Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 5df62bae21bd89f15321a54a33a2ff59f5cbdce8^! / . / metropolis / node / core / roleserve / roleserve.go
commit5df62bae21bd89f15321a54a33a2ff59f5cbdce8[log] [tgz]
authorSerge Bazanski <serge@monogon.tech>Wed Mar 22 17:56:46 2023 +0100
committerSerge Bazanski <serge@monogon.tech>Mon Apr 17 09:14:54 2023 +0000
tree45e397cafdbff558801e94c4c124bbb8e4d8a55b
parent10b2154450b4e43d2b959137f47bceeaf9c9f1f3 [diff] [blame]
metropolis: implement cluster configuration

This adds a cluster configuration to Metropolis. We'll be keeping any
non-node-specific options there. The config is stored in etcd by the
curator.

An initial cluster configuration can be specified when bootstrapping a
cluster. By design the configuration is then immutable by default, but
we might add some purpose-specific management API calls to change some
values if needed.

We initialize the cluster configuration with a setting for node TPM
policy, 'TPMMode'. It's currently populated on cluster bootstrap, but
not used otherwise. That will come in a follow-up CR.

Change-Id: I44ddcd099c9ae68c20519c77e3fa77c894cf5a20
Reviewed-on: https://review.monogon.dev/c/monogon/+/1494
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI

diff --git a/metropolis/node/core/roleserve/roleserve.go b/metropolis/node/core/roleserve/roleserve.go
index d2e5bf0..f97e9c9 100644
--- a/metropolis/node/core/roleserve/roleserve.go
+++ b/metropolis/node/core/roleserve/roleserve.go

@@ -1,4 +1,4 @@
-// package roleserve implements the roleserver/“Role Server”.
+// Package roleserve implements the roleserver/“Role Server”.
 //
 // The Role Server runs on every node and is responsible for running all of the
 // node's role dependant services, like the control plane (Consensus/etcd and
@@ -45,6 +45,7 @@
 
 	common "source.monogon.dev/metropolis/node"
 	"source.monogon.dev/metropolis/node/core/clusternet"
+	"source.monogon.dev/metropolis/node/core/curator"
 	"source.monogon.dev/metropolis/node/core/identity"
 	"source.monogon.dev/metropolis/node/core/localstorage"
 	"source.monogon.dev/metropolis/node/core/network"
@@ -164,7 +165,7 @@
 	return s
 }
 
-func (s *Service) ProvideBootstrapData(privkey ed25519.PrivateKey, iok, cuk, nuk, jkey []byte) {
+func (s *Service) ProvideBootstrapData(privkey ed25519.PrivateKey, iok, cuk, nuk, jkey []byte, icc *curator.Cluster) {
 	pubkey := privkey.Public().(ed25519.PublicKey)
 	nid := identity.NodeID(pubkey)
 
@@ -177,11 +178,12 @@
 		resolver: s.Resolver,
 	})
 	s.bootstrapData.Set(&bootstrapData{
-		nodePrivateKey:     privkey,
-		initialOwnerKey:    iok,
-		clusterUnlockKey:   cuk,
-		nodeUnlockKey:      nuk,
-		nodePrivateJoinKey: jkey,
+		nodePrivateKey:              privkey,
+		initialOwnerKey:             iok,
+		clusterUnlockKey:            cuk,
+		nodeUnlockKey:               nuk,
+		nodePrivateJoinKey:          jkey,
+		initialClusterConfiguration: icc,
 	})
 }