Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / b6a9d3c613847de99be456f17c6b18cc4d1c4e63 / . / metropolis / node / BUILD.bazel
blob: 722f05b7dd88f7b5b832ef5c05a70d3d9bfefa3b [file] [log] [blame]
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]1load("@io_bazel_rules_go//go:def.bzl", "go_library")
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]2load("//metropolis/node/build:def.bzl", "erofs_image", "verity_image")
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]3load("//metropolis/node/build:efi.bzl", "efi_unified_kernel_image")
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]4load("@rules_pkg//:pkg.bzl", "pkg_zip")
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]5
6go_library(
7 name = "go_default_library",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]8 srcs = [
9 "ids.go",
10 "ports.go",
11 ],
Serge Bazanski31370b02021-01-07 16:31:14 +0100[diff] [blame]12 importpath = "source.monogon.dev/metropolis/node",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]13 visibility = ["//metropolis:__subpackages__"],
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]14)
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]15
Lorenz Brun313816f2020-12-22 16:52:26 +0100[diff] [blame]16# debug_build checks if we're building in debug mode and enables various debug features for the image.
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]17config_setting(
18 name = "debug_build",
19 values = {
20 "compilation_mode": "dbg",
21 },
22)
23
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]24erofs_image(
25 name = "rootfs",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]26 extra_dirs = [
27 "/kubernetes/conf/flexvolume-plugins",
Lorenz Brun74e8e5c2021-01-26 14:00:50 +0100[diff] [blame]28 "/containerd/plugins",
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]29 "/sys",
30 "/proc",
31 "/dev",
32 "/esp",
33 "/tmp",
34 "/run",
35 "/ephemeral",
36 "/data",
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]37 ],
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]38 files = {
Serge Bazanskieac8f732021-10-05 23:30:37 +0200[diff] [blame]39 "//metropolis/node/core": "/core",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]40
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]41 # CA Certificate bundle & os-release & resolv.conf
42 # These should not be explicitly used by Metropolis code and are only here for compatibility with
43 # paths hardcoded by standard libraries (like Go's).
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]44 "@cacerts//file": "/etc/ssl/cert.pem",
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]45 "//metropolis/node/core/network/dns:resolv.conf": "/etc/resolv.conf",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]46 ":os-release-info": "/etc/os-release",
47
48 # Hyperkube
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]49 "//metropolis/node/kubernetes/hyperkube": "/kubernetes/bin/kube",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]50
Lorenz Brun339582b2020-07-29 18:13:35 +0200[diff] [blame]51 # CoreDNS
52 "@com_github_coredns_coredns//:coredns": "/kubernetes/bin/coredns",
53
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]54 # runsc/gVisor
55 "@com_github_google_gvisor//runsc": "/containerd/bin/runsc",
Lorenz Brunc2e3b1b2021-11-11 11:06:41 +0100[diff] [blame]56 "@com_github_google_gvisor//shim:containerd-shim-runsc-v1": "/containerd/bin/containerd-shim-runsc-v1",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]57
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]58 # runc (runtime in files_cc because of cgo)
59 "@com_github_containerd_containerd//cmd/containerd-shim-runc-v2": "/containerd/bin/containerd-shim-runc-v2",
60
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]61 # Containerd
62 "@com_github_containerd_containerd//cmd/containerd": "/containerd/bin/containerd",
63
64 # Containerd config files
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]65 "//metropolis/node/kubernetes/containerd:runsc.toml": "/containerd/conf/runsc.toml",
66 "//metropolis/node/kubernetes/containerd:config.toml": "/containerd/conf/config.toml",
67 "//metropolis/node/kubernetes/containerd:cnispec.gojson": "/containerd/conf/cnispec.gojson",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]68
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]69 # Containerd preseed bundles
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]70 "//metropolis/test/e2e/preseedtest:preseedtest.tar": "/containerd/preseed/k8s.io/preseedtest.tar",
71 "//metropolis/test/e2e/k8s_cts:k8s_cts_image.tar": "/containerd/preseed/k8s.io/k8s_cts.tar",
Lorenz Brun30167f52021-03-17 17:49:01 +0100[diff] [blame]72 "//metropolis/vm/smoketest:smoketest_container.tar": "/containerd/preseed/k8s.io/smoketest.tar",
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]73
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]74 # CNI Plugins
75 "@com_github_containernetworking_plugins//plugins/main/loopback": "/containerd/bin/cni/loopback",
76 "@com_github_containernetworking_plugins//plugins/main/ptp": "/containerd/bin/cni/ptp",
77 "@com_github_containernetworking_plugins//plugins/ipam/host-local": "/containerd/bin/cni/host-local",
Serge Bazanskic3ae7582020-06-08 17:15:26 +0200[diff] [blame]78
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]79 # Delve
80 "@com_github_go_delve_delve//cmd/dlv:dlv": "/dlv",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]81 },
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]82 files_cc = {
Serge Bazanskieac8f732021-10-05 23:30:37 +0200[diff] [blame]83 "//metropolis/node/core/minit": "/init",
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]84 # runc runtime, with cgo
85 "@com_github_opencontainers_runc//:runc": "/containerd/bin/runc",
Lorenz Brunddd6caf2021-03-04 17:16:04 +0100[diff] [blame]86 "@xfsprogs//:mkfs": "/bin/mkfs.xfs",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]87 "@chrony//:chrony": "/time/chrony",
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]88 },
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]89 symlinks = {
90 "/ephemeral/machine-id": "/etc/machine-id",
91 "/ephemeral/hosts": "/etc/hosts",
92 },
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]93)
94
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]95verity_image(
96 name = "verity_rootfs",
97 source = ":rootfs",
98)
99
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]100efi_unified_kernel_image(
101 name = "kernel_efi",
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]102 cmdline = "console=ttyS0,115200 console=tty0 quiet rootfstype=erofs init=/init",
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]103 kernel = "//third_party/linux",
104 os_release = ":os-release-info",
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]105 verity = ":verity_rootfs",
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]106)
107
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]108# An intermediary "bundle" format until we finalize the actual bundle format. This is NOT stable until migrated
109# to the actual bundle format.
110# TODO(lorenz): Replace this
111pkg_zip(
112 name = "node",
113 srcs = [
114 ":kernel_efi",
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]115 ":verity_rootfs",
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]116 ],
Lorenz Brunf8ede092021-11-08 20:50:57 +0100[diff] [blame]117 visibility = ["//visibility:public"],
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]118)
119
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]120genrule(
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]121 name = "image",
122 srcs = [
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]123 ":kernel_efi",
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]124 ":verity_rootfs",
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]125 ],
126 outs = [
Serge Bazanski662b5b32020-12-21 13:49:00 +0100[diff] [blame]127 "node.img",
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]128 ],
129 cmd = """
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]130 $(location //metropolis/node/build/mkimage) \
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]131 -efi $(location :kernel_efi) \
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]132 -system $(location :verity_rootfs) \
Leopold Schabel65493072019-11-06 13:40:44 +0000[diff] [blame]133 -out $@
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]134 """,
Lorenz Brun0bcaaee2019-11-06 12:42:39 +0100[diff] [blame]135 tools = [
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]136 "//metropolis/node/build/mkimage",
Lorenz Brun0bcaaee2019-11-06 12:42:39 +0100[diff] [blame]137 ],
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]138 visibility = [
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]139 "//metropolis/test/e2e:__subpackages__",
Serge Bazanskif12bedf2021-01-15 16:58:50 +0100[diff] [blame]140 "//metropolis/test/launch:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]141 ],
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]142)
143
Leopold Schabel957c5b12021-12-04 01:34:40 +0100[diff] [blame]144# Create a tar.gz of the image, suitable for importing to GCP as a custom image.
145# (see https://cloud.google.com/compute/docs/import/import-existing-image#create_image_file)
146#
147# We can't use Bazel's "pkg_tar" rule because it insists on adding a "./" prefix to the
148# file name inside the archive, which is not compatible with GCP's importer.
149genrule(
150 name = "image_gcp",
151 srcs = [
152 ":image",
153 ],
154 outs = [
155 "node.tar.gz",
156 ],
157 cmd = """
158 # make it reproducible and fast (it doesn't compress well anyway)
159 export GZIP="--no-name --fast"
160
161 ln -rs $< $(@D)/disk.raw # GCP insists it be called "disk.raw"
162
163 cd $(@D)
164 tar --format=oldgnu --mtime='1970-01-01' -Sczhf node.tar.gz disk.raw
165 """,
166)
167
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]168genrule(
169 name = "swtpm_data",
170 outs = [
171 "tpm/tpm2-00.permall",
172 "tpm/signkey.pem",
173 "tpm/issuercert.pem",
174 ],
175 cmd = """
176 mkdir -p tpm/ca
177
178 cat <<EOF > tpm/swtpm.conf
179create_certs_tool= /usr/share/swtpm/swtpm-localca
180create_certs_tool_config = tpm/swtpm-localca.conf
181create_certs_tool_options = /etc/swtpm-localca.options
182EOF
183
184 cat <<EOF > tpm/swtpm-localca.conf
185statedir = tpm/ca
186signingkey = tpm/ca/signkey.pem
187issuercert = tpm/ca/issuercert.pem
188certserial = tpm/ca/certserial
189EOF
190
191 swtpm_setup \
192 --tpmstate tpm \
193 --create-ek-cert \
194 --create-platform-cert \
195 --allow-signing \
196 --tpm2 \
197 --display \
198 --pcr-banks sha1,sha256,sha384,sha512 \
199 --config tpm/swtpm.conf
200
201 cp tpm/tpm2-00.permall $(location tpm/tpm2-00.permall)
202 cp tpm/ca/issuercert.pem $(location tpm/issuercert.pem)
203 cp tpm/ca/signkey.pem $(location tpm/signkey.pem)
204 """,
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]205 visibility = [
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]206 "//metropolis/test/e2e:__subpackages__",
Serge Bazanskif12bedf2021-01-15 16:58:50 +0100[diff] [blame]207 "//metropolis/test/launch:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]208 ],
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]209)
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]210
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]211load("//metropolis/node/build/genosrelease:defs.bzl", "os_release")
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]212
213os_release(
214 name = "os-release-info",
Serge Bazanski662b5b32020-12-21 13:49:00 +0100[diff] [blame]215 os_id = "metropolis-node",
216 os_name = "Metropolis Node",
217 stamp_var = "STABLE_METROPOLIS_version",
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]218)