Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / e4a4ce1dbbc8abc8a0817f80fcb27437a9e6ca63 / . / metropolis / node / core / roleserve / roleserve.go
blob: c1493be78d88053eb9bdd9470769dcf069942542 [file] [log] [blame]
Serge Bazanski5df62ba2023-03-22 17:56:46 +0100[diff] [blame]1// Package roleserve implements the roleserver/“Role Server”.
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]2//
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]3// The Role Server runs on every node and is responsible for running all of the
4// node's role dependant services, like the control plane (Consensus/etcd and
5// Curator) and Kubernetes. It watches the node roles as assigned by the
6// cluster's curator, updates the status of the node within the curator, and
7// spawns on-demand services.
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]8//
Serge Bazanski37110c32023-03-01 13:57:27 +0000[diff] [blame]9// .-----------. .--------. Watches .------------.
10// | Cluster |--------->| Role |<----------| Node Roles |
11// | Enrolment | Provides | Server | Updates '------------'
12// '-----------' Data | |----. .-------------.
13// '--------' '----->| Node Status |
14// Spawns | | Spawns '-------------'
15// .-----' '-----.
16// V V
17// .-----------. .------------.
18// | Consensus | | Kubernetes |
19// | & Curator | | |
20// '-----------' '------------'
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]21//
22// The internal state of the Role Server (eg. status of services, input from
23// Cluster Enrolment, current node roles as retrieved from the cluster) is
24// stored as in-memory Event Value variables, with some of them being exposed
25// externally for other services to consume (ie. ones that wish to depend on
26// some information managed by the Role Server but which do not need to be
27// spawned on demand by the Role Server). These Event Values and code which acts
28// upon them form a reactive/dataflow-driven model which drives the Role Server
29// logic forward.
30//
31// The Role Server also has to handle the complex bootstrap problem involved in
32// simultaneously accessing the control plane (for node roles and other cluster
33// data) while maintaining (possibly the only one in the cluster) control plane
34// instance. The state of of resolution of this bootstrap problem is maintained
35// within ClusterMembership, which contains critical information about the
36// control plane, like the information required to connect to a Curator (local
37// or remote). It is updated both by external processes (ie. data from the
38// Cluster Enrolment) as well as logic responsible for spawning the control
39// plane.
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]40package roleserve
41
42import (
43 "context"
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]44 "crypto/ed25519"
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]45
Serge Bazanskib43d0f02022-06-23 17:32:10 +0200[diff] [blame]46 common "source.monogon.dev/metropolis/node"
Serge Bazanski79208522023-03-28 20:14:58 +0200[diff] [blame]47 "source.monogon.dev/metropolis/node/core/clusternet"
Serge Bazanski5df62ba2023-03-22 17:56:46 +0100[diff] [blame]48 "source.monogon.dev/metropolis/node/core/curator"
Lorenz Brun1de8b182021-12-21 17:15:18 +0100[diff] [blame]49 "source.monogon.dev/metropolis/node/core/identity"
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]50 "source.monogon.dev/metropolis/node/core/localstorage"
51 "source.monogon.dev/metropolis/node/core/network"
Serge Bazanskib43d0f02022-06-23 17:32:10 +0200[diff] [blame]52 "source.monogon.dev/metropolis/node/core/rpc/resolver"
Serge Bazanski37110c32023-03-01 13:57:27 +0000[diff] [blame]53 "source.monogon.dev/metropolis/pkg/event/memory"
Serge Bazanskie012b722023-03-29 17:49:04 +0200[diff] [blame]54 "source.monogon.dev/metropolis/pkg/logtree"
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]55 "source.monogon.dev/metropolis/pkg/supervisor"
Serge Bazanskie012b722023-03-29 17:49:04 +0200[diff] [blame]56
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]57 cpb "source.monogon.dev/metropolis/proto/common"
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]58)
59
60// Config is the configuration of the role server.
61type Config struct {
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]62 // StorageRoot is a handle to access all of the Node's storage. This is needed
63 // as the roleserver spawns complex workloads like Kubernetes which need access
64 // to a broad range of storage.
65 StorageRoot *localstorage.Root
66
67 // Network is a handle to the network service, used by workloads.
68 Network *network.Service
Serge Bazanski58ddc092022-06-30 18:23:33 +0200[diff] [blame]69
70 // resolver is the main, long-lived, authenticated cluster resolver that is used
71 // for all subsequent gRPC calls by the subordinates of the roleserver. It is
72 // created early in the roleserver lifecycle, and is seeded with node
73 // information as the first subordinate runs DialCurator().
74 Resolver *resolver.Resolver
Serge Bazanskie012b722023-03-29 17:49:04 +0200[diff] [blame]75
76 LogTree *logtree.LogTree
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]77}
78
79// Service is the roleserver/“Role Server” service. See the package-level
80// documentation for more details.
81type Service struct {
82 Config
83
Serge Bazanski1fb2b102023-04-06 10:13:46 +0200[diff] [blame]84 ClusterMembership memory.Value[*ClusterMembership]
85 KubernetesStatus memory.Value[*KubernetesStatus]
86 bootstrapData memory.Value[*bootstrapData]
87 localRoles memory.Value[*cpb.NodeRoles]
88 podNetwork memory.Value[*clusternet.Prefixes]
89 clusterDirectorySaved memory.Value[bool]
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]90
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]91 controlPlane *workerControlPlane
92 statusPush *workerStatusPush
Mateusz Zalega32b19292022-05-17 13:26:55 +0200[diff] [blame]93 heartbeat *workerHeartbeat
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]94 kubernetes *workerKubernetes
95 rolefetch *workerRoleFetch
Serge Bazanskib40c0082023-03-29 14:28:04 +0200[diff] [blame]96 nodeMgmt *workerNodeMgmt
Serge Bazanski79208522023-03-28 20:14:58 +0200[diff] [blame]97 clusternet *workerClusternet
Serge Bazanski1fb2b102023-04-06 10:13:46 +0200[diff] [blame]98 hostsfile *workerHostsfile
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]99}
100
101// New creates a Role Server services from a Config.
102func New(c Config) *Service {
Serge Bazanskib43d0f02022-06-23 17:32:10 +0200[diff] [blame]103 s := &Service{
Serge Bazanski58ddc092022-06-30 18:23:33 +0200[diff] [blame]104 Config: c,
Serge Bazanskib43d0f02022-06-23 17:32:10 +0200[diff] [blame]105 }
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]106 s.controlPlane = &workerControlPlane{
107 storageRoot: s.StorageRoot,
108
109 bootstrapData: &s.bootstrapData,
110 clusterMembership: &s.ClusterMembership,
111 localRoles: &s.localRoles,
Serge Bazanski58ddc092022-06-30 18:23:33 +0200[diff] [blame]112 resolver: s.Resolver,
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]113 }
114
115 s.statusPush = &workerStatusPush{
116 network: s.Network,
117
Serge Bazanski1fb2b102023-04-06 10:13:46 +0200[diff] [blame]118 clusterMembership: &s.ClusterMembership,
119 clusterDirectorySaved: &s.clusterDirectorySaved,
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]120 }
121
Mateusz Zalega32b19292022-05-17 13:26:55 +0200[diff] [blame]122 s.heartbeat = &workerHeartbeat{
123 network: s.Network,
124
125 clusterMembership: &s.ClusterMembership,
126 }
127
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]128 s.kubernetes = &workerKubernetes{
129 network: s.Network,
130 storageRoot: s.StorageRoot,
131
132 localRoles: &s.localRoles,
133 clusterMembership: &s.ClusterMembership,
134
135 kubernetesStatus: &s.KubernetesStatus,
Serge Bazanski79208522023-03-28 20:14:58 +0200[diff] [blame]136 podNetwork: &s.podNetwork,
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]137 }
138
139 s.rolefetch = &workerRoleFetch{
140 clusterMembership: &s.ClusterMembership,
141
142 localRoles: &s.localRoles,
143 }
144
Serge Bazanskib40c0082023-03-29 14:28:04 +0200[diff] [blame]145 s.nodeMgmt = &workerNodeMgmt{
146 clusterMembership: &s.ClusterMembership,
Serge Bazanskie012b722023-03-29 17:49:04 +0200[diff] [blame]147 logTree: s.LogTree,
Serge Bazanskib40c0082023-03-29 14:28:04 +0200[diff] [blame]148 }
Serge Bazanski1fb2b102023-04-06 10:13:46 +0200[diff] [blame]149
Serge Bazanski79208522023-03-28 20:14:58 +0200[diff] [blame]150 s.clusternet = &workerClusternet{
151 storageRoot: s.StorageRoot,
152
153 clusterMembership: &s.ClusterMembership,
154 podNetwork: &s.podNetwork,
Serge Bazanskib565cc62023-03-30 18:43:51 +0200[diff] [blame]155 network: s.Network,
Serge Bazanski79208522023-03-28 20:14:58 +0200[diff] [blame]156 }
Serge Bazanskib40c0082023-03-29 14:28:04 +0200[diff] [blame]157
Serge Bazanski1fb2b102023-04-06 10:13:46 +0200[diff] [blame]158 s.hostsfile = &workerHostsfile{
159 storageRoot: s.StorageRoot,
160 network: s.Network,
161 clusterMembership: &s.ClusterMembership,
162 clusterDirectorySaved: &s.clusterDirectorySaved,
163 }
164
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]165 return s
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]166}
167
Serge Bazanskie4a4ce12023-03-22 18:29:54 +0100[diff] [blame^]168func (s *Service) ProvideBootstrapData(privkey ed25519.PrivateKey, iok, cuk, nuk, jkey []byte, icc *curator.Cluster, tpmUsage cpb.NodeTPMUsage) {
Serge Bazanskib43d0f02022-06-23 17:32:10 +0200[diff] [blame]169 pubkey := privkey.Public().(ed25519.PublicKey)
170 nid := identity.NodeID(pubkey)
171
172 // This is the first time we have the node ID, tell the resolver that it's
173 // available on the loopback interface.
Serge Bazanski58ddc092022-06-30 18:23:33 +0200[diff] [blame]174 s.Resolver.AddOverride(nid, resolver.NodeByHostPort("127.0.0.1", uint16(common.CuratorServicePort)))
Serge Bazanskib43d0f02022-06-23 17:32:10 +0200[diff] [blame]175
Serge Bazanski37110c32023-03-01 13:57:27 +0000[diff] [blame]176 s.ClusterMembership.Set(&ClusterMembership{
Serge Bazanskib43d0f02022-06-23 17:32:10 +0200[diff] [blame]177 pubkey: pubkey,
Serge Bazanski58ddc092022-06-30 18:23:33 +0200[diff] [blame]178 resolver: s.Resolver,
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]179 })
Serge Bazanski37110c32023-03-01 13:57:27 +0000[diff] [blame]180 s.bootstrapData.Set(&bootstrapData{
Serge Bazanski5df62ba2023-03-22 17:56:46 +0100[diff] [blame]181 nodePrivateKey: privkey,
182 initialOwnerKey: iok,
183 clusterUnlockKey: cuk,
184 nodeUnlockKey: nuk,
185 nodePrivateJoinKey: jkey,
186 initialClusterConfiguration: icc,
Serge Bazanskie4a4ce12023-03-22 18:29:54 +0100[diff] [blame^]187 nodeTPMUsage: tpmUsage,
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]188 })
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]189}
190
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]191func (s *Service) ProvideRegisterData(credentials identity.NodeCredentials, directory *cpb.ClusterDirectory) {
Serge Bazanskib43d0f02022-06-23 17:32:10 +0200[diff] [blame]192 // This is the first time we have the node ID, tell the resolver that it's
193 // available on the loopback interface.
Serge Bazanski58ddc092022-06-30 18:23:33 +0200[diff] [blame]194 s.Resolver.AddOverride(credentials.ID(), resolver.NodeByHostPort("127.0.0.1", uint16(common.CuratorServicePort)))
Serge Bazanskib43d0f02022-06-23 17:32:10 +0200[diff] [blame]195
Serge Bazanski37110c32023-03-01 13:57:27 +0000[diff] [blame]196 s.ClusterMembership.Set(&ClusterMembership{
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]197 remoteCurators: directory,
198 credentials: &credentials,
199 pubkey: credentials.PublicKey(),
Serge Bazanski58ddc092022-06-30 18:23:33 +0200[diff] [blame]200 resolver: s.Resolver,
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]201 })
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]202}
203
Mateusz Zalega2930e992022-04-25 12:52:35 +0200[diff] [blame]204func (s *Service) ProvideJoinData(credentials identity.NodeCredentials, directory *cpb.ClusterDirectory) {
Serge Bazanskib43d0f02022-06-23 17:32:10 +0200[diff] [blame]205 // This is the first time we have the node ID, tell the resolver that it's
206 // available on the loopback interface.
Serge Bazanski58ddc092022-06-30 18:23:33 +0200[diff] [blame]207 s.Resolver.AddOverride(credentials.ID(), resolver.NodeByHostPort("127.0.0.1", uint16(common.CuratorServicePort)))
Serge Bazanskib43d0f02022-06-23 17:32:10 +0200[diff] [blame]208
Serge Bazanski37110c32023-03-01 13:57:27 +0000[diff] [blame]209 s.ClusterMembership.Set(&ClusterMembership{
Mateusz Zalega2930e992022-04-25 12:52:35 +0200[diff] [blame]210 remoteCurators: directory,
211 credentials: &credentials,
212 pubkey: credentials.PublicKey(),
Serge Bazanski58ddc092022-06-30 18:23:33 +0200[diff] [blame]213 resolver: s.Resolver,
Mateusz Zalega2930e992022-04-25 12:52:35 +0200[diff] [blame]214 })
Serge Bazanski1fb2b102023-04-06 10:13:46 +0200[diff] [blame]215 s.clusterDirectorySaved.Set(true)
Mateusz Zalega2930e992022-04-25 12:52:35 +0200[diff] [blame]216}
217
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]218// Run the Role Server service, which uses intermediary workload launchers to
219// start/stop subordinate services as the Node's roles change.
220func (s *Service) Run(ctx context.Context) error {
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]221 supervisor.Run(ctx, "controlplane", s.controlPlane.run)
222 supervisor.Run(ctx, "kubernetes", s.kubernetes.run)
223 supervisor.Run(ctx, "statuspush", s.statusPush.run)
Mateusz Zalega32b19292022-05-17 13:26:55 +0200[diff] [blame]224 supervisor.Run(ctx, "heartbeat", s.heartbeat.run)
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]225 supervisor.Run(ctx, "rolefetch", s.rolefetch.run)
Serge Bazanskib40c0082023-03-29 14:28:04 +0200[diff] [blame]226 supervisor.Run(ctx, "nodemgmt", s.nodeMgmt.run)
Serge Bazanski79208522023-03-28 20:14:58 +0200[diff] [blame]227 supervisor.Run(ctx, "clusternet", s.clusternet.run)
Serge Bazanski1fb2b102023-04-06 10:13:46 +0200[diff] [blame]228 supervisor.Run(ctx, "hostsfile", s.hostsfile.run)
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]229 supervisor.Signal(ctx, supervisor.SignalHealthy)
230
Serge Bazanski6dff6d62022-01-28 18:15:14 +0100[diff] [blame]231 <-ctx.Done()
232 return ctx.Err()
Serge Bazanski0d937772021-06-17 15:54:40 +0200[diff] [blame]233}