Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 3a99c590543394ceb5260282ef8e924b44e8eef8^! / . / metropolis / node / BUILD.bazel
commit3a99c590543394ceb5260282ef8e924b44e8eef8[log] [tgz]
authorLorenz Brun <lorenz@nexantic.com>Tue Jan 26 19:57:21 2021 +0100
committerLorenz Brun <lorenz@nexantic.com>Tue Jan 26 19:57:21 2021 +0100
treee1b727a0c12b387e1bc12d71826405b8b588fa40
parent6b13bf1a98c4a612d13ae939e68802e77fb45474 [diff] [blame]
Switch Metropolis to EROFS-based root filesystem

This gets rid of the old large initramfs and switches to an EROFS-based root
filesystem. It also drops the copy & remount compatibility code. As this filesystem is
properly read-only and not just ephemeral, this also brings various changes to the code
to make systems compatible with that.

Test Plan: Covered by E2E tests, also manually smoke-tested.

X-Origin-Diff: phab/D696
GitOrigin-RevId: 037f2b8253e7cff8435cc79771fad05f53670ff0

diff --git a/metropolis/node/BUILD.bazel b/metropolis/node/BUILD.bazel
index 5c0934f..9d6957e 100644
--- a/metropolis/node/BUILD.bazel
+++ b/metropolis/node/BUILD.bazel

@@ -1,5 +1,5 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
-load("//metropolis/node/build:def.bzl", "node_initramfs")
+load("//metropolis/node/build:def.bzl", "erofs_image")
 
 go_library(
     name = "go_default_library",
@@ -16,18 +16,29 @@
     },
 )
 
-node_initramfs(
-    name = "initramfs",
+erofs_image(
+    name = "rootfs",
     extra_dirs = [
         "/kubernetes/conf/flexvolume-plugins",
         "/containerd/plugins",
+        "/sys",
+        "/proc",
+        "/dev",
+        "/esp",
+        "/tmp",
+        "/run",
+        "/ephemeral",
+        "/data",
     ],
     files = {
         "//metropolis/node/core": "/init",
         "//third_party/xfsprogs:mkfs.xfs": "/bin/mkfs.xfs",
 
-        # CA Certificate bundle & os-release
+        # CA Certificate bundle & os-release & resolv.conf
+        # These should not be explicitly used by Metropolis code and are only here for compatibility with
+        # paths hardcoded by standard libraries (like Go's).
         "@cacerts//file": "/etc/ssl/cert.pem",
+        "//metropolis/node/core/network/dns:resolv.conf": "/etc/resolv.conf",
         ":os-release-info": "/etc/os-release",
 
         # Hyperkube
@@ -67,13 +78,17 @@
         # runc runtime, with cgo
         "@com_github_opencontainers_runc//:runc": "/containerd/bin/runc",
     },
+    symlinks = {
+        "/ephemeral/machine-id": "/etc/machine-id",
+        "/ephemeral/hosts": "/etc/hosts",
+    },
 )
 
 genrule(
     name = "image",
     srcs = [
         "//third_party/linux:bzImage",
-        ":initramfs",
+        ":rootfs",
     ],
     outs = [
         "node.img",
@@ -81,7 +96,7 @@
     cmd = """
     $(location //metropolis/node/build/mkimage) \
         -efi $(location //third_party/linux:bzImage) \
-        -initramfs $(location :initramfs) \
+        -system $(location :rootfs) \
         -out $@
     """,
     tools = [