Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 9d2f3c681fee76b54dc202da6ca140151f588be8 / . / metropolis / cli / metroctl / cmd_install.go
blob: 1b9b8cbf2bf7db9b0c0d1398d2a183780bea3ba5 [file] [log] [blame]
Tim Windelschmidt6d33a432025-02-04 14:34:25 +0100[diff] [blame]1// Copyright The Monogon Project Authors.
2// SPDX-License-Identifier: Apache-2.0
3
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]4package main
5
6import (
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]7 "context"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]8 "crypto/ed25519"
Lorenz Brun7a510192022-07-04 15:31:38 +0000[diff] [blame]9 _ "embed"
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]10 "fmt"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]11 "os"
Tim Windelschmidtb765f242024-05-08 01:40:02 +0200[diff] [blame]12 "os/signal"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]13
Tim Windelschmidt2a1d1b22024-02-06 07:07:42 +0100[diff] [blame]14 "github.com/bazelbuild/rules_go/go/runfiles"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]15 "github.com/spf13/cobra"
Timon Stampflib9701c32024-12-15 17:50:01 +0100[diff] [blame]16 "google.golang.org/protobuf/encoding/prototext"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]17
Tim Windelschmidt2a1d1b22024-02-06 07:07:42 +0100[diff] [blame]18 "source.monogon.dev/metropolis/proto/api"
19 cpb "source.monogon.dev/metropolis/proto/common"
20
Jan Schära9b060b2024-08-07 10:42:29 +0200[diff] [blame]21 "source.monogon.dev/metropolis/cli/flagdefs"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]22 "source.monogon.dev/metropolis/cli/metroctl/core"
Jan Schär39f4f5c2024-10-29 09:41:50 +0100[diff] [blame]23 common "source.monogon.dev/metropolis/node"
Jan Schärc1b6df42025-03-20 08:52:18 +0000[diff] [blame]24 "source.monogon.dev/osbase/structfs"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]25)
26
27var installCmd = &cobra.Command{
Lorenz Brun7a510192022-07-04 15:31:38 +0000[diff] [blame]28 Short: "Contains subcommands to install Metropolis via different media.",
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]29 Use: "install",
30}
31
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]32// bootstrap is a flag controlling node parameters included in the installer
33// image. If set, the installed node will bootstrap a new cluster. Otherwise,
34// it will try to connect to the cluster which endpoints were provided with
35// the --endpoints flag.
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]36var bootstrap = installCmd.PersistentFlags().Bool("bootstrap", false, "Create a bootstrap installer image.")
Jan Schära9b060b2024-08-07 10:42:29 +0200[diff] [blame]37var bootstrapTPMMode = flagdefs.TPMModePflag(installCmd.PersistentFlags(), "bootstrap-tpm-mode", cpb.ClusterConfiguration_TPM_MODE_REQUIRED, "TPM mode to set on cluster")
38var bootstrapStorageSecurityPolicy = flagdefs.StorageSecurityPolicyPflag(installCmd.PersistentFlags(), "bootstrap-storage-security", cpb.ClusterConfiguration_STORAGE_SECURITY_POLICY_NEEDS_ENCRYPTION_AND_AUTHENTICATION, "Storage security policy to set on cluster")
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]39var bundlePath = installCmd.PersistentFlags().StringP("bundle", "b", "", "Path to the Metropolis bundle to be installed")
Timon Stampflib9701c32024-12-15 17:50:01 +0100[diff] [blame]40var nodeParamPath = installCmd.PersistentFlags().String("node-params", "", "Path to the metropolis.proto.api.NodeParameters prototext file (advanced usage only)")
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]41
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]42func makeNodeParams() (*api.NodeParameters, error) {
Tim Windelschmidtb765f242024-05-08 01:40:02 +0200[diff] [blame]43 ctx, _ := signal.NotifyContext(context.Background(), os.Interrupt)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]44
Mateusz Zalega8234c162022-07-08 17:05:50 +0200[diff] [blame]45 if err := os.MkdirAll(flags.configPath, 0700); err != nil && !os.IsExist(err) {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]46 return nil, fmt.Errorf("failed to create config directory: %w", err)
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]47 }
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]48
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]49 var params *api.NodeParameters
Timon Stampflib9701c32024-12-15 17:50:01 +0100[diff] [blame]50 if *nodeParamPath != "" {
51 nodeParamsRaw, err := os.ReadFile(*nodeParamPath)
52 if err != nil {
53 return nil, fmt.Errorf("failed to read node-params file: %w", err)
54 }
55 if err := prototext.Unmarshal(nodeParamsRaw, params); err != nil {
56 return nil, fmt.Errorf("failed to parse node-params: %w", err)
57 }
58 } else {
59 params = &api.NodeParameters{}
60 }
61
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]62 if *bootstrap {
Jan Schär39f4f5c2024-10-29 09:41:50 +0100[diff] [blame]63 if flags.cluster == "" {
64 return nil, fmt.Errorf("when bootstrapping a cluster, the --cluster parameter is required")
65 }
66 if err := common.ValidateClusterDomain(flags.cluster); err != nil {
67 return nil, fmt.Errorf("invalid cluster domain: %w", err)
68 }
69
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]70 // TODO(lorenz): Have a key management story for this
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]71 priv, err := core.GetOrMakeOwnerKey(flags.configPath)
72 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]73 return nil, fmt.Errorf("failed to generate or get owner key: %w", err)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]74 }
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]75 pub := priv.Public().(ed25519.PublicKey)
Timon Stampflib9701c32024-12-15 17:50:01 +0100[diff] [blame]76 params.Cluster = &api.NodeParameters_ClusterBootstrap_{
77 ClusterBootstrap: &api.NodeParameters_ClusterBootstrap{
78 OwnerPublicKey: pub,
79 InitialClusterConfiguration: &cpb.ClusterConfiguration{
80 ClusterDomain: flags.cluster,
81 StorageSecurityPolicy: *bootstrapStorageSecurityPolicy,
82 TpmMode: *bootstrapTPMMode,
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]83 },
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]84 },
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]85 }
86 } else {
Tim Windelschmidt9bd9bd42025-02-14 17:08:52 +0100[diff] [blame]87 cc, err := newAuthenticatedClient(ctx)
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]88 if err != nil {
Tim Windelschmidt9bd9bd42025-02-14 17:08:52 +0100[diff] [blame]89 return nil, fmt.Errorf("while creating client: %w", err)
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]90 }
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]91 mgmt := api.NewManagementClient(cc)
92 resT, err := mgmt.GetRegisterTicket(ctx, &api.GetRegisterTicketRequest{})
93 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]94 return nil, fmt.Errorf("while receiving register ticket: %w", err)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]95 }
96 resI, err := mgmt.GetClusterInfo(ctx, &api.GetClusterInfoRequest{})
97 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]98 return nil, fmt.Errorf("while receiving cluster directory: %w", err)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]99 }
100
Timon Stampflib9701c32024-12-15 17:50:01 +0100[diff] [blame]101 params.Cluster = &api.NodeParameters_ClusterRegister_{
102 ClusterRegister: &api.NodeParameters_ClusterRegister{
103 RegisterTicket: resT.Ticket,
104 ClusterDirectory: resI.ClusterDirectory,
105 CaCertificate: resI.CaCertificate,
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]106 },
107 }
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]108 }
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]109 return params, nil
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]110}
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]111
Jan Schärc1b6df42025-03-20 08:52:18 +0000[diff] [blame]112func external(name, datafilePath string, flag *string) (structfs.Blob, error) {
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]113 if flag == nil || *flag == "" {
114 rPath, err := runfiles.Rlocation(datafilePath)
115 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]116 return nil, fmt.Errorf("no %s specified", name)
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]117 }
Jan Schärc1b6df42025-03-20 08:52:18 +0000[diff] [blame]118 return structfs.OSPathBlob(rPath)
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]119 }
Jan Schärc1b6df42025-03-20 08:52:18 +0000[diff] [blame]120 f, err := structfs.OSPathBlob(*flag)
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]121 if err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]122 return nil, fmt.Errorf("failed to open specified %s: %w", name, err)
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]123 }
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]124
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]125 return f, nil
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]126}
127
128func init() {
129 rootCmd.AddCommand(installCmd)
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]130}