From 0986fb2d4e1e4021a2d01f476157f9a181929603 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Thu, 12 Dec 2024 22:40:05 +0000 Subject: [PATCH 01/11] Update snp docs to add --guest-name and --guest-port option usage Signed-off-by: Harika Nittala --- docs/snp.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/snp.md b/docs/snp.md index aac81d4..0986b5c 100644 --- a/docs/snp.md +++ b/docs/snp.md @@ -84,6 +84,12 @@ The `--non-upm` option can be specified with the above command if a non-upm vers of the kernel is desired. The `setup-host` command must be run with this same option if launching the guest with a non-upm kernel. +A user can launch separate SNP guests at the same time using unique guest name and guest qemu port. +A user can set guest name and guest port with the `--guest-name` option and `--guest-port` option while the launch of a separate SNP guest as follows: +``` +./snp.sh launch-guest --guest-name --guest-port +``` + Attest the guest using the following command: ``` ./snp.sh attest-guest @@ -105,6 +111,10 @@ All script created guests can be stopped by running the following command: ./snp.sh stop-guests ``` +User created SNP guest via guest-name option can be stopped with the `--guest-name` option as follows: +``` +./snp.sh stop-guests --guest-name +``` ## BYO Image The SNP script utility provides support for the user to provide their own image. From 6bb9e381b88b88565f37ce2938fc9cf21aef2a16 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Thu, 12 Dec 2024 19:17:07 +0000 Subject: [PATCH 02/11] snp.sh: Use of --guest-name and --guest-port command option to launch a separate SNP guest This supports launch of various SNP Guests at the same time using unique guest name and guest qemu port. A separate SNP guest can be launched with the --guest-name and --guest-port command option as follows: ./snp.sh launch-guest --guest-name --guest-port Signed-off-by: Harika Nittala --- tools/snp.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tools/snp.sh b/tools/snp.sh index 61e836f..fd28c0e 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -117,6 +117,8 @@ usage() { >&2 echo " where OPTIONS are:" >&2 echo " -n|--non-upm Build AMDSEV non UPM kernel (sev-snp-devel)" >&2 echo " -i|--image Path to existing image file" + >&2 echo " -g-n|--guest-name Create a separate guest launch working directory" + >&2 echo " -g-p|--guest-port Set guest qemu port for networking" >&2 echo " -h|--help Usage information" return 1 @@ -1319,6 +1321,21 @@ main() { shift; shift ;; + -g-n|--guest-name) + GUEST_NAME="${2}" + LAUNCH_WORKING_DIR="${LAUNCH_WORKING_DIR}/${GUEST_NAME}" + GUEST_SSH_KEY_PATH="${LAUNCH_WORKING_DIR}/${GUEST_NAME}-key" + QEMU_CMDLINE_FILE="${LAUNCH_WORKING_DIR}/qemu.cmdline" + IMAGE="${LAUNCH_WORKING_DIR}/${GUEST_NAME}.img" + SEED_IMAGE="${LAUNCH_WORKING_DIR}/${GUEST_NAME}-seed.img" + shift; shift + ;; + + -g-p|--guest-port) + HOST_SSH_PORT="${2}" + shift; shift + ;; + setup-host) COMMAND="setup-host" shift From d36ee0165d61692fdbfa08a549d3c3ae94093f81 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Mon, 2 Dec 2024 23:58:49 +0000 Subject: [PATCH 03/11] snp.sh: snp-guest-key location and guest user name update Updated to show the correct details for the guest SSH access. Signed-off-by: Harika Nittala --- tools/snp.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/snp.sh b/tools/snp.sh index fd28c0e..14b5a11 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -1413,7 +1413,7 @@ main() { echo -e "Guest SSH port forwarded to host port: ${HOST_SSH_PORT}" echo -e "The guest is running in the background. Use the following command to access via SSH:" - echo -e "ssh -p ${HOST_SSH_PORT} -i ${LAUNCH_WORKING_DIR}/snp-guest-key amd@localhost" + echo -e "ssh -p ${HOST_SSH_PORT} -i ${GUEST_SSH_KEY_PATH} ${GUEST_USER}@localhost" ;; attest-guest) From f6f021cd8676a4012ce254ad8ee52530afabf5a2 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Thu, 12 Dec 2024 22:01:00 +0000 Subject: [PATCH 04/11] snp.sh: Update ubuntu guest image download to optimize the guest creation process Updated the ubuntu guest download process to download it once and re-use the same image to quickly create multiple guests with the improved performance. Update of the guest image download structure in ubuntu also helps to easily add support for the same in the other OS linux distros. Signed-off-by: Harika Nittala --- tools/snp.sh | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/tools/snp.sh b/tools/snp.sh index 14b5a11..1bd3b81 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -98,6 +98,9 @@ SNPGUEST_URL="https://github.com/virtee/snpguest.git" SNPGUEST_BRANCH="tags/v0.8.0" NASM_SOURCE_TAR_URL="https://www.nasm.us/pub/nasm/releasebuilds/2.16.01/nasm-2.16.01.tar.gz" CLOUD_INIT_IMAGE_URL="https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" +CLOUD_INIT_IMAGE_URL_UBUNTU="https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" +IMAGE_BASENAME_UBUNTU=$(basename "${CLOUD_INIT_IMAGE_URL_UBUNTU}") +IMAGE_BASENAME="" DRACUT_TARBALL_URL="https://github.com/dracutdevs/dracut/archive/refs/tags/059.tar.gz" SEV_SNP_MEASURE_VERSION="0.0.11" @@ -503,6 +506,33 @@ generate_guest_ssh_keypair() { ssh-keygen -q -t ed25519 -N '' -f "${GUEST_SSH_KEY_PATH}" <<&2 echo -e "ERROR: ${linux_distro}" + return 1 + ;; + esac + + local base_launch_directory=${LAUNCH_WORKING_DIR//"/$GUEST_NAME"*/} + local base_guest_image=${base_launch_directory}/${IMAGE_BASENAME} + + # Download image if not present already + if [ ! -f ${base_guest_image} ]; then + wget "${CLOUD_INIT_IMAGE_URL}" -O ${base_guest_image} + fi + + # Copy image to launch directory + cp -v ${base_guest_image} "${IMAGE}" +} + cloud_init_create_data() { if [[ -f "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-metadata.yaml" && \ -f "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-user-data.yaml" && \ @@ -541,8 +571,8 @@ EOF "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-user-data.yaml" \ "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-metadata.yaml" - # Download ubuntu 20.04 and change name - wget "${CLOUD_INIT_IMAGE_URL}" -O "${IMAGE}" + # Download Guest Image from cloud init URL + download_guest_os_image } resize_guest() { From 92e0f02387c1fed361216e9b381dacfba4b1271f Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Sat, 14 Dec 2024 01:35:15 +0000 Subject: [PATCH 05/11] snp.sh: Update to modularize ubuntu guest seed image creation process Modularized guest seed image creation in ubuntu to standardize this process across non-debian OS linux distros that has no support for cloud-localds utility supported in canonical distribution. Signed-off-by: Harika Nittala --- tools/snp.sh | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/tools/snp.sh b/tools/snp.sh index 1bd3b81..3aa8ccf 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -88,6 +88,7 @@ GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL:-cloudimg-rootfs}" GUEST_KERNEL_APPEND="root=LABEL=${GUEST_ROOT_LABEL} ro console=ttyS0" QEMU_CMDLINE_FILE="${QEMU_CMDLINE:-${LAUNCH_WORKING_DIR}/qemu.cmdline}" IMAGE="${IMAGE:-${LAUNCH_WORKING_DIR}/${GUEST_NAME}.img}" +SEED_IMAGE="${SEED_IMAGE:-${LAUNCH_WORKING_DIR}/${GUEST_NAME}-seed.img}" GENERATED_INITRD_BIN="${SETUP_WORKING_DIR}/initrd.img" # URLs and repos @@ -506,6 +507,22 @@ generate_guest_ssh_keypair() { ssh-keygen -q -t ed25519 -N '' -f "${GUEST_SSH_KEY_PATH}" <<&2 echo -e "ERROR: ${linux_distro}" + return 1 + ;; + esac +} + download_guest_os_image(){ local linux_distro=$(get_linux_distro) @@ -567,9 +584,7 @@ users: EOF # Create the seed image with metadata and user data - cloud-localds "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-seed.img" \ - "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-user-data.yaml" \ - "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-metadata.yaml" + create_guest_seed_image # Download Guest Image from cloud init URL download_guest_os_image @@ -940,7 +955,7 @@ setup_and_launch_guest() { # Add seed image option to qemu cmdline add_qemu_cmdline_opts "-device scsi-hd,drive=disk1" - add_qemu_cmdline_opts "-drive if=none,id=disk1,format=raw,file=${LAUNCH_WORKING_DIR}/${GUEST_NAME}-seed.img" + add_qemu_cmdline_opts "-drive if=none,id=disk1,format=raw,file=${SEED_IMAGE}" fi local guest_kernel_installed_file="${LAUNCH_WORKING_DIR}/guest_kernel_already_installed" From 88d2e88a84f3bcb1d74b7a05be0ce28e593923a9 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Sat, 14 Dec 2024 02:49:12 +0000 Subject: [PATCH 06/11] snp.sh: Updated Ubuntu SNP guest launch to generalize across various OS Generalize a way to get and install SNP guest kernel package(AMDSEV build), generalize initrd pattern to make it match across different OS linux distros(initrd/initramfs), and set the default ubuntu guest kernel append parameter. Signed-off-by: Harika Nittala --- tools/snp.sh | 63 +++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 58 insertions(+), 5 deletions(-) diff --git a/tools/snp.sh b/tools/snp.sh index 3aa8ccf..c4e2a7d 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -84,7 +84,7 @@ CPU_MODEL="${CPU_MODEL:-EPYC-v4}" GUEST_USER="${GUEST_USER:-amd}" GUEST_PASS="${GUEST_PASS:-amd}" GUEST_SSH_KEY_PATH="${GUEST_SSH_KEY_PATH:-${LAUNCH_WORKING_DIR}/${GUEST_NAME}-key}" -GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL:-cloudimg-rootfs}" +GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL:""}" GUEST_KERNEL_APPEND="root=LABEL=${GUEST_ROOT_LABEL} ro console=ttyS0" QEMU_CMDLINE_FILE="${QEMU_CMDLINE:-${LAUNCH_WORKING_DIR}/qemu.cmdline}" IMAGE="${IMAGE:-${LAUNCH_WORKING_DIR}/${GUEST_NAME}.img}" @@ -102,6 +102,8 @@ CLOUD_INIT_IMAGE_URL="https://cloud-images.ubuntu.com/jammy/current/jammy-server CLOUD_INIT_IMAGE_URL_UBUNTU="https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" IMAGE_BASENAME_UBUNTU=$(basename "${CLOUD_INIT_IMAGE_URL_UBUNTU}") IMAGE_BASENAME="" +GUEST_ROOT_LABEL_UBUNTU="cloudimg-rootfs" +GUEST_KERNEL_APPEND_UBUNTU="root=LABEL=${GUEST_ROOT_LABEL_UBUNTU} ro console=ttyS0" DRACUT_TARBALL_URL="https://github.com/dracutdevs/dracut/archive/refs/tags/059.tar.gz" SEV_SNP_MEASURE_VERSION="0.0.11" @@ -926,6 +928,53 @@ build_and_install_amdsev() { save_binary_paths } +get_package_install_command(){ + local linux_distro=$(get_linux_distro) + + case ${linux_distro} in + ubuntu) + echo "dpkg -i" + ;; + *) + >&2 echo -e "ERROR: ${linux_distro}" + return 1 + ;; + esac +} + +get_guest_kernel_package(){ + local linux_distro=$(get_linux_distro) + local guest_kernel_version=$(get_guest_kernel_version) + + pushd "${SETUP_WORKING_DIR}/AMDSEV/linux" >/dev/null + case ${linux_distro} in + ubuntu) + echo $(realpath linux-image*${guest_kernel_version}*.deb| grep -v dbg) + ;; + *) + >&2 echo -e "ERROR: ${linux_distro}" + return 1 + ;; + esac + popd>/dev/null +} + +set_default_guest_kernel_append() { + local linux_distro=$(get_linux_distro) + + # Sets default kernel append based on the linux distro + case ${linux_distro} in + ubuntu) + GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL_UBUNTU}" + GUEST_KERNEL_APPEND="${GUEST_KERNEL_APPEND_UBUNTU}" + ;; + *) + >&2 echo -e "ERROR: ${linux_distro}" + return 1 + ;; + esac +} + setup_and_launch_guest() { # Return error if user specified file that doesn't exist if [ ! -f "${IMAGE}" ] && ${SKIP_IMAGE_CREATE}; then @@ -965,10 +1014,11 @@ setup_and_launch_guest() { # Install the guest kernel, retrieve the initrd and then reboot local guest_kernel_version=$(get_guest_kernel_version) - local guest_kernel_deb=$(echo "$(realpath ${SETUP_WORKING_DIR}/AMDSEV/linux/linux-image*snp-guest*.deb)" | grep -v dbg) - local guest_initrd_basename="initrd.img-${guest_kernel_version}" - wait_and_retry_command "scp_guest_command ${guest_kernel_deb} ${GUEST_USER}@localhost:/home/${GUEST_USER}" - ssh_guest_command "sudo dpkg -i /home/${GUEST_USER}/$(basename ${guest_kernel_deb})" + local guest_kernel_package=$(get_guest_kernel_package) + local guest_initrd_basename="init*${guest_kernel_version}*" + local os_package_install_command=$(get_package_install_command) + wait_and_retry_command "scp_guest_command ${guest_kernel_package} ${GUEST_USER}@localhost:/home/${GUEST_USER}" + ssh_guest_command "sudo ${os_package_install_command} /home/${GUEST_USER}/$(basename ${guest_kernel_package})" scp_guest_command "${GUEST_USER}@localhost:/boot/${guest_initrd_basename}" "${LAUNCH_WORKING_DIR}" ssh_guest_command "sudo shutdown now" || true echo "true" > "${guest_kernel_installed_file}" @@ -984,6 +1034,9 @@ setup_and_launch_guest() { return 0 fi + # Set the default guest kernel append parameter as per the linux distro + [ -z "${GUEST_ROOT_LABEL}" ] && set_default_guest_kernel_append + # Add sev-guest module to host generated initrd # To be used as the guest initrd # NO LONGER NEEDED: initrd built after kernel generation (build_guest_initrd) From 44299bbfae3330dfc0c059afbfb6f3ff5405d714 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Fri, 13 Dec 2024 20:11:57 -0800 Subject: [PATCH 07/11] snp.sh: Add fedora support to create cloud init data for guest image This feature downloads guest image from fedora guest URL and creates guest seed image from the user-data and meta-data file using genisoimage utility(supported in non-debian OSes). Signed-off-by: Harika Nittala --- tools/snp.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tools/snp.sh b/tools/snp.sh index c4e2a7d..1f09c1a 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -101,6 +101,8 @@ NASM_SOURCE_TAR_URL="https://www.nasm.us/pub/nasm/releasebuilds/2.16.01/nasm-2.1 CLOUD_INIT_IMAGE_URL="https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" CLOUD_INIT_IMAGE_URL_UBUNTU="https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" IMAGE_BASENAME_UBUNTU=$(basename "${CLOUD_INIT_IMAGE_URL_UBUNTU}") +CLOUD_INIT_IMAGE_URL_FEDORA="https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/38/Cloud/x86_64/images/Fedora-Cloud-Base-38-1.6.x86_64.qcow2" +IMAGE_BASENAME_FEDORA=$(basename "${CLOUD_INIT_IMAGE_URL_FEDORA}") IMAGE_BASENAME="" GUEST_ROOT_LABEL_UBUNTU="cloudimg-rootfs" GUEST_KERNEL_APPEND_UBUNTU="root=LABEL=${GUEST_ROOT_LABEL_UBUNTU} ro console=ttyS0" @@ -518,6 +520,20 @@ create_guest_seed_image(){ "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-user-data.yaml" \ "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-metadata.yaml" ;; + fedora) + mv -v "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-user-data.yaml" "${LAUNCH_WORKING_DIR}/user-data" + mv -v "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-metadata.yaml" "${LAUNCH_WORKING_DIR}/meta-data" + + genisoimage -output "${SEED_IMAGE}" \ + -volid cidata \ + -joliet \ + -rock \ + "${LAUNCH_WORKING_DIR}/user-data" \ + "${LAUNCH_WORKING_DIR}/meta-data" + + mv -v "${LAUNCH_WORKING_DIR}/user-data" "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-user-data.yaml" + mv -v "${LAUNCH_WORKING_DIR}/meta-data" "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-metadata.yaml" + ;; *) >&2 echo -e "ERROR: ${linux_distro}" return 1 @@ -534,6 +550,10 @@ download_guest_os_image(){ CLOUD_INIT_IMAGE_URL=${CLOUD_INIT_IMAGE_URL_UBUNTU} IMAGE_BASENAME=${IMAGE_BASENAME_UBUNTU} ;; + fedora) + CLOUD_INIT_IMAGE_URL=${CLOUD_INIT_IMAGE_URL_FEDORA} + IMAGE_BASENAME=${IMAGE_BASENAME_FEDORA} + ;; *) >&2 echo -e "ERROR: ${linux_distro}" return 1 From 98f674f349204af13ba536964fca0cbd51a64a20 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Fri, 13 Dec 2024 21:17:26 -0800 Subject: [PATCH 08/11] snp.sh: Add support for the fedora SNP guest launch Added fedora support to install SNP kernel package on fedora host. Copied guest initrd file from the guest home directory(with modified permission) to the host for the safe initrd file transfer into the host without user permission issue. Updated fedora guest kernel append for the SNP guest launch. Signed-off-by: Harika Nittala --- tools/snp.sh | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/tools/snp.sh b/tools/snp.sh index 1f09c1a..d5fe49b 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -106,6 +106,8 @@ IMAGE_BASENAME_FEDORA=$(basename "${CLOUD_INIT_IMAGE_URL_FEDORA}") IMAGE_BASENAME="" GUEST_ROOT_LABEL_UBUNTU="cloudimg-rootfs" GUEST_KERNEL_APPEND_UBUNTU="root=LABEL=${GUEST_ROOT_LABEL_UBUNTU} ro console=ttyS0" +GUEST_ROOT_LABEL_FEDORA="fedora" +GUEST_KERNEL_APPEND_FEDORA="console=ttys0 root=LABEL=${GUEST_ROOT_LABEL_FEDORA} ro rootflags=subvol=root" DRACUT_TARBALL_URL="https://github.com/dracutdevs/dracut/archive/refs/tags/059.tar.gz" SEV_SNP_MEASURE_VERSION="0.0.11" @@ -955,6 +957,9 @@ get_package_install_command(){ ubuntu) echo "dpkg -i" ;; + fedora) + echo "dnf install -y" + ;; *) >&2 echo -e "ERROR: ${linux_distro}" return 1 @@ -971,6 +976,10 @@ get_guest_kernel_package(){ ubuntu) echo $(realpath linux-image*${guest_kernel_version}*.deb| grep -v dbg) ;; + fedora) + guest_kernel_version="${guest_kernel_version//-/_}" # SNP kernel RPM package name contains _ in the version + echo $(realpath $(ls -t kernel-*${guest_kernel_version}*.rpm| grep -v header| head -1)) + ;; *) >&2 echo -e "ERROR: ${linux_distro}" return 1 @@ -988,6 +997,10 @@ set_default_guest_kernel_append() { GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL_UBUNTU}" GUEST_KERNEL_APPEND="${GUEST_KERNEL_APPEND_UBUNTU}" ;; + fedora) + GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL_FEDORA}" + GUEST_KERNEL_APPEND="${GUEST_KERNEL_APPEND_FEDORA}" + ;; *) >&2 echo -e "ERROR: ${linux_distro}" return 1 @@ -1039,12 +1052,21 @@ setup_and_launch_guest() { local os_package_install_command=$(get_package_install_command) wait_and_retry_command "scp_guest_command ${guest_kernel_package} ${GUEST_USER}@localhost:/home/${GUEST_USER}" ssh_guest_command "sudo ${os_package_install_command} /home/${GUEST_USER}/$(basename ${guest_kernel_package})" - scp_guest_command "${GUEST_USER}@localhost:/boot/${guest_initrd_basename}" "${LAUNCH_WORKING_DIR}" + + # Copy the guest initrd in the guest home directory into the host + local initrd_filepath=$(ssh_guest_command "ls /boot/${guest_initrd_basename} | grep -v kdump") + initrd_filepath=$(echo ${initrd_filepath}| tr -d '\r') + ssh_guest_command "sudo cp $(realpath ${initrd_filepath}) /home/${GUEST_USER}" + ssh_guest_command "sudo chmod 644 /home/${GUEST_USER}/$(basename $(realpath ${initrd_filepath}))" + scp_guest_command "${GUEST_USER}@localhost:/home/${GUEST_USER}/$(basename $(realpath ${initrd_filepath}))" "${LAUNCH_WORKING_DIR}" + ssh_guest_command "sudo shutdown now" || true echo "true" > "${guest_kernel_installed_file}" - # Update the initrd file path and name in the guest launch source-bins file + # Update the initrd file path and name(initrd/initramfs) in the guest launch source-bins file + guest_initrd_basename=$(basename $(realpath ${initrd_filepath})) sed -i -e "s|^\(INITRD_BIN=\).*$|\1\"${LAUNCH_WORKING_DIR}/${guest_initrd_basename}\"|g" "${LAUNCH_WORKING_DIR}/source-bins" + INITRD_BIN="${LAUNCH_WORKING_DIR}/${guest_initrd_basename}" # Wait for shutdown to complete wait_and_retry_command "! ps aux | grep \"${WORKING_DIR}.*qemu.*${IMAGE}\" | grep -v \"tail.*qemu.log\" | grep -v \"grep.*qemu\"" From b75603b9411da1a9443466fe7be7755cc89a3b54 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Mon, 6 Jan 2025 22:47:51 +0000 Subject: [PATCH 09/11] snp.sh: Added support to launch SNP redhat guest for given RH guest image on RH host User can launch SNP RH guest image for the existing RHEL image(cloud-init configured) via new --rhel-image command option as follows: ./snp.sh launch-guest --rhel-image Signed-off-by: Harika Nittala --- tools/snp.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/tools/snp.sh b/tools/snp.sh index d5fe49b..12cc45d 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -75,6 +75,7 @@ ATTESTATION_WORKING_DIR="${ATTESTATION_WORKING_DIR:-${WORKING_DIR}/attest}" COMMAND="help" UPM=true SKIP_IMAGE_CREATE=false +IS_RHEL_IMAGE=false HOST_SSH_PORT="${HOST_SSH_PORT:-10022}" GUEST_NAME="${GUEST_NAME:-snp-guest}" GUEST_SIZE_GB="${GUEST_SIZE_GB:-20}" @@ -108,6 +109,8 @@ GUEST_ROOT_LABEL_UBUNTU="cloudimg-rootfs" GUEST_KERNEL_APPEND_UBUNTU="root=LABEL=${GUEST_ROOT_LABEL_UBUNTU} ro console=ttyS0" GUEST_ROOT_LABEL_FEDORA="fedora" GUEST_KERNEL_APPEND_FEDORA="console=ttys0 root=LABEL=${GUEST_ROOT_LABEL_FEDORA} ro rootflags=subvol=root" +GUEST_ROOT_LABEL_RHEL="root" +GUEST_KERNEL_APPEND_RHEL="root=LABEL=${GUEST_ROOT_LABEL_RHEL} ro console=ttyS0" DRACUT_TARBALL_URL="https://github.com/dracutdevs/dracut/archive/refs/tags/059.tar.gz" SEV_SNP_MEASURE_VERSION="0.0.11" @@ -127,6 +130,7 @@ usage() { >&2 echo " where OPTIONS are:" >&2 echo " -n|--non-upm Build AMDSEV non UPM kernel (sev-snp-devel)" >&2 echo " -i|--image Path to existing image file" + >&2 echo " -r-i|--rhel-image Path to existing red hat image file on red hat host" >&2 echo " -g-n|--guest-name Create a separate guest launch working directory" >&2 echo " -g-p|--guest-port Set guest qemu port for networking" >&2 echo " -h|--help Usage information" @@ -960,6 +964,12 @@ get_package_install_command(){ fedora) echo "dnf install -y" ;; + rhel) + if [ ${IS_RHEL_IMAGE} = "true" ]; then + echo "dnf install -y" + return + fi + ;; *) >&2 echo -e "ERROR: ${linux_distro}" return 1 @@ -980,6 +990,13 @@ get_guest_kernel_package(){ guest_kernel_version="${guest_kernel_version//-/_}" # SNP kernel RPM package name contains _ in the version echo $(realpath $(ls -t kernel-*${guest_kernel_version}*.rpm| grep -v header| head -1)) ;; + rhel) + if [ ${IS_RHEL_IMAGE} = "true" ]; then + guest_kernel_version="${guest_kernel_version//-/_}" # SNP kernel RPM package name contains _ in the version + echo $(realpath $(ls -t kernel-*${guest_kernel_version}*.rpm| grep -v header| head -1)) + return + fi + ;; *) >&2 echo -e "ERROR: ${linux_distro}" return 1 @@ -1001,6 +1018,13 @@ set_default_guest_kernel_append() { GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL_FEDORA}" GUEST_KERNEL_APPEND="${GUEST_KERNEL_APPEND_FEDORA}" ;; + rhel) + if [ ${IS_RHEL_IMAGE} = "true" ]; then + GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL_RHEL}" + GUEST_KERNEL_APPEND="${GUEST_KERNEL_APPEND_RHEL}" + return + fi + ;; *) >&2 echo -e "ERROR: ${linux_distro}" return 1 @@ -1461,6 +1485,13 @@ main() { shift; shift ;; + -r-i|--rhel-image) + IMAGE="${2}" + SKIP_IMAGE_CREATE=true + IS_RHEL_IMAGE=true + shift; shift + ;; + -g-n|--guest-name) GUEST_NAME="${2}" LAUNCH_WORKING_DIR="${LAUNCH_WORKING_DIR}/${GUEST_NAME}" From 73a20b5c1db37179693ae76d069138be4feca4e0 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Fri, 10 Jan 2025 03:29:30 +0000 Subject: [PATCH 10/11] snp.sh: Added additional guest options Added additional guest options ( --guest-dir, --guest-key-path, --guest-user ) to support SNP guest launch for the specific guest working dir, guest SSH key path and guest user name. It could be used in the launch of specific SNP RHEL image as follows: ./snp.sh launch-guest --rhel-image \ --guest-key-path \ --guest-user \ --guest-dir Signed-off-by: Harika Nittala --- tools/snp.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/snp.sh b/tools/snp.sh index 12cc45d..bdabe5f 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -131,8 +131,11 @@ usage() { >&2 echo " -n|--non-upm Build AMDSEV non UPM kernel (sev-snp-devel)" >&2 echo " -i|--image Path to existing image file" >&2 echo " -r-i|--rhel-image Path to existing red hat image file on red hat host" + >&2 echo " -glwd|--guest-dir Path to guest image launch working directory" >&2 echo " -g-n|--guest-name Create a separate guest launch working directory" >&2 echo " -g-p|--guest-port Set guest qemu port for networking" + >&2 echo " -g-k|--guest-key-path Set guest SSH key path to access the guest" + >&2 echo " -g-u|--guest-user Set guest user name of the guest image" >&2 echo " -h|--help Usage information" return 1 @@ -1492,6 +1495,12 @@ main() { shift; shift ;; + -glwd|--guest-dir) + LAUNCH_WORKING_DIR="${2}" + QEMU_CMDLINE_FILE="${LAUNCH_WORKING_DIR}/qemu.cmdline" + shift; shift + ;; + -g-n|--guest-name) GUEST_NAME="${2}" LAUNCH_WORKING_DIR="${LAUNCH_WORKING_DIR}/${GUEST_NAME}" @@ -1507,6 +1516,16 @@ main() { shift; shift ;; + -g-k|--guest-key-path) + GUEST_SSH_KEY_PATH="${2}" + shift; shift + ;; + + -g-u|--guest-user) + GUEST_USER="${2}" + shift; shift + ;; + setup-host) COMMAND="setup-host" shift From 0434e16ef153382fa00af145e3614bcdb11c4108 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Fri, 10 Jan 2025 03:37:40 +0000 Subject: [PATCH 11/11] snp.sh: Added cleanup steps to enable SNP ubuntu/RH guest launch from the RHEL host Added file cleanup steps (guest kernel file, source-bin files) to support the SNP guest launch (ubuntu/RH) from the RH host at the same time. Signed-off-by: Harika Nittala --- tools/snp.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/snp.sh b/tools/snp.sh index bdabe5f..d47dd11 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -778,6 +778,12 @@ KERNEL_BIN="${guest_kernel}" EOF } +guest_lauch_pre_cleanup() { + local guest_kernel_installed_file="${LAUNCH_WORKING_DIR}/guest_kernel_already_installed" + rm -rf "${guest_kernel_installed_file}" + rm -rf "${LAUNCH_WORKING_DIR}/source-bins" +} + copy_launch_binaries() { # Source the bins generated from setup source "${SETUP_WORKING_DIR}/source-bins" @@ -1592,6 +1598,9 @@ main() { return 1 fi + # Cleanup steps to enable SNP ubuntu/RH guest launch from the RHEL host + guest_lauch_pre_cleanup + copy_launch_binaries source "${LAUNCH_WORKING_DIR}/source-bins"