testnet/detee-cli
3
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

enable update process for VM hostname

Browse Source
This commit is contained in:
ghe0 2025-03-21 23:06:57 +02:00
parent 4bd6b48877
commit b12c8ebb4b
Signed by: ghe0
GPG Key ID: 451028EE56A0FBB4
8 changed files with 51 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@ -1110,7 +1110,7 @@ dependencies = [
[[package]] [[package]]
name = "detee-shared" name = "detee-shared"
version = "0.1.0" version = "0.1.0"
source = "git+ssh://git@gitea.detee.cloud/testnet/proto.git?branch=main#a874749fd5d7d8a5c964835f11bc8f97007f9f9e" source = "git+ssh://git@gitea.detee.cloud/testnet/proto.git?branch=main#70e83dd0e982eeb491212c4a9d265df0b148fe24"
dependencies = [ dependencies = [
"base64", "base64",
"prost", "prost",

5
scripts/detee-cli_injector.sh
View File

@ -24,6 +24,10 @@ if [[ -z "${MEASUREMENT}" ]]; then
exit 1 exit 1
fi fi
if [[ -z "${VM_HOSTNAME}" ]]; then
VM_HOSTNAME="detee-vm"
fi
server="$SERVER_ADDR" server="$SERVER_ADDR"
ssh_pubkey_dir="${HOME}/.detee/cli/vms/ssh" ssh_pubkey_dir="${HOME}/.detee/cli/vms/ssh"
cert_dir="${HOME}/.detee/cli/vms/certs" cert_dir="${HOME}/.detee/cli/vms/certs"
@ -155,6 +159,7 @@ if [[ -n "$DETEE_INSTALL_URL" ]] && [[ -n "$DETEE_INSTALL_URL" ]]; then
--data-urlencode "url=${DETEE_INSTALL_URL}" \ --data-urlencode "url=${DETEE_INSTALL_URL}" \
-d "sha=${DETEE_INSTALL_SHA}" \ -d "sha=${DETEE_INSTALL_SHA}" \
-d "keyfile=$(cat "$keyfile" | basenc --base64url -w 0)" \ -d "keyfile=$(cat "$keyfile" | basenc --base64url -w 0)" \
-d "hostname=${VM_HOSTNAME}" \
"https://dtrfs-api:${port}/install" || exit 1 "https://dtrfs-api:${port}/install" || exit 1
else else
echo echo

6
src/bin/detee-cli.rs
View File

@ -436,6 +436,12 @@ fn clap_cmd() -> Command {
.help("supply the uuid of the VM you wish to upgrade") .help("supply the uuid of the VM you wish to upgrade")
.required(true) .required(true)
) )
.arg(
Arg::new("hostname")
.long("hostname")
.default_value("")
.help("change the hostname within the smart contract")
)
.arg( .arg(
Arg::new("vcpus") Arg::new("vcpus")
.long("vcpus") .long("vcpus")

2
src/snp/cli_handler.rs
View File

@ -88,12 +88,14 @@ fn handle_vm_list(update_vm_args: &ArgMatches) -> Result<Vec<snp::VmContract>, B
fn handle_vm_update(update_vm_args: &ArgMatches) -> Result<SimpleOutput, Box<dyn Error>> { fn handle_vm_update(update_vm_args: &ArgMatches) -> Result<SimpleOutput, Box<dyn Error>> {
let uuid = update_vm_args.get_one::<String>("uuid").unwrap().clone(); let uuid = update_vm_args.get_one::<String>("uuid").unwrap().clone();
let hostname = update_vm_args.get_one::<String>("hostname").unwrap().clone();
let memory = *update_vm_args.get_one::<u32>("memory").unwrap(); let memory = *update_vm_args.get_one::<u32>("memory").unwrap();
if memory > 0 && memory < 800 { if memory > 0 && memory < 800 {
log::error!("At least 800MB of memory must be assgined to the VM"); log::error!("At least 800MB of memory must be assgined to the VM");
return Ok(SimpleOutput::from("")); return Ok(SimpleOutput::from(""));
} }
snp::update::Request::process_request( snp::update::Request::process_request(
hostname,
&uuid, &uuid,
*update_vm_args.get_one::<u32>("vcpus").unwrap(), *update_vm_args.get_one::<u32>("vcpus").unwrap(),
memory, memory,

1
src/snp/deploy.rs
View File

@ -81,7 +81,6 @@ impl Request {
let args = new_vm_resp.args.ok_or(Error::NoMeasurement)?; let args = new_vm_resp.args.ok_or(Error::NoMeasurement)?;
let measurement_args = injector::Args { let measurement_args = injector::Args {
uuid: new_vm_resp.uuid.clone(), uuid: new_vm_resp.uuid.clone(),
hostname: self.hostname.clone(),
vcpus: self.vcpus, vcpus: self.vcpus,
kernel: kernel_sha, kernel: kernel_sha,
initrd: dtrfs_sha, initrd: dtrfs_sha,

8
src/snp/injector.rs
View File

@ -5,7 +5,6 @@ use std::net::IpAddr;
#[derive(Debug)] #[derive(Debug)]
pub struct Args { pub struct Args {
pub uuid: String, pub uuid: String,
pub hostname: String,
pub vcpus: u32, pub vcpus: u32,
pub kernel: String, pub kernel: String,
pub initrd: String, pub initrd: String,
@ -98,7 +97,7 @@ impl Args {
ip_string = "detee_net_eth0=10.0.2.15_24_10.0.2.2 ".to_string() + &ip_string; ip_string = "detee_net_eth0=10.0.2.15_24_10.0.2.2 ".to_string() + &ip_string;
} }
let admin_key = format!("detee_admin={} ", Config::get_detee_wallet()?); let admin_key = format!("detee_admin={} ", Config::get_detee_wallet()?);
let hostname = format!("detee_name={}", self.hostname); let hostname = format!("detee_uuid={}", self.uuid);
let params = format!("{}{}{}", ip_string, admin_key, hostname); let params = format!("{}{}{}", ip_string, admin_key, hostname);
debug!("Calculated kernel params for {} to: {}", self.uuid, params); debug!("Calculated kernel params for {} to: {}", self.uuid, params);
Ok(params) Ok(params)
@ -109,7 +108,7 @@ pub fn execute(
measurement: String, measurement: String,
server_addr: String, server_addr: String,
os_template: Option<(&str, &str)>, os_template: Option<(&str, &str)>,
log_file_name: &str, vm_hostname: &str,
) -> Result<super::VmSshArgs, Error> { ) -> Result<super::VmSshArgs, Error> {
let parsed_addr = match server_addr.parse::<std::net::SocketAddrV4>() { let parsed_addr = match server_addr.parse::<std::net::SocketAddrV4>() {
Ok(addr) => addr, Ok(addr) => addr,
@ -125,7 +124,7 @@ pub fn execute(
}; };
eprintln!("Injecting disk encryption key into VM. This will take a minute. Do not interrupt."); eprintln!("Injecting disk encryption key into VM. This will take a minute. Do not interrupt.");
let (os_template_url, os_template_sha) = os_template.unwrap_or(("", "")); let (os_template_url, os_template_sha) = os_template.unwrap_or(("", ""));
let logs_path = Config::logs_dir()? + "/" + log_file_name; let logs_path = Config::logs_dir()? + "/" + vm_hostname;
log::info!("Logs will be saved to {}", logs_path); log::info!("Logs will be saved to {}", logs_path);
let logs_file = std::fs::File::create(logs_path.clone())?; let logs_file = std::fs::File::create(logs_path.clone())?;
let mut child_process = std::process::Command::new("detee-cli_injector.sh") let mut child_process = std::process::Command::new("detee-cli_injector.sh")
@ -134,6 +133,7 @@ pub fn execute(
.env("DETEE_INSTALL_URL", os_template_url) .env("DETEE_INSTALL_URL", os_template_url)
.env("DETEE_INSTALL_SHA", os_template_sha) .env("DETEE_INSTALL_SHA", os_template_sha)
.env("MEASUREMENT", measurement) .env("MEASUREMENT", measurement)
.env("VM_HOSTNAME", vm_hostname)
.stdout(logs_file.try_clone()?) .stdout(logs_file.try_clone()?)
.stderr(logs_file) .stderr(logs_file)
.spawn()?; .spawn()?;

22
src/snp/mod.rs
View File

@ -396,12 +396,12 @@ pub fn calculate_nanolp(
lazy_static! { lazy_static! {
static ref DEFAULT_DTRFS: Dtrfs = Dtrfs { static ref DEFAULT_DTRFS: Dtrfs = Dtrfs {
name: "dtrfs-6.13.6-arch1-1".to_string(), name: "dtrfs-6.13.7-arch1-1".to_string(),
vendor: "ghe0".to_string(), vendor: "ghe0".to_string(),
dtrfs_url: "http://registry.detee.ltd/detee-archtop-6.13.6-arch1-1.cpio.gz".to_string(), dtrfs_url: "http://registry.detee.ltd/detee-archtop-6.13.7-arch1-1.cpio.gz".to_string(),
dtrfs_sha: "de48048fb42fe4054611f14e51ce175ca90645734fe41349642f036b8bca8fcd".to_string(), dtrfs_sha: "dc02e091da80c281fe735a1be86b3fe766f1741d82c32f5dc64344b345827c6d".to_string(),
kernel_url: "http://registry.detee.ltd/vmlinuz-linux-6.13.6-arch1-1".to_string(), kernel_url: "http://registry.detee.ltd/vmlinuz-linux-6.13.7-arch1-1".to_string(),
kernel_sha: "7efaca6c348cd4136afe3ece0beec346da713029347a0d4e71e12a0b91570de7".to_string() kernel_sha: "469a89668d2f5744b3f80417fcf0a4ce0140fcb78f1e8834ef8e3668eecc934c".to_string()
}; };
static ref DEFAULT_ARCHLINUX: Distro = Distro { static ref DEFAULT_ARCHLINUX: Distro = Distro {
name: "archlinux_2025-02-21".to_string(), name: "archlinux_2025-02-21".to_string(),
@ -429,20 +429,20 @@ lazy_static! {
name: "dtrfs-6.13.6-arch1-1".to_string(), name: "dtrfs-6.13.6-arch1-1".to_string(),
vendor: "ghe0".to_string(), vendor: "ghe0".to_string(),
dtrfs_url: "http://registry.detee.ltd/detee-archtop-6.13.6-arch1-1.cpio.gz".to_string(), dtrfs_url: "http://registry.detee.ltd/detee-archtop-6.13.6-arch1-1.cpio.gz".to_string(),
dtrfs_sha: "83675cf2a27db526ec0705daf2606674778759fb33cdb8b1dfc4ddd623608806" dtrfs_sha: "de48048fb42fe4054611f14e51ce175ca90645734fe41349642f036b8bca8fcd"
.to_string(), .to_string(),
kernel_url: "http://registry.detee.ltd/vmlinuz-linux-6.13.6-arch1-1".to_string(), kernel_url: "http://registry.detee.ltd/vmlinuz-linux-6.13.6-arch1-1".to_string(),
kernel_sha: "7efaca6c348cd4136afe3ece0beec346da713029347a0d4e71e12a0b91570de7" kernel_sha: "7efaca6c348cd4136afe3ece0beec346da713029347a0d4e71e12a0b91570de7"
.to_string() .to_string()
}, },
Dtrfs { Dtrfs {
name: "dtrfs-6.13.4-arch1-1".to_string(), name: "dtrfs-6.13.6-arch1-1".to_string(),
vendor: "ghe0".to_string(), vendor: "ghe0".to_string(),
dtrfs_url: "http://registry.detee.ltd/detee-archtop-6.13.4-arch1-1.cpio.gz".to_string(), dtrfs_url: "http://registry.detee.ltd/detee-archtop-6.13.6-arch1-1.cpio.gz".to_string(),
dtrfs_sha: "3f6b3e5740f249eedfb2f7248c521a551be8b2676f7fcb040f3f3bc840a5004b" dtrfs_sha: "83675cf2a27db526ec0705daf2606674778759fb33cdb8b1dfc4ddd623608806"
.to_string(), .to_string(),
kernel_url: "http://registry.detee.ltd/vmlinuz-linux-6.13.4-arch1-1".to_string(), kernel_url: "http://registry.detee.ltd/vmlinuz-linux-6.13.6-arch1-1".to_string(),
kernel_sha: "3ec4fc5aa5729f515967ec71be4a851622785c0080f7191b1b07717149840151" kernel_sha: "7efaca6c348cd4136afe3ece0beec346da713029347a0d4e71e12a0b91570de7"
.to_string() .to_string()
}, },
]; ];

35
src/snp/update.rs
View File

@ -8,6 +8,7 @@ use log::{debug, info};
#[derive(Clone, Debug, Default, PartialEq)] #[derive(Clone, Debug, Default, PartialEq)]
pub struct Request { pub struct Request {
hostname: String,
vcpus: u32, vcpus: u32,
memory_mb: u32, memory_mb: u32,
disk_size_gb: u32, disk_size_gb: u32,
@ -16,6 +17,7 @@ pub struct Request {
impl Request { impl Request {
pub fn process_request( pub fn process_request(
hostname: String,
uuid: &str, uuid: &str,
vcpus: u32, vcpus: u32,
memory_mb: u32, memory_mb: u32,
@ -30,7 +32,7 @@ impl Request {
Some(Dtrfs::load_from_file(path)?) Some(Dtrfs::load_from_file(path)?)
} }
}; };
let req = Self { vcpus, memory_mb, disk_size_gb, dtrfs }; let req = Self { hostname, vcpus, memory_mb, disk_size_gb, dtrfs };
if req == Self::default() { if req == Self::default() {
log::info!("Skipping hardware upgrade (no arguments specified)."); log::info!("Skipping hardware upgrade (no arguments specified).");
return Ok(()); return Ok(());
@ -47,26 +49,32 @@ impl Request {
return Err(Error::Node(update_vm_resp.error)); return Err(Error::Node(update_vm_resp.error));
} }
eprintln!("The node accepted the hardware modifications for the VM."); eprintln!("The modifications got approved. Proceeding with update...");
let current_contract = block_on(grpc::get_contract_by_uuid(uuid))?; let updated_contract = block_on(grpc::get_contract_by_uuid(uuid))?;
debug!("Got the current contract for the VM after update. {current_contract:#?}"); debug!("Got the current contract for the VM after update. {updated_contract:#?}");
if !(self.vcpus != 0 || self.dtrfs.is_some()) {
eprintln!("vCPUs and kernel did not get modified. Secret injection is not required.");
return Ok(());
}
let args = update_vm_resp.args.ok_or(Error::NoMeasurement)?; let args = update_vm_resp.args.ok_or(Error::NoMeasurement)?;
let measurement_args = injector::Args { let measurement_args = injector::Args {
uuid: update_vm_resp.uuid, uuid: update_vm_resp.uuid,
hostname: current_contract.hostname.clone(), vcpus: updated_contract.vcpus,
vcpus: current_contract.vcpus, kernel: updated_contract.kernel_sha,
kernel: current_contract.kernel_sha, initrd: updated_contract.dtrfs_sha,
initrd: current_contract.dtrfs_sha,
args: args.clone(), args: args.clone(),
}; };
let measurement = measurement_args.get_measurement()?; let measurement = measurement_args.get_measurement()?;
if self.vcpus != 0 || self.dtrfs.is_some() { injector::execute(
injector::execute(measurement, args.dtrfs_api_endpoint, None, uuid)?; measurement,
} else { args.dtrfs_api_endpoint,
println!("vCPUs and kernel did not get modified. Secret injection is not required."); None,
} &updated_contract.hostname,
)?;
Ok(()) Ok(())
} }
@ -78,6 +86,7 @@ impl Request {
}; };
Ok(block_on(grpc::update_vm(proto::UpdateVmReq { Ok(block_on(grpc::update_vm(proto::UpdateVmReq {
uuid: uuid.to_string(), uuid: uuid.to_string(),
hostname: self.hostname.clone(),
admin_pubkey: Config::get_detee_wallet()?, admin_pubkey: Config::get_detee_wallet()?,
disk_size_gb: self.disk_size_gb, disk_size_gb: self.disk_size_gb,
vcpus: self.vcpus, vcpus: self.vcpus,