smalltown -> metropolis
This pass removes all mentions of Smalltown, both from code and comments,
and replaces them with appropriate new terminology.
Test Plan: Refactor, covered by CI.
X-Origin-Diff: phab/D674
GitOrigin-RevId: 04a94d44ef07d46f7821530da5614daefe16d7ea
diff --git a/metropolis/node/BUILD.bazel b/metropolis/node/BUILD.bazel
index 48c9177..b730deb 100644
--- a/metropolis/node/BUILD.bazel
+++ b/metropolis/node/BUILD.bazel
@@ -1,5 +1,5 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
-load("//metropolis/node/build:def.bzl", "smalltown_initramfs")
+load("//metropolis/node/build:def.bzl", "node_initramfs")
go_library(
name = "go_default_library",
@@ -17,7 +17,7 @@
},
)
-smalltown_initramfs(
+node_initramfs(
name = "initramfs",
extra_dirs = [
"/kubernetes/conf/flexvolume-plugins",
@@ -77,7 +77,7 @@
":initramfs",
],
outs = [
- "smalltown.img",
+ "node.img",
],
cmd = """
$(location //metropolis/node/build/mkimage) \
@@ -135,7 +135,7 @@
os_release(
name = "os-release-info",
- os_id = "smalltown",
- os_name = "Smalltown",
- stamp_var = "STABLE_SIGNOS_version",
+ os_id = "metropolis-node",
+ os_name = "Metropolis Node",
+ stamp_var = "STABLE_METROPOLIS_version",
)
diff --git a/metropolis/node/build/def.bzl b/metropolis/node/build/def.bzl
index e2885e5..19074c2 100644
--- a/metropolis/node/build/def.bzl
+++ b/metropolis/node/build/def.bzl
@@ -50,7 +50,7 @@
],
)
-def _smalltown_initramfs_impl(ctx):
+def _node_initramfs_impl(ctx):
"""
Generate an lz4-compressed initramfs based on a label/file list.
"""
@@ -197,10 +197,10 @@
return [DefaultInfo(files = depset([initramfs]))]
-smalltown_initramfs = rule(
- implementation = _smalltown_initramfs_impl,
+node_initramfs = rule(
+ implementation = _node_initramfs_impl,
doc = """
- Build a Smalltown initramfs. The initramfs will contain a basic /dev directory and all the files specified by the
+ Build a node initramfs. The initramfs will contain a basic /dev directory and all the files specified by the
`files` attribute. Executable files will have their permissions set to 0755, non-executable files will have
their permissions set to 0444. All parent directories will be created with 0755 permissions.
""",
diff --git a/metropolis/node/build/genosrelease/main.go b/metropolis/node/build/genosrelease/main.go
index 2344f19..e19876e 100644
--- a/metropolis/node/build/genosrelease/main.go
+++ b/metropolis/node/build/genosrelease/main.go
@@ -53,7 +53,7 @@
statusVars[parts[0]] = parts[1]
}
- smalltownVersion, ok := statusVars[*flagStampVar]
+ version, ok := statusVars[*flagStampVar]
if !ok {
fmt.Printf("%v key not set in bazel workspace status file\n", *flagStampVar)
os.Exit(1)
@@ -62,9 +62,9 @@
osReleaseVars := map[string]string{
"NAME": *flagName,
"ID": *flagID,
- "VERSION": smalltownVersion,
- "VERSION_ID": smalltownVersion,
- "PRETTY_NAME": *flagName + " " + smalltownVersion,
+ "VERSION": version,
+ "VERSION_ID": version,
+ "PRETTY_NAME": *flagName + " " + version,
}
osReleaseContent, err := godotenv.Marshal(osReleaseVars)
if err != nil {
diff --git a/metropolis/node/build/mkimage/main.go b/metropolis/node/build/mkimage/main.go
index 9f49f0a..94b2ecb 100644
--- a/metropolis/node/build/mkimage/main.go
+++ b/metropolis/node/build/mkimage/main.go
@@ -16,8 +16,9 @@
package main
-// mkimage is a tool to generate a Smalltown disk image containing the given EFI payload, and optionally, a given external
-// initramfs image and enrolment credentials.
+// mkimage is a tool to generate a Metropolis node disk image containing the
+// given EFI payload, and optionally, a given external initramfs image and
+// enrolment credentials.
import (
"flag"
@@ -32,7 +33,7 @@
"github.com/diskfs/go-diskfs/partition/gpt"
)
-var SmalltownDataPartition gpt.Type = gpt.Type("9eeec464-6885-414a-b278-4305c51f7966")
+var NodeDataPartition gpt.Type = gpt.Type("9eeec464-6885-414a-b278-4305c51f7966")
var (
flagEFI string
@@ -79,8 +80,8 @@
End: mibToSectors(flagESPPartitionSize) - 1,
},
{
- Type: SmalltownDataPartition,
- Name: "SIGNOS-DATA",
+ Type: NodeDataPartition,
+ Name: "METROPOLIS-NODE-DATA",
Start: mibToSectors(flagESPPartitionSize),
End: mibToSectors(flagESPPartitionSize+flagDataPartitionSize) - 1,
},
@@ -96,7 +97,7 @@
}
// Create EFI partition structure.
- for _, dir := range []string{"/EFI", "/EFI/BOOT", "/EFI/smalltown"} {
+ for _, dir := range []string{"/EFI", "/EFI/BOOT", "/EFI/metropolis"} {
if err := fs.Mkdir(dir); err != nil {
log.Fatalf("Mkdir(%q): %v", dir, err)
}
@@ -105,11 +106,11 @@
put(fs, flagEFI, "/EFI/BOOT/BOOTX64.EFI")
if flagInitramfs != "" {
- put(fs, flagInitramfs, "/EFI/smalltown/initramfs.cpio.lz4")
+ put(fs, flagInitramfs, "/EFI/metropolis/initramfs.cpio.lz4")
}
if flagEnrolmentCredentials != "" {
- put(fs, flagEnrolmentCredentials, "/EFI/smalltown/enrolment.pb")
+ put(fs, flagEnrolmentCredentials, "/EFI/metropolis/enrolment.pb")
}
if err := diskImg.File.Close(); err != nil {
diff --git a/metropolis/node/common/supervisor/supervisor.go b/metropolis/node/common/supervisor/supervisor.go
index df7492c..41d208d 100644
--- a/metropolis/node/common/supervisor/supervisor.go
+++ b/metropolis/node/common/supervisor/supervisor.go
@@ -16,7 +16,7 @@
package supervisor
-// The service supervision library allows for writing of reliable, service-style software within Smalltown.
+// The service supervision library allows for writing of reliable, service-style software within a Metropolis node.
// It builds upon the Erlang/OTP supervision tree system, adapted to be more Go-ish.
// For detailed design see go/supervision.
diff --git a/metropolis/node/core/cluster/manager.go b/metropolis/node/core/cluster/manager.go
index 6bb87f4..5f072b8 100644
--- a/metropolis/node/core/cluster/manager.go
+++ b/metropolis/node/core/cluster/manager.go
@@ -40,10 +40,10 @@
apb "git.monogon.dev/source/nexantic.git/metropolis/proto/api"
)
-// Manager is a finite state machine that joins this node (ie., Smalltown instance running on a virtual/physical machine)
-// into a Smalltown cluster (ie. group of nodes that act as a single control plane for Smalltown services). It does that
-// by bringing up all required operating-system level components, including mounting the local filesystem, bringing up
-// a consensus (etcd) server/client, ...
+// Manager is a finite state machine that joins this node (ie., Metropolis node running on a virtual/physical machine)
+// into a Metropolis cluster (ie. group of nodes that act as a single control plane for Metropolis services). It does
+// this by bringing up all required operating-system level components, including mounting the local filesystem, bringing
+// up a consensus (etcd) server/client, ...
//
// The Manager runs as a single-shot Runnable. It will attempt to progress its state from the initial state (New) to
// either Running (meaning that the node is now part of a cluster), or Failed (meaning that the node couldn't become
@@ -99,7 +99,7 @@
// with no EnrolmentConfig.
StateCreatingCluster
// StateCharlie is when the Manager uses the Golden Ticket debug/stopgap system to join an already
- // existing cluster. This mechanism will be removed before the first Smalltown release.
+ // existing cluster. This mechanism will be removed before the first Metropolis release.
StateCharlie
// StateRunning is when the Manager successfully got the node to be part of a cluster. stateRunningNode is valid.
StateRunning
@@ -267,7 +267,7 @@
if err != nil && !os.IsNotExist(err) {
return fmt.Errorf("could not read local enrolment file: %w", err)
} else if err != nil {
- configRaw, err = ioutil.ReadFile("/sys/firmware/qemu_fw_cfg/by_name/com.nexantic.smalltown/enrolment.pb/raw")
+ configRaw, err = ioutil.ReadFile("/sys/firmware/qemu_fw_cfg/by_name/dev.monogon.metropolis/enrolment.pb/raw")
if err != nil && !os.IsNotExist(err) {
return fmt.Errorf("could not read firmware enrolment file: %w", err)
}
@@ -381,7 +381,7 @@
}
// stateCharlie is used to join an existing cluster via the GoldenTicket mechanism. This mechanism is temporarily
-// implemented in Smalltown in order to allow for testing multi-node clusters without a TPM attestation flow implemented.
+// implemented in Metropolis in order to allow for testing multi-node clusters without a TPM attestation flow implemented.
// The Golden Ticket contains a pregenerated node certificate, etcd certificate, and other data that any node can
// use to join the cluster.
// Since this flow is temporary, it has a slight impedance mismatch with methods exposed by localstorage, node, etc.,
@@ -394,8 +394,8 @@
// was generated (vs. being created now by an RPC call, via an promote-node-to-etcd-member flow)
// - the node is then promoted to a consensus member and kubernetes worker, its clusterunlock key is set, and then it
// is saved to etcd.
-// As such, in this flow, we first create an etcd member (on goldenticket generation), and then only create a new Smalltown
-// node (when the goldenticket is used).
+// As such, in this flow, we first create an etcd member (on goldenticket generation), and then only create a new
+// Metropolis node (when the goldenticket is used).
func (m *Manager) stateCharlie(ctx context.Context) error {
t := m.goldenTicket
nodeCert, err := x509.ParseCertificate(t.NodeCert)
diff --git a/metropolis/node/core/cluster/node.go b/metropolis/node/core/cluster/node.go
index 449c2ff..4240428 100644
--- a/metropolis/node/core/cluster/node.go
+++ b/metropolis/node/core/cluster/node.go
@@ -32,9 +32,9 @@
ipb "git.monogon.dev/source/nexantic.git/metropolis/proto/internal"
)
-// Node is a Smalltown cluster member. A node is a virtual or physical machine running Smalltown. This object represents a
-// node only as part of a Cluster - ie., this object will never be available outside of //metropolis/node/core/cluster
-// if the Node is not part of a Cluster.
+// Node is a Metropolis cluster member. A node is a virtual or physical machine running Metropolis. This object
+// represents a node only as part of a cluster - ie., this object will never be available outside of
+// //metropolis/node/core/cluster if the Node is not part of a Cluster.
// Nodes are inherently tied to their long term storage, which is etcd. As such, methods on this object relate heavily
// to the Node's expected lifecycle on etcd.
type Node struct {
@@ -43,7 +43,7 @@
// the Node was just created (as the key is generated locally by localstorage on first format/mount).
// The other part of the unlock key is the LocalUnlockKey that's present on the node's ESP partition.
clusterUnlockKey []byte
- // certificate is the node's TLS certificate, used to authenticate Smalltown gRPC calls/services (but not
+ // certificate is the node's TLS certificate, used to authenticate Metropolis gRPC calls/services (but not
// consensus/etcd). The certificate for a node is permanent (and never expires). It's self-signed by the node on
// startup, and contains the node's IP address in its SAN. Callers/services should check directly against the
// expected certificate, and not against a CA.
@@ -83,10 +83,10 @@
nodeName string
}
-// ID returns the name of this node, which is `smalltown-{pubkeyHash}`. This name should be the primary way to refer to
-// Smalltown nodes within a cluster, and is guaranteed to be unique by relying on cryptographic randomness.
+// ID returns the name of this node, which is `metropolis-{pubkeyHash}`. This name should be the primary way to refer to
+// Metropoils nodes within a cluster, and is guaranteed to be unique by relying on cryptographic randomness.
func (n *Node) ID() string {
- return fmt.Sprintf("smalltown-%s", n.IDBare())
+ return fmt.Sprintf("metropolis-%s", n.IDBare())
}
// IDBare returns the `{pubkeyHash}` part of the node ID.
diff --git a/metropolis/node/core/consensus/consensus.go b/metropolis/node/core/consensus/consensus.go
index 8916164..b707a27 100644
--- a/metropolis/node/core/consensus/consensus.go
+++ b/metropolis/node/core/consensus/consensus.go
@@ -15,7 +15,7 @@
// limitations under the License.
// Package consensus implements a managed etcd cluster member service, with a self-hosted CA system for issuing peer
-// certificates. Currently each Smalltown node runs an etcd member, and connects to the etcd member locally over a unix
+// certificates. Currently each Metropolis node runs an etcd member, and connects to the etcd member locally over a
// domain socket.
//
// The service supports two modes of startup:
@@ -51,7 +51,7 @@
)
const (
- DefaultClusterToken = "SIGNOS"
+ DefaultClusterToken = "METROPOLIS"
DefaultLogger = "zap"
)
@@ -96,7 +96,7 @@
// ListenHost is the IP address or hostname at which this cluster member will listen.
ListenHost string
// Port is the port at which this cluster member will listen for other members. If zero, defaults to the global
- // Smalltown setting.
+ // Metropolis setting.
Port int
}
@@ -183,7 +183,7 @@
}
// Generate CA, keep in memory, write it down in etcd later.
- st.ca, err = ca.New("Smalltown etcd peer Root CA")
+ st.ca, err = ca.New("Metropolis etcd peer Root CA")
if err != nil {
return fmt.Errorf("when creating new cluster's peer CA: %w", err)
}
diff --git a/metropolis/node/core/consensus/consensus_test.go b/metropolis/node/core/consensus/consensus_test.go
index e08bd29..22bcf20 100644
--- a/metropolis/node/core/consensus/consensus_test.go
+++ b/metropolis/node/core/consensus/consensus_test.go
@@ -42,7 +42,7 @@
func prep(t *testing.T) *boilerplate {
ctx, ctxC := context.WithCancel(context.Background())
root := &localstorage.Root{}
- tmp, err := ioutil.TempDir("", "smalltown-test")
+ tmp, err := ioutil.TempDir("", "metropolis-consensus-test")
if err != nil {
t.Fatal(err)
}
diff --git a/metropolis/node/core/debug_service.go b/metropolis/node/core/debug_service.go
index 0155cc6..8e81d2d 100644
--- a/metropolis/node/core/debug_service.go
+++ b/metropolis/node/core/debug_service.go
@@ -37,7 +37,7 @@
logFilterMax = 1000
)
-// debugService implements the Smalltown node debug API.
+// debugService implements the Metropolis node debug API.
type debugService struct {
cluster *cluster.Manager
kubernetes *kubernetes.Service
diff --git a/metropolis/node/core/localstorage/crypt/blockdev.go b/metropolis/node/core/localstorage/crypt/blockdev.go
index df5f590..5abe60b 100644
--- a/metropolis/node/core/localstorage/crypt/blockdev.go
+++ b/metropolis/node/core/localstorage/crypt/blockdev.go
@@ -34,17 +34,17 @@
// EFIPartitionType is the standardized partition type value for the EFI ESP partition. The human readable GUID is C12A7328-F81F-11D2-BA4B-00A0C93EC93B.
EFIPartitionType = gpt.PartType{0x28, 0x73, 0x2a, 0xc1, 0x1f, 0xf8, 0xd2, 0x11, 0xba, 0x4b, 0x00, 0xa0, 0xc9, 0x3e, 0xc9, 0x3b}
- // SmalltownDataPartitionType is the partition type value for a Smalltown data partition. The human-readable GUID is 9eeec464-6885-414a-b278-4305c51f7966.
- SmalltownDataPartitionType = gpt.PartType{0x64, 0xc4, 0xee, 0x9e, 0x85, 0x68, 0x4a, 0x41, 0xb2, 0x78, 0x43, 0x05, 0xc5, 0x1f, 0x79, 0x66}
+ // NodeDataPartitionType is the partition type value for a Metropolis Node data partition. The human-readable GUID is 9eeec464-6885-414a-b278-4305c51f7966.
+ NodeDataPartitionType = gpt.PartType{0x64, 0xc4, 0xee, 0x9e, 0x85, 0x68, 0x4a, 0x41, 0xb2, 0x78, 0x43, 0x05, 0xc5, 0x1f, 0x79, 0x66}
)
const (
- ESPDevicePath = "/dev/esp"
- SmalltownDataCryptPath = "/dev/data-crypt"
+ ESPDevicePath = "/dev/esp"
+ NodeDataCryptPath = "/dev/data-crypt"
)
-// MakeBlockDevices looks for the ESP and the Smalltown data partition and maps them to ESPDevicePath and
-// SmalltownDataCryptPath respectively. This doesn't fail if it doesn't find the partitions, only if
+// MakeBlockDevices looks for the ESP and the node data partition and maps them to ESPDevicePath and
+// NodeDataCryptPath respectively. This doesn't fail if it doesn't find the partitions, only if
// something goes catastrophically wrong.
func MakeBlockDevices(ctx context.Context) error {
blockdevNames, err := ioutil.ReadDir("/sys/class/block")
@@ -83,9 +83,9 @@
return fmt.Errorf("failed to create device node for ESP partition: %w", err)
}
}
- if part.Type == SmalltownDataPartitionType {
- if err := unix.Mknod(SmalltownDataCryptPath, 0600|unix.S_IFBLK, int(unix.Mkdev(uint32(majorDev), uint32(partNumber+1)))); err != nil {
- return fmt.Errorf("failed to create device node for Smalltown encrypted data partition: %w", err)
+ if part.Type == NodeDataPartitionType {
+ if err := unix.Mknod(NodeDataCryptPath, 0600|unix.S_IFBLK, int(unix.Mkdev(uint32(majorDev), uint32(partNumber+1)))); err != nil {
+ return fmt.Errorf("failed to create device node for Metropolis node encrypted data partition: %w", err)
}
}
}
diff --git a/metropolis/node/core/localstorage/declarative/placement_local.go b/metropolis/node/core/localstorage/declarative/placement_local.go
index 82b6a71..3f7b1dd 100644
--- a/metropolis/node/core/localstorage/declarative/placement_local.go
+++ b/metropolis/node/core/localstorage/declarative/placement_local.go
@@ -66,7 +66,7 @@
defer f.writeLock.Unlock()
// TODO(q3k): ensure that these do not collide with an existing sibling file, or generate this suffix randomly.
- tmp := f.FullPath() + ".__smalltown_tmp"
+ tmp := f.FullPath() + ".__metropolis_tmp"
defer os.Remove(tmp)
if err := ioutil.WriteFile(tmp, d, mode); err != nil {
return fmt.Errorf("temporary file write failed: %w", err)
diff --git a/metropolis/node/core/localstorage/directory_data.go b/metropolis/node/core/localstorage/directory_data.go
index e90dc48..52abbea 100644
--- a/metropolis/node/core/localstorage/directory_data.go
+++ b/metropolis/node/core/localstorage/directory_data.go
@@ -30,7 +30,7 @@
var keySize uint16 = 256 / 8
-// MountData mounts the Smalltown data partition with the given global unlock key. It automatically
+// MountData mounts the node data partition with the given global unlock key. It automatically
// unseals the local unlock key from the TPM.
func (d *DataDirectory) MountExisting(unlock *ESPLocalUnlockFile, globalUnlockKey []byte) error {
d.flagLock.Lock()
@@ -58,7 +58,7 @@
key[i] = localUnlockKey[i] ^ globalUnlockKey[i]
}
- if err := crypt.CryptMap("data", crypt.SmalltownDataCryptPath, key); err != nil {
+ if err := crypt.CryptMap("data", crypt.NodeDataCryptPath, key); err != nil {
return err
}
if err := d.mount(); err != nil {
@@ -67,7 +67,7 @@
return nil
}
-// InitializeData initializes the Smalltown data partition and returns the global unlock key. It seals
+// InitializeData initializes the node data partition and returns the global unlock key. It seals
// the local portion into the TPM and stores the blob on the ESP. This is a potentially slow
// operation since it touches the whole partition.
func (d *DataDirectory) MountNew(unlock *ESPLocalUnlockFile) ([]byte, error) {
@@ -103,7 +103,7 @@
key[i] = localUnlockKey[i] ^ globalUnlockKey[i]
}
- if err := crypt.CryptInit("data", crypt.SmalltownDataCryptPath, key); err != nil {
+ if err := crypt.CryptInit("data", crypt.NodeDataCryptPath, key); err != nil {
return nil, fmt.Errorf("initializing encrypted block device: %w", err)
}
mkfsCmd := exec.Command("/bin/mkfs.xfs", "-qf", "/dev/data")
diff --git a/metropolis/node/core/localstorage/directory_pki.go b/metropolis/node/core/localstorage/directory_pki.go
index 6bdebff..610cfef 100644
--- a/metropolis/node/core/localstorage/directory_pki.go
+++ b/metropolis/node/core/localstorage/directory_pki.go
@@ -38,7 +38,8 @@
type CertificateTemplateNamer func(pubkey []byte) x509.Certificate
func CertificateForNode(pubkey []byte) x509.Certificate {
- name := "smalltown-" + hex.EncodeToString([]byte(pubkey[:16]))
+ // TODO(q3k): this should be unified with metroopolis/node/cluster:node.ID()
+ name := "metropolis-" + hex.EncodeToString([]byte(pubkey[:16]))
// This has no SANs because it authenticates by public key, not by name
return x509.Certificate{
diff --git a/metropolis/node/core/localstorage/storage.go b/metropolis/node/core/localstorage/storage.go
index 8cc291f..1b1946a 100644
--- a/metropolis/node/core/localstorage/storage.go
+++ b/metropolis/node/core/localstorage/storage.go
@@ -116,12 +116,12 @@
Plugins struct {
declarative.Directory
- VFS declarative.File `file:"com.smalltown.vfs.sock"`
+ VFS declarative.File `file:"dev.monogon.metropolis.vfs.sock"`
} `dir:"plugins"`
PluginsRegistry struct {
declarative.Directory
- VFSReg declarative.File `file:"com.smalltown.vfs-reg.sock"`
+ VFSReg declarative.File `file:"dev.monogon.metropolis.vfs-reg.sock"`
} `dir:"plugins_registry"`
}
diff --git a/metropolis/node/core/main.go b/metropolis/node/core/main.go
index 54d09a4..806cfef 100644
--- a/metropolis/node/core/main.go
+++ b/metropolis/node/core/main.go
@@ -76,7 +76,7 @@
}
}()
- // Set up logger for Smalltown. Currently logs everything to stderr.
+ // Set up logger for Metropolis. Currently logs everything to stderr.
lt := logtree.New()
reader, err := lt.Read("", logtree.WithChildren(), logtree.WithStream())
if err != nil {
@@ -103,7 +103,7 @@
logger.Fatalf("Failed to raise rlimits: %v", err)
}
- logger.Info("Starting Smalltown Init")
+ logger.Info("Starting Metropolis node init")
signalChannel := make(chan os.Signal, 2)
signal.Notify(signalChannel)
@@ -252,7 +252,9 @@
log.Printf(" # GURU MEDIATION ERROR #")
log.Printf(" ########################")
log.Printf("")
- log.Printf("Smalltown encountered an uncorrectable error and must be restarted.")
+ log.Printf("Metropolis encountered an uncorrectable error and this node must be")
+ log.Printf("restarted.")
+ log.Printf("")
log.Printf("(Error condition: init trapdoor closed)")
log.Printf("")
select {}
diff --git a/metropolis/node/core/network/main.go b/metropolis/node/core/network/main.go
index 29e757d..94bb4d4 100644
--- a/metropolis/node/core/network/main.go
+++ b/metropolis/node/core/network/main.go
@@ -130,7 +130,7 @@
if err != nil {
return fmt.Errorf("failed to create DHCP client on interface %v: %w", iface.Attrs().Name, err)
}
- s.dhcp.VendorClassIdentifier = "com.nexantic.smalltown.v1"
+ s.dhcp.VendorClassIdentifier = "dev.monogon.metropolis.node.v1"
s.dhcp.RequestedOptions = []dhcpv4.OptionCode{dhcpv4.OptionRouter, dhcpv4.OptionNameServer}
s.dhcp.LeaseCallback = dhcpcb.Compose(dhcpcb.ManageIP(iface), dhcpcb.ManageDefaultRoute(iface), s.dhcpDNSCallback, s.getIPCallbackHack)
err = supervisor.Run(ctx, "dhcp", s.dhcp.Run)
diff --git a/metropolis/node/core/switchroot.go b/metropolis/node/core/switchroot.go
index 5865225..c980a3a 100644
--- a/metropolis/node/core/switchroot.go
+++ b/metropolis/node/core/switchroot.go
@@ -37,20 +37,20 @@
// We detect the need to remount to tmpfs over env vars.
// The first run of /init (from initramfs) will not have this var, and will be re-exec'd from a new tmpfs root with
// that variable set.
- witness := "SIGNOS_REMOUNTED"
+ witness := "METROPOLIS_REMOUNTED"
// If the witness env var is found in the environment, it means we are ready to go.
environ := os.Environ()
for _, env := range environ {
if strings.HasPrefix(env, witness+"=") {
- log.Info("Smalltown running in tmpfs root")
+ log.Info("Metropolis node running in tmpfs root")
return nil
}
}
// Otherwise, we need to remount to a tmpfs.
environ = append(environ, witness+"=yes")
- log.Info("Smalltown running in initramfs, remounting to tmpfs...")
+ log.Info("Metropolis node running in initramfs, remounting to tmpfs...")
// Make note of all directories we have to make and files that we have to copy.
paths := []string{}
diff --git a/metropolis/node/core/tpm/tpm.go b/metropolis/node/core/tpm/tpm.go
index 76f4f92..4106a66 100644
--- a/metropolis/node/core/tpm/tpm.go
+++ b/metropolis/node/core/tpm/tpm.go
@@ -390,7 +390,7 @@
// store secrets on the OS side pre-global unlock and b) it makes no sense in this security model
// since an uncompromised host OS will not let an untrusted entity attest as itself and a
// compromised OS can either not pass PCR policy checks or the game's already over (you
- // successfully runtime-exploited a production Smalltown Core)
+ // successfully runtime-exploited a production Metropolis node)
endorsementSession, _, err := tpm2.StartAuthSession(
tpm.device,
tpm2.HandleNull,
diff --git a/metropolis/node/kubernetes/clusternet/clusternet.go b/metropolis/node/kubernetes/clusternet/clusternet.go
index d8dc7ad..cd78434 100644
--- a/metropolis/node/kubernetes/clusternet/clusternet.go
+++ b/metropolis/node/kubernetes/clusternet/clusternet.go
@@ -52,7 +52,7 @@
const (
clusterNetDeviceName = "clusternet"
- publicKeyAnnotation = "node.smalltown.nexantic.com/wg-pubkey"
+ publicKeyAnnotation = "node.metropolis.monogon.dev/wg-pubkey"
)
type Service struct {
diff --git a/metropolis/node/kubernetes/csi.go b/metropolis/node/kubernetes/csi.go
index 4b44a1a..81a94fc 100644
--- a/metropolis/node/kubernetes/csi.go
+++ b/metropolis/node/kubernetes/csi.go
@@ -205,7 +205,7 @@
// CSI Identity endpoints
func (*csiPluginServer) GetPluginInfo(ctx context.Context, req *csi.GetPluginInfoRequest) (*csi.GetPluginInfoResponse, error) {
return &csi.GetPluginInfoResponse{
- Name: "com.smalltown.vfs",
+ Name: "dev.monogon.metropolis.vfs",
VendorVersion: "0.0.1", // TODO(lorenz): Maybe stamp?
}, nil
}
@@ -232,7 +232,7 @@
func (s *csiPluginServer) GetInfo(ctx context.Context, req *pluginregistration.InfoRequest) (*pluginregistration.PluginInfo, error) {
return &pluginregistration.PluginInfo{
Type: "CSIPlugin",
- Name: "com.smalltown.vfs",
+ Name: "dev.monogon.metropolis.vfs",
Endpoint: s.KubeletDirectory.Plugins.VFS.FullPath(),
SupportedVersions: []string{"1.2"}, // Keep in sync with container-storage-interface/spec package version
}, nil
diff --git a/metropolis/node/kubernetes/pki/certificate.go b/metropolis/node/kubernetes/pki/certificate.go
index 6bd50f9..da7d301 100644
--- a/metropolis/node/kubernetes/pki/certificate.go
+++ b/metropolis/node/kubernetes/pki/certificate.go
@@ -108,7 +108,7 @@
// in memory (if volatile), loading it from etcd, or creating and saving it on etcd if needed.
// This function is safe to call in parallel from multiple etcd clients (including across machines), but it will error
// in case a concurrent certificate generation happens. These errors are, however, safe to retry - as long as all the
-// certificate creators (ie., Smalltown nodes) run the same version of this code.
+// certificate creators (ie., Metropolis nodes) run the same version of this code.
// TODO(q3k): in the future, this should be handled better - especially as we introduce new certificates, or worse,
// change the issuance chain. As a stopgap measure, an explicit per-certificate or even global lock can be implemented.
// And, even before that, we can handle concurrency errors in a smarter way.
diff --git a/metropolis/node/kubernetes/pki/kubernetes.go b/metropolis/node/kubernetes/pki/kubernetes.go
index c4827a9..979fec6 100644
--- a/metropolis/node/kubernetes/pki/kubernetes.go
+++ b/metropolis/node/kubernetes/pki/kubernetes.go
@@ -57,7 +57,7 @@
// Kubernetes scheduler server certificate, used to run its HTTP server.
Scheduler KubeCertificateName = "scheduler"
- // Root-on-kube (system:masters) client certificate. Used to control the apiserver (and resources) by Smalltown
+ // Root-on-kube (system:masters) client certificate. Used to control the apiserver (and resources) by Metropolis
// internally.
Master KubeCertificateName = "master"
@@ -73,7 +73,7 @@
serviceAccountKeyName = "service-account-privkey"
)
-// KubernetesPKI manages all PKI resources required to run Kubernetes on Smalltown. It contains all static certificates,
+// KubernetesPKI manages all PKI resources required to run Kubernetes on Metropolis. It contains all static certificates,
// which can be retrieved, or be used to generate Kubeconfigs from.
type KubernetesPKI struct {
logger logtree.LeveledLogger
@@ -92,7 +92,7 @@
pki.Certificates[name] = New(pki.Certificates[i], string(name), template)
}
- pki.Certificates[IdCA] = New(SelfSigned, string(IdCA), CA("Smalltown Kubernetes ID CA"))
+ pki.Certificates[IdCA] = New(SelfSigned, string(IdCA), CA("Metropolis Kubernetes ID CA"))
make(IdCA, APIServer, Server(
[]string{
"kubernetes",
@@ -104,14 +104,14 @@
},
[]net.IP{{10, 0, 255, 1}, {127, 0, 0, 1}}, // TODO(q3k): add service network internal apiserver address
))
- make(IdCA, KubeletClient, Client("smalltown:apiserver-kubelet-client", nil))
+ make(IdCA, KubeletClient, Client("metropolis:apiserver-kubelet-client", nil))
make(IdCA, ControllerManagerClient, Client("system:kube-controller-manager", nil))
make(IdCA, ControllerManager, Server([]string{"kube-controller-manager.local"}, nil))
make(IdCA, SchedulerClient, Client("system:kube-scheduler", nil))
make(IdCA, Scheduler, Server([]string{"kube-scheduler.local"}, nil))
- make(IdCA, Master, Client("smalltown:master", []string{"system:masters"}))
+ make(IdCA, Master, Client("metropolis:master", []string{"system:masters"}))
- pki.Certificates[AggregationCA] = New(SelfSigned, string(AggregationCA), CA("Smalltown OpenAPI Aggregation CA"))
+ pki.Certificates[AggregationCA] = New(SelfSigned, string(AggregationCA), CA("Metropolis OpenAPI Aggregation CA"))
make(AggregationCA, FrontProxyClient, Client("front-proxy-client", nil))
return &pki
diff --git a/metropolis/node/kubernetes/provisioner.go b/metropolis/node/kubernetes/provisioner.go
index b671125..a9dfa72 100644
--- a/metropolis/node/kubernetes/provisioner.go
+++ b/metropolis/node/kubernetes/provisioner.go
@@ -46,7 +46,7 @@
)
// ONCHANGE(//metropolis/node/kubernetes/reconciler:resources_csi.go): needs to match csiProvisionerServerName declared.
-const csiProvisionerServerName = "com.nexantic.smalltown.vfs"
+const csiProvisionerServerName = "dev.monogon.metropolis.vfs"
// csiProvisionerServer is responsible for the provisioning and deprovisioning of CSI-based container volumes. It runs on all
// nodes and watches PVCs for ones assigned to the node it's running on and fulfills the provisioning request by
@@ -256,7 +256,7 @@
}
if *pvc.Spec.VolumeMode == v1.PersistentVolumeBlock {
- return fmt.Errorf("Block PVCs are not supported by Smalltown")
+ return fmt.Errorf("Block PVCs are currently not supported by Metropolis")
}
volumeID := "pvc-" + string(pvc.ObjectMeta.UID)
diff --git a/metropolis/node/kubernetes/reconciler/reconciler.go b/metropolis/node/kubernetes/reconciler/reconciler.go
index 9c5ba4e..0ce84d7 100644
--- a/metropolis/node/kubernetes/reconciler/reconciler.go
+++ b/metropolis/node/kubernetes/reconciler/reconciler.go
@@ -14,12 +14,16 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-// The reconciler ensures that a base set of K8s resources is always available in the cluster. These are necessary to
-// ensure correct out-of-the-box functionality. All resources containing the smalltown.com/builtin=true label are assumed
-// to be managed by the reconciler.
-// It currently does not revert modifications made by admins, it is planned to create an admission plugin prohibiting
-// such modifications to resources with the smalltown.com/builtin label to deal with that problem. This would also solve a
-// potential issue where you could delete resources just by adding the smalltown.com/builtin=true label.
+// The reconciler ensures that a base set of K8s resources is always available
+// in the cluster. These are necessary to ensure correct out-of-the-box
+// functionality. All resources containing the
+// metropolis.monogon.dev/builtin=true label are assumed to be managed by the
+// reconciler.
+// It currently does not revert modifications made by admins, it is planned to
+// create an admission plugin prohibiting such modifications to resources with
+// the metropolis.monogon.dev/builtin label to deal with that problem. This
+// would also solve a potential issue where you could delete resources just by
+// adding the metropolis.monogon.dev/builtin=true label.
package reconciler
import (
@@ -45,17 +49,17 @@
const (
// BuiltinLabelKey is used as a k8s label to mark built-in objects (ie., managed by the reconciler)
- BuiltinLabelKey = "smalltown.com/builtin"
+ BuiltinLabelKey = "metropolis.monogon.dev/builtin"
// BuiltinLabelValue is used as a k8s label value, under the BuiltinLabelKey key.
BuiltinLabelValue = "true"
// BuiltinRBACPrefix is used to prefix all built-in objects that are part of the rbac/v1 API (eg.
// {Cluster,}Role{Binding,} objects). This corresponds to the colon-separated 'namespaces' notation used by
// Kubernetes system (system:) objects.
- BuiltinRBACPrefix = "smalltown:"
+ BuiltinRBACPrefix = "metropolis:"
)
// builtinLabels makes a kubernetes-compatible label dictionary (key->value) that is used to mark objects that are
-// built-in into Smalltown (ie., managed by the reconciler). These are then subsequently retrieved by listBuiltins.
+// built-in into Metropolis (ie., managed by the reconciler). These are then subsequently retrieved by listBuiltins.
// The extra argument specifies what other labels are to be merged into the the labels dictionary, for convenience. If
// nil or empty, no extra labels will be applied.
func builtinLabels(extra map[string]string) map[string]string {
@@ -71,8 +75,8 @@
}
// listBuiltins returns a k8s client ListOptions structure that allows to retrieve all objects that are built-in into
-// Smalltown currently present in the API server (ie., ones that are to be managed by the reconciler). These are created
-// by applying builtinLabels to their metadata labels.
+// Metropolis currently present in the API server (ie., ones that are to be managed by the reconciler). These are
+// created by applying builtinLabels to their metadata labels.
var listBuiltins = meta.ListOptions{
LabelSelector: fmt.Sprintf("%s=%s", BuiltinLabelKey, BuiltinLabelValue),
}
diff --git a/metropolis/node/kubernetes/reconciler/resources_csi.go b/metropolis/node/kubernetes/reconciler/resources_csi.go
index ecbcb4b..c7f7b2b 100644
--- a/metropolis/node/kubernetes/reconciler/resources_csi.go
+++ b/metropolis/node/kubernetes/reconciler/resources_csi.go
@@ -27,7 +27,7 @@
// TODO(q3k): this is duplicated with //metropolis/node/kubernetes:provisioner.go; integrate this once provisioner.go
// gets moved into a subpackage.
// ONCHANGE(//metropolis/node/kubernetes:provisioner.go): needs to match csiProvisionerName declared.
-const csiProvisionerName = "com.nexantic.smalltown.vfs"
+const csiProvisionerName = "dev.monogon.metropolis.vfs"
type resourceCSIDrivers struct {
kubernetes.Interface
diff --git a/metropolis/node/kubernetes/reconciler/resources_rbac.go b/metropolis/node/kubernetes/reconciler/resources_rbac.go
index 40ca879..15386a6 100644
--- a/metropolis/node/kubernetes/reconciler/resources_rbac.go
+++ b/metropolis/node/kubernetes/reconciler/resources_rbac.go
@@ -146,7 +146,7 @@
APIGroup: rbac.GroupName,
Kind: "User",
// TODO(q3k): describe this name's contract, or unify with whatever creates this.
- Name: "smalltown:apiserver-kubelet-client",
+ Name: "metropolis:apiserver-kubelet-client",
},
},
},