rancher / os2

EXPERIMENTAL: A Rancher and Kubernetes optimized immutable Linux distribution based on openSUSE

https://rancher.github.io/os2/

TPM device is a hard requirement

mudler opened this issue 2 years ago · comments

Ettore Di Giacinto commented 2 years ago

Can't join nodes that don't have a TPM device, getting the following error when calling ros-installer -config-file /oem/userdata.yaml:

ERRO[0000] failed to read registration URL https://xx.lan/v1-rancheros/registration/xxxx, retrying: opening tpm: TPM device not available

This is an issue at least for running vagrant images as VirtualBox currently doesn't support TPM, but applies to other hypervisors including raspberrypi4 and baremetal which don't have the TPM hardware in general

Note, this doesn't seem to be an issue for libvirt/qemu: https://documentation.suse.com/sles/15-SP3/html/SLES-all/tpm.html
stefanberger/swtpm#33

See also: stefanberger/swtpm#33

Ettore Di Giacinto commented 2 years ago

One way to do that with swtmp is to set a different CommandChannel when we read the TPM device here:
https://github.com/rancher/rancherd/blob/bdf5642d62d50b9cd23eaabfdc848637bf62e056/pkg/tpm/tpm.go#L37 pointing for e.g. to swtmp socket

Klaus Kämpf commented 2 years ago

Please see https://rancher.github.io/elemental/ for a successor of 'os2'.
and esp. rancher/elemental-operator#235