Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / da1c950d5099b7384d9239d3590393080e9bc8f4 / . / metropolis / cli / metroctl / cmd_install.go
blob: fdc51b005674a84dccc91f975ed499d3ea048a8b [file] [log] [blame]
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]1package main
2
3import (
Serge Bazanski97783222021-12-14 16:04:26 +0100[diff] [blame]4 "bytes"
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]5 "context"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]6 "crypto/ed25519"
Lorenz Brun7a510192022-07-04 15:31:38 +0000[diff] [blame]7 _ "embed"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]8 "log"
9 "os"
Serge Bazanskibdc803b2023-03-27 10:55:09 +0200[diff] [blame]10 "strings"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]11
Tim Windelschmidt2a1d1b22024-02-06 07:07:42 +0100[diff] [blame]12 "github.com/bazelbuild/rules_go/go/runfiles"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]13 "github.com/spf13/cobra"
14
Tim Windelschmidt2a1d1b22024-02-06 07:07:42 +0100[diff] [blame]15 "source.monogon.dev/metropolis/proto/api"
16 cpb "source.monogon.dev/metropolis/proto/common"
17
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]18 "source.monogon.dev/metropolis/cli/metroctl/core"
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]19 clicontext "source.monogon.dev/metropolis/cli/pkg/context"
Lorenz Brunad131882023-06-28 16:42:20 +0200[diff] [blame]20 "source.monogon.dev/metropolis/pkg/blkio"
21 "source.monogon.dev/metropolis/pkg/fat32"
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]22)
23
24var installCmd = &cobra.Command{
Lorenz Brun7a510192022-07-04 15:31:38 +0000[diff] [blame]25 Short: "Contains subcommands to install Metropolis via different media.",
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]26 Use: "install",
27}
28
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]29// bootstrap is a flag controlling node parameters included in the installer
30// image. If set, the installed node will bootstrap a new cluster. Otherwise,
31// it will try to connect to the cluster which endpoints were provided with
32// the --endpoints flag.
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]33var bootstrap = installCmd.PersistentFlags().Bool("bootstrap", false, "Create a bootstrap installer image.")
34var bootstrapTPMMode = installCmd.PersistentFlags().String("bootstrap-tpm-mode", "required", "TPM mode to set on cluster (required, best-effort, disabled)")
35var bootstrapStorageSecurityPolicy = installCmd.PersistentFlags().String("bootstrap-storage-security", "needs-encryption-and-authentication", "Storage security policy to set on cluster (permissive, needs-encryption, needs-encryption-and-authentication, needs-insecure)")
36var bundlePath = installCmd.PersistentFlags().StringP("bundle", "b", "", "Path to the Metropolis bundle to be installed")
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]37
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]38func makeNodeParams() *api.NodeParameters {
Serge Bazanskibdc803b2023-03-27 10:55:09 +0200[diff] [blame]39 var tpmMode cpb.ClusterConfiguration_TPMMode
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]40 switch strings.ToLower(*bootstrapTPMMode) {
Serge Bazanskibdc803b2023-03-27 10:55:09 +0200[diff] [blame]41 case "required", "require":
42 tpmMode = cpb.ClusterConfiguration_TPM_MODE_REQUIRED
43 case "best-effort", "besteffort":
44 tpmMode = cpb.ClusterConfiguration_TPM_MODE_BEST_EFFORT
45 case "disabled", "disable":
46 tpmMode = cpb.ClusterConfiguration_TPM_MODE_DISABLED
47 default:
48 log.Fatalf("Invalid --bootstrap-tpm-mode (must be one of: required, best-effort, disabled)")
49 }
50
Tim Windelschmidtc09327c2023-06-14 17:48:56 +0200[diff] [blame]51 var bootstrapStorageSecurity cpb.ClusterConfiguration_StorageSecurityPolicy
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]52 switch strings.ToLower(*bootstrapStorageSecurityPolicy) {
Tim Windelschmidtc09327c2023-06-14 17:48:56 +0200[diff] [blame]53 case "permissive":
54 bootstrapStorageSecurity = cpb.ClusterConfiguration_STORAGE_SECURITY_POLICY_PERMISSIVE
55 case "needs-encryption":
56 bootstrapStorageSecurity = cpb.ClusterConfiguration_STORAGE_SECURITY_POLICY_NEEDS_ENCRYPTION
57 case "needs-encryption-and-authentication":
58 bootstrapStorageSecurity = cpb.ClusterConfiguration_STORAGE_SECURITY_POLICY_NEEDS_ENCRYPTION_AND_AUTHENTICATION
59 case "needs-insecure":
60 bootstrapStorageSecurity = cpb.ClusterConfiguration_STORAGE_SECURITY_POLICY_NEEDS_INSECURE
61 default:
62
63 log.Fatalf("Invalid --bootstrap-storage-security (must be one of: permissive, needs-encryption, needs-encryption-and-authentication, needs-insecure)")
64 }
65
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]66 ctx := clicontext.WithInterrupt(context.Background())
67
Mateusz Zalega8234c162022-07-08 17:05:50 +0200[diff] [blame]68 if err := os.MkdirAll(flags.configPath, 0700); err != nil && !os.IsExist(err) {
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]69 log.Fatalf("Failed to create config directory: %v", err)
70 }
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]71
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]72 var params *api.NodeParameters
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]73 if *bootstrap {
74 // TODO(lorenz): Have a key management story for this
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]75 priv, err := core.GetOrMakeOwnerKey(flags.configPath)
76 if err != nil {
77 log.Fatalf("Failed to generate or get owner key: %v", err)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]78 }
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]79 pub := priv.Public().(ed25519.PublicKey)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]80 params = &api.NodeParameters{
81 Cluster: &api.NodeParameters_ClusterBootstrap_{
82 ClusterBootstrap: &api.NodeParameters_ClusterBootstrap{
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]83 OwnerPublicKey: pub,
Serge Bazanskibdc803b2023-03-27 10:55:09 +0200[diff] [blame]84 InitialClusterConfiguration: &cpb.ClusterConfiguration{
Tim Windelschmidtc09327c2023-06-14 17:48:56 +0200[diff] [blame]85 StorageSecurityPolicy: bootstrapStorageSecurity,
86 TpmMode: tpmMode,
Serge Bazanskibdc803b2023-03-27 10:55:09 +0200[diff] [blame]87 },
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]88 },
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]89 },
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]90 }
91 } else {
Mateusz Zalegadb75e212022-08-04 17:31:34 +0200[diff] [blame]92 cc := dialAuthenticated(ctx)
Mateusz Zalegad5f2f7a2022-07-05 18:48:56 +0200[diff] [blame]93 mgmt := api.NewManagementClient(cc)
94 resT, err := mgmt.GetRegisterTicket(ctx, &api.GetRegisterTicketRequest{})
95 if err != nil {
96 log.Fatalf("While receiving register ticket: %v", err)
97 }
98 resI, err := mgmt.GetClusterInfo(ctx, &api.GetClusterInfoRequest{})
99 if err != nil {
100 log.Fatalf("While receiving cluster directory: %v", err)
101 }
102
103 params = &api.NodeParameters{
104 Cluster: &api.NodeParameters_ClusterRegister_{
105 ClusterRegister: &api.NodeParameters_ClusterRegister{
106 RegisterTicket: resT.Ticket,
107 ClusterDirectory: resI.ClusterDirectory,
108 CaCertificate: resI.CaCertificate,
109 },
110 },
111 }
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]112 }
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]113 return params
114}
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]115
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]116func external(name, datafilePath string, flag *string) fat32.SizedReader {
117 if flag == nil || *flag == "" {
118 rPath, err := runfiles.Rlocation(datafilePath)
119 if err != nil {
120 log.Fatalf("No %s specified", name)
121 }
122 df, err := os.ReadFile(rPath)
123 if err != nil {
124 log.Fatalf("Cant read file: %v", err)
125 }
126 return bytes.NewReader(df)
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]127 }
128
Tim Windelschmidt9ded9942024-04-08 21:30:17 +0200[diff] [blame]129 f, err := blkio.NewFileReader(*flag)
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]130 if err != nil {
131 log.Fatalf("Failed to open specified %s: %v", name, err)
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]132 }
Tim Windelschmidt7006caf2024-02-27 16:49:39 +0100[diff] [blame]133
134 return f
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]135}
136
137func init() {
138 rootCmd.AddCommand(installCmd)
Lorenz Brune6573102021-11-02 14:15:37 +0100[diff] [blame]139}