)]}' { "log": [ { "commit": "8234c16354a5723aafab7ab24f0b833dc00c926d", "tree": "02a4df42d3ddaced5a7ffcc63ff0dcc3626cad4f", "parents": [ "e5053ed77b4fcfce6f88e2f8f0e98a0581b795cb" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Jul 08 17:05:50 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jul 14 09:23:42 2022 +0000" }, "message": "m/c/metroctl: add configurable credentials path\n\nThis lets metroctl users provide an alternative path to their cluster\ncredentials. This will be used by the upcoming metroctl test harness.\n\nChange-Id: I49647e3b9d038c230b9678ebb73ba19da038a6d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/833\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "cf92f409655c4f4bc22eaa5d17f543d69e8c411b", "tree": "f0db9b6b5d73e168954544af951754a082b34493", "parents": [ "28800ad9a591c8a9dbbba4f21de51d8e07443b1e" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Jul 08 15:08:48 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 11 12:09:15 2022 +0000" }, "message": "m/p/api: use protobuf.Timestamp in LogEntry\n\nThis updates LogEntry to use google.protobuf.Timestamp.\nSee: issue #129.\n\nChange-Id: I937800aa91e86690da0d06f743e720c2d474ad0a\nReviewed-on: https://review.monogon.dev/c/monogon/+/832\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "28800ad9a591c8a9dbbba4f21de51d8e07443b1e", "tree": "4ea4604d271543acaf928a987e2c6b3937bc435f", "parents": [ "f777496512bc553faeb5e17c818a118c6a057817" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Jul 08 14:56:02 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 11 12:09:15 2022 +0000" }, "message": "m/p/common: use protobuf.Timestamp in NodeStatus\n\nThis updates NodeStatus to use google.protobuf.Timestamp.\nSee: issue #129.\n\nChange-Id: I7902908a885a909d5ad6e232333037add5fb02e2\nReviewed-on: https://review.monogon.dev/c/monogon/+/831\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f777496512bc553faeb5e17c818a118c6a057817", "tree": "d2065bdd76de2941fcb6b81b48847eb83bf5cfec", "parents": [ "b1e7ee4984d057ca1aeacd8e0d1489aa700cdf0c" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Jul 08 12:26:55 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 11 12:09:15 2022 +0000" }, "message": "m/c/metroctl: introduce proxyAddr parameter\n\nThis enables metroctl to interact with the cluster over a SOCKS5 proxy.\n\nChange-Id: I73a59b01cecec7b5988ca57d7ff71179da260949\nReviewed-on: https://review.monogon.dev/c/monogon/+/830\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b1e7ee4984d057ca1aeacd8e0d1489aa700cdf0c", "tree": "6e0780e12d525cbf6393771af8100204e9668110", "parents": [ "f1234a9528f700bc3c44a45fe19d5a743da29af5" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Jul 08 12:19:02 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 11 12:09:15 2022 +0000" }, "message": "m/c/metroctl: use the global endpoints parameter\n\nThis makes the takeownership command use the global --endpoints\nparameter instead of its positional argument.\n\nChange-Id: I1ddb27fb1cbb5b299c97b6c0bca26883c9a51329\nReviewed-on: https://review.monogon.dev/c/monogon/+/829\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "f1234a9528f700bc3c44a45fe19d5a743da29af5", "tree": "26fd08130af2338c02b657eae8497454056e505d", "parents": [ "cce1f0d12155fbaa4011ab459844575cd360036b" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Jun 22 13:57:38 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 11 12:09:15 2022 +0000" }, "message": "m/p/cmd: implement RunCommand\n\nThis implements a new utility function RunCommand, based on existing\nm/installer/test implementation.\n\nRunCommand will be used in the upcoming metroctl test implementation.\n\nChange-Id: Ieb98acada7e7408249da0e289861674e80b4d581\nReviewed-on: https://review.monogon.dev/c/monogon/+/789\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "c6316c89203c78c4925b35a54dc177df08b5bd26", "tree": "607c2e5d3310fa953c215386a2b88845c4de6a38", "parents": [ "6e7c2ac97b63d18d4a18d04a67c7d2082cd4cffc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 07 15:17:47 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 07 15:22:10 2022 +0000" }, "message": "m/handbook: change over tag to metropolis-v0.1\n\nIt was decided to tag the release metropolis-v0.1, not v0.1.\n\nChange-Id: Ia697af0b47861f00b9a69072778f45b627d45dd0\nReviewed-on: https://review.monogon.dev/c/monogon/+/827\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6e7c2ac97b63d18d4a18d04a67c7d2082cd4cffc", "tree": "91e3fc2ed774fdfc353e0026c175035395e2013c", "parents": [ "916619b4bd67bd3f0debdccc5c4e3a42315b6fc6" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jul 07 16:02:03 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jul 07 15:04:07 2022 +0000" }, "message": "m/handbook: add a chapter on the demo cluster\n\nChange-Id: Ie00a9635207a6ef6a7e1b0241279c185970a92e0\nReviewed-on: https://review.monogon.dev/c/monogon/+/826\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "916619b4bd67bd3f0debdccc5c4e3a42315b6fc6", "tree": "6595649cd3c3f4290bd6ff7d05cd291de69c6818", "parents": [ "c437dc40ca06702f1241cf774391aba9e6e9d48f" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jun 30 15:56:32 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jul 07 12:21:09 2022 +0000" }, "message": "m/handbook: add a chapter on Cluster API\n\nFor what it\u0027s worth, here\u0027s my attempt at writing down pieces of\ninformation that could be of interest to potential users, based on\nthe current implementation.\n\nChange-Id: I92062f103888340e9823551ed8af87741f3e4165\nReviewed-on: https://review.monogon.dev/c/monogon/+/807\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "c437dc40ca06702f1241cf774391aba9e6e9d48f", "tree": "82690cf90c66ccc81a5b6cf9d3a88319111c419e", "parents": [ "d5f2f7a0f5c84715c3b61f3e411c3eebc0e03e61" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jul 07 13:01:43 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jul 07 12:21:02 2022 +0000" }, "message": "m/c/metroctl: implement the approve command\n\nThis adds a command to approve new nodes, and list nodes pending\napproval.\n\nChange-Id: I8f91d6e549c1eae298c5a4a6f11b53ae70a77f79\nReviewed-on: https://review.monogon.dev/c/monogon/+/825\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d5f2f7a0f5c84715c3b61f3e411c3eebc0e03e61", "tree": "21db9115ef94166e0b334b2910bbd0a11a69db4f", "parents": [ "ac3324bb1d7ed8dd088aebf2fabc054dd7f8d046" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jul 05 18:48:56 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jul 07 11:17:20 2022 +0000" }, "message": "m/c/metroctl: implement multi-node installation\n\nThis enables metroctl to include the ClusterRegister part of\nNodeParameters in generated installer images, making it possible for\nnewly installed nodes to join an existing cluster.\n\nChange-Id: I648207d70a4bec2ed7acf42e02f2b2c93319f559\nReviewed-on: https://review.monogon.dev/c/monogon/+/822\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "1dc567e8f342e0e410a4fe7beb149bf66eb34a56", "tree": "3ace3e556e159355f6d5aa0da7b90da7267604b7", "parents": [ "20d1dd1fdae016c19fcdf9607ab1503f1a45722a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Jul 01 01:24:47 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Jul 06 11:08:28 2022 +0000" }, "message": "m/n/c/r/resolver: enable keepalive on updaters\n\nThis prevents the resolver from getting stuck waiting for TCP timeout\nwhen the node it\u0027s connected to partitions. This was observed a few times in manual testing when restarting nodes.\n\nChange-Id: I7126888b77e9e1dfbcfcfc009f04639e65119fa6\nReviewed-on: https://review.monogon.dev/c/monogon/+/815\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "20d1dd1fdae016c19fcdf9607ab1503f1a45722a", "tree": "9c6aa6c757bac73b705a715801dda8aed12f9d16", "parents": [ "7a510198b10c0b78f87c74a76e429097a757373d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Fri Jul 01 12:21:42 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 06 09:36:46 2022 +0000" }, "message": "m/c/metroctl: automatically set up kubeconfig\n\nWhen running takeownership this automatically sets up the necessary\nkubeconfig configuration to make sure kubectl can access the cluster.\n\nChange-Id: I135bfda2a13ea169a41506d3615d4e8a0bb0ea21\nReviewed-on: https://review.monogon.dev/c/monogon/+/818\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "7a510198b10c0b78f87c74a76e429097a757373d", "tree": "3f5acc9f346b977de524017ae61346811ec24ddd", "parents": [ "adb98f9d02a0b2c6b5def344d421a79ab9c6b37e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 04 15:31:38 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jul 05 11:33:43 2022 +0000" }, "message": "m/c/metroctl: embed installer and add argument for bundle\n\nThis embeds the installer in metroctl for easier distribution and adds\nan option for passing a bundle path explicitly.\n\nFor the MVP this allows users to download metroctl and a bundle\nseparately and make an installer out of them.\n\nChange-Id: I00f481c30a2e843d336248aad0dc4030d03c4576\nReviewed-on: https://review.monogon.dev/c/monogon/+/821\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "237cf4076e4314ea98f4d47e9557857ef73f554b", "tree": "2c4a6f8e62958469f84b5e948faace8bd8e3441e", "parents": [ "d57ef1c61a520fa251ede0b4ef2491b8c3ebd3b8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 04 12:14:37 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 04 14:03:05 2022 +0000" }, "message": "m/p/pki: set correct authority key identifier\n\nThe current code sets the AuthorityKeyId of a signed certificate to the\nparent\u0027s AuthorityKeyId while it should set it to the parent\u0027s\nSubjectKeyId. This worked as we do not currently use intermediate CAs.\n\nChange-Id: I74dae8b50fd32d2b158ed95ccf918a6a38a1c699\nReviewed-on: https://review.monogon.dev/c/monogon/+/819\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "d57ef1c61a520fa251ede0b4ef2491b8c3ebd3b8", "tree": "75e52624d70b3351fb5a8c26394acbfd19c785f2", "parents": [ "5f8414dd1409f96b3f70e621a5189b11c68cddcc" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Jul 01 12:22:33 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Jul 01 11:26:42 2022 +0000" }, "message": "m: remove references to LUK, GUK\n\nThis unifies the unlock key nomenclature throughout the repository:\n- Local Unlock Key becomes a Node Unlock Key\n- Global Unlock Key becomes a Cluster Unlock Key\n\nChange-Id: I674ad68a50b3845705f3e2c57952fc7fba5be665\nReviewed-on: https://review.monogon.dev/c/monogon/+/816\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5f8414dd1409f96b3f70e621a5189b11c68cddcc", "tree": "c12fabd2ff9f7ebc8cd070a7d2f4fe93806950e3", "parents": [ "867107d6f8ab9e237f476c290c21381829e18e22" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Jun 24 13:02:11 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Jul 01 10:40:50 2022 +0000" }, "message": "m/n/core: fix panic logging\n\nWe fix a few issues:\n\n 1. Logging to the runtime file descriptors didn\u0027t work for some\n reason. Opening the FD(s) manually works.\n 2. We didn\u0027t log into consoles.\n 3. We didn\u0027t return errors/results correctly. RawSyscall performs its\n own \u0027\u003e0\u0027 check on a syscall result and routes the result to either\n the first or last return value. We need to undo this check to return\n the same unified argument as runtime.write expects and\n runtime.write1 provides.\n\nChange-Id: Ie718a47139dd0f700d53466a1250593025c9dcbd\nReviewed-on: https://review.monogon.dev/c/monogon/+/809\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "867107d6f8ab9e237f476c290c21381829e18e22", "tree": "960baa15e8239c96d742c257be91d06821a0bc00", "parents": [ "fcc5115636da2fcc27d4707c908b8aa2bb0162d0" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 06 12:55:26 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Jul 01 10:31:50 2022 +0000" }, "message": "handbook: structure, introduction, chapter 3 root\n\nThis is a first pass at the Metropolis Handbook. We write out the\nexpected outline of the documentation, and start filling in some\nchapters.\n\nThe introduction pages and Chapter 1 are a high-level overview of what\nMetropolis is and how it\u0027s expected to be used.\n\nChapter 3 will delve deep into the technical details of how Metropolis\nis implemented. For now, the introduction/overview section of that\nchapter is written.\n\nChange-Id: Ic16aa91ed9a127f4f3791eeaf8d7f5e1a24b1018\nReviewed-on: https://review.monogon.dev/c/monogon/+/453\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "58ddc0981614e7582a3ad5a505d64e4c48cd2800", "tree": "3060609a9e68a4a032c133330c5f2f18218e52be", "parents": [ "5bb8a33c73eb418729227e071af6777703913a65" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 30 18:23:33 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 30 17:55:07 2022 +0000" }, "message": "m/n/c/r/resolver: allow disabling curator updater\n\nThis allows some resolvers to not attempt to contact the cluster for\ncurator node updates. We use this in the Join and Register resolvers as\nthey don\u0027t have permission to access this data anywa.\n\nWe also generalize Resolver options into a proper WithX setup. We also\nuse this opportunity to move the resolver creation in node code outside\nof the roleserver, as it should have been in the first place.\n\nChange-Id: I1cc227711d784e07959371873029e09fc8cd1b99\nReviewed-on: https://review.monogon.dev/c/monogon/+/808\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5bb8a33c73eb418729227e071af6777703913a65", "tree": "243c70849397b0a708864eb2b7a3d02ec5d41f4e", "parents": [ "b43d0f0765916e029db8f784e44659fc8468e945" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 23 17:41:33 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 30 15:55:44 2022 +0000" }, "message": "m/t/launch: use cluster resolver\n\nThis makes the cluster launch framework use a resolver to connect to\ncluster nodes after credential escrow has been performed.\n\nChange-Id: I09b0ec50bdb758e0c91e505a3c51839bb274f959\nReviewed-on: https://review.monogon.dev/c/monogon/+/797\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b43d0f0765916e029db8f784e44659fc8468e945", "tree": "f19bd58546b20c3a4c19eab62492e454a7f230a8", "parents": [ "fcfebbc0a05f8e5186b259b334463afdb358e299" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 23 17:32:10 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 30 15:55:44 2022 +0000" }, "message": "m/node: use resolver for intra-cluster connections\n\nThis replaces all instances of \u0027just connect to the first node for now\u0027\nwith usage of a proper leader-aware cluster resolver.\n\nThis isn\u0027t tested yet, as all of this will be exercised in an E2E test.\n\nChange-Id: I9f6bfb49ff9ae0dd70ac1a3131c5ee021d9bb5a5\nReviewed-on: https://review.monogon.dev/c/monogon/+/796\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "fcfebbc0a05f8e5186b259b334463afdb358e299", "tree": "4856e7ea62d94f063405a6ac4edb1b2bd1799146", "parents": [ "b401d635b65ce03c798f679f81d8ab602d7e61e8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 23 16:50:27 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 30 15:36:45 2022 +0000" }, "message": "m/n/c/rpc: make resolver leader-aware\n\nThis is a fairly large change which makes the resolver only contact the\ncurrent leader of the control plane, not all nodes in a round-robin\nfashion.\n\nThis resolver isn\u0027t yet used by the cluster, the tests, or metroctl -\nbut that will come in upcoming CLs.\n\nWe also move the resolver to a subpackage of rpc, in preparation for\nmoving it into a package path designed to be depended upon by users.\n\nChange-Id: I230853bbf552fbde947de05f95de37cea93a168c\nReviewed-on: https://review.monogon.dev/c/monogon/+/795\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "bbb873d19c7b0b981c6d00e78c1d25544835b500", "tree": "ee0d0420f53aed79197f35491bc5e72a7d61d0c1", "parents": [ "2a64fff55720780c1702d1013be2a80575d80aa7" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Jun 24 14:22:39 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 28 10:26:11 2022 +0000" }, "message": "m/p/event/etcd: better handle update coalescing\n\nI wasn\u0027t able to replicate this in a test, but sometimes etcd sends\nmultiple events relating to the same key within a single entry in the\nwatch channel. I assume this happens when the etcd watcher client is not\nreading from the server fast enough.\n\nAnyway, when that happened, we\u0027d get a panic about duplicate keys in a\nnon-ranged call because of a logic bug in the entry coalescing (in which\nwe would not coalesce multiple updates to the same key, just updates\nwith the same key and value). Now we coalesce these too, and the bug\nseems to be gone.\n\nChange-Id: I36234cc1104ec96a38ad1566b9df75532df44bba\nReviewed-on: https://review.monogon.dev/c/monogon/+/800\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "2a64fff55720780c1702d1013be2a80575d80aa7", "tree": "95853f97d350f35a77a2d6b1aa0895a964d51902", "parents": [ "655a780e0a1957da1720b747431a49406fc9f55a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 23 17:43:02 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Jun 27 12:10:27 2022 +0000" }, "message": "m/n/c/curator: lower leader failover TTL to 10s\n\nThis allows us to make some (future) tests faster, and generally sounds\nlike a good idea to make the cluster more responsive to partitioning\nproblems.\n\nChange-Id: I086b766584c8b5aeec0de9de53130697ca59d2b0\nReviewed-on: https://review.monogon.dev/c/monogon/+/798\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "655a780e0a1957da1720b747431a49406fc9f55a", "tree": "ade5bf169069a33e20640de9aa7fec400c46929a", "parents": [ "966d40cb382754d0f4cea6cbcaa3195373b38f48" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 21 13:55:15 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Jun 27 12:10:20 2022 +0000" }, "message": "m/n/c/network: be more verbose about receiving new IP addresses and using interfaces\n\nWe never really logged these anywhere. This helps debugging.\n\nChange-Id: Ifcddeb454ca317becc512b96b2daa6c069bce36f\nReviewed-on: https://review.monogon.dev/c/monogon/+/781\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "966d40cb382754d0f4cea6cbcaa3195373b38f48", "tree": "a4c8b4d6d7b88de7ac187f379d348aba8dabf4bb", "parents": [ "97d6808057059338d3112c07ef57863d5f180ba9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 23 13:27:16 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Jun 24 13:35:22 2022 +0000" }, "message": "m/proto: Add RunningCurator to status, report in status pusher\n\nThis data allows more dynamic reporting of a node\u0027s Curator status, and\nnotably allows reporting which port it\u0027s running on.\n\nWe weren\u0027t planning on supporting running on non-standard ports, and we\nprobably still don\u0027t, but it\u0027s actually super useful to have this\nability in (future) tests.\n\nWe use the opportunity to refactor the roleserver\u0027s statuspush worker,\nand to add a test for it.\n\nChange-Id: I53322e6c8d268186ede085d4a05b646acb422a6b\nReviewed-on: https://review.monogon.dev/c/monogon/+/793\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "97d6808057059338d3112c07ef57863d5f180ba9", "tree": "6766d4c92110b1b64b67822cccda25ea90769e3b", "parents": [ "05c1db9d0f608b793cee96e8f947534d682c3694" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 22 13:15:21 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Jun 24 13:20:55 2022 +0000" }, "message": "m/n/c/consensus: add debug logging about PKI data presence\n\nChange-Id: I51fb0ffecb26f529f85ea7966b217f8c1a0a08ef\nReviewed-on: https://review.monogon.dev/c/monogon/+/791\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "05c1db9d0f608b793cee96e8f947534d682c3694", "tree": "b0681c760d1bf825d54d4393207e412ca93800d7", "parents": [ "1fbc5975a74174c3719ae2a15b60d202b6b4e609" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 23 14:24:29 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Jun 24 13:11:47 2022 +0000" }, "message": "m/n/c/rpc: remove leftover ClusterServices\n\nThese were mostly used back when the Curator leader/follower had per-method dispatching. We don\u0027t do that anymore.\n\nChange-Id: I202254e4deabfb3dc150d69a28156d8824009032\nReviewed-on: https://review.monogon.dev/c/monogon/+/794\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "1fbc5975a74174c3719ae2a15b60d202b6b4e609", "tree": "48ea22a01ede3bd490bf590d3cf2d3fef339d620", "parents": [ "9d9711884e042066b1f9ba51b7d9665596828748" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 22 13:36:16 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Jun 24 09:26:31 2022 +0000" }, "message": "m/test/launch/cluster: print nanoswitch logs\n\nChange-Id: I3a034e075aa253ecb4ef6306e50686a6d44aab80\nReviewed-on: https://review.monogon.dev/c/monogon/+/792\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "9d9711884e042066b1f9ba51b7d9665596828748", "tree": "0759c534953500a5dae5d684eba80e5f45593445", "parents": [ "944cb53d38e1b506eb5dcb0ca17fa0811195b09f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 23 17:44:13 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Jun 24 09:24:48 2022 +0000" }, "message": "m/p/event/etcd: provide logging for heisenbug\n\nI\u0027ve just had this panic(), but it didn\u0027t give me enough data to debug\nfurther. Wasn\u0027t able to replicate it yet, but whenever this happens\nagain we\u0027ll be able to hopefully figure out what went wrong.\n\nChange-Id: Id440ece88410d78eb720f353633c02db1a0f4588\nReviewed-on: https://review.monogon.dev/c/monogon/+/799\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "944cb53d38e1b506eb5dcb0ca17fa0811195b09f", "tree": "adb106cb1a620fb7d804c6f3cee1d665a872fb5c", "parents": [ "ddf19b4b194936cc310eae9fc5c01bedcedbb900" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jun 20 16:54:17 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jun 23 16:27:33 2022 +0000" }, "message": "m/p/api: use protobuf.Duration in Management.Node\n\nThis switches Management.Node message\u0027s time_since_heartbeat backing\ntype from int64 to google.protobuf.Duration in order to enable duration\nbased predicates in Management.GetNodes filter expressions.\n\nChange-Id: Ia2663475d1b9ee535dc5578f16d53b70c6686b7c\nReviewed-on: https://review.monogon.dev/c/monogon/+/776\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ddf19b4b194936cc310eae9fc5c01bedcedbb900", "tree": "9eb4a4760f926cfa78b227c782ed306961049ab9", "parents": [ "5055d727cdcf6692d0049a8963ec56ac3401721b" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Jun 22 12:27:37 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jun 23 16:23:08 2022 +0000" }, "message": "m/t/e2e: move testEventual to common test util pkg\n\ntestEventual, among other implementation, will be reused in metroctl\ntests.\n\nChange-Id: I24df31a72034b707e3906889e7a569c8e97669ad\nReviewed-on: https://review.monogon.dev/c/monogon/+/788\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5055d727cdcf6692d0049a8963ec56ac3401721b", "tree": "ae398512c886c4594a48ec681aa14d3a130c9d71", "parents": [ "98206b93355539404dccd04bd0882aa59ec8cd8b" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jun 20 14:48:10 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jun 23 16:22:54 2022 +0000" }, "message": "m/n/c/curator: test role filtering in GetNodes\n\nThis makes sure that node roles can be inspected with filter predicates\nsupplied to Management.GetNodes.\n\nIn addition, the common putNode test helper was refactor to accommodate\nnew use cases.\n\nChange-Id: I1948e877ef657d4649bba0f25f81268b6adfcd95\nReviewed-on: https://review.monogon.dev/c/monogon/+/775\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "98206b93355539404dccd04bd0882aa59ec8cd8b", "tree": "b48ea9471e0451dd88e4606ba77eef5164fb3694", "parents": [ "aaa4d45a0a88e69137f4b946f26f3ce5f8ad0642" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 22 16:21:50 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 23 15:31:12 2022 +0000" }, "message": "mn/n/kubernetes: fix warnings\n\nThis fixes a warning that we do not explicitly set the root cgroup and\none that we specify the container runtime type explicitly; in 1.24\neverything other than \"remote\" has been dropped.\n\nChange-Id: I7beb0fbbbd5e38715b8b1e76dac99d2d7c4275d5\nReviewed-on: https://review.monogon.dev/c/monogon/+/785\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "aaa4d45a0a88e69137f4b946f26f3ce5f8ad0642", "tree": "12ab62f9b999ef2de7710fd1dfb22ab6b1266ac1", "parents": [ "268dd8c3801c9b6b1f81e584bc4eff218d1892c5" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 22 13:13:51 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 23 14:53:04 2022 +0000" }, "message": "m/n/c/cluster: add proper exponential backoff to Join\n\nChange-Id: I929ef0552912d1f765cbea7d2e0fb19561d2198c\nReviewed-on: https://review.monogon.dev/c/monogon/+/790\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "268dd8c3801c9b6b1f81e584bc4eff218d1892c5", "tree": "88dd3913948b0af276a983f1d5f24b96640c3407", "parents": [ "003a3b0aa43141f3db9b91e7f1c3612ce188b30c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 22 12:50:44 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 23 14:52:15 2022 +0000" }, "message": "m/n/c/curator: add CuratorLocal.GetCurrentLeader\n\nThis adds a service (CuratorLocal) which runs on both leader and\nfollower curators. It has one RPC, GetCurrentLeader, which returns\ninformation about the leader election status from the point of view of\nthe callee.\n\nWe add a test to make sure the current leader returns correct data, but\nwe don\u0027t yet have a test for a follower (that would require a\nsignificant test harness). In an upcoming CL we\u0027ll be exercising this in\nan end-to-end test, however.\n\nChange-Id: I4dea780953bdc196bbc5a744f49ee688327c3269\nReviewed-on: https://review.monogon.dev/c/monogon/+/784\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "003a3b0aa43141f3db9b91e7f1c3612ce188b30c", "tree": "9f782dadbe310de04ea339c7b6cd7f72415a6d29", "parents": [ "50f5ec7d1687bef93be3edcef2132b48335b7b9a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 22 12:58:24 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 22 14:35:24 2022 +0000" }, "message": "m/n/c/rpc: allow authenticated connections to unauthenticated endpoints\n\nThis allows authenticated clients to use whatever channel they already\nhave (ie., an already authenticated one) to perform connections to\nendpoints marked as \u0027unauthenticated\u0027.\n\nChange-Id: I6d10f145aa0cc9e2f37068ac7ec5f9ef37fe8303\nReviewed-on: https://review.monogon.dev/c/monogon/+/783\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "50f5ec7d1687bef93be3edcef2132b48335b7b9a", "tree": "74622e6db3ff32e950dc5f3dc809541fa3444d2d", "parents": [ "949e4253da78a9c1cdb945b6c4be48f703ab4192" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 21 14:16:56 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 22 12:42:13 2022 +0000" }, "message": "m/n/c/consensus: close CRL watcher\n\nChange-Id: I3f5702822f69a05a30bdcd8e5502dfa03ed22cbb\nReviewed-on: https://review.monogon.dev/c/monogon/+/782\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "949e4253da78a9c1cdb945b6c4be48f703ab4192", "tree": "ff909756ac9c19231859bcf2a4ff8b8fa8225c6b", "parents": [ "3e5e580d97747b2e7273397515c277887f0a2dd0" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 21 13:52:05 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 22 11:46:16 2022 +0000" }, "message": "m/node: fix etcd join data assigned to first node\n\nWe accidentall populated the node\u0027s etcd role with curator/node\ncertificates instead of etcd certificates. We fix this, also moving out\nthe EnableConsensusMember call to the roleserver, putting it next to\nEnableKubernetesWorker.\n\nChange-Id: I2a9bce889a2fda032798e370be06cdc2c5078ac9\nReviewed-on: https://review.monogon.dev/c/monogon/+/780\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3e5e580d97747b2e7273397515c277887f0a2dd0", "tree": "aa1b36c221ef446be3338e93b0fcaea9b9d0ba61", "parents": [ "5e9cb57fea22628d21ce9d2cceee0cc4113564b1" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 21 13:46:31 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 22 09:01:00 2022 +0000" }, "message": "m/t/nanoswitch: fix race in handing out IP addresses\n\nThe previous logic only work by accident, with currentIP being\nimmediately incremented after being handed out, effectively serving the\n\u0027next\u0027 IP immediately.\n\nChange-Id: I89ca21ea9d3600a268545aab5e79dac53313d294\nReviewed-on: https://review.monogon.dev/c/monogon/+/779\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5e9cb57fea22628d21ce9d2cceee0cc4113564b1", "tree": "dee8deda66583a1ca9232ed32221bcebe00debc7", "parents": [ "78cefcafa315af20d9f603fefd1423fe7bab7483" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon May 16 15:54:50 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 22 09:01:00 2022 +0000" }, "message": "m/n/c/rpc: replace SetupExternalGRPC with an option generator\n\nThis is one step closer to making interactions with gRPC not magic.\nWe\u0027ve done a similar cleanup on the client side, now we do it on server\nside too.\n\nChange-Id: I6b7d7767044db47ab6b0660fd985723a91607f71\nReviewed-on: https://review.monogon.dev/c/monogon/+/687\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "78cefcafa315af20d9f603fefd1423fe7bab7483", "tree": "b5d8ab0ce4652e30ace81c0cedf64b847260612d", "parents": [ "4025c9bf83aa038c8858c82bc80bd65acecd7210" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jun 20 12:59:55 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 21 11:44:25 2022 +0000" }, "message": "m/n/kubernetes: factor out cluster domain\n\nThis removes the hardcoded Kubernetes cluster domain and pushes it out\nto a single place at the root of the Kubernetes supervisor tree.\nThis will later be aligned with the cluster domain specified in the\nidentity design document, currently this does not change any behavior.\n\nIt also removes a bogous SAN from the Kubernetes API server certificate\n(kubernetes.default.svc.cluster) for which there is no corresponding\nsearch path.\n\nChange-Id: I30b8907a7b846415f5002c09a24d2d37930a9cd1\nReviewed-on: https://review.monogon.dev/c/monogon/+/773\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "4025c9bf83aa038c8858c82bc80bd65acecd7210", "tree": "85fa8d59380e18566a2b13ab27add626c259fb73", "parents": [ "2175ec96b7cb0c70820ea99f304d4f437aeb620c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 16 16:12:53 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 21 11:44:10 2022 +0000" }, "message": "m/node: refactor panic handling\n\nThis change significantly changes how we handle panics and runtime\nerrors in our core process. The explicit panic handler is gone and has\nbeen replaced by a file storing the panic persistently and\nthe informational message has been moved out to minit.\nThe runtime log file is stored on the ESP to allow for debugging if the\nnode crashes before unlocking and gets reset every boot. It also dumps\nits previous state into the logtree to allow administrators to look into\nthese errors without launching another OS to dump the file.\n\nChange-Id: I3503eeced2da0bbcb6301a6c39e502bbb9afa827\nReviewed-on: https://review.monogon.dev/c/monogon/+/772\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "2175ec96b7cb0c70820ea99f304d4f437aeb620c", "tree": "0999642c67de8cde0cb1ab7e528f224cc9371581", "parents": [ "bb2edbe8a69a04b0d72c5a565bdead5040959125" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jun 13 09:29:09 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jun 21 11:19:47 2022 +0000" }, "message": "m/p/api: rename Node.HeartbeatTimestamp\n\nNode.HeartbeatTimestamp was renamed to Node.TimeSinceHeartbeat to\nbetter reflect the nature of its contents.\n\nChange-Id: Icef000cf7493a06f7b3aabfc2aba57b380433887\nReviewed-on: https://review.monogon.dev/c/monogon/+/765\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "bb2edbe8a69a04b0d72c5a565bdead5040959125", "tree": "3d9286bd95757222431a279db7e9fcb1b6238dfb", "parents": [ "83e8b6c897aaabb4230ae73a28bba0ed0aca039c" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Jun 08 11:57:09 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jun 21 11:19:32 2022 +0000" }, "message": "m/n/c/curator: add Management.UpdateNodeRoles\n\nThis provides an API for node role adjustments.\n\nWhile changes to KubernetesWorker role are registered, not all side\neffects are accounted for as of now. Specifically, disabling this role\nwithin a node won\u0027t lead to its removal from the Kubernetes cluster.\n\nChange-Id: Ie8e65990108b8cf82afecf3374f40f2e857fa776\nReviewed-on: https://review.monogon.dev/c/monogon/+/767\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "83e8b6c897aaabb4230ae73a28bba0ed0aca039c", "tree": "03d2ff42dee689b5c735ce97a5cd13821c389c29", "parents": [ "100e22fac40295424b76fcae5a05eddf0f25d345" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jun 20 17:26:10 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 21 11:18:07 2022 +0000" }, "message": "m/n/core: retry node joining call indefinitely\n\nThis causes nodes to get stuck if anything on the network side is not\nworking perfectly. Additionally this races the network runnable itself,\nmaking this even more likely.\n\nBug: 128\nChange-Id: I8c6847d6fb22a4527ca58def02cd5e994bd3dfff\nReviewed-on: https://review.monogon.dev/c/monogon/+/777\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "100e22fac40295424b76fcae5a05eddf0f25d345", "tree": "d9bc91fef41712260e7715395aa2b1463800d1b4", "parents": [ "05e420db50f6d01a9214957dc9e8ac32316525ab" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jun 20 14:23:57 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 21 11:17:34 2022 +0000" }, "message": "m/n/core: fix pstore runnable\n\nMake it first signal healthy, then done. Otherwise it seems to panic\nsometimes. Also move all signalling code to the end of the runnable.\n\nChange-Id: I4911f94aafbd324a49f7ff5af9904a778ddb8dce\nReviewed-on: https://review.monogon.dev/c/monogon/+/774\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "05e420db50f6d01a9214957dc9e8ac32316525ab", "tree": "fc718a60ac46c9be63f5f199af578109c3113fd9", "parents": [ "955e46e2e6cca29481b61c7303b1dd9746309bf7" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jun 13 14:26:08 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jun 16 11:41:33 2022 +0000" }, "message": "m/n/curator: return complete roleset from GetNodes\n\nThis fixes the issue of Management.GetNodes not returning information on\nConsensusMember role.\n\nChange-Id: I5dbe91d55d07fb29b075842a7937f97d3e8011b2\nReviewed-on: https://review.monogon.dev/c/monogon/+/766\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "955e46e2e6cca29481b61c7303b1dd9746309bf7", "tree": "7cea2df4b72c9b04eaeffd6d9e10570be096027a", "parents": [ "1b2df233817ae3dd09ff33ad18d319a50be10584" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri May 27 18:00:50 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jun 16 11:41:27 2022 +0000" }, "message": "m/n/c/curator: add result filtering to GetNodes\n\nThis introduces result filtering to management.GetNodes Curator API\ncall. GetNodesRequest payload was modified to contain an optional CEL\nexpression. GetNodes will return only node protobuf messages for which\nthe expression evaluates to boolean truth. GetNodes behavior remains\nunchanged for empty expression strings, returning all nodes.\n\nSee: https://github.com/google/cel-go\nhttps: //github.com/google/cel-spec\nChange-Id: Ibdd847c73d305de22b7df496c401e9bc37f9f0bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/768\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nVouch-Run-CI: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1b2df233817ae3dd09ff33ad18d319a50be10584", "tree": "380e12519010691e7f701d71b171225a9c853e15", "parents": [ "f8da2e7dfbcbb144ee894875e46c44a525e57c5c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 14 12:42:03 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 16 09:59:11 2022 +0000" }, "message": "m/n/core: add pstore handling\n\nAdds a one-shot runnable which dumps all kmsg dumps to the system log\nand then clears the pstore. This makes sure that there is always space\nfor new pstore entries and gives administrators the option of reading\ncrash logs without booting another operating system. It also helps some\nbroken EFI firmware to not fail to boot.\n\nChange-Id: Icbf30c0a0898e0e660910a80637d544f022a97cd\nReviewed-on: https://review.monogon.dev/c/monogon/+/770\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f8da2e7dfbcbb144ee894875e46c44a525e57c5c", "tree": "8a9d321de91d1816241d400bd167c67dcb472dfd", "parents": [ "2c6906a62a623d49c6a9c8529b26d692194c1dd5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 14 12:39:32 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 15 13:40:21 2022 +0000" }, "message": "m/pkg/pstore: add package to interface with pstore\n\nThis adds a package for interfacing with the Linux kernel\u0027s pstore\n(persistent storage) system. Currently only handles kmsg/dmesg-type logs\nas mce has an unknown format and I have no examples.\n\nChange-Id: I3089a53cdca224c7e6e04dd51a94035d7b2b880b\nReviewed-on: https://review.monogon.dev/c/monogon/+/769\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "45c196cc0e8a388d6e1d69744c1b8d1b52b4b74e", "tree": "b1f84240759c7b5d35328f39e888dcdfdb8131d4", "parents": [ "3154587bc0fcf3b1dfecc0538ec55a616e2eae0c" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Wed Jun 08 15:04:15 2022 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jun 09 13:31:30 2022 +0000" }, "message": "m/cli/dbg: fix kubectl command\n\nThe one thing that does not have tests, broke :-) Looks like a recent\nk8s upgrade changed the way the cli library handles os.Args.\n\nChange-Id: If0f191026694281f98b3cba41f30e2fe7c217363\nReviewed-on: https://review.monogon.dev/c/monogon/+/759\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e90f4a1c0e0d33f7cac7ab53773e40409c86a3ab", "tree": "d3e4aea64b329241e17fa063e6585fe3212583a4", "parents": [ "32b192929c34e408bec6286de471313a4cfce5e2" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed May 25 18:24:01 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue May 31 12:58:47 2022 +0000" }, "message": "m/t/launch: prevent a TPM socket race with QEMU\n\nThis deflakes e2e tests by making sure that TPM emulator\u0027s socket\nbecomes available before QEMU is launched in LaunchNode.\n\nChange-Id: I2ca937ca0cd4712552805dc16fcbf7949f672ff3\nReviewed-on: https://review.monogon.dev/c/monogon/+/701\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "32b192929c34e408bec6286de471313a4cfce5e2", "tree": "5a05f888581a3749ede7f09340119171422150e2", "parents": [ "08cb464d60f859ad029a52abe161cae02a0bf405" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue May 17 13:26:55 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri May 27 10:24:27 2022 +0000" }, "message": "m/n/core: implement node heartbeats\n\nThis change introduces cluster member node health monitoring by\nimplementing a bidirectional RPC stream the nodes will periodically\nsend their heartbeat updates through. Management.GetNodes call was\nmodified to include the new node health information.\n\nRelevant data available through the management API is non-persistent,\nand stored within current Curator leader\u0027s local state. As such, it\nwill become briefly unavailable in an event of leader re-election. The\ninformation returned, however, is guaranteed to be correct.\n\nChange-Id: I916ac48f496941a7decc09d672ecf72a914b0d88\nReviewed-on: https://review.monogon.dev/c/monogon/+/694\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "08cb464d60f859ad029a52abe161cae02a0bf405", "tree": "098f8216960af32afe8ee6059c01a4e10045e7ad", "parents": [ "4f6fad3a6ed4e244c97aa5cb486aec5ca676c465" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed May 25 17:35:59 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri May 27 10:24:12 2022 +0000" }, "message": "m/t/launch: log LaunchNode errors in LaunchCluster\n\nLaunchNode errors that were made available through Cluster.nodesDone,\nreturned by LaunchCluster, weren\u0027t actually logged anywhere in the\nrepo, resulting in a significant blind spot.\n\nChange-Id: I12fd5a072330253e00cc57c0b6a29411a65c0d56\nReviewed-on: https://review.monogon.dev/c/monogon/+/700\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "4f6fad3a6ed4e244c97aa5cb486aec5ca676c465", "tree": "7bd2c6ad46f3a035a425f1a32eec256d825e0c6c", "parents": [ "f1bdfbe5679da9fc895f8172867f7e557476c5f6" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed May 25 16:34:30 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri May 27 09:28:06 2022 +0000" }, "message": "m/installer/test: prevent QEMU file lock race\n\nAlbeit rare on development machines, this flake showed up frequently in\nCI. QEMU processes weren\u0027t being waited on to finish before the next VM\nlaunch, leading to multiple processes attempting to lock the same file.\n\nIn addition, a go-diskfs image handle wasn\u0027t being closed, though only\nin a read-only context.\n\nChange-Id: I23529017f5473f9db24ad8e84ca2fa8a6a40d7e5\nReviewed-on: https://review.monogon.dev/c/monogon/+/699\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "619029b4ec9b2908baf8f873b34ba4800738f12d", "tree": "f78827c3603694eb93e6b6499b26cf0811ee370b", "parents": [ "ad10ecea0bf387c0093c7cb8ed7b873ccd039896" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu May 05 17:18:26 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed May 25 14:52:03 2022 +0000" }, "message": "m/n/c/consensus: fix a typo\n\nThis thing might bite someday.\n\nChange-Id: I093d30c2f6511f36595f71d6862113fadf211280\nReviewed-on: https://review.monogon.dev/c/monogon/+/677\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "ad10ecea0bf387c0093c7cb8ed7b873ccd039896", "tree": "bbc694c80fb2895dbf6824a4a7654f3bdb45b151", "parents": [ "9a6cc56da8f1f5b11eda7ff8ae1f4c7315891556" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue May 17 11:20:17 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed May 25 13:51:16 2022 +0000" }, "message": "m/pkg/value/etcd: fix test flakes on partitioning\n\nFixes monogon-dev/monogon#124\n\nChange-Id: Ib1224dc809901d8dea61a297c3d836bd35f160c5\nReviewed-on: https://review.monogon.dev/c/monogon/+/689\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2d91aa323b5cb576b3c7749eedb91058be1f8f57", "tree": "1d4a2a79f2f63cca28614df7f37fd044fd0844da", "parents": [ "b354453656f82d0a38b3f2ed0d1ebf843c14d922" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 25 13:29:31 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue May 24 15:31:27 2022 +0000" }, "message": "curator: remove dispatch system\n\nThis vastly simplifies the curator by removing the dispatch and per-RPC\nswitch logic, instead replacing it with the gRPC server stopping\nwhenever the leadership status of a curator switches.\n\nThe downside is technically the possibility of some \u0027stale\u0027 RPC\nhandling, where a leader/follower accepts some new RPC even though it\u0027s\nin the process of switching its leadership.\n\nThe rationale for this change is:\n\n 1. Leadership-exclusive actions are guarded by the etcd leadership\n lock being held, so there\u0027s no chance a long pending RPC to a\n leader that just stepped down will cause split brain scenarios.\n\n 2. We\u0027re moving away from follower proxying, and followers will\n instead just serve a \u0027who\u0027s the leader\u0027 RPC. These are okay to\n serve stale data (ie. when the contacted follower should\u0027ve\n switched to be a leader, or a follower of another leader), as\n during leadership failover we expect clients to perform retry\n loops until a new leadership connection is established.\n\nAnother downside (or perhaps upside) is that we don\u0027t start the listener\nuntil we\u0027re ready to serve data, either the full API as a leader or a\nreduced API as a follower. The downside is that clients will have to\nretry connections until the leader is running, and that it might be\ndifficult to tell apart a node which isn\u0027t yet running the curator from\na broken node, or one that will not run the curator at all. On the other\nhand, succesfully establishing a connections means that we are sure to\nget a gRPC response instead of a hang because the curator isn\u0027t yet ready\nto serve.\n\nChange-Id: I2ec35f00bce72f0f337e8e25e8c71f5265a7d8bb\nReviewed-on: https://review.monogon.dev/c/monogon/+/685\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b354453656f82d0a38b3f2ed0d1ebf843c14d922", "tree": "7e6eb4938857ff9351af6ca8cd9356b1244ec5ff", "parents": [ "defff5220d4ed1123a85cf41300eeeeb558b7cc6" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon May 16 16:44:43 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue May 24 15:31:24 2022 +0000" }, "message": "m/n/c/localstorage: fix import grouping\n\nChange-Id: I963b4eeddbdd1a11f62d06e230462b08057fbeb2\nReviewed-on: https://review.monogon.dev/c/monogon/+/686\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "defff5220d4ed1123a85cf41300eeeeb558b7cc6", "tree": "9082dd3faaa58a3e219be579b0c7c6138b434b53", "parents": [ "a81096f56a337b5709e7cc692e89cb0e55e45708" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon May 16 17:28:16 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue May 24 15:31:20 2022 +0000" }, "message": "metropolis: fix tests using etcd\n\nEver since we bumped etcd, we have started calling\nintegration.BeforeTest. The correct call is BeforeTestExternal,\notherwise some internal-etcd-integration-test logic is invoked, which\nseems to break test error calls (!) in some cases (probably goroutine\nleak detection, which is enabled by default when using BeforeTest -\nwhich we don\u0027t care about, as we don\u0027t [yet] expect our tests to be fully\nclean).\n\nWe also have to modify the harnesses used by curator tests to\nsynchronously terminate the cluster on each test end. Otherwise, etcd\nwill fail due to conflicts on domain sockets on which test members\nlisten. Unfortunately, there doesn\u0027t seem to be an easy way to run each\ncluster/test in a totally separate, non-conflicting socket setup.\n\nChange-Id: I2fb1332edb35349b66af131684feb378ae3a13ee\nReviewed-on: https://review.monogon.dev/c/monogon/+/688\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "d279dc056ff0cc93621f7dbab220ed4b8a5f501f", "tree": "0a7c50d96ab169f7e6095d94fd4b005cd99fdf32", "parents": [ "f2b7ab697885d2ccf7d7e624566c31f69550b7e8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri May 06 12:17:42 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon May 09 11:44:24 2022 +0000" }, "message": "m/t/nanoswitch: long term leases for IP addresses\n\nThis makes the nanoswitch DHCP server not allocate a new IP address for\nevery DISCOVERY packet, and instead re-uses already allocated IP\naddresses as much as possible.\n\nEffectively, this allows each node to have the same IP address, even if\nits DHCP client restarts or the whole node reboots.\n\nChange-Id: Ic276f8bd3cc3b531056ad05f7947ff544d8cc5d2\nReviewed-on: https://review.monogon.dev/c/monogon/+/679\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ed6bcacf756182ee62d249e3675ff050dcbc6800", "tree": "af1b4ea39b5a4ff2c9e1403748697b6869296938", "parents": [ "e11ffb67bab34f1faa439b13aeb2630d86714441" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 04 17:39:41 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 04 17:49:54 2022 +0000" }, "message": "m/p/tpm: fix panic when unsealing corrupted data\n\nIf the Protobuf payload for the unseal operation is parseable but does\nnot contain a sealed_key member, the code panics trying to access it.\nThis adds an explicit check and returns a descriptive error when that\nhappens.\n\nChange-Id: I671958c69265a1e77207981a439a66dccda87064\nReviewed-on: https://review.monogon.dev/c/monogon/+/673\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "e11ffb67bab34f1faa439b13aeb2630d86714441", "tree": "9cc70a9f0f754a43bfbd2249ac298b82439a544b", "parents": [ "c7b40912c5f5acfc1a72f3838395acf32d311d6e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 04 17:36:01 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 04 17:49:54 2022 +0000" }, "message": "m/n/c/s/crypt: enable fast inline data path\n\nNot using workqueues for de/encryption skips a lot of expensive context\nswitching that needs to be done for each IO operation.\n\nAlso see https://blog.cloudflare.com/speeding-up-linux-disk-encryption/\nfor more details on what these do.\n\nChange-Id: I3adc9b26e297b69bde6f01e1691c06f3b2c235b4\nReviewed-on: https://review.monogon.dev/c/monogon/+/672\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "c7b40912c5f5acfc1a72f3838395acf32d311d6e", "tree": "60436dae38be108a01f0160d29981d8e76c70774", "parents": [ "b30a41d6fea59cc6658192ad3866f6838d4e3fb7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue May 03 14:32:53 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 04 12:56:17 2022 +0000" }, "message": "m/n/c/localstorage: fix synchronous mounting flag\n\nAs it turns out, MS_SYNC is not actually a mount(2) flag anymore,\nonly MS_SYNCHRONOUS is.\n\nChange-Id: I4d2adbdf1a335b35a6c1e5d3725ee5451f6b5339\nReviewed-on: https://review.monogon.dev/c/monogon/+/671\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b30a41d6fea59cc6658192ad3866f6838d4e3fb7", "tree": "aefa32aba26eab3fadc77227a765300fe4c0d577", "parents": [ "de82150a3be691178d8113e50c65e052b6739e19" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Apr 29 17:14:50 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue May 03 12:11:19 2022 +0000" }, "message": "m/n/core: automatically update ClusterDirectory\n\nThis extends the hostsfile service to also update ClusterDirectory\nwhenever cluster member address information is received.\n\nChange-Id: I30dcd15ba4a59f13e48501ff1032c189e2e961af\nReviewed-on: https://review.monogon.dev/c/monogon/+/662\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "de82150a3be691178d8113e50c65e052b6739e19", "tree": "945df1463e04b093a472979a4f23c2d9aaa87ec3", "parents": [ "0246f5eb3a48f8a521ab20d776b923fcf0af6e1c" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Apr 29 16:37:17 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue May 03 12:11:19 2022 +0000" }, "message": "m/n/c/cluster: sanitize ClusterDirectory\n\nThis change enforces the suggested ClusterDirectory usage described in\nmetropolis/proto/common/common.proto.\n\nSee also: https://review.monogon.dev/c/monogon/+/662\n\nChange-Id: If00edcc078b6dccc80990fc95e9a1c87d945d74e\nReviewed-on: https://review.monogon.dev/c/monogon/+/669\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "0246f5eb3a48f8a521ab20d776b923fcf0af6e1c", "tree": "73ff4458a28566fa580c116958aeceb222d7e4ac", "parents": [ "2930e9966deca2ebcb9b497d4d133ffb6258ed87" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Apr 22 17:29:04 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue May 03 12:11:19 2022 +0000" }, "message": "m/test: implement non-transient QEMU VMs\n\nThis patch reworks the launch code, enabling rebooting of cluster\nmember VMs, while precluding erasure of their transient state (disk\nimage, OVMF firmware variables, TPM state, MAC address).\n\nRebootNode method included in this patch is cluster-aware in the sense\nthat it blocks until the node has re-joined the cluster.\n\nChange-Id: Ie1236297d214399e927a67295200f8b8879a5b39\nReviewed-on: https://review.monogon.dev/c/monogon/+/664\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "2930e9966deca2ebcb9b497d4d133ffb6258ed87", "tree": "f992bedb41005e2430ae768e83ef8d62c51298ae", "parents": [ "312a2274d58020ef8afdc6f83d9c4e76ce8c59c2" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Apr 25 12:52:35 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue May 03 12:11:19 2022 +0000" }, "message": "m/n/c/{cluster,roleserve}: implement Join Flow\n\nThis implements Join Flow for:\n- Registered nodes attempting to re-join the cluster.\n- Nodes bootstrapping the cluster.\n\nSee: Cluster Lifecycle and Integrity design document\n\nChange-Id: I74ab98fdec650c4f6aa59e34a16c0f95745dc0e9\nReviewed-on: https://review.monogon.dev/c/monogon/+/556\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "312a2274d58020ef8afdc6f83d9c4e76ce8c59c2", "tree": "441801586699b496e7b682f463fc983f3c25355a", "parents": [ "336a96c770c72d4671901d631d5bd93c87780c12" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Apr 25 12:03:58 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue May 03 12:11:19 2022 +0000" }, "message": "m/n/c/curator: implement Join Flow\n\nThis implements Join Flow in Curator, as described in Cluster Lifecycle\nand Integrity design document.\n\nChange-Id: Idabb471575e1d22a7eb7cce2ad29d18f1f94760a\nReviewed-on: https://review.monogon.dev/c/monogon/+/667\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "336a96c770c72d4671901d631d5bd93c87780c12", "tree": "1cf05d9300f7ea3451ac2910b029cd87cea04e3a", "parents": [ "898125b5d04bf820b50541c0290d1a1801de2ea4" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Apr 15 13:29:15 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Apr 26 11:07:26 2022 +0000" }, "message": "m/n/c/localstorage: add ClusterDirectory to ESP\n\nThis defines ESPClusterDirectory within localstorage, the presence of\nwhich is required by the upcoming Join Flow implementation.\n\nChange-Id: I6b5b4bf9f3a74f11c9d455581a1ad83d1bd86a96\nReviewed-on: https://review.monogon.dev/c/monogon/+/661\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "898125b5d04bf820b50541c0290d1a1801de2ea4", "tree": "a7f56a1f9c4b39a1675843fe69b4bacc74601807", "parents": [ "83d793ddcd4f75b3653255df5dac154ac3de4e87" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Apr 25 13:38:35 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Apr 26 11:07:26 2022 +0000" }, "message": "m/installer: bump test size to \"medium\"\n\nI found the test timing out at times when the CI setup was especially\nbusy, possibly due to lower disk I/O speeds. I think it\u0027s reasonable to\ngive this one more time.\n\nChange-Id: I992ef3c7df3afc65bba628b3b443f74bb37c2963\nReviewed-on: https://review.monogon.dev/c/monogon/+/666\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "83d793ddcd4f75b3653255df5dac154ac3de4e87", "tree": "d79840465c92dddb048f6483c2e1d824784ee8d7", "parents": [ "83a28c93a0e48f500db619492f24f96938cb9b00" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 25 11:17:47 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 25 19:26:50 2022 +0000" }, "message": "m/n/kubernetes: remove --port flag from services\n\nFrom logs:\n\n Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24.\n\nSo that\u0027s what we do. We had this flag only set to disable insecure\nserving, and insecure serving has been removed in upstream, thereby\nrendering the use of this flag a no-op.\n\nController-manager PR: https://github.com/kubernetes/kubernetes/pull/96216\nScheduler PR: https://github.com/kubernetes/kubernetes/pull/96345\n\nChange-Id: If9009aa6f7c72a5ec8b7baf2326964167059c0a1\nReviewed-on: https://review.monogon.dev/c/monogon/+/665\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "83a28c93a0e48f500db619492f24f96938cb9b00", "tree": "8ff1b1d60577d5dc52ff455b0862b854a467734b", "parents": [ "832bc77f0f0530059dd66b59cfd8a000b59b6251" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 19 13:59:38 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Apr 22 12:36:22 2022 +0000" }, "message": "m/node: minit: fix logging\n\nThis makes minit log into the same console devices as the Go core\nitself.\n\nChange-Id: I4fedd92d6f86ac224759a67ffd9704ece552b73c\nReviewed-on: https://review.monogon.dev/c/monogon/+/660\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "832bc77f0f0530059dd66b59cfd8a000b59b6251", "tree": "c063cc6398e410496844622ed9e2688f1e5c8116", "parents": [ "abe02eb86b64920be8aec862e380853be1fd3372" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 07 12:33:01 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 19 08:06:03 2022 +0000" }, "message": "m/p/event/etcd: handle spurious watch updates\n\nWith the recent etcd updates, we started seeing some failures in tests\nfor the etcd-backed Event Value library.\n\nThis seems to be due to etcd now sometimes returning \u0027spurious\u0027 watch\nupdates, in which a keyvalue is returned twice, with two separate\nrevision numbers, even though the underlying value has not been\nupdated.\n\nWe elect to deduplicate these within the event value library itself, if\nonly to make it less work for downstream users to do the same. This is\ndone be keeping a cross-watcher.Get map of key-\u003evalues, and filtering\nout updates which effectively do not update the data underneath.\n\nWe had one test relying on 1:1 correspondance between etcd puts and\nEvent Value backlogged Gets. However, the rest of our codebase does not\nmake this assumption, and it seems fair that this assumption doesn\u0027t\nmake sense alongside the intended use of the Event Value system in which\nwe deliberately and arbitrarily drop intermediate updates within a\nsingle Get call.\n\nChange-Id: I731a15b2d15ab6807bb95cb6c777c176dde22f0b\nReviewed-on: https://review.monogon.dev/c/monogon/+/654\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "fdc3a2473e4ebfd77db342252e1088882e01b2d6", "tree": "addfe894acce55d3088764cc49a6c1c3cee55573", "parents": [ "33ce3bcd5c4791cb66a3020b7792829c534c97c6" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 06 15:56:38 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 19 08:01:17 2022 +0000" }, "message": "third_party/go: fix `go mod tidy`\n\nThis makes our root repository somewhat more gomod-compliant, to the\npoint where we can run `go mod tidy` to manage dependencies.\n\nThe generated placeholder files turn their parent paths into enough of a\nGo package that the go tooling is appeased, but they are ignored by\nGazelle.\n\nIdeally, we will generate these placeholders automatically before\nrunning `go mod tidy` and gitignore them, but this will do as a first\npass.\n\nWe also remove some unused dependencies which got caught by `go mod\ntidy`.\n\nChange-Id: I81e7e92a45f22c8ef9c92207f67a5bd6cc773da5\nReviewed-on: https://review.monogon.dev/c/monogon/+/652\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "33ce3bcd5c4791cb66a3020b7792829c534c97c6", "tree": "a968a2aeae9e96c84c6260fcbd22e12063dc1ef2", "parents": [ "ee4bfdb9c59848d618975f24746c78b418e9aebc" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Mar 11 11:57:48 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 06 17:28:21 2022 +0000" }, "message": "m/n/core/rpc: add ClusterResolver\n\nThis is a first-pass implementation of a baseline, functioning, but not\nfully featured gRPC resolver builder that connects to a given Metropolis\ncluster based on just a single functioning node.\n\nThis is planned to be extended to be aware of node health, and possibly\ncurator leadership. It will then replace the main roleserver client and\nallow metroctl to connect to a cluster given just a single node.\n\nChange-Id: I8321a6ce19bdaead35b5f266dd9774ce1b78f075\nReviewed-on: https://review.monogon.dev/c/monogon/+/637\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "be74284cb84581b7217a934d2a771edb7c948223", "tree": "c943b51d32f0f0c0f81b97faa4660a9099b3caee", "parents": [ "fe7134b0b25b620b6f40b1f41f37ab93fca6d3c0" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 04 13:18:50 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 06 09:52:24 2022 +0000" }, "message": "m/test: implement SOCKS proxy in cluster tests\n\nThis uses the new socksproxy package to run a proxy server in the\nnanoswitch, and uses it within tests to access the test cluster\u0027s nodes.\n\nThe cluster test code (and nanoswitch) still forward traffic to the\nfirst node, but this will be gradually removed as SOCKS support is\nimplemented in metroctl and the debug tool. Forwards from host ports to\ndifferent node can then be implemented as part of the dbg tool (instead\nof the cluster launch code) to maintain a simple interface during debug\nand development.\n\nWe also use the opportunity to make the non-cluster launch code not\nMetropolis specific (by removing an assumption that all ports on all\nnodes are Metropolis ports). In the long term, we will probably remove\nnon-cluster launches entirely (or further turn this code into just being\na \u0027launch qemu\u0027 wrapper).\n\nChange-Id: I9b321bde95ba74fbfaa695eaaad8f9974aba5372\nReviewed-on: https://review.monogon.dev/c/monogon/+/648\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "fe7134b0b25b620b6f40b1f41f37ab93fca6d3c0", "tree": "56bae6b492cb092f21723d3407e64258eb8b255f", "parents": [ "a393814a28df60f67fa6a39309a6d8604811ca95" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Apr 01 15:46:29 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 05 14:44:40 2022 +0000" }, "message": "m/pkg/socksproxy: init\n\nThis implements a simple SOCKS5 proxy server, which will be used within\nnanoswitch to expose multiple nodes to test code and metroctl.\n\nSome existing alternatives were considered, but none were in a healthy\nenough state to be usable within Metropolis. And, in the end, we only\nneed a small subset of an already simple standard, so implementing this\nourselves isn\u0027t a massive waste of time.\n\nChange-Id: Ifa4d4edf837b55b93cae9981028efef336ff2a3d\nReviewed-on: https://review.monogon.dev/c/monogon/+/646\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "a393814a28df60f67fa6a39309a6d8604811ca95", "tree": "15ff5be928b1b6cb12ed38fdcf8a3679118495da", "parents": [ "8ca9c292b2b8e5aa83500f2065da56919ce7af41" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 04 17:04:47 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 05 14:41:28 2022 +0000" }, "message": "m/node: add /dev/tty0 and /dev/ttyS0 to erofs\n\n... alongside a few other \u0027critical\u0027 /dev chardevs.\n\nThis is in preparation for making minit log into /dev/tty0 and\n/dev/ttyS0, as currently it does not log at all (broken by\nreview.monogon.dev/517).\n\nWhile we\u0027re at it, we chip away at the move-everything-to-fsspec\nrefactor, and unify initramfs/erofs /dev structure into a dedicated\nfsspec file, plus move directories from extra_dirs into its own fsspec\nfile as well. Fsspec targets can now take files in the fsspecs\nattribute, which we point at the newly created files.\n\nAlternatively we could\u0027ve made a \u0027fsspec_bundle\u0027 rule that would\ngenerate an fsspec provider from a definition (either as native starlark\ntypes or a prototext). We\u0027ll have to do something like this later so\nthat we can get rid of the files attribute in erofs_image, but let\u0027s not\nmake this change too large.\n\nSince we\u0027ve cleaned up some starlark attribute usage, we then pull on\nthat thread to remove some now unused code, like the builtin_fsspec\nfunctionality for fsspec-based rules, and the extra_dirs attribute.\n\nChange-Id: I0df6c60df20e38abfc9632d0a701d547292f3697\nReviewed-on: https://review.monogon.dev/c/monogon/+/650\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8ca9c292b2b8e5aa83500f2065da56919ce7af41", "tree": "7e13b5cd63a4eb5a35c5e90178983b2360cd54e0", "parents": [ "d13c1c64387ca9a83bb832a3faa5c4b07268d265" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 04 16:29:26 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 05 13:53:02 2022 +0000" }, "message": "m/p/erofs: add character device test\n\nAlso, drive-by fix a misleading comment.\n\nChange-Id: Ic5dc2d16a0c2f453d55f0f698f06f30fd355098a\nReviewed-on: https://review.monogon.dev/c/monogon/+/649\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d13c1c64387ca9a83bb832a3faa5c4b07268d265", "tree": "0c0f534db4726e4400486aad25235e8c573d455e", "parents": [ "79a1a8f9dd49afe8e0a2364c4586b8f39525b204" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:58:58 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 05 10:35:29 2022 +0000" }, "message": "treewide: switch to gomod and bump everything\n\nThis switches version resolution from fietsje to gomod and updates\nall Go dependencies. It also bumps rules_go (required by gVisor) and\nswitches the Gazelle naming convention from go_default_xxx to the\nstandard Bazel convention of the default target having the package\nname.\n\nSince Kubernetes dropped upstream Bazel support and doesn\u0027t check in\nall generated files I manually pregenerated the OpenAPI spec. This\nshould be fixed, but because of the already-huge scope of this CL\nand the rebase complexity this is not in here.\n\nChange-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833\nReviewed-on: https://review.monogon.dev/c/monogon/+/639\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "79a1a8f9dd49afe8e0a2364c4586b8f39525b204", "tree": "2bf599ded06a18c5850cbf513e94fd0cf7ba3776", "parents": [ "a8e23543e792505ea8a40bf544d857163696a25b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 31 17:19:07 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Apr 04 19:45:00 2022 +0000" }, "message": "m/n/k/authproxy: make use of SPDY through proxy work\n\nKubernetes still uses SPDY for interactive/streaming-type calls (like\nexec or port-forward). Our proxy uses a HTTP/2 backend connection to\nKubernetes\u0027s API server. A HTTP/2 stream cannot be upgraded to SPDY\nmeaning these API requests all fail. This implements a slightly ugly\nworkaround by using two HTTP transports, a regular transport which\nsupports HTTP/2 and a fallback transport which does not. The proxy\nselects the fallback transport if it detects that the request is trying\nto upgrade to SPDY.\n\nChange-Id: Idd44f58d07ec5570ddf8941ae7595225f47f254d\nReviewed-on: https://review.monogon.dev/c/monogon/+/645\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "399ce5537c9d74b2335add19dcb6a4043d9468b5", "tree": "a7e086c69c69f8745ca123764c6929e090e0d80b", "parents": [ "0ea448a92ad342bcb0ecb05a2aa9652ebe48b62a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 29 12:52:42 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 30 15:50:59 2022 +0000" }, "message": "m/n/core/rpc: provide lower-level gRPC dialing constructs\n\nThis replaces the 2x2 cartesian product of ready-made dialing functions\n(New{Authenticated,Ephemeral}Client{Test,}) with plain gRPC Dial\nOptions.\n\nThis is partially to reduce the magical aspect of the RPC library (after\nall, we are just using gRPC here, no need for these wrappers), but\nmostly in preparation for having another dimension added: dynamic\ncluster resolving, which will also be just provided as a Dial Option.\n\nChange-Id: Id051ca5204e4b44afcc10164f376ccf08af46120\nReviewed-on: https://review.monogon.dev/c/monogon/+/640\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "49a1ea42df1cf9f6f3b401a52565496c32b18308", "tree": "f6237d3438df1638517ab42b8609460738845518", "parents": [ "f3c4b42225fb7340e12cc74f9afc2ecc241e4304" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Mar 15 13:43:59 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Mar 17 07:51:54 2022 +0000" }, "message": "m/c/p/datafile: expose ResolveRunfile\n\nThis exposes ResolveRunfile, which can be used to access runfiles using\na filesystem path.\n\nChange-Id: Ib3c41f86264368a076840618c682cb288b3b6f98\nReviewed-on: https://review.monogon.dev/c/monogon/+/630\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f3c4b42225fb7340e12cc74f9afc2ecc241e4304", "tree": "b4d570c6a64df0444216c62903445880f0ce915b", "parents": [ "58cf3bca19e0d04a5dda6ad32a72459bb03df3cf" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 10 00:37:57 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 15 12:50:10 2022 +0000" }, "message": "m/n/core/rpc: remove leftover local/external listener abstractions\n\nThis continues cleanup work after review.monogon.dev/624.\n\nChange-Id: Ic38f4547627d382a4405cf4b3336aa7cac80849b\nReviewed-on: https://review.monogon.dev/c/monogon/+/629\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "58cf3bca19e0d04a5dda6ad32a72459bb03df3cf", "tree": "5c11fb1f25eae37790ef870b1b937bfe6302674b", "parents": [ "ec19b60842e905a4400e5f8b46b783a54d0a025a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 09 20:33:36 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Mar 11 11:40:50 2022 +0000" }, "message": "m/n/core: remove local listener from curator\n\nWhile working on a client library to access a cluster reliably, a\nthought popped into my head:\n\nDo we even need to run the local (UNIX domain socket) listener in the\nCurator?\n\nAnd, after checking all code paths, to my surprise... no, not really.\nWhy did we ever do it? Perhaps because we started differently structured\ncluster bootstrap codebase that caused it to be a hard requirement. Or\nmaybe it was just a momentary lapse of reason. Regardless, with the\ncurrent codebase, it makes no sense: we always have Node credentials\navailable, and we run the Curator on all network interfaces. So why not\njust connect over loopback and use TLS?\n\nHere are some of the benefits of removing the local listener:\n\nIt removes a whole bunch of code, and pulling at a few more threads in\nthe Curator and RPC codebases will probably let us remove quite a bit\nmore now unused abstractions.\n\nIt leads to a more secure product, as we have one less privilege domain\nsocket to worry about (although we still have the etcd one... but that\u0027s\na whole different can of worms).\n\nAnd most importantly, it paves the way for a vastly simplified cluster\nclient - one in which the transport is the same regardless of whether we\nconnect to a local or remote curator. This should let us use bog\nstandard gRPC load balancing / resolving extensions to reach the Curator\nin an idiomatic and robust way.\n\nChange-Id: I1fe9b04ba3b5f4e001050c25aec61a761077492f\nReviewed-on: https://review.monogon.dev/c/monogon/+/624\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "ec19b60842e905a4400e5f8b46b783a54d0a025a", "tree": "b4c0d22ef5dc693a21fef4e987d9c82457d816f6", "parents": [ "662182fd732fb523ee76bdc069f603bc378a6d2e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 09 20:41:31 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Mar 11 11:00:50 2022 +0000" }, "message": "m/p/supervisor: wait for runnables to exit in TestHarness\n\nThis ensures that tests which aren\u0027t marked as parallel won\u0027t interfere\nwith eachother due to still running runnables (for example, gracefully\nterminating gRPC services listening on some stable port number).\n\nTo implement this, we add the Liquidator, a goroutine responsible for\nmaintaining a minimum viable supervisor processor which records all\nrunnables\u0027 exits. These can then be inspected by the TestHarness to\nensure that all runnables are truly dead.\n\nChange-Id: I436f9608d1e0e04796f7198b641e7d625df885f8\nReviewed-on: https://review.monogon.dev/c/monogon/+/625\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "662182fd732fb523ee76bdc069f603bc378a6d2e", "tree": "0dbebeb12a8be1de9f19d31d6c6319e005af749e", "parents": [ "74440ac441be981eb570dc37036e71bf25a04492" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 10 14:06:48 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 10 16:24:34 2022 +0000" }, "message": "m/p/tpm: use secretbox with seal/unseal for larger payloads\n\nNatively the Seal/Unseal operation in the TPM 2.0 specification only\nsupports up to 128 bytes of payload. If you need to seal more than that\nthe specification tells you to generate and seal a key and use that to\nencrypt and authenticate the rest of the data. This CL implements said\nmechanism transparently as part of the Seal and Unseal functions using\na nacl-compatible secretbox as the authenticated encryption primitive.\n\nChange-Id: I0a724b12aae5e5151d103b52ed13b71c864076ab\nReviewed-on: https://review.monogon.dev/c/monogon/+/626\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b6c0aa9703d7b92ea0a94f16a81a7218fc80d36b", "tree": "fde7cf7668a12c10d903576adc591d8d33b62412", "parents": [ "942f5e2188f67d78fe8da86f42e1902427792f2b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 24 17:53:40 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 12:26:08 2022 +0000" }, "message": "metropolis: use microcode\n\nThis ties together all previous work and actually makes the installer\nand OS use microcode via the early microcode loader.\n\nChange-Id: I4e3214c30e4eff1d231d462fceddd2e353d28731\nReviewed-on: https://review.monogon.dev/c/monogon/+/549\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "942f5e2188f67d78fe8da86f42e1902427792f2b", "tree": "b3465cd8996a224a678f12cf1d858173077dadd1", "parents": [ "d3ce0ac027b205b1eeccbbcb062c9d417e205df4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 27 15:03:10 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 12:05:38 2022 +0000" }, "message": "b/ci: update build container to Fedora 35\n\nFedora 32 is EOL since over half a year, update to the current stable\nFedora release.\n\ntoolchains: adds clang as it\u0027s no longer part of the llvm package,\nchanges toolchain path references to GCC 11, and rebuilds the sysroot.\n\nedk2: update to latest stable (old version cannot build with a newer\nminor version of Python 3) and patch to disable -Werror and make the\nnewer included Brotli version work as it natively includes BUILD\nfiles which need to be patched out to make the source files accessible.\n\nlinux: add patch to fix PVH ELF note entrypoint with binutils 2.32+ as\notherwise the .notes section gets emitted with broken alignment.\n\nm/t/launch: RunMicroVM is broken if SerialPort is not set with newer\nQEMU versions because fcntl(2) fails to interact with a broken file\ndescriptor. This is due to a confusion between nil interfaces and\ninterfaces containing a nil pointer causing Go to improperly pass the\nfile descriptor. Changing the type of SerialPort to the actual\ninterface resolves the issue.\n\nChange-Id: I03a8cbf4f80a7363794dad1ff62ccb57e778cac3\nReviewed-on: https://review.monogon.dev/c/monogon/+/529\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "d3ce0ac027b205b1eeccbbcb062c9d417e205df4", "tree": "b026e8c1b1d327531a739449b383ad21f8fd9c20", "parents": [ "304d42c86f034386a957eaec36b0d254aef8dc76" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 03 12:51:21 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 11:52:07 2022 +0000" }, "message": "m/n/b/fwprune: process links from metadata file\n\nThe linux-firmware repository has a metadata file called WHENCE which\ncontains mostly license and origin information, but critically it also\ncontains data for symbolic links which are not materialized inside the\nrepo itself. So we need to parse that file and create these symlinks\nourselves.\n\nChange-Id: I9e6973e60d6f06e844dc879f658c9dd1913c432d\nReviewed-on: https://review.monogon.dev/c/monogon/+/555\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "304d42c86f034386a957eaec36b0d254aef8dc76", "tree": "404c736fb81daec84ba0ae93f52e9ba0a28cb127", "parents": [ "0e22b1a41b028693e0e69db22cc8b708b09070f0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 24 17:53:08 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 11:52:00 2022 +0000" }, "message": "m/n/b/mkpayload: support multiple initramfs files\n\nLinux supports multiple concatinated initramfs files and requires using\nmultiple to provide certain data like microcode for the early loader.\nThis allows building such payloads with mkpayload.\n\nChange-Id: Ie7ee7886bbfe481d7b723e0476a26ee26425a0b6\nReviewed-on: https://review.monogon.dev/c/monogon/+/548\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "0e22b1a41b028693e0e69db22cc8b708b09070f0", "tree": "e191f9275622f25b9d671abffe74f7f35d1724f8", "parents": [ "d348fd1c66194c0fff46e39a16131a7bd0e45707" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Feb 14 15:00:55 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Mar 07 13:41:55 2022 +0000" }, "message": "m/n/core: save NUK and Node Credentials\n\nThis makes the node save its Node Unlock Key and Node Credentials after\nregistering.\n\nChange-Id: Ie16e8fd149745e22a2c02e56ccf3c2d87d052079\nReviewed-on: https://review.monogon.dev/c/monogon/+/537\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b6aa3f7a4bb57fa3d29c846fcfcc6c0d267ae8b7", "tree": "6a5ddca18251baf74ba5a0734bd86fd54ab89def", "parents": [ "f099c09760ea9b860b87776b8386f8c29a164fea" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 20:28:54 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 03 11:39:00 2022 +0000" }, "message": "m/n/core: print scary warning message when running debug build\n\nThis is to make users aware that debug builds of Metropolis provide\nabsolutely no security and should never be used if not debugging.\n\nChange-Id: I64cbe6d77ba40b9539abb5e946fa3231658eec21\nReviewed-on: https://review.monogon.dev/c/monogon/+/553\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f099c09760ea9b860b87776b8386f8c29a164fea", "tree": "ccb1523d90612ceb3d5f96d54fd169caf0e325c5", "parents": [ "80deba52ce3d1ff3c60fa2901cbbb0135e40f90b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 24 17:22:26 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 19:32:09 2022 +0000" }, "message": "m/n/build: format efi.bzl\n\nThese are the changes from running buildifier on efi.bzl.\nThis is in preparation for changing this file as otherwise the\nformatting changes would be intertwined with actual changes.\n\nChange-Id: I2e32e011107e5af9301300d927a2196fbe06e574\nReviewed-on: https://review.monogon.dev/c/monogon/+/547\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "80deba52ce3d1ff3c60fa2901cbbb0135e40f90b", "tree": "659869cf80fae0c808d7caae2d8341669bd8e1c5", "parents": [ "ac82c0d984cd23b4b35163b223c9ed0001df8f55" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 24 17:07:13 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 19:32:09 2022 +0000" }, "message": "m/node: build microcode payloads\n\nThis adds a builder for loadable microcode payloads for the Linux\nkernel and microcode for Intel and AMD CPUs. It also adds a rule\ngenerating a microcode payload for Metropolis at\n//metropolis/node:ucode but does not integrate it yet.\n\nChange-Id: I00145e4c983d9ff3e81881e92cbecc3e09392665\nReviewed-on: https://review.monogon.dev/c/monogon/+/546\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "ac82c0d984cd23b4b35163b223c9ed0001df8f55", "tree": "8f89e032104961783859b32a5c3525cda48b638a", "parents": [ "6dff6d6a57b999eb91f1b9cf956e2ebc18c2defd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 13:32:45 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 19:23:13 2022 +0000" }, "message": "m/n/core: only run debug service in debug build\n\nThis excludes the debug service from non-debug builds as it exposes a\nbunch of unauthenticated interfaces for debugging to the world.\nThe Kubernetes tests were the last user of this service but getting\nKubernetes credentials is now handled by an authenticated production\nservice (the authproxy).\nSome parts of the debug service functionality, namely GetLogs will also\nbe needed outside of debug builds, but nothing depends on its\navailability so we can do this right away.\n\nChange-Id: I5ba3d2853c69ae295d6224b359b36c160b58c430\nReviewed-on: https://review.monogon.dev/c/monogon/+/552\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "6dff6d6a57b999eb91f1b9cf956e2ebc18c2defd", "tree": "4db4fa350e81b0fc52db7cf81f4c620114b28d18", "parents": [ "636032e843efcdef0716ed9956f40642d07b8d4c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Jan 28 18:15:14 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Feb 23 16:15:54 2022 +0000" }, "message": "m/n/roleserve: reactive service management\n\nBottom line up first: this starts etcd, the curator and Kubernetes on\nnodes that register into the cluster. Effectively, this is multi-node\nsupport.\n\nThis significantly refactors the node roleserver to start both the\ncontrol plane and Kubernetes on demand, based on roles assigned by the\ncluster (or due to bootstrapping a new cluster). Most importantly, we\npretty much remove all cluster-bootstrapping code from the node startup\nprocess, thereby making the first node and any subsequent nodes not go\nthrough different codepaths.\n\nIn addition, access to the cluster Curators is now also mediated via\nthe roleserver, which is the component aware whether the node code\nshould connect to the local curator (if the control plane is running) or\nto remote curators (if the control plane is not [yet] running).\n\nThis implementation is a bit verbose as we make heavy use of untyped\nEvent Values, and we add quite a few lines repeated of code to combine\ndata from different values into something that a goroutine can wait on.\nOnce Go 1.18 lands we should be able to make this code much nicer.\n\nThere\u0027s still a few things that need to be implemented for all flows to\nbe working fully (notably, we can end up with stale curator clients,\ncurator clients are not load balanced across multiple curators, and\ncluster directories for connecting to the curator do not get updated\nafter startup). However, these are all features that we should be able\nto easily implement once this lands.\n\nCurrently this is only covered by the e2e test. The individual workers\nwithin roleserver should be able to be independently tested, and this is\nsomething I plan on doing very soon as another change on top, while this\none is being reviewed.\n\nWith time, the two large startup components (the cluster \"enrolment\"\nmanager and the roleserver) have slightly lost their original purpose\nand their names aren\u0027t exactly fitting anymore. I might rename them in\nan upcoming change, if anyone has any good naming ideas I\u0027m all ears :).\n\nChange-Id: Iaf0fc9f6fdd2122e6aae19607be1648382063e66\nReviewed-on: https://review.monogon.dev/c/monogon/+/532\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "636032e843efcdef0716ed9956f40642d07b8d4c", "tree": "9499a197eec2483636b1fc940d8b7e78d3a29161", "parents": [ "5839e97231f31fac6730a1d553fe7114d37a1521" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jan 26 14:21:33 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Feb 23 16:15:54 2022 +0000" }, "message": "m/test/launch: fail ROC on non-UNAVAILABLE errors\n\nThis makes RetrieveOwnerKeys fail fast in tests if some non-transient\n(ie. non-UNAVAILABLE) error is encountered. I hit this while developing\nsomething around the codebase and it took me way too long to figure out\nwhy the e2e test was stalling.\n\nThis really begs doing a pass on all retry loops to make sure we don\u0027t\nget stuck like this. Perhaps we should formalize this, too.\n\nChange-Id: I048f5ac79802330f789e67ba316bc38f04d83331\nReviewed-on: https://review.monogon.dev/c/monogon/+/531\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" } ], "next": "5839e97231f31fac6730a1d553fe7114d37a1521" }