search

canonical / tdx

Intel confidential computing - TDX
GNU General Public License v3.0
103 stars 41 forks source link

add network to guest to make it accessible via IP #239

Closed hector-cao closed 1 month ago

hector-cao commented 1 month ago

This work has been motivated by the demo we were trying to do for Confidential RAG where we will need multiple TD VMs to communicate between them.

With this change, the guest will be accessible via it own IP:

ssh root@<IP>

instead of 

ssh -p <forward-port> root@localhost

And tdvirsh list will also print the guest IP:

$ ./tdvirsh list
Id   Name                                                        State 
--------------------------------------------------------------------------- 
2    tdvirsh-trust_domain-508f629e-4e86-4969-8517-da1ba35258ed   running (ip:192.168.122.212, hostfwd:44321, cid:3)
hector-cao commented 1 month ago

Can you still ssh in using localhost + port or does this change mean you can only use the IP? In either case we should update the README to describe what is supported.

About the tdvirsh list output:

$ ./tdvirsh list
Id   Name                                                        State 
--------------------------------------------------------------------------- 
1    tdvirsh-trust_domain-508f629e-4e86-4969-8517-da1ba35258ed   running (ip:192.168.122.212/24, ssh:45585, cid:3)
  • I don't think you need to show the CIDR for the IP (the /24 should be stripped)
  • Now that there is a different method for ssh supported (or multiple), I think the ssh:45585 should be clarified or re-named
  • 1) I just too what virsh gave me, i think we can let it as it is since it will require extra code if we want to remove the /24
  • 2) Yes, i will rename the ssh part, that makes me think that i will also need to update the README,
frenchwr commented 1 month ago

I just too what virsh gave me, i think we can let it as it is since it will require extra code if we want to remove the /24

I think it will cause confusion because many users will not understand what it means, and it may lead to issues as you cannot pass a subnet to ssh.

hector-cao commented 1 month ago

I just too what virsh gave me, i think we can let it as it is since it will require extra code if we want to remove the /24

I think it will cause confusion because many users will not understand what it means, and it may lead to issues as you cannot pass a subnet to ssh.

Ok, got it, i will do the change. Thanks !