commit 5df62bae21bd89f15321a54a33a2ff59f5cbdce8
author Serge Bazanski <serge@monogon.tech> Wed Mar 22 17:56:46 2023 +0100
committer Serge Bazanski <serge@monogon.tech> Mon Apr 17 09:14:54 2023 +0000
tree 45e397cafdbff558801e94c4c124bbb8e4d8a55b
parent 10b2154450b4e43d2b959137f47bceeaf9c9f1f3

metropolis: implement cluster configuration

This adds a cluster configuration to Metropolis. We'll be keeping any
non-node-specific options there. The config is stored in etcd by the
curator.

An initial cluster configuration can be specified when bootstrapping a
cluster. By design the configuration is then immutable by default, but
we might add some purpose-specific management API calls to change some
values if needed.

We initialize the cluster configuration with a setting for node TPM
policy, 'TPMMode'. It's currently populated on cluster bootstrap, but
not used otherwise. That will come in a follow-up CR.

Change-Id: I44ddcd099c9ae68c20519c77e3fa77c894cf5a20
Reviewed-on: https://review.monogon.dev/c/monogon/+/1494
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI

metropolis/node/core/main.go

diff --git a/metropolis/node/core/main.go b/metropolis/node/core/main.go
index a9bdc98..08eb39a 100644
--- a/metropolis/node/core/main.go
+++ b/metropolis/node/core/main.go
@@ -103,8 +103,10 @@
 
 	logger.Info("Starting Metropolis node init")
 
+	haveTPM := true
 	if err := tpm.Initialize(logger); err != nil {
-		logger.Warningf("Failed to initialize TPM 2.0, attempting fallback to untrusted: %v", err)
+		logger.Warningf("Failed to initialize TPM 2.0: %v", err)
+		haveTPM = false
 	}
 
 	networkSvc := network.New(nil)
@@ -184,7 +186,7 @@
 
 		// Start cluster manager. This kicks off cluster membership machinery,
 		// which will either start a new cluster, enroll into one or join one.
-		m := cluster.NewManager(root, networkSvc, rs, nodeParams)
+		m := cluster.NewManager(root, networkSvc, rs, nodeParams, haveTPM)
 		return m.Run(ctx)
 	}