)]}' { "log": [ { "commit": "be25a3b839debc10817670fac0c20660a87bea12", "tree": "df5c6ef648ad41fb5037a53976835709737454bd", "parents": [ "b551b65225b7398ed4eb8b3361f50c7998f56ce1" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 19 16:31:56 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:52:41 2023 +0000" }, "message": "metropolis/test/launch/cluster: expose metrics port\n\nChange-Id: I2ef17374db665c5491f9594de2ae4474be5163a4\nReviewed-on: https://review.monogon.dev/c/monogon/+/1948\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "150f24a5421dc1449d79a801524a7c98754f7bca", "tree": "c4f69b7e6260a241f3d946b36eda309e2539ccba", "parents": [ "901c7326fe067707812757e4e9409f756edf0e37" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 13 20:11:06 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 19 12:17:34 2023 +0000" }, "message": "metropolis/test: use localregistry\n\nThis removes everything but the preseed test image from the preseed\nimage pool, instead opting to serve all test image via localregistry.\n\nThe registry API is served from a dedicated IP inside the virtual\nnetwork and forwarded to an ephemeral listener on the host. The relevant\ninfrastructure is added to the launch package.\n\nAs it is required to add configuration to containerd for this registry\nanyways as it does not and should not have TLS we take that opportunity\nto give it a descriptive name (test.monogon.internal).\n\nVisibilities of images are also adjusted as they are now referenced much\ncloser to their point of use.\n\nAgainst main this saves 51MiB in bundle size (289MiB -\u003e 238MiB).\n\nChange-Id: I31f732eb8c4ccec486204f35e3635b588fd9c85b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1927\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "a0bc6d3f0ce4f3a73eb0019e4f18f508ee36ce21", "tree": "6f77b3184d1cd558dfd8f29437fb61c2e74df431", "parents": [ "3722025f8ed0b46eb7f48c7c0fbfc53de9e84340" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 28 18:57:40 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 03 08:03:11 2023 +0000" }, "message": "m/test/e2e: split core/kubernetes tests, clean up\n\nThis splits the large TestE2E function into two separate functions and\ntests: one which exercises the core functionality of Kubernetes, the\nother which exercises just the Kubernetes bits.\n\nThis allows for easier testing during development, and generally trades\noff higher resources usage for faster execution time in CI.\n\nAt the same time we do some small cleanups of the E2E functionality:\n\n 1. Node startup is now parallelized.\n 2. Non-bootstrap nodes can now be left in NEW (this was used in\n diagnosing issue #234, but it currently unused in the main code).\n 3. Kubernetes access now goes over SOCKS.\n 4. Some Cluster helper functions have been added.\n\nAll in all this should allow us writing more E2E tests in the future,\nand at some point also maybe turn Cluster into an interface that is\nimplemented both by the current framework but also some persistent tests\nrunning against long-term VMs/physical machines.\n\nChange-Id: Ia4586b2aaa5fc8c979d35f4b49513638481e4c10\nReviewed-on: https://review.monogon.dev/c/monogon/+/1870\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "54e212a9914ad8003fc4e353f96651340d287c2d", "tree": "df3b1624d9679e30aefac9b98b2f9b91523eca0b", "parents": [ "d34299ebe13211802739d698e526be78161eac6f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 14 13:45:11 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 11:37:55 2023 +0000" }, "message": "metropolis: implement Metrics Service\n\nThis is the first pass at a Metrics Service. It currently consists of an\nHTTP reverse proxy which authenticates incoming connections using the\nCluster CA and certificates, and passes these connections over to a\nlocally running node_exporter.\n\nIn the future more exporters will be added, and we will likely also run\nour own exporter for Metropolis-specific metrics.\n\nChange-Id: Ibab52aa303965dd7d975f5035f411d1c56ad73e6\nReviewed-on: https://review.monogon.dev/c/monogon/+/1816\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "ce68ab953ef5501a3da3367372daf25801bc0ee7", "tree": "898dc33bb8a97345b6c3e1ace3ec29c1eb6a5234", "parents": [ "3a3c517696210f23f2c1d74d766ddf5750a3f4b8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 06 03:32:39 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 06 11:20:51 2023 +0000" }, "message": "m/t/ktest: allow more memory and extra fssepcs\n\nktest until now used the QEMU default memory which is only 128MiB which\ncan be insufficent for tests with more data. Increase that to 1GiB\nwhich is a more reasonable limit. Since ktest doesn\u0027t use any filesystem\ncache in practice this shouldn\u0027t be using much more memory.\n\nAlso allow adding additional fsspecs to ktest which get integrated into\nthe test initramfs.\n\nChange-Id: Ib1a1611cb8e3fdce11a3fac7c0c1ed04097032ea\nReviewed-on: https://review.monogon.dev/c/monogon/+/1788\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "630fb5c5349b13330b7de6f8300b495b801db061", "tree": "9d946ba0dd34a6ba0567f4f7120174797e29a8fe", "parents": [ "1fb2b10801eb4ea56a1e00f174923ec83f039623" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 10:50:24 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 09:55:51 2023 +0000" }, "message": "m/test/e2e: deflake\n\nNow that nodes don\u0027t heartbeat before they have critical ESP data\npersisted, we can simply make sure they heartbeat before any disruptive\nreboot and that will remove our biggest source of flakiness in E2E\ntests.\n\nChange-Id: I9d4483015341157af6b27c8bd98f5df64da229d2\nReviewed-on: https://review.monogon.dev/c/monogon/+/1499\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "8535cb5bc5437960430ff94d3ea7280ccf931340", "tree": "57edb5cf064ad8b43aef52c1bbb974dd5cce7c26", "parents": [ "30fd15406e2c9cba7391f6af96c775b313a115fa" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:15:08 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 17:18:22 2023 +0000" }, "message": "m/n/core/rpc: implement node verification in authenticated connections\n\nThe current API of NewAuthenticatedCredentials is not easily extensible,\nso switch over to such an API now.\n\nThis then adds a WantRemoteNode option which verifies that the remote\nconnection is established to a node with a given ID.\n\nChange-Id: Ie9f6b33d8b032729181bae5591eba9856ea2f523\nReviewed-on: https://review.monogon.dev/c/monogon/+/1427\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d09c58f33c523c9395446122fc552c58dbab80cc", "tree": "c1438cddc469da77cf1640e672894e99123bb827", "parents": [ "ce19acc9d66055d912287d9f1f26c08d3df55aa8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Mar 17 00:25:08 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 17:56:13 2023 +0000" }, "message": "m/test/launch: do not pipe node logs to stdout in //:launch-multi2\n\nChange-Id: I9e74ca8d6121725b9d38c910f80759c3c6b932a0\nReviewed-on: https://review.monogon.dev/c/monogon/+/1372\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "1f8cad7568ad2e8e539fe44f1b2d51e1f2a19fd5", "tree": "ed38d5ecb2f775c73c0ac8c23a68e610ce261591", "parents": [ "d174e556db5e2ad25e406babf34442a529756081" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Mar 20 16:58:10 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 16:39:39 2023 +0000" }, "message": "m/{cli,test/launch}: integrate launch/cluster with metroctl\n\nThis makes test-launch2 (and possibly later any other code that uses the\nlaunch/cluster library) tell the user that they can connect to the newly\nlaunched cluster using metroctl, either by using specific flags, or\nusing a wrapper script, or using kubectl.\n\nChange-Id: I54035ee02f3cbab3d17f46b1f1685b91aab275a9\nReviewed-on: https://review.monogon.dev/c/monogon/+/1373\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "05f813bf2d311f94dbc8021a85b37ff7c2e33242", "tree": "861772847ef842bbdc362224c442a7679b8b10f2", "parents": [ "cc4e96aed59648a3c4ac3faf3755deff4bb7f656" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 17:58:39 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 20:52:16 2023 +0000" }, "message": "m/test/e2e: use concise-style logging\n\nMaking our test logs look like LogEntry.ConciseString() means we have\nsignificantly more readable test logs.\n\nChange-Id: I0b1eab6a5a837bb2001f3b32779c23df2feaa381\nReviewed-on: https://review.monogon.dev/c/monogon/+/1362\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e2a302a9062d3ebfc33ad83dd382653e067ca009", "tree": "55165c3da49a1f7b4604c4db85b59bb305011718", "parents": [ "7fbf10455fd61b4c34182be5cdb3a53fd9897d4b" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Sun Jan 15 15:39:18 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 19 19:07:21 2023 +0000" }, "message": "metropolis/test/launch: convert :launch to a test\n\n\"bazel run\" simply executes the binary outside the sandbox, so swtpm\nand other dependencies from the sandbox sysroot won\u0027t be available.\n\nIf swtpm is installed on the host, running the _bin target still works,\nbut it\u0027s better to point contributors to something that works\nout of the box.\n\nThis is a temporary workaround. Tests have timeouts and take the global\nBazel server lock. The correct solution is a static swtpm build\nwhich can run outside the sandbox.\n\nChange-Id: Icf7bf5cc44825df676d37a75ea9c1e135de14fef\nReviewed-on: https://review.monogon.dev/c/monogon/+/1078\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "acfad5b4d130084d58235a1eae54f4c51f936e44", "tree": "ecfbf0e9635fa4a6ef49b524c914834eb195f986", "parents": [ "af5086bfe505940699203d158ffa89307f28ebde" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Sun Jan 15 14:05:25 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Jan 16 13:54:47 2023 +0000" }, "message": "m/test/launch/cluster: add pcap dump\n\nDump all network traffic by default to help debug failed tests.\n\nChange-Id: I5466639fa00501373690bd95452b85b61fb5b172\nReviewed-on: https://review.monogon.dev/c/monogon/+/1076\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "af5086bfe505940699203d158ffa89307f28ebde", "tree": "3ec03923903f2a5f9262f1b9ee79b6e80158520b", "parents": [ "20a036ee94d0999ab632de4f9c2d1feff192d72b" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Sun Jan 15 14:12:42 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Jan 16 12:44:48 2023 +0000" }, "message": "m/test/launch: print qemu options at startup\n\nChange-Id: I35b234301e7c06a910127a4cf2c1573d23af45a9\nReviewed-on: https://review.monogon.dev/c/monogon/+/1077\nTested-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "20a036ee94d0999ab632de4f9c2d1feff192d72b", "tree": "47b90debe3873ee1d8075ffac1995f3769bdae31", "parents": [ "afb925b446e4f13a05a36f1d87e6b8a1f5a2e27a" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Sun Jan 15 00:17:19 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Jan 16 12:37:51 2023 +0000" }, "message": "Fix some typos/grammar/variable shadows\n\nChange-Id: I43e78ec7931399c4f60f431d659953f084db7172\nReviewed-on: https://review.monogon.dev/c/monogon/+/1074\nTested-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "28800ad9a591c8a9dbbba4f21de51d8e07443b1e", "tree": "4ea4604d271543acaf928a987e2c6b3937bc435f", "parents": [ "f777496512bc553faeb5e17c818a118c6a057817" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Jul 08 14:56:02 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 11 12:09:15 2022 +0000" }, "message": "m/p/common: use protobuf.Timestamp in NodeStatus\n\nThis updates NodeStatus to use google.protobuf.Timestamp.\nSee: issue #129.\n\nChange-Id: I7902908a885a909d5ad6e232333037add5fb02e2\nReviewed-on: https://review.monogon.dev/c/monogon/+/831\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "58ddc0981614e7582a3ad5a505d64e4c48cd2800", "tree": "3060609a9e68a4a032c133330c5f2f18218e52be", "parents": [ "5bb8a33c73eb418729227e071af6777703913a65" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 30 18:23:33 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 30 17:55:07 2022 +0000" }, "message": "m/n/c/r/resolver: allow disabling curator updater\n\nThis allows some resolvers to not attempt to contact the cluster for\ncurator node updates. We use this in the Join and Register resolvers as\nthey don\u0027t have permission to access this data anywa.\n\nWe also generalize Resolver options into a proper WithX setup. We also\nuse this opportunity to move the resolver creation in node code outside\nof the roleserver, as it should have been in the first place.\n\nChange-Id: I1cc227711d784e07959371873029e09fc8cd1b99\nReviewed-on: https://review.monogon.dev/c/monogon/+/808\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5bb8a33c73eb418729227e071af6777703913a65", "tree": "243c70849397b0a708864eb2b7a3d02ec5d41f4e", "parents": [ "b43d0f0765916e029db8f784e44659fc8468e945" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 23 17:41:33 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 30 15:55:44 2022 +0000" }, "message": "m/t/launch: use cluster resolver\n\nThis makes the cluster launch framework use a resolver to connect to\ncluster nodes after credential escrow has been performed.\n\nChange-Id: I09b0ec50bdb758e0c91e505a3c51839bb274f959\nReviewed-on: https://review.monogon.dev/c/monogon/+/797\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "1fbc5975a74174c3719ae2a15b60d202b6b4e609", "tree": "48ea22a01ede3bd490bf590d3cf2d3fef339d620", "parents": [ "9d9711884e042066b1f9ba51b7d9665596828748" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 22 13:36:16 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Jun 24 09:26:31 2022 +0000" }, "message": "m/test/launch/cluster: print nanoswitch logs\n\nChange-Id: I3a034e075aa253ecb4ef6306e50686a6d44aab80\nReviewed-on: https://review.monogon.dev/c/monogon/+/792\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e90f4a1c0e0d33f7cac7ab53773e40409c86a3ab", "tree": "d3e4aea64b329241e17fa063e6585fe3212583a4", "parents": [ "32b192929c34e408bec6286de471313a4cfce5e2" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed May 25 18:24:01 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue May 31 12:58:47 2022 +0000" }, "message": "m/t/launch: prevent a TPM socket race with QEMU\n\nThis deflakes e2e tests by making sure that TPM emulator\u0027s socket\nbecomes available before QEMU is launched in LaunchNode.\n\nChange-Id: I2ca937ca0cd4712552805dc16fcbf7949f672ff3\nReviewed-on: https://review.monogon.dev/c/monogon/+/701\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "08cb464d60f859ad029a52abe161cae02a0bf405", "tree": "098f8216960af32afe8ee6059c01a4e10045e7ad", "parents": [ "4f6fad3a6ed4e244c97aa5cb486aec5ca676c465" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed May 25 17:35:59 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri May 27 10:24:12 2022 +0000" }, "message": "m/t/launch: log LaunchNode errors in LaunchCluster\n\nLaunchNode errors that were made available through Cluster.nodesDone,\nreturned by LaunchCluster, weren\u0027t actually logged anywhere in the\nrepo, resulting in a significant blind spot.\n\nChange-Id: I12fd5a072330253e00cc57c0b6a29411a65c0d56\nReviewed-on: https://review.monogon.dev/c/monogon/+/700\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0246f5eb3a48f8a521ab20d776b923fcf0af6e1c", "tree": "73ff4458a28566fa580c116958aeceb222d7e4ac", "parents": [ "2930e9966deca2ebcb9b497d4d133ffb6258ed87" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Apr 22 17:29:04 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue May 03 12:11:19 2022 +0000" }, "message": "m/test: implement non-transient QEMU VMs\n\nThis patch reworks the launch code, enabling rebooting of cluster\nmember VMs, while precluding erasure of their transient state (disk\nimage, OVMF firmware variables, TPM state, MAC address).\n\nRebootNode method included in this patch is cluster-aware in the sense\nthat it blocks until the node has re-joined the cluster.\n\nChange-Id: Ie1236297d214399e927a67295200f8b8879a5b39\nReviewed-on: https://review.monogon.dev/c/monogon/+/664\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "be74284cb84581b7217a934d2a771edb7c948223", "tree": "c943b51d32f0f0c0f81b97faa4660a9099b3caee", "parents": [ "fe7134b0b25b620b6f40b1f41f37ab93fca6d3c0" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 04 13:18:50 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 06 09:52:24 2022 +0000" }, "message": "m/test: implement SOCKS proxy in cluster tests\n\nThis uses the new socksproxy package to run a proxy server in the\nnanoswitch, and uses it within tests to access the test cluster\u0027s nodes.\n\nThe cluster test code (and nanoswitch) still forward traffic to the\nfirst node, but this will be gradually removed as SOCKS support is\nimplemented in metroctl and the debug tool. Forwards from host ports to\ndifferent node can then be implemented as part of the dbg tool (instead\nof the cluster launch code) to maintain a simple interface during debug\nand development.\n\nWe also use the opportunity to make the non-cluster launch code not\nMetropolis specific (by removing an assumption that all ports on all\nnodes are Metropolis ports). In the long term, we will probably remove\nnon-cluster launches entirely (or further turn this code into just being\na \u0027launch qemu\u0027 wrapper).\n\nChange-Id: I9b321bde95ba74fbfaa695eaaad8f9974aba5372\nReviewed-on: https://review.monogon.dev/c/monogon/+/648\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d13c1c64387ca9a83bb832a3faa5c4b07268d265", "tree": "0c0f534db4726e4400486aad25235e8c573d455e", "parents": [ "79a1a8f9dd49afe8e0a2364c4586b8f39525b204" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:58:58 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 05 10:35:29 2022 +0000" }, "message": "treewide: switch to gomod and bump everything\n\nThis switches version resolution from fietsje to gomod and updates\nall Go dependencies. It also bumps rules_go (required by gVisor) and\nswitches the Gazelle naming convention from go_default_xxx to the\nstandard Bazel convention of the default target having the package\nname.\n\nSince Kubernetes dropped upstream Bazel support and doesn\u0027t check in\nall generated files I manually pregenerated the OpenAPI spec. This\nshould be fixed, but because of the already-huge scope of this CL\nand the rebase complexity this is not in here.\n\nChange-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833\nReviewed-on: https://review.monogon.dev/c/monogon/+/639\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "399ce5537c9d74b2335add19dcb6a4043d9468b5", "tree": "a7e086c69c69f8745ca123764c6929e090e0d80b", "parents": [ "0ea448a92ad342bcb0ecb05a2aa9652ebe48b62a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 29 12:52:42 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 30 15:50:59 2022 +0000" }, "message": "m/n/core/rpc: provide lower-level gRPC dialing constructs\n\nThis replaces the 2x2 cartesian product of ready-made dialing functions\n(New{Authenticated,Ephemeral}Client{Test,}) with plain gRPC Dial\nOptions.\n\nThis is partially to reduce the magical aspect of the RPC library (after\nall, we are just using gRPC here, no need for these wrappers), but\nmostly in preparation for having another dimension added: dynamic\ncluster resolving, which will also be just provided as a Dial Option.\n\nChange-Id: Id051ca5204e4b44afcc10164f376ccf08af46120\nReviewed-on: https://review.monogon.dev/c/monogon/+/640\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "942f5e2188f67d78fe8da86f42e1902427792f2b", "tree": "b3465cd8996a224a678f12cf1d858173077dadd1", "parents": [ "d3ce0ac027b205b1eeccbbcb062c9d417e205df4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 27 15:03:10 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 12:05:38 2022 +0000" }, "message": "b/ci: update build container to Fedora 35\n\nFedora 32 is EOL since over half a year, update to the current stable\nFedora release.\n\ntoolchains: adds clang as it\u0027s no longer part of the llvm package,\nchanges toolchain path references to GCC 11, and rebuilds the sysroot.\n\nedk2: update to latest stable (old version cannot build with a newer\nminor version of Python 3) and patch to disable -Werror and make the\nnewer included Brotli version work as it natively includes BUILD\nfiles which need to be patched out to make the source files accessible.\n\nlinux: add patch to fix PVH ELF note entrypoint with binutils 2.32+ as\notherwise the .notes section gets emitted with broken alignment.\n\nm/t/launch: RunMicroVM is broken if SerialPort is not set with newer\nQEMU versions because fcntl(2) fails to interact with a broken file\ndescriptor. This is due to a confusion between nil interfaces and\ninterfaces containing a nil pointer causing Go to improperly pass the\nfile descriptor. Changing the type of SerialPort to the actual\ninterface resolves the issue.\n\nChange-Id: I03a8cbf4f80a7363794dad1ff62ccb57e778cac3\nReviewed-on: https://review.monogon.dev/c/monogon/+/529\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "636032e843efcdef0716ed9956f40642d07b8d4c", "tree": "9499a197eec2483636b1fc940d8b7e78d3a29161", "parents": [ "5839e97231f31fac6730a1d553fe7114d37a1521" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jan 26 14:21:33 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Feb 23 16:15:54 2022 +0000" }, "message": "m/test/launch: fail ROC on non-UNAVAILABLE errors\n\nThis makes RetrieveOwnerKeys fail fast in tests if some non-transient\n(ie. non-UNAVAILABLE) error is encountered. I hit this while developing\nsomething around the codebase and it took me way too long to figure out\nwhy the e2e test was stalling.\n\nThis really begs doing a pass on all retry loops to make sure we don\u0027t\nget stuck like this. Perhaps we should formalize this, too.\n\nChange-Id: I048f5ac79802330f789e67ba316bc38f04d83331\nReviewed-on: https://review.monogon.dev/c/monogon/+/531\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b6a9d3c613847de99be456f17c6b18cc4d1c4e63", "tree": "65aa9692174230796bfcc30aba663d5063190d6b", "parents": [ "26d5225a142057b6eb04cff9ba86173a6682b626" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 27 18:56:20 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 08 13:06:05 2022 +0000" }, "message": "m/n/build: implement new fsspec infrastructure\n\nThis makes the node_initramfs and erofs_image use the new common fsspec\ninfrastructure. It also adds the fsspecs attribute to both which can\nlater be used to add arbitrary fsspecs.\n\nChange-Id: I384e04712c0a70f82c5c975911cbb1d0d5e6cabc\nReviewed-on: https://review.monogon.dev/c/monogon/+/530\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "cc078df2124306799c66786833746999259ea792", "tree": "43807fcfec2196430b4bd4def124dad2231451db", "parents": [ "8c2c771a750f30b3edf240fc8352e777795e989b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 23 11:51:55 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Feb 02 14:07:37 2022 +0000" }, "message": "m/n/kubernetes: implement Metropolis authenticating proxy\n\nThis implements an authenticating proxy for K8s which can authenticate\nMetropolis credentials and passes the extracted identity information\nback to the Kubernetes API server. It currently only handles user\nauthentication, machine-to-machine authentication is still done by the\nAPI server itself. It also adds a role binding to allow full access\nto the owner as we do not have an identity system yet.\n\nChange-Id: I02043924bb7ce7a1acdb826dad2d27a4c2008136\nReviewed-on: https://review.monogon.dev/c/monogon/+/509\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "075465c4f4437d6bcd0326cd673aedf2b5bbc686", "tree": "057c78acaff2b9f9770bbed6f225dd6f0468e8e3", "parents": [ "0e057feb0b5c932e1b86ba769ad92bfc9bfdcd65" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 16 15:38:49 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Jan 25 14:27:03 2022 +0000" }, "message": "m/t/launch: multi-node launches, prefixed stdout\n\nThis reinstantiates //:launch-test2, with some small fixes for usability\n(prefixed stdout and GetNodes retries to handle cluster connectivity\nissues as the cluster grows).\n\nWe also drive-by port //:launch-test2 and //:launch to use the new and\nshiny clicontext package.\n\nChange-Id: I62a1d827b2087f1173abf19e792a2088dc8b80bb\nReviewed-on: https://review.monogon.dev/c/monogon/+/485\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e78a08987e48aa5d9f77954886b7cc544f218638", "tree": "77d91020801cf19d2979db69495e40f3aeb889d5", "parents": [ "957c5b142abf8976c212ae013e6c36c4ff80f6c8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 07 17:03:49 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Dec 09 17:51:43 2021 +0000" }, "message": "m/n/c/cluster: implement register flow\n\nChange-Id: I197cbfa96d34c9912c7fc19710db25276e7440fc\nReviewed-on: https://review.monogon.dev/c/monogon/+/454\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "764a2de7911a42d57720911332a12895f0aad707", "tree": "dd0e31cee8fb5c753a762462e9eb16f776c3ec73", "parents": [ "e65731049afb6fd49da80f064fa40a28c9d5741d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 22 16:26:36 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 22 20:39:51 2021 +0000" }, "message": "tree-wide: rewrite ioutil functions to their replacements\n\nThe ioutil package has been deprecated in Go 1.16 [1]. This CL removes\nall our own users of that package and rewrites them to use their\nreplacements in the os package. I initially wanted to do this with a\ngofix but because all replacements were signature-compatible I just\ndid it with a few string replaces and then ran goimports to fix up the\nimports.\n\nI intentionally didn\u0027t rewrite the patches as that would require a\ndifferent process and is IMO of less value.\n\n[1] https://github.com/golang/go/issues/42026\n\nChange-Id: Iac6663a1f1ee49f9b1c6e4b3d97e73f2c3b54a13\nReviewed-on: https://review.monogon.dev/c/monogon/+/449\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "52304a8aa84604846e316e28c955b67e68c52f34", "tree": "df8518bb50b9665af7f4897665d8aa16f4a43e7f", "parents": [ "ba7bf7dc83c15cbd94a1f71b7992df7d7fc7d752" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 29 16:56:18 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Nov 03 11:36:20 2021 +0000" }, "message": "m/node: implement Port type for node ports\n\nThis allows us to use %v/%s to get a pretty port name where needed.\n\nWe also drive-by remove MasterServicePort which is a leftover from\na pre-curator cluster service implementation.\n\nChange-Id: Id8feddf87269b13dd1dad2460a015c1a7ecbc6d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/418\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "66e589595ecbefdc1466ea5e98e9c237e3300f8e", "tree": "c5bf14131ce984dea96ee6825c12b5e3cf7a342a", "parents": [ "a1a96b454eb3c21d03b7f95f1917dd6ce1b84b8a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:06:56 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 11 13:27:02 2021 +0000" }, "message": "m/test: refactor cluster launch code, use for e2e tests\n\nThis is a light dust-off pass for the existing cluster launch code.\nNotably, we separate Metropolis-specific code into a subpackage\n(allowing us to make the package itself depend on the required\nnode/kernel images, without introducing dependency loops or unnecessary\ndependencies on the Metropolis node image).\n\nWe also make the LaunchCluster code return an already authenticated\nManagement client, and subsequent changes will use this client to add\nmore nodes to the running cluster.\n\nWe then move the E2E test to use LaunchCluster instead of LaunchNode, in\npreparation for running a multi-node cluster in the E2E test.\n\nWe also add some more log calls and clean up the existing ones to make\nit clear which subsystem (launch, launch/cluster or e2e) is respondible\nfor each message.\n\nChange-Id: I838bdc75073831fe94b9cdcef4fb3ab6bf8cba2c\nReviewed-on: https://review.monogon.dev/c/monogon/+/343\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "96043bc1cb55b1271b21309b2011d64d2361a0fd", "tree": "b4db59595d8635154de74b0a244a6bb28bc52d2d", "parents": [ "3379a5d0ffcd652031c135f2ffe7600272fa0093" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 12:10:13 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:29:16 2021 +0000" }, "message": "*: import reformats\n\nAs caused by my IntelliJ/gofmt locally. We really need to do gofmt\nchecks in CI, especially now that we nearly have the tooling ready for\nit.\n\nChange-Id: Id105ba9ad8a34b8b8e883d52d621d47b0ea888d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/338\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9", "tree": "37e0b443caf904f0b78d423ba6580c1416f5bc11", "parents": [ "9ffa1f9577003ab70a6b483475874f3552d1ccc3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:03:06 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 03 11:15:40 2021 +0000" }, "message": "m/n/core/rpc: create library for common gRPC functions\n\nThis is the beginning of consolidating all gRPC-related code into a\nsingle package.\n\nWe also run the Curator service publicly and place it behind a new\nauthorization permission bit. This is in preparation for Curator\nfollowers needing access to this Service.\n\nSome of the service split and authorization options are likely to be\nchanged in the future (I\u0027m considering renaming Curator to something\nelse, or at least clearly stating that it\u0027s a node-to-node service).\n\nChange-Id: I0a4a57da15b35688aefe7bf669ba6342d46aa3f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/316\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "1f9a03b3f952320824b1ae49e56da3cb814cd5b0", "tree": "315ea3ca5711b2dca9173dcf825c18e031affa84", "parents": [ "b9044c888097757c36933062f27b5f5ee103ee5f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 17 13:40:53 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 24 17:26:20 2021 +0000" }, "message": "m/test/e2e: retrieve owner credentials in e2e test\n\nThis exercises AAA.Escrow for the initial cluster owner within our large\ne2e test suite. The certificate retrieved this way is not yet used, but\nis verified to be emitted for the correct public key.\n\nChange-Id: Id33178cd223e3180d6f834c6fac94d6d657d5349\nReviewed-on: https://review.monogon.dev/c/monogon/+/290\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5b2ae5500a90dc48b9713095e5f1580b9c9646d9", "tree": "1f6efbed2aa20716c18772bb30dbafacd6f07db3", "parents": [ "03758714f4b7be2a712831beecfdfcbf151b4c66" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 17 13:00:14 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Aug 23 12:26:16 2021 +0000" }, "message": "m/n/c/curator: listen on public gRPC\n\nThis enables listening on CuratorPort (which was called\nNodeServicePort) using TLS node certificates. No service is yet running\non the new gRPC listener.\n\nChange-Id: I436ac1ae9cbdb257419ad114262fc2a7516396b1\nReviewed-on: https://review.monogon.dev/c/monogon/+/288\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "216fe7b3ae949376467f626f339423a31ea7da97", "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b", "parents": [ "6ebdc418f3c4799c12368e34ea78dc9c9757fb54" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 18:36:16 2021 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 17:54:03 2021 +0200" }, "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n" }, { "commit": "be57a039071a451763adc6c3456b7d79ca1999bb", "tree": "391ebab65e54c88c0b101a137371b283c5fd3812", "parents": [ "3536e4d4923e76486167c85c2b09a1cf4ca5502d" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 11 13:41:52 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 11 13:42:23 2021 +0200" }, "message": "m/test/launch: fix TPM tempdir permissions, wrap errors\n\nOn Linux, the following generally fails:\n\n $ cd /tmp\n $ mkdir test\n $ cd test/\n $ chmod 644 .\n $ touch foo\n touch: cannot touch \u0027foo\u0027: Permission denied\n\nThis changes our launch code to create a temporary TPM directory with\n755 instead of 644 permissions, preventing a situation like above\nmanifesting in our new CI.\n\nThis didn\u0027t manifest before as we always ran builds through podman, and\nthere this behaviour doesn\u0027t appear to hold, probably because we are uid\n0 there:\n\n $ podman exec -it monogon-dev bash\n bash-5.0# id\n uid\u003d0(root) gid\u003d0(root) groups\u003d0(root) context\u003dunconfined_u:system_r:spc_t:s0\n bash-5.0# cd /tmp/\n bash-5.0# mkdir test\n bash-5.0# cd test/\n bash-5.0# chmod 644 .\n bash-5.0# touch foo\n\nWe also drive-by some unwrapped error returns to be a bit more helpful.\n\nTest Plan: Tested on new CI, manually.\n\nX-Origin-Diff: phab/D773\nGitOrigin-RevId: 5a55a7878109717f0c17251a659dfc6ee04b94f4\n" }, { "commit": "f055a7fce0263a30fd2c853b5ed002a765fc23e8", "tree": "de2dc0daeebfc7ecce2b1987ffb13eb4f2475088", "parents": [ "2666513457e8d7a282560a7090f35439ab9695ce" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 16:22:33 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Apr 14 14:35:09 2021 +0200" }, "message": "third_party/linux: build using unhermetic rule\n\nThis replaces ad-hoc genrules (for the node Linux image and the ktest\nimage) with a real Bazel rule with an attached transition which ensures\nwe end up with the same-ish configurations for all builds of an image.\n\nThis reduces rebuilds of the ktest Linux kernel, from three down to one.\n\nBefore: https://drive.google.com/file/d/1c6VmY2bqx9Pgs61TOUfgMi8Sn0WQeobu/view\n\nAfter: https://drive.google.com/file/d/13eO1rLhoBCMMRUKrmJz8QnhdAR3ctIGb/view\n\nWe also drive-by fix the Kubernetes CTS test suite to run on a single-node\nCluster (instead of failing early due to that being currently reworked).\n\nTest Plan: Build system refactor, following existing test.\n\nX-Origin-Diff: phab/D761\nGitOrigin-RevId: b5545ac5fd402fbf0340d941a90b9ea6ea0b6d43\n" }, { "commit": "886d2892d1717bc130cfa008742c06c29f7ff186", "tree": "e9d67752d55d52e948662521e96d83f343473dea", "parents": [ "0565ea3191d445bdaab647213d59ed3d7218630a" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 16:39:39 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:08 2021 +0200" }, "message": "metropolis/test/launch: add InsecureKey\n\nCurrently, the node startup parameters are empty. Let\u0027s populate them with a development (\u0027insecure\u0027) key when started from the launch library.\n\nTest Plan: Future revision in stack will make use of this.\n\nX-Origin-Diff: phab/D754\nGitOrigin-RevId: 0cfa3c1d71911423ff169afc027edb768151de67\n" }, { "commit": "0ed2f96a3a86aff2c9ce36289aa5d58a75f4d59b", "tree": "afbe1fb6cd0a1667e981edfe97969338437bdaca", "parents": [ "056042962060369bd7607ecfea51c515fc3a8140" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Mar 15 16:39:30 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Mar 15 16:39:30 2021 +0100" }, "message": "metropolis/proto: EnrolmentConfig -\u003e NodeParameters\n\nThis starts off the move to a node configuration API conforming to\nthe lifecycle management design document.\n\nInstead of an Enrolment Config used only to join an existing cluster, we\nmove to a NodeParameters proto that must always be given to a node if\nit\u0027s supposed to either bootstrap a new cluster or join an existing one.\n\nThis links the existing cluster management code (and its state machine)\nto work with this file. However, that state machine will be removed very\nsoon, anyway.\n\nWe also remove everything related to golden tickets.\n\nThis breaks multi-node tests.\n\nX-Origin-Diff: phab/D710\nGitOrigin-RevId: f22615fbccab975f2d5e6928bdc7387ab3aa5714\n" }, { "commit": "f12bedfa4cd144c3abc4deac58405067d55f9c87", "tree": "ddbc408e424a0ea8e446bcf0022ee16278202d63", "parents": [ "c3ad846e0eaf4cf008130a643ff247aa27531e17" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "message": "*: bump up Go dependencies\n\nThis started off as \u0027let\u0027s bump gVisor\u0027. However, pulling that thread\nresulted in quite a few things that also required bumping for the build\nto actually work. Here I come back from a day in the Bazel mines,\nbearing fruits of my labor.\n\nNotable changes:\n\n - bump up gVisor\n - bump up containerd\n - bump up Bazel\n - bump up rules_go, rules_docker, Gazelle\n - use google.golang.org/protobuf (the \u0027new\u0027 go proto package)\n - bump up gRPC (but not too much, as go-etcd is still straggling)\n\nNotable effects:\n\n - new gVisor supports TTY allocation (kubectl run -it\n --image\u003dubuntu:20.04 ubuntu bash now works!)\n\nNotable notes:\n\n - gVisor shim has new been rolled into the main gVisor package and is\n slightly easier to build (we can get rid of a bunch of patches).\n - Opencontainers\u0027 runtime-specs now follow containerd instead of gVisor\n - gVisor had to be taught to use the slightly newer runtime-specs via a\n new patch.\n - go_rule() in Starlark is now deprecated, and we had to change our\n Starlark rule definitions to use rule() instead. We also had to patch\n gVisor to do that (as there hasn\u0027t yet been a release that rolled\n this up).\n - Gazelle now supports different naming schemes for generated Go\n targets - either the old //foo/bar:go_default_library scheme, or a\n new and nicer //foo/bar:bar scheme. We currently force the usage of\n the old scheme, as switching over is probably not going to be easy\n (we use a lot of external Bazel files, and we have to wait for their\n compatibility with the new scheme first).\n - New Bazel/rules_go sets a TMPDIR long enough to generate paths (via\n ioutil.TempDir) to which sockets cannot be bound (108-byte limit).\n - The new protobuf API is incompatible with gogoproto. containerd/ttrpc\n uses gogoproto, but we are smart enough to pull in the old protobuf\n library as gogoproto\u0027s transitive dep. However, ttrpc also wants to\n use some proto-generated grpc bits, and that doesn\u0027t work. We have to\n pull in a ttrpc fork from a PR that hasn\u0027t yet been merged that fixes\n this issue.\n\nTest Plan: Refactor only, should be covered by tests.\n\nX-Origin-Diff: phab/D689\nGitOrigin-RevId: 1188c0605d25e7f40307fab5fd96e7019f3a9171\n" }, { "commit": "31370b07f0df2dc2765d812d4ce00a6b35185b16", "tree": "15563902eee9591083284441c8505b084b275d0a", "parents": [ "313816f41244d7520eb2b6f8c231328ee5b7a4ef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "message": "*: git.monogon.dev -\u003e source.monogon.dev\n\nThis implements T882, setting our (virtual) GOPATH to source.monogon.dev\nfor this repository.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D686\nGitOrigin-RevId: c5e2309089948ffc3a98e68e2e0e1cbb157d3a36\n" }, { "commit": "0be9be88224dd87eedb10436b11615fa59862271", "tree": "2cffcd0ca273ada48c0b42a36bd25bb1cc2da35c", "parents": [ "549b72b2d65051403301f53111509f77e88b379b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "message": "metropolis: Lock down visibility rules\n\nThis formalizes the package structure introduced by D683.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D684\nGitOrigin-RevId: 574aa14c71faf94f4a5c02a2110e2e3fef7d36ac\n" }, { "commit": "549b72b2d65051403301f53111509f77e88b379b", "tree": "b4e523d5d17e8130545e58b58870b4a18118a780", "parents": [ "696f39abb19ffcca03e9fc5a98681338216b1e7f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "message": "metropolis: unify utility packages\n\nOne last sweeping rename / reshuffle.\n\nWe get rid of //metropolis/node/common and //golibs, unifying them into\na single //metropolis/pkg meta-package.\n\nThis is to be documented somwhere properly, but here\u0027s the new logic\nbehind selecting where to place a new library package:\n\n - if it\u0027s specific to k8s-on-metropolis, put it in\n //metropolis/node/kubernetes/*. This is a self-contained tree that\n other paths cannot import from.\n - if it\u0027s a big new subsystem of the metropolis core, put it in\n //metropolis/node/core. This can be imported by anything in\n //m/n (eg the Kubernetes code at //m/n/kubernetes\n - otherwise, treat it as generic library that\u0027s part of the metropolis\n project, and put it in //metropolis/pkg. This can be imported by\n anything within //metropolis.\n\nThis will be followed up by a diff that updates visibility rules.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D683\nGitOrigin-RevId: 883e7f09a7d22d64e966d07bbe839454ed081c79\n" }, { "commit": "662b5b3119b0798980b887d1ef9fa1b5632aa7fb", "tree": "3e1fc4ab033530e6d579112ba500d2c6edb43368", "parents": [ "39f2f691726dc6e0a291aa8609085b835a313dad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "message": "smalltown -\u003e metropolis\n\nThis pass removes all mentions of Smalltown, both from code and comments,\nand replaces them with appropriate new terminology.\n\nTest Plan: Refactor, covered by CI.\n\nX-Origin-Diff: phab/D674\nGitOrigin-RevId: 04a94d44ef07d46f7821530da5614daefe16d7ea\n" }, { "commit": "39f2f691726dc6e0a291aa8609085b835a313dad", "tree": "23d34844fa68be991d514bf8bd89bc5042779091", "parents": [ "686444ed962d75053832ce59527cf15a552a7fc0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Dec 21 14:51:42 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Dec 21 14:51:42 2020 +0100" }, "message": "Make LaunchCluster not close DebugClient it\u0027s returning\n\nLaunchCluster currently closes the gRPC connection underpinning the DebugService\nit\u0027s returning. This causes all further calls to that service to immediately return with\na CANCELED error. There\u0027s no reason why it should do this (probably a refactoring artifact),\nso just remove the Close call. Fixes T881.\n\nTest Plan: CTS is not run as part of automated test still because it takes too long.\n\nBug: T881\n\nX-Origin-Diff: phab/D671\nGitOrigin-RevId: 6bfa382cba6a15b146b2f24311507456b58cdf98\n" }, { "commit": "686444ed962d75053832ce59527cf15a552a7fc0", "tree": "6c522bf2b538dafe4e5c345c96a353418ecd0c41", "parents": [ "553ab2b7a7f96e38ff7e381dcbefc095ed3520df" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 14:21:14 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 14:21:14 2020 +0100" }, "message": "launch-multi2: split up logs from nodes into prefixed lines\n\nCurrently it\u0027s impossible to tell apart logs from each node.\n\nIn general, we should move this over the the debug logging API instead\nof relying on qemu stdout, but this will do for now.\n\nTest Plan: Shouldn\u0027t affect any tests, as we don\u0027t actually test multi-node setups. Truth be told, we should.\n\nX-Origin-Diff: phab/D670\nGitOrigin-RevId: 7b4e170e634096bc40432fbef0844d9924957182\n" }, { "commit": "77cb6c5ec3acadf02ad5005dd751cfbf0ec1602f", "tree": "7ddfcdf78c489a5d6fad7a20bd3580d803407450", "parents": [ "26d41999e0c71813648c16ad84bba810c3b9d593" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "message": "core -\u003e metropolis\n\nSmalltown is now called Metropolis!\n\nThis is the first commit in a series of cleanup commits that prepare us\nfor an open source release. This one just some Bazel packages around to\nfollow a stricter directory layout.\n\nAll of Metropolis now lives in `//metropolis`.\n\nAll of Metropolis Node code now lives in `//metropolis/node`.\n\nAll of the main /init now lives in `//m/n/core`.\n\nAll of the Kubernetes functionality/glue now lives in `//m/n/kubernetes`.\n\nNext steps:\n - hunt down all references to Smalltown and replace them appropriately\n - narrow down visibility rules\n - document new code organization\n - move `//build/toolchain` to `//monogon/build/toolchain`\n - do another cleanup pass between `//golibs` and\n `//monogon/node/{core,common}`.\n - remove `//delta` and `//anubis`\n\nFixes T799.\n\nTest Plan: Just a very large refactor. CI should help us out here.\n\nBug: T799\n\nX-Origin-Diff: phab/D667\nGitOrigin-RevId: 6029b8d4edc42325d50042596b639e8b122d0ded\n" } ] }