Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

image: re-enable autologin for debug and console images #3355

Merged
merged 2 commits into from
Sep 17, 2024

Conversation

3u13r
Copy link
Member

@3u13r 3u13r commented Sep 13, 2024

In mkosi v24 --autologin no longer works for ttyS consoles. Since the CSPs use those exclusively for their serial consoles, we need to replace this with another solution. Since it seems the simplest, I just created the systemd unit myself and made it conditional on the kernel cmdline.

Console:
https://github.com/edgelesssys/constellation/actions/runs/10856407864
https://github.com/edgelesssys/constellation/actions/runs/10874367218
https://github.com/edgelesssys/constellation/actions/runs/10874697856
https://github.com/edgelesssys/constellation/actions/runs/10892773346

Debug:
https://github.com/edgelesssys/constellation/actions/runs/10856416476
https://github.com/edgelesssys/constellation/actions/runs/10874954823
https://github.com/edgelesssys/constellation/actions/runs/10892782667

Sanity Check / nightly:
https://github.com/edgelesssys/constellation/actions/runs/10856431020
https://github.com/edgelesssys/constellation/actions/runs/10874956962
https://github.com/edgelesssys/constellation/actions/runs/10892766154

I have not yet tested the images, but if the console still isn't there I might have missed enable serial-getty@tty0.service in 20-constellation-base.preset Tested all 3 images now. Feel free to re-test.

Just to be extra sure, I think we should add a manual serial console enabled check for the next release in the release steps. What do you think?

Checklist

  • Run the E2E tests that are relevant to this PR's changes
  • Add labels (e.g., for changelog category)
  • Link to Milestone

@3u13r 3u13r added the no changelog Change won't be listed in release changelog label Sep 13, 2024
@3u13r 3u13r added this to the v2.18.0 milestone Sep 13, 2024
Copy link

netlify bot commented Sep 13, 2024

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit a2c1419
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/66e8abe0d1ce3c0008811c63

@msanft
Copy link
Contributor

msanft commented Sep 14, 2024

FYI: corrected the link to the nightly build in the PR description, it pointed to the debug one. Testing the images now. Change LGTM I think

@msanft
Copy link
Contributor

msanft commented Sep 14, 2024

Unfortunately, it doesn't seem to work yet. Instead of being shown a login prompt, I just get no prompt at all, but also cannot give any input to the VM.

@3u13r 3u13r force-pushed the fix/image/re-enable-autologin branch 3 times, most recently from 27196dd to 863d8e8 Compare September 15, 2024 22:13
In mkosi v24 --autologin no longer works for ttyS consoles. Since the CSPs use those exclusively for their serial consoles, we need to replace this with another solution (see next commit)
@3u13r 3u13r force-pushed the fix/image/re-enable-autologin branch from 863d8e8 to cdcb6dd Compare September 16, 2024 00:04
@3u13r 3u13r marked this pull request as ready for review September 16, 2024 00:04
Copy link
Contributor

@burgerdev burgerdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this, I'm going to try out the image now.

@@ -86,7 +86,6 @@ csp_settings = {
},
},
"qemu": {
"autologin": True,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't need a constellation.console Kernel command line arg?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QEMU should provide hvc0, which mkosi enables by default now if I'm not mistaken

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But that alone does not grant autologin, does it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should, but we'd need to keep the --autologin option for that. Or what's your concern?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, my concern is that we can't log into QEMU images anymore if we take away the mkosi autologin and add our own based on the cmdline.

Copy link
Member Author

@3u13r 3u13r Sep 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I broke the fact that you could log into any qemu image even stable and nightly images. I'm in favor of deprecating the mkosi --autologin for our own way. I will (try) to make this PR have the same behavior as before (i.e. enabling console for all images), though I'm not sure what the original reason was except for we can because it doesn't hurt security on qemu, but now that we have https://github.com/edgelesssys/constellation/tree/main/dev-docs/howto/bare-metal there might be a use-case to also have qemu images where one cannot log in.

This replaces the mkosi --autologin solution with a getty systemd unit for ttyS0.
Note that both console and debug images hace their consoles enabled.
@3u13r 3u13r force-pushed the fix/image/re-enable-autologin branch from cdcb6dd to a2c1419 Compare September 16, 2024 22:06
@3u13r
Copy link
Member Author

3u13r commented Sep 17, 2024

Re-verified:
Console is accessible on miniconstellation with nightly and console image. Note that on console images constellation.console exists twice in the cmdline.
Console is not accessible on GCP with nightly image.

@3u13r 3u13r merged commit 1f887c7 into main Sep 17, 2024
21 checks passed
@3u13r 3u13r deleted the fix/image/re-enable-autologin branch September 17, 2024 12:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
no changelog Change won't be listed in release changelog
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants