quickstart(openchami-svcs,tpm-manager): add cloud-init server

The tpm-manager compose file, in particular, includes an override clause which enables the cloud-init server's "secure route" (i.e. JWT-authenticated config data).
OpenCHAMI · Jul 16, 2024 · 91220b5 · 91220b5
1 parent 3cb7923
commit 91220b5
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/quickstart/openchami-svcs.yml b/quickstart/openchami-svcs.yml
@@ -112,5 +112,24 @@ services:
       interval: 5s
       timeout: 10s
       retries: 60
-
-
+###
+# cloud-init Server Container
+###
+  # cloud-init server, with the secure route disabled for now
+  cloud-init:
+    image: ghcr.io/openchami/cloud-init:v0.1.0
+    container_name: cloud-init
+    hostname: cloud-init
+    environment:
+      - LISTEN_ADDR=:27777
+      - SMD_URL=http://smd:27779
+      - OPAAL_URL=http://opaal:3333
+    ports:
+      - '27777:27777'
+    depends_on:
+      smd:
+        condition: service_healthy
+      opaal:
+        condition: service_healthy
+    networks:
+      - internal
diff --git a/quickstart/tpm-manager.yml b/quickstart/tpm-manager.yml
@@ -18,3 +18,11 @@ services:
         condition: service_healthy
     networks:
       - internal
+  ###
+  # cloud-init server container, provides secured config access via JWT authorization
+  # NOTE: This merges with the default cloud-init config specified in openchami-svcs.yml
+  ###
+  cloud-init:
+    environment:
+      # This enables the server's secure route
+      - JWKS_URL=http://opaal:3333/keys