Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 31370b07f0df2dc2765d812d4ce00a6b35185b16 / . / metropolis / node / BUILD.bazel
blob: 2da33e6b99cc53f9378d01a9c1755d400e9acae1 [file] [log] [blame]
load("@io_bazel_rules_go//go:def.bzl", "go_library")
load("//metropolis/node/build:def.bzl", "node_initramfs")
go_library(
name = "go_default_library",
srcs = ["ports.go"],
importpath = "source.monogon.dev/metropolis/node",
visibility = ["//metropolis:__subpackages__"],
)
# debug_build checks if we're building in debug mode and enables various debug features for the image.
config_setting(
name = "debug_build",
values = {
"compilation_mode": "dbg",
},
)
node_initramfs(
name = "initramfs",
extra_dirs = [
"/kubernetes/conf/flexvolume-plugins",
"/containerd/run",
],
files = {
"//metropolis/node/core": "/init",
"//third_party/xfsprogs:mkfs.xfs": "/bin/mkfs.xfs",
# CA Certificate bundle & os-release
"@cacerts//file": "/etc/ssl/cert.pem",
":os-release-info": "/etc/os-release",
# Hyperkube
"//metropolis/node/kubernetes/hyperkube": "/kubernetes/bin/kube",
# CoreDNS
"@com_github_coredns_coredns//:coredns": "/kubernetes/bin/coredns",
# runsc/gVisor
"@com_github_google_gvisor//runsc": "/containerd/bin/runsc",
"@com_github_google_gvisor_containerd_shim//cmd/containerd-shim-runsc-v1": "/containerd/bin/containerd-shim-runsc-v1",
# runc (runtime in files_cc because of cgo)
"@com_github_containerd_containerd//cmd/containerd-shim-runc-v2": "/containerd/bin/containerd-shim-runc-v2",
# Containerd
"@com_github_containerd_containerd//cmd/containerd": "/containerd/bin/containerd",
# Containerd config files
"//metropolis/node/kubernetes/containerd:runsc.toml": "/containerd/conf/runsc.toml",
"//metropolis/node/kubernetes/containerd:config.toml": "/containerd/conf/config.toml",
"//metropolis/node/kubernetes/containerd:cnispec.gojson": "/containerd/conf/cnispec.gojson",
# Containerd preseed bundles
"//metropolis/test/e2e/preseedtest:preseedtest.tar": "/containerd/preseed/k8s.io/preseedtest.tar",
"//metropolis/test/e2e/k8s_cts:k8s_cts_image.tar": "/containerd/preseed/k8s.io/k8s_cts.tar",
# CNI Plugins
"@com_github_containernetworking_plugins//plugins/main/loopback": "/containerd/bin/cni/loopback",
"@com_github_containernetworking_plugins//plugins/main/ptp": "/containerd/bin/cni/ptp",
"@com_github_containernetworking_plugins//plugins/ipam/host-local": "/containerd/bin/cni/host-local",
# Delve
"@com_github_go_delve_delve//cmd/dlv:dlv": "/dlv",
},
files_cc = {
# runc runtime, with cgo
"@com_github_opencontainers_runc//:runc": "/containerd/bin/runc",
},
)
genrule(
name = "image",
srcs = [
"//third_party/linux:bzImage",
":initramfs",
],
outs = [
"node.img",
],
cmd = """
$(location //metropolis/node/build/mkimage) \
-efi $(location //third_party/linux:bzImage) \
-initramfs $(location :initramfs) \
-out $@
""",
tools = [
"//metropolis/node/build/mkimage",
],
visibility = [
"//metropolis/test/launch:__subpackages__",
"//metropolis/test/e2e:__subpackages__",
],
)
genrule(
name = "swtpm_data",
outs = [
"tpm/tpm2-00.permall",
"tpm/signkey.pem",
"tpm/issuercert.pem",
],
cmd = """
mkdir -p tpm/ca
cat <<EOF > tpm/swtpm.conf
create_certs_tool= /usr/share/swtpm/swtpm-localca
create_certs_tool_config = tpm/swtpm-localca.conf
create_certs_tool_options = /etc/swtpm-localca.options
EOF
cat <<EOF > tpm/swtpm-localca.conf
statedir = tpm/ca
signingkey = tpm/ca/signkey.pem
issuercert = tpm/ca/issuercert.pem
certserial = tpm/ca/certserial
EOF
swtpm_setup \
--tpmstate tpm \
--create-ek-cert \
--create-platform-cert \
--allow-signing \
--tpm2 \
--display \
--pcr-banks sha1,sha256,sha384,sha512 \
--config tpm/swtpm.conf
cp tpm/tpm2-00.permall $(location tpm/tpm2-00.permall)
cp tpm/ca/issuercert.pem $(location tpm/issuercert.pem)
cp tpm/ca/signkey.pem $(location tpm/signkey.pem)
""",
visibility = [
"//metropolis/test/launch:__subpackages__",
"//metropolis/test/e2e:__subpackages__",
],
)
load("//metropolis/node/build/genosrelease:defs.bzl", "os_release")
os_release(
name = "os-release-info",
os_id = "metropolis-node",
os_name = "Metropolis Node",
stamp_var = "STABLE_METROPOLIS_version",
)