core -> metropolis
Smalltown is now called Metropolis!
This is the first commit in a series of cleanup commits that prepare us
for an open source release. This one just some Bazel packages around to
follow a stricter directory layout.
All of Metropolis now lives in `//metropolis`.
All of Metropolis Node code now lives in `//metropolis/node`.
All of the main /init now lives in `//m/n/core`.
All of the Kubernetes functionality/glue now lives in `//m/n/kubernetes`.
Next steps:
- hunt down all references to Smalltown and replace them appropriately
- narrow down visibility rules
- document new code organization
- move `//build/toolchain` to `//monogon/build/toolchain`
- do another cleanup pass between `//golibs` and
`//monogon/node/{core,common}`.
- remove `//delta` and `//anubis`
Fixes T799.
Test Plan: Just a very large refactor. CI should help us out here.
Bug: T799
X-Origin-Diff: phab/D667
GitOrigin-RevId: 6029b8d4edc42325d50042596b639e8b122d0ded
diff --git a/metropolis/proto/api/enrolment.proto b/metropolis/proto/api/enrolment.proto
new file mode 100644
index 0000000..c07e4ea
--- /dev/null
+++ b/metropolis/proto/api/enrolment.proto
@@ -0,0 +1,63 @@
+// Copyright 2020 The Monogon Project Authors.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+package smalltown.core.proto.api;
+option go_package = "git.monogon.dev/source/nexantic.git/metropolis/proto/api";
+
+// EnrolmentConfig is the single boot configuration file contained in the Smalltown ESP. It configures
+// the way the node will start up (what cluster it will join/enroll into/create).
+message EnrolmentConfig {
+ // Debug/temporary cluster enrolment method. If set, the node will attempt to enroll into the
+ // cluster that this ticket was generated for. Otherwise, a new cluster will be created.
+ GoldenTicket golden_ticket = 1;
+
+ // Filled in by node after it is enrolled
+ string node_id = 2;
+}
+
+// GoldenTicket is a ticket that allows any node to enroll into a cluster, bypassing any integrity
+// checks.
+//
+// Currently, enrolling into a cluster does not use a TPM-based workflow, and instead
+// bases on a simplified workflow of joining consensus by being started with a
+// TLS client certificate. This is a short-circuit fix to allow multi-node
+// clusters for testing before we design the final cluster node lifecycle system.
+message GoldenTicket {
+ // Etcd peer CA certificate.
+ bytes etcd_ca_cert = 1;
+ // Etcd peer client certificate.
+ bytes etcd_client_cert = 2;
+ // Etcd peer client key.
+ bytes etcd_client_key = 3;
+ // Initial etcd peer CRL.
+ bytes etcd_crl = 4;
+
+ message EtcdPeer {
+ string name = 1;
+ string address = 2;
+ }
+ // All other current etcd peers in the cluster.
+ repeated EtcdPeer peers = 5;
+ // The peer that this node should start running.
+ EtcdPeer this = 6;
+
+ // Node configuration. Currently unused (in the future, this will be used to run a node
+ // management service separate from etcd clustering).
+ string node_id = 7;
+ bytes node_cert = 8;
+ bytes node_key = 9;
+}