-
Notifications
You must be signed in to change notification settings - Fork 1
/
check_prerequisites.sh
executable file
·178 lines (149 loc) · 7.49 KB
/
check_prerequisites.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
#!/usr/bin/env bash
set -e
export VERSION=${VERSION:-latest}
export CAS_VERSION=${CAS_VERSION:-$VERSION}
export RED='\e[31m'
export BLUE='\e[34m'
export ORANGE='\e[33m'
export NC='\e[0m' # No Color
export SCONECTL_REPO=${SCONECTL_REPO:="registry.scontain.com/sconectl"}
export CAS=${CAS:="cas"}
export CAS_NAMESPACE=${CAS_NAMESPACE:="default"}
# print an error message on an error exiting
trap 'last_command=$current_command; current_command=$BASH_COMMAND' DEBUG
trap 'if [ $? -ne 0 ]; then echo "${RED}\"${last_command}\" command failed - exiting.${NC}"; fi' EXIT
function error_exit() {
trap 'echo -e "${RED}Exiting with error.${NC}"' EXIT
exit 1
}
echo -e "${BLUE}Checking that we have access to sconectl${NC}"
if ! command -v sconectl &> /dev/null
then
echo -e "${ORANGE}No sconectl found! Installing sconectl!${NC}"
echo -e "${ORANGE}Ensuring that we have access to a new Rust installation${NC}"
if ! command -v rustup &> /dev/null
then
echo -e "${ORANGE}No Rust found! Installing Rust!${NC}"
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
else
echo -e "${ORANGE}Ensuring Rust is up to date${NC}"
rustup update
fi
if ! command -v cc &> /dev/null
then
echo -e "${RED} No (g)cc found! Installing sconectl is likely to fail!${NC}"
echo -e "${ORANGE} On Ubuntu, you can install gcc as follows: sudo apt-get install -y build-essential ${NC}"
fi
cargo install sconectl
fi
echo -e "${BLUE}Checking that we have access to docker${NC}"
if ! command -v docker &> /dev/null
then
echo -e "${RED}No docker found! You need to install docker or podman. EXITING.${NC}"
error_exit
fi
echo -e "${BLUE}Checking that we run applications with docker without sudo${NC}"
if ! docker run --network=host --platform linux/amd64 --rm hello-world &> /dev/null
then
echo -e "${RED}Docker does not seem to run."
echo -e "Please ensure that you can run docker without sudo: https://docs.docker.com/engine/install/linux-postinstall/."
echo -e "Ensure that command 'docker run hello-world' runs without problems${NC}"
error_exit
fi
echo -e "${BLUE}Checking that we can run container images for linux/amd64${NC}"
if ! docker run --network=host --platform linux/amd64 --rm hello-world &> /dev/null
then
echo -e "${RED}Docker does not seem to support argument '--platform linux/amd64'"
echo -e "Please ensure that you can run the latest version of docker (i.e., API version >= 1.40)"
VERSIONS=$(docker version | grep "API version" | awk '{ print $3}')
for i in $VERSIONS ; do
if [[ "$i" < "1.40" ]] ; then
echo "Your docker API version is only '$i'."
error_exit
fi
done
echo -e "Please determine the version number with 'docker version' and update.${NC}"
error_exit
fi
echo -e "${BLUE}Checking that you can pull the images ${NC}"
if ! docker pull --platform linux/amd64 $SCONECTL_REPO/check_cpufeatures:${VERSION} &> /dev/null
then
echo -e "${RED}Docker does NOT seem to be able to pull the required container images ($SCONECTL_REPO/check_cpufeatures:${VERSION}).${NC}"
echo -e "- ${ORANGE}1. Register an account with your company email at https://gitlab.scontain.com/users/sign_up.${NC}"
echo -e "- ${ORANGE}2. Create an access token https://sconedocs.github.io/registry/#create-an-access-token${NC}"
echo -e "- ${ORANGE}3. Log into your docker engine https://sconedocs.github.io/registry/#docker-login${NC}"
error_exit
fi
echo -e "${BLUE}Checking that we the CPU has all necessary CPU features enabled${NC}"
if ! docker run --network=host --platform linux/amd64 -e SCONE_PRODUCTION=0 -e SCONE_NO_TIME_THREAD=1 --rm $SCONECTL_REPO/check_cpufeatures:${VERSION} &> /dev/null
then
echo -e "${RED}Docker does not seem to support all CPU features.${NC}"
echo -e "- ${ORANGE}Assuming you do not run on a modern Intel CPU. Please ensure that you pass the following options to qemu: -cpu qemu64,+ssse3,+sse3,+sse4.1,+sse4.2,+rdrand,+popcnt,+xsave,+aes${NC}"
echo "Sconfication will most likely fail! Please run in an Virtual Machine."
fi
echo -e "${BLUE}Checking that we have access to kubectl${NC}"
if ! command -v kubectl &> /dev/null
then
echo -e "${RED}Command 'kubectl' not found!${NC}"
echo -e "- ${ORANGE}Please install - see https://kubernetes.io/docs/tasks/tools/${NC}"
error_exit
fi
echo -e "${BLUE}Checking that we have access to helm${NC}"
if ! command -v helm &> /dev/null
then
echo -e "${RED}Command 'helm' not found!${NC}"
echo -e "- ${ORANGE}Please install - see https://helm.sh/docs/intro/install/${NC}"
error_exit
fi
echo -e "${BLUE}Checking that we have access to envsubst${NC}"
if ! command -v envsubst &> /dev/null
then
echo -e "${RED}Command 'envsubst' not found!${NC}"
echo -e "- ${ORANGE}Please install envsubst${NC}"
error_exit
fi
echo -e "${BLUE}Checking that directory $HOME/.scone exits${NC}"
if [[ ! -e "$HOME/.scone" ]] ; then
echo -e " - Creating directory $HOME/.scone"
mkdir -p "$HOME/.scone" || ( echo -e "${RED}Failed to create $HOME/.scone${NC}" ; error_exit)
fi
echo -e "${BLUE}Making sure that $HOME/.scone can be written by all. ${NC}"
echo -e " ${BLUE}This is needed since we might have a different user ID inside of a container${NC}"
chmod 0777 "$HOME/.scone" || ( echo -e "${RED}Failed to create $HOME/.scone$.\n Maybe, run 'sudo chmod 0777 $HOME/.scone'{NC}" ; error_exit)
echo -e "${BLUE}Checking that you have access to a Kubernetes cluster. ${NC}"
if ! kubectl get pods &> /dev/null
then
echo -e "${RED}It seems that you do not have access to a Kubernetes cluster!${NC}"
echo -e "- ${ORANGE}Please ensure that you have access to a Kubernetes cluster${NC}"
error_exit
fi
echo -e "${BLUE}Checking that you have the local attestation service, the SGX Plugin, and the image pull secrets installed${NC}"
if ! ((kubectl get las | grep HEALTHY) && (kubectl get sgxplugin | grep HEALTHY))
then
echo -e "${RED}It seems the Kubernetes cluster is not yet properly initialized!${NC}"
echo -e "- ${ORANGE}1. Retrieve/create an access token https://sconedocs.github.io/registry/#create-an-access-token${NC}"
echo -e "- ${ORANGE}2. Install the SCONE operator: https://sconedocs.github.io/2_operator_installation/"
echo -e "- ${ORANGE}3. Install SGXPlugin, LAS, and CAS: https://sconedocs.github.io/4_quickstart/${NC}"
error_exit
fi
echo -e "${BLUE}Checking if the CAS '$CAS' in namespace '$CAS_NAMESPACE' is installed${NC}"
if ! (kubectl get cas "$CAS" -n "$CAS_NAMESPACE" )
then
echo -e "${RED}It seems that CAS '$CAS' in namespace '$CAS_NAMESPACE' is not yet running!${NC}"
error_exit
fi
STATUS=$(kubectl get cas "$CAS" -n "$CAS_NAMESPACE" --output=json | jq '.status.state' || echo "CAS NOT YET RUNNING")
echo -e "${BLUE}Checking health status of CAS '$CAS' in namespace '$CAS_NAMESPACE' is installed${NC}"
if ! [[ "$STATUS" == "\"HEALTHY\"" ]]
then
echo -e "${RED}It seems that CAS '$CAS' in namespace '$CAS_NAMESPACE' is not healthy: status is $STATUS${NC}"
echo -e "- ${ORANGE}- You can install cas as follows: kubectl provision cas $CAS $CAS_NAMESPACE -v${NC}"
error_exit
fi
echo -e "${BLUE}Checking health status of CAS '$CAS' in namespace '$CAS_NAMESPACE' is provisioned${NC}"
if ! VERSION="$CAS_VERSION" kubectl provision cas "$CAS" -n "$CAS_NAMESPACE" --is-provisioned
then
echo -e "${RED}It seems that CAS '$CAS' in namespace '$CAS_NAMESPACE' is not yet provisioned${NC}"
echo -e "- ${ORANGE}- You can provision this cas as follows: kubectl provision cas $CAS $CAS_NAMESPACE -v${NC}"
error_exit
fi