Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / d9ed6560d5db2783252945e1dd3c2e4f908c019e / . / metropolis / node / BUILD.bazel
blob: 06ade3c4a360e328225ab8b3f483d973113407c4 [file] [log] [blame]
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]1load("@io_bazel_rules_go//go:def.bzl", "go_library")
Serge Bazanski662b5b32020-12-21 13:49:00 +0100[diff] [blame]2load("//metropolis/node/build:def.bzl", "node_initramfs")
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]3
4go_library(
5 name = "go_default_library",
6 srcs = ["ports.go"],
7 importpath = "git.monogon.dev/source/nexantic.git/metropolis/node",
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]8 visibility = ["//metropolis:__subpackages__"],
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]9)
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]10
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]11# debug_build checks if we're building in debug mode and enables various debug features for the image. Currently this
12# is only used for attaching a Delve debugger to init when it's enabled.
13config_setting(
14 name = "debug_build",
15 values = {
16 "compilation_mode": "dbg",
17 },
18)
19
Serge Bazanski662b5b32020-12-21 13:49:00 +0100[diff] [blame]20node_initramfs(
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]21 name = "initramfs",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]22 extra_dirs = [
23 "/kubernetes/conf/flexvolume-plugins",
24 "/containerd/run",
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]25 ],
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]26 files = {
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]27 "//metropolis/node/core": "/init",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]28 "//third_party/xfsprogs:mkfs.xfs": "/bin/mkfs.xfs",
29
30 # CA Certificate bundle & os-release
31 "@cacerts//file": "/etc/ssl/cert.pem",
32 ":os-release-info": "/etc/os-release",
33
34 # Hyperkube
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]35 "//metropolis/node/kubernetes/hyperkube": "/kubernetes/bin/kube",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]36
Lorenz Brun339582b2020-07-29 18:13:35 +0200[diff] [blame]37 # CoreDNS
38 "@com_github_coredns_coredns//:coredns": "/kubernetes/bin/coredns",
39
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]40 # runsc/gVisor
41 "@com_github_google_gvisor//runsc": "/containerd/bin/runsc",
42 "@com_github_google_gvisor_containerd_shim//cmd/containerd-shim-runsc-v1": "/containerd/bin/containerd-shim-runsc-v1",
43
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]44 # runc (runtime in files_cc because of cgo)
45 "@com_github_containerd_containerd//cmd/containerd-shim-runc-v2": "/containerd/bin/containerd-shim-runc-v2",
46
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]47 # Containerd
48 "@com_github_containerd_containerd//cmd/containerd": "/containerd/bin/containerd",
49
50 # Containerd config files
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]51 "//metropolis/node/kubernetes/containerd:runsc.toml": "/containerd/conf/runsc.toml",
52 "//metropolis/node/kubernetes/containerd:config.toml": "/containerd/conf/config.toml",
53 "//metropolis/node/kubernetes/containerd:cnispec.gojson": "/containerd/conf/cnispec.gojson",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]54
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]55 # Containerd preseed bundles
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]56 "//metropolis/test/e2e/preseedtest:preseedtest.tar": "/containerd/preseed/k8s.io/preseedtest.tar",
57 "//metropolis/test/e2e/k8s_cts:k8s_cts_image.tar": "/containerd/preseed/k8s.io/k8s_cts.tar",
Lorenz Brun8b0431a2020-07-13 16:56:36 +0200[diff] [blame]58
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]59 # CNI Plugins
60 "@com_github_containernetworking_plugins//plugins/main/loopback": "/containerd/bin/cni/loopback",
61 "@com_github_containernetworking_plugins//plugins/main/ptp": "/containerd/bin/cni/ptp",
62 "@com_github_containernetworking_plugins//plugins/ipam/host-local": "/containerd/bin/cni/host-local",
Serge Bazanskic3ae7582020-06-08 17:15:26 +0200[diff] [blame]63
Lorenz Brun70f65b22020-07-08 17:02:47 +0200[diff] [blame]64 # Delve
65 "@com_github_go_delve_delve//cmd/dlv:dlv": "/dlv",
Serge Bazanski140bddc2020-06-05 21:01:19 +0200[diff] [blame]66 },
Lorenz Brun5e4fc2d2020-09-22 18:35:15 +0200[diff] [blame]67 files_cc = {
68 # runc runtime, with cgo
69 "@com_github_opencontainers_runc//:runc": "/containerd/bin/runc",
70 },
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]71)
72
73genrule(
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]74 name = "image",
75 srcs = [
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]76 "//third_party/linux:bzImage",
77 ":initramfs",
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]78 ],
79 outs = [
Serge Bazanski662b5b32020-12-21 13:49:00 +0100[diff] [blame]80 "node.img",
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]81 ],
82 cmd = """
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]83 $(location //metropolis/node/build/mkimage) \
Serge Bazanski731d00a2020-02-03 19:08:07 +0100[diff] [blame]84 -efi $(location //third_party/linux:bzImage) \
85 -initramfs $(location :initramfs) \
Leopold Schabel65493072019-11-06 13:40:44 +0000[diff] [blame]86 -out $@
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]87 """,
Lorenz Brun0bcaaee2019-11-06 12:42:39 +0100[diff] [blame]88 tools = [
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]89 "//metropolis/node/build/mkimage",
Lorenz Brun0bcaaee2019-11-06 12:42:39 +0100[diff] [blame]90 ],
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]91 visibility = [
92 "//metropolis/test/launch:__subpackages__",
93 "//metropolis/test/e2e:__subpackages__",
94 ],
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]95)
96
97genrule(
98 name = "swtpm_data",
99 outs = [
100 "tpm/tpm2-00.permall",
101 "tpm/signkey.pem",
102 "tpm/issuercert.pem",
103 ],
104 cmd = """
105 mkdir -p tpm/ca
106
107 cat <<EOF > tpm/swtpm.conf
108create_certs_tool= /usr/share/swtpm/swtpm-localca
109create_certs_tool_config = tpm/swtpm-localca.conf
110create_certs_tool_options = /etc/swtpm-localca.options
111EOF
112
113 cat <<EOF > tpm/swtpm-localca.conf
114statedir = tpm/ca
115signingkey = tpm/ca/signkey.pem
116issuercert = tpm/ca/issuercert.pem
117certserial = tpm/ca/certserial
118EOF
119
120 swtpm_setup \
121 --tpmstate tpm \
122 --create-ek-cert \
123 --create-platform-cert \
124 --allow-signing \
125 --tpm2 \
126 --display \
127 --pcr-banks sha1,sha256,sha384,sha512 \
128 --config tpm/swtpm.conf
129
130 cp tpm/tpm2-00.permall $(location tpm/tpm2-00.permall)
131 cp tpm/ca/issuercert.pem $(location tpm/issuercert.pem)
132 cp tpm/ca/signkey.pem $(location tpm/signkey.pem)
133 """,
Serge Bazanski0be9be82021-01-07 15:23:44 +0100[diff] [blame]134 visibility = [
135 "//metropolis/test/launch:__subpackages__",
136 "//metropolis/test/e2e:__subpackages__",
137 ],
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]138)
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]139
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]140load("//metropolis/node/build/genosrelease:defs.bzl", "os_release")
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]141
142os_release(
143 name = "os-release-info",
Serge Bazanski662b5b32020-12-21 13:49:00 +0100[diff] [blame]144 os_id = "metropolis-node",
145 os_name = "Metropolis Node",
146 stamp_var = "STABLE_METROPOLIS_version",
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]147)