From 6bdeab50f4c9d7b4247151f0ea883f575532d339 Mon Sep 17 00:00:00 2001 From: HuijingHei Date: Thu, 5 Sep 2024 16:14:37 +0800 Subject: [PATCH] gcp: Support `AMD SEV-SNP` confidential instances Fix https://github.com/coreos/coreos-assembler/issues/3556 --- go.mod | 2 +- mantle/cmd/kola/options.go | 14 +++++++++----- mantle/platform/api/gcloud/api.go | 2 +- mantle/platform/api/gcloud/compute.go | 4 ++-- vendor/modules.txt | 2 +- 5 files changed, 14 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 1585b0d9f4..e50dcead15 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,7 @@ require ( golang.org/x/oauth2 v0.14.0 golang.org/x/sys v0.14.0 golang.org/x/term v0.14.0 - google.golang.org/api v0.151.0 + google.golang.org/api v0.196.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 ) diff --git a/mantle/cmd/kola/options.go b/mantle/cmd/kola/options.go index a7e445d1a8..ead17f1e4f 100644 --- a/mantle/cmd/kola/options.go +++ b/mantle/cmd/kola/options.go @@ -125,7 +125,7 @@ func init() { sv(&kola.GCPOptions.ServiceAcct, "gcp-service-account", "", "GCP service account to attach to instance (default project default)") bv(&kola.GCPOptions.ServiceAuth, "gcp-service-auth", false, "for non-interactive auth when running within GCP") sv(&kola.GCPOptions.JSONKeyFile, "gcp-json-key", "", "use a service account's JSON key for authentication (default \"~/"+auth.GCPConfigPath+"\")") - bv(&kola.GCPOptions.Confidential, "gcp-confidential-vm", false, "create confidential instances") + sv(&kola.GCPOptions.ConfidentialType, "gcp-confidential-type", "", "create confidential instances") // openstack-specific options sv(&kola.OpenStackOptions.ConfigPath, "openstack-config-file", "", "Path to a clouds.yaml formatted OpenStack config file. The underlying library defaults to ./clouds.yaml") @@ -245,10 +245,14 @@ func syncOptionsImpl(useCosa bool) error { if kolaPlatform == "gcp" && kola.GCPOptions.MachineType == "" { switch kola.Options.CosaBuildArch { case "x86_64": - if kola.GCPOptions.Confidential { - // https://cloud.google.com/compute/confidential-vm/docs/locations - fmt.Print("Setting instance type for confidential computing") - kola.GCPOptions.MachineType = "n2d-standard-2" + if kola.GCPOptions.ConfidentialType != "" { + if kola.GCPOptions.ConfidentialType == "SEV" || kola.GCPOptions.ConfidentialType == "SEV_SNP" { + // https://cloud.google.com/compute/confidential-vm/docs/locations + fmt.Print("Setting instance type for confidential computing") + kola.GCPOptions.MachineType = "n2d-standard-2" + } else { + return fmt.Errorf("Confidential type only supports [SEV, SEV_SNP]") + } } else { kola.GCPOptions.MachineType = "n1-standard-1" } diff --git a/mantle/platform/api/gcloud/api.go b/mantle/platform/api/gcloud/api.go index 134b8149f1..e33f5d417b 100644 --- a/mantle/platform/api/gcloud/api.go +++ b/mantle/platform/api/gcloud/api.go @@ -42,7 +42,7 @@ type Options struct { ServiceAcct string JSONKeyFile string ServiceAuth bool - Confidential bool + ConfidentialType string *platform.Options } diff --git a/mantle/platform/api/gcloud/compute.go b/mantle/platform/api/gcloud/compute.go index 9e8e16434f..147bdfcfcd 100644 --- a/mantle/platform/api/gcloud/compute.go +++ b/mantle/platform/api/gcloud/compute.go @@ -147,9 +147,9 @@ func (a *API) mkinstance(userdata, name string, keys []*agent.Key, opts platform }) } // create confidential instance - if a.options.Confidential { + if a.options.ConfidentialType == "SEV" || a.options.ConfidentialType == "SEV_SNP" { instance.ConfidentialInstanceConfig = &compute.ConfidentialInstanceConfig{ - EnableConfidentialCompute: true, + ConfidentialInstanceType: a.options.ConfidentialType, } instance.Scheduling = &compute.Scheduling{ OnHostMaintenance: "TERMINATE", diff --git a/vendor/modules.txt b/vendor/modules.txt index f425692100..58b7636ff1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -619,7 +619,7 @@ golang.org/x/text/unicode/norm # golang.org/x/time v0.3.0 ## explicit golang.org/x/time/rate -# google.golang.org/api v0.151.0 +# google.golang.org/api v0.196.0 ## explicit; go 1.19 google.golang.org/api/compute/v1 google.golang.org/api/googleapi