commit f05e80af8721a0b0ccf5425c4775695d84d09fdf
author Serge Bazanski <serge@monogon.tech> Tue Oct 12 11:53:34 2021 +0200
committer Sergiusz Bazanski <serge@monogon.tech> Thu Dec 16 16:32:51 2021 +0000
tree 1f4f15962293b345b02ae66e588a9aad35ce2be3
parent a9b455f2be1fb9dbda3217adb69bc0076113a814

m/n/core/consensus: refactor for reliability and multinode support

This implements a big refactor of our consensus service/runnable.

First, we move away from the old bespoke API for retrieving the
consensus status (and consensus clients) into using Event Values, as the
rest of the codebase does.

Second, we move away from the bespoke PKI library used to generate
certificates in-memory and then commit them to etcd into using the
standard metropolis pki library. We then change the bootstrap process to
start a PKI-less etcd instance first, generate the PKI data directly on
the running instance, and then restart into a fully PKI-supporting etcd
instance.

We also move away from using etcd-specific private keys into reusing the
node's private key. This makes management slightly easier, but reviewers
should consider the security implications of this change.

Finally, we implement and test multi-member cluster support, which is
done by exposing an AddNode method to the newly exposed status, and a
JoinCluster option in the node configuration.

Change-Id: Iea2bf6114cb699d3792efd45d06de2fa5a48feb1
Reviewed-on: https://review.monogon.dev/c/monogon/+/466
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

metropolis/node/core/consensus/BUILD.bazel

diff --git a/metropolis/node/core/consensus/BUILD.bazel b/metropolis/node/core/consensus/BUILD.bazel
index d7b682b..f6e30e7 100644
--- a/metropolis/node/core/consensus/BUILD.bazel
+++ b/metropolis/node/core/consensus/BUILD.bazel
@@ -3,23 +3,27 @@
 go_library(
     name = "go_default_library",
     srcs = [
+        "configuration.go",
         "consensus.go",
         "logparser.go",
+        "status.go",
     ],
     importpath = "source.monogon.dev/metropolis/node/core/consensus",
     visibility = ["//:__subpackages__"],
     deps = [
         "//metropolis/node:go_default_library",
-        "//metropolis/node/core/consensus/ca:go_default_library",
         "//metropolis/node/core/consensus/client:go_default_library",
+        "//metropolis/node/core/identity:go_default_library",
         "//metropolis/node/core/localstorage:go_default_library",
+        "//metropolis/pkg/event:go_default_library",
+        "//metropolis/pkg/event/memory:go_default_library",
         "//metropolis/pkg/logbuffer:go_default_library",
         "//metropolis/pkg/logtree:go_default_library",
         "//metropolis/pkg/logtree/unraw:go_default_library",
+        "//metropolis/pkg/pki:go_default_library",
         "//metropolis/pkg/supervisor:go_default_library",
         "@io_etcd_go_etcd//clientv3:go_default_library",
         "@io_etcd_go_etcd//embed:go_default_library",
-        "@org_uber_go_atomic//:go_default_library",
     ],
 )
 
@@ -31,10 +35,15 @@
         "logparser_test.go",
     ],
     embed = [":go_default_library"],
+    tags = [
+        # Enable network sandboxing by asking the Bazel executor to block any
+        # network access. This is necessary as tests listen on static ports on
+        # loopback.
+        "block-network",
+    ],
     deps = [
         "//metropolis/node/core/localstorage:go_default_library",
         "//metropolis/node/core/localstorage/declarative:go_default_library",
-        "//metropolis/pkg/freeport:go_default_library",
         "//metropolis/pkg/logbuffer:go_default_library",
         "//metropolis/pkg/logtree:go_default_library",
         "//metropolis/pkg/supervisor:go_default_library",