m/n/time: add time service This adds a bare-minimum time service based on chrony/NTP for keeping the system clock and RTC on Metropolis nodes accurate. It also introduces a UID/GID registry in the Metropolis node code as this is the first unprivileged service to run on the node itself. It does not yet use a secure time source, this is tracked as #73. Change-Id: I873971e6d3825709bc8c696e227bece4cfbda93a Reviewed-on: https://review.monogon.dev/c/monogon/+/319 Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>

commit: e306d780504ae3ddfad3eb852c7adc5ec9757d89 [log] [tgz]
author: Lorenz Brun <lorenz@monogon.tech> Wed Sep 01 13:01:06 2021 +0200
committer: Lorenz Brun <lorenz@monogon.tech> Mon Sep 06 09:05:40 2021 +0000
tree: 3e8e2c7a21430777db525c9ed4717a2cab1c114a
parent: d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9 [diff]
diff --git a/metropolis/node/BUILD.bazel b/metropolis/node/BUILD.bazel
index ee86523..feade24 100644
--- a/metropolis/node/BUILD.bazel
+++ b/metropolis/node/BUILD.bazel

@@ -3,7 +3,10 @@
 
 go_library(
     name = "go_default_library",
-    srcs = ["ports.go"],
+    srcs = [
+        "ids.go",
+        "ports.go",
+    ],
     importpath = "source.monogon.dev/metropolis/node",
     visibility = ["//metropolis:__subpackages__"],
 )
@@ -78,6 +81,7 @@
         # runc runtime, with cgo
         "@com_github_opencontainers_runc//:runc": "/containerd/bin/runc",
         "@xfsprogs//:mkfs": "/bin/mkfs.xfs",
+        "@chrony//:chrony": "/time/chrony",
     },
     symlinks = {
         "/ephemeral/machine-id": "/etc/machine-id",

diff --git a/metropolis/node/core/BUILD.bazel b/metropolis/node/core/BUILD.bazel
index e0d6d87..c1d48ae 100644
--- a/metropolis/node/core/BUILD.bazel
+++ b/metropolis/node/core/BUILD.bazel

@@ -21,6 +21,7 @@
         "//metropolis/node/core/localstorage/declarative:go_default_library",
         "//metropolis/node/core/network:go_default_library",
         "//metropolis/node/core/roleserve:go_default_library",
+        "//metropolis/node/core/time:go_default_library",
         "//metropolis/node/kubernetes/pki:go_default_library",
         "//metropolis/pkg/logtree:go_default_library",
         "//metropolis/pkg/supervisor:go_default_library",

diff --git a/metropolis/node/core/main.go b/metropolis/node/core/main.go
index d378934..9ed2beb 100644
--- a/metropolis/node/core/main.go
+++ b/metropolis/node/core/main.go

@@ -40,6 +40,7 @@
 	"source.monogon.dev/metropolis/node/core/localstorage/declarative"
 	"source.monogon.dev/metropolis/node/core/network"
 	"source.monogon.dev/metropolis/node/core/roleserve"
+	timesvc "source.monogon.dev/metropolis/node/core/time"
 	"source.monogon.dev/metropolis/node/kubernetes/pki"
 	"source.monogon.dev/metropolis/pkg/logtree"
 	"source.monogon.dev/metropolis/pkg/supervisor"
@@ -100,6 +101,7 @@
 	}
 
 	networkSvc := network.New()
+	timeSvc := timesvc.New()
 
 	// This function initializes a headless Delve if this is a debug build or
 	// does nothing if it's not
@@ -131,6 +133,9 @@
 		if err := supervisor.Run(ctx, "network", networkSvc.Run); err != nil {
 			return fmt.Errorf("when starting network: %w", err)
 		}
+		if err := supervisor.Run(ctx, "time", timeSvc.Run); err != nil {
+			return fmt.Errorf("when starting time: %w", err)
+		}
 
 		// Start cluster manager. This kicks off cluster membership machinery,
 		// which will either start a new cluster, enroll into one or join one.

diff --git a/metropolis/node/core/time/BUILD.bazel b/metropolis/node/core/time/BUILD.bazel
new file mode 100644
index 0000000..05a938a
--- /dev/null
+++ b/metropolis/node/core/time/BUILD.bazel

@@ -0,0 +1,13 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["time.go"],
+    importpath = "source.monogon.dev/metropolis/node/core/time",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//metropolis/node:go_default_library",
+        "//metropolis/pkg/fileargs:go_default_library",
+        "//metropolis/pkg/supervisor:go_default_library",
+    ],
+)

diff --git a/metropolis/node/core/time/time.go b/metropolis/node/core/time/time.go
new file mode 100644
index 0000000..6c2e906
--- /dev/null
+++ b/metropolis/node/core/time/time.go

@@ -0,0 +1,60 @@
+// Package time implements a supervisor runnable which is responsible for
+// keeping both the system clock and the RTC accurate.
+// Metropolis nodes need accurate time both for themselves (for log
+// timestamping, validating certain certificates, ...) as well as workloads
+// running on top of it expecting accurate time.
+// This initial implementation is very minimalistic, running just a stateless
+// NTP client per node for the whole lifecycle of it.
+// This implementation is simple, but is fairly unsafe as NTP by itself does
+// not offer any cryptography, so it's easy to tamper with the responses.
+// See #73 for further work in that direction.
+package time
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+	"strconv"
+	"strings"
+
+	"source.monogon.dev/metropolis/node"
+	"source.monogon.dev/metropolis/pkg/fileargs"
+	"source.monogon.dev/metropolis/pkg/supervisor"
+)
+
+// Service implements the time service. See package documentation for further
+// information.
+type Service struct{}
+
+func New() *Service {
+	return &Service{}
+}
+
+func (s *Service) Run(ctx context.Context) error {
+	// TODO(#72): Apply for a NTP pool vendor zone
+	config := strings.Join([]string{
+		"pool pool.ntp.org iburst",
+		"bindcmdaddress /",
+		"stratumweight 0.01",
+		"leapsecmode slew",
+		"maxslewrate 10000",
+		"makestep 2.0 3",
+		"rtconutc",
+		"rtcsync",
+	}, "\n")
+	args, err := fileargs.New()
+	if err != nil {
+		return fmt.Errorf("cannot create fileargs: %w", err)
+	}
+	defer args.Close()
+	cmd := exec.Command(
+		"/time/chrony",
+		"-d",
+		"-i", strconv.Itoa(node.TimeUid),
+		"-g", strconv.Itoa(node.TimeUid),
+		"-f", args.ArgPath("chrony.conf", []byte(config)),
+	)
+	cmd.Stdout = supervisor.RawLogger(ctx)
+	cmd.Stderr = supervisor.RawLogger(ctx)
+	return supervisor.RunCommand(ctx, cmd)
+}

diff --git a/metropolis/node/ids.go b/metropolis/node/ids.go
new file mode 100644
index 0000000..b4ddf84
--- /dev/null
+++ b/metropolis/node/ids.go

@@ -0,0 +1,24 @@
+// Copyright 2021 The Monogon Project Authors.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package node
+
+// These are UID/GID constants for components inside the Metropolis node
+// code.
+const (
+	RootUid = 0
+	TimeUid = 100
+)
commit	e306d780504ae3ddfad3eb852c7adc5ec9757d89	[log] [tgz]
author	Lorenz Brun <lorenz@monogon.tech>	Wed Sep 01 13:01:06 2021 +0200
committer	Lorenz Brun <lorenz@monogon.tech>	Mon Sep 06 09:05:40 2021 +0000
tree	3e8e2c7a21430777db525c9ed4717a2cab1c114a
parent	d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9 [diff]