Blame - metropolis/node/core/roleserve/roleserve.go - monogon

blob: 3140ea8f2cdb0b1f98a2c09410076f8a498fef0b [file] [log] [blame]

Serge Bazanski	5df62ba	2023-03-22 17:56:46 +0100	[diff] [blame]	1	// Package roleserve implements the roleserver/“Role Server”.
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	2	//
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	3	// The Role Server runs on every node and is responsible for running all of the
				4	// node's role dependant services, like the control plane (Consensus/etcd and
				5	// Curator) and Kubernetes. It watches the node roles as assigned by the
				6	// cluster's curator, updates the status of the node within the curator, and
				7	// spawns on-demand services.
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	8	//
Serge Bazanski	37110c3	2023-03-01 13:57:27 +0000	[diff] [blame]	9	// .-----------. .--------. Watches .------------.
				10	// \| Cluster \|--------->\| Role \|<----------\| Node Roles \|
				11	// \| Enrolment \| Provides \| Server \| Updates '------------'
				12	// '-----------' Data \| \|----. .-------------.
				13	// '--------' '----->\| Node Status \|
				14	// Spawns \| \| Spawns '-------------'
				15	// .-----' '-----.
				16	// V V
				17	// .-----------. .------------.
				18	// \| Consensus \| \| Kubernetes \|
				19	// \| & Curator \| \| \|
				20	// '-----------' '------------'
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	21	//
				22	// The internal state of the Role Server (eg. status of services, input from
				23	// Cluster Enrolment, current node roles as retrieved from the cluster) is
				24	// stored as in-memory Event Value variables, with some of them being exposed
				25	// externally for other services to consume (ie. ones that wish to depend on
				26	// some information managed by the Role Server but which do not need to be
				27	// spawned on demand by the Role Server). These Event Values and code which acts
				28	// upon them form a reactive/dataflow-driven model which drives the Role Server
				29	// logic forward.
				30	//
				31	// The Role Server also has to handle the complex bootstrap problem involved in
				32	// simultaneously accessing the control plane (for node roles and other cluster
				33	// data) while maintaining (possibly the only one in the cluster) control plane
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	34	// instance. This problem is resolved by using the RPC resolver package which
				35	// allows dynamic reconfiguration of endpoints as the cluster is running.
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	36	package roleserve
				37
				38	import (
				39	"context"
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	40	"crypto/ed25519"
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	41
Serge Bazanski	b43d0f0	2022-06-23 17:32:10 +0200	[diff] [blame]	42	common "source.monogon.dev/metropolis/node"
Serge Bazanski	7920852	2023-03-28 20:14:58 +0200	[diff] [blame]	43	"source.monogon.dev/metropolis/node/core/clusternet"
Serge Bazanski	5df62ba	2023-03-22 17:56:46 +0100	[diff] [blame]	44	"source.monogon.dev/metropolis/node/core/curator"
Lorenz Brun	1de8b18	2021-12-21 17:15:18 +0100	[diff] [blame]	45	"source.monogon.dev/metropolis/node/core/identity"
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	46	"source.monogon.dev/metropolis/node/core/localstorage"
				47	"source.monogon.dev/metropolis/node/core/network"
Serge Bazanski	b43d0f0	2022-06-23 17:32:10 +0200	[diff] [blame]	48	"source.monogon.dev/metropolis/node/core/rpc/resolver"
Lorenz Brun	35fcf03	2023-06-29 04:15:58 +0200	[diff] [blame]	49	"source.monogon.dev/metropolis/node/core/update"
Serge Bazanski	37110c3	2023-03-01 13:57:27 +0000	[diff] [blame]	50	"source.monogon.dev/metropolis/pkg/event/memory"
Serge Bazanski	e012b72	2023-03-29 17:49:04 +0200	[diff] [blame]	51	"source.monogon.dev/metropolis/pkg/logtree"
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	52	"source.monogon.dev/metropolis/pkg/supervisor"
Serge Bazanski	e012b72	2023-03-29 17:49:04 +0200	[diff] [blame]	53
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	54	cpb "source.monogon.dev/metropolis/proto/common"
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	55	)
				56
				57	// Config is the configuration of the role server.
				58	type Config struct {
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	59	// StorageRoot is a handle to access all of the Node's storage. This is needed
				60	// as the roleserver spawns complex workloads like Kubernetes which need access
				61	// to a broad range of storage.
				62	StorageRoot *localstorage.Root
				63
				64	// Network is a handle to the network service, used by workloads.
				65	Network *network.Service
Serge Bazanski	58ddc09	2022-06-30 18:23:33 +0200	[diff] [blame]	66
				67	// resolver is the main, long-lived, authenticated cluster resolver that is used
				68	// for all subsequent gRPC calls by the subordinates of the roleserver. It is
				69	// created early in the roleserver lifecycle, and is seeded with node
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	70	// information from the ProvideXXX methods.
Serge Bazanski	58ddc09	2022-06-30 18:23:33 +0200	[diff] [blame]	71	Resolver *resolver.Resolver
Serge Bazanski	e012b72	2023-03-29 17:49:04 +0200	[diff] [blame]	72
Lorenz Brun	35fcf03	2023-06-29 04:15:58 +0200	[diff] [blame]	73	// Update is a handle to the update service, used by workloads.
				74	Update *update.Service
				75
Serge Bazanski	e012b72	2023-03-29 17:49:04 +0200	[diff] [blame]	76	LogTree *logtree.LogTree
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	77	}
				78
				79	// Service is the roleserver/“Role Server” service. See the package-level
				80	// documentation for more details.
				81	type Service struct {
				82	Config
				83
Serge Bazanski	1fb2b10	2023-04-06 10:13:46 +0200	[diff] [blame]	84	KubernetesStatus memory.Value[*KubernetesStatus]
				85	bootstrapData memory.Value[*bootstrapData]
				86	localRoles memory.Value[*cpb.NodeRoles]
				87	podNetwork memory.Value[*clusternet.Prefixes]
				88	clusterDirectorySaved memory.Value[bool]
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	89	localControlPlane memory.Value[*localControlPlane]
				90	CuratorConnection memory.Value[*curatorConnection]
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	91
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	92	controlPlane *workerControlPlane
				93	statusPush *workerStatusPush
Mateusz Zalega	32b1929	2022-05-17 13:26:55 +0200	[diff] [blame]	94	heartbeat *workerHeartbeat
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	95	kubernetes *workerKubernetes
				96	rolefetch *workerRoleFetch
Serge Bazanski	b40c008	2023-03-29 14:28:04 +0200	[diff] [blame]	97	nodeMgmt *workerNodeMgmt
Serge Bazanski	7920852	2023-03-28 20:14:58 +0200	[diff] [blame]	98	clusternet *workerClusternet
Serge Bazanski	1fb2b10	2023-04-06 10:13:46 +0200	[diff] [blame]	99	hostsfile *workerHostsfile
Serge Bazanski	54e212a	2023-06-14 13:45:11 +0200	[diff] [blame]	100	metrics *workerMetrics
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	101	}
				102
				103	// New creates a Role Server services from a Config.
				104	func New(c Config) *Service {
Serge Bazanski	b43d0f0	2022-06-23 17:32:10 +0200	[diff] [blame]	105	s := &Service{
Serge Bazanski	58ddc09	2022-06-30 18:23:33 +0200	[diff] [blame]	106	Config: c,
Serge Bazanski	b43d0f0	2022-06-23 17:32:10 +0200	[diff] [blame]	107	}
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	108	s.controlPlane = &workerControlPlane{
				109	storageRoot: s.StorageRoot,
				110
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	111	bootstrapData: &s.bootstrapData,
				112	localRoles: &s.localRoles,
				113	resolver: s.Resolver,
				114
				115	localControlPlane: &s.localControlPlane,
				116	curatorConnection: &s.CuratorConnection,
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	117	}
				118
				119	s.statusPush = &workerStatusPush{
				120	network: s.Network,
				121
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	122	curatorConnection: &s.CuratorConnection,
				123	localControlPlane: &s.localControlPlane,
Serge Bazanski	1fb2b10	2023-04-06 10:13:46 +0200	[diff] [blame]	124	clusterDirectorySaved: &s.clusterDirectorySaved,
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	125	}
				126
Mateusz Zalega	32b1929	2022-05-17 13:26:55 +0200	[diff] [blame]	127	s.heartbeat = &workerHeartbeat{
				128	network: s.Network,
				129
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	130	curatorConnection: &s.CuratorConnection,
Mateusz Zalega	32b1929	2022-05-17 13:26:55 +0200	[diff] [blame]	131	}
				132
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	133	s.kubernetes = &workerKubernetes{
				134	network: s.Network,
				135	storageRoot: s.StorageRoot,
				136
				137	localRoles: &s.localRoles,
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	138	localControlPlane: &s.localControlPlane,
				139	curatorConnection: &s.CuratorConnection,
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	140
				141	kubernetesStatus: &s.KubernetesStatus,
Serge Bazanski	7920852	2023-03-28 20:14:58 +0200	[diff] [blame]	142	podNetwork: &s.podNetwork,
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	143	}
				144
				145	s.rolefetch = &workerRoleFetch{
Serge Bazanski	186109c	2023-06-21 16:57:36 +0200	[diff] [blame]	146	storageRoot: s.StorageRoot,
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	147	curatorConnection: &s.CuratorConnection,
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	148
				149	localRoles: &s.localRoles,
				150	}
				151
Serge Bazanski	b40c008	2023-03-29 14:28:04 +0200	[diff] [blame]	152	s.nodeMgmt = &workerNodeMgmt{
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	153	curatorConnection: &s.CuratorConnection,
Serge Bazanski	e012b72	2023-03-29 17:49:04 +0200	[diff] [blame]	154	logTree: s.LogTree,
Lorenz Brun	35fcf03	2023-06-29 04:15:58 +0200	[diff] [blame]	155	updateService: s.Update,
Serge Bazanski	b40c008	2023-03-29 14:28:04 +0200	[diff] [blame]	156	}
Serge Bazanski	1fb2b10	2023-04-06 10:13:46 +0200	[diff] [blame]	157
Serge Bazanski	7920852	2023-03-28 20:14:58 +0200	[diff] [blame]	158	s.clusternet = &workerClusternet{
				159	storageRoot: s.StorageRoot,
				160
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	161	curatorConnection: &s.CuratorConnection,
Serge Bazanski	7920852	2023-03-28 20:14:58 +0200	[diff] [blame]	162	podNetwork: &s.podNetwork,
Serge Bazanski	b565cc6	2023-03-30 18:43:51 +0200	[diff] [blame]	163	network: s.Network,
Serge Bazanski	7920852	2023-03-28 20:14:58 +0200	[diff] [blame]	164	}
Serge Bazanski	b40c008	2023-03-29 14:28:04 +0200	[diff] [blame]	165
Serge Bazanski	1fb2b10	2023-04-06 10:13:46 +0200	[diff] [blame]	166	s.hostsfile = &workerHostsfile{
				167	storageRoot: s.StorageRoot,
				168	network: s.Network,
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	169	curatorConnection: &s.CuratorConnection,
Serge Bazanski	1fb2b10	2023-04-06 10:13:46 +0200	[diff] [blame]	170	clusterDirectorySaved: &s.clusterDirectorySaved,
				171	}
				172
Serge Bazanski	54e212a	2023-06-14 13:45:11 +0200	[diff] [blame]	173	s.metrics = &workerMetrics{
				174	curatorConnection: &s.CuratorConnection,
Tim Windelschmidt	b551b65	2023-07-17 16:01:42 +0200	[diff] [blame]	175	localRoles: &s.localRoles,
Tim Windelschmidt	fd49f22	2023-07-20 14:27:50 +0200	[diff] [blame]	176	localControlplane: &s.localControlPlane,
Serge Bazanski	54e212a	2023-06-14 13:45:11 +0200	[diff] [blame]	177	}
				178
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	179	return s
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	180	}
				181
Serge Bazanski	e4a4ce1	2023-03-22 18:29:54 +0100	[diff] [blame]	182	func (s Service) ProvideBootstrapData(privkey ed25519.PrivateKey, iok, cuk, nuk, jkey []byte, icc curator.Cluster, tpmUsage cpb.NodeTPMUsage) {
Serge Bazanski	b43d0f0	2022-06-23 17:32:10 +0200	[diff] [blame]	183	pubkey := privkey.Public().(ed25519.PublicKey)
				184	nid := identity.NodeID(pubkey)
				185
				186	// This is the first time we have the node ID, tell the resolver that it's
				187	// available on the loopback interface.
Serge Bazanski	58ddc09	2022-06-30 18:23:33 +0200	[diff] [blame]	188	s.Resolver.AddOverride(nid, resolver.NodeByHostPort("127.0.0.1", uint16(common.CuratorServicePort)))
Serge Bazanski	90a70a0	2023-05-30 15:15:27 +0200	[diff] [blame]	189	s.Resolver.AddEndpoint(resolver.NodeByHostPort("127.0.0.1", uint16(common.CuratorServicePort)))
Serge Bazanski	b43d0f0	2022-06-23 17:32:10 +0200	[diff] [blame]	190
Serge Bazanski	37110c3	2023-03-01 13:57:27 +0000	[diff] [blame]	191	s.bootstrapData.Set(&bootstrapData{
Serge Bazanski	5df62ba	2023-03-22 17:56:46 +0100	[diff] [blame]	192	nodePrivateKey: privkey,
				193	initialOwnerKey: iok,
				194	clusterUnlockKey: cuk,
				195	nodeUnlockKey: nuk,
				196	nodePrivateJoinKey: jkey,
				197	initialClusterConfiguration: icc,
Serge Bazanski	e4a4ce1	2023-03-22 18:29:54 +0100	[diff] [blame]	198	nodeTPMUsage: tpmUsage,
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	199	})
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	200	}
				201
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	202	func (s Service) ProvideRegisterData(credentials identity.NodeCredentials, directory cpb.ClusterDirectory) {
Serge Bazanski	b43d0f0	2022-06-23 17:32:10 +0200	[diff] [blame]	203	// This is the first time we have the node ID, tell the resolver that it's
				204	// available on the loopback interface.
Serge Bazanski	58ddc09	2022-06-30 18:23:33 +0200	[diff] [blame]	205	s.Resolver.AddOverride(credentials.ID(), resolver.NodeByHostPort("127.0.0.1", uint16(common.CuratorServicePort)))
Serge Bazanski	90a70a0	2023-05-30 15:15:27 +0200	[diff] [blame]	206	// Also tell the resolver about all the existing nodes in the cluster we just
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	207	// registered into. The directory passed here was used to issue the initial
				208	// Register call, which means at least one of the nodes was running the control
				209	// plane and thus can be used to seed the rest of the resolver.
Serge Bazanski	90a70a0	2023-05-30 15:15:27 +0200	[diff] [blame]	210	for _, n := range directory.Nodes {
Serge Bazanski	90a70a0	2023-05-30 15:15:27 +0200	[diff] [blame]	211	for _, addr := range n.Addresses {
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	212	s.Resolver.AddEndpoint(resolver.NodeAtAddressWithDefaultPort(addr.Host))
Serge Bazanski	90a70a0	2023-05-30 15:15:27 +0200	[diff] [blame]	213	}
				214	}
Serge Bazanski	b43d0f0	2022-06-23 17:32:10 +0200	[diff] [blame]	215
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	216	s.CuratorConnection.Set(newCuratorConnection(&credentials, s.Resolver))
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	217	}
				218
Mateusz Zalega	2930e99	2022-04-25 12:52:35 +0200	[diff] [blame]	219	func (s Service) ProvideJoinData(credentials identity.NodeCredentials, directory cpb.ClusterDirectory) {
Serge Bazanski	b43d0f0	2022-06-23 17:32:10 +0200	[diff] [blame]	220	// This is the first time we have the node ID, tell the resolver that it's
				221	// available on the loopback interface.
Serge Bazanski	58ddc09	2022-06-30 18:23:33 +0200	[diff] [blame]	222	s.Resolver.AddOverride(credentials.ID(), resolver.NodeByHostPort("127.0.0.1", uint16(common.CuratorServicePort)))
Serge Bazanski	90a70a0	2023-05-30 15:15:27 +0200	[diff] [blame]	223	// Also tell the resolver about all the existing nodes in the cluster we just
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	224	// joined into. The directory passed here was used to issue the initial
				225	// Join call, which means at least one of the nodes was running the control
				226	// plane and thus can be used to seed the rest of the resolver.
Serge Bazanski	90a70a0	2023-05-30 15:15:27 +0200	[diff] [blame]	227	for _, n := range directory.Nodes {
Serge Bazanski	90a70a0	2023-05-30 15:15:27 +0200	[diff] [blame]	228	for _, addr := range n.Addresses {
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	229	s.Resolver.AddEndpoint(resolver.NodeAtAddressWithDefaultPort(addr.Host))
Serge Bazanski	90a70a0	2023-05-30 15:15:27 +0200	[diff] [blame]	230	}
				231	}
Serge Bazanski	b43d0f0	2022-06-23 17:32:10 +0200	[diff] [blame]	232
Serge Bazanski	fe3d8fd	2023-05-30 20:50:09 +0200	[diff] [blame]	233	s.CuratorConnection.Set(newCuratorConnection(&credentials, s.Resolver))
Serge Bazanski	1fb2b10	2023-04-06 10:13:46 +0200	[diff] [blame]	234	s.clusterDirectorySaved.Set(true)
Mateusz Zalega	2930e99	2022-04-25 12:52:35 +0200	[diff] [blame]	235	}
				236
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	237	// Run the Role Server service, which uses intermediary workload launchers to
				238	// start/stop subordinate services as the Node's roles change.
				239	func (s *Service) Run(ctx context.Context) error {
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	240	supervisor.Run(ctx, "controlplane", s.controlPlane.run)
				241	supervisor.Run(ctx, "kubernetes", s.kubernetes.run)
				242	supervisor.Run(ctx, "statuspush", s.statusPush.run)
Mateusz Zalega	32b1929	2022-05-17 13:26:55 +0200	[diff] [blame]	243	supervisor.Run(ctx, "heartbeat", s.heartbeat.run)
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	244	supervisor.Run(ctx, "rolefetch", s.rolefetch.run)
Serge Bazanski	b40c008	2023-03-29 14:28:04 +0200	[diff] [blame]	245	supervisor.Run(ctx, "nodemgmt", s.nodeMgmt.run)
Serge Bazanski	7920852	2023-03-28 20:14:58 +0200	[diff] [blame]	246	supervisor.Run(ctx, "clusternet", s.clusternet.run)
Serge Bazanski	1fb2b10	2023-04-06 10:13:46 +0200	[diff] [blame]	247	supervisor.Run(ctx, "hostsfile", s.hostsfile.run)
Serge Bazanski	54e212a	2023-06-14 13:45:11 +0200	[diff] [blame]	248	supervisor.Run(ctx, "metrics", s.metrics.run)
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	249	supervisor.Signal(ctx, supervisor.SignalHealthy)
				250
Serge Bazanski	6dff6d6	2022-01-28 18:15:14 +0100	[diff] [blame]	251	<-ctx.Done()
				252	return ctx.Err()
Serge Bazanski	0d93777	2021-06-17 15:54:40 +0200	[diff] [blame]	253	}