
Copy link
Contributor

@malt3 malt3 commented Mar 17, 2023
edited

Proposed change(s)

  • use dummy attestation for OpenStack (temporary change while building OpenStack support)
  • use OpenStack metadata api clients in debugd and bootstrapper
  • enable constellation init for OpenStack
  • add CCM image for OpenStack
  • add helm charts for OpenStack
  • add helm chart tests for AWS and OpenStack

Additional info

Checklist

  • Update docs
  • Add labels (e.g., for changelog category)
  • Link to Milestone

@malt3 malt3 force-pushed the feat/openstack/dummy-attestation branch 2 times, most recently from ae4abfe to 8cd50b1 Compare March 17, 2023 10:01
@malt3
Copy link
Contributor Author

malt3 commented Mar 17, 2023

I'm seeing two issues when trying constellation init on OpenStack:

  • bootstrapper always tries to open the vtpm to check if node was already bootstrapped
  • cert-manager does not get ready in time

You can use this patch for testing (it is valid for OpenStack tests but cannot go into main):

diff --git a/bootstrapper/cmd/bootstrapper/run.go b/bootstrapper/cmd/bootstrapper/run.go
index 0a6639b2..b74b91a8 100644
--- a/bootstrapper/cmd/bootstrapper/run.go
+++ b/bootstrapper/cmd/bootstrapper/run.go
@@ -46,7 +46,8 @@ func run(issuer atls.Issuer, tpm vtpm.TPMOpenFunc, fileHandler file.Handler,
 
        nodeBootstrapped, err := vtpm.IsNodeBootstrapped(tpm)
        if err != nil {
-               log.With(zap.Error(err)).Fatalf("Failed to check if node was previously bootstrapped")
+               // TODO(malt3): convert back to error
+               log.With(zap.Error(err)).Warnf("Failed to check if node was previously bootstrapped")
        }
 
        if nodeBootstrapped {
diff --git a/bootstrapper/internal/helm/helm.go b/bootstrapper/internal/helm/helm.go
index a1491c2e..3abd5039 100644
--- a/bootstrapper/internal/helm/helm.go
+++ b/bootstrapper/internal/helm/helm.go
@@ -85,7 +85,8 @@ func (h *Client) InstallCertManager(ctx context.Context, release helm.Release) e
        h.Timeout = 10 * time.Minute
 
        if err := h.install(ctx, release.Chart, release.Values); err != nil {
-               return err
+               // TODO(malt3): Remove this once cert-manager is stable.
+               h.log.With(zap.Error(err)).Warnf("failed to install cert-manager")
        }
 
        return nil

@malt3 malt3 force-pushed the feat/openstack/dummy-attestation branch from 8cd50b1 to 9d67708 Compare March 17, 2023 10:11
@edgelesssys edgelesssys deleted a comment from netlify bot Mar 17, 2023
@edgelesssys edgelesssys deleted a comment from netlify bot Mar 17, 2023
@edgelesssys edgelesssys deleted a comment from netlify bot Mar 17, 2023
@malt3 malt3 marked this pull request as ready for review March 17, 2023 12:40
katexochen
katexochen requested changes Mar 20, 2023
View reviewed changes
Copy link
Member

@katexochen katexochen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewed up to and including d6fdd29

internal/cloud/openstack/openstack.go Show resolved Hide resolved
internal/cloud/openstack/openstack_test.go Outdated Show resolved Hide resolved
internal/cloud/openstackshared/accountkey.go Outdated Show resolved Hide resolved
internal/cloud/openstackshared/accountkey.go Outdated Show resolved Hide resolved
@3u13r
Copy link
Member

3u13r commented Mar 20, 2023

Tested with the additional patch from the comment ✔️. Code LGTM after Paul's changes.

@malt3 malt3 force-pushed the feat/openstack/dummy-attestation branch from 31371c6 to 5050188 Compare March 21, 2023 08:48
katexochen
katexochen approved these changes Mar 21, 2023
View reviewed changes
Copy link
Member

@katexochen katexochen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. We should work on adding openstack e2e tests next.

@malt3 malt3 added the feature This introduces new functionality label Mar 21, 2023
@malt3 malt3 force-pushed the feat/openstack/dummy-attestation branch from 5050188 to f3556b1 Compare March 21, 2023 09:39
@malt3 malt3 merged commit c7fdeb4 into main Mar 21, 2023
@malt3 malt3 deleted the feat/openstack/dummy-attestation branch March 21, 2023 09:51
@malt3 malt3 changed the title openstack: implement constellation init openstack: add support for constellation init Mar 21, 2023
@malt3 malt3 changed the title openstack: add support for constellation init Add support for constellation init on OpenStack Mar 21, 2023
@malt3 malt3 changed the title Add support for constellation init on OpenStack experimental support for OpenStack Mar 27, 2023
@katexochen katexochen removed the feature This introduces new functionality label Apr 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katexochen katexochen katexochen approved these changes

@derpsteb derpsteb Awaiting requested review from derpsteb derpsteb is a code owner

@3u13r 3u13r Awaiting requested review from 3u13r 3u13r is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@malt3 @3u13r @katexochen