Update the method of deploying trustee for both GCP and bare-metal VM

Signed-off-by: Roy Kaufman <[email protected]>

Author: Roy Kaufman

configs/trustee-gcp.bu

@@ -34,7 +34,11 @@ storage:
     - path: /usr/local/bin/populate_kbs.sh
       mode: 0755
       contents:
-        local: populate_kbs.sh
+        local: populate_kbs_gcp.sh
+    - path: /usr/local/bin/kbs-client
+      mode: 0755
+      contents:
+        local: kbs-client
     - path: /etc/containers/systemd/key-generation.container
       mode: 0644
       contents:

configs/trustee.bu

@@ -8,8 +8,6 @@ passwd:
 
 systemd:
   units:
-    - name: zincati.service
-      enabled: false
     - name: [email protected]
       dropins:
       - name: autologin-core.conf
@@ -21,16 +19,53 @@ systemd:
           ExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM
 
 storage:
-  trees:
-    - local: "."
-      path: "/"
   directories:
-    - path: /var/srv/www
-      overwrite: true
+  - path: /var/kbs/config
+    overwrite: true
+  - path: /var/srv/www
+    overwrite: true
   files:
     - path: /etc/profile.d/systemd-pager.sh
       mode: 0644
       contents:
         inline: |
           # Tell systemd to not use a pager when printing information
           export SYSTEMD_PAGER=cat
+    - path: /usr/local/bin/populate_kbs.sh
+      mode: 0755
+      contents:
+        local: populate_kbs.sh
+    - path: /usr/local/bin/kbs-client
+      mode: 0755
+      contents:
+        local: kbs-client
+    - path: /etc/containers/systemd/key-generation.container
+      mode: 0644
+      contents:
+        local: containers/key-generation.container
+    - path: /var/kbs/config/kbs-config.toml
+      mode: 0644
+      contents:
+        local: kbs-config.toml
+    - path: /etc/containers/systemd/kbs.container
+      mode: 0644
+      contents:
+        local: containers/kbs.container
+    - path: /etc/containers/systemd/kbs-client.container
+      mode: 0644
+      contents:
+        local: containers/kbc.container
+    - path: /etc/containers/systemd/nginx.container
+      mode: 0644
+      contents:
+        local: containers/nginx.container
+    - path: /etc/containers/systemd/register-ak.container
+      mode: 0644
+      contents:
+        local: containers/register-ak.container
+    - path /opt/policy.rego
+      mode: 0755
+      contents:
+        local: policy.rego
+
+

configs/trustee-gcp/containers/kbc.container renamed to configs/trustee/containers/kbc.container

@@ -4,7 +4,7 @@ After=key-generation.container
 
 [Container]
 ContainerName=kbs-client
-Image=quay.io/rkaufman/trustee-attester:TPM-additional-dev
+Image=quay.io/trusted-execution-clusters/trustee-attester:TPM-additional-dev
 Network=host
 Volume=user-keys:/opt/confidential-containers/kbs/user-keys
 Exec=tail -f /dev/null

configs/trustee-gcp/containers/kbs.container renamed to configs/trustee/containers/kbs.container

@@ -4,7 +4,7 @@ After=key-generation.container
 
 [Container]
 ContainerName=kbs
-Image=quay.io/rkaufman/trustee-attester:TPM-additional-dev
+Image=quay.io/trusted-execution-clusters/key-broker-service:fix-TPM-report-data-size
 Network=host
 Entrypoint=/usr/local/bin/kbs
 PublishPort=8080:8080