commit e306d780504ae3ddfad3eb852c7adc5ec9757d89
author Lorenz Brun <lorenz@monogon.tech> Wed Sep 01 13:01:06 2021 +0200
committer Lorenz Brun <lorenz@monogon.tech> Mon Sep 06 09:05:40 2021 +0000
tree 3e8e2c7a21430777db525c9ed4717a2cab1c114a
parent d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9

m/n/time: add time service

This adds a bare-minimum time service based on chrony/NTP for keeping
the system clock and RTC on Metropolis nodes accurate.

It also introduces a UID/GID registry in the Metropolis node code
as this is the first unprivileged service to run on the node itself.

It does not yet use a secure time source, this is tracked as #73.

Change-Id: I873971e6d3825709bc8c696e227bece4cfbda93a
Reviewed-on: https://review.monogon.dev/c/monogon/+/319
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>

metropolis/node/core/main.go

diff --git a/metropolis/node/core/main.go b/metropolis/node/core/main.go
index d378934..9ed2beb 100644
--- a/metropolis/node/core/main.go
+++ b/metropolis/node/core/main.go
@@ -40,6 +40,7 @@
 	"source.monogon.dev/metropolis/node/core/localstorage/declarative"
 	"source.monogon.dev/metropolis/node/core/network"
 	"source.monogon.dev/metropolis/node/core/roleserve"
+	timesvc "source.monogon.dev/metropolis/node/core/time"
 	"source.monogon.dev/metropolis/node/kubernetes/pki"
 	"source.monogon.dev/metropolis/pkg/logtree"
 	"source.monogon.dev/metropolis/pkg/supervisor"
@@ -100,6 +101,7 @@
 	}
 
 	networkSvc := network.New()
+	timeSvc := timesvc.New()
 
 	// This function initializes a headless Delve if this is a debug build or
 	// does nothing if it's not
@@ -131,6 +133,9 @@
 		if err := supervisor.Run(ctx, "network", networkSvc.Run); err != nil {
 			return fmt.Errorf("when starting network: %w", err)
 		}
+		if err := supervisor.Run(ctx, "time", timeSvc.Run); err != nil {
+			return fmt.Errorf("when starting time: %w", err)
+		}
 
 		// Start cluster manager. This kicks off cluster membership machinery,
 		// which will either start a new cluster, enroll into one or join one.