Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP4:FactoryCandidates
keylime-control-plane-image
README
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File README of Package keylime-control-plane-image
Keylime control plane --------------------- This container delivers the control plane service (verifier and registrar) and command line tool (tenant) for the Keylime project for remote attestation based on TPM2. Installation and use -------------------- The container is already present in the OBS project devel:microos:containers, and can be pulled directly from it. podman pull \ registry.opensuse.org/devel/microos/containers/containerfile/opensuse/keylime-control-plane:latest The different services will require an additional volume to persist the database and certificates required during the attestation process. A volume can be created running the "install" label. podman container runlabel install \ registry.opensuse.org/devel/microos/containers/containerfile/opensuse/keylime-control-plane:latest This will create the "keylime-control-plane-volume" volume. This command should be executed only one time. To launch the services we can execute the "run" label. podman container runlabel run \ registry.opensuse.org/devel/microos/containers/containerfile/opensuse/keylime-control-plane:latest This will create the "keylime-control-plane-container" container, and inside there the Keylime registrar and verifier services will be configured and executed. Internally it will expose several ports from the container into the host, using the default values. Validate the firewall configuration to allow the access to those ports, and to allow communication intra-containers, as this will be required later when we execute the tenant CLI. We can monitor the status with podman. podman ps podman logs keylime-control-plane-container The first time that this container gets executed, the services will create a certificate that will be required later by the different agents. We can extract the certificate with this command: podman cp \ keylime-control-plane-container:/var/lib/keylime/cv_ca/cacert.crt . Another possibility is to mount the "keylime-control-plane-volume" and copy it from there. The tenant CLI tool is present in the container, and if the host firewall is properly configured, it can be executed using the same image. podman run --rm \ -v keylime-control-plane-container:/var/lib/keylime \ keylime-control-plane:latest \ keylime_tenant -v 10.88.0.1 -r 10.88.0.1 --cert default -c reglist We can stop the services via the kill command. podman kill keylime-control-plane-container
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
