From 7a93fab76c10f7f6e703f1dbd82738f005c5760c Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Thu, 12 Dec 2024 22:40:05 +0000 Subject: [PATCH 1/6] Update snp docs to add --guest-name and --guest-port option usage Signed-off-by: Harika Nittala --- docs/snp.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/snp.md b/docs/snp.md index aac81d4..0986b5c 100644 --- a/docs/snp.md +++ b/docs/snp.md @@ -84,6 +84,12 @@ The `--non-upm` option can be specified with the above command if a non-upm vers of the kernel is desired. The `setup-host` command must be run with this same option if launching the guest with a non-upm kernel. +A user can launch separate SNP guests at the same time using unique guest name and guest qemu port. +A user can set guest name and guest port with the `--guest-name` option and `--guest-port` option while the launch of a separate SNP guest as follows: +``` +./snp.sh launch-guest --guest-name --guest-port +``` + Attest the guest using the following command: ``` ./snp.sh attest-guest @@ -105,6 +111,10 @@ All script created guests can be stopped by running the following command: ./snp.sh stop-guests ``` +User created SNP guest via guest-name option can be stopped with the `--guest-name` option as follows: +``` +./snp.sh stop-guests --guest-name +``` ## BYO Image The SNP script utility provides support for the user to provide their own image. From acfded971e990525276b3aec37373f7ded13b8b7 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Thu, 12 Dec 2024 19:17:07 +0000 Subject: [PATCH 2/6] snp.sh: Use of --guest-name and --guest-port command option to launch a separate SNP guest This supports launch of various SNP Guests at the same time using unique guest name and guest qemu port. A separate SNP guest can be launched with the --guest-name and --guest-port command option as follows: ./snp.sh launch-guest --guest-name --guest-port Signed-off-by: Harika Nittala --- tools/snp.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tools/snp.sh b/tools/snp.sh index 61e836f..893fc10 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -117,6 +117,8 @@ usage() { >&2 echo " where OPTIONS are:" >&2 echo " -n|--non-upm Build AMDSEV non UPM kernel (sev-snp-devel)" >&2 echo " -i|--image Path to existing image file" + >&2 echo " -g-n|--guest-name Create a separate guest launch working directory" + >&2 echo " -g-p|--guest-port Set guest qemu port for networking" >&2 echo " -h|--help Usage information" return 1 @@ -1319,6 +1321,20 @@ main() { shift; shift ;; + -g-n|--guest-name) + GUEST_NAME="${2}" + LAUNCH_WORKING_DIR="${LAUNCH_WORKING_DIR}/${GUEST_NAME}" + GUEST_SSH_KEY_PATH="${LAUNCH_WORKING_DIR}/${GUEST_NAME}-key" + QEMU_CMDLINE_FILE="${LAUNCH_WORKING_DIR}/qemu.cmdline" + IMAGE="${LAUNCH_WORKING_DIR}/${GUEST_NAME}.img" + shift; shift + ;; + + -g-p|--guest-port) + HOST_SSH_PORT="${2}" + shift; shift + ;; + setup-host) COMMAND="setup-host" shift From 70da5ad1ee0e96baf358dfa374427ba2ab6caa89 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Mon, 2 Dec 2024 23:58:49 +0000 Subject: [PATCH 3/6] snp.sh: snp-guest-key location and guest user name update Updated to show the correct details for the guest SSH access. Signed-off-by: Harika Nittala --- tools/snp.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/snp.sh b/tools/snp.sh index 893fc10..46e143a 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -1412,7 +1412,7 @@ main() { echo -e "Guest SSH port forwarded to host port: ${HOST_SSH_PORT}" echo -e "The guest is running in the background. Use the following command to access via SSH:" - echo -e "ssh -p ${HOST_SSH_PORT} -i ${LAUNCH_WORKING_DIR}/snp-guest-key amd@localhost" + echo -e "ssh -p ${HOST_SSH_PORT} -i ${GUEST_SSH_KEY_PATH} ${GUEST_USER}@localhost" ;; attest-guest) From b04fc0bd4c1ae2a2e9dbcd665542337046a31273 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Thu, 12 Dec 2024 22:01:00 +0000 Subject: [PATCH 4/6] snp.sh: Update ubuntu guest image download to optimize the guest creation process Updated the ubuntu guest download process to download it once and re-use the same image to quickly create multiple guests with the improved performance. Update of the guest image download structure in ubuntu also helps to easily add support for the same in the other OS linux distros. Signed-off-by: Harika Nittala --- tools/snp.sh | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/tools/snp.sh b/tools/snp.sh index 46e143a..452d4c5 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -98,6 +98,9 @@ SNPGUEST_URL="https://github.com/virtee/snpguest.git" SNPGUEST_BRANCH="tags/v0.8.0" NASM_SOURCE_TAR_URL="https://www.nasm.us/pub/nasm/releasebuilds/2.16.01/nasm-2.16.01.tar.gz" CLOUD_INIT_IMAGE_URL="https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" +CLOUD_INIT_IMAGE_URL_UBUNTU="https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" +IMAGE_BASENAME_UBUNTU=$(basename "${CLOUD_INIT_IMAGE_URL_UBUNTU}") +IMAGE_BASENAME="" DRACUT_TARBALL_URL="https://github.com/dracutdevs/dracut/archive/refs/tags/059.tar.gz" SEV_SNP_MEASURE_VERSION="0.0.11" @@ -503,6 +506,33 @@ generate_guest_ssh_keypair() { ssh-keygen -q -t ed25519 -N '' -f "${GUEST_SSH_KEY_PATH}" <<&2 echo -e "ERROR: ${linux_distro}" + return 1 + ;; + esac + + local base_launch_directory=${LAUNCH_WORKING_DIR//"/$GUEST_NAME"*/} + local base_guest_image=${base_launch_directory}/${IMAGE_BASENAME} + + # Download image if not present already + if [ ! -f ${base_guest_image} ]; then + wget "${CLOUD_INIT_IMAGE_URL}" -O ${base_guest_image} + fi + + # Copy image to launch directory + cp -v ${base_guest_image} "${IMAGE}" +} + cloud_init_create_data() { if [[ -f "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-metadata.yaml" && \ -f "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-user-data.yaml" && \ @@ -541,8 +571,8 @@ EOF "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-user-data.yaml" \ "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-metadata.yaml" - # Download ubuntu 20.04 and change name - wget "${CLOUD_INIT_IMAGE_URL}" -O "${IMAGE}" + # Download Guest Image from cloud init URL + download_guest_os_image } resize_guest() { From 59c19d52000249cc0b5eac8ce3a9e675843c9272 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Sat, 14 Dec 2024 01:35:15 +0000 Subject: [PATCH 5/6] snp.sh: Update to modularize ubuntu guest seed image creation process Modularized guest seed image creation in ubuntu to standardize this process across non-debian OS linux distros that has no support for cloud-localds utility supported in canonical distribution. Signed-off-by: Harika Nittala --- tools/snp.sh | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/tools/snp.sh b/tools/snp.sh index 452d4c5..4587697 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -88,6 +88,7 @@ GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL:-cloudimg-rootfs}" GUEST_KERNEL_APPEND="root=LABEL=${GUEST_ROOT_LABEL} ro console=ttyS0" QEMU_CMDLINE_FILE="${QEMU_CMDLINE:-${LAUNCH_WORKING_DIR}/qemu.cmdline}" IMAGE="${IMAGE:-${LAUNCH_WORKING_DIR}/${GUEST_NAME}.img}" +SEED_IMAGE="${SEED_IMAGE:-${LAUNCH_WORKING_DIR}/${GUEST_NAME}-seed.img}" GENERATED_INITRD_BIN="${SETUP_WORKING_DIR}/initrd.img" # URLs and repos @@ -506,6 +507,22 @@ generate_guest_ssh_keypair() { ssh-keygen -q -t ed25519 -N '' -f "${GUEST_SSH_KEY_PATH}" <<&2 echo -e "ERROR: ${linux_distro}" + return 1 + ;; + esac +} + download_guest_os_image(){ local linux_distro=$(get_linux_distro) @@ -567,9 +584,7 @@ users: EOF # Create the seed image with metadata and user data - cloud-localds "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-seed.img" \ - "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-user-data.yaml" \ - "${LAUNCH_WORKING_DIR}/${GUEST_NAME}-metadata.yaml" + create_guest_seed_image # Download Guest Image from cloud init URL download_guest_os_image @@ -940,7 +955,7 @@ setup_and_launch_guest() { # Add seed image option to qemu cmdline add_qemu_cmdline_opts "-device scsi-hd,drive=disk1" - add_qemu_cmdline_opts "-drive if=none,id=disk1,format=raw,file=${LAUNCH_WORKING_DIR}/${GUEST_NAME}-seed.img" + add_qemu_cmdline_opts "-drive if=none,id=disk1,format=raw,file=${SEED_IMAGE}" fi local guest_kernel_installed_file="${LAUNCH_WORKING_DIR}/guest_kernel_already_installed" From 6b193180af5327fc929edfeefad6a72b3a71ee25 Mon Sep 17 00:00:00 2001 From: Harika Nittala Date: Sat, 14 Dec 2024 02:49:12 +0000 Subject: [PATCH 6/6] snp.sh: Updated Ubuntu SNP guest launch to generalize across various OS Generalize a way to get and install SNP guest kernel package(AMDSEV build), generalize initrd pattern to make it match across different OS linux distros(initrd/initramfs), and set the default ubuntu guest kernel append parameter. Signed-off-by: Harika Nittala --- tools/snp.sh | 63 +++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 58 insertions(+), 5 deletions(-) diff --git a/tools/snp.sh b/tools/snp.sh index 4587697..716f405 100755 --- a/tools/snp.sh +++ b/tools/snp.sh @@ -84,7 +84,7 @@ CPU_MODEL="${CPU_MODEL:-EPYC-v4}" GUEST_USER="${GUEST_USER:-amd}" GUEST_PASS="${GUEST_PASS:-amd}" GUEST_SSH_KEY_PATH="${GUEST_SSH_KEY_PATH:-${LAUNCH_WORKING_DIR}/${GUEST_NAME}-key}" -GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL:-cloudimg-rootfs}" +GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL:""}" GUEST_KERNEL_APPEND="root=LABEL=${GUEST_ROOT_LABEL} ro console=ttyS0" QEMU_CMDLINE_FILE="${QEMU_CMDLINE:-${LAUNCH_WORKING_DIR}/qemu.cmdline}" IMAGE="${IMAGE:-${LAUNCH_WORKING_DIR}/${GUEST_NAME}.img}" @@ -102,6 +102,8 @@ CLOUD_INIT_IMAGE_URL="https://cloud-images.ubuntu.com/jammy/current/jammy-server CLOUD_INIT_IMAGE_URL_UBUNTU="https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" IMAGE_BASENAME_UBUNTU=$(basename "${CLOUD_INIT_IMAGE_URL_UBUNTU}") IMAGE_BASENAME="" +GUEST_ROOT_LABEL_UBUNTU="cloudimg-rootfs" +GUEST_KERNEL_APPEND_UBUNTU="root=LABEL=${GUEST_ROOT_LABEL_UBUNTU} ro console=ttyS0" DRACUT_TARBALL_URL="https://github.com/dracutdevs/dracut/archive/refs/tags/059.tar.gz" SEV_SNP_MEASURE_VERSION="0.0.11" @@ -926,6 +928,53 @@ build_and_install_amdsev() { save_binary_paths } +get_package_install_command(){ + local linux_distro=$(get_linux_distro) + + case ${linux_distro} in + ubuntu) + echo "dpkg -i" + ;; + *) + >&2 echo -e "ERROR: ${linux_distro}" + return 1 + ;; + esac +} + +get_guest_kernel_package(){ + local linux_distro=$(get_linux_distro) + local guest_kernel_version=$(get_guest_kernel_version) + + pushd "${SETUP_WORKING_DIR}/AMDSEV/linux" >/dev/null + case ${linux_distro} in + ubuntu) + echo $(realpath linux-image*${guest_kernel_version}*.deb| grep -v dbg) + ;; + *) + >&2 echo -e "ERROR: ${linux_distro}" + return 1 + ;; + esac + popd>/dev/null +} + +set_default_guest_kernel_append() { + local linux_distro=$(get_linux_distro) + + # Sets default kernel append based on the linux distro + case ${linux_distro} in + ubuntu) + GUEST_ROOT_LABEL="${GUEST_ROOT_LABEL_UBUNTU}" + GUEST_KERNEL_APPEND="${GUEST_KERNEL_APPEND_UBUNTU}" + ;; + *) + >&2 echo -e "ERROR: ${linux_distro}" + return 1 + ;; + esac +} + setup_and_launch_guest() { # Return error if user specified file that doesn't exist if [ ! -f "${IMAGE}" ] && ${SKIP_IMAGE_CREATE}; then @@ -965,10 +1014,11 @@ setup_and_launch_guest() { # Install the guest kernel, retrieve the initrd and then reboot local guest_kernel_version=$(get_guest_kernel_version) - local guest_kernel_deb=$(echo "$(realpath ${SETUP_WORKING_DIR}/AMDSEV/linux/linux-image*snp-guest*.deb)" | grep -v dbg) - local guest_initrd_basename="initrd.img-${guest_kernel_version}" - wait_and_retry_command "scp_guest_command ${guest_kernel_deb} ${GUEST_USER}@localhost:/home/${GUEST_USER}" - ssh_guest_command "sudo dpkg -i /home/${GUEST_USER}/$(basename ${guest_kernel_deb})" + local guest_kernel_package=$(get_guest_kernel_package) + local guest_initrd_basename="init*${guest_kernel_version}*" + local os_package_install_command=$(get_package_install_command) + wait_and_retry_command "scp_guest_command ${guest_kernel_package} ${GUEST_USER}@localhost:/home/${GUEST_USER}" + ssh_guest_command "sudo ${os_package_install_command} /home/${GUEST_USER}/$(basename ${guest_kernel_package})" scp_guest_command "${GUEST_USER}@localhost:/boot/${guest_initrd_basename}" "${LAUNCH_WORKING_DIR}" ssh_guest_command "sudo shutdown now" || true echo "true" > "${guest_kernel_installed_file}" @@ -984,6 +1034,9 @@ setup_and_launch_guest() { return 0 fi + # Set the default guest kernel append parameter as per the linux distro + [ -z "${GUEST_ROOT_LABEL}" ] && set_default_guest_kernel_append + # Add sev-guest module to host generated initrd # To be used as the guest initrd # NO LONGER NEEDED: initrd built after kernel generation (build_guest_initrd)