)]}' { "log": [ { "commit": "8d377ce3026e1f1477d7f42edbb48fb4a4880d66", "tree": "55a394724b4cd6bdcc6b8d773ca1eb8123672f28", "parents": [ "d8e5e27b9bb7b99239ac2d618809a9f6b8aade7f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 28 14:20:03 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Mar 29 12:44:19 2024 +0000" }, "message": "m/pkg/event: fix potential stuckness in Pipe\n\nIf we want to restart a Pipe runnable, we cancel its\u0027 context. However,\nif the pipe function is currently stuck sending to a channel (perhaps\nbecause a sister runnable also got canceled and isn\u0027t reading from it),\nwe will never exit.\n\nTo fix this, ensure that we don\u0027t block on this send.\n\nChange-Id: Ic525ebec83748f6a6c4b4fb731617ccb7f95f807\nReviewed-on: https://review.monogon.dev/c/monogon/+/2901\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7f72748c67df593b110176422d27be878a7a37f4", "tree": "75a621c3ae4ec5daf0d90dffcf298583ef3240c9", "parents": [ "23e5230930b482807be2f7fd29c6f14badf3ad0f" ], "author": { "name": "Jan Schär", "email": "jan@jschaer.ch", "time": "Mon Mar 25 13:03:51 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@jschaer.ch", "time": "Mon Mar 25 19:41:38 2024 +0000" }, "message": "m/n/k/reconciler: refactor resource interface\n\nReplace interface{} with meta.Object, an interface which provides \naccessors for and is implemented by meta.ObjectMeta. List now returns \nthe objects themselves instead of their names. This makes the reconciler \nslightly less generic, as it now only supports kubernetes objects.\n\nThis is a refactoring in preparation for implementing updates in the \nreconciler. There should be no change in behavior.\n\nChange-Id: I97a4b1c0166a1e6fd0f247ee04e7c44cff570fd7\nReviewed-on: https://review.monogon.dev/c/monogon/+/2891\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "23e5230930b482807be2f7fd29c6f14badf3ad0f", "tree": "ccb6d1d153b513a3c0cda87c1c0d1db53c7ee7ca", "parents": [ "76cae0b170143f021fe1e186f7eebb2ece6974c1" ], "author": { "name": "Jan Schär", "email": "jan@jschaer.ch", "time": "Thu Mar 21 16:50:15 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@jschaer.ch", "time": "Mon Mar 25 12:21:53 2024 +0000" }, "message": "m/pkg/supervisor: close connections when grpc server exits\n\nWhen the Listener is closed, Serve will return with an error, but \nalready established connections will continue to serve requests. Stop or \nGracefulStop must be called to close these connections.\n\nThis bug often caused the metropolis e2e test to fail on my machine with \nthe same symptoms as in #276: Node commit always failed with \"lost \nleadership\". This happened because the nodes were sending requests on a \nconnection that was established before the leader was re-elected and the \ngrpc listener restarted, and still had the old leadership info.\n\nChange-Id: I797ffa4a40914e5d45e7e4cd15fbb7655e930fa3\nReviewed-on: https://review.monogon.dev/c/monogon/+/2885\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\nVouch-Run-CI: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "76cae0b170143f021fe1e186f7eebb2ece6974c1", "tree": "1ea3839fc6044cca968c55590708d910517f40d6", "parents": [ "07fab03dcabf769cbf0d3747b295c1328bea329c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 19 13:13:38 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 21 12:35:30 2024 +0000" }, "message": "m/n/core/network/hostsfile: fix stale curator entries\n\nThis prevents the cluster from getting in a state where nodes are not\naware of new control plane nodes on restart (because the only thing that\nchanged about them is their role, not their IP address).\n\nThis fixes the deduplication to also take into consideration role\nchanges.\n\nChange-Id: I184916427650fdbf68fb0fdf5ced365b94af190e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2880\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "07fab03dcabf769cbf0d3747b295c1328bea329c", "tree": "d1c08cc031487d802f8c6e07ccff9343ec92ff06", "parents": [ "b63ed8a6d7eaaf0fa58b127d90001dc805d72c45" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 05 14:27:13 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 21 11:03:54 2024 +0000" }, "message": "m/n/core/hostsfile: narrow down network service type to just network status\n\nThis will allow testing the hostsfile service more easily in the future.\n\nChange-Id: Ic61337bac77f643543e1a83837b009f9ea73439f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2877\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "b63ed8a6d7eaaf0fa58b127d90001dc805d72c45", "tree": "4c1cec25146e8936f7d3f9a09c1e031453e1c5d4", "parents": [ "1ac503c7ddd16c796fb163bcbace7a1db24d5201" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 05 14:24:38 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 21 11:03:54 2024 +0000" }, "message": "m/n/core/network: drop Watch/Value methods, expose Status\n\nThe Watch/Value methods were a leftover from before we had a unified\nevent value API.\n\nChange-Id: Id61732e0570e5fe3d9420857728b1f8a9769e697\nReviewed-on: https://review.monogon.dev/c/monogon/+/2876\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "276a746de8b2b551f7088e88c93da0e0b15c99d6", "tree": "de82f9b1f243151c7a7d8d52bb8136a1d07c4f3f", "parents": [ "87d9c59a3b3dbbd4264f9c8b224e58fc5ff18815" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 12 21:28:54 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 21 10:09:21 2024 +0000" }, "message": "m/test/e2e: test NodePort\n\nThis was originally written as a test for validating fixes for\nthe issue that NodePort was not working if any non-local pods were in\nthe NodePort service, even for externalTrafficPolicy: cluster services.\nAs it turns out CL:2795 fixed this, the changes in previous versions of\nthis CL broke it again. So now it just consists of the test itself,\nwhich passes.\n\nChange-Id: If4cf4ffc46a5456b4defa330776e043593e61b29\nReviewed-on: https://review.monogon.dev/c/monogon/+/1924\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "87d9c59a3b3dbbd4264f9c8b224e58fc5ff18815", "tree": "d927065d7f56bc46207a9df2c60c9c580757e5dd", "parents": [ "5d5d733b9fb3d9892b37840124d959fae07c98b9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 20 12:35:11 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 20 12:11:01 2024 +0000" }, "message": "m/test/launch/cluster: fix duplicate NodeIDs entries\n\nThis code loop looks for any NEW nodes and inserts them into\ncluster.{Nodes,NodeIDs}. The first structure is a lookup from NodeID to\nnode information, the latter is a list of NodeIDs used to look up\nnumeric node IDs (in order of startup/detection) to NodeIDs.\n\nThe loop in the code runs multiple times to catch any NEW nodes might\ntake a while to appear, and exits once the expected number of nodes have\nbeen detected.\n\nThe bug caused the code to repeatedly insert into Nodes[NodeID] (which\nis fine, but wasteful) and into NodeIDs. The latter resulted in a\nNodeIDs that contained duplicate entries.\n\nTo make sure we only handle each NEW node once, we skip nodes that have\nalready been seen.\n\nThis bug caused us to sometimes act on wrong nodes in E2E tests (any\ntime tests were looking up node number -\u003e node ID -\u003e Node via .NodeIDs\nand .Nodes, they had a chance of picking the wrong node ID / node for a\ngiven node number).\n\nChange-Id: Ie459c8277c0d03902ce23f3b20b0c4e367cc015b\nReviewed-on: https://review.monogon.dev/c/monogon/+/2881\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5d5d733b9fb3d9892b37840124d959fae07c98b9", "tree": "5afdd8bde96b5712274e3fdc13706874f0ba7823", "parents": [ "36bde9cd3407402ef6e0b4d10b038a4020bdf295" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 19 13:13:02 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 19 16:46:01 2024 +0000" }, "message": "m/n/core/curator: expose consensus service status\n\nThis replaces https://review.monogon.dev/2071 .\n\nConsensus service status will be used in e2e tests to more accurately\ndetermine the health of a cluster.\n\nChange-Id: Ia304d2a679f5ffdccd5737d5770d40a4a08f7f4a\nReviewed-on: https://review.monogon.dev/c/monogon/+/2879\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "36bde9cd3407402ef6e0b4d10b038a4020bdf295", "tree": "df868c44f56171a2dfef74f844848a218820846d", "parents": [ "87bbf7e4b41500316e93f98bee0564eb2cfb0366" ], "author": { "name": "Jan Schär", "email": "jan@jschaer.ch", "time": "Tue Mar 19 15:05:33 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@jschaer.ch", "time": "Tue Mar 19 15:25:01 2024 +0000" }, "message": "m/pkg/event/memory: simplify and fix implementation\n\nThe old implementation is very complicated and has multiple concurrency \nbugs. One of these bugs is already described in a block comment. Another \nbug is that if a watcher is closed while being updated, `update` will \ntry to send on the closed channel `deadletterSubmitC`, which panics.\n\nThis changes it to a much simpler implementation.\n\nIt could be further simplified it by dropping the Sync flag entirely, \nwhich is currently unused. Or we could use the buffered channel also for \nSync values, and just skip dropping previous values. This still ensures \nthat all values are delivered, but changes the semantics slightly: Set \nwould no longer block until Get is called, if there is space in the \nchannel buffer.\n\nAdditionally, there is no longer a memory leak when a watcher is \nrepeatedly closed and readded, but Set never called. I added a test for \nthis.\n\nFixes #127\n\nChange-Id: I2775a36cf2d097c5961a09a387428774a068e1f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/2875\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nVouch-Run-CI: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "87bbf7e4b41500316e93f98bee0564eb2cfb0366", "tree": "c0b34141f5ee75e73a6e490e40540928594453f6", "parents": [ "d6a88022d0c8ffdd2b938f161b8825148762b099" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 18 18:22:25 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 19 12:51:28 2024 +0000" }, "message": "m/test/l/cluster: use sparse-aware copy for images\n\nThis speeds up the image copy significantly as the file is less than 10%\nallocated. Especially for many concurrent runs this greatly reduces disk\nbottlenecking.\n\nThis has been tested by comparing the SHA256 hash of both the original\nand the copied image, which is still the same.\n\nChange-Id: I65f62537f048bc180cd732c53a03f980e016b723\nReviewed-on: https://review.monogon.dev/c/monogon/+/2874\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "d6a88022d0c8ffdd2b938f161b8825148762b099", "tree": "a5a0e0c0b1e6970c1aef8a38e2b45978c00b8592", "parents": [ "42ef7c742ab128b25478833a52af25ba0be5bf15" ], "author": { "name": "Jan Schär", "email": "jan@jschaer.ch", "time": "Mon Mar 18 17:03:37 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@jschaer.ch", "time": "Mon Mar 18 17:24:36 2024 +0000" }, "message": "m/node: fix appending to read-only slices\n\n`append` modifies its first argument if there is sufficient capacity \ninstead of allocating a new slice. If the slice to be appended to is \nsupposed to be read-only, this can lead to unexpected aliasing.\n\nAn example of what can go wrong, here with the consensus client:\n\n l :\u003d NewLocal(nil)\n sub1, _ :\u003d l.Sub(\"I\")\n sub2, _ :\u003d sub1.Sub(\"am\")\n sub3, _ :\u003d sub2.Sub(\"a\")\n dog, _ :\u003d sub3.Sub(\"dog\")\n _, _ \u003d sub3.Sub(\"cat\")\n fmt.Print(dog.(*local).path)\n\nResult before this change: \"I am a cat\"\nResult after this change: \"I am a dog\"\n\nAfter creating a subnamespace of length 3, the capacity of the `path` is \n4, so any subnamespace will share the same slice. The fix is to always \nensure a new slice is allocated.\n\nImpact\n------\n\nFor the consensus client, Sub is currently never called multiple times \non the same namespace, so there is no impact there. In case of the dhcp \nclient and rpc resolver, the slices that are appended to are slice \nliterals in all cases, which don\u0027t have extra capacity.\n\nBut for the curator `etcdPrefix`, `p.parts` has capacity 1 larger than \nthe length, due to the slicing in `newEtcdPrefix`. That means that \nconcurrent calls to `Key` can overwrite each other\u0027s `path`. It looks \nlike `Key` can in fact be called concurrently, which means there is \npotential for data corruption to occur before this change.\n\nChange-Id: I28e7dc797365c2beea97023ed31a20eea599e678\nReviewed-on: https://review.monogon.dev/c/monogon/+/2873\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "42ef7c742ab128b25478833a52af25ba0be5bf15", "tree": "4e1e541f78eff49a21187b483ff0b9b4e1abee5e", "parents": [ "011dce6623dffbaf5adcd3d3a353521649b0b997" ], "author": { "name": "Jan Schär", "email": "jan@jschaer.ch", "time": "Mon Mar 18 15:09:51 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 18 14:37:41 2024 +0000" }, "message": "m/installer: fix minimum disk calculation for A/B partitions\n\nSince the introduction of A/B updates two system partitions are created. \nReflect that in the minimum root disk size calculation.\n\nChange-Id: I3ad875bbae07e539b68f7a32409e5fdd4105a998\nReviewed-on: https://review.monogon.dev/c/monogon/+/2868\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nVouch-Run-CI: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "011dce6623dffbaf5adcd3d3a353521649b0b997", "tree": "8e661bd0988c6a5d808cd213c1f7a8eef9ca22b9", "parents": [ "68cf38a2ca4fdc370e78e9b8d23e55c0b9cc9c72" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sun Mar 03 16:00:52 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Mar 14 12:55:30 2024 +0000" }, "message": "m/n/c/clusternet: add clusternet node ip to lo\n\nWithout this address the kernel will send all traffic through clusternet\nwill with the external IP as source address, which prevents any access\nfrom the k8s api-server to pods. By adding the address to the lo\ninterface, the kernel decides that this is the best match for the\ngeneric clusternet route and uses it as source address.\n\nBefore: 10.192.1.2 dev clusternet src 233.252.0.1\nAfter: 10.192.1.2 dev clusternet src 10.192.0.1\n\nChange-Id: I1a78de9d4cc043f93398fe5b6cb10dd202bf75fe\nReviewed-on: https://review.monogon.dev/c/monogon/+/2795\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "68cf38a2ca4fdc370e78e9b8d23e55c0b9cc9c72", "tree": "c0aa9300bdb617fb577e3a0a6b2e802c0ddad15d", "parents": [ "240faa45248cb64227fa74ae57822af0340b884f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Mar 07 15:52:28 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Mar 11 16:34:34 2024 +0000" }, "message": "m/t/l/cluster: fix wrong metroctl path in launch-cluster wrapper\n\nChange-Id: I3dfd740fb45809bc81555d87083a0476600f60e1\nReviewed-on: https://review.monogon.dev/c/monogon/+/2836\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "240faa45248cb64227fa74ae57822af0340b884f", "tree": "b2a754b4f5a4e0a928fff0fd41f0cdf1a04c8c84", "parents": [ "700f1c97e6e63635b1010f1080340f593411f96c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Mar 04 20:03:32 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Mar 11 16:34:27 2024 +0000" }, "message": "m/cli/metroctl: fix nil pointer for \"node describe\"\n\nCloses monogon-dev/monogon#293\n\nChange-Id: Ic2397c3a145f39d0d41d1e74a7d18fce98606043\nReviewed-on: https://review.monogon.dev/c/monogon/+/2826\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "7661202fe654da6ea6403bce89157c4d678abf22", "tree": "aa48910ef8bcd14a50d69ebb099e913a6965ab4a", "parents": [ "7c8684b9e8aa4b0b16efd5f01a040a504a814ebc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 05 19:20:36 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 05 19:00:45 2024 +0000" }, "message": "m/c/metroctl: fix update logic when errors happen\n\nError handling in the node status polling loop did not exit the current\niteration of the loop when an error was encountered due to missing\ncontrol flow statements. This caused the update command to panic when\nthe node state could not be retrieved.\n\nChange-Id: I802d3073ca0ce85248f6692360879b391ac64e7d\nReviewed-on: https://review.monogon.dev/c/monogon/+/2834\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0a8797d0dc8055b5c2c300570ca9297fee2cf86f", "tree": "d47e4d7e924e76250fa90f9e91b17b8bcc6981a2", "parents": [ "5f5f3300dec2d65eb0321a19f789cfdd65c12c17" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Mar 04 18:58:47 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Mar 05 18:40:23 2024 +0000" }, "message": "m/cli/metroctl: add flag for k8s context name\n\nChange-Id: I57b261e7fdb0ceef63f8ce5f098ecb322ed85874\nReviewed-on: https://review.monogon.dev/c/monogon/+/2825\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "543756fdf954fc09f032bb91a59916a784b21cff", "tree": "e326636c7d4a56c501c6bdf799cc96aa10a77338", "parents": [ "6c851e2f8270e2a08077a5d35cc5d7869e2c9188" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sun Mar 03 15:58:32 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Mar 04 15:14:02 2024 +0000" }, "message": "m/n/c/network: inline error checks\n\nChange-Id: I2ee028761cb407c0231740933f405c6894a72607\nReviewed-on: https://review.monogon.dev/c/monogon/+/2794\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7006cafc58cbff6765726447d84df1cd1531d346", "tree": "63f1d3af24e02e69f1d63fbc38dd2fad0785b292", "parents": [ "79ffbbe040d0db6c4ff6f8cdc84fe13d537e2bfe" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 27 16:49:39 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 27 16:30:34 2024 +0000" }, "message": "m/c/metroctl: split cmd_install for future changes\n\nChange-Id: I99119cc8f5e3728cf832427d1cad79f69fbd48bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/2793\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "1dd0c6591533bf63389e81a2104bca3c8326e871", "tree": "e33a710087b67dfe7f34e8434cff8885dc38420c", "parents": [ "456961d6589c1afec75954ca94ed631e1f380566" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 20 18:45:06 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 20 18:12:12 2024 +0000" }, "message": "m/n/kubernetes: improve CSI registration reliability\n\nKubelet\u0027s plugin registration mechanism is quite awful, it\nrelies on being notified by inotify that a new registration socket has\nbeen placed into a specific path, which it then interrogates and\nreports back if the registration succeeded.\n\nThat registration sometimes involves network operations which are prone\nto failure. It reports that failure back to the registration server\nasynchronously but does not attempt to retry the process.\n\nTo actually get Kubelet to retry, one needs to remove and recreate the\nregistration socket.\n\nThis change implements such a mechanism, recreating the socket and\nregistration server on every reported registration failure.\n\nSupervisor backoff is used to prevent busy-looping on non-transient\nerrors.\n\nChange-Id: I79eaf0efdf55ccdede15d8cee42cda7c276e4b50\nReviewed-on: https://review.monogon.dev/c/monogon/+/2785\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "456961d6589c1afec75954ca94ed631e1f380566", "tree": "ac99bfa39deefe0f4aca7478077a66ef8b7c9d74", "parents": [ "1e90c6d29a4af63fa01b472b7a49bdba256797b2" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 20 13:18:26 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 20 18:12:12 2024 +0000" }, "message": "m/n/k/reconciler: set fsGroupPolicy for CSI driver\n\nThis fixes an issue where kubelet did not apply fsGroupChangePolicy due\nto questionable capability detection code with the default\nfsGroupPolicy. Setting this to the File policy asserts that this driver\nalways supports ownership changes and thus bypasses that Kubernetes\ncapability detection code.\n\nChange-Id: I4799a01561af4f3d9c0de7a6040fd5f9db784d3e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2784\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "1e90c6d29a4af63fa01b472b7a49bdba256797b2", "tree": "dd4e37ad5679bc397c63041490032ab7eb88f6ec", "parents": [ "c4dd0032736567ca7873a11588f3a64d1dddea88" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 19 22:21:01 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 19 21:40:47 2024 +0000" }, "message": "m/n/c/mgmt: disable interfaces before kexec\n\nThis is done to prevent network interface DMA transactions from\ninterfering with an in-progress kexec. [1]\n\n[1] https://lists.infradead.org/pipermail/kexec/2011-January/004795.html\n\nChange-Id: I12ab22c095fcff56873d980d524c461b1b2d57ee\nReviewed-on: https://review.monogon.dev/c/monogon/+/2783\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "968d72095a54aabed1a59cccf3591c4f32a7b70a", "tree": "815d7df587bd967164a572d2aef21a769aa2474e", "parents": [ "6a328e61aece941c0b91a97c8303c235ce80f596" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Feb 07 16:33:38 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 19 10:08:55 2024 +0000" }, "message": "root: move Metropolis README contents to metropolis/README.md, document launch-cluster\n\nChange-Id: I3555ce1d31e83e27239bcd8dde20bdc69deac35c\nReviewed-on: https://review.monogon.dev/c/monogon/+/2765\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "6a328e61aece941c0b91a97c8303c235ce80f596", "tree": "2a4fe2f61f6fa669de2b1df016e8c6df05a70c13", "parents": [ "9ce4071f43ce45198b702176a84342e9a8fc6e90" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 12 17:37:50 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 19 10:08:55 2024 +0000" }, "message": "root: move metropolis-specific tools to metropolis/, rename launch-multi2 to launch-cluster\n\nSince we now have more than one top-level project it makes sense to not\nhave metropolis aliases in the root.\n\nWe also drive-by rename launch-multi2 to launch-cluster and bump it up\nto three nodes.\n\nChange-Id: Ic99065465006e0dace05bcc1f2a702d430014b84\nReviewed-on: https://review.monogon.dev/c/monogon/+/2764\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "9ce4071f43ce45198b702176a84342e9a8fc6e90", "tree": "49eb5319403c5b381b1c7d31cd5ba57619eafd32", "parents": [ "c51d47d2b9990eb2196f5790f85895987f67daf4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 13 21:54:46 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Feb 14 15:07:52 2024 +0000" }, "message": "mc/c/metroctl: implement simple update sequencing\n\nAdds support for the max-unavailable flag, specifying the number of\nnodes which can be concurrently in the update process.\n\nTo implement this, we now wait for the node to report as healthy again\nbefore considering the update complete.\n\nThis allows simple gradual cluster updates.\n\nChange-Id: If6aa44d1b8f12aadd77e35f16513a4af521fa356\nReviewed-on: https://review.monogon.dev/c/monogon/+/2770\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c51d47d2b9990eb2196f5790f85895987f67daf4", "tree": "d9264dfb89d98f993d7c243484b3f36039c15e35", "parents": [ "9c4bece001c15d6ae4793016b2e3854627b2164c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Feb 13 18:40:26 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Feb 14 11:44:08 2024 +0000" }, "message": "metroctl: use persisted CA certificate for node connections\n\nAfter the TOFU change (review/2744 and friends), we can now use the\npersisted CA certificate (or a CA certificate from TOFU) when connecting\nto node services.\n\nChange-Id: I103b558f4f7a3087f1f27fdc4ee7f7e2ec03a981\nReviewed-on: https://review.monogon.dev/c/monogon/+/2769\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "9c4bece001c15d6ae4793016b2e3854627b2164c", "tree": "3381a01d7f7d3e9fd9f6c6e2e037a3a76e5ce8ce", "parents": [ "93020d77a383e68fd4b1adfafaf136c405648172" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 13 18:32:44 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 13 19:53:58 2024 +0000" }, "message": "m/n/k/containerd: clarify preseed log message\n\nChanging this log message makes it easier to understand what happens.\n\nBefore:\n```\nSuccessfully imported preseeded bundle\nk8s.io/docker.io/bazel/metropolis/test/e2e/preseedtest:preseedtest_image\ninto containerd\n```\n\nAfter:\n```\nSuccessfully imported preseeded bundle\n\"docker.io/bazel/metropolis/test/e2e/preseedtest:preseedtest_image\" into\ncontainerd namespace k8s.io\n```\n\nCloses monogon-dev/monogon#287\n\nChange-Id: I932d36b0cc1926d7248028c8a412f921562a9858\nReviewed-on: https://review.monogon.dev/c/monogon/+/2768\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "93020d77a383e68fd4b1adfafaf136c405648172", "tree": "f35720a2f35a6efdb63b8044ece9d71121929bd9", "parents": [ "502f9973502fec41d358e0c3939f61c5cf58e0de" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 13 18:13:07 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 13 19:53:34 2024 +0000" }, "message": "m/n/k/containerd: use preseeded pause container\n\nTo allow no-network tests we need to bundle the pause container.\n\nChange-Id: I1fa6bb70c10a16097d35d919941f501ddc5f784d\nReviewed-on: https://review.monogon.dev/c/monogon/+/2767\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "6cb00ed6d867466d824ee5e3464f707787ed035c", "tree": "fd7f6a1340634ed4233f6f9ec1bad479f17b5ec6", "parents": [ "acdfba5e65701520a23e3b3a90c5cb17c0cf3ac2" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 08 17:49:19 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 12 18:10:28 2024 +0000" }, "message": "m/node: panic on unknown NMIs\n\nConfigure the kernel to panic in case it receives an unknown NMI.\n\nThis can be used to induce a crash in a hanging kernel, allowing\ncrash diagnostics (pstore currently, maybe kdump in the future) to be\nused to diagnose the hang.\n\nThis can have false positives on some badly-configured client systems,\nbut is expected to be fine on servers as other server kernels like\nESXi\u0027s vmkernel behave the same.\n\nChange-Id: Ie41e7b816be8492636b6fa596c1c299c0a7a0fc2\nReviewed-on: https://review.monogon.dev/c/monogon/+/2754\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "d1f82e98ffe72d8378fbff4d127c6863d96b1f72", "tree": "5c5e47642c62a059307b7cb72f46edc302b86750", "parents": [ "38b959fcda1df417ad833acc006fb4a039b4f9ce" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 08 19:27:46 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 12 18:10:28 2024 +0000" }, "message": "m/node: use pstore for panic storage\n\nThe old solution never worked as the ESP was not mounted at that stage.\nIn general storing crash data there is suboptimal as it makes lots of\nassumptions about the system state.\n\nFor kernel crashes we already use pstore and there is an interface for\nstoring userspace messages in pstore as well. Set up the panic handler\nto put its logs in there and extend the pstore cleanup runnable to also\ndump that part of pstore into the logtree after reboot.\n\nIn most cases this also requires a kernel patch as most pstore backends\nto not allow userspace messages, probably to preserve limited space.\nSince we always clean pstore after reboot, this should be fine.\n\nChange-Id: I011109112e7bfd24d1772d5853a1d491c0cfd026\nReviewed-on: https://review.monogon.dev/c/monogon/+/2753\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "223609ced73e359b040cb56a873880e3f9efbd7e", "tree": "a87172ffa26304528ef2ec0c52227318b9f67240", "parents": [ "244b567d827331be5bcc147562dd00db1d2b6579" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Jan 12 22:59:20 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 12 14:23:51 2024 +0000" }, "message": "WORKSPACE: update rules_rust and replace cargo-raze with crate_universe\n\ncargo-raze is deprecated, unmaintained and doesn\u0027t build anymore.\ncreate_universe reduces the clutter inside the repo and allows simpler\nsetup of rust requirements.\n\nChange-Id: Iebe88902ae469a28c0378707447f7d97006d0479\nReviewed-on: https://review.monogon.dev/c/monogon/+/2749\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "244b567d827331be5bcc147562dd00db1d2b6579", "tree": "8a0222cdfbe1fd2e10bc682ec1871ba263bbfae7", "parents": [ "b40b918b88971002fd82f4e172ee347b435e41f5" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 06 10:18:56 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 12 14:23:45 2024 +0000" }, "message": "treewide: remove direct access to external/\n\nThis prepares the repositoriy to be compatible with the flag\n--nolegacy_external_runfiles. This reduces runfiles \u0026 sandbox creation\n times.\n\nChange-Id: I06720be4a3c873d68d8278dcb24271ed874f7134\nReviewed-on: https://review.monogon.dev/c/monogon/+/2747\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b40b918b88971002fd82f4e172ee347b435e41f5", "tree": "e225e83ee1cc281b8ba8728efa0a4c1029559faf", "parents": [ "2a1d1b2e90a44e140dd95a492de0c857287e071f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 06 07:08:35 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 12 14:11:09 2024 +0000" }, "message": "treewide: replace deprecated qemu short-form option \u0027readonly\u0027\n\nChange-Id: Id9fb95ab8b975cdbe76fc711ab20c16e3a91592a\nReviewed-on: https://review.monogon.dev/c/monogon/+/2746\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "2a1d1b2e90a44e140dd95a492de0c857287e071f", "tree": "392015b9ffa5f6f38da494c0a2fc519f16883113", "parents": [ "5d556cae21803212ac72a3713ed449b412f777af" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 06 07:07:42 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 12 14:11:04 2024 +0000" }, "message": "treewide: replace datafile pkg with rules_go/runfiles pkg\n\nrules_go/runfiles provides the same functionality as our datafile\npackage. This change also contains some specifics for the now active\nbzlmod, which replaces all WORKSPACE related behaviour. As example the\nWORKSPACE name is now always set to _main.\n\n\nChange-Id: I1a69c72b479330a627b402135670f218c297906f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2745\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "568c38c74f95612fc3c236539b037ebe490302ee", "tree": "8380bdc8956c3843cce7fae9cf4c700576d22d87", "parents": [ "7eeef0f448a4ec1737e2e63961f24f51eec5deae" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 05 14:40:39 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Feb 08 11:10:07 2024 +0000" }, "message": "m/c/metroctl: use TOFU CA for Kubernetes with node pinning hack\n\nNow that we have a persisted CA certificate in metroctl, we can use it\nwhen generating a kubeconfig to verify the cluster.\n\nThere\u0027s a catch though: the presented node certificates do not have any\n\u0027global\u0027 name (just per-node names), and we can\u0027t easily tell Kubernetes\nto trust any name from a given CA. Thus, we introduce a hack to pin the\nname of the node we\u0027re connecting to within the generated kubeconfig.\n\nChange-Id: Iea6aa5c0012c793fcb42a94c3c9bf35ea5787ab1\nReviewed-on: https://review.monogon.dev/c/monogon/+/2744\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7eeef0f448a4ec1737e2e63961f24f51eec5deae", "tree": "690afce7d61fed7284991d3622d2b4b7f5948c14", "parents": [ "925ec3de7a8562ef478216c77dff68c8235aeabd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 05 14:40:15 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Feb 08 11:10:07 2024 +0000" }, "message": "m/c/metroctl: implement TOFU for CA certificates\n\nThis implements trust-on-first-use (TOFU) for connecting to a Metropolis\ncluster.\n\nIf no locally persisted CA is available, one will be retrieved from the\ncluster. If it is then accepted, it will be persisted for future use.\n\nTo retrieve the Cluster CA certificate we implement a new\nunauthenticated call in the CuratorLocal service. The alternative would\nbe to include the CA certificate in the served TLS chain, but that would\nlikely cause some backwards compatibility problems with existing client\nsoftware.\n\nFull TOFU (with an SSH style prompt) will be performed when the user\nfirst takes ownership of a cluster. Otherwise, user credentials\nincluding a certificate will be present, which allows the process to be\nsimplified by just retrieving a remote CA and checking it against the\nsignature of the credentials.\n\nChange-Id: I20002399935c2f13adc4526f5cceddad84b36a8f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2743\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "925ec3de7a8562ef478216c77dff68c8235aeabd", "tree": "da40b46730911a514b5f03e842ab3b3951f8f9cf", "parents": [ "0c2801516b5191472bd4bc1a07ab6f414a805b27" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 05 14:38:20 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Feb 08 11:10:07 2024 +0000" }, "message": "m/cli/metroctl: clean up RPC API\n\nThis removes a bunch of logic from the metroctl core RPC functions,\nforcing users (currently only other metroctl code) to use grpc.Dial and\nthe metropolis RPC library directly.\n\nWe also make the core functions take ConnectOptions structures where\nappropriate instead of passing around tons of arguments.\n\nChange-Id: I4d7aa232a659097da35027dfb9b87c58cbb4ab84\nReviewed-on: https://review.monogon.dev/c/monogon/+/2742\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0c2801516b5191472bd4bc1a07ab6f414a805b27", "tree": "ddcffa8351f934c0a7066a6341b8bc6888e90ab3", "parents": [ "ad86a55c9c507478e2c4989f50912d7869164066" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 05 14:33:19 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Feb 08 11:10:07 2024 +0000" }, "message": "m/n/core/rpc: limit API footgun availability\n\nThis unifies the interface of the\nNew{Ephemeral,Authenticated}Credentials calls. They now use the same set\nof CredentialsOpt options which allows both calls to request a\nparticular verification of the remote side of the connection.\nNewEphemeralCredentials also now requires an explicit WantInsecure\noption which surfaces attempts to dial the cluster without CA/node\nverification.\n\nChange-Id: Ibb65cb0952f6ff2092a3f55fe1c5a31bd2b72b36\nReviewed-on: https://review.monogon.dev/c/monogon/+/2741\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ad86a55c9c507478e2c4989f50912d7869164066", "tree": "214d48bcad4ede5909af88ce7deaadedd2d9fbe0", "parents": [ "7dbf18c1932b5c7945a2ba53d7580a6857cda5d3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jan 31 17:46:47 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Feb 08 11:10:07 2024 +0000" }, "message": "m/n/kubernetes: serve authproxy with node certificate\n\nWe are currently serving authproxy with the Kubernetes node certificate,\nwhich is somewhat useless, considering that this certificate isn\u0027t even\nissued by the same CA that the client certificates (which are Metropolis\ncertificates) presented.\n\nThis changes the authproxy to serve with Metropolis node certificates\ninstead.\n\nChange-Id: I03ff19c919c6a9fa72c98997432cc06a59e9958e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2740\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "7dbf18c1932b5c7945a2ba53d7580a6857cda5d3", "tree": "18b42442d4585153e7644e1250993122d523c8b2", "parents": [ "d5cace605ffd48f89db25456b260c550621b8b4c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 31 22:39:42 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 06 21:04:03 2024 +0000" }, "message": "metropolis/cli/metroctl: add `node delete` command\n\nChange-Id: I804829efe3e78a56cd44915c8351272ffa5c670f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2276\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d5cace605ffd48f89db25456b260c550621b8b4c", "tree": "3a020de589b3931d069a29deebddbb47e1f41d7f", "parents": [ "961a7cc7f4794833f821a368b68d12ec70353d6c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jan 25 14:01:54 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jan 25 17:43:22 2024 +0000" }, "message": "metropolis/node/curator: restart listener on status changes\n\nThis change ensures that a Curator\u0027s gRPC listener restart not only when\nit switches from leader to follower (and vice versa), but also when the\ncurator instance keeps being a leader/follower but the leadership status\nchanges in an important way.\n\nRestarting the listener is important when the Curator is a re-elected\nleader, as otherwise the listener will continue running with the old\nleadership data which includes the old leadership election key/revision,\nsubsequently failing any leadership transactions when serving gRPC\nrequests.\n\nSimilarly, we need to restart the follower listener when the we the\nleader changes to some other node, otherwise we end up serving old\nleadership data in GetCurrentLeader.\n\nAn alternative fix would be to move the leadership status to an Event\nvalue that gets updated and passed through to the listeners. This would\navoid somewhat unnecessary listener restarts on leadership changes, but\nthis will do for now.\n\nThis should fix issue #276 and perhaps some related flakiness. I\u0027ll try\nto write a test for this on top of this CR, but this will require a new\nkind of Curator test which we don\u0027t have yet.\n\nChange-Id: I20ef147adeb0c976b904ef55dbadb9b461111e94\nReviewed-on: https://review.monogon.dev/c/monogon/+/2722\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "961a7cc7f4794833f821a368b68d12ec70353d6c", "tree": "628530eb9b533df3e047e0db2af960ccfa84242d", "parents": [ "0974b2275edc21ce3b76606ba7f8eed84e5cc9f0" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Jan 13 21:00:02 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 23 17:10:41 2024 +0000" }, "message": "WORKSPACE: bump bazel to 7.0.0\n\nChange-Id: Ic074b7b83f229e3c7f6ace7fdb46d33e5bd7c37b\nReviewed-on: https://review.monogon.dev/c/monogon/+/2708\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0974b2275edc21ce3b76606ba7f8eed84e5cc9f0", "tree": "b9bd73528dc6823168273fb8eb58d02054e90047", "parents": [ "c834b7dd62f20188f3ffd7cbb092e2536403474b" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 16 14:04:15 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 23 15:52:54 2024 +0000" }, "message": "treewide: replace rules_docker with rules_oci\n\nrules_docker is not maintained anymore and recommends migration to\nrules_oci\n\nChange-Id: I089f3cf44888b3c3c0baa2c84a319b04b1a7dec4\nReviewed-on: https://review.monogon.dev/c/monogon/+/2712\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "30494c151b8dee3e20f681f800376a04e8f3965b", "tree": "ea622a06ea15ad4892d51896ef79002639c6cff6", "parents": [ "0ccc85ba1eb4e067dc3eea0dd58b9ab0ebf48d29" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 28 16:27:24 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Dec 21 14:46:59 2023 +0000" }, "message": "build/status: remove old compatibility fields for metropolis/cloud\n\nChange-Id: I5e314714b02e87b5f955798dd2bcf497de699ac9\nReviewed-on: https://review.monogon.dev/c/monogon/+/2405\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0ccc85ba1eb4e067dc3eea0dd58b9ab0ebf48d29", "tree": "82ed8db26475204d2b73f44626b751a474763883", "parents": [ "8d64a3bad1f73197398b28dacecef57266980c1a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 20 12:59:20 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Dec 21 14:46:59 2023 +0000" }, "message": "metropolis/node: add version to status\n\nThis implements submitting the Node\u0027s version to its\u0027 Status report to\nthe control plane.\n\nThis version is then displayed to the user in metroctl.\n\nChange-Id: I70eadb9a7001b6e50931245e8a6274da2fbdc5bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/2334\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8d64a3bad1f73197398b28dacecef57266980c1a", "tree": "48969ae64f4a00755e9e3414a7b58cfb382810e8", "parents": [ "8999faafd3184dbc4ba345f72812b29602c5412d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 20 12:58:42 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Dec 21 14:46:59 2023 +0000" }, "message": "metropolis: use //version\n\nThis switches over the Metropolis codebase from the previous build\nstamping system to the new //version library.\n\nChange-Id: I8ecb0c3b4b19098e0026215444bae9b34060440e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2333\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d79881d8a07f0d5460e78b10adbb13be6052e6fd", "tree": "ff8c332c8d1e202c7cdae83814cdd4a91dd6d2c2", "parents": [ "4f00f90934c3eb969b1490582b8194d8706a3e81" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 30 19:02:06 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 21 14:10:41 2023 +0000" }, "message": "m/n/c/update: auto-repair preloader environment\n\nOn every successful boot this checks the correctness of the preloader\nas well as the EFI boot entries. If anything is wrong, it automatically\nrecreates the affected state. This also gives us a way\nto update the A/B preloader.\n\nChange-Id: I72137de2e3803e72a99a8397d2bfa818314229e5\nReviewed-on: https://review.monogon.dev/c/monogon/+/2413\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "a7cfc1c29ec81525846a48b98d0f66e2899c13b8", "tree": "68e5abb158a8ff68e820d2c1c0ca38b4ce15f586", "parents": [ "d8a3fa2d6a84617b3013b07e15293ae266af8922" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 30 18:59:25 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 04 21:59:03 2023 +0000" }, "message": "m/p/efivarfs: add Delete and DeleteBootEntry\n\nThis allows us to delete EFI variables in addition to reading and\ncreating them.\n\nChange-Id: I5fa4e64e5662a11bffdc0830c7af79301173f2aa\nReviewed-on: https://review.monogon.dev/c/monogon/+/2412\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "63b346d8a41f2c6e668bb17600fbc15c4feb1f2f", "tree": "e1422afea67211d2dc3b55626d7897df89860bc8", "parents": [ "e6e570ae3c26c5fda4855522e8cf04644627295f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 30 12:54:19 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 30 15:48:00 2023 +0000" }, "message": "metropolis/node/c/localstorage: make writes durable\n\nWith just a write() -\u003e rename() we can end up with an empty file in case\nof an outage. The write() needs to be followed by an fsync() to avoid\nthat.\n\nSince all of our localstorage framework contains only rarely-written\n\u0027configuration\u0027 style files, we now add such an fsync() to every\nwrite().\n\nThis should fix some flakes in tests and low-load clusters where eg. a\nnode can\u0027t read back its key material or persisted node roles after\nreboot.\n\nChange-Id: Iefae4f8bd68ee2972860a7c58326442c80d8aa8c\nReviewed-on: https://review.monogon.dev/c/monogon/+/2411\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e6e570ae3c26c5fda4855522e8cf04644627295f", "tree": "1678ee01ccfc5277f2e6f79858466a2847d291fd", "parents": [ "6fa92ac53f2cbeb3b2e63dea9f87b1b19a680434" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 28 19:23:19 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 29 12:23:41 2023 +0000" }, "message": "m/n/k/nfproxy: use discovery/v1 API\n\nThe old discovery/v1beta1 is deprecated and removed in 1.25. We need to\nget nfproxy to use the new API (available since 1.21) before we jump\nto a K8s control plane version above 1.25.\n\nChange-Id: I6336e168e9efbfc4a7b41f6fe15efebf95624df2\nReviewed-on: https://review.monogon.dev/c/monogon/+/2407\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "6fa92ac53f2cbeb3b2e63dea9f87b1b19a680434", "tree": "4ba7bb0c1308b670c6e72718ea422a8c0d937883", "parents": [ "7a5422e2718017958c0c408cd6f363d33f41fefb" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 28 17:42:26 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Nov 29 10:27:26 2023 +0000" }, "message": "metropolis/node: sanitize served logs to remove invalid UTF-8 characters\n\nIdeally we would instead either use bytes instead of a string, or never\nallow submitting log lines which are invalid UTF-8. And some day we\nmight still prohibit that - but for now let\u0027s add this failsafe anyway.\n\nFixes #277.\n\nChange-Id: I3d057f4bd1de0ce86e9724e2234b2a40efea8507\nReviewed-on: https://review.monogon.dev/c/monogon/+/2406\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "3e756907d9c769bc92efde5325cd965a4dacf5bd", "tree": "e6b11184fd17367cde826cc2f561d228c881f0ba", "parents": [ "947c0267b97834c4538777426f1a657f118a3945" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Nov 24 23:12:06 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 27 18:15:51 2023 +0000" }, "message": "metropolis/node/core/metrics: build command inside runnable\n\nIt is not allowed to reuse exec.Command. The command has to be rebuild\nevery time the runnable restarts, because go does not allow command\nrestarts.\n\nChange-Id: Ia0f7c8e598bbd0c275d0cb47c020099d1baa5865\nReviewed-on: https://review.monogon.dev/c/monogon/+/2368\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "947c0267b97834c4538777426f1a657f118a3945", "tree": "39eb8d886197b457b0c611335421cbb1f8bcad90", "parents": [ "5bfdb97df902a2ef27aecf40620d56773f9e90b3" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 23 00:11:48 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 27 17:01:33 2023 +0000" }, "message": "metropolis/node/core/metrics: enable more node_exporter metrics\n\nChange-Id: Ie4441cdb5c9c5ba6da8542aaeff8d60cd734030c\nReviewed-on: https://review.monogon.dev/c/monogon/+/2346\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1a773dd14503c985d4f4a8717a7d5a5ebcbe6552", "tree": "68833ddba21b8712d41c0aaa45c5583d3289f6a3", "parents": [ "4ff00f89bac159848b5a694a1868885a9dcd2387" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Nov 24 00:14:05 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Nov 24 22:44:14 2023 +0000" }, "message": "metropolis/node/core/metrics: fix ephemeral typo\n\nChange-Id: I10bee18e1174dd0b5a6b74b14eda8c1859d50cad\nReviewed-on: https://review.monogon.dev/c/monogon/+/2356\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3fdaeaca3820de37a000a4157617b8c7fca7877c", "tree": "654df63825aa91aa8615e21954dc15e11a450eb9", "parents": [ "37dbb942110eb68df407f43ba1a40d872bb4cb67" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 13 23:33:07 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 23 21:47:02 2023 +0000" }, "message": "treewide: update sqlc\n\nChange-Id: I72b0f33989bb0032d5a42bc888cdfac666db2a54\nReviewed-on: https://review.monogon.dev/c/monogon/+/2309\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a56cc4b99f6274fc2f70916b035e4d1da3205d45", "tree": "7f9f6c0207ef375f9865cc408a063fd63065eec1", "parents": [ "321cd715b52fb5c252cc2f99030883001748a63f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 22 23:45:39 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 23 04:45:38 2023 +0000" }, "message": "m/n/c/network: add quirks infra and i40e quirk\n\nThis adds the applyQuirks function which is called during early\ninitialization of the network stack, before any network interfaces are\nenabled. This function applies device and/or driver-specific fixups to\nmake them work better. For that purpose it examines relevant metadata\n(driver in use, firmware version and OpROM version) to decide which\nquirks should be applied to which device.\n\nAs we do not yet have another way of exposing firmware versions, this\nalso takes care of logging all non-zero firmware versions.\n\nIt also adds a first quirk for i40e which disables firmware-based LLDP\nprocesing.\n\nChange-Id: I456753880102dfb5b3e94847cf5627a003d70eeb\nReviewed-on: https://review.monogon.dev/c/monogon/+/2344\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "600e2eb39a6581b5c48deac66c4c29015e48b877", "tree": "69b6850121e5a9896dded1bbd3afa881ebe03430", "parents": [ "cf7f8c0475b8eaddb02869aaa9cb83ce3928b5f6" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Nov 21 05:29:14 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Nov 22 13:33:24 2023 +0000" }, "message": "metropolis/node: fix api-server metrics docs\n\nChange-Id: I28b4860a11a1fb4beb49feb65317220fcb683efd\nReviewed-on: https://review.monogon.dev/c/monogon/+/2340\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "cf7f8c0475b8eaddb02869aaa9cb83ce3928b5f6", "tree": "0563191b7e033a230d4de6980aa38e8dc8b14f47", "parents": [ "eb2520f048df92de2e48ff69d4b9a5431f0372d1" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 21 15:16:21 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 21 18:50:45 2023 +0000" }, "message": "m/n/c/curator: log leadership key details when transaction gets aborted due to leadership loss\n\nThis should allow us to debug\nhttps://github.com/monogon-dev/monogon/issues/276 a bit further.\n\nChange-Id: If709858df15de67f19beffc8e14b0ab09bba89c8\nReviewed-on: https://review.monogon.dev/c/monogon/+/2341\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "eb2520f048df92de2e48ff69d4b9a5431f0372d1", "tree": "de8e9cb052cad3a6b8993f6814974b94abb4c0fb", "parents": [ "4b42c8a429b1d061faa9823c1ac26adaac3dc012" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Sun Nov 19 07:04:15 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 20 22:13:16 2023 +0000" }, "message": "m/n/c/metrics: add node name to discovery labels\n\nThis allows for identifying the node directly without taking a detour\nvia its IP address.\n\nChange-Id: Ia36ba52385292264a42f451ce2c63e9a6c76fdb6\nReviewed-on: https://review.monogon.dev/c/monogon/+/2336\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "4b42c8a429b1d061faa9823c1ac26adaac3dc012", "tree": "e5bf8412d8fceb0178cbf93b7623934299b475e3", "parents": [ "a6a039209495ee74c2e830a55f496e901b6a3b5b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Sun Nov 19 07:02:51 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 20 22:13:16 2023 +0000" }, "message": "m/n/c/metrics: add kube-apiserver\n\nThis adds the Kubernetes API Server metrics to the list of exported\nmetrics.\n\nChange-Id: Ie5827441362787a3bff03ec6cff1f07332b0ae34\nReviewed-on: https://review.monogon.dev/c/monogon/+/2335\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "79d0b0d518efef2f86904443b8612ed6bd90cb8c", "tree": "4694fc178feea953957e92814de0fd9aa358b34c", "parents": [ "9907d199d9397dd90e1ff37e70ede151f2f89db6" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Nov 18 23:12:13 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Nov 18 22:24:59 2023 +0000" }, "message": "metropolis/node/core/metrics: Enable cpu info exporter\n\nChange-Id: I625485570360908810fad3f56e8958ed2d5bbcad\nReviewed-on: https://review.monogon.dev/c/monogon/+/2327\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "9907d199d9397dd90e1ff37e70ede151f2f89db6", "tree": "d9c04e69c126e74a157e522c5c2a75e5ad8951b7", "parents": [ "449daf6f134c9473351921883f7481204f584ce9" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Nov 18 23:11:56 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Nov 18 22:21:40 2023 +0000" }, "message": "metropolis/node/core/metrics: Exclude veth interfaces from metrics\n\nChange-Id: If4059eb9aae225ab283c4f7d6d49342e626e206f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2326\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "786134dcac2737cb3ab62f1b54389946b1bc7fd4", "tree": "4e2e7ebfc8a74ca2264f73a8acc69c39d26243a0", "parents": [ "b6308cd63854e3ef48e6afcc4c1f51e0c6ac1203" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 13 16:55:14 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 16 18:09:22 2023 +0000" }, "message": "m/n/c/n/dhcp4c/transport: replace mdlayher/raw with mdlayher/packet\n\nChange-Id: Iee27f977434d795fd16df6a16096fd8439f423ba\nReviewed-on: https://review.monogon.dev/c/monogon/+/2308\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "b4f5024731f2f61b0f5b377fe9bcbb4934a5e83b", "tree": "d71e84a77c0e77849390bacbde7554bc02fa48b6", "parents": [ "62f1d3680947e1d78bacf2a7277fb4b2007ebacb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 14 21:51:07 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 15 13:10:19 2023 +0000" }, "message": "treewide: use Pinner to resolve safety issues\n\nPrior to Go 1.21 the only way to pass Go-managed pointers to the kernel\nwas to convert them to a uintptr inside the syscall argument expression.\nThis pattern was special-cased in the compiler to prevent the referenced\nmemory from being moved by an eventual moving GC in Go while the syscall\nis running (thus corrupting the Go heap).\n\nBut this was very restrictive as there are syscalls which take inputs\ncontaining further pointers. According to the official rules this could\nnot be implemented safely.\n\nIn practice you could just do it anyways as the current Go GC does\nin general not move objects, but it was always kind of a hack.\nWith Go 1.21 there is a new Pinner API which can be used to pin the\nmemory which is going to be referenced in these structures, allowing\nthem to be constructed and used over multiple calls.\n\nruntime.KeepAlive is still required to prevent finalizers from running\nprematurely.\n\nUse this new API and remove the relevant comments.\n\nChange-Id: I26bce06e1c20a5fe0c41f9ae736a895f533674c1\nReviewed-on: https://review.monogon.dev/c/monogon/+/2316\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "62f1d3680947e1d78bacf2a7277fb4b2007ebacb", "tree": "38c2fe1d57b68788f79ae018075b246f228310cc", "parents": [ "60461b2b23eb57319525a3e00d7ae57e51598ebc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 14 16:18:24 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 14 16:44:03 2023 +0000" }, "message": "treewide: stop using LZ4 for initrd compression\n\nThere are two issues at play here: One is a bug in pierrec/lz4 when\nusing the legacy framing format [1]. This bit us when we hit a broken\nsize region with CL:2130, taking hours to debug.\n\nThe other is the fact that the Linux LZ4 frame format has significant\ndesign issues [2], especially with concatenanted initrds.\n\nThe first issue could be fixed by switching to a different LZ4\nimplementation (we do even have the reference impl in the monorepo) but\nthere is no API to generate the legacy frame format and things like [3],\na patch carried by Ubuntu to fix more edge cases just do not inspire\nconfidence in such a solution.\n\nThus, this CL switches over to using zstd for compressing initrds.\n\nZstd is slower than LZ4 for decompressing, but it still decompresses at\nmultiple GB/s per core while having a much better compression ratio.\nIt also doesn\u0027t have any Linux-specific bits and Linux uses the\nreference implementation for decoding, which should make it much more\nrobust. So overall I think this is a good tradeoff.\n\n[1] https://github.com/pierrec/lz4/issues/156\n[2] https://github.com/lz4/lz4/issues/956#issuecomment-736705712\n[3] https://launchpadlibrarian.net/507407918/0001-unlz4-Handle-0-size-chunks-discard-trailing-padding-.patch\n\nChange-Id: I69cf69f2f361de325f4b39f2d3644ee729643716\nReviewed-on: https://review.monogon.dev/c/monogon/+/2313\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "60461b2b23eb57319525a3e00d7ae57e51598ebc", "tree": "17f4eb857a29b08a6e2be059279b9d88691aff09", "parents": [ "3fd0977e92c3e86cdfde736debdda66af05d1015" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 26 19:16:59 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 13 21:05:16 2023 +0000" }, "message": "metropolis: move curator client watches to curator/watcher\n\nThis replaces all the ad-hoc code to watch Curator node(s) with calls\nthrough the new curator/watcher library.\n\nChange-Id: Ie2a82b330e4108b9b725515cb10595916c38b323\nReviewed-on: https://review.monogon.dev/c/monogon/+/2263\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3fd0977e92c3e86cdfde736debdda66af05d1015", "tree": "879808d1406f1f1caeb5030a10779d25a6c05a07", "parents": [ "8ec6ef0931c7e3d3084bc3180a9d88c002a1618d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 26 19:13:32 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 13 20:11:06 2023 +0000" }, "message": "m/n/c/curator/watcher: init\n\ncurator/watcher is a new library which simplifies access to the Curator\nfrom client code.\n\nIt implements common logic found in a bunch of Metropolis code, where a\nnode or multiple nodes are watched for updates. The single-node version\nof this RPC is not that complex, but the many-node version is and\ndefinitely deserves a client library to remove possible sources of\nimplementation bugs.\n\nThis doesn\u0027t yet switch over any of the existing code to use this\nlibrary - that will come up in another CR on the stack.\n\nChange-Id: Ia1df6f21473f86cb9af1e962d157350a5cfd7d07\nReviewed-on: https://review.monogon.dev/c/monogon/+/2262\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ea762f621a91400569c3118bbaef395336d90979", "tree": "f2d09d28d42e91795c83e5b9b15e88e00a484bf6", "parents": [ "d0424439e5c6637afa5b8156464d14933d955404" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 08 18:54:56 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 13 15:39:29 2023 +0000" }, "message": "m/n/c/n/hostsfile: do not log individual entries\n\nThis gets extremely spammy when spinning up large clusters as it\nemits all entries for every new hostsfile into the log.\nFor a fresh cluster of n nodes this is O(n^2) log lines, which is\nfar too many. The number of entries is already logged and should be\nsufficient for debugging purposes.\n\nChange-Id: I6bf4e489aea52bad3a32a8a0f900e832b6a4f197\nReviewed-on: https://review.monogon.dev/c/monogon/+/2298\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "d9f1f1ec67af21eba685505d7b3086fc222106e1", "tree": "9281d846ff2d20f66dc24d2231969deb7fd1348d", "parents": [ "8456ddf02aea2e1015805f18ef1871812c5cb7f6" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 31 15:44:35 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 31 17:33:45 2023 +0000" }, "message": "node/core: add sysctls\n\nChange-Id: I47b0d639a62f73f134430c5164a35eef2b5622d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/2273\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8456ddf02aea2e1015805f18ef1871812c5cb7f6", "tree": "7ea30de34d2ed42e2da1c044fb62576464b4e2cc", "parents": [ "7acd92dae19109fff8e6036d0a7fcd64aa1851c1" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 18:56:59 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 22:12:01 2023 +0000" }, "message": "metropolis: implement node Deletion and framework for Decommissioning\n\nThis implements the basic ability to remove nodes from a cluster.\n\nWe prepare for a more complex workflow involving multi-sage\ndecommissioning, but first implement the \u0027worst case\u0027 workflow, in which\na node needs to be deleted if it hasn\u0027t been gracefully decommissioned.\nThis is what we currently need most in practice, as we have node\nfailures we\u0027d like to deal with.\n\nThe Delete functionality is still not fully complete though, as we\u0027re\nstill accepting client certificates from decommissioned nodes. But we\u0027ll\nfix that in an upcoming CR.\n\nChange-Id: I7322cb1464a9e5bc924363321534033dcc8a6246\nReviewed-on: https://review.monogon.dev/c/monogon/+/2270\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "7acd92dae19109fff8e6036d0a7fcd64aa1851c1", "tree": "23f299c22f1b40014e9bf7bfca47b1788c1f7f28", "parents": [ "91c0397b2f8eab309e0958afa1746c2a2d02b433" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 18:56:00 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 22:12:01 2023 +0000" }, "message": "metropolis: renamed DISOWNED to DECOMMISSIONED\n\nThis seems like a better name, and the old one was never actually used\nanywhere.\n\nChange-Id: I66b17a9145225828bb978c999bbecd5118188389\nReviewed-on: https://review.monogon.dev/c/monogon/+/2269\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "91c0397b2f8eab309e0958afa1746c2a2d02b433", "tree": "1be5ceff1a23a179d2bbcdf5ca744624112131b4", "parents": [ "da342a424ffbd981df2250ebed2aa845a18356eb" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 18:54:32 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 22:12:01 2023 +0000" }, "message": "m/n/core/curator: add FsmState to Curator Node data\n\nThe node state from the point of view of the cluster is already exposed\nthrough the Management Node data. Add the same to the Curator Node data.\nWe\u0027ll use this in nodes to detect when a node is requested to be\ndecommissioned.\n\nChange-Id: I60408a5e3a22c21dae6f073e21528ccc309b3fbe\nReviewed-on: https://review.monogon.dev/c/monogon/+/2268\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "da342a424ffbd981df2250ebed2aa845a18356eb", "tree": "2eae1557414e3d3982206e267d2e8ee0bd219bc2", "parents": [ "c0f72dc5bd129a27d9a141a84f3602480a28400a" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 24 15:47:54 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Oct 26 20:58:17 2023 +0000" }, "message": "m/n/b/fwprune: fix bug in firmware deduplication\n\nThe populatedPaths set was checked for the path relative to\n/lib/firmware, but the absolute path was added. This caused the\nbailout for duplicate firmware requests to be ineffective.\n\nFound while using this for a weekend project.\n\nChange-Id: I74f6cd0dd7e2da1fc189da8a4d01aba7ac29b837\nReviewed-on: https://review.monogon.dev/c/monogon/+/2264\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "f64f197c8039a72d82efaae6a21f725d3cd3ac7a", "tree": "302a5d9c6ee1d5cdf2b2c8e4abe7b0609c9a2ffa", "parents": [ "54a5a053f2250c03d8476293ecb98fdb458ee5fd" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Jul 28 00:00:50 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Oct 11 10:53:00 2023 +0000" }, "message": "metropolis/node/core/metrics: fixup metrics authentication\n\nChange-Id: I67643855ab61bfdea980211ffe01e50c2409882b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1979\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "54a5a053f2250c03d8476293ecb98fdb458ee5fd", "tree": "acfde3ff61c5181ca89998d725001071f86d9356", "parents": [ "4811e70b3cd8f237c1b57ac85cc4c02b57c82535" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 02 16:40:11 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 10 15:14:57 2023 +0000" }, "message": "metropolis: implement and use A/B preloader\n\nThis switches over from using the EFI built-in bootloader for A/B\nupdates to using our own EFI preloader due to significant issues with\nin-the-wild EFI implementations. It is a very minimal design relying\non a single Protobuf state file instead of EFI variables.\n\nChange-Id: Ieebd0a8172ebe3f44c69b3e8c278c53d3fe2eeb4\nReviewed-on: https://review.monogon.dev/c/monogon/+/2203\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5a90d306602a5ccb7022fa8c80b7b1e4fb6c85d4", "tree": "b6e2bfe17aa8ccb532aeca405e17fc2eda99dc5f", "parents": [ "d141d182614f915ae44250b84c6be10276ca4840" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 17:38:13 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 15:47:05 2023 +0000" }, "message": "metropolis: fix handling GPT holes\n\nGPT tables can have \"holes\" i.e. unused partition slots. These are\nrepresented as nil values. Code walking these tables did not consider\nthat partition entries might be nil.\nFix the call sites and improve the gpt package documentation to\nexplicitly mention the need to check IsUnused.\n\nChange-Id: I27f5db31e14a4907a84d6069ddcc267b25871f72\nReviewed-on: https://review.monogon.dev/c/monogon/+/2208\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1dc60af36a57d434689032234fdc9e9d00ed957e", "tree": "df6f6d4fef63fb3fa13b4f06b9a06e0339caaec2", "parents": [ "e0c0617e33e3b9c9a69b150189b1b13c010de9e0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 03 15:40:09 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Oct 05 13:46:24 2023 +0000" }, "message": "m/node: replace image genrule with proper rule\n\nThe genrule has issues with transitions so replace it with a proper\nrule.\n\nChange-Id: Ie5c38ae17da07a3694a6d0ea7a6580c588916175\nReviewed-on: https://review.monogon.dev/c/monogon/+/2205\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e0c0617e33e3b9c9a69b150189b1b13c010de9e0", "tree": "9908902859bf7245a07e27cb0e6c621f65f15a1d", "parents": [ "48f22ce3a1558ad9994de3bde93f38e1aa997812" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 19 12:28:16 2023 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 26 10:01:57 2023 +0000" }, "message": "go/clitable: factor out from metroctl\n\nWe need the same functionality in bmcli, so factor it out from metroctl\ninto a generic library.\n\nChange-Id: I3fb3dfaae44a64d204e9220f117f379c382c5c4f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2172\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "f0ae33180b59b25d236199e1b874f0dce7aa1e41", "tree": "0d3ffd008695edc1a4b9afde63ac8f149d7d6d94", "parents": [ "65b1c682edc6237dbb50efa7a08475d56a97a7ae" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 12 13:40:30 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 18 13:56:28 2023 +0000" }, "message": "m/p/watchdog: add watchdog package\n\nThis adds the watchdog package for interfacing with devices implementing\nthe Linux watchdog API. There is one alternative implementation at\ngithub.com/mdlayher/watchdog but it is too minimal for our use case.\n\nThe kernel API contains a bunch of weird status bits only relevant for\nphysical watchdog cards which are not made accessible through the\nGo package.\n\nSadly there are no integration tests for this package as ktest wouldn\u0027t\nwork for this because a) no watchdog HW and b) the test success depends\non a condition outside the kernel.\n\nChange-Id: If138a97bc655025da4426665f8cbf1f093cc3bb1\nReviewed-on: https://review.monogon.dev/c/monogon/+/2142\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "65b1c682edc6237dbb50efa7a08475d56a97a7ae", "tree": "98dc265e817dd56c29c03b0bcbfcdaacf52778df", "parents": [ "65702194ea264a0fd01fb470bacaf39264b4f637" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Sep 14 15:49:39 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Sep 14 16:05:16 2023 +0000" }, "message": "m/p/blockdev: use errors.ErrUnsupported in 1.21\n\nChange-Id: Ice8780b092c034cf755aa409ef5fce5a8aef9226\nReviewed-on: https://review.monogon.dev/c/monogon/+/2147\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "65702194ea264a0fd01fb470bacaf39264b4f637", "tree": "3469201097b30e638f1e446655e1d23b33d90f8d", "parents": [ "f551a7696824a9ddbac63191c489db8280aee0a4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 31 16:27:38 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 14 13:43:45 2023 +0000" }, "message": "workspace: rules_go, gazelle, go, gVisor update\n\nThis commit not only updates rules_go and friends, but also updates\ngVisor, removes legacy protobuf usage and switches from using\nbuild_configuration to a config flag for bazel\n\nChange-Id: Idb383f35ca0fec4cb7329e9d991f08f28cf9b1fb\nReviewed-on: https://review.monogon.dev/c/monogon/+/2129\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3781ddbfd7534f88317a44e6fee02670fe36a01e", "tree": "2c0247c43643cea03672b12d47247acfd4f6d320", "parents": [ "8b000b2217522891cace6ad3b98d805b1a262345" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Aug 21 20:59:01 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 23 08:59:12 2023 +0000" }, "message": "metropolis/curator: report leader based on ledership election status\n\nThis makes GetCurrentLeader calls respond to cluster/leader changes\ninstead of relying on connections getting closed on time when a leader\nchanges, or when a node gets elected as a leader.\n\nThis leads to less churn when cluster leadership status changes (no need\nfor every RPC client to re-establish connectivity to get the new\nleader). It should also be faster to respond to cluster leader changes,\nas it doesn\u0027t rely on the the RPC client detecting that the node it\nconnected to has stopped responding / disconnected.\n\nChange-Id: I9de12286530226b3832d2ae07cb7d943ca537d3f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2069\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8b000b2217522891cace6ad3b98d805b1a262345", "tree": "2696cf2de6fe72f5e220e4db725a81c816de1bce", "parents": [ "0573d7d031e51af42cb482c3cd788a280ccaaf28" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 08 16:11:26 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 23 08:59:12 2023 +0000" }, "message": "metropolis/hostsfile: update our own node\u0027s roles correctly\n\nThis properly serializes the state of our own node\u0027s roles into startup\ndata (and the hosts file) if it is assigned during node runtime.\n\nWithout this, we could end up serializing out of date node role data and\nthus would not startup up with a cluster directory (and persisted node\nroles) which would allow for proper control plane startup.\n\nChange-Id: I45da5d73cc0eea0a7c32308bbecf512bb9699d55\nReviewed-on: https://review.monogon.dev/c/monogon/+/2068\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0573d7d031e51af42cb482c3cd788a280ccaaf28", "tree": "8e7cb6f506bbba04985860830dae6f8de4ac4b4f", "parents": [ "67023fe466d35df7ff7e606e74f3bcf51ac8085c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 08 16:01:04 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 23 08:59:12 2023 +0000" }, "message": "metropolis/resolver: more logging\n\nThis should let us figure out HA connectivity issues better in the\nfuture. We were mostly missing logging connection attempts to control\nplane nodes and leader information received from them.\n\nChange-Id: I88f3e4b289561e7b31fcbb59d26b674d8b6aea39\nReviewed-on: https://review.monogon.dev/c/monogon/+/2067\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "6eb3fb31f0d1385e96652b6bee043bd9c5f6a577", "tree": "33e2e6e6e17ae40519909d0927ce33bb9b0cf2c7", "parents": [ "c7108352bd9e03780e6f8836be6c5fffaa0f6501" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 17:19:24 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 21:01:28 2023 +0000" }, "message": "m/n/core: pipe kernel logs into logtree\n\nCurrently the kernel log is only available on the local console\n(serial/screen) and only if they are high-severity entries.\nThis log should be inspectable and collectable together with the\nother Metropolis logs, thus pipe it into logtree under the root.kernel\nnode..\n\nChange-Id: If5006db251eb8662ae9939a56e23bbb895304690\nReviewed-on: https://review.monogon.dev/c/monogon/+/2045\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c7108352bd9e03780e6f8836be6c5fffaa0f6501", "tree": "fa6b87a5cd44288921d18a3f4476c99717da318f", "parents": [ "efa381fa9e8a3850ca1332ce617778d330d5e3ba" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 17:09:40 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 18:46:57 2023 +0000" }, "message": "m/p/logtree: add kmsg pipe\n\nThis allows ingesting Linux kernel (kmsg) logs into logtree with\nthe original metadata (timestamp, severity) preserved.\n\nChange-Id: Ibb6e3a7a0ae4a008b8e9c98beccb3a95c067cb75\nReviewed-on: https://review.monogon.dev/c/monogon/+/2044\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "efa381fa9e8a3850ca1332ce617778d330d5e3ba", "tree": "6fd0db26eab500ba19d7dd6c92b3f9b2cffb6646", "parents": [ "431acaa53ad0914eaf8bc89366b693640acbde13" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Aug 09 17:43:06 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Aug 09 18:11:25 2023 +0000" }, "message": "Set flaky flag on all known flakes\n\nBazel will retry tests marked as flaky up to three times. This has\nthe obvious downside of making the flakes less visible, but popping\nup as unrelated build failures is not the best way to surface them.\n\nChange-Id: I0c97450b17f2e8a56275d3b738e7d34b89be44f6\nReviewed-on: https://review.monogon.dev/c/monogon/+/2047\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "431acaa53ad0914eaf8bc89366b693640acbde13", "tree": "5c6fedd3d4cd204c4b99b42afbc5eba83a167341", "parents": [ "009b12662712fd70670c0dc6015e1a135d4a3cd0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 14:29:24 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 16:10:05 2023 +0000" }, "message": "m/n/c/consensus: fix flaky TestEtcdMetrics\n\nThe metrics endpoint comes up before the bootstrap process is complete.\nThe test context then gets cancelled as the test has succeeded,\nbut the consensus runnable is not done bootstrapping, causing it to\nreturn an error and TestHarness to\nfail the test.\n\nFix this by waiting for the etcd state to be populated, indicating that\nthe bootstrap machinery has done its job.\n\nFixes https://github.com/monogon-dev/monogon/issues/258\n\nChange-Id: Ied270191aaebb226822a1c9d7f8c6312bd0da1ed\nReviewed-on: https://review.monogon.dev/c/monogon/+/2043\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "9563673b5913420e143518b53d3134d4f29b404b", "tree": "f41aee88ab9e63b2a8f38203d3aa9a169663edc7", "parents": [ "32c5fb80970db711fc2f81ceef2b07c29b409e5b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 16:59:40 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 17:54:59 2023 +0000" }, "message": "m/n/c/update: work with invalid boot entries\n\nCurrently if any boot entry is unreadable or unparseable, we refuse to\nperform any updates. This is not desirable as any edge cases in our\nparser or the EFI firmware cause the update mechanism to be\nnon-functional, even preventing us from shipping an update to fix the\nissue. It makes more sense to just log occurrences where such an entry\ncould not be read/parsed.\n\nChange-Id: I8a1161bf35a4c8deb1d82156662b512bcc43ed59\nReviewed-on: https://review.monogon.dev/c/monogon/+/2038\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "32c5fb80970db711fc2f81ceef2b07c29b409e5b", "tree": "45b735a5f41722d0cc5fc6886e894d498830a132", "parents": [ "f025d1b20232385fa09459794dda9f9df0f5295a" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 03 17:37:56 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 17:54:59 2023 +0000" }, "message": "m/n/c/update: fix matching boot entries\n\nThe matching code accidentally worked as long as there was only one boot\nentry for each loader path (boot-a.efi/boot-b.efi) as it type-asserted\na pointer which caused ok to always be false and thus all entries passed\nthrough the UUID check.\n\nThis fixes the type assertion and following logic.\n\nChange-Id: I83fdd2204028633dc274055f7d1ecb458747174e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2031\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f025d1b20232385fa09459794dda9f9df0f5295a", "tree": "e19ea5d8e3af4e2314b42602e60305db5d376051", "parents": [ "3b25cf7c486781e018795066c3337e73ac7e526b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 14:52:49 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 13:28:39 2023 +0000" }, "message": "m/p/efivarfs: allow multiple paths in LoadOption\n\nThe FilePathList in an EFI LOAD_OPTION technically allows multiple\ndevice paths separated by end of path markers. These additional paths\nbeyond the first one do not have any standardized function, but some\nEFI vendors use them to store data. Currently we fail to parse them\nbecause they contain more than one end of path marker. Fix this by\nadding an ExtraPaths field to LoadOption and implementing marshalling/\nunmarshalling for it. I chose to use a separate field in the Go\nstruct because these additional paths do not have the same functionality\nas the first one (they are not bootable).\n\nChange-Id: I96df17915966a973a7553fe9864a0b3e6f6b61e8\nReviewed-on: https://review.monogon.dev/c/monogon/+/2037\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3b25cf7c486781e018795066c3337e73ac7e526b", "tree": "82e9b47b2ffb0614f811b57eb000c249942686d7", "parents": [ "45d6f1821bf047dbe2a71b8d21401dfb60583285" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 16:58:10 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Aug 07 13:27:50 2023 +0000" }, "message": "metropolis/cli/metroctl: add update command\n\nChange-Id: Iab7f930923f8009e0e14f96fc64d336614b1251e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1937\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "45d6f1821bf047dbe2a71b8d21401dfb60583285", "tree": "196dd81b11f57f665327e5e53f59a726c0488513", "parents": [ "b80b8449f4a62c797dd397d08fc0caf70776e5c0" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Aug 07 13:19:41 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Aug 07 13:27:46 2023 +0000" }, "message": "metropolis/node/core/mgmt: add logging for update activation method\n\nChange-Id: Ief4ef6447ac132755df35c5742dedc5d15d71d74\nReviewed-on: https://review.monogon.dev/c/monogon/+/2029\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b80b8449f4a62c797dd397d08fc0caf70776e5c0", "tree": "be4ca586c31d9abd9152a16d69c1839c28cf1070", "parents": [ "a4b88849c4691a1674d4427ee73a79ae8ea76460" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 03 17:40:17 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 13:04:06 2023 +0000" }, "message": "m/n/c/mgmt: unmount ESP before restarting\n\nThis provides additional reliability for the FAT32 ESP partition.\nNothing should keep persistent handles for files on the ESP. Ignore\nerrors in case anything does.\n\nChange-Id: I04bfbb82fddfc740c5c234c028de89539e91a696\nReviewed-on: https://review.monogon.dev/c/monogon/+/2032\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a4b88849c4691a1674d4427ee73a79ae8ea76460", "tree": "c7e187fc439da01546cf701d5501dab799a91ee9", "parents": [ "d14be0eb8bcffb6ba597f26e3ad57b311ca376fc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 03 17:34:56 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 11:37:10 2023 +0000" }, "message": "m/n/c/localstorage: fix logic error determining ESP\n\nThe OS integration of the A/B update engine has a logic error which\ncaused it to provide all partitions as ESP, of which the last one\n(the data partition) stuck.\n\nChange-Id: Ia721f9f515ca65f710f07ba25b3be68544158a7c\nReviewed-on: https://review.monogon.dev/c/monogon/+/2030\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d14be0eb8bcffb6ba597f26e3ad57b311ca376fc", "tree": "3a1286f0eb3623db53c4cb2c880eb5a1059ae1f0", "parents": [ "c07d74efd282261c68d33d745d52a6703448c8fd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 31 16:46:14 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 11:37:10 2023 +0000" }, "message": "m/n/c/update: implement kexec-based activation\n\nAs we\u0027ve had some issues with EFI-based slot activation and enterprise\nserver firmware is extremely slow, this implements kexec-based\nactivation. This just kexecs into the freshly-installed slot instead of\nrebooting. It still updates the BootOrder on successful boot to allow\ncold-boots if the server crashes or loses power, but no longer uses the\nNextBoot mechanism to boot into the new slot once (this is taken care of\nby kexec).\n\nChange-Id: I6092c47d988634ba39fb6bdd7fd7ccd41ceb02ef\nReviewed-on: https://review.monogon.dev/c/monogon/+/2021\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c07d74efd282261c68d33d745d52a6703448c8fd", "tree": "d02247ddbe08318edc5e1ea5eb17c23f0a2c3435", "parents": [ "cf7bd147a0e8b61133472471eb7193566d8b1a4e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 03 17:41:23 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 03 16:55:34 2023 +0000" }, "message": "m/i/t: replace loglevel\u003d0 with quiet\n\nWe should really not be using loglevel\u003d0 in tests, it hides even\ncritical errors like panics.\n\nChange-Id: I6e8dc0f2352efe7f9328faeb0c5e736a75eacb0e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2033\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "cf7bd147a0e8b61133472471eb7193566d8b1a4e", "tree": "3521de5e73c456870dbbce86d907e3557593b452", "parents": [ "d07489b551c242df6ed73d07d17b47feb3827b48" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:20:09 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:42:45 2023 +0000" }, "message": "metropolis/node: remove genrule image_gcp\n\nThis is currently very flaky and we dont use it anyway\n\nChange-Id: Idf91cdc3f45da11635a8ee78617d209665a5bbc7\nReviewed-on: https://review.monogon.dev/c/monogon/+/2028\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d07489b551c242df6ed73d07d17b47feb3827b48", "tree": "2684f906758105cb9108c19069091a9d86ad7786", "parents": [ "8e87a062badeb7f6b93c6486925aa99c616cd8a6" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 13:09:02 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:33:41 2023 +0000" }, "message": "metropolis/pkg/efivarfs: write variables with 0644 perms\n\nThe kernel creates all files with these permissions, so having different ones\nis useless.\n\nChange-Id: Iaafb6080de349f95e566bb2e4faf821864cf75e6\nReviewed-on: https://review.monogon.dev/c/monogon/+/2025\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" } ], "next": "8e87a062badeb7f6b93c6486925aa99c616cd8a6" }