Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 3e756907d9c769bc92efde5325cd965a4dacf5bd / . / metropolis / node / BUILD.bazel
blob: 98fc1cf3872848f78aec47957acb13f108bfbe55 [file] [log] [blame]
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]1load("@io_bazel_rules_go//go:def.bzl", "go_library")
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]2load("//metropolis/node/build:def.bzl", "erofs_image", "verity_image")
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]3load("//metropolis/node/build:efi.bzl", "efi_unified_kernel_image")
Lorenz Brun1dc60af2023-10-03 15:40:09 +0200[diff] [blame]4load("//metropolis/node/build/mkimage:def.bzl", "node_image")
Lorenz Brun17c4c8b2022-02-01 12:59:47 +0100[diff] [blame]5load("//metropolis/node/build/fwprune:def.bzl", "fsspec_linux_firmware")
Lorenz Brun80deba52022-02-24 17:07:13 +0100[diff] [blame]6load("//metropolis/node/build/mkucode:def.bzl", "cpio_ucode")
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]7load("@rules_pkg//:pkg.bzl", "pkg_zip")
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]8
9go_library(
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]10 name = "node",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]11 srcs = [
12 "ids.go",
Lorenz Brun0e291a12023-06-01 12:22:45 +0200[diff] [blame]13 "net_ips.go",
Serge Bazanski93d593b2023-03-28 16:43:47 +0200[diff] [blame]14 "net_protocols.go",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]15 "ports.go",
Tim Windelschmidt0b84a9f2023-07-27 14:20:31 +0000[diff] [blame]16 "version.go",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]17 ],
Serge Bazanski31370b02021-01-07 16:31:14 +0100[diff] [blame]18 importpath = "source.monogon.dev/metropolis/node",
Tim Windelschmidt03000772023-07-03 02:19:28 +0200[diff] [blame]19 visibility = [
20 "//metropolis:__subpackages__",
21 "@io_k8s_kubernetes//pkg/registry:__subpackages__",
22 ],
Tim Windelschmidt0b84a9f2023-07-27 14:20:31 +0000[diff] [blame]23 x_defs = {
24 "BuildCommit": "{STABLE_METROPOLIS_gitCommit}",
25 "BuildTreeState": "{STABLE_METROPOLIS_gitTreeState}",
26 "BuildVersion": "{STABLE_METROPOLIS_version}",
27 },
Serge Bazanski93d593b2023-03-28 16:43:47 +0200[diff] [blame]28 deps = ["@com_github_vishvananda_netlink//:netlink"],
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]29)
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]30
Lorenz Brun313816f2020-12-22 16:52:26 +0100[diff] [blame]31# debug_build checks if we're building in debug mode and enables various debug features for the image.
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]32config_setting(
33 name = "debug_build",
34 values = {
35 "compilation_mode": "dbg",
36 },
37)
38
Lorenz Brun17c4c8b2022-02-01 12:59:47 +0100[diff] [blame]39fsspec_linux_firmware(
40 name = "firmware",
41 firmware_files = ["@linux-firmware//:all_files"],
42 kernel = "//third_party/linux",
Lorenz Brund3ce0ac2022-03-03 12:51:21 +0100[diff] [blame]43 metadata = "@linux-firmware//:metadata",
Lorenz Brun17c4c8b2022-02-01 12:59:47 +0100[diff] [blame]44)
45
Lorenz Brun80deba52022-02-24 17:07:13 +0100[diff] [blame]46cpio_ucode(
47 name = "ucode",
48 ucode = {
49 "@linux-firmware//:amd_ucode": "AuthenticAMD",
50 "@intel_ucode//:fam6h": "GenuineIntel",
51 },
52 visibility = ["//metropolis:__subpackages__"],
53)
54
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]55erofs_image(
56 name = "rootfs",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]57 files = {
Serge Bazanskieac8f732021-10-05 23:30:37 +0200[diff] [blame]58 "//metropolis/node/core": "/core",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]59
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]60 # CA Certificate bundle & os-release & resolv.conf
61 # These should not be explicitly used by Metropolis code and are only here for compatibility with
62 # paths hardcoded by standard libraries (like Go's).
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]63 "@cacerts//file": "/etc/ssl/cert.pem",
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]64 "//metropolis/node/core/network/dns:resolv.conf": "/etc/resolv.conf",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]65 ":os-release-info": "/etc/os-release",
66
Serge Bazanski6d563ca2023-06-14 13:44:20 +0200[diff] [blame]67 # Metrics exporters
68 "@com_github_prometheus_node_exporter//:node_exporter": "/metrics/bin/node_exporter",
69
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]70 # Hyperkube
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]71 "//metropolis/node/kubernetes/hyperkube": "/kubernetes/bin/kube",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]72
Lorenz Brun339582b2020-07-29 18:13:35 +0200[diff] [blame]73 # CoreDNS
74 "@com_github_coredns_coredns//:coredns": "/kubernetes/bin/coredns",
75
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]76 # runsc/gVisor
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]77 "@dev_gvisor_gvisor//runsc": "/containerd/bin/runsc",
78 "@dev_gvisor_gvisor//shim": "/containerd/bin/containerd-shim-runsc-v1",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]79
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]80 # runc (runtime in files_cc because of cgo)
81 "@com_github_containerd_containerd//cmd/containerd-shim-runc-v2": "/containerd/bin/containerd-shim-runc-v2",
82
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]83 # Containerd
84 "@com_github_containerd_containerd//cmd/containerd": "/containerd/bin/containerd",
85
86 # Containerd config files
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]87 "//metropolis/node/kubernetes/containerd:runsc.toml": "/containerd/conf/runsc.toml",
88 "//metropolis/node/kubernetes/containerd:config.toml": "/containerd/conf/config.toml",
89 "//metropolis/node/kubernetes/containerd:cnispec.gojson": "/containerd/conf/cnispec.gojson",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]90
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]91 # Containerd preseed bundles
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]92 "//metropolis/test/e2e/preseedtest:preseedtest_image.tar": "/containerd/preseed/k8s.io/preseedtest.tar",
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]93
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]94 # CNI Plugins
95 "@com_github_containernetworking_plugins//plugins/main/loopback": "/containerd/bin/cni/loopback",
96 "@com_github_containernetworking_plugins//plugins/main/ptp": "/containerd/bin/cni/ptp",
97 "@com_github_containernetworking_plugins//plugins/ipam/host-local": "/containerd/bin/cni/host-local",
Serge Bazanskic3ae7582020-06-08 17:15:26 +0200[diff] [blame]98
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]99 # Delve
100 "@com_github_go_delve_delve//cmd/dlv:dlv": "/dlv",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]101 },
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]102 files_cc = {
Serge Bazanskieac8f732021-10-05 23:30:37 +0200[diff] [blame]103 "//metropolis/node/core/minit": "/init",
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]104 # runc runtime, with cgo
105 "@com_github_opencontainers_runc//:runc": "/containerd/bin/runc",
Lorenz Brunddd6caf2021-03-04 17:16:04 +0100[diff] [blame]106 "@xfsprogs//:mkfs": "/bin/mkfs.xfs",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]107 "@chrony//:chrony": "/time/chrony",
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]108 },
Serge Bazanskia3938142022-04-04 17:04:47 +0200[diff] [blame]109 fsspecs = [
110 ":erofs-layout.fsspec",
111 "//metropolis/node/build:earlydev.fsspec",
112 ":firmware",
113 ],
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]114 symlinks = {
115 "/ephemeral/machine-id": "/etc/machine-id",
116 "/ephemeral/hosts": "/etc/hosts",
117 },
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]118)
119
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]120verity_image(
121 name = "verity_rootfs",
122 source = ":rootfs",
123)
124
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]125efi_unified_kernel_image(
126 name = "kernel_efi",
Lorenz Brund14be0e2023-07-31 16:46:14 +0200[diff] [blame]127 cmdline = "console=ttyS0,115200 console=ttyS1,115200 console=tty0 quiet rootfstype=erofs init=/init loadpin.exclude=kexec-image,kexec-initramfs",
Lorenz Brunb6c0aa92022-02-24 17:53:40 +0100[diff] [blame]128 initrd = [":ucode"],
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]129 kernel = "//third_party/linux",
130 os_release = ":os-release-info",
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]131 verity = ":verity_rootfs",
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]132)
133
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]134# An intermediary "bundle" format until we finalize the actual bundle format. This is NOT stable until migrated
135# to the actual bundle format.
136# TODO(lorenz): Replace this
137pkg_zip(
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]138 name = "bundle",
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]139 srcs = [
140 ":kernel_efi",
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]141 ":verity_rootfs",
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]142 ],
Lorenz Brunf8ede092021-11-08 20:50:57 +0100[diff] [blame]143 visibility = ["//visibility:public"],
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]144)
145
Lorenz Brun1dc60af2023-10-03 15:40:09 +0200[diff] [blame]146node_image(
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]147 name = "image",
Lorenz Brun1dc60af2023-10-03 15:40:09 +0200[diff] [blame]148 kernel = ":kernel_efi",
149 system = ":verity_rootfs",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]150 visibility = [
Mateusz Zalegafed8fe52022-07-14 16:19:35 +0200[diff] [blame]151 "//metropolis/cli/metroctl/test:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]152 "//metropolis/test/e2e:__subpackages__",
Serge Bazanskif12bedf2021-01-15 16:58:50 +0100[diff] [blame]153 "//metropolis/test/launch:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]154 ],
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]155)
156
157genrule(
158 name = "swtpm_data",
159 outs = [
160 "tpm/tpm2-00.permall",
161 "tpm/signkey.pem",
162 "tpm/issuercert.pem",
163 ],
164 cmd = """
165 mkdir -p tpm/ca
166
167 cat <<EOF > tpm/swtpm.conf
168create_certs_tool= /usr/share/swtpm/swtpm-localca
169create_certs_tool_config = tpm/swtpm-localca.conf
170create_certs_tool_options = /etc/swtpm-localca.options
171EOF
172
173 cat <<EOF > tpm/swtpm-localca.conf
174statedir = tpm/ca
175signingkey = tpm/ca/signkey.pem
176issuercert = tpm/ca/issuercert.pem
177certserial = tpm/ca/certserial
178EOF
179
180 swtpm_setup \
181 --tpmstate tpm \
182 --create-ek-cert \
183 --create-platform-cert \
184 --allow-signing \
185 --tpm2 \
186 --display \
187 --pcr-banks sha1,sha256,sha384,sha512 \
188 --config tpm/swtpm.conf
189
190 cp tpm/tpm2-00.permall $(location tpm/tpm2-00.permall)
191 cp tpm/ca/issuercert.pem $(location tpm/issuercert.pem)
192 cp tpm/ca/signkey.pem $(location tpm/signkey.pem)
193 """,
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]194 visibility = [
Mateusz Zalegafed8fe52022-07-14 16:19:35 +0200[diff] [blame]195 "//metropolis/cli/metroctl/test:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]196 "//metropolis/test/e2e:__subpackages__",
Serge Bazanskif12bedf2021-01-15 16:58:50 +0100[diff] [blame]197 "//metropolis/test/launch:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]198 ],
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]199)
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]200
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]201load("//metropolis/node/build/genosrelease:defs.bzl", "os_release")
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]202
203os_release(
204 name = "os-release-info",
Serge Bazanski662b5b32020-12-21 13:49:00 +0100[diff] [blame]205 os_id = "metropolis-node",
206 os_name = "Metropolis Node",
207 stamp_var = "STABLE_METROPOLIS_version",
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]208)