Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 3a99c590543394ceb5260282ef8e924b44e8eef8 / . / metropolis / node / BUILD.bazel
blob: 9d6957e17d48f51c45bdff2a04fba3601251f0e6 [file] [log] [blame]
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]1load("@io_bazel_rules_go//go:def.bzl", "go_library")
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame^]2load("//metropolis/node/build:def.bzl", "erofs_image")
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]3
4go_library(
5 name = "go_default_library",
6 srcs = ["ports.go"],
Serge Bazanski31370b02021-01-07 16:31:14 +0100[diff] [blame]7 importpath = "source.monogon.dev/metropolis/node",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]8 visibility = ["//metropolis:__subpackages__"],
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]9)
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]10
Lorenz Brun313816f2020-12-22 16:52:26 +0100[diff] [blame]11# debug_build checks if we're building in debug mode and enables various debug features for the image.
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]12config_setting(
13 name = "debug_build",
14 values = {
15 "compilation_mode": "dbg",
16 },
17)
18
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame^]19erofs_image(
20 name = "rootfs",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]21 extra_dirs = [
22 "/kubernetes/conf/flexvolume-plugins",
Lorenz Brun74e8e5c2021-01-26 14:00:50 +0100[diff] [blame]23 "/containerd/plugins",
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame^]24 "/sys",
25 "/proc",
26 "/dev",
27 "/esp",
28 "/tmp",
29 "/run",
30 "/ephemeral",
31 "/data",
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]32 ],
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]33 files = {
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]34 "//metropolis/node/core": "/init",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]35 "//third_party/xfsprogs:mkfs.xfs": "/bin/mkfs.xfs",
36
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame^]37 # CA Certificate bundle & os-release & resolv.conf
38 # These should not be explicitly used by Metropolis code and are only here for compatibility with
39 # paths hardcoded by standard libraries (like Go's).
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]40 "@cacerts//file": "/etc/ssl/cert.pem",
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame^]41 "//metropolis/node/core/network/dns:resolv.conf": "/etc/resolv.conf",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]42 ":os-release-info": "/etc/os-release",
43
44 # Hyperkube
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]45 "//metropolis/node/kubernetes/hyperkube": "/kubernetes/bin/kube",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]46
Lorenz Brun339582b2020-07-29 18:13:35 +0200[diff] [blame]47 # CoreDNS
48 "@com_github_coredns_coredns//:coredns": "/kubernetes/bin/coredns",
49
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]50 # runsc/gVisor
51 "@com_github_google_gvisor//runsc": "/containerd/bin/runsc",
Serge Bazanskif12bedf2021-01-15 16:58:50 +0100[diff] [blame]52 "@com_github_google_gvisor//shim/v2:containerd-shim-runsc-v1": "/containerd/bin/containerd-shim-runsc-v1",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]53
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]54 # runc (runtime in files_cc because of cgo)
55 "@com_github_containerd_containerd//cmd/containerd-shim-runc-v2": "/containerd/bin/containerd-shim-runc-v2",
56
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]57 # Containerd
58 "@com_github_containerd_containerd//cmd/containerd": "/containerd/bin/containerd",
59
60 # Containerd config files
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]61 "//metropolis/node/kubernetes/containerd:runsc.toml": "/containerd/conf/runsc.toml",
62 "//metropolis/node/kubernetes/containerd:config.toml": "/containerd/conf/config.toml",
63 "//metropolis/node/kubernetes/containerd:cnispec.gojson": "/containerd/conf/cnispec.gojson",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]64
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]65 # Containerd preseed bundles
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]66 "//metropolis/test/e2e/preseedtest:preseedtest.tar": "/containerd/preseed/k8s.io/preseedtest.tar",
67 "//metropolis/test/e2e/k8s_cts:k8s_cts_image.tar": "/containerd/preseed/k8s.io/k8s_cts.tar",
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]68
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]69 # CNI Plugins
70 "@com_github_containernetworking_plugins//plugins/main/loopback": "/containerd/bin/cni/loopback",
71 "@com_github_containernetworking_plugins//plugins/main/ptp": "/containerd/bin/cni/ptp",
72 "@com_github_containernetworking_plugins//plugins/ipam/host-local": "/containerd/bin/cni/host-local",
Serge Bazanskic3ae7582020-06-08 17:15:26 +0200[diff] [blame]73
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]74 # Delve
75 "@com_github_go_delve_delve//cmd/dlv:dlv": "/dlv",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]76 },
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]77 files_cc = {
78 # runc runtime, with cgo
79 "@com_github_opencontainers_runc//:runc": "/containerd/bin/runc",
80 },
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame^]81 symlinks = {
82 "/ephemeral/machine-id": "/etc/machine-id",
83 "/ephemeral/hosts": "/etc/hosts",
84 },
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]85)
86
87genrule(
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]88 name = "image",
89 srcs = [
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]90 "//third_party/linux:bzImage",
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame^]91 ":rootfs",
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]92 ],
93 outs = [
Serge Bazanski662b5b32020-12-21 13:49:00 +0100[diff] [blame]94 "node.img",
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]95 ],
96 cmd = """
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]97 $(location //metropolis/node/build/mkimage) \
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]98 -efi $(location //third_party/linux:bzImage) \
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame^]99 -system $(location :rootfs) \
Leopold Schabel65493072019-11-06 13:40:44 +0000[diff] [blame]100 -out $@
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]101 """,
Lorenz Brun0bcaaee2019-11-06 12:42:39 +0100[diff] [blame]102 tools = [
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]103 "//metropolis/node/build/mkimage",
Lorenz Brun0bcaaee2019-11-06 12:42:39 +0100[diff] [blame]104 ],
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]105 visibility = [
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]106 "//metropolis/test/e2e:__subpackages__",
Serge Bazanskif12bedf2021-01-15 16:58:50 +0100[diff] [blame]107 "//metropolis/test/launch:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]108 ],
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]109)
110
111genrule(
112 name = "swtpm_data",
113 outs = [
114 "tpm/tpm2-00.permall",
115 "tpm/signkey.pem",
116 "tpm/issuercert.pem",
117 ],
118 cmd = """
119 mkdir -p tpm/ca
120
121 cat <<EOF > tpm/swtpm.conf
122create_certs_tool= /usr/share/swtpm/swtpm-localca
123create_certs_tool_config = tpm/swtpm-localca.conf
124create_certs_tool_options = /etc/swtpm-localca.options
125EOF
126
127 cat <<EOF > tpm/swtpm-localca.conf
128statedir = tpm/ca
129signingkey = tpm/ca/signkey.pem
130issuercert = tpm/ca/issuercert.pem
131certserial = tpm/ca/certserial
132EOF
133
134 swtpm_setup \
135 --tpmstate tpm \
136 --create-ek-cert \
137 --create-platform-cert \
138 --allow-signing \
139 --tpm2 \
140 --display \
141 --pcr-banks sha1,sha256,sha384,sha512 \
142 --config tpm/swtpm.conf
143
144 cp tpm/tpm2-00.permall $(location tpm/tpm2-00.permall)
145 cp tpm/ca/issuercert.pem $(location tpm/issuercert.pem)
146 cp tpm/ca/signkey.pem $(location tpm/signkey.pem)
147 """,
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]148 visibility = [
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]149 "//metropolis/test/e2e:__subpackages__",
Serge Bazanskif12bedf2021-01-15 16:58:50 +0100[diff] [blame]150 "//metropolis/test/launch:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]151 ],
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]152)
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]153
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]154load("//metropolis/node/build/genosrelease:defs.bzl", "os_release")
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]155
156os_release(
157 name = "os-release-info",
Serge Bazanski662b5b32020-12-21 13:49:00 +0100[diff] [blame]158 os_id = "metropolis-node",
159 os_name = "Metropolis Node",
160 stamp_var = "STABLE_METROPOLIS_version",
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]161)