search

rancher / os2

EXPERIMENTAL: A Rancher and Kubernetes optimized immutable Linux distribution based on openSUSE
https://rancher.github.io/os2/
Apache License 2.0
82 stars 16 forks source link

TPM device is a hard requirement #9

Closed mudler closed 1 year ago

mudler commented 2 years ago

Can't join nodes that don't have a TPM device, getting the following error when calling ros-installer -config-file /oem/userdata.yaml:

ERRO[0000] failed to read registration URL https://xx.lan/v1-rancheros/registration/xxxx, retrying: opening tpm: TPM device not available

This is an issue at least for running vagrant images as VirtualBox currently doesn't support TPM, but applies to other hypervisors including raspberrypi4 and baremetal which don't have the TPM hardware in general

Note, this doesn't seem to be an issue for libvirt/qemu: https://documentation.suse.com/sles/15-SP3/html/SLES-all/tpm.html https://github.com/stefanberger/swtpm/issues/33

See also: https://github.com/stefanberger/swtpm/issues/33

mudler commented 2 years ago

One way to do that with swtmp is to set a different CommandChannel when we read the TPM device here: https://github.com/rancher/rancherd/blob/bdf5642d62d50b9cd23eaabfdc848637bf62e056/pkg/tpm/tpm.go#L37 pointing for e.g. to swtmp socket

kkaempf commented 1 year ago

Please see https://rancher.github.io/elemental/ for a successor of 'os2'. and esp. https://github.com/rancher/elemental-operator/issues/235