core: plug logtree into NodeDebugService
This introduces a new Proto API for accessing debug logs. Currently this
is implemented to be used by the debug service. However, these proto
definitions will likely be reused for production cluster APIs.
The implementation mostly consists of adding the proto, implementing
to/from conversion methods, and altering the debug service to use the
new API.
We also move all of the debug service implementation into a separate file,
to slightly clean up main.go. This produces an unfortunately colorful
diff, but it's just moving code around.
Test Plan: Manually tested using the dbg tool. We currently don't properly test the debug service. I suppose we should do that for the production cluster APIs, and just keep on going for now.
X-Origin-Diff: phab/D649
GitOrigin-RevId: ac454681e4b72b2876e313b3aeababa179eb1fa3
diff --git a/core/cmd/init/main.go b/core/cmd/init/main.go
index 989f953..4ba991c 100644
--- a/core/cmd/init/main.go
+++ b/core/cmd/init/main.go
@@ -29,25 +29,20 @@
"os/signal"
"runtime/debug"
- "git.monogon.dev/source/nexantic.git/core/pkg/logtree"
-
- "git.monogon.dev/source/nexantic.git/core/internal/network/dns"
-
"golang.org/x/sys/unix"
"google.golang.org/grpc"
- "google.golang.org/grpc/codes"
- "google.golang.org/grpc/status"
"git.monogon.dev/source/nexantic.git/core/internal/cluster"
"git.monogon.dev/source/nexantic.git/core/internal/common"
"git.monogon.dev/source/nexantic.git/core/internal/common/supervisor"
- "git.monogon.dev/source/nexantic.git/core/internal/consensus/ca"
"git.monogon.dev/source/nexantic.git/core/internal/containerd"
"git.monogon.dev/source/nexantic.git/core/internal/kubernetes"
"git.monogon.dev/source/nexantic.git/core/internal/kubernetes/pki"
"git.monogon.dev/source/nexantic.git/core/internal/localstorage"
"git.monogon.dev/source/nexantic.git/core/internal/localstorage/declarative"
"git.monogon.dev/source/nexantic.git/core/internal/network"
+ "git.monogon.dev/source/nexantic.git/core/internal/network/dns"
+ "git.monogon.dev/source/nexantic.git/core/pkg/logtree"
"git.monogon.dev/source/nexantic.git/core/pkg/tpm"
apb "git.monogon.dev/source/nexantic.git/core/proto/api"
)
@@ -90,17 +85,7 @@
go func() {
for {
p := <-reader.Stream
- if p.Leveled != nil {
- // Use glog-like layout, but with supervisor DN instead of filename.
- timestamp := p.Leveled.Timestamp()
- _, month, day := timestamp.Date()
- hour, minute, second := timestamp.Clock()
- nsec := timestamp.Nanosecond() / 1000
- fmt.Fprintf(os.Stderr, "%s%02d%02d %02d:%02d:%02d.%06d %s] %s\n", p.Leveled.Severity(), month, day, hour, minute, second, nsec, p.DN, p.Leveled.Message())
- }
- if p.Raw != nil {
- fmt.Fprintf(os.Stderr, "%-32s R %s\n", p.DN, p.Raw)
- }
+ fmt.Fprintf(os.Stderr, "%s\n", p.String())
}
}()
@@ -236,11 +221,9 @@
}
// Start the node debug service.
- // TODO(q3k): this needs to be done in a smarter way once LogTree lands, and then a few things can be
- // refactored to start this earlier, or this can be split up into a multiple gRPC service on a single listener.
dbg := &debugService{
cluster: m,
- containerd: containerdSvc,
+ logtree: lt,
kubernetes: kubeSvc,
}
dbgSrv := grpc.NewServer()
@@ -336,58 +319,3 @@
}
return
}
-
-func (s *debugService) GetGoldenTicket(ctx context.Context, req *apb.GetGoldenTicketRequest) (*apb.GetGoldenTicketResponse, error) {
- ip := net.ParseIP(req.ExternalIp)
- if ip == nil {
- return nil, status.Errorf(codes.InvalidArgument, "could not parse IP %q", req.ExternalIp)
- }
- this := s.cluster.Node()
-
- certRaw, key, err := s.nodeCertificate()
- if err != nil {
- return nil, status.Errorf(codes.Unavailable, "failed to generate node certificate: %v", err)
- }
- cert, err := x509.ParseCertificate(certRaw)
- if err != nil {
- panic(err)
- }
- kv := s.cluster.ConsensusKVRoot()
- ca, err := ca.Load(ctx, kv)
- if err != nil {
- return nil, status.Errorf(codes.Unavailable, "could not load CA: %v", err)
- }
- etcdCert, etcdKey, err := ca.Issue(ctx, kv, cert.Subject.CommonName, ip)
- if err != nil {
- return nil, status.Errorf(codes.Unavailable, "could not generate etcd peer certificate: %v", err)
- }
- etcdCRL, err := ca.GetCurrentCRL(ctx, kv)
- if err != nil {
- return nil, status.Errorf(codes.Unavailable, "could not get etcd CRL: %v", err)
- }
-
- // Add new etcd member to etcd cluster.
- etcd := s.cluster.ConsensusCluster()
- etcdAddr := fmt.Sprintf("https://%s:%d", ip.String(), common.ConsensusPort)
- _, err = etcd.MemberAddAsLearner(ctx, []string{etcdAddr})
- if err != nil {
- return nil, status.Errorf(codes.Unavailable, "could not add as new etcd consensus member: %v", err)
- }
-
- return &apb.GetGoldenTicketResponse{
- Ticket: &apb.GoldenTicket{
- EtcdCaCert: ca.CACertRaw,
- EtcdClientCert: etcdCert,
- EtcdClientKey: etcdKey,
- EtcdCrl: etcdCRL,
- Peers: []*apb.GoldenTicket_EtcdPeer{
- {Name: this.ID(), Address: this.Address().String()},
- },
- This: &apb.GoldenTicket_EtcdPeer{Name: cert.Subject.CommonName, Address: ip.String()},
-
- NodeId: cert.Subject.CommonName,
- NodeCert: certRaw,
- NodeKey: key,
- },
- }, nil
-}