From b12c8ebb4be0c3a74b29d727b7a9eb61a9244638 Mon Sep 17 00:00:00 2001 From: ghe0 Date: Fri, 21 Mar 2025 23:06:57 +0200 Subject: [PATCH] enable update process for VM hostname --- Cargo.lock | 2 +- scripts/detee-cli_injector.sh | 5 +++++ src/bin/detee-cli.rs | 6 ++++++ src/snp/cli_handler.rs | 2 ++ src/snp/deploy.rs | 1 - src/snp/injector.rs | 8 ++++---- src/snp/mod.rs | 22 +++++++++++----------- src/snp/update.rs | 35 ++++++++++++++++++++++------------- 8 files changed, 51 insertions(+), 30 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2625a75..6a50894 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1110,7 +1110,7 @@ dependencies = [ [[package]] name = "detee-shared" version = "0.1.0" -source = "git+ssh://git@gitea.detee.cloud/testnet/proto.git?branch=main#a874749fd5d7d8a5c964835f11bc8f97007f9f9e" +source = "git+ssh://git@gitea.detee.cloud/testnet/proto.git?branch=main#70e83dd0e982eeb491212c4a9d265df0b148fe24" dependencies = [ "base64", "prost", diff --git a/scripts/detee-cli_injector.sh b/scripts/detee-cli_injector.sh index 9902b9f..a0b1ada 100755 --- a/scripts/detee-cli_injector.sh +++ b/scripts/detee-cli_injector.sh @@ -24,6 +24,10 @@ if [[ -z "${MEASUREMENT}" ]]; then exit 1 fi +if [[ -z "${VM_HOSTNAME}" ]]; then + VM_HOSTNAME="detee-vm" +fi + server="$SERVER_ADDR" ssh_pubkey_dir="${HOME}/.detee/cli/vms/ssh" cert_dir="${HOME}/.detee/cli/vms/certs" @@ -155,6 +159,7 @@ if [[ -n "$DETEE_INSTALL_URL" ]] && [[ -n "$DETEE_INSTALL_URL" ]]; then --data-urlencode "url=${DETEE_INSTALL_URL}" \ -d "sha=${DETEE_INSTALL_SHA}" \ -d "keyfile=$(cat "$keyfile" | basenc --base64url -w 0)" \ + -d "hostname=${VM_HOSTNAME}" \ "https://dtrfs-api:${port}/install" || exit 1 else echo diff --git a/src/bin/detee-cli.rs b/src/bin/detee-cli.rs index 107f728..33e3fd3 100644 --- a/src/bin/detee-cli.rs +++ b/src/bin/detee-cli.rs @@ -436,6 +436,12 @@ fn clap_cmd() -> Command { .help("supply the uuid of the VM you wish to upgrade") .required(true) ) + .arg( + Arg::new("hostname") + .long("hostname") + .default_value("") + .help("change the hostname within the smart contract") + ) .arg( Arg::new("vcpus") .long("vcpus") diff --git a/src/snp/cli_handler.rs b/src/snp/cli_handler.rs index 3fa0089..05de386 100644 --- a/src/snp/cli_handler.rs +++ b/src/snp/cli_handler.rs @@ -88,12 +88,14 @@ fn handle_vm_list(update_vm_args: &ArgMatches) -> Result, B fn handle_vm_update(update_vm_args: &ArgMatches) -> Result> { let uuid = update_vm_args.get_one::("uuid").unwrap().clone(); + let hostname = update_vm_args.get_one::("hostname").unwrap().clone(); let memory = *update_vm_args.get_one::("memory").unwrap(); if memory > 0 && memory < 800 { log::error!("At least 800MB of memory must be assgined to the VM"); return Ok(SimpleOutput::from("")); } snp::update::Request::process_request( + hostname, &uuid, *update_vm_args.get_one::("vcpus").unwrap(), memory, diff --git a/src/snp/deploy.rs b/src/snp/deploy.rs index 29c7f85..bfa0534 100644 --- a/src/snp/deploy.rs +++ b/src/snp/deploy.rs @@ -81,7 +81,6 @@ impl Request { let args = new_vm_resp.args.ok_or(Error::NoMeasurement)?; let measurement_args = injector::Args { uuid: new_vm_resp.uuid.clone(), - hostname: self.hostname.clone(), vcpus: self.vcpus, kernel: kernel_sha, initrd: dtrfs_sha, diff --git a/src/snp/injector.rs b/src/snp/injector.rs index 6edf13f..4b80c49 100644 --- a/src/snp/injector.rs +++ b/src/snp/injector.rs @@ -5,7 +5,6 @@ use std::net::IpAddr; #[derive(Debug)] pub struct Args { pub uuid: String, - pub hostname: String, pub vcpus: u32, pub kernel: String, pub initrd: String, @@ -98,7 +97,7 @@ impl Args { ip_string = "detee_net_eth0=10.0.2.15_24_10.0.2.2 ".to_string() + &ip_string; } let admin_key = format!("detee_admin={} ", Config::get_detee_wallet()?); - let hostname = format!("detee_name={}", self.hostname); + let hostname = format!("detee_uuid={}", self.uuid); let params = format!("{}{}{}", ip_string, admin_key, hostname); debug!("Calculated kernel params for {} to: {}", self.uuid, params); Ok(params) @@ -109,7 +108,7 @@ pub fn execute( measurement: String, server_addr: String, os_template: Option<(&str, &str)>, - log_file_name: &str, + vm_hostname: &str, ) -> Result { let parsed_addr = match server_addr.parse::() { Ok(addr) => addr, @@ -125,7 +124,7 @@ pub fn execute( }; eprintln!("Injecting disk encryption key into VM. This will take a minute. Do not interrupt."); let (os_template_url, os_template_sha) = os_template.unwrap_or(("", "")); - let logs_path = Config::logs_dir()? + "/" + log_file_name; + let logs_path = Config::logs_dir()? + "/" + vm_hostname; log::info!("Logs will be saved to {}", logs_path); let logs_file = std::fs::File::create(logs_path.clone())?; let mut child_process = std::process::Command::new("detee-cli_injector.sh") @@ -134,6 +133,7 @@ pub fn execute( .env("DETEE_INSTALL_URL", os_template_url) .env("DETEE_INSTALL_SHA", os_template_sha) .env("MEASUREMENT", measurement) + .env("VM_HOSTNAME", vm_hostname) .stdout(logs_file.try_clone()?) .stderr(logs_file) .spawn()?; diff --git a/src/snp/mod.rs b/src/snp/mod.rs index 4ae1aa7..a68fa7c 100644 --- a/src/snp/mod.rs +++ b/src/snp/mod.rs @@ -396,12 +396,12 @@ pub fn calculate_nanolp( lazy_static! { static ref DEFAULT_DTRFS: Dtrfs = Dtrfs { - name: "dtrfs-6.13.6-arch1-1".to_string(), + name: "dtrfs-6.13.7-arch1-1".to_string(), vendor: "ghe0".to_string(), - dtrfs_url: "http://registry.detee.ltd/detee-archtop-6.13.6-arch1-1.cpio.gz".to_string(), - dtrfs_sha: "de48048fb42fe4054611f14e51ce175ca90645734fe41349642f036b8bca8fcd".to_string(), - kernel_url: "http://registry.detee.ltd/vmlinuz-linux-6.13.6-arch1-1".to_string(), - kernel_sha: "7efaca6c348cd4136afe3ece0beec346da713029347a0d4e71e12a0b91570de7".to_string() + dtrfs_url: "http://registry.detee.ltd/detee-archtop-6.13.7-arch1-1.cpio.gz".to_string(), + dtrfs_sha: "dc02e091da80c281fe735a1be86b3fe766f1741d82c32f5dc64344b345827c6d".to_string(), + kernel_url: "http://registry.detee.ltd/vmlinuz-linux-6.13.7-arch1-1".to_string(), + kernel_sha: "469a89668d2f5744b3f80417fcf0a4ce0140fcb78f1e8834ef8e3668eecc934c".to_string() }; static ref DEFAULT_ARCHLINUX: Distro = Distro { name: "archlinux_2025-02-21".to_string(), @@ -429,20 +429,20 @@ lazy_static! { name: "dtrfs-6.13.6-arch1-1".to_string(), vendor: "ghe0".to_string(), dtrfs_url: "http://registry.detee.ltd/detee-archtop-6.13.6-arch1-1.cpio.gz".to_string(), - dtrfs_sha: "83675cf2a27db526ec0705daf2606674778759fb33cdb8b1dfc4ddd623608806" + dtrfs_sha: "de48048fb42fe4054611f14e51ce175ca90645734fe41349642f036b8bca8fcd" .to_string(), kernel_url: "http://registry.detee.ltd/vmlinuz-linux-6.13.6-arch1-1".to_string(), kernel_sha: "7efaca6c348cd4136afe3ece0beec346da713029347a0d4e71e12a0b91570de7" .to_string() }, Dtrfs { - name: "dtrfs-6.13.4-arch1-1".to_string(), + name: "dtrfs-6.13.6-arch1-1".to_string(), vendor: "ghe0".to_string(), - dtrfs_url: "http://registry.detee.ltd/detee-archtop-6.13.4-arch1-1.cpio.gz".to_string(), - dtrfs_sha: "3f6b3e5740f249eedfb2f7248c521a551be8b2676f7fcb040f3f3bc840a5004b" + dtrfs_url: "http://registry.detee.ltd/detee-archtop-6.13.6-arch1-1.cpio.gz".to_string(), + dtrfs_sha: "83675cf2a27db526ec0705daf2606674778759fb33cdb8b1dfc4ddd623608806" .to_string(), - kernel_url: "http://registry.detee.ltd/vmlinuz-linux-6.13.4-arch1-1".to_string(), - kernel_sha: "3ec4fc5aa5729f515967ec71be4a851622785c0080f7191b1b07717149840151" + kernel_url: "http://registry.detee.ltd/vmlinuz-linux-6.13.6-arch1-1".to_string(), + kernel_sha: "7efaca6c348cd4136afe3ece0beec346da713029347a0d4e71e12a0b91570de7" .to_string() }, ]; diff --git a/src/snp/update.rs b/src/snp/update.rs index 4a53e1a..d471963 100644 --- a/src/snp/update.rs +++ b/src/snp/update.rs @@ -8,6 +8,7 @@ use log::{debug, info}; #[derive(Clone, Debug, Default, PartialEq)] pub struct Request { + hostname: String, vcpus: u32, memory_mb: u32, disk_size_gb: u32, @@ -16,6 +17,7 @@ pub struct Request { impl Request { pub fn process_request( + hostname: String, uuid: &str, vcpus: u32, memory_mb: u32, @@ -30,7 +32,7 @@ impl Request { Some(Dtrfs::load_from_file(path)?) } }; - let req = Self { vcpus, memory_mb, disk_size_gb, dtrfs }; + let req = Self { hostname, vcpus, memory_mb, disk_size_gb, dtrfs }; if req == Self::default() { log::info!("Skipping hardware upgrade (no arguments specified)."); return Ok(()); @@ -47,26 +49,32 @@ impl Request { return Err(Error::Node(update_vm_resp.error)); } - eprintln!("The node accepted the hardware modifications for the VM."); - let current_contract = block_on(grpc::get_contract_by_uuid(uuid))?; - debug!("Got the current contract for the VM after update. {current_contract:#?}"); + eprintln!("The modifications got approved. Proceeding with update..."); + let updated_contract = block_on(grpc::get_contract_by_uuid(uuid))?; + debug!("Got the current contract for the VM after update. {updated_contract:#?}"); + + if !(self.vcpus != 0 || self.dtrfs.is_some()) { + eprintln!("vCPUs and kernel did not get modified. Secret injection is not required."); + return Ok(()); + } let args = update_vm_resp.args.ok_or(Error::NoMeasurement)?; let measurement_args = injector::Args { uuid: update_vm_resp.uuid, - hostname: current_contract.hostname.clone(), - vcpus: current_contract.vcpus, - kernel: current_contract.kernel_sha, - initrd: current_contract.dtrfs_sha, + vcpus: updated_contract.vcpus, + kernel: updated_contract.kernel_sha, + initrd: updated_contract.dtrfs_sha, args: args.clone(), }; let measurement = measurement_args.get_measurement()?; - if self.vcpus != 0 || self.dtrfs.is_some() { - injector::execute(measurement, args.dtrfs_api_endpoint, None, uuid)?; - } else { - println!("vCPUs and kernel did not get modified. Secret injection is not required."); - } + injector::execute( + measurement, + args.dtrfs_api_endpoint, + None, + &updated_contract.hostname, + )?; + Ok(()) } @@ -78,6 +86,7 @@ impl Request { }; Ok(block_on(grpc::update_vm(proto::UpdateVmReq { uuid: uuid.to_string(), + hostname: self.hostname.clone(), admin_pubkey: Config::get_detee_wallet()?, disk_size_gb: self.disk_size_gb, vcpus: self.vcpus,