commit 5df62bae21bd89f15321a54a33a2ff59f5cbdce8
author Serge Bazanski <serge@monogon.tech> Wed Mar 22 17:56:46 2023 +0100
committer Serge Bazanski <serge@monogon.tech> Mon Apr 17 09:14:54 2023 +0000
tree 45e397cafdbff558801e94c4c124bbb8e4d8a55b
parent 10b2154450b4e43d2b959137f47bceeaf9c9f1f3

metropolis: implement cluster configuration

This adds a cluster configuration to Metropolis. We'll be keeping any
non-node-specific options there. The config is stored in etcd by the
curator.

An initial cluster configuration can be specified when bootstrapping a
cluster. By design the configuration is then immutable by default, but
we might add some purpose-specific management API calls to change some
values if needed.

We initialize the cluster configuration with a setting for node TPM
policy, 'TPMMode'. It's currently populated on cluster bootstrap, but
not used otherwise. That will come in a follow-up CR.

Change-Id: I44ddcd099c9ae68c20519c77e3fa77c894cf5a20
Reviewed-on: https://review.monogon.dev/c/monogon/+/1494
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI

metropolis/proto/api/configuration.proto

diff --git a/metropolis/proto/api/configuration.proto b/metropolis/proto/api/configuration.proto
index 3a4a5cd..8c6c454 100644
--- a/metropolis/proto/api/configuration.proto
+++ b/metropolis/proto/api/configuration.proto
@@ -37,6 +37,10 @@
         // key can be used to prove ownership of the cluster and retrieve
         // management credentials for the cluster via an AAA.Escrow call.
         bytes owner_public_key = 1;
+
+        // If not set, defaults to:
+        //   - TPM mode: REQUIRED
+        common.ClusterConfiguration initial_cluster_configuration = 3;
     }
     // ClusterRegister configures the node to attempt to register into an
     // existing cluster, ie. contact an existing running cluster and become