Can't run "Constellation mini"
OmarLaham opened this issue · 18 comments
OmarLaham commented
Hello everyone,
I've been trying to run the Mini Constellation on Ubuntu 18.0 and I'm getting the error:
Error: creating cluster: fetching image reference: fetching image reference: Get "https://cdn.confidential.cloud/constellation/v1/ref/-/stream/stable/image/v2.3.0/info.json": dial tcp: lookup cdn.confidential.cloud on 127.0.0.53:53: dial udp 127.0.0.53:53: connect: invalid argument
- I set my FORWARD policy to ACCEPT in iptables
- I tried to turn of the firewall
- There is 0 rules inside my ufw-reject-forward chain in iptables [even that the chain name is still in the table]
- restarted the firewall.
- I rebooted my machine as a final solution..
However, I'm still having the problem and Constellation can't fetch the image from the remote server.
Note: Here is the content of my iptables:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-684007d48d62 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-684007d48d62 -j DOCKER
-A FORWARD -i br-684007d48d62 ! -o br-684007d48d62 -j ACCEPT
-A FORWARD -i br-684007d48d62 -o br-684007d48d62 -j ACCEPT
-A FORWARD -o br-1434c250795f -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-1434c250795f -j DOCKER
-A FORWARD -i br-1434c250795f ! -o br-1434c250795f -j ACCEPT
-A FORWARD -i br-1434c250795f -o br-1434c250795f -j ACCEPT
-A FORWARD -o br-0a34a52fe39c -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-0a34a52fe39c -j DOCKER
-A FORWARD -i br-0a34a52fe39c ! -o br-0a34a52fe39c -j ACCEPT
-A FORWARD -i br-0a34a52fe39c -o br-0a34a52fe39c -j ACCEPT
-A FORWARD -o br-f45042a12d9f -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-f45042a12d9f -j DOCKER
-A FORWARD -i br-f45042a12d9f ! -o br-f45042a12d9f -j ACCEPT
-A FORWARD -i br-f45042a12d9f -o br-f45042a12d9f -j ACCEPT
-A FORWARD -o br-788a928d0b87 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-788a928d0b87 -j DOCKER
-A FORWARD -i br-788a928d0b87 ! -o br-788a928d0b87 -j ACCEPT
-A FORWARD -i br-788a928d0b87 -o br-788a928d0b87 -j ACCEPT
-A FORWARD -o br-77ec4d63a6d7 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-77ec4d63a6d7 -j DOCKER
-A FORWARD -i br-77ec4d63a6d7 ! -o br-77ec4d63a6d7 -j ACCEPT
-A FORWARD -i br-77ec4d63a6d7 -o br-77ec4d63a6d7 -j ACCEPT
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A DOCKER -d 172.24.24.3/32 ! -i br-0a34a52fe39c -o br-0a34a52fe39c -p tcp -m tcp --dport 2000 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-684007d48d62 ! -o br-684007d48d62 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-1434c250795f ! -o br-1434c250795f -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-0a34a52fe39c ! -o br-0a34a52fe39c -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-f45042a12d9f ! -o br-f45042a12d9f -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-788a928d0b87 ! -o br-788a928d0b87 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-77ec4d63a6d7 ! -o br-77ec4d63a6d7 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-684007d48d62 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-1434c250795f -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-0a34a52fe39c -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-f45042a12d9f -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-788a928d0b87 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-77ec4d63a6d7 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j ACCEPT
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-forward -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-forward -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 9000 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 8889 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
I would appreciate your help with this!
Thanks a lot.
Nirusu commented
Hey,
I cannot really reproduce this, even under a fresh install of Ubuntu 18.04.
The error message is a bit weird since it's the CLI not being able to connect to your local DNS server (which, based on IP/Port seems to be systemd-resolved).
Do you have a custom DNS configuration in some way?
Do local look ups with non-Go build tools (e.g. dig cdn.confidential.cloud, nslookup cdn.confidential.cloud or indirectly though curl https://cdn.confidential.cloud) work?
Not sure how this could happen, unless your DNS / systemd-resolved is misconfigured in some way or the Go DNS resolver has some issues working with systemd-resolved under certain circumstances.
But on a fresh, updated Ubuntu 18.04 installation, it seems to work fine for me.
OmarLaham commented
Thank you so much for the answer.
I checked /etc/resolv.conf and I found 127.0.0.53 there. I replaced it with 8.8.8.8 and the error message didn't show up again.
Bests,
OmarLaham commented
Hello again,
Initializing cluster is taking for ever on my machine.
At the beginning, the cores of the processor were working at ~90% of their capacity but now only ~5% and nothing new has appeared in the console for the last 30 mins.
I still have plenty of RAM, too.
Ouput:
Creating cluster in QEMU
Cluster successfully created.
Connect to the VMs by executing:
virsh -c qemu+tcp://localhost:16599/system
Using community license.
For details, see https://docs.edgeless.systems/constellation/overview/license
Your Constellation master secret was successfully written to ./constellation-mastersecret.json
Initializing cluster`
I would appreciate your help again.
Bests,
Nirusu commented
Regarding DNS:
Yes, I guess that works as a workaround.
127.0.0.53 is systemd-resolved and usually it's expected that it handles DNS (with its own configuration of upstream DNS servers) as a intermediate layer on most modern distros that aren't on a crusade against systemd.
Though to be fair, it often can be a troublemaker or does things one might find annoying.
If you changed it in /etc/resolv.conf, it will likely reset on the next restart. Just so that you know in case you get this error with Constellation or any other applications (since we really don't do anything special here except calling Go's http library which does all the DNS resolving).
Generally I'd be interested what reproduces the error just to make sure it's not specifically our domain that breaks anything. It's really not configured in any any special way though (literally just a CNAME to Cloudfront), so I'd be surprised what could go wrong.
So yeah I can't really imagine what the problem here was, but happy that it works for you now.
Regarding the stuck on Initializing cluster:
Right when the "Cluster successfully created" and "Initializing cluster" message appears, can you run?:
virsh -c qemu+tcp://localhost:16599/systemAnd directly afterwards in the virsh:
console 1This should give you a part of the later boot logs if you are fast enough. Would be interesting to see if something suspicious comes up.
OmarLaham commented
Hi @Nirusu,
Exactly. It is only a work around and I have to do it after every restart.
For your request, I did what you asked for and this is the output (kindly jump to the last line):
virsh # console 1
Connected to domain mini-worker-0
Escape character is ^]
{"level":"INFO","ts":"2023-01-12T20:15:12Z","logger":"setupManager","caller":"setup/setup.go:117","msg":"Preparing new state disk"}
[ OK ] Finished systemd-time-wait…it Until Kernel Time Synchronized.
{"level":"INFO","ts":"2023-01-12T20:15:19Z","caller":"mapper/mapper.go:127","msg":"Wiping disk","progress":"0.00%"}
{"level":"INFO","ts":"2023-01-12T20:15:49Z","caller":"mapper/mapper.go:127","msg":"Wiping disk","progress":"27.83%"}
{"level":"INFO","ts":"2023-01-12T20:16:20Z","caller":"mapper/mapper.go:127","msg":"Wiping disk","progress":"56.45%"}
{"level":"INFO","ts":"2023-01-12T20:16:50Z","caller":"mapper/mapper.go:127","msg":"Wiping disk","progress":"84.28%"}
{"level":"INFO","ts":"2023-01-12T20:17:05Z","caller":"mapper/mapper.go:147","msg":"Wiping disk successful","duration":105.647432011}
[ OK ] Finished prepare-state-dis…0m - Prepare encrypted state disk.
[ OK ] Reached target initrd-fs.target - Initrd File Systems.
[ OK ] Reached target initrd.target - Initrd Default Target.
Starting initrd-cleanup.se…ng Up and Shutting Down Daemons...
[ OK ] Stopped target initrd.target - Initrd Default Target.
[ OK ] Stopped target initrd-root…e.target - Initrd Root Device.
[ OK ] Stopped target initrd-usr-…get - Initrd /usr File System.
[ OK ] Stopped target remote-cryp…et - Remote Encrypted Volumes.
[ OK ] Stopped target remote-fs.target - Remote File Systems.
[ OK ] Stopped target remote-fs-p…eparation for Remote File Systems.
[ OK ] Stopped target timers.target - Timer Units.
[ OK ] Stopped dracut-pre-mount.service - dracut pre-mount hook.
[ OK ] Stopped dracut-initqueue.service - dracut initqueue hook.
[ OK ] Stopped prepare-state-disk…0m - Prepare encrypted state disk.
[ OK ] Stopped target network-online.target - Network is Online.
[ OK ] Stopped target network.target - Network.
[ OK ] Stopped target nss-lookup.…m - Host and Network Name Lookups.
[ OK ] Stopped configure-constel-…ice provider environment variable.
[ OK ] Stopped target basic.target - Basic System.
[ OK ] Stopped target paths.target - Path Units.
[ OK ] Stopped target slices.target - Slice Units.
[ OK ] Stopped target sockets.target - Socket Units.
[ OK ] Stopped target sysinit.target - System Initialization.
[ OK ] Stopped target cryptsetup.…get - Local Encrypted Volumes.
[ OK ] Stopped systemd-ask-passwo…quests to Console Directory Watch.
[ OK ] Stopped target local-fs.target - Local File Systems.
[ OK ] Stopped target swap.target - Swaps.
[ OK ] Stopped target veritysetup… - Local Verity Protected Volumes.
[ OK ] Stopped systemd-networkd-w…Wait for Network to be Configured.
Stopping systemd-networkd.…ice - Network Configuration...
Stopping systemd-resolved.…e - Network Name Resolution...
[ OK ] Stopped systemd-time-wait-…it Until Kernel Time Synchronized.
Stopping systemd-timesyncd… - Network Time Synchronization...
[ OK ] Stopped systemd-udev-trigg…e - Coldplug All udev Devices.
[ OK ] Stopped systemd-resolved.s…ice - Network Name Resolution.
[ OK ] Stopped systemd-timesyncd.…0m - Network Time Synchronization.
[ OK ] Stopped systemd-networkd.service - Network Configuration.
[ OK ] Finished initrd-cleanup.se…ning Up and Shutting Down Daemons.
[ OK ] Stopped target network-pre…get - Preparation for Network.
[ OK ] Closed systemd-networkd.so… - Network Service Netlink Socket.
[ OK ] Stopped systemd-sysctl.service - Apply Kernel Variables.
[ OK ] Stopped systemd-modules-lo…service - Load Kernel Modules.
[ OK ] Stopped systemd-tmpfiles-s…te Volatile Files and Directories.
Stopping systemd-udevd.ser…ger for Device Events and Files...
[ OK ] Stopped systemd-udevd.serv…nager for Device Events and Files.
[ OK ] Closed systemd-udevd-contr….socket - udev Control Socket.
[ OK ] Closed systemd-udevd-kernel.socket - udev Kernel Socket.
[ OK ] Stopped dracut-pre-udev.service - dracut pre-udev hook.
[ OK ] Stopped dracut-cmdline.service - dracut cmdline hook.
[ OK ] Stopped dracut-cmdline-ask…for additional cmdline parameters.
Starting initrd-udevadm-cl…ice - Cleanup udev Database...
[ OK ] Stopped systemd-network-ge…rk units from Kernel command line.
[ OK ] Stopped systemd-tmpfiles-s…reate Static Device Nodes in /dev.
[ OK ] Stopped kmod-static-nodes.…reate List of Static Device Nodes.
[ OK ] Stopped systemd-sysusers.service - Create System Users.
[ OK ] Stopped systemd-vconsole-s…rvice - Setup Virtual Console.
[ OK ] Finished initrd-udevadm-cl…rvice - Cleanup udev Database.
[ OK ] Reached target initrd-switch-root.target - Switch Root.
Starting initrd-switch-root.service - Switch Root...
Welcome to Fedora Linux 37 (Thirty Seven)!
[ OK ] Stopped initrd-switch-root.service - Switch Root.
[ OK ] Created slice system-getty.slice - Slice /system/getty.
[ OK ] Created slice system-modpr…lice - Slice /system/modprobe.
[ OK ] Created slice system-seria… - Slice /system/serial-getty.
[ OK ] Created slice system-syste…lice - Cryptsetup Units Slice.
[ OK ] Created slice system-syste…0m - Slice /system/systemd-makefs.
[ OK ] Created slice user.slice - User and Session Slice.
[ OK ] Started systemd-ask-passwo…quests to Console Directory Watch.
[ OK ] Started systemd-ask-passwo… Requests to Wall Directory Watch.
[ OK ] Set up automount proc-sys-…rmats File System Automount Point.
[ OK ] Stopped target initrd-switch-root.target - Switch Root.
[ OK ] Stopped target initrd-fs.target - Initrd File Systems.
[ OK ] Stopped target initrd-root…get - Initrd Root File System.
[ OK ] Reached target integrityse…Local Integrity Protected Volumes.
[ OK ] Reached target paths.target - Path Units.
[ OK ] Reached target remote-fs.target - Remote File Systems.
[ OK ] Reached target slices.target - Slice Units.
[ OK ] Reached target swap.target - Swaps.
[ OK ] Reached target veritysetup… - Local Verity Protected Volumes.
[ OK ] Listening on systemd-cored…et - Process Core Dump Socket.
[ OK ] Listening on systemd-initc… initctl Compatibility Named Pipe.
[ OK ] Listening on systemd-netwo… - Network Service Netlink Socket.
[ OK ] Listening on systemd-oomd.…Out-Of-Memory (OOM) Killer Socket.
[ OK ] Listening on systemd-udevd….socket - udev Control Socket.
[ OK ] Listening on systemd-udevd…l.socket - udev Kernel Socket.
[ OK ] Listening on systemd-userd…0m - User Database Manager Socket.
Mounting dev-hugepages.mount - Huge Pages File System...
Mounting dev-mqueue.mountPOSIX Message Queue File System...
Mounting sys-kernel-debug.… - Kernel Debug File System...
Mounting sys-kernel-tracin… - Kernel Trace File System...
Mounting tmp.mount - Temporary Directory /tmp...
Starting kmod-static-nodes…ate List of Static Device Nodes...
Starting modprobe@configfs…m - Load Kernel Module configfs...
Starting modprobe@drm.service - Load Kernel Module drm...
Starting modprobe@fuse.ser…e - Load Kernel Module fuse...
[ OK ] Stopped systemd-fsck-root.… File System Check on Root Device.
[ OK ] Stopped systemd-journald.service - Journal Service.
Starting systemd-journald.service - Journal Service...
Starting systemd-modules-l…rvice - Load Kernel Modules...
Starting systemd-network-g… units from Kernel command line...
Starting systemd-remount-f…nt Root and Kernel File Systems...
Starting systemd-udev-trig…[0m - Coldplug All udev Devices...
[ OK ] Mounted dev-hugepages.mount - Huge Pages File System.
[ OK ] Mounted dev-mqueue.mountOSIX Message Queue File System.
[ OK ] Mounted sys-kernel-debug.m…nt - Kernel Debug File System.
[ OK ] Mounted sys-kernel-tracing…nt - Kernel Trace File System.
[ OK ] Mounted tmp.mount - Temporary Directory /tmp.
[ OK ] Finished kmod-static-nodes…reate List of Static Device Nodes.
[ OK ] Finished modprobe@configfs…[0m - Load Kernel Module configfs.
[ OK ] Finished modprobe@drm.service - Load Kernel Module drm.
[ OK ] Finished modprobe@fuse.service - Load Kernel Module fuse.
[ OK ] Finished systemd-modules-l…service - Load Kernel Modules.
[ OK ] Started systemd-journald.service - Journal Service.
[ OK ] Finished systemd-network-g…rk units from Kernel command line.
[ OK ] Finished systemd-remount-f…ount Root and Kernel File Systems.
[ OK ] Reached target network-pre…get - Preparation for Network.
Mounting sys-fs-fuse-conne… - FUSE Control File System...
Mounting sys-kernel-config…ernel Configuration File System...
Starting systemd-sysctl.se…ce - Apply Kernel Variables...
Starting systemd-tmpfiles-…ate Static Device Nodes in /dev...
[ OK ] Mounted sys-fs-fuse-connec…nt - FUSE Control File System.
[ OK ] Mounted sys-kernel-config.… Kernel Configuration File System.
[ OK ] Finished systemd-sysctl.service - Apply Kernel Variables.
[ OK ] Finished systemd-tmpfiles-…reate Static Device Nodes in /dev.
[ OK ] Reached target local-fs-pr…reparation for Local File Systems.
[ OK ] Set up automount efi.autom… - EFI System Partition Automount.
Starting systemd-udevd.ser…ger for Device Events and Files...
[ OK ] Finished systemd-udev-trig…e - Coldplug All udev Devices.
[ OK ] Started systemd-udevd.serv…nager for Device Events and Files.
Starting systemd-networkd.…ice - Network Configuration...
Starting modprobe@configfs…m - Load Kernel Module configfs...
Starting systemd-userdbd.s…ice - User Database Manager...
[ OK ] Finished modprobe@configfs…[0m - Load Kernel Module configfs.
[ OK ] Started systemd-userdbd.service - User Database Manager.
[ OK ] Found device dev-mapper-state.device - /dev/mapper/state.
Starting systemd-makefs@de…ile System on /dev/mapper/state...
Starting systemd-cryptsetu… - Cryptography Setup for state...
[ OK ] Started systemd-networkd.service - Network Configuration.
Starting systemd-networkd-…it for Network to be Configured...
[ OK ] Finished systemd-networkd-…Wait for Network to be Configured.
[ OK ] Finished systemd-cryptsetu…0m - Cryptography Setup for state.
[ OK ] Reached target blockdev@de…Preparation for /dev/mapper/state.
[ OK ] Reached target cryptsetup.…get - Local Encrypted Volumes.
[ OK ] Reached target sound.target - Sound Card.
[ OK ] Finished systemd-makefs@de… File System on /dev/mapper/state.
Mounting run-state.mount - /run/state...
[ OK ] Mounted run-state.mount - /run/state.
Mounting etc-cni.mount - /etc/cni...
Mounting etc-kubernetes.mount - /etc/kubernetes...
Mounting opt.mount - /opt...
Mounting var.mount - /var...
[ OK ] Mounted etc-cni.mount - /etc/cni.
[ OK ] Mounted etc-kubernetes.mount - /etc/kubernetes.
[ OK ] Mounted opt.mount - /opt.
[ OK ] Mounted var.mount - /var.
[ OK ] Reached target local-fs.target - Local File Systems.
[ OK ] Listening on systemd-rfkil…l Switch Status /dev/rfkill Watch.
Starting systemd-boot-upda… - Automatic Boot Loader Update...
Starting systemd-journal-f…h Journal to Persistent Storage...
Starting systemd-random-se…ice - Load/Save Random Seed...
Mounting efi.mount - EFI System Partition Automount...
[ OK ] Finished systemd-journal-f…ush Journal to Persistent Storage.
Starting systemd-tmpfiles-… Volatile Files and Directories...
[ OK ] Finished systemd-random-se…rvice - Load/Save Random Seed.
[ OK ] Reached target first-boot-….target - First Boot Complete.
[ OK ] Mounted efi.mount - EFI System Partition Automount.
[ OK ] Finished systemd-boot-upda…0m - Automatic Boot Loader Update.
[ OK ] Finished systemd-tmpfiles-…te Volatile Files and Directories.
Starting systemd-journal-c…e - Rebuild Journal Catalog...
Starting systemd-oomd.serv…pace Out-Of-Memory (OOM) Killer...
Starting systemd-resolved.…e - Network Name Resolution...
Starting systemd-update-ut…rd System Boot/Shutdown in UTMP...
[ OK ] Finished systemd-journal-c…ice - Rebuild Journal Catalog.
Starting systemd-update-do…rvice - Update is Completed...
[ OK ] Finished systemd-update-ut…cord System Boot/Shutdown in UTMP.
[ OK ] Finished systemd-update-do…service - Update is Completed.
[ OK ] Started systemd-oomd.servi…rspace Out-Of-Memory (OOM) Killer.
[ OK ] Started systemd-resolved.s…ice - Network Name Resolution.
[ OK ] Reached target network.target - Network.
[ OK ] Reached target network-online.target - Network is Online.
[ OK ] Reached target nss-lookup.…m - Host and Network Name Lookups.
[ OK ] Reached target sysinit.target - System Initialization.
[ OK ] Started dnf-makecache.timer - dnf makecache --timer.
[ OK ] Started fstrim.timer - Discard unused blocks once a week.
[ OK ] Started systemd-tmpfiles-c… Cleanup of Temporary Directories.
[ OK ] Reached target timers.target - Timer Units.
[ OK ] Listening on dbus.socket-Bus System Message Bus Socket.
[ OK ] Reached target sockets.target - Socket Units.
[ OK ] Reached target basic.target - Basic System.
Starting configure-constel…e provider environment variable...
Starting containerd.servic… - containerd container runtime...
Starting dracut-shutdown.s…tore /run/initramfs on shutdown...
[ OK ] Started kubelet.servicebelet: The Kubernetes Node Agent.
Starting systemd-logind.se…ice - User Login Management...
Starting systemd-user-sess…vice - Permit User Sessions...
Starting tpm-pcrs.service - Print PCR state on startup...
[ OK ] Finished dracut-shutdown.s…estore /run/initramfs on shutdown.
[ OK ] Finished configure-constel…ice provider environment variable.
[ OK ] Finished systemd-user-sess…ervice - Permit User Sessions.
Starting dbus-broker.servi… - D-Bus System Message Bus...
[ OK ] Started getty@tty1.service - Getty on tty1.
[ OK ] Started serial-getty@ttyS0…rvice - Serial Getty on ttyS0.
[ OK ] Reached target getty.target - Login Prompts.
[ OK ] Started dbus-broker.service - D-Bus System Message Bus.
[ OK ] Started systemd-logind.service - User Login Management.
Starting systemd-hostnamed.service - Hostname Service...
[ OK ] Finished tpm-pcrs.service - Print PCR state on startup.
[ OK ] Started constellation-boot… - Constellation Bootstrapper.
[ OK ] Started systemd-hostnamed.service - Hostname Service.
[ OK ] Started containerd.service…0m - containerd container runtime.
[ OK ] Reached target multi-user.target - Multi-User System.
[ OK ] Reached target graphical.target - Graphical Interface.
Starting systemd-update-ut… Record Runlevel Change in UTMP...
[ OK ] Finished systemd-update-ut… - Record Runlevel Change in UTMP.
Fedora Linux 37 (Thirty Seven)
Kernel 6.0.12-300.fc37.x86_64 on an x86_64 (ttyS0)
constellation v2.3.0
PCR state:
sha256:
0 : 0x7D08997028F34F6CCDD2ED9BD31804CF0B0C7FFF9A4D05299E33620001510281
1 : 0xEE07102D1418518024110872A713A9824BC7F6AE47D62FD0CDE0918C0E249B7E
2 : 0x72001A25201B263BC60F869ACE2F728B09DC4BE78B9C80ADCA87A013C2D26950
3 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
4 : 0x835AE547BF27525D173EDBECE71E31EDEADE0BF89D18F446D097D7FCA03E13E0
5 : 0xC9398AD414997A4135B108DFF7C18C1533D70395045E9394F8CEE69744F784BD
6 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
7 : 0xDBC0BF1FFBA0307AA4EFECB3766D8A365595BC384A3DCB87D7EF9B5DCF44165B
8 : 0x0000000000000000000000000000000000000000000000000000000000000000
9 : 0x22E0E41F7AEAF76A4D4FA53B22B41BF00F78DAF690C1902AA171CF5C3033728B
10: 0x705486F7F52B61FEB5D24830AD12AFBEFBB245C3F0CB767498BE503C79F24666
11: 0x0000000000000000000000000000000000000000000000000000000000000000
12: 0x13B14ACAF86750E30D2442CDBBCB0A9F3B62FCC88C0512E26710BABD52C35284
13: 0x0000000000000000000000000000000000000000000000000000000000000000
14: 0xFBFE270FEE9D94D41584ABCA1794FB4A42CFCF9AB4BEABA49129DAE22951CEF5
15: 0x0000000000000000000000000000000000000000000000000000000000000000
16: 0x0000000000000000000000000000000000000000000000000000000000000000
17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
23: 0x0000000000000000000000000000000000000000000000000000000000000000
fedora login:
It turned out that it's waiting for a fedora login.
What do you think?
Thanks and bests,
Nirusu commented
It seems that the VM generally seems to boot up fine, but the bootstrapper service inside has some issues.
Yes, the fedora login is to be expected. Normally we have shell access disabled for security reasons across all providers, though I guess we will change that in the next release for MiniConstellation specifically.
To get past the login prompt, you can use a special image I just built with the change already included to allow shell access:
- Download the new v2.4.0 CLI from here: https://github.com/edgelesssys/constellation/releases/tag/v2.4.0
- Download this config here.
- Start MiniConstellation with this config manually specified:
./constellation mini up --debug --config mini-constellation-debug-conf.yaml
- As before, when the initializing cluster comes up (might be slightly harder to spot with the debug output, so keep an eye out for this), do:
(replace
virsh -c qemu+tcp://localhost:16599/system list console <x>
<x>with the ID of the control plane from thelistcommand)
This time, you should be able to get past the login prompt with a working shell. - Wait ~5-10 minutes.
- Run:
journalctl | cat - Copy the output from a) the CLI debug output and b) the VM and please attach it somewhere here. Whole output with all of the Linux startup process is fine, we can filter that out later.
Would be great if you could do that. That should hopefully allow us to find the issue why the initialize does not complete.
OmarLaham commented
Hello @Nirusu ,
Thanks for your help.
I followed the steps above and it passed fedora login automatically this time.
Here is the console output from constellation mini up, console 1 (mini-control-plane-0) and console 2 (mini-worker-0) consecutively.
constellation mini up (with your config file):
constellation mini up --debug --config mini-constellation-debug-conf.yaml
2023-01-14T15:09:40+01:00 DEBUG cmd/miniup.go:118 Checked arch and os
2023-01-14T15:09:40+01:00 DEBUG cmd/miniup.go:123 Checked that /dev/kvm exists
WARNING: Only 4 CPU cores available. This may cause performance issues.
2023-01-14T15:09:40+01:00 DEBUG cmd/miniup.go:131 Checked CPU cores - there are 4
2023-01-14T15:09:40+01:00 DEBUG cmd/miniup.go:149 Scanned for available memory
2023-01-14T15:09:40+01:00 DEBUG cmd/miniup.go:157 Checked available memory, you have 7GB available
2023-01-14T15:09:40+01:00 DEBUG cmd/miniup.go:167 Checked for free space available, you have 60GB available
2023-01-14T15:09:40+01:00 DEBUG cmd/miniup.go:174 Preparing config
2023-01-14T15:09:40+01:00 DEBUG cmd/miniup.go:79 Prepared config
2023-01-14T15:09:40+01:00 DEBUG cmd/miniup.go:217 Creating mini cluster
⣟ Creating cluster in QEMU 2023-01-14T15:20:20+01:00 DEBUG cmd/miniup.go:224 Cluster id file contains { mini QEMU 10.42.1.100 [82 57 98 90 121 81 57 86 37 57 108 97 37 77 112 98 66 116 114 79 121 73 121 122 78 75 114 90 109 105 50 68]}
Creating cluster in QEMU
Cluster successfully created.
2023-01-14T15:20:20+01:00 DEBUG cmd/miniup.go:90 Using connect URI
Connect to the VMs by executing:
virsh -c qemu+tcp://localhost:16599/system
2023-01-14T15:20:20+01:00 DEBUG cmd/miniup.go:230 Initializing mini cluster
2023-01-14T15:20:20+01:00 DEBUG cmd/miniup.go:243 Created new dialer
2023-01-14T15:20:20+01:00 DEBUG cmd/miniup.go:251 Created new logger
2023-01-14T15:20:20+01:00 DEBUG cmd/init.go:259 Master secret path flag value is
2023-01-14T15:20:20+01:00 DEBUG cmd/init.go:264 Conformance flag is false
2023-01-14T15:20:20+01:00 DEBUG cmd/init.go:269 Config path flag is %!s(bool=false)
2023-01-14T15:20:20+01:00 DEBUG cmd/init.go:90 Using flags: {configPath:mini-constellation-debug-conf.yaml masterSecretPath: conformance:false}
2023-01-14T15:20:20+01:00 DEBUG cmd/init.go:91 Loading config file from mini-constellation-debug-conf.yaml
2023-01-14T15:20:20+01:00 DEBUG cmd/init.go:97 Checking cluster ID file
2023-01-14T15:20:20+01:00 DEBUG cmd/init.go:107 Validated k8s version as 1.25
2023-01-14T15:20:20+01:00 DEBUG cmd/init.go:113 Got provider QEMU
Using community license.
For details, see https://docs.edgeless.systems/constellation/overview/license
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:118 Checked license
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:123 Created a new validator
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:346 Getting service account URI
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:374 Handling case for QEMU
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:128 Got service account uri
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:129 Loading master secret file from
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:313 Generating new master secret
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:326 Generated master secret key and salt values
Your Constellation master secret was successfully written to ./constellation-mastersecret.json
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:135 Created new helm loader
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:137 Loaded helm heployments
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:159 Sending initialization request
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:187 Making initialization call, doer is &{dialer:0xc00093bfb0 endpoint:10.42.1.100:9000 req:0xc000a87320 resp:<nil> log:0xc000012ee0}
Initializing cluster
2023-01-14T15:20:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:20:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:21:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:21:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:22:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:22:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:23:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:23:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:24:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:24:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:25:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:25:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:26:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:26:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:27:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:27:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:28:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:28:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:29:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:29:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:30:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:30:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:31:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:31:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:32:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:32:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:33:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:33:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:34:23+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:34:53+01:00 DEBUG cmd/init.go:211 Created protoClient
2023-01-14T15:35:23+01:00 DEBUG cmd/init.go:211 Created protoClient
Console 1:
Connected to domain mini-control-plane-0
Escape character is ^]
[ 42.215528] alg: No test for authenc(hmac(sha256),xts(aes)) (authenc(hmac(sha256-generic),xts(ecb(aes-generic))))
{"level":"INFO","ts":"2023-01-14T14:20:48Z","caller":"mapper/mapper.go:127","msg":"Wiping disk","progress":"0.00%"}
{"level":"INFO","ts":"2023-01-14T14:21:19Z","caller":"mapper/mapper.go:127","msg":"Wiping disk","progress":"29.42%"}
{"level":"INFO","ts":"2023-01-14T14:21:49Z","caller":"mapper/mapper.go:127","msg":"Wiping disk","progress":"59.63%"}
{"level":"INFO","ts":"2023-01-14T14:22:19Z","caller":"mapper/mapper.go:127","msg":"Wiping disk","progress":"89.85%"}
{"level":"INFO","ts":"2023-01-14T14:22:29Z","caller":"mapper/mapper.go:147","msg":"Wiping disk successful","duration":100.644547365}
[ OK ] Finished prepare-state-dis…0m - Prepare encrypted state disk.
[ OK ] Reached target initrd-fs.target - Initrd File Systems.
[ OK ] Reached target initrd.target - Initrd Default Target.
Starting initrd-cleanup.se…ng Up and Shutting Down Daemons...
[ OK ] Stopped target initrd.target - Initrd Default Target.
[ OK ] Stopped target initrd-root…e.target - Initrd Root Device.
[ OK ] Stopped target initrd-usr-…get - Initrd /usr File System.
[ OK ] Stopped target remote-cryp…et - Remote Encrypted Volumes.
[ OK ] Stopped target remote-fs.target - Remote File Systems.
[ OK ] Stopped target remote-fs-p…eparation for Remote File Systems.
[ OK ] Stopped target timers.target - Timer Units.
[ OK ] Stopped dracut-pre-mount.service - dracut pre-mount hook.
[ OK ] Stopped dracut-initqueue.service - dracut initqueue hook.
[ OK ] Stopped prepare-state-disk…0m - Prepare encrypted state disk.
[ OK ] Stopped target network-online.target - Network is Online.
[ OK ] Stopped target network.target - Network.
[ OK ] Stopped target nss-lookup.…m - Host and Network Name Lookups.
[ OK ] Stopped configure-constel-…ice provider environment variable.
[ OK ] Stopped target basic.target - Basic System.
[ OK ] Stopped target paths.target - Path Units.
[ OK ] Stopped target slices.target - Slice Units.
[ OK ] Stopped target sockets.target - Socket Units.
[ OK ] Stopped target sysinit.target - System Initialization.
[ OK ] Stopped target cryptsetup.…get - Local Encrypted Volumes.
[ OK ] Stopped systemd-ask-passwo…quests to Console Directory Watch.
[ OK ] Stopped target local-fs.target - Local File Systems.
[ OK ] Stopped target swap.target - Swaps.
[ OK ] Stopped target veritysetup… - Local Verity Protected Volumes.
[ OK ] Stopped systemd-networkd-w…Wait for Network to be Configured.
Stopping systemd-networkd.…ice - Network Configuration...
Stopping systemd-resolved.…e - Network Name Resolution...
[ OK ] Stopped systemd-time-wait-…it Until Kernel Time Synchronized.
Stopping systemd-timesyncd… - Network Time Synchronization...
[ OK ] Stopped systemd-udev-trigg…e - Coldplug All udev Devices.
[ OK ] Stopped systemd-resolved.s…ice - Network Name Resolution.
[ OK ] Stopped systemd-timesyncd.…0m - Network Time Synchronization.
[ OK ] Stopped systemd-networkd.service - Network Configuration.
[ OK ] Finished initrd-cleanup.se…ning Up and Shutting Down Daemons.
[ OK ] Stopped target network-pre…get - Preparation for Network.
[ OK ] Closed systemd-networkd.so… - Network Service Netlink Socket.
[ OK ] Stopped systemd-sysctl.service - Apply Kernel Variables.
[ OK ] Stopped systemd-modules-lo…service - Load Kernel Modules.
[ OK ] Stopped systemd-tmpfiles-s…te Volatile Files and Directories.
Stopping systemd-udevd.ser…ger for Device Events and Files...
[ OK ] Stopped systemd-udevd.serv…nager for Device Events and Files.
[ OK ] Closed systemd-udevd-contr….socket - udev Control Socket.
[ OK ] Closed systemd-udevd-kernel.socket - udev Kernel Socket.
[ OK ] Stopped dracut-pre-udev.service - dracut pre-udev hook.
[ OK ] Stopped dracut-cmdline.service - dracut cmdline hook.
[ OK ] Stopped dracut-cmdline-ask…for additional cmdline parameters.
Starting initrd-udevadm-cl…ice - Cleanup udev Database...
[ OK ] Stopped systemd-network-ge…rk units from Kernel command line.
[ OK ] Stopped systemd-tmpfiles-s…reate Static Device Nodes in /dev.
[ OK ] Stopped kmod-static-nodes.…reate List of Static Device Nodes.
[ OK ] Stopped systemd-sysusers.service - Create System Users.
[ OK ] Stopped systemd-vconsole-s…rvice - Setup Virtual Console.
[ OK ] Finished initrd-udevadm-cl…rvice - Cleanup udev Database.
[ OK ] Reached target initrd-switch-root.target - Switch Root.
Starting initrd-switch-root.service - Switch Root...
[ 146.727949] systemd-journald[200]: Received SIGTERM from PID 1 (systemd).
[ 147.063578] SELinux: policy capability network_peer_controls=1
[ 147.064751] SELinux: policy capability open_perms=1
[ 147.065685] SELinux: policy capability extended_socket_class=1
[ 147.066803] SELinux: policy capability always_check_network=0
[ 147.068079] SELinux: policy capability cgroup_seclabel=1
[ 147.069104] SELinux: policy capability nnp_nosuid_transition=1
[ 147.070157] SELinux: policy capability genfs_seclabel_symlinks=1
[ 147.071251] SELinux: policy capability ioctl_skip_cloexec=0
[ 147.117836] systemd[1]: Successfully loaded SELinux policy in 109.539ms.
[ 147.193235] systemd[1]: Relabelled /dev, /dev/shm, /run, /sys/fs/cgroup in 50.624ms.
[ 147.224328] systemd[1]: systemd 251.10-588.fc37 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[ 147.234423] systemd[1]: Detected virtualization kvm.
[ 147.236469] systemd[1]: Detected architecture x86-64.
[ 147.237600] systemd[1]: Detected first boot.
Welcome to Fedora Linux 37 (Thirty Seven)!
[ 147.243721] systemd[1]: Initializing machine ID from VM UUID.
[ 147.574588] systemd[1]: bpf-lsm: LSM BPF program attached
[ 147.644038] systemd-veritysetup-generator[1846]: Using data device /dev/disk/by-partuuid/954e9606-fb9f-b133-c561-0eebc9468acb and hash device /dev/disk/by-partuuid/45f26f1a-5d78-91ab-d9fe-f09421d11aed for root.
[ 147.654599] systemd-fstab-generator[1837]: Using verity root device /dev/mapper/root.
[ 147.983359] systemd[1]: Failed to populate /etc with preset unit settings, ignoring: Read-only file system
[ 148.313922] systemd[1]: initrd-switch-root.service: Deactivated successfully.
[ 148.320153] systemd[1]: Stopped initrd-switch-root.service - Switch Root.
[ OK ] Stopped initrd-switch-root.service - Switch Root.
[ 148.325576] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1.
[ 148.330622] systemd[1]: Created slice system-getty.slice - Slice /system/getty.
[ OK ] Created slice system-getty.slice - Slice /system/getty.
[ 148.336370] systemd[1]: Created slice system-modprobe.slice - Slice /system/modprobe.
[ OK ] Created slice system-modpr…lice - Slice /system/modprobe.
[ 148.341335] systemd[1]: Created slice system-serial\x2dgetty.slice - Slice /system/serial-getty.
[ OK ] Created slice system-seria… - Slice /system/serial-getty.
[ 148.346060] systemd[1]: Created slice system-systemd\x2dcryptsetup.slice - Cryptsetup Units Slice.
[ OK ] Created slice system-syste…lice - Cryptsetup Units Slice.
[ 148.352205] systemd[1]: Created slice system-systemd\x2dmakefs.slice - Slice /system/systemd-makefs.
[ OK ] Created slice system-syste…0m - Slice /system/systemd-makefs.
[ 148.358306] systemd[1]: Created slice user.slice - User and Session Slice.
[ OK ] Created slice user.slice - User and Session Slice.
[ 148.363811] systemd[1]: Started systemd-ask-password-console.path - Dispatch Password Requests to Console Directory Watch.
[ OK ] Started systemd-ask-passwo…quests to Console Directory Watch.
[ 148.368168] systemd[1]: Started systemd-ask-password-wall.path - Forward Password Requests to Wall Directory Watch.
[ OK ] Started systemd-ask-passwo… Requests to Wall Directory Watch.
[ 148.372994] systemd[1]: Set up automount proc-sys-fs-binfmt_misc.automount - Arbitrary Executable File Formats File System Automount Point.
[ OK ] Set up automount proc-sys-…rmats File System Automount Point.
[ 148.377191] systemd[1]: Stopped target initrd-switch-root.target - Switch Root.
[ OK ] Stopped target initrd-switch-root.target - Switch Root.
[ 148.383696] systemd[1]: Stopped target initrd-fs.target - Initrd File Systems.
[ OK ] Stopped target initrd-fs.target - Initrd File Systems.
[ 148.391379] systemd[1]: Stopped target initrd-root-fs.target - Initrd Root File System.
[ OK ] Stopped target initrd-root…get - Initrd Root File System.
[ 148.394967] systemd[1]: Reached target integritysetup.target - Local Integrity Protected Volumes.
[ OK ] Reached target integrityse…Local Integrity Protected Volumes.
[ 148.400759] systemd[1]: Reached target paths.target - Path Units.
[ OK ] Reached target paths.target - Path Units.
[ 148.403670] systemd[1]: Reached target remote-fs.target - Remote File Systems.
[ OK ] Reached target remote-fs.target - Remote File Systems.
[ 148.407333] systemd[1]: Reached target slices.target - Slice Units.
[ OK ] Reached target slices.target - Slice Units.
[ 148.413899] systemd[1]: Reached target swap.target - Swaps.
[ OK ] Reached target swap.target - Swaps.
[ 148.418887] systemd[1]: Reached target veritysetup.target - Local Verity Protected Volumes.
[ OK ] Reached target veritysetup… - Local Verity Protected Volumes.
[ 148.427696] systemd[1]: Listening on systemd-coredump.socket - Process Core Dump Socket.
[ OK ] Listening on systemd-cored…et - Process Core Dump Socket.
[ 148.432084] systemd[1]: Listening on systemd-initctl.socket - initctl Compatibility Named Pipe.
[ OK ] Listening on systemd-initc… initctl Compatibility Named Pipe.
[ 148.435902] systemd[1]: Listening on systemd-networkd.socket - Network Service Netlink Socket.
[ OK ] Listening on systemd-netwo… - Network Service Netlink Socket.
[ 148.441369] systemd[1]: Listening on systemd-oomd.socket - Userspace Out-Of-Memory (OOM) Killer Socket.
[ OK ] Listening on systemd-oomd.…Out-Of-Memory (OOM) Killer Socket.
[ 148.449843] systemd[1]: Listening on systemd-udevd-control.socket - udev Control Socket.
[ OK ] Listening on systemd-udevd….socket - udev Control Socket.
[ 148.455379] systemd[1]: Listening on systemd-udevd-kernel.socket - udev Kernel Socket.
[ OK ] Listening on systemd-udevd…l.socket - udev Kernel Socket.
[ 148.462776] systemd[1]: Listening on systemd-userdbd.socket - User Database Manager Socket.
[ OK ] Listening on systemd-userd…0m - User Database Manager Socket.
[ 148.484288] systemd[1]: Mounting dev-hugepages.mount - Huge Pages File System...
Mounting dev-hugepages.mount - Huge Pages File System...
[ 148.491306] systemd[1]: Mounting dev-mqueue.mount - POSIX Message Queue File System...
Mounting dev-mqueue.mountPOSIX Message Queue File System...
[ 148.501849] systemd[1]: Mounting sys-kernel-debug.mount - Kernel Debug File System...
Mounting sys-kernel-debug.… - Kernel Debug File System...
[ 148.520762] systemd[1]: Mounting sys-kernel-tracing.mount - Kernel Trace File System...
Mounting sys-kernel-tracin… - Kernel Trace File System...
[ 148.528916] systemd[1]: Mounting tmp.mount - Temporary Directory /tmp...
Mounting tmp.mount - Temporary Directory /tmp...
[ 148.538088] systemd[1]: Starting kmod-static-nodes.service - Create List of Static Device Nodes...
Starting kmod-static-nodes…ate List of Static Device Nodes...
[ 148.554834] systemd[1]: Starting modprobe@configfs.service - Load Kernel Module configfs...
Starting modprobe@configfs…m - Load Kernel Module configfs...
[ 148.563126] systemd[1]: Starting modprobe@drm.service - Load Kernel Module drm...
Starting modprobe@drm.service - Load Kernel Module drm...
[ 148.572626] systemd[1]: Starting modprobe@fuse.service - Load Kernel Module fuse...
Starting modprobe@fuse.ser…e - Load Kernel Module fuse...
[ 148.577737] systemd[1]: systemd-fsck-root.service: Deactivated successfully.
[ 148.584641] systemd[1]: Stopped systemd-fsck-root.service - File System Check on Root Device.
[ OK ] Stopped systemd-fsck-root.… File System Check on Root Device.
[ 148.590380] systemd[1]: Stopped systemd-journald.service - Journal Service.
[ OK ] Stopped systemd-journald.service - Journal Service.
[ 148.596458] systemd[1]: systemd-journald-audit.socket - Journal Audit Socket was skipped because of a failed condition check (ConditionSecurity=audit).
[ 148.609061] fuse: init (API version 7.36)
[ 148.612561] systemd[1]: Starting systemd-journald.service - Journal Service...
Starting systemd-journald.service - Journal Service...
[ 148.629714] systemd[1]: Starting systemd-modules-load.service - Load Kernel Modules...
Starting systemd-modules-l…rvice - Load Kernel Modules...
[ 148.638020] systemd[1]: Starting systemd-network-generator.service - Generate network units from Kernel command line...
Starting systemd-network-g… units from Kernel command line...
[ 148.654742] systemd[1]: Starting systemd-remount-fs.service - Remount Root and Kernel File Systems...
Starting systemd-remount-f…nt Root and Kernel File Systems...
[ 148.659883] systemd[1]: systemd-repart.service - Repartition Root Disk was skipped because all trigger condition checks failed.
[ 148.671887] systemd[1]: Starting systemd-udev-trigger.service - Coldplug All udev Devices...
Starting systemd-udev-trig…[0m - Coldplug All udev Devices...
[ 148.679833] systemd[1]: Mounted dev-hugepages.mount - Huge Pages File System.
[ OK ] Mounted dev-hugepages.mount - Huge Pages File System.
[ 148.685654] systemd[1]: Mounted dev-mqueue.mount - POSIX Message Queue File System.
[ OK ] Mounted dev-mqueue.mountOSIX Message Queue File System.
[ 148.689585] systemd[1]: Mounted sys-kernel-debug.mount - Kernel Debug File System.
[ OK ] Mounted sys-kernel-debug.m…nt - Kernel Debug File System.
[ 148.693589] systemd[1]: Mounted sys-kernel-tracing.mount - Kernel Trace File System.
[ OK ] Mounted sys-kernel-tracing…nt - Kernel Trace File System.
[ 148.700126] systemd[1]: Mounted tmp.mount - Temporary Directory /tmp.
[ OK ] Mounted tmp.mount - Temporary Directory /tmp.
[ 148.711663] systemd[1]: Finished kmod-static-nodes.service - Create List of Static Device Nodes.
[ OK ] Finished kmod-static-nodes…reate List of Static Device Nodes.
[ 148.716937] systemd[1]: modprobe@configfs.service: Deactivated successfully.
[ 148.721622] systemd[1]: Finished modprobe@configfs.service - Load Kernel Module configfs.
[ OK ] Finished modprobe@configfs…[0m - Load Kernel Module configfs.
[ 148.728701] systemd[1]: modprobe@drm.service: Deactivated successfully.
[ 148.739654] systemd[1]: Finished modprobe@drm.service - Load Kernel Module drm.
[ OK ] Finished modprobe@drm.service - Load Kernel Module drm.
[ 148.747685] systemd[1]: Started systemd-journald.service - Journal Service.
[ OK ] Started systemd-journald.service - Journal Service.
[ OK ] Finished modprobe@fuse.service - Load Kernel Module fuse.
[ OK ] Finished systemd-modules-l…service - Load Kernel Modules.
[ OK ] Finished systemd-network-g…rk units from Kernel command line.
[ OK ] Finished systemd-remount-f…ount Root and Kernel File Systems.
[ OK ] Reached target network-pre…get - Preparation for Network.
Mounting sys-fs-fuse-conne… - FUSE Control File System...
Mounting sys-kernel-config…ernel Configuration File System...
Starting systemd-sysctl.se…ce - Apply Kernel Variables...
Starting systemd-tmpfiles-…ate Static Device Nodes in /dev...
[ OK ] Mounted sys-fs-fuse-connec…nt - FUSE Control File System.
[ OK ] Mounted sys-kernel-config.… Kernel Configuration File System.
[ OK ] Finished systemd-sysctl.service - Apply Kernel Variables.
[ OK ] Finished systemd-tmpfiles-…reate Static Device Nodes in /dev.
[ OK ] Reached target local-fs-pr…reparation for Local File Systems.
[ OK ] Set up automount efi.autom… - EFI System Partition Automount.
Starting systemd-udevd.ser…ger for Device Events and Files...
[ OK ] Finished systemd-udev-trig…e - Coldplug All udev Devices.
[ OK ] Started systemd-udevd.serv…nager for Device Events and Files.
Starting systemd-networkd.…ice - Network Configuration...
Starting systemd-userdbd.s…ice - User Database Manager...
Starting modprobe@configfs…m - Load Kernel Module configfs...
[ OK ] Finished modprobe@configfs…[0m - Load Kernel Module configfs.
[ OK ] Started systemd-userdbd.service - User Database Manager.
[ OK ] Found device dev-mapper-state.device - /dev/mapper/state.
Starting systemd-makefs@de…ile System on /dev/mapper/state...
[ OK ] Started systemd-networkd.service - Network Configuration.
Starting systemd-networkd-…it for Network to be Configured...
Starting systemd-cryptsetu… - Cryptography Setup for state...
[ OK ] Finished systemd-networkd-…Wait for Network to be Configured.
[ OK ] Finished systemd-cryptsetu…0m - Cryptography Setup for state.
[ OK ] Reached target blockdev@de…Preparation for /dev/mapper/state.
[ OK ] Reached target cryptsetup.…get - Local Encrypted Volumes.
[ 149.824358] cirrus 0000:00:01.0: vgaarb: deactivate vga console
[ 149.900003] lpc_ich 0000:00:1f.0: I/O space for GPIO uninitialized
[ 149.932332] [drm] Initialized cirrus 2.0.0 2019 for 0000:00:01.0 on minor 0
[ 149.946160] fbcon: cirrusdrmfb (fb0) is primary device
[ 149.946163] fbcon: Deferring console take-over
[ 149.959291] cirrus 0000:00:01.0: [drm] fb0: cirrusdrmfb frame buffer device
[ 150.012694] i801_smbus 0000:00:1f.3: Enabling SMBus device
[ 150.016479] i801_smbus 0000:00:1f.3: SMBus using PCI interrupt
[ 150.041984] i2c i2c-0: 1/1 memory slots populated (from DMI)
[ 150.075115] i2c i2c-0: Memory type 0x07 not supported yet, not instantiating SPD
[ 150.254571] iTCO_vendor_support: vendor-support=0
[ 150.300430] iTCO_wdt iTCO_wdt.1.auto: Found a ICH9 TCO device (Version=2, TCOBASE=0x0660)
[ 150.306849] iTCO_wdt iTCO_wdt.1.auto: initialized. heartbeat=30 sec (nowayout=0)
[ OK ] Finished systemd-makefs@de… File System on /dev/mapper/state.
[ 150.317559] input: PC Speaker as /devices/platform/pcspkr/input/input5
Mounting run-state.mount - /run/state...
[ OK ] Reached target sound.target - Sound Card.
[ 150.366862] EXT4-fs (dm-2): mounted filesystem with ordered data mode. Quota mode: none.
[ OK ] Mounted run-state.mount - /run/state.
Mounting etc-cni.mount - /etc/cni...
Mounting etc-kubernetes.mount - /etc/kubernetes...
Mounting opt.mount - /opt...
Mounting var.mount - /var...
[ OK ] Mounted etc-cni.mount - /etc/cni.
[ OK ] Mounted etc-kubernetes.mount - /etc/kubernetes.
[ OK ] Mounted opt.mount - /opt.
[ OK ] Mounted var.mount - /var.
[ OK ] Reached target local-fs.target - Local File Systems.
[ OK ] Listening on systemd-rfkil…l Switch Status /dev/rfkill Watch.
Starting systemd-boot-upda… - Automatic Boot Loader Update...
Starting systemd-journal-f…h Journal to Persistent Storage...
Starting systemd-random-se…ice - Load/Save Random Seed...
Mounting efi.mount - EFI System Partition Automount...
[ 150.491119] systemd-journald[1860]: Received client request to flush runtime journal.
[ OK ] Finished systemd-journal-f…ush Journal to Persistent Storage.
Starting systemd-tmpfiles-… Volatile Files and Directories...
[ OK ] Mounted efi.mount - EFI System Partition Automount.
[ OK ] Finished systemd-random-se…rvice - Load/Save Random Seed.
[ OK ] Reached target first-boot-….target - First Boot Complete.
[ OK ] Finished systemd-boot-upda…0m - Automatic Boot Loader Update.
[ OK ] Finished systemd-tmpfiles-…te Volatile Files and Directories.
Starting systemd-journal-c…e - Rebuild Journal Catalog...
Starting systemd-oomd.serv…pace Out-Of-Memory (OOM) Killer...
Starting systemd-resolved.…e - Network Name Resolution...
Starting systemd-update-ut…rd System Boot/Shutdown in UTMP...
[ OK ] Finished systemd-journal-c…ice - Rebuild Journal Catalog.
Starting systemd-update-do…rvice - Update is Completed...
[ OK ] Finished systemd-update-ut…cord System Boot/Shutdown in UTMP.
[ OK ] Finished systemd-update-do…service - Update is Completed.
[ OK ] Started systemd-oomd.servi…rspace Out-Of-Memory (OOM) Killer.
[ OK ] Started systemd-resolved.s…ice - Network Name Resolution.
[ OK ] Reached target network.target - Network.
[ OK ] Reached target network-online.target - Network is Online.
[ OK ] Reached target nss-lookup.…m - Host and Network Name Lookups.
[ OK ] Reached target sysinit.target - System Initialization.
[ OK ] Started dnf-makecache.timer - dnf makecache --timer.
[ OK ] Started fstrim.timer - Discard unused blocks once a week.
[ OK ] Started systemd-tmpfiles-c… Cleanup of Temporary Directories.
[ OK ] Reached target timers.target - Timer Units.
[ OK ] Listening on dbus.socket-Bus System Message Bus Socket.
[ OK ] Reached target sockets.target - Socket Units.
[ OK ] Reached target basic.target - Basic System.
Starting configure-constel…e provider environment variable...
[ OK ] Started constellation-upgr…[0m - Constellation Upgrade Agent.
Starting containerd.servic… - containerd container runtime...
Starting dracut-shutdown.s…tore /run/initramfs on shutdown...
[ OK ] Started kubelet.servicebelet: The Kubernetes Node Agent.
Starting systemd-logind.se…ice - User Login Management...
Starting systemd-user-sess…vice - Permit User Sessions...
Starting tpm-pcrs.service - Print PCR state on startup...
Starting dbus-broker.servi… - D-Bus System Message Bus...
[ OK ] Finished dracut-shutdown.s…estore /run/initramfs on shutdown.
[ OK ] Finished systemd-user-sess…ervice - Permit User Sessions.
[ OK ] Started getty@tty1.service - Getty on tty1.
[ OK ] Started serial-getty@ttyS0…rvice - Serial Getty on ttyS0.
[ OK ] Reached target getty.target - Login Prompts.
[ OK ] Finished configure-constel…ice provider environment variable.
[ OK ] Started dbus-broker.service - D-Bus System Message Bus.
[ OK ] Started systemd-logind.service - User Login Management.
Starting systemd-hostnamed.service - Hostname Service...
[ OK ] Finished tpm-pcrs.service - Print PCR state on startup.
[ OK ] Started constellation-boot… - Constellation Bootstrapper.
[ OK ] Started systemd-hostnamed.service - Hostname Service.
[ OK ] Started containerd.service…0m - containerd container runtime.
[ OK ] Reached target multi-user.target - Multi-User System.
[ OK ] Reached target graphical.target - Graphical Interface.
Starting systemd-update-ut… Record Runlevel Change in UTMP...
[ OK ] Finished systemd-update-ut… - Record Runlevel Change in UTMP.
[ 153.535941] fbcon: Taking over console
[ 153.539029] cirrus 0000:00:01.0: [drm] drm_plane_enable_fb_damage_clips() not called
[ 153.540986] Console: switching to colour frame buffer device 128x48
Fedora Linux 37 (Thirty Seven)
Kernel 6.0.18-300.fc37.x86_64 on an x86_64 (ttyS0)
constellation v2.5.0-pre.0.20230113150145-82462fab1730
PCR state:
sha256:
0 : 0x7D08997028F34F6CCDD2ED9BD31804CF0B0C7FFF9A4D05299E33620001510281
1 : 0xEE07102D1418518024110872A713A9824BC7F6AE47D62FD0CDE0918C0E249B7E
2 : 0x72001A25201B263BC60F869ACE2F728B09DC4BE78B9C80ADCA87A013C2D26950
3 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
4 : 0x80F3FAD0AAD28777F976FDE8070C333C5B2D4F97C4B1345BE7216133D790A10F
5 : 0xE370387AC240A19B7C6995FB10A28BC6E9AEFFFE50E6E17FE8070CC82FA7A24B
6 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
7 : 0x4D4E0059CDD5CA1F596C3CA7E9F99A4720DB46B1EC4C12BD688E2DA16048DB2F
8 : 0x0000000000000000000000000000000000000000000000000000000000000000
9 : 0xB758EC69003164EFE98A035849B25CD434DB5FEDC0C8DE3A07FAE250819679C2
10: 0xF8AC274A311A68EA09C8FD56E07BA054C52D1784236DD94F8623490691CF5C3C
11: 0x0000000000000000000000000000000000000000000000000000000000000000
12: 0x3122EFD436670BB7537AD083C2B5522F773695C7B34CFD82BB3112E31786486A
13: 0x0000000000000000000000000000000000000000000000000000000000000000
14: 0x92903699AC389BCB38FC6589B0541EDE9329B37FCC30ADEECEEFB4F2CADB7EA5
15: 0x0000000000000000000000000000000000000000000000000000000000000000
16: 0x0000000000000000000000000000000000000000000000000000000000000000
17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
23: 0x0000000000000000000000000000000000000000000000000000000000000000
fedora login: root (automatic login)
Last login: Sat Jan 14 14:22:41 on tty1
~ Welcome to Constellation! ~
Usually, on release versions of Constellation running in the cloud, you are not able to login through the serial console.
This shell access is specifically granted for debug images and MiniConstellation to allow users to research the environment Constellation runs in.
Have fun! Feel free to report any issues to GitHub or security@edgeless.systems (for security vulnerabilities only).
[root@fedora ~]#
Console 2:
virsh # console 2
Connected to domain mini-worker-0
Escape character is ^]
{"level":"INFO","ts":"2023-01-14T14:21:23Z","caller":"mapper/mapper.go:127","msg":"Wiping disk","progress":"28.62%"}
{"level":"INFO","ts":"2023-01-14T14:21:52Z","caller":"mapper/mapper.go:127","msg":"Wiping disk","progress":"58.84%"}
{"level":"INFO","ts":"2023-01-14T14:22:23Z","caller":"mapper/mapper.go:127","msg":"Wiping disk","progress":"91.44%"}
{"level":"INFO","ts":"2023-01-14T14:22:32Z","caller":"mapper/mapper.go:147","msg":"Wiping disk successful","duration":99.925320947}
[ OK ] Finished prepare-state-dis…0m - Prepare encrypted state disk.
[ OK ] Reached target initrd-fs.target - Initrd File Systems.
[ OK ] Reached target initrd.target - Initrd Default Target.
Starting initrd-cleanup.se…ng Up and Shutting Down Daemons...
[ OK ] Stopped target initrd.target - Initrd Default Target.
[ OK ] Stopped target initrd-root…e.target - Initrd Root Device.
[ OK ] Stopped target initrd-usr-…get - Initrd /usr File System.
[ OK ] Stopped target remote-cryp…et - Remote Encrypted Volumes.
[ OK ] Stopped target remote-fs.target - Remote File Systems.
[ OK ] Stopped target remote-fs-p…eparation for Remote File Systems.
[ OK ] Stopped target timers.target - Timer Units.
[ OK ] Stopped dracut-pre-mount.service - dracut pre-mount hook.
[ OK ] Stopped dracut-initqueue.service - dracut initqueue hook.
[ OK ] Stopped prepare-state-disk…0m - Prepare encrypted state disk.
[ OK ] Stopped target network-online.target - Network is Online.
[ OK ] Stopped target network.target - Network.
[ OK ] Stopped target nss-lookup.…m - Host and Network Name Lookups.
[ OK ] Stopped configure-constel-…ice provider environment variable.
[ OK ] Stopped target basic.target - Basic System.
[ OK ] Stopped target paths.target - Path Units.
[ OK ] Stopped target slices.target - Slice Units.
[ OK ] Stopped target sockets.target - Socket Units.
[ OK ] Stopped target sysinit.target - System Initialization.
[ OK ] Stopped target cryptsetup.…get - Local Encrypted Volumes.
[ OK ] Stopped systemd-ask-passwo…quests to Console Directory Watch.
[ OK ] Stopped target local-fs.target - Local File Systems.
[ OK ] Stopped target swap.target - Swaps.
[ OK ] Stopped target veritysetup… - Local Verity Protected Volumes.
[ OK ] Stopped systemd-networkd-w…Wait for Network to be Configured.
Stopping systemd-networkd.…ice - Network Configuration...
Stopping systemd-resolved.…e - Network Name Resolution...
[ OK ] Stopped systemd-time-wait-…it Until Kernel Time Synchronized.
Stopping systemd-timesyncd… - Network Time Synchronization...
[ OK ] Stopped systemd-udev-trigg…e - Coldplug All udev Devices.
[ OK ] Stopped systemd-resolved.s…ice - Network Name Resolution.
[ OK ] Stopped systemd-timesyncd.…0m - Network Time Synchronization.
[ OK ] Stopped systemd-networkd.service - Network Configuration.
[ OK ] Stopped target network-pre…get - Preparation for Network.
[ OK ] Closed systemd-networkd.so… - Network Service Netlink Socket.
[ OK ] Stopped systemd-sysctl.service - Apply Kernel Variables.
[ OK ] Stopped systemd-modules-lo…service - Load Kernel Modules.
[ OK ] Stopped systemd-tmpfiles-s…te Volatile Files and Directories.
Stopping systemd-udevd.ser…ger for Device Events and Files...
[ OK ] Finished initrd-cleanup.se…ning Up and Shutting Down Daemons.
[ OK ] Stopped systemd-udevd.serv…nager for Device Events and Files.
[ OK ] Closed systemd-udevd-contr….socket - udev Control Socket.
[ OK ] Closed systemd-udevd-kernel.socket - udev Kernel Socket.
[ OK ] Stopped dracut-pre-udev.service - dracut pre-udev hook.
[ OK ] Stopped dracut-cmdline.service - dracut cmdline hook.
[ OK ] Stopped dracut-cmdline-ask…for additional cmdline parameters.
Starting initrd-udevadm-cl…ice - Cleanup udev Database...
[ OK ] Stopped systemd-network-ge…rk units from Kernel command line.
[ OK ] Stopped systemd-tmpfiles-s…reate Static Device Nodes in /dev.
[ OK ] Stopped kmod-static-nodes.…reate List of Static Device Nodes.
[ OK ] Stopped systemd-sysusers.service - Create System Users.
[ OK ] Stopped systemd-vconsole-s…rvice - Setup Virtual Console.
[ OK ] Finished initrd-udevadm-cl…rvice - Cleanup udev Database.
[ OK ] Reached target initrd-switch-root.target - Switch Root.
Starting initrd-switch-root.service - Switch Root...
[ 148.621764] systemd-journald[199]: Received SIGTERM from PID 1 (systemd).
[ 148.918417] SELinux: policy capability network_peer_controls=1
[ 148.919773] SELinux: policy capability open_perms=1
[ 148.920975] SELinux: policy capability extended_socket_class=1
[ 148.922471] SELinux: policy capability always_check_network=0
[ 148.924042] SELinux: policy capability cgroup_seclabel=1
[ 148.925168] SELinux: policy capability nnp_nosuid_transition=1
[ 148.926344] SELinux: policy capability genfs_seclabel_symlinks=1
[ 148.927637] SELinux: policy capability ioctl_skip_cloexec=0
[ 148.971428] systemd[1]: Successfully loaded SELinux policy in 104.960ms.
[ 149.084440] systemd[1]: Relabelled /dev, /dev/shm, /run, /sys/fs/cgroup in 81.188ms.
[ 149.110995] systemd[1]: systemd 251.10-588.fc37 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[ 149.122034] systemd[1]: Detected virtualization kvm.
[ 149.124670] systemd[1]: Detected architecture x86-64.
[ 149.127078] systemd[1]: Detected first boot.
Welcome to Fedora Linux 37 (Thirty Seven)!
[ 149.138993] systemd[1]: Initializing machine ID from VM UUID.
[ 149.502210] systemd[1]: bpf-lsm: LSM BPF program attached
[ 149.561674] systemd-fstab-generator[2017]: Using verity root device /dev/mapper/root.
[ 149.603648] systemd-veritysetup-generator[2026]: Using data device /dev/disk/by-partuuid/954e9606-fb9f-b133-c561-0eebc9468acb and hash device /dev/disk/by-partuuid/45f26f1a-5d78-91ab-d9fe-f09421d11aed for root.
[ 150.052005] systemd[1]: Failed to populate /etc with preset unit settings, ignoring: Read-only file system
[ 150.374092] systemd[1]: initrd-switch-root.service: Deactivated successfully.
[ 150.382384] systemd[1]: Stopped initrd-switch-root.service - Switch Root.
[ OK ] Stopped initrd-switch-root.service - Switch Root.
[ 150.386781] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1.
[ 150.396032] systemd[1]: Created slice system-getty.slice - Slice /system/getty.
[ OK ] Created slice system-getty.slice - Slice /system/getty.
[ 150.401339] systemd[1]: Created slice system-modprobe.slice - Slice /system/modprobe.
[ OK ] Created slice system-modpr…lice - Slice /system/modprobe.
[ 150.406154] systemd[1]: Created slice system-serial\x2dgetty.slice - Slice /system/serial-getty.
[ OK ] Created slice system-seria… - Slice /system/serial-getty.
[ 150.410543] systemd[1]: Created slice system-systemd\x2dcryptsetup.slice - Cryptsetup Units Slice.
[ OK ] Created slice system-syste…lice - Cryptsetup Units Slice.
[ 150.421464] systemd[1]: Created slice system-systemd\x2dmakefs.slice - Slice /system/systemd-makefs.
[ OK ] Created slice system-syste…0m - Slice /system/systemd-makefs.
[ 150.428388] systemd[1]: Created slice user.slice - User and Session Slice.
[ OK ] Created slice user.slice - User and Session Slice.
[ 150.435087] systemd[1]: Started systemd-ask-password-console.path - Dispatch Password Requests to Console Directory Watch.
[ OK ] Started systemd-ask-passwo…quests to Console Directory Watch.
[ 150.445540] systemd[1]: Started systemd-ask-password-wall.path - Forward Password Requests to Wall Directory Watch.
[ OK ] Started systemd-ask-passwo… Requests to Wall Directory Watch.
[ 150.451302] systemd[1]: Set up automount proc-sys-fs-binfmt_misc.automount - Arbitrary Executable File Formats File System Automount Point.
[ OK ] Set up automount proc-sys-…rmats File System Automount Point.
[ 150.458429] systemd[1]: Stopped target initrd-switch-root.target - Switch Root.
[ OK ] Stopped target initrd-switch-root.target - Switch Root.
[ 150.462375] systemd[1]: Stopped target initrd-fs.target - Initrd File Systems.
[ OK ] Stopped target initrd-fs.target - Initrd File Systems.
[ 150.465753] systemd[1]: Stopped target initrd-root-fs.target - Initrd Root File System.
[ OK ] Stopped target initrd-root…get - Initrd Root File System.
[ 150.472841] systemd[1]: Reached target integritysetup.target - Local Integrity Protected Volumes.
[ OK ] Reached target integrityse…Local Integrity Protected Volumes.
[ 150.484880] systemd[1]: Reached target paths.target - Path Units.
[ OK ] Reached target paths.target - Path Units.
[ 150.489734] systemd[1]: Reached target remote-fs.target - Remote File Systems.
[ OK ] Reached target remote-fs.target - Remote File Systems.
[ 150.494300] systemd[1]: Reached target slices.target - Slice Units.
[ OK ] Reached target slices.target - Slice Units.
[ 150.498571] systemd[1]: Reached target swap.target - Swaps.
[ OK ] Reached target swap.target - Swaps.
[ 150.502593] systemd[1]: Reached target veritysetup.target - Local Verity Protected Volumes.
[ OK ] Reached target veritysetup… - Local Verity Protected Volumes.
[ 150.517716] systemd[1]: Listening on systemd-coredump.socket - Process Core Dump Socket.
[ OK ] Listening on systemd-cored…et - Process Core Dump Socket.
[ 150.527159] systemd[1]: Listening on systemd-initctl.socket - initctl Compatibility Named Pipe.
[ OK ] Listening on systemd-initc… initctl Compatibility Named Pipe.
[ 150.531909] systemd[1]: Listening on systemd-networkd.socket - Network Service Netlink Socket.
[ OK ] Listening on systemd-netwo… - Network Service Netlink Socket.
[ 150.538002] systemd[1]: Listening on systemd-oomd.socket - Userspace Out-Of-Memory (OOM) Killer Socket.
[ OK ] Listening on systemd-oomd.…Out-Of-Memory (OOM) Killer Socket.
[ 150.547282] systemd[1]: Listening on systemd-udevd-control.socket - udev Control Socket.
[ OK ] Listening on systemd-udevd….socket - udev Control Socket.
[ 150.551660] systemd[1]: Listening on systemd-udevd-kernel.socket - udev Kernel Socket.
[ OK ] Listening on systemd-udevd…l.socket - udev Kernel Socket.
[ 150.559453] systemd[1]: Listening on systemd-userdbd.socket - User Database Manager Socket.
[ OK ] Listening on systemd-userd…0m - User Database Manager Socket.
[ 150.584966] systemd[1]: Mounting dev-hugepages.mount - Huge Pages File System...
Mounting dev-hugepages.mount - Huge Pages File System...
[ 150.593271] systemd[1]: Mounting dev-mqueue.mount - POSIX Message Queue File System...
Mounting dev-mqueue.mountPOSIX Message Queue File System...
[ 150.600080] systemd[1]: Mounting sys-kernel-debug.mount - Kernel Debug File System...
Mounting sys-kernel-debug.… - Kernel Debug File System...
[ 150.610850] systemd[1]: Mounting sys-kernel-tracing.mount - Kernel Trace File System...
Mounting sys-kernel-tracin… - Kernel Trace File System...
[ 150.635614] systemd[1]: Mounting tmp.mount - Temporary Directory /tmp...
Mounting tmp.mount - Temporary Directory /tmp...
[ 150.643131] systemd[1]: Starting kmod-static-nodes.service - Create List of Static Device Nodes...
Starting kmod-static-nodes…ate List of Static Device Nodes...
[ 150.650375] systemd[1]: Starting modprobe@configfs.service - Load Kernel Module configfs...
Starting modprobe@configfs…m - Load Kernel Module configfs...
[ 150.656170] systemd[1]: Starting modprobe@drm.service - Load Kernel Module drm...
Starting modprobe@drm.service - Load Kernel Module drm...
[ 150.662186] systemd[1]: Starting modprobe@fuse.service - Load Kernel Module fuse...
Starting modprobe@fuse.ser…e - Load Kernel Module fuse...
[ 150.666802] systemd[1]: systemd-fsck-root.service: Deactivated successfully.
[ 150.674400] systemd[1]: Stopped systemd-fsck-root.service - File System Check on Root Device.
[ OK ] Stopped systemd-fsck-root.… File System Check on Root Device.
[ 150.678652] systemd[1]: Stopped systemd-journald.service - Journal Service.
[ OK ] Stopped systemd-journald.service - Journal Service.
[ 150.684835] systemd[1]: systemd-journald-audit.socket - Journal Audit Socket was skipped because of a failed condition check (ConditionSecurity=audit).
[ 150.692821] fuse: init (API version 7.36)
[ 150.707622] systemd[1]: Starting systemd-journald.service - Journal Service...
Starting systemd-journald.service - Journal Service...
[ 150.717673] systemd[1]: Starting systemd-modules-load.service - Load Kernel Modules...
Starting systemd-modules-l…rvice - Load Kernel Modules...
[ 150.750669] systemd[1]: Starting systemd-network-generator.service - Generate network units from Kernel command line...
Starting systemd-network-g… units from Kernel command line...
[ 150.761836] systemd[1]: Starting systemd-remount-fs.service - Remount Root and Kernel File Systems...
Starting systemd-remount-f…nt Root and Kernel File Systems...
[ 150.769884] systemd[1]: systemd-repart.service - Repartition Root Disk was skipped because all trigger condition checks failed.
[ 150.786808] systemd[1]: Starting systemd-udev-trigger.service - Coldplug All udev Devices...
Starting systemd-udev-trig…[0m - Coldplug All udev Devices...
[ 150.797900] systemd[1]: Started systemd-journald.service - Journal Service.
[ OK ] Started systemd-journald.service - Journal Service.
[ OK ] Mounted dev-hugepages.mount - Huge Pages File System.
[ OK ] Mounted dev-mqueue.mountOSIX Message Queue File System.
[ OK ] Mounted sys-kernel-debug.m…nt - Kernel Debug File System.
[ OK ] Mounted sys-kernel-tracing…nt - Kernel Trace File System.
[ OK ] Mounted tmp.mount - Temporary Directory /tmp.
[ OK ] Finished kmod-static-nodes…reate List of Static Device Nodes.
[ OK ] Finished modprobe@configfs…[0m - Load Kernel Module configfs.
[ OK ] Finished modprobe@drm.service - Load Kernel Module drm.
[ OK ] Finished modprobe@fuse.service - Load Kernel Module fuse.
[ OK ] Finished systemd-modules-l…service - Load Kernel Modules.
[ OK ] Finished systemd-network-g…rk units from Kernel command line.
[ OK ] Finished systemd-remount-f…ount Root and Kernel File Systems.
[ OK ] Reached target network-pre…get - Preparation for Network.
Mounting sys-fs-fuse-conne… - FUSE Control File System...
Mounting sys-kernel-config…ernel Configuration File System...
Starting systemd-sysctl.se…ce - Apply Kernel Variables...
Starting systemd-tmpfiles-…ate Static Device Nodes in /dev...
[ OK ] Mounted sys-fs-fuse-connec…nt - FUSE Control File System.
[ OK ] Mounted sys-kernel-config.… Kernel Configuration File System.
[ OK ] Finished systemd-sysctl.service - Apply Kernel Variables.
[ OK ] Finished systemd-tmpfiles-…reate Static Device Nodes in /dev.
[ OK ] Reached target local-fs-pr…reparation for Local File Systems.
[ OK ] Set up automount efi.autom… - EFI System Partition Automount.
Starting systemd-udevd.ser…ger for Device Events and Files...
[ OK ] Finished systemd-udev-trig…e - Coldplug All udev Devices.
[ OK ] Started systemd-udevd.serv…nager for Device Events and Files.
Starting systemd-networkd.…ice - Network Configuration...
Starting systemd-userdbd.s…ice - User Database Manager...
Starting modprobe@configfs…m - Load Kernel Module configfs...
[ OK ] Finished modprobe@configfs…[0m - Load Kernel Module configfs.
[ OK ] Found device dev-mapper-state.device - /dev/mapper/state.
Starting systemd-makefs@de…ile System on /dev/mapper/state...
[ OK ] Started systemd-userdbd.service - User Database Manager.
[ OK ] Started systemd-networkd.service - Network Configuration.
Starting systemd-networkd-…it for Network to be Configured...
Starting systemd-cryptsetu… - Cryptography Setup for state...
[ OK ] Finished systemd-cryptsetu…0m - Cryptography Setup for state.
[ OK ] Reached target blockdev@de…Preparation for /dev/mapper/state.
[ OK ] Reached target cryptsetup.…get - Local Encrypted Volumes.
[ 151.776492] cirrus 0000:00:01.0: vgaarb: deactivate vga console
[ 151.845265] lpc_ich 0000:00:1f.0: I/O space for GPIO uninitialized
[ 151.985643] [drm] Initialized cirrus 2.0.0 2019 for 0000:00:01.0 on minor 0
[ OK ] Finished systemd-networkd-…Wait for Network to be Configured.
[ 152.061997] i801_smbus 0000:00:1f.3: Enabling SMBus device
[ 152.119320] i801_smbus 0000:00:1f.3: SMBus using PCI interrupt
[ 152.141510] i2c i2c-0: 1/1 memory slots populated (from DMI)
[ 152.155038] i2c i2c-0: Memory type 0x07 not supported yet, not instantiating SPD
[ 152.254885] fbcon: cirrusdrmfb (fb0) is primary device
[ 152.254891] fbcon: Deferring console take-over
[ 152.263029] cirrus 0000:00:01.0: [drm] fb0: cirrusdrmfb frame buffer device
[ OK ] Finished systemd-makefs@de… File System on /dev/mapper/state.
[ 152.503439] iTCO_vendor_support: vendor-support=0
Mounting run-state.mount - /run/state...
[ 152.526680] EXT4-fs (dm-2): mounted filesystem with ordered data mode. Quota mode: none.
[ OK ] Mounted run-state.mount - /run/state.
[ 152.557914] iTCO_wdt iTCO_wdt.1.auto: Found a ICH9 TCO device (Version=2, TCOBASE=0x0660)
[ 152.560817] input: PC Speaker as /devices/platform/pcspkr/input/input5
[ 152.561359] iTCO_wdt iTCO_wdt.1.auto: initialized. heartbeat=30 sec (nowayout=0)
Mounting etc-cni.mount - /etc/cni...
Mounting etc-kubernetes.mount - /etc/kubernetes...
Mounting opt.mount - /opt...
Mounting var.mount - /var...
[ OK ] Mounted etc-cni.mount - /etc/cni.
[ OK ] Mounted etc-kubernetes.mount - /etc/kubernetes.
[ OK ] Mounted opt.mount - /opt.
[ OK ] Mounted var.mount - /var.
[ OK ] Reached target local-fs.target - Local File Systems.
[ OK ] Reached target sound.target - Sound Card.
[ OK ] Listening on systemd-rfkil…l Switch Status /dev/rfkill Watch.
Starting systemd-boot-upda… - Automatic Boot Loader Update...
Starting systemd-journal-f…h Journal to Persistent Storage...
Starting systemd-random-se…ice - Load/Save Random Seed...
Mounting efi.mount - EFI System Partition Automount...
[ 152.725768] systemd-journald[2040]: Received client request to flush runtime journal.
[ OK ] Finished systemd-journal-f…ush Journal to Persistent Storage.
[ OK ] Finished systemd-random-se…rvice - Load/Save Random Seed.
[ OK ] Mounted efi.mount - EFI System Partition Automount.
[ OK ] Reached target first-boot-….target - First Boot Complete.
Starting systemd-tmpfiles-… Volatile Files and Directories...
[ OK ] Finished systemd-boot-upda…0m - Automatic Boot Loader Update.
[ OK ] Finished systemd-tmpfiles-…te Volatile Files and Directories.
Starting systemd-journal-c…e - Rebuild Journal Catalog...
Starting systemd-oomd.serv…pace Out-Of-Memory (OOM) Killer...
Starting systemd-resolved.…e - Network Name Resolution...
Starting systemd-update-ut…rd System Boot/Shutdown in UTMP...
[ OK ] Finished systemd-journal-c…ice - Rebuild Journal Catalog.
Starting systemd-update-do…rvice - Update is Completed...
[ OK ] Finished systemd-update-ut…cord System Boot/Shutdown in UTMP.
[ OK ] Finished systemd-update-do…service - Update is Completed.
[ OK ] Started systemd-oomd.servi…rspace Out-Of-Memory (OOM) Killer.
[ OK ] Started systemd-resolved.s…ice - Network Name Resolution.
[ OK ] Reached target network.target - Network.
[ OK ] Reached target network-online.target - Network is Online.
[ OK ] Reached target nss-lookup.…m - Host and Network Name Lookups.
[ OK ] Reached target sysinit.target - System Initialization.
[ OK ] Started dnf-makecache.timer - dnf makecache --timer.
[ OK ] Started fstrim.timer - Discard unused blocks once a week.
[ OK ] Started systemd-tmpfiles-c… Cleanup of Temporary Directories.
[ OK ] Reached target timers.target - Timer Units.
[ OK ] Listening on dbus.socket-Bus System Message Bus Socket.
[ OK ] Reached target sockets.target - Socket Units.
[ OK ] Reached target basic.target - Basic System.
Starting configure-constel…e provider environment variable...
[ OK ] Started constellation-upgr…[0m - Constellation Upgrade Agent.
Starting containerd.servic… - containerd container runtime...
Starting dracut-shutdown.s…tore /run/initramfs on shutdown...
[ OK ] Started kubelet.servicebelet: The Kubernetes Node Agent.
Starting systemd-logind.se…ice - User Login Management...
Starting systemd-user-sess…vice - Permit User Sessions...
Starting tpm-pcrs.service - Print PCR state on startup...
Starting dbus-broker.servi… - D-Bus System Message Bus...
[ OK ] Finished systemd-user-sess…ervice - Permit User Sessions.
[ OK ] Started getty@tty1.service - Getty on tty1.
[ OK ] Started serial-getty@ttyS0…rvice - Serial Getty on ttyS0.
[ OK ] Reached target getty.target - Login Prompts.
[ OK ] Finished dracut-shutdown.s…estore /run/initramfs on shutdown.
[ OK ] Finished configure-constel…ice provider environment variable.
[ OK ] Started dbus-broker.service - D-Bus System Message Bus.
[ OK ] Started systemd-logind.service - User Login Management.
Starting systemd-hostnamed.service - Hostname Service...
[ OK ] Finished tpm-pcrs.service - Print PCR state on startup.
[ OK ] Started constellation-boot… - Constellation Bootstrapper.
[ OK ] Started systemd-hostnamed.service - Hostname Service.
[ OK ] Started containerd.service…0m - containerd container runtime.
[ OK ] Reached target multi-user.target - Multi-User System.
[ OK ] Reached target graphical.target - Graphical Interface.
Starting systemd-update-ut… Record Runlevel Change in UTMP...
[ OK ] Finished systemd-update-ut… - Record Runlevel Change in UTMP.
Fedora Linux 37 [ 154.938449] fbcon: Taking over console
(Thirty Seven)
Kernel 6.0.18-300.fc37.x86_64 on an x86_64 (ttyS0)
constellation v2.5.0-pre.0.20230113150145-82462fab1730
PCR state:
sha256:
0 : 0x7D08997028F34F6CCDD2ED9BD31804CF0B0C7FFF9A4D05299E33620001510281[ 154.951874] cirrus 0000:00:01.0: [drm] drm_plane_enable_fb_damage_clips() not called
[ 154.976627] Console: switching to colour frame buffer device 128x48
1 : 0xEE07102D1418518024110872A713A9824BC7F6AE47D62FD0CDE0918C0E249B7E
2 : 0x72001A25201B263BC60F869ACE2F728B09DC4BE78B9C80ADCA87A013C2D26950
3 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
4 : 0x80F3FAD0AAD28777F976FDE8070C333C5B2D4F97C4B1345BE7216133D790A10F
5 : 0xE370387AC240A19B7C6995FB10A28BC6E9AEFFFE50E6E17FE8070CC82FA7A24B
6 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
7 : 0x4D4E0059CDD5CA1F596C3CA7E9F99A4720DB46B1EC4C12BD688E2DA16048DB2F
8 : 0x0000000000000000000000000000000000000000000000000000000000000000
9 : 0xB758EC69003164EFE98A035849B25CD434DB5FEDC0C8DE3A07FAE250819679C2
10: 0xF8AC274A311A68EA09C8FD56E07BA054C52D1784236DD94F8623490691CF5C3C
11: 0x0000000000000000000000000000000000000000000000000000000000000000
12: 0x3122EFD436670BB7537AD083C2B5522F773695C7B34CFD82BB3112E31786486A
13: 0x0000000000000000000000000000000000000000000000000000000000000000
14: 0x92903699AC389BCB38FC6589B0541EDE9329B37FCC30ADEECEEFB4F2CADB7EA5
15: 0x0000000000000000000000000000000000000000000000000000000000000000
16: 0x0000000000000000000000000000000000000000000000000000000000000000
17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
23: 0x0000000000000000000000000000000000000000000000000000000000000000
fedora login: root (automatic login)
Last login: Sat Jan 14 14:22:42 on tty1
~ Welcome to Constellation! ~
Usually, on release versions of Constellation running in the cloud, you are not able to login through the serial console.
This shell access is specifically granted for debug images and MiniConstellation to allow users to research the environment Constellation runs in.
Have fun! Feel free to report any issues to GitHub or security@edgeless.systems (for security vulnerabilities only).
[root@fedora ~]#
The output from journalctl is over 300 MB so I uploaded it to my Google drive and here is the link: https://drive.google.com/file/d/1YqV7NabfQJtobdxtv88V0xdo_4df7vpY/view?usp=sharing
Thank you so much.
Best regards,
Nirusu commented
Oh, I actually expected you to run the journalctl command inside the VM, not on the host machine. That's why the logs are so huge. Can you do that again, please? :)
OmarLaham commented
No worries,
Attached the output from the VM. I remove the file that contains the output of journalctl from my machine.
However, now when I try to move to next step
ubectl get nodes
I get an error message:
W0115 14:14:05.942072 41698 loader.go:222] Config not found: /home/omar/clinicloud/webserver/constellation/constellation-admin.conf
E0115 14:14:05.969919 41698 memcache.go:238] couldn't get current server API group list: <nil>
E0115 14:14:05.971339 41698 memcache.go:238] couldn't get current server API group list: <nil>
E0115 14:14:05.972503 41698 memcache.go:238] couldn't get current server API group list: <nil>
E0115 14:14:05.973436 41698 memcache.go:238] couldn't get current server API group list: <nil>
error: the server doesn't have a resource type "nodes"
Which is logical because I can't find the constellation-admin.conf generated any where.
Thanks and Bests,
Nirusu commented
Jan 15 12:25:32 fedora bootstrapper[3225]: {"level":"FATAL","ts":"2023-01-15T12:25:32Z","logger":"bootstrapper","caller":"bootstrapper/run.go:
61","msg":"Failed to create init server","error":"retrieving init secret hash: could not retrieve init secret hash: Get \"http://10.42.0.1:808
0/initsecrethash\": dial tcp 10.42.0.1:8080: i/o timeout"}
Seems like a networking / firewalling issue. The VM needs to be able to talk through the bridge network interface to port 8080 on your local machine, where the metadata server should be running (which is started as a Docker container, but in host network mode) which provisions the init secret hash to the control plane VM.
Not sure what you need to change exactly right now without digging deeper into your firewall configuration and network setup.
As a start, can you disable your local firewall again (disable ufw, set INPUT & FORWARD to ALLOW in iptables) temporarily? If that works then I guess all that's needed is a few firewalls to pass traffic through correctly.
OmarLaham commented
Thanks.
I disabled firewall and set the policies to ACCEPT in iptables.
I still can't find any "constellation-admin.conf" file after running constellation mini up.
Also, when I navigate through the browser to localhost:8080, I get: 404 page not found.
Best,
Nirusu commented
Wait, so does constellation mini up complete successfully, tell you to run export KUBECONFIG but you cannot find the file? Because it should be in the same directory as the command run it. But it is only written at the very end (since, well, the cluster needs to be initialized correctly) and usually it throws an error if it fails to write the file.
And yes, that's expected for localhost:8080. You need to enter specific API endpoints to get something that's not a 404:
constellation/hack/qemu-metadata-api/server/server.go
Lines 46 to 51 in 67f8336
OmarLaham commented
Not actually. I think it's failing again since I don't have the file there.
Should I post the output of journalctl after I turned off the firewall and set the INPUT and FORWARD policies to ACCEPT?
Nirusu commented
Yes, if mini up does not fully finish there's not going to be no config file.
Would be great if you post a new journalctl without the firewall. Just to confirm if it's still the same issue or something indeed changed.
OmarLaham commented
Here it's :)
Nirusu commented
The logs are from the worker VM... but they actually seem to look pretty good. Now it's definitely past the error you had before, so disabling the firewall seemed to help.
It actually looks healthy, Kubernetes seems to be running... couldn't tell that something is wrong. Unless I am missing something, that is.
Can you also put the logs from the other VM - the control plane one?
And you are still stuck on "Initializing cluster"? Or what output do you get from the CLI?
OmarLaham commented
Thank you so much for reviewing.
The problem was that I run export KUBECONFIG="$PWD/constellation-admin.conf" early.
The constellation cluster actually got 17 mins to get ready and I didn't notice that it was still working because I have already opened a new shell.
Everything is working fine now and I deployed Emoji Vote successfully.
Thanks and Bests,
michaelrun commented
I'm having the similar problems:
Creating cluster in QEMU
Error: creating cluster: creating terraform variables: fetching image reference: sending request for versionsapi.ImageInfo: Get "https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.13.0/image/info.json": context canceled
I'm using my company machine, it connects to internet through http proxy, and I configured the proxy correctly before running the command, will constellation client tool uses the proxy?
export https_proxy=http://proxy-host:proxy-port
export http_proxy=http://proxy-host:proxy-port
but I still got the error, here is the details with debug:
2023-11-23T06:40:32Z DEBUG cmd/miniup_linux_amd64.go:35 Checked arch and os
2023-11-23T06:40:32Z DEBUG cmd/miniup_linux_amd64.go:40 Checked that /dev/kvm exists
2023-11-23T06:40:32Z DEBUG cmd/miniup_linux_amd64.go:48 Checked CPU cores - there are 192
2023-11-23T06:40:32Z DEBUG cmd/miniup_linux_amd64.go:66 Scanned for available memory
2023-11-23T06:40:32Z DEBUG cmd/miniup_linux_amd64.go:74 Checked available memory, you have 1006GB available
2023-11-23T06:40:32Z DEBUG cmd/miniup_linux_amd64.go:84 Checked for free space available, you have 117GB available
A config file already exists in the configured workspace.
2023-11-23T06:40:40Z DEBUG cmd/miniup.go:187 Creating mini cluster
Error: creating cluster: creating terraform variables: fetching image reference: sending request for versionsapi.ImageInfo: Get "https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.13.0/image/info.json": dial tcp 13.225.103.76:443: connect: connection timed out