core -> metropolis
Smalltown is now called Metropolis!
This is the first commit in a series of cleanup commits that prepare us
for an open source release. This one just some Bazel packages around to
follow a stricter directory layout.
All of Metropolis now lives in `//metropolis`.
All of Metropolis Node code now lives in `//metropolis/node`.
All of the main /init now lives in `//m/n/core`.
All of the Kubernetes functionality/glue now lives in `//m/n/kubernetes`.
Next steps:
- hunt down all references to Smalltown and replace them appropriately
- narrow down visibility rules
- document new code organization
- move `//build/toolchain` to `//monogon/build/toolchain`
- do another cleanup pass between `//golibs` and
`//monogon/node/{core,common}`.
- remove `//delta` and `//anubis`
Fixes T799.
Test Plan: Just a very large refactor. CI should help us out here.
Bug: T799
X-Origin-Diff: phab/D667
GitOrigin-RevId: 6029b8d4edc42325d50042596b639e8b122d0ded
diff --git a/metropolis/node/BUILD.bazel b/metropolis/node/BUILD.bazel
new file mode 100644
index 0000000..48c9177
--- /dev/null
+++ b/metropolis/node/BUILD.bazel
@@ -0,0 +1,141 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+load("//metropolis/node/build:def.bzl", "smalltown_initramfs")
+
+go_library(
+ name = "go_default_library",
+ srcs = ["ports.go"],
+ importpath = "git.monogon.dev/source/nexantic.git/metropolis/node",
+ visibility = ["//visibility:public"],
+)
+
+# debug_build checks if we're building in debug mode and enables various debug features for the image. Currently this
+# is only used for attaching a Delve debugger to init when it's enabled.
+config_setting(
+ name = "debug_build",
+ values = {
+ "compilation_mode": "dbg",
+ },
+)
+
+smalltown_initramfs(
+ name = "initramfs",
+ extra_dirs = [
+ "/kubernetes/conf/flexvolume-plugins",
+ "/containerd/run",
+ ],
+ files = {
+ "//metropolis/node/core": "/init",
+ "//third_party/xfsprogs:mkfs.xfs": "/bin/mkfs.xfs",
+
+ # CA Certificate bundle & os-release
+ "@cacerts//file": "/etc/ssl/cert.pem",
+ ":os-release-info": "/etc/os-release",
+
+ # Hyperkube
+ "//metropolis/node/kubernetes/hyperkube": "/kubernetes/bin/kube",
+
+ # CoreDNS
+ "@com_github_coredns_coredns//:coredns": "/kubernetes/bin/coredns",
+
+ # runsc/gVisor
+ "@com_github_google_gvisor//runsc": "/containerd/bin/runsc",
+ "@com_github_google_gvisor_containerd_shim//cmd/containerd-shim-runsc-v1": "/containerd/bin/containerd-shim-runsc-v1",
+
+ # runc (runtime in files_cc because of cgo)
+ "@com_github_containerd_containerd//cmd/containerd-shim-runc-v2": "/containerd/bin/containerd-shim-runc-v2",
+
+ # Containerd
+ "@com_github_containerd_containerd//cmd/containerd": "/containerd/bin/containerd",
+
+ # Containerd config files
+ "//metropolis/node/kubernetes/containerd:runsc.toml": "/containerd/conf/runsc.toml",
+ "//metropolis/node/kubernetes/containerd:config.toml": "/containerd/conf/config.toml",
+ "//metropolis/node/kubernetes/containerd:cnispec.gojson": "/containerd/conf/cnispec.gojson",
+
+ # Containerd preseed bundles
+ "//metropolis/test/e2e/preseedtest:preseedtest.tar": "/containerd/preseed/k8s.io/preseedtest.tar",
+ "//metropolis/test/e2e/k8s_cts:k8s_cts_image.tar": "/containerd/preseed/k8s.io/k8s_cts.tar",
+
+ # CNI Plugins
+ "@com_github_containernetworking_plugins//plugins/main/loopback": "/containerd/bin/cni/loopback",
+ "@com_github_containernetworking_plugins//plugins/main/ptp": "/containerd/bin/cni/ptp",
+ "@com_github_containernetworking_plugins//plugins/ipam/host-local": "/containerd/bin/cni/host-local",
+
+ # Delve
+ "@com_github_go_delve_delve//cmd/dlv:dlv": "/dlv",
+ },
+ files_cc = {
+ # runc runtime, with cgo
+ "@com_github_opencontainers_runc//:runc": "/containerd/bin/runc",
+ },
+)
+
+genrule(
+ name = "image",
+ srcs = [
+ "//third_party/linux:bzImage",
+ ":initramfs",
+ ],
+ outs = [
+ "smalltown.img",
+ ],
+ cmd = """
+ $(location //metropolis/node/build/mkimage) \
+ -efi $(location //third_party/linux:bzImage) \
+ -initramfs $(location :initramfs) \
+ -out $@
+ """,
+ tools = [
+ "//metropolis/node/build/mkimage",
+ ],
+ visibility = ["//visibility:public"],
+)
+
+genrule(
+ name = "swtpm_data",
+ outs = [
+ "tpm/tpm2-00.permall",
+ "tpm/signkey.pem",
+ "tpm/issuercert.pem",
+ ],
+ cmd = """
+ mkdir -p tpm/ca
+
+ cat <<EOF > tpm/swtpm.conf
+create_certs_tool= /usr/share/swtpm/swtpm-localca
+create_certs_tool_config = tpm/swtpm-localca.conf
+create_certs_tool_options = /etc/swtpm-localca.options
+EOF
+
+ cat <<EOF > tpm/swtpm-localca.conf
+statedir = tpm/ca
+signingkey = tpm/ca/signkey.pem
+issuercert = tpm/ca/issuercert.pem
+certserial = tpm/ca/certserial
+EOF
+
+ swtpm_setup \
+ --tpmstate tpm \
+ --create-ek-cert \
+ --create-platform-cert \
+ --allow-signing \
+ --tpm2 \
+ --display \
+ --pcr-banks sha1,sha256,sha384,sha512 \
+ --config tpm/swtpm.conf
+
+ cp tpm/tpm2-00.permall $(location tpm/tpm2-00.permall)
+ cp tpm/ca/issuercert.pem $(location tpm/issuercert.pem)
+ cp tpm/ca/signkey.pem $(location tpm/signkey.pem)
+ """,
+ visibility = ["//visibility:public"],
+)
+
+load("//metropolis/node/build/genosrelease:defs.bzl", "os_release")
+
+os_release(
+ name = "os-release-info",
+ os_id = "smalltown",
+ os_name = "Smalltown",
+ stamp_var = "STABLE_SIGNOS_version",
+)