Skip to content

podvm: disable cloud-init unsafe modules for CoCo #443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 27, 2024
Merged

podvm: disable cloud-init unsafe modules for CoCo #443

merged 1 commit into from
Aug 27, 2024

Conversation

snir911
Copy link
Contributor

@snir911 snir911 commented Aug 11, 2024
edited by openshift-ci bot
Loading

this is executed when CONFIDENTIAL_COMPUTE_ENABLED=yes or based on the EXPLICIT_adapt_cloud_init value, if set

in either case, this is currently disabled for the libvirt provider

Fixes: KATA-3269

@snir911 snir911 requested a review from bpradipt August 11, 2024 09:32
@snir911 snir911 self-assigned this Aug 11, 2024
@openshift-ci openshift-ci bot requested a review from gkurz August 11, 2024 09:32
gkurz
gkurz reviewed Aug 21, 2024
View reviewed changes
Copy link
Member

@gkurz gkurz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@snir911 what's the tmporary change commit for ?

@bpradipt bpradipt mentioned this pull request Aug 22, 2024
Closed
@snir911
Copy link
Contributor Author

snir911 commented Aug 25, 2024

tmporary change was to test wheter this is works with libvirt provider, currently thanks to @ajayvic it seems to be failing so i removed this patch for now

[  OK  ] Reached target Cloud-init target.
         Starting Agent Protocol Forwarder...
         Starting Record Runlevel Change in UTMP...
[  OK  ] Finished Record Runlevel Change in UTMP.
[FAILED] Failed to start Agent Protocol Forwarder.
See 'systemctl status agent-protocol-forwarder.service' for details.
[  OK  ] Started Confidential Data Hub TTRPC API Server.

@snir911 snir911 requested a review from gkurz August 25, 2024 09:15
@snir911
podvm: disable cloud-init unsafe modules for CoCo
1b74591 
this is executed when CONFIDENTIAL_COMPUTE_ENABLED=yes or based on
the CUSTOM_CLOUD_INIT_MODULES value, if set

in either case, this is currently disabled for the libvirt provider

Signed-off-by: Snir Sheriber <[email protected]>
bpradipt
bpradipt approved these changes Aug 26, 2024
View reviewed changes
Copy link
Contributor

@bpradipt bpradipt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 26, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Aug 26, 2024

@snir911: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/sandboxed-containers-operator-e2e 1b74591 link false /test sandboxed-containers-operator-e2e
ci/prow/check 1b74591 link false /test check

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

gkurz
gkurz approved these changes Aug 27, 2024
View reviewed changes
Copy link
Member

@gkurz gkurz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Under the assumption that the content of 99_coco_only_allow.cfg is correct, the patch looks good to me.

Thanks @snir911 !

@bpradipt bpradipt merged commit bca4212 into openshift:devel Aug 27, 2024
2 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gkurz gkurz gkurz approved these changes

@bpradipt bpradipt bpradipt approved these changes

Assignees

@bpradipt bpradipt

@snir911 snir911

Labels
lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@snir911 @gkurz @bpradipt