From 4d5e46432a3c4d4247a4eb7a81e7db86819c1b65 Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Wed, 3 Apr 2024 20:03:02 +0900 Subject: [PATCH 1/6] qemu_template.sh: Allow parameters for VM image and memory When testing multiple images one always has to copy them to the expected file name, and when trying to run two VMs this means one needs to either use separate directories or modify the qemu script. One also needs to modify the qemu script to bump the memory for K8s or for LUKS. Support parameters for the VM image name and the VM memory. --- build_library/qemu_template.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/build_library/qemu_template.sh b/build_library/qemu_template.sh index 50c254fd46..86697ff887 100755 --- a/build_library/qemu_template.sh +++ b/build_library/qemu_template.sh @@ -26,6 +26,8 @@ Options: -c FILE Config drive as an iso or fat filesystem image. -a FILE SSH public keys for login access. [~/.ssh/id_{dsa,rsa}.pub] -p PORT The port on localhost to map to the VM's sshd. [2222] + -I FILE Set a custom image file. + -M MB Set VM memory in MBs. -s Safe settings: single simple cpu and no KVM. -h this ;-) @@ -76,6 +78,12 @@ while [ $# -ge 1 ]; do -s|-safe) SAFE_ARGS=1 shift ;; + -I|-image-file) + VM_IMAGE="$2" + shift 2 ;; + -M|-memory) + VM_MEMORY="$2" + shift 2 ;; -v|-verbose) set -x shift ;; From 7379db37e85dbe7fb8986560fdebb7f3f139a3a3 Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Wed, 3 Apr 2024 20:09:51 +0900 Subject: [PATCH 2/6] vm_image_util.sh: Bump default VM memory to 2 GB While Flatcar itself runs fine with 1 GB, many workloads do not and having to debug this is time consuming when one forgets to bump the VM memory, e.g., in the Qemu script. Default to 2 GB as known-good setting for things like Kubernetes or setting up LUKS devices. --- build_library/vm_image_util.sh | 2 +- changelog/changes/2024-04-03-qemu-script.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 changelog/changes/2024-04-03-qemu-script.md diff --git a/build_library/vm_image_util.sh b/build_library/vm_image_util.sh index fd796c987e..be58017907 100644 --- a/build_library/vm_image_util.sh +++ b/build_library/vm_image_util.sh @@ -119,7 +119,7 @@ IMG_DEFAULT_CONF_FORMAT= IMG_DEFAULT_BUNDLE_FORMAT= # Memory size to use in any config files -IMG_DEFAULT_MEM=1024 +IMG_DEFAULT_MEM=2048 # Number of CPUs to use in any config files IMG_DEFAULT_CPUS=2 diff --git a/changelog/changes/2024-04-03-qemu-script.md b/changelog/changes/2024-04-03-qemu-script.md new file mode 100644 index 0000000000..b1154fc45c --- /dev/null +++ b/changelog/changes/2024-04-03-qemu-script.md @@ -0,0 +1 @@ +- The default VM memory was bumped to 2 GB in the Qemu script and for VMware OVFs From 48780dc37564648eafdb2b3531957d322d5fcb6f Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Wed, 3 Apr 2024 21:01:00 +0900 Subject: [PATCH 3/6] qemu_template.sh: Add support for attaching a software TPM For testing TPM2-backed rootfs encryption it is handy to have a software TPM option for the qemu script. Add a flag for a software TPM with swtpm like kola also does. The user has to specify a folder for the secret state and this won't be removed because the same store should be able to be passed when booting the VM again after shutdown. --- build_library/qemu_template.sh | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/build_library/qemu_template.sh b/build_library/qemu_template.sh index 86697ff887..2cd73e6e5d 100755 --- a/build_library/qemu_template.sh +++ b/build_library/qemu_template.sh @@ -17,6 +17,7 @@ SSH_KEYS="" CLOUD_CONFIG_FILE="" IGNITION_CONFIG_FILE="" CONFIG_IMAGE="" +SWTPM_DIR= SAFE_ARGS=0 USAGE="Usage: $0 [-a authorized_keys] [--] [qemu options...] Options: @@ -28,6 +29,8 @@ Options: -p PORT The port on localhost to map to the VM's sshd. [2222] -I FILE Set a custom image file. -M MB Set VM memory in MBs. + -T DIR Add a software TPM2 device through swtpm which stores secrets + and the control socket to the given directory. -s Safe settings: single simple cpu and no KVM. -h this ;-) @@ -84,6 +87,9 @@ while [ $# -ge 1 ]; do -M|-memory) VM_MEMORY="$2" shift 2 ;; + -T|-tpm) + SWTPM_DIR="$2" + shift 2 ;; -v|-verbose) set -x shift ;; @@ -117,6 +123,29 @@ write_ssh_keys() { sed -e 's/^/ - /' } +if [ -n "${SWTPM_DIR}" ]; then + mkdir -p "${SWTPM_DIR}" + if ! command -v swtpm >/dev/null; then + echo "$0: swtpm command not found!" >&2 + exit 1 + fi + case "${VM_BOARD}" in + amd64-usr) + TPM_DEV=tpm-tis ;; + arm64-usr) + TPM_DEV=tpm-tis-device ;; + *) die "Unsupported arch" ;; + esac + SWTPM_SOCK="${SWTPM_DIR}/socket" + swtpm socket --tpmstate "dir=${SWTPM_DIR}" --ctrl "type=unixio,path=${SWTPM_SOCK},terminate" --tpm2 & + SWTPM_PROC=$! + PARENT=$$ + # The swtpm process exits if qemu disconnects but if we never started qemu because + # this script fails or qemu failed to start, we need to kill the process. + # The EXIT trap is already in use by the config drive cleanup and anyway doesn't work with kill -9. + (while [ -e "/proc/${PARENT}" ]; do sleep 1; done; kill "${SWTPM_PROC}" 2>/dev/null; exit 0) & + set -- -chardev "socket,id=chrtpm,path=${SWTPM_SOCK}" -tpmdev emulator,id=tpm0,chardev=chrtpm -device "${TPM_DEV}",tpmdev=tpm0 "$@" +fi if [ -z "${CONFIG_IMAGE}" ]; then CONFIG_DRIVE=$(mktemp -d) From 71866e48246d0e68c4f07f2b7a673432d9d3fd95 Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Thu, 4 Apr 2024 12:53:00 +0900 Subject: [PATCH 4/6] qemu_template.sh: Allow parameters for VM pflash firmware The qemu UEFI and regular qemu script only differ by having a default value for the firmware. If one tries to switch between different firmwares one normally would modify the script. Make it easier to switch boot modes and use custom firmwares by supporting a flag to set the pflash contents. --- build_library/qemu_template.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/build_library/qemu_template.sh b/build_library/qemu_template.sh index 2cd73e6e5d..3a7c631eb0 100755 --- a/build_library/qemu_template.sh +++ b/build_library/qemu_template.sh @@ -31,6 +31,8 @@ Options: -M MB Set VM memory in MBs. -T DIR Add a software TPM2 device through swtpm which stores secrets and the control socket to the given directory. + -R FILE Set up pflash ro content, e.g., for UEFI (with -W). + -W FILE Set up pflash rw content, e.g., for UEFI (with -R). -s Safe settings: single simple cpu and no KVM. -h this ;-) @@ -90,6 +92,12 @@ while [ $# -ge 1 ]; do -T|-tpm) SWTPM_DIR="$2" shift 2 ;; + -R|-pflash-ro) + VM_PFLASH_RO="$2" + shift 2 ;; + -W|-pflash-rw) + VM_PFLASH_RW="$2" + shift 2 ;; -v|-verbose) set -x shift ;; From 9d3200bc4761cf4a3a43f36cc8d136672b13bd36 Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Thu, 4 Apr 2024 12:57:14 +0900 Subject: [PATCH 5/6] build_library/qemu_template.sh: Add notes for swtpm init commands For the swtpm version in Ubuntu some init command is required first. --- build_library/qemu_template.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/build_library/qemu_template.sh b/build_library/qemu_template.sh index 3a7c631eb0..b7f9912e3e 100755 --- a/build_library/qemu_template.sh +++ b/build_library/qemu_template.sh @@ -30,7 +30,9 @@ Options: -I FILE Set a custom image file. -M MB Set VM memory in MBs. -T DIR Add a software TPM2 device through swtpm which stores secrets - and the control socket to the given directory. + and the control socket to the given directory. This may need + some configuration first with 'swtpm_setup --tpmstate DIR ...' + (see https://github.com/stefanberger/swtpm/wiki/Certificates-created-by-swtpm_setup). -R FILE Set up pflash ro content, e.g., for UEFI (with -W). -W FILE Set up pflash rw content, e.g., for UEFI (with -R). -s Safe settings: single simple cpu and no KVM. From 5e7b4b6b3d7ee99135ec63605a17c7b3d1a174ba Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Thu, 4 Apr 2024 13:50:31 +0900 Subject: [PATCH 6/6] qemu_template.sh: Allow parameters for kernel and initrd With the PXE script it is easy to boot different versions from one folder without any copies because the kernel and PXE initrd are always "fresh". Instead of only supporting hardcoded file names, support parameters for the kernel and initrd file to be used. --- build_library/qemu_template.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/build_library/qemu_template.sh b/build_library/qemu_template.sh index b7f9912e3e..2c40641f96 100755 --- a/build_library/qemu_template.sh +++ b/build_library/qemu_template.sh @@ -35,6 +35,8 @@ Options: (see https://github.com/stefanberger/swtpm/wiki/Certificates-created-by-swtpm_setup). -R FILE Set up pflash ro content, e.g., for UEFI (with -W). -W FILE Set up pflash rw content, e.g., for UEFI (with -R). + -K FILE Set kernel for direct boot used to simulate a PXE boot (with -R). + -R FILE Set initrd for direct boot used to simulate a PXE boot (with -K). -s Safe settings: single simple cpu and no KVM. -h this ;-) @@ -100,6 +102,12 @@ while [ $# -ge 1 ]; do -W|-pflash-rw) VM_PFLASH_RW="$2" shift 2 ;; + -K|-kernel-file) + VM_KERNEL="$2" + shift 2 ;; + -R|-initrd-file) + VM_INITRD="$2" + shift 2 ;; -v|-verbose) set -x shift ;;