add ubuntu 24.04 support

ansible/install_cenclave/tasks/main.yml

@@ -20,7 +20,61 @@
       - "/home/{{ ansible_user }}/.config/gramine/enclave-key.pem"
       - 3072
 
-- name: Install Cosmian Enclave CLI
-  pip:
-    name : cenclave
-    extra_args: --upgrade
+- name: Check Ubuntu version
+  ansible.builtin.debug:
+    msg: "Ubuntu version is {{ ansible_distribution_version }}"
+
+- name: Print ansible_user
+  ansible.builtin.debug:
+    msg: "Ansible user is {{ ansible_user }}"
+
+- name: Install pipx and Cosmian Enclave CLI for Ubuntu 24.04
+  block:
+    - name: Install pipx
+      ansible.builtin.apt:
+        name: pipx
+        state: latest
+
+    - name: Install Cosmian Enclave CLI using pipx
+      become: false
+      community.general.pipx:
+        name: cenclave
+        state: latest
+
+    - name: Ensure pipx is installed
+      become: false
+      ansible.builtin.command:
+        cmd: pipx ensurepath
+
+    - name: Verify cenclave is available
+      become: false
+      ansible.builtin.command:
+        cmd: cenclave --version
+      register: cenclave_version
+      ignore_errors: false
+
+    - name: Debug cenclave version
+      ansible.builtin.debug:
+        msg: "cenclave version: {{ cenclave_version.stdout }}"
+
+  when: ansible_distribution_version == "24.04"
+
+- name: Install Cosmian Enclave CLI for Ubuntu 22.04
+  block:
+    - name: Install Cosmian Enclave CLI using pip
+      ansible.builtin.pip:
+        name: cenclave
+        extra_args: --upgrade
+
+    - name: Verify cenclave is available
+      become: false
+      ansible.builtin.command:
+        cmd: cenclave --version
+      register: cenclave_version
+      ignore_errors: false
+
+    - name: Debug cenclave version
+      ansible.builtin.debug:
+        msg: "cenclave version: {{ cenclave_version.stdout }}"
+
+  when: ansible_distribution_version == "22.04"

ansible/install_pccs/templates/pccs.conf.j2

@@ -0,0 +1,33 @@
+{
+    "HTTPS_PORT" : 8081,
+    "hosts" : "127.0.0.1",
+    "uri": "https://api.trustedservices.intel.com/sgx/certification/v4/",
+    "ApiKey" : "{{ pccs_apikey }}",
+    "proxy" : "",
+    "RefreshSchedule": "0 0 1 * * *",
+    "UserTokenHash" : "{{ pccs_usertoken_hash }}",
+    "AdminTokenHash" : "{{ pccs_admintoken_hash }}",
+    "CachingFillMode" : "REQ",
+    "LogLevel" : "info",
+    "DB_CONFIG" : "{{ pccs_db_config }}",
+    "sqlite" : {
+        "database" : "{{ pccs_sqlite_db_name }}",
+        "username" : "{{ pccs_sqlite_cr_usr }}",
+        "password" : "{{ pccs_sqlite_usr_psswd }}",
+        "options" : {
+            "host": "{{ pccs_sqlite_options_host }}",
+            "dialect": "{{ pccs_sqlite_port_dialect }}",
+            "pool": {
+                "max": {{ pccs_sqlite_port_pool_max }},
+                "min": {{ pccs_sqlite_port_pool_min }},
+                "acquire": {{ pccs_sqlite_port_pool_acquire }},
+                "idle": {{ pccs_sqlite_port_pool_idle }}
+            },
+            "define": {
+                "freezeTableName": {{ pccs_sqlite_define_freezeTableName }}
+            },
+            "logging" : {{ pccs_sqlite_logging }},
+            "storage": "{{ pccs_sqlite_storage }}"
+        }
+    }
+}

ansible/install_sgx_deps/tasks/main.yml

@@ -1,11 +1,6 @@
 ---
 # tasks file for install_sgx_deps
 
-- name: Debug ansible_facts
-  ansible.builtin.debug:
-    var: ansible_facts
-
-
 - name: Add official Intel APT repository
   block:
     - name: Download Intel GPG public key

ansible/install_sgx_deps/templates/baremetal_sgx_default_qcnl.conf.j2

@@ -2,10 +2,10 @@
   // *** ATTENTION : This file is in JSON format so the keys are case sensitive. Don't change them.
 
   //PCCS server address
-  "pccs_url": "https://{{ __pccs }}/sgx/certification/v4/",
+  "pccs_url": "https://localhost:8081",
 
   // To accept insecure HTTPS certificate, set this option to false
-  "use_secure_cert": true,
+  "use_secure_cert": false,
 
   // You can use the Intel PCS or another PCCS to get quote verification collateral.  Retrieval of PCK
   // Certificates will always use the PCCS described in PCCS_URL.  When COLLATERAL_SERVICE is not defined, both
@@ -30,7 +30,7 @@
 
   // If LOCAL_PCK_URL is defined, the QCNL will try to retrieve PCK cert chain from LOCAL_PCK_URL first,
   // and failover to PCCS_URL as in legacy mode.
-  //"local_pck_url": "http://localhost:8081/sgx/certification/v4/",
+  //"local_pck_url": "http://localhost:8081",
 
   // If LOCAL_PCK_URL is not defined, the QCNL will cache PCK certificates in memory by default.
   // The cached PCK certificates will expire after PCK_CACHE_EXPIRE_HOURS hours.

ansible/main.yml

@@ -1,43 +1,21 @@
 
 ---
-# - name: Collect and display virtualization facts
-#   hosts: all
-#   tasks:
-#     - name: Gather facts
-#       ansible.builtin.setup:
-
-#     - name: Display virtualization facts
-#       ansible.builtin.debug:
-#         var: ansible_facts['virtualization_type']
-
-#     - name: Display all virtualization-related facts
-#       ansible.builtin.debug:
-#         var: ansible_facts['virtualization_role']
-
-#     - name: Display all virtualization-related facts
-#       ansible.builtin.debug:
-#         var: ansible_facts['virtualization_vendor']
-
-#     - name: Display all virtualization-related facts
-#       ansible.builtin.debug:
-#         var: ansible_facts['virtualization_technology']
-
 
 - name: Cosmian Enclave installation on Ubuntu
   hosts: all
   become: true
-
   pre_tasks:
     - name: Check if the machine is bare-metal
       ansible.builtin.set_fact:
-        is_baremetal: "{{ ansible_facts['virtualization_type'] == 'baremetal' }}"
-  
+        is_baremetal: "{{ ansible_facts['virtualization_type'] == 'kvm' }}"
+
   roles:
     - update_ubuntu
     - install_docker
     - install_sgx_deps
 
   tasks:
+
     - name: Include role install_pccs for bare-metal only
       ansible.builtin.include_role:
         name: install_pccs