Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / b07c57a3d0d7bc3d63e86e0b50c2ed4f5c6e5af6 / . / metropolis / node / BUILD.bazel
blob: 17ae73caeff6a3a20cfbbc88e7e3f29e86ad4101 [file] [log] [blame]
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]1load("@io_bazel_rules_go//go:def.bzl", "go_library")
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]2load("//metropolis/node/build:def.bzl", "erofs_image", "verity_image")
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]3load("//metropolis/node/build:efi.bzl", "efi_unified_kernel_image")
Lorenz Brun1dc60af2023-10-03 15:40:09 +0200[diff] [blame]4load("//metropolis/node/build/mkimage:def.bzl", "node_image")
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]5load("@rules_pkg//:pkg.bzl", "pkg_zip")
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]6
7go_library(
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]8 name = "node",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]9 srcs = [
10 "ids.go",
Lorenz Brun0e291a12023-06-01 12:22:45 +0200[diff] [blame]11 "net_ips.go",
Serge Bazanski93d593b2023-03-28 16:43:47 +0200[diff] [blame]12 "net_protocols.go",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]13 "ports.go",
14 ],
Serge Bazanski31370b02021-01-07 16:31:14 +0100[diff] [blame]15 importpath = "source.monogon.dev/metropolis/node",
Tim Windelschmidt03000772023-07-03 02:19:28 +0200[diff] [blame]16 visibility = [
17 "//metropolis:__subpackages__",
18 "@io_k8s_kubernetes//pkg/registry:__subpackages__",
19 ],
Serge Bazanski93d593b2023-03-28 16:43:47 +0200[diff] [blame]20 deps = ["@com_github_vishvananda_netlink//:netlink"],
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]21)
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]22
Lorenz Brun313816f2020-12-22 16:52:26 +0100[diff] [blame]23# debug_build checks if we're building in debug mode and enables various debug features for the image.
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]24config_setting(
25 name = "debug_build",
26 values = {
27 "compilation_mode": "dbg",
28 },
29)
30
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]31erofs_image(
32 name = "rootfs",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]33 files = {
Serge Bazanskieac8f732021-10-05 23:30:37 +0200[diff] [blame]34 "//metropolis/node/core": "/core",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]35
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]36 # CA Certificate bundle & os-release & resolv.conf
37 # These should not be explicitly used by Metropolis code and are only here for compatibility with
38 # paths hardcoded by standard libraries (like Go's).
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]39 "@cacerts//file": "/etc/ssl/cert.pem",
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]40 "//metropolis/node/core/network/dns:resolv.conf": "/etc/resolv.conf",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]41 ":os-release-info": "/etc/os-release",
42
Serge Bazanski6d563ca2023-06-14 13:44:20 +0200[diff] [blame]43 # Metrics exporters
44 "@com_github_prometheus_node_exporter//:node_exporter": "/metrics/bin/node_exporter",
45
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]46 # Hyperkube
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]47 "//metropolis/node/kubernetes/hyperkube": "/kubernetes/bin/kube",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]48
Lorenz Brun339582b2020-07-29 18:13:35 +0200[diff] [blame]49 # CoreDNS
50 "@com_github_coredns_coredns//:coredns": "/kubernetes/bin/coredns",
51
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]52 # runsc/gVisor
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]53 "@dev_gvisor_gvisor//runsc": "/containerd/bin/runsc",
54 "@dev_gvisor_gvisor//shim": "/containerd/bin/containerd-shim-runsc-v1",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]55
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]56 # runc (runtime in files_cc because of cgo)
57 "@com_github_containerd_containerd//cmd/containerd-shim-runc-v2": "/containerd/bin/containerd-shim-runc-v2",
58
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]59 # Containerd
60 "@com_github_containerd_containerd//cmd/containerd": "/containerd/bin/containerd",
61
62 # Containerd config files
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]63 "//metropolis/node/kubernetes/containerd:runsc.toml": "/containerd/conf/runsc.toml",
64 "//metropolis/node/kubernetes/containerd:config.toml": "/containerd/conf/config.toml",
65 "//metropolis/node/kubernetes/containerd:cnispec.gojson": "/containerd/conf/cnispec.gojson",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]66
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]67 # Containerd preseed bundles
Tim Windelschmidt0974b222024-01-16 14:04:15 +0100[diff] [blame]68 "//metropolis/test/e2e/preseedtest:preseedtest_tarball": "/containerd/preseed/k8s.io/preseedtest.tar",
Tim Windelschmidt93020d72024-02-13 18:13:07 +0100[diff] [blame]69 "//metropolis/node/kubernetes/pause:pause_tarball": "/containerd/preseed/k8s.io/pause.tar",
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]70
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]71 # CNI Plugins
72 "@com_github_containernetworking_plugins//plugins/main/loopback": "/containerd/bin/cni/loopback",
73 "@com_github_containernetworking_plugins//plugins/main/ptp": "/containerd/bin/cni/ptp",
74 "@com_github_containernetworking_plugins//plugins/ipam/host-local": "/containerd/bin/cni/host-local",
Serge Bazanskic3ae7582020-06-08 17:15:26 +0200[diff] [blame]75
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]76 # Delve
77 "@com_github_go_delve_delve//cmd/dlv:dlv": "/dlv",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]78 },
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]79 files_cc = {
Serge Bazanskieac8f732021-10-05 23:30:37 +0200[diff] [blame]80 "//metropolis/node/core/minit": "/init",
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]81 # runc runtime, with cgo
82 "@com_github_opencontainers_runc//:runc": "/containerd/bin/runc",
Lorenz Brunddd6caf2021-03-04 17:16:04 +0100[diff] [blame]83 "@xfsprogs//:mkfs": "/bin/mkfs.xfs",
Lorenz Brune306d782021-09-01 13:01:06 +0200[diff] [blame]84 "@chrony//:chrony": "/time/chrony",
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]85 },
Serge Bazanskia3938142022-04-04 17:04:47 +0200[diff] [blame]86 fsspecs = [
87 ":erofs-layout.fsspec",
88 "//metropolis/node/build:earlydev.fsspec",
Tim Windelschmidt65bf3112024-04-08 21:32:14 +0200[diff] [blame]89 "//third_party:firmware",
Serge Bazanskia3938142022-04-04 17:04:47 +0200[diff] [blame]90 ],
Lorenz Brun3a99c592021-01-26 19:57:21 +0100[diff] [blame]91 symlinks = {
92 "/ephemeral/machine-id": "/etc/machine-id",
93 "/ephemeral/hosts": "/etc/hosts",
94 },
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]95)
96
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]97verity_image(
98 name = "verity_rootfs",
99 source = ":rootfs",
100)
101
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]102efi_unified_kernel_image(
103 name = "kernel_efi",
Lorenz Brun6cb00ed2024-02-08 17:49:19 +0100[diff] [blame]104 cmdline = "console=ttyS0,115200 console=ttyS1,115200 console=tty0 quiet rootfstype=erofs init=/init loadpin.exclude=kexec-image,kexec-initramfs kernel.unknown_nmi_panic=1",
Tim Windelschmidt65bf3112024-04-08 21:32:14 +0200[diff] [blame]105 initrd = ["//third_party:ucode"],
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]106 kernel = "//third_party/linux",
107 os_release = ":os-release-info",
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]108 verity = ":verity_rootfs",
Lorenz Brun2f9f3872021-09-29 19:48:08 +0200[diff] [blame]109)
110
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]111# An intermediary "bundle" format until we finalize the actual bundle format. This is NOT stable until migrated
112# to the actual bundle format.
113# TODO(lorenz): Replace this
114pkg_zip(
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]115 name = "bundle",
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]116 srcs = [
117 ":kernel_efi",
Mateusz Zalega8c2c7712022-01-25 19:42:21 +0100[diff] [blame]118 ":verity_rootfs",
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]119 ],
Lorenz Brunf8ede092021-11-08 20:50:57 +0100[diff] [blame]120 visibility = ["//visibility:public"],
Lorenz Brunf758ce42021-11-09 03:40:43 +0100[diff] [blame]121)
122
Lorenz Brun1dc60af2023-10-03 15:40:09 +0200[diff] [blame]123node_image(
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]124 name = "image",
Lorenz Brun1dc60af2023-10-03 15:40:09 +0200[diff] [blame]125 kernel = ":kernel_efi",
126 system = ":verity_rootfs",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]127 visibility = [
Mateusz Zalegafed8fe52022-07-14 16:19:35 +0200[diff] [blame]128 "//metropolis/cli/metroctl/test:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]129 "//metropolis/test/e2e:__subpackages__",
Serge Bazanskif12bedf2021-01-15 16:58:50 +0100[diff] [blame]130 "//metropolis/test/launch:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]131 ],
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]132)
133
134genrule(
135 name = "swtpm_data",
136 outs = [
137 "tpm/tpm2-00.permall",
138 "tpm/signkey.pem",
139 "tpm/issuercert.pem",
140 ],
141 cmd = """
142 mkdir -p tpm/ca
143
Serge Bazanskib07c57a2024-06-04 14:33:27 +0000[diff] [blame^]144
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]145 cat <<EOF > tpm/swtpm.conf
Serge Bazanskib07c57a2024-06-04 14:33:27 +0000[diff] [blame^]146create_certs_tool= $(location @swtpm//:swtpm_localca)
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]147create_certs_tool_config = tpm/swtpm-localca.conf
Serge Bazanskib07c57a2024-06-04 14:33:27 +0000[diff] [blame^]148create_certs_tool_options = tpm/swtpm-localca.options
149EOF
150
151 cat <<EOF > tpm/swtpm-localca.options
152--platform-manufacturer Monogon
153--platform-version 23.42
154--platform-model SWTPM
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]155EOF
156
157 cat <<EOF > tpm/swtpm-localca.conf
158statedir = tpm/ca
159signingkey = tpm/ca/signkey.pem
160issuercert = tpm/ca/issuercert.pem
161certserial = tpm/ca/certserial
162EOF
163
Serge Bazanskib07c57a2024-06-04 14:33:27 +0000[diff] [blame^]164 export PATH="$$(dirname $(location //metropolis/test/swtpm/certtool)):$$PATH"
165 export PATH="$$(dirname $(location //metropolis/test/swtpm/swtpm_cert)):$$PATH"
166 $(location @swtpm//:swtpm_setup) \
167 --tpm "$(location @swtpm//:swtpm) socket" \
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]168 --tpmstate tpm \
169 --create-ek-cert \
170 --create-platform-cert \
171 --allow-signing \
172 --tpm2 \
173 --display \
174 --pcr-banks sha1,sha256,sha384,sha512 \
175 --config tpm/swtpm.conf
176
177 cp tpm/tpm2-00.permall $(location tpm/tpm2-00.permall)
178 cp tpm/ca/issuercert.pem $(location tpm/issuercert.pem)
179 cp tpm/ca/signkey.pem $(location tpm/signkey.pem)
180 """,
Serge Bazanskib07c57a2024-06-04 14:33:27 +0000[diff] [blame^]181 tools = [
182 "//metropolis/test/swtpm/certtool",
183 "//metropolis/test/swtpm/swtpm_cert",
184 "@swtpm",
185 "@swtpm//:swtpm_localca",
186 "@swtpm//:swtpm_setup",
187 ],
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]188 visibility = [
Mateusz Zalegafed8fe52022-07-14 16:19:35 +0200[diff] [blame]189 "//metropolis/cli/metroctl/test:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]190 "//metropolis/test/e2e:__subpackages__",
Serge Bazanskif12bedf2021-01-15 16:58:50 +0100[diff] [blame]191 "//metropolis/test/launch:__subpackages__",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]192 ],
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]193)
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]194
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]195load("//metropolis/node/build/genosrelease:defs.bzl", "os_release")
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]196
197os_release(
198 name = "os-release-info",
Serge Bazanski662b5b32020-12-21 13:49:00 +0100[diff] [blame]199 os_id = "metropolis-node",
200 os_name = "Metropolis Node",
Serge Bazanski30494c12023-11-28 16:27:24 +0100[diff] [blame]201 stamp_var = "STABLE_MONOGON_metropolis_version",
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]202)