cloud/bmaas/server: init
This adds the BMaaS server alongside its first functionality: serving an
Agent heartbeat API.
This allows (untrusted) Agents to communicate with the rest of the
system by submitting heartbeats which may include a hardware report.
The BMaaS server will likely grow to implement further functionality as
described in its README.
Change-Id: I1ede02121b3700079cbb11295525f4c167ee1e7d
Reviewed-on: https://review.monogon.dev/c/monogon/+/988
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI
diff --git a/cloud/bmaas/server/api/BUILD.bazel b/cloud/bmaas/server/api/BUILD.bazel
new file mode 100644
index 0000000..01f3e3a
--- /dev/null
+++ b/cloud/bmaas/server/api/BUILD.bazel
@@ -0,0 +1,24 @@
+load("@rules_proto//proto:defs.bzl", "proto_library")
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+load("@io_bazel_rules_go//proto:def.bzl", "go_proto_library")
+
+proto_library(
+ name = "api_proto",
+ srcs = ["agent.proto"],
+ visibility = ["//visibility:public"],
+)
+
+go_proto_library(
+ name = "api_go_proto",
+ compilers = ["@io_bazel_rules_go//proto:go_grpc"],
+ importpath = "source.monogon.dev/cloud/bmaas/server/api",
+ proto = ":api_proto",
+ visibility = ["//visibility:public"],
+)
+
+go_library(
+ name = "api",
+ embed = [":api_go_proto"],
+ importpath = "source.monogon.dev/cloud/bmaas/server/api",
+ visibility = ["//visibility:public"],
+)
diff --git a/cloud/bmaas/server/api/agent.proto b/cloud/bmaas/server/api/agent.proto
new file mode 100644
index 0000000..c08c767
--- /dev/null
+++ b/cloud/bmaas/server/api/agent.proto
@@ -0,0 +1,36 @@
+syntax = "proto3";
+package cloud.bmaas.server.api;
+option go_package = "source.monogon.dev/cloud/bmaas/server/api";
+
+// AgentCallback runs on the BMDB Server and exposes a gRPC interface to agents
+// running on machines. These APIs are served over TLS using component-style
+// server certificates, but clients are authenticated using ephemeral
+// certificates proving ownership of an agent keypair.
+service AgentCallback {
+ // Heartbeat is called by agents repeatedly to upload a hardware report, signal
+ // liveness and retrieve actions to be prformed on a host.
+ //
+ // This isn't a streaming RPC as the current server implementation actually
+ // isn't reactive, so it would have to do its own inner polling to create
+ // a stream of updates. To keep things simple, we instead let the agent decide
+ // on the cadence of updates it wants to keep up with.
+ rpc Heartbeat(AgentHeartbeatRequest) returns (AgentHeartbeatResponse);
+}
+
+message AgentHardwareReport {
+ // TODO(lorenz): implement
+}
+
+message AgentHeartbeatRequest {
+ // MachineID that this agent represents. Technically not necessary since
+ // keypairs between agents should be unique, but this provides an extra layer
+ // of protection against programming bugs.
+ string machine_id = 1;
+ // Optional hardware report to be upserted for this machine. An agent should
+ // submit one at least once after it's started, as early as it can.
+ AgentHardwareReport hardware_report = 2;
+}
+
+message AgentHeartbeatResponse {
+ // Agent actions (like install, reboot, etc) go here.
+}
\ No newline at end of file