)]}' { "log": [ { "commit": "153c9c1d69e5c37dd96f8d43ff1e628bd548320e", "tree": "dc8b3d767ad46645cf2b0c3425f5a2f1e65cfcb5", "parents": [ "8e19fa4edcb992d8c486b420debb6d63f8777d97" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 07 17:44:45 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jan 08 00:01:30 2025 +0000" }, "message": "treewide: unfork netlink\n\nWe were using our own fork because of the psample change whose\nupstreaming effort has stalled since Mateusz left the company. That\nnetlink base is now getting too old and we have more patches on top\nwhich all have since become irrelevant or got upstreamed.\n\nThe new version of netlink also no longer has the quirk that default\nroutes do not have a destination set, fix that in the DHCP tests and use\ngo-cmp as the raw binary values are annoying to get right and do not\nmatter. Semantic equivalence is what we\u0027re after.\n\nThus stop using our fork and instead pick up the rebased psample patches\nfrom the new upstreaming effort. This removes one more replace directive\nwhich is nice.\n\nChange-Id: I21a59c2c9a99dd3baf672a8aa2ad9332e573cba1\nReviewed-on: https://review.monogon.dev/c/monogon/+/3750\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8e19fa4edcb992d8c486b420debb6d63f8777d97", "tree": "ed19daa5f7ddf6376658e6d4e04754aeaca83a00", "parents": [ "5178dd76472906d541fe08c643633499708c67de" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Nov 12 13:39:43 2024 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 07 17:00:42 2025 +0000" }, "message": "metropolis/node/core/bios_bootcode: Add legacy bootcode\n\nThis change provides a legacy bootcode that shows the user that they\nare using an invalid configuration, e.g. not use UEFI. This can be\ntested with \"qemu-system-i386 -hda bazel-bin/metropolis/node/image.img\".\n\nCloses monogon-dev/monogon#142\n\nChange-Id: I3337a70125010aec110ad75647346310cac76d37\nReviewed-on: https://review.monogon.dev/c/monogon/+/3748\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "f724ed2be1d3f86159ea83ca41f5f6b0886a69a5", "tree": "fb4b9bbabf2bafeaf3e0f3f106b2aaf0279d95fb", "parents": [ "475cbb1e8f9fc90936a04ff11bcb4b794b5adcec" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 07 01:02:41 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 07 15:10:08 2025 +0000" }, "message": "metropolis/proto: Add protobuf linting\n\nThis adds linting for our proto definitions. All failing linter rules\nare currently disabled and will be enabled/fixed in a future commit.\n\nCloses monogon-dev/monogon#7\n\nChange-Id: Ifb9531511f0bc2a0b740722a493d7c3bf8d6d19c\nReviewed-on: https://review.monogon.dev/c/monogon/+/3747\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "475cbb1e8f9fc90936a04ff11bcb4b794b5adcec", "tree": "76f0216106df475b63ec31f30bb715e5cd0563c4", "parents": [ "1195734e94f3842db7f9044d581d88494a8440db" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 07 00:38:16 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 07 15:10:08 2025 +0000" }, "message": "treewide: replace build/proto_docs with rules_proto_grpc_doc\n\nIn a future commit we will use other modules from rules_proto_grpc,\nwhich allows us to remove this custom rule\n\nChange-Id: I00a823de8fb8eb1e3beb5bf2f516d2c92dabc5a0\nReviewed-on: https://review.monogon.dev/c/monogon/+/3746\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "837cb8e459b9eefabe89ab17df0b7dafb5e3d631", "tree": "32337d84d4f32b0c2c523e2c5bd177f4acfe4808", "parents": [ "b6afed68fd1d2ee9b32d395b388d2db1338d0fa0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 23 13:52:56 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 23 21:59:59 2024 +0000" }, "message": "treewide: update Kubernetes to 1.32\n\nRelatively easy change, one cadvisor fix is temporarily needed. The\nlegacy log dir patch needed to be rebased, that\u0027s about it.\n\nI enabled single-process OOM killing again as that was the default for\ncgroupv1 and IMO the more sane behavior.\n\nUpstrem changelog at:\nhttps://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md\n\nChange-Id: I537a6e37137d05efb6eec8635915e36fd8b37cbc\nReviewed-on: https://review.monogon.dev/c/monogon/+/3721\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a5b00bd43cceaf807e56ae609c6acdb9f94fa983", "tree": "5c2c0fe0d3947ddc7d82f6c4b34bedaeb26b7f39", "parents": [ "70e5a977302e5ce90c94488b7da0d55894dea3ec" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 09 22:52:31 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 23 13:11:29 2024 +0000" }, "message": "metropolis/test/launch: fix data race\n\nChange-Id: Id427d73cf32ff06a074fce5903d66050dd9e28cb\nReviewed-on: https://review.monogon.dev/c/monogon/+/3688\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3c6183f7f12ded0c563239c7eff1f1dc4a9bebec", "tree": "e3487e97b71fb10a310780a36c7438f4fb9af242", "parents": [ "bc32bcd241a9270786a749266ce4f6a5df6d0a6e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 16 02:42:21 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 23 13:10:21 2024 +0000" }, "message": "osbase/supervisor: use MustRegister for metrics registration\n\nChange-Id: I4321c626f210bea025ab27bfecf783425f1482b5\nReviewed-on: https://review.monogon.dev/c/monogon/+/3703\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bdbb9c2baa94f72bf57ad1c13a2c2a5c3ff01858", "tree": "97fad3e69df9ac10117a71846320dd8748caeecd", "parents": [ "742fde7cd4861bb16b4f0655b84f587510c1e84b" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Dec 18 15:14:02 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Dec 23 10:13:43 2024 +0000" }, "message": "m/node/core/time: use CommandContext\n\nChange-Id: Ie98b949facf3d26c819bdf56329f5837b8e3dac7\nReviewed-on: https://review.monogon.dev/c/monogon/+/3712\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d7c8bbbf6638f0042a972af7efaf808b159fcbb1", "tree": "4ed649b74c53ac0d1b514b2d2821556da33bef00", "parents": [ "91bcf46639db7008c7290e6f27136cd122fd1b3c" ], "author": { "name": "Timon Stampfli", "email": "timon@timon.ch", "time": "Sun Dec 15 17:26:35 2024 +0100" }, "committer": { "name": "Timon Stampfli", "email": "timon@timon.ch", "time": "Fri Dec 20 15:53:04 2024 +0000" }, "message": "m/c/metroctl: clean up ssh terminal handling\n\nDrop deprecated x/crypto/ssh/terminal package. It\u0027s replacement is\nalready used in the same package. Consistently use syscall.Stdin and\ncast it to int to be compatible with Windows. This is a no-op on\nUnix-style platforms.\n\nChange-Id: I727a51a6aae6e57e4133ab5969db77af013ba78f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3699\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "91bcf46639db7008c7290e6f27136cd122fd1b3c", "tree": "f0edbfddd7a96ce00edb0db0bb1cf294536d9f1a", "parents": [ "007d66e6b32db8080d37738b2986871729a48e03" ], "author": { "name": "Timon Stampfli", "email": "timon@timon.ch", "time": "Sun Dec 15 16:57:05 2024 +0100" }, "committer": { "name": "Timon Stampfli", "email": "timon@timon.ch", "time": "Fri Dec 20 15:53:04 2024 +0000" }, "message": "m/node: remove non-definition dependencies\n\nThis enables usage from arbitrary platforms without including lots of\ndependencies that aren\u0027t related to functionality.\n\nChange-Id: I33e16b5396dc7216b676b294b8c1752caf3551b3\nReviewed-on: https://review.monogon.dev/c/monogon/+/3697\nTested-by: Jenkins CI\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b62b8e04eb6f2f6ebc54ecc397ded788a924f279", "tree": "9934baf66b686eee0609ec2ceb402450de0afee3", "parents": [ "b9701c362d602b9b51961bcff849b2eb28b65883" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 16 20:18:47 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 16 20:24:07 2024 +0000" }, "message": "m/n/kubernetes: fix flake in TestAsFlags\n\nThis test was flaky due to Go\u0027s map iteration not being deterministic.\nSort the output to make sure we do not introduce unnecessary\nnon-determinism.\n\nFixes: #363\nChange-Id: If70486306a809b7d33bc17206600b0f750429b7d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3708\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "b9701c362d602b9b51961bcff849b2eb28b65883", "tree": "536fd1e47e35ca5b7ee81b6097b619c721b6916a", "parents": [ "c441f0b4141a4908bbae142dcde929e427ad8fd0" ], "author": { "name": "Timon Stampfli", "email": "timon@timon.ch", "time": "Sun Dec 15 17:50:01 2024 +0100" }, "committer": { "name": "Timon Stampfli", "email": "timon@timon.ch", "time": "Mon Dec 16 19:34:45 2024 +0000" }, "message": "m/c/metroctl: add prototext node-params option\n\nThis adds the node-params flag to metroctl install, which allows\nadvanced users to specify customized NodeParameters in a prototext file.\nThe cluster field gets overwritten by the existing logic. As of now,\nthis is only useful for specifying network_config.\n\nChange-Id: Ieccf208177bb49635a634e484c67e99e80792bda\nReviewed-on: https://review.monogon.dev/c/monogon/+/3700\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d1a8b64d305c57f45416fc40b39211541113a373", "tree": "17fcd0e77576b200e75a940fb26ce2334a7a8553", "parents": [ "d77e26ee216738393a9808c95266bbcb91ca0e68" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Dec 03 17:40:41 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Dec 04 08:28:03 2024 +0000" }, "message": "treewide: add more ptr.To usages\n\nChange-Id: Ibf511bc012a17e39d6b7b4f3a7d9abc1304d755f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3677\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "d77e26ee216738393a9808c95266bbcb91ca0e68", "tree": "8dd5dfa48c9b388684b697687be4198094ac66e3", "parents": [ "affe8fa229e3a701e060cb6bc35b9362814b5daf" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 02 18:23:10 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Dec 03 14:31:57 2024 +0000" }, "message": "treewide: replace bool-to-boolptr helpers with k8s.io/utils/ptr.To\n\nChange-Id: I90419ddfe087291f41f7f2f3589263e56c15470a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3675\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "affe8fa229e3a701e060cb6bc35b9362814b5daf", "tree": "63c91aa39676df52139f5c0df6023feff1ab0def", "parents": [ "e49c273818f88cc4ff2fd9fcb8bb8272b70f1beb" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 02 17:53:24 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Dec 03 14:31:57 2024 +0000" }, "message": "osbase/build: remove redundant platform_transition_binary rule\n\nWe have the aspect library in our dependencies anyway,\nso there is no point in copying this.\n\nChange-Id: I160a13a90dd45a0495670bd453a3aa0a16cfb771\nReviewed-on: https://review.monogon.dev/c/monogon/+/3674\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2ecccae4ff62b687ec5e218349fcf8a42069dfc9", "tree": "c5a5914c9d3bd8fb37a5650a6b3e4881f9fc2610", "parents": [ "d58edf4e2f745427d69ecc72bfe9a9ead69d697d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 27 22:03:35 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 02 16:50:54 2024 +0000" }, "message": "m/node: enable user namespaces in K8s\n\nThis enables the two feature gates for user namespace support in K8s.\nWe did not previously have a passwd file which caused Go\u0027s UserLookup\nto fail with an unexpected error. Add an mostly-empty placeholder file\nto placate it.\n\nChange-Id: I71a7a6dc889a289512075a25b7e551f2cd65ffb6\nReviewed-on: https://review.monogon.dev/c/monogon/+/3665\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d58edf4e2f745427d69ecc72bfe9a9ead69d697d", "tree": "bd9424fdb0a58cb7c78ab99d8a3b1d4ebc07c5db", "parents": [ "ff7452b586134e18af9f1362d7b96dcb64aa8d71" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 27 20:38:14 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 02 16:50:54 2024 +0000" }, "message": "m/n/kubernetes: introduce feature gate infra\n\nThis introduces centralized infrastructure to control feature gates in K8s.\n\nIt includes a test to make sure that we do not keep outdated flags in there.\n\nChange-Id: Ife251cbd5210bc8b3757bb3829e91bcdb2e6fdfb\nReviewed-on: https://review.monogon.dev/c/monogon/+/3664\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ff7452b586134e18af9f1362d7b96dcb64aa8d71", "tree": "7e3b9fe5c161cedf1073a086d0b6e5511b20bd98", "parents": [ "231ee041b652ab2aea6a64e0c4929fa4beb5851b" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 28 13:08:55 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 28 14:45:57 2024 +0000" }, "message": "m/node/kubernetes: mount PVs with noexec on the host\n\nNow that runc always replaces per-mount-point flags when bind-mounting\nvolumes inside the container, we can mount them with noexec on the host\nwithout affecting workloads. This has some security advantages, as any\nexecutables in volumes are no longer executable from the host.\n\nChange-Id: Id5a8ea8caf702fca58d300fc9e17c21e94ebaf13\nReviewed-on: https://review.monogon.dev/c/monogon/+/3660\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "690c42d8e98c4b9ad5caec1f8dc0da91f9347f12", "tree": "58a3e2cbd510aaa5286a82f983e26ba2d83c8553", "parents": [ "7873f46b185f846260d0119fad34e8882a48bf8d" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 21 12:10:53 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 28 09:58:03 2024 +0000" }, "message": "metropolis/node: validate label prefixes with our own function\n\nI think it makes sense to use our own domain validation function here\ninstead of using the function from Kubernetes. The Kubernetes one is\nless strict than ours, and actually allows names which are not valid\nDNS names, because it does not limit the length of labels to 63.\n\nAll labels which are valid according to ValidateLabelKey should also be\nvalid according to Kubernetes IsQualifiedName, and I added a test for\nthis. We need this property for synchronizing labels to Kubernetes.\n\nChange-Id: I0f96551b7d41f38b28174b7349cd8f37e6fd8f81\nReviewed-on: https://review.monogon.dev/c/monogon/+/3624\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "73beb693ce8aed1c1caffaec2f01b2b9c65516b3", "tree": "378d3b779febf33b1666438b1dd003053d9fd21c", "parents": [ "be70c9247b7c8f7ab0eef4b0c7b1faaf934b8f97" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Nov 27 17:47:09 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 27 19:34:17 2024 +0000" }, "message": "m/node/kubernetes: remove local-strict storage class\n\nIt turns out that the local-strict storage class did not have an effect\non readonly volumes, or on gVisor. And after updating runc to 1.2.0, it\nno longer has an effect anywhere. It appears that setting noexec and\nsimilar flags in the CSI server, using a storage class, is the wrong\napproach and just happened to work by accident. Instead, this should\nprobably be implemented as a Kubernetes feature to set per-mount-point\nflags on the VolumeMount.\n\nThis commit thus removes the local-strict storage class and the mount\noptions processing in the provisioner and CSI server. This will allow\nupdating runc.\n\nAdditionally, the StatefulSet end-to-end test is extended to also run\ntests with gVisor. gVisor apparently does not support block volumes.\n\nSee: https://github.com/monogon-dev/monogon/issues/361\nChange-Id: Ic2f50aa3bc9442ca1dbb9e8742d5b8fecbfc3614\nReviewed-on: https://review.monogon.dev/c/monogon/+/3658\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "be70c9247b7c8f7ab0eef4b0c7b1faaf934b8f97", "tree": "b1126b8ddaf845314329bd33249e2ec0db6940dd", "parents": [ "0ec0c53061acd57cf545440a723c1fd9817ed080" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 21 11:16:03 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 21 12:57:42 2024 +0000" }, "message": "m/node/kubernetes: fix attaching block PVs\n\nAttaching a block PV to a container failed with the error:\n\"failed to create device node at target path: file exists\".\nThis happened because there was already a directory at the path.\nThe directory should only be created for mounts, not for block devices.\n\nI also extended the PV end-to-end test to add a block volume, and check\nthat it can be opened as a block device and has the expected size.\n\nChange-Id: I40ca82cfcbfee1cb3196a900423f967b45790a64\nReviewed-on: https://review.monogon.dev/c/monogon/+/3623\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0ec0c53061acd57cf545440a723c1fd9817ed080", "tree": "ac07fa1b10948234fe1add7300508a427c058325", "parents": [ "652c2ad2e499ca709523978e04b3a3dbb6df642c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 29 12:39:47 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 20 18:40:12 2024 +0000" }, "message": "m/n/k/containerd: upgrade to v2\n\nUpgrade containerd to 2.0, migrate config and adjust all paths.\nNo new K8s features are enabled yet, this will come separately.\n\nAlso bumps gVisor to the latest version and essentially reimplements the\nshim as the API has changed a lot.\n\nA drive-by fix in clitable was necessary as the x/tools upgrade\nintroduced a new analysis pass.\n\nChange-Id: I9d25af203b94667aaac69a71eeccad2d42aa5f99\nReviewed-on: https://review.monogon.dev/c/monogon/+/3622\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "652c2ad2e499ca709523978e04b3a3dbb6df642c", "tree": "4a31c1797694ed53331d1a998922c3587d940d5b", "parents": [ "36f0375c9834d82016cb077142d2eaaea981d7a5" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Nov 19 17:40:50 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Nov 20 13:55:19 2024 +0000" }, "message": "m/node/kubernetes: fix PV mount flags and add e2e test\n\nMount flags did not work because of two problems:\n- The provisioner did not copy them from the StorageClass to the\n PersistentVolume.\n- The CSI server used \u003d instead of |\u003d when adding flags, so only one of\n the flags was added or removed.\n\nThere was an existing e2e test for PVs, however this only created the\nPVC/PV without even attaching it to a container. I extended this test to\nattach the PV and check from inside the container that it has the\nexpected mount flags and quota.\n\nThe existing e2e test also created a block PV, however attaching a block\nPV to a container was not tested and is apparently broken, so I removed\nthis test for now.\n\nChange-Id: Ie14adfafd333eab38d2b5f1b4ce8a2aa8795eae0\nReviewed-on: https://review.monogon.dev/c/monogon/+/3613\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "36f0375c9834d82016cb077142d2eaaea981d7a5", "tree": "301dacf15758e619d2c7fc0901e90ce6a5229f81", "parents": [ "1fc5eb01ef91a4c6fc936a177329b845f0bb45d7" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Nov 19 17:41:05 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Nov 20 13:55:19 2024 +0000" }, "message": "m/test/e2e/suites/kubernetes: increase test timeouts\n\nThese timeouts are too short and cause spurious test failures.\n\nChange-Id: I21252337a150bb5774ef031eea53ec1a366f7fbd\nReviewed-on: https://review.monogon.dev/c/monogon/+/3614\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1587a80c5a13a64798b46e32ecad998dd96db906", "tree": "6d685e516c6e125dc5ccfc46dde0f291b7824be1", "parents": [ "795951910e1c6f66efecf40e4dcc909d143999fc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 30 21:18:03 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Nov 12 19:02:38 2024 +0000" }, "message": "metropolis: add boot IDs to status\n\nThis allows for precisely determining if a kernel restart has occurred.\nUseful for making tests more accurate and relying less on sleeps.\n\nCloses: #357\nChange-Id: Ic215b5db841b29b3a3c622333a05be6c35cc6ded\nReviewed-on: https://review.monogon.dev/c/monogon/+/3477\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "275facf8c7a5f3dc826e27e75a6122226acd5694", "tree": "a4f5068b0d1888e9c81757539bc52f0dcf8e5f89", "parents": [ "a8938da203b9ecc42a61b4aa9e92b802bf0e4902" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Sep 24 00:24:29 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 11 16:03:59 2024 +0000" }, "message": "m/cli/metroctl/test: rename test file to fit naming scheme\n\nChange-Id: Ia4b93203d0da27ef171272bb9cb18ac7cdac5db0\nReviewed-on: https://review.monogon.dev/c/monogon/+/3511\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a8938da203b9ecc42a61b4aa9e92b802bf0e4902", "tree": "52c8f2971cc6ce50b9bf17a490a7defbf66e69d2", "parents": [ "9eab31ccbba4a2db416e4c5c387d22ec672ea92f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Sep 13 22:34:01 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 11 16:03:55 2024 +0000" }, "message": "metropolis/node/kubernetes: add mountOptions support for PVs\n\nWe have very strict defaults on our data mount which prevents exec\u0027s and\nsuid binaries. By adding support for mountOptions on PVs we enable\nthe user to allow specific behaviour e.g. exec\u0027s on the given PV.\n\nChange-Id: I902cf3b9dafb14598cddc18c327ef3f5bcd6450b\nReviewed-on: https://review.monogon.dev/c/monogon/+/3421\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "272c8301e0db375689dbc5bee6134b91cc23188d", "tree": "31c97490efe77ff7b571402f51b776af2d601b97", "parents": [ "b701df98b1706751142f29bee032321447886267" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Nov 05 05:17:44 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Nov 06 16:47:06 2024 +0000" }, "message": "osbase/build/mkimage: replace embedsrc abloader reference with argument\n\nrules_rust things that our abloader target itself is an exec target\nbecause it is included as embedsrc inside mkimage. To prevent this wrong\ndetection we provide it as runfile like the kernel and rootfs. This is\na preparation for updating rust to the current stable version, as it\nrequires specific overrides to work correctly with our efi toolchain.\n\nChange-Id: I78de6a15570a81d9f673702ec4e50954d604117d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3598\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b701df98b1706751142f29bee032321447886267", "tree": "27b650e77b9be17108f8e03aecfd535ec0366242", "parents": [ "78567601398f4db5a8080fd30038ff7ac6affe0f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 31 14:15:33 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 05 13:11:03 2024 +0000" }, "message": "metropolis/metroctl: implement cluster configure\n\nThis is a framework for simple ClusterConfiguration changes via\nmetroctl. We only have one mutable field for now\n(kubernetes.node_labels_to_synchronize), but more fields can be\nsupported later.\n\nThis could also be extended to support operations like \u0027add\u0027 and\n\u0027remove\u0027 for repeated fields.\n\nFinally, there could be another CLI command that would drop you into a\nprototext editor, similar to `kubectl edit xxx`. But this solves the\nsimplest usecase for now.\n\nChange-Id: I2fc588a2a2249a5c4f0cf52acb162cac9ed3d9a4\nReviewed-on: https://review.monogon.dev/c/monogon/+/3595\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "78567601398f4db5a8080fd30038ff7ac6affe0f", "tree": "757ee7c8d374317366a2535dbfb48ceaa66700f0", "parents": [ "beec27c6bdc2da730ffa2a2be6a68e1610148913" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 31 13:42:04 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 05 13:11:03 2024 +0000" }, "message": "metropolis: remove stutter in ClusterConfiguration.KubernetesConfig\n\nWe already know this is a config (it lives in ClusterConfiguration), no\nneed to call that a config again.\n\nThis doesn\u0027t break any compatibility yet as field names are not (yet)\nunder a stability guarantee.\n\nChange-Id: Ib6492d1c8303cbd0620b979b8047ec9757e301c0\nReviewed-on: https://review.monogon.dev/c/monogon/+/3594\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "beec27c6bdc2da730ffa2a2be6a68e1610148913", "tree": "d9c130b03107cdcbadcc50ff850d96d0c83b8dcb", "parents": [ "2db687330d6c907bf31006730bdd161cd34cddaa" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 31 12:27:08 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 05 13:11:03 2024 +0000" }, "message": "metropolis/cli/metroctl: move takeownership under cluster subcommand tree\n\nThis is in preparation for having more cluster-wide commands (same as we\nkeep \u0027node\u0027 for all node-specific commands).\n\nChange-Id: I3fa5935e1d751261bf82a80cf61e811fa36effc9\nReviewed-on: https://review.monogon.dev/c/monogon/+/3593\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "492434add0746eef043e5e5acc106035ccec4358", "tree": "8a6cb3b702b55e69f7e78f57a6ece0196bdf6567", "parents": [ "1f51cf42fcd4d7bb7f4b103c797c438bfa7b0098" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 22 14:29:55 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Oct 31 14:09:37 2024 +0000" }, "message": "treewide: remove qemu build\n\nWe aren\u0027t bundling it right now and it is fairly out of date. Let\u0027s kick\nit out until we need it, then reengineer the build.\n\nChange-Id: I5362616922d4b9d3e971868636f3792e33880f7a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3568\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1f51cf42fcd4d7bb7f4b103c797c438bfa7b0098", "tree": "8baeed7e76e82440e9217ea7055d04af0ba14435", "parents": [ "39f4f5c360e7a286bff4adaeabc52393dc28dc22" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 01 17:04:28 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Oct 31 14:09:31 2024 +0000" }, "message": "treewide: update rules_rust to v0.53.0\n\nThis updated our patches for rules_rust, removes a transition as it can\nbe replaced with the \"platform\" field in the rust_binary rule. This then\nallows us to correctly reference it in all targets that depend on it.\nAdditionally the -target parameter is replaced inside the llvm-efi\ntoolchain with --target\u003d.\n\nChange-Id: Ie98753e505736c9ef28ff92fa1c5aa5b3612aec3\nReviewed-on: https://review.monogon.dev/c/monogon/+/3473\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "39f4f5c360e7a286bff4adaeabc52393dc28dc22", "tree": "c81382f2408a83ab7391414738713633b8fc9608", "parents": [ "1e39914fbcecda7ec236e67f143bbefc31eee9da" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Oct 29 09:41:50 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Oct 30 13:10:29 2024 +0000" }, "message": "metropolis: add cluster domain config and metroctl param\n\nThis adds a --cluster parameter to metroctl and a cluster domain field\nto the bootstrap configuration. It is not yet used anywhere, but later\nthe cluster domain will be used to identify the cluster.\n\nThe length of the cluster domain is limited to 80, to allow for\nconstructing subdomains. This limit could be increased later if needed,\nbut it cannot easily be decreased, so I chose a conservative value that\nshould be enough in most cases.\n\nChange-Id: I627cca8eb1d92c4b06e4dfd6b6926a013e8f33ae\nReviewed-on: https://review.monogon.dev/c/monogon/+/3508\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1e39914fbcecda7ec236e67f143bbefc31eee9da", "tree": "806a09d23eec324d7ff131f42ddfab13cc0f98e0", "parents": [ "20498ddc40079451c83ba3708afc57d820866cb3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 22 10:58:15 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 30 11:42:51 2024 +0000" }, "message": "metropolis: first pass API for reconfiguring cluster\n\nThis implements management.ConfigureCluster. This API is based around\nProtobuf FieldMasks, which is a new thing in the Metropolis codebase\n(node config mutation is performed via optional fields).\n\nWhether this is the right way to do this is to be discussed.\nAlternatives considered are:\n\n1. Always insert a full new config, providing the old one as a base. The\n downside of that is the potential conflicts that will spring up the\n moment we have systems regularly mutate independent parts of the\n config. Additionally, this might lead to some odd behaviour when\n dealing with clients that don\u0027t have support for newer versions of\n the config proto.\n2. Use optional fields, like in Node role code. However, this has the\n downside of duplicating protos (one for the config state, one for the\n mutation request). Plus, protobuf optionals are still somewhat\n unusual.\n3. Provide individual requests for mutating fields (like with Node\n labels). This also results in a lot of boilerplate code.\n4. Something akin to JSON Patch, but for protobufs, which doesn\u0027t seem\n to exist.\n\nChange-Id: I42e5eabd42076e947f4bc8399b843e0e1fd48548\nReviewed-on: https://review.monogon.dev/c/monogon/+/3591\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "20498ddc40079451c83ba3708afc57d820866cb3", "tree": "08849c86dba480fd56e4252a302ee804d8ac7fae", "parents": [ "e99638e3c7a2f1a604d49c47cc7a2685bfff8c5e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 17:07:08 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis/test/launch: synchronize test node labels to kubernetes\n\nChange-Id: I57361503debb1d25873a72be18e947d2d1f11511\nReviewed-on: https://review.monogon.dev/c/monogon/+/3470\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e99638e3c7a2f1a604d49c47cc7a2685bfff8c5e", "tree": "636c243a58100c971cc3e224abf2c54324aad00a", "parents": [ "9579be5e09b6293edc78d3142b0c67a24afda93c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 17:06:44 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis/node/kubernetes: synchronize metropolis node labels to kubernetes\n\nThis extends the labelmaker to manage Kubernetes node labels mirrored\nfrom Metropolis node labels.\n\nNote that currently there is no way to edit a ClusterConfiguration at\ncluster runtime, but this will come in a future CL.\n\nChange-Id: If7dbc3796085a8b85c1b5b2a181bcb1cee3d1db4\nReviewed-on: https://review.monogon.dev/c/monogon/+/3469\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "9579be5e09b6293edc78d3142b0c67a24afda93c", "tree": "52fd3bd699099ff599eca2d7c52febad6b5b41c4", "parents": [ "dd2b80fa4eb22931702aae5d849c178a4930e101" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 17:01:04 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis/proto/common: add node label synchronization rules\n\nThis paves the way for a mechanism to synchronize Metropolis node labels\nto Kubernetes node labels. This is just the API/Protobuf part.\n\nChange-Id: Ia6f5dd91190d46495714ea56aa359c48e6a068d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/3468\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "dd2b80fa4eb22931702aae5d849c178a4930e101", "tree": "56d10f07a4dec157756a62caa7e534a270591921", "parents": [ "6d1ff36763f1d48cf8620afd17321a06d2fbe228" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 24 13:06:27 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis: support prefixes in node labels\n\nThis brings Metropolis node label semantics to be the same as Kubernetes\nlabels.\n\nChange-Id: I33c321432ec01abf978bb8dfbb3cef90f75a38eb\nReviewed-on: https://review.monogon.dev/c/monogon/+/3467\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "6d1ff36763f1d48cf8620afd17321a06d2fbe228", "tree": "e0f48b5b138f51579de1ce2662e1b3a39acec6d3", "parents": [ "677de978403a58cd219e77b312b647927bd560ac" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 15:15:31 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis/node/kubernetes: update labels based on node roles\n\nThis implements the labelmaker, a reconciling loop running on Kubernetes\ncontroller nodes which updates Kubernetes node labels based on cluster\ndata.\n\nCurrently it only updates role labels based on cluster roles, but this\ncan be extended in the future to also replicate Metropolis node labels\ninto Kubernetes node labels.\n\nChange-Id: I9c5ba92bb46f064aa03836720d4a80adc6061ab9\nReviewed-on: https://review.monogon.dev/c/monogon/+/3464\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "677de978403a58cd219e77b312b647927bd560ac", "tree": "68c55ccd2b6680d8016cf066cb1f13feb2b60113", "parents": [ "5d0f63442a3ec8998d7ed9eb3a3b04ad127a88db" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 25 05:30:04 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Oct 16 12:09:54 2024 +0000" }, "message": "treewide: bump go to 1.23.1\n\nAlso removing two checks which are useless for us as they validate usage\nof cockroach internal type usage.\n\nChange-Id: Ia0f920baa4dfd3068e6669f1ca5363f227ce67de\nReviewed-on: https://review.monogon.dev/c/monogon/+/3452\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8eebee7e32f60095137dab785a3cc3f97c85d03d", "tree": "f5bd0bca5b537a56071f54b60dbad6d34b9fb4a7", "parents": [ "0bc92a087ee0eb279ab29c3aba5d127b4202a2ea" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 10:33:48 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Oct 15 07:48:46 2024 +0000" }, "message": "m/n/c/curator: add ID field to nodes in etcd\n\nThis makes the ID independent of the public key for nodes stored in\netcd. This is needed to eventually allow node key rotation.\n\nWe could just extract the ID from the key without adding an ID field.\nBut the consistency check between key and value has already caught a bug\nonce, so it seems worth keeping.\n\nChange-Id: I7ba5904d37d54e93ad6dc7d4b6f0cfac19bc730d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3475\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0bc92a087ee0eb279ab29c3aba5d127b4202a2ea", "tree": "9c481ad86d6324cdd6bdfff4a55af4d4b4689f3c", "parents": [ "61b97a375aee98f58c13c13be672b442aecc8440" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 01 22:53:08 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Oct 10 15:55:35 2024 +0000" }, "message": "treewide: bump rules_oci to v2.0.0\n\nChange-Id: Idbeb3a3b7645c5b6f774eb43d218ca0bc79dccc1\nReviewed-on: https://review.monogon.dev/c/monogon/+/3474\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "61b97a375aee98f58c13c13be672b442aecc8440", "tree": "75e76cee9a7b32a31650f06f8b3c775d598016a4", "parents": [ "0b4fb8c4987b6ce0c8d33d9b643e0bcee5bfabe5" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Oct 02 13:30:33 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Oct 09 12:23:11 2024 +0000" }, "message": "m/node/core/localstorage: fix EFI directory name\n\nThe EFI directory is called EFI, not ESP. The ESPEFIDirectory is not\nused anywhere, so this typo did not have any effect.\n\nChange-Id: I38cd44ee06cb5f210acbd4a608e499b0372c2633\nReviewed-on: https://review.monogon.dev/c/monogon/+/3476\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0b4fb8c4987b6ce0c8d33d9b643e0bcee5bfabe5", "tree": "e812207ac2a8573b3058e6a213a4810d8f65866c", "parents": [ "0de92127b6b247c4e2a816a84a1ff045a603ca73" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 18 17:34:23 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 08 21:00:43 2024 +0000" }, "message": "metropolis/cli/metroctl: refactor to use RunE instead of log.Fatal\n\nChange-Id: Id5ca65980816e1715a8f08afcdf712292117012a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3441\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a512b0e03b370ea86b383212863d81b6d9677f3a", "tree": "373bb9ff7fd8e63928205c28d8480c33bfd8f2aa", "parents": [ "5fb8a3fc41a1c59636adaf55c6495c1a671ef7ad" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Sep 28 03:57:43 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 08 13:55:15 2024 +0000" }, "message": "metropolis/vm: delete vm package\n\nThis only contains the CRD right now and is not used/implemented\nanywhere. This is also the only usage of kube-code-gen which breaks with\nthe newest version of rules_go. Since we don\u0027t plan to use this\nin the near future this also gets deleted, because even if we need it\nagain, we can just revert this change.\n\nChange-Id: I29ab75541957fce6a7dd8414c0df3cfdf90f8ec3\nReviewed-on: https://review.monogon.dev/c/monogon/+/3465\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5fb8a3fc41a1c59636adaf55c6495c1a671ef7ad", "tree": "102e0e764764bce2ff2e0f375500b2ef0f236ac5", "parents": [ "d5538b52d7a8739f7123458c10973be36b27b9ff" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 17:04:20 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 18:18:32 2024 +0000" }, "message": "metropolis/curator: log warning if cluster configuration cannot be loaded\n\nChange-Id: I4ad520d7545fe88d0db85a223f3a2e6d51e05136\nReviewed-on: https://review.monogon.dev/c/monogon/+/3466\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d5538b52d7a8739f7123458c10973be36b27b9ff", "tree": "fd718931af36798650ddbf1a8978a94220994e82", "parents": [ "1dcede9600e4c1584da4fbe89128970ea9532860" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Sep 25 13:16:49 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "m/n/c/consensus: fix startup after removing a cluster node\n\nThe consensus service was waiting for all initial peers to be DNS\nresolvable before starting etcd. However, the list of initial peers is\nnever updated. If an etcd member is removed from the cluster, it is no\nlonger resolvable, but may still be contained in initial peer lists. The\nconsensus service then fails to start, as it is blocked forever waiting\nfor the removed peer to become resolvable.\n\nThe wait for resolvability was added in c1cb37ce9c43 with this\nexplanation:\n\n\u003e It also makes the consensus service wait for DNS resolvability before\n\u003e attempting to join an existing cluster, which makes etcd startup much\n\u003e cleaner (as etcd will itself crash if it cannot immediately resolve\n\u003e its ExistingPeers in startup).\n\nThis does not appear to be needed anymore. I did not observe etcd\ncrashes after removing the wait for resolvability.\n\nI extended the e2e test to test this scenario. After removing the\nconsensus role, it also deletes the node and reboots the remaining\nnodes. I moved these tests to the ha_cold suite, because with encryption\nenabled, we currently cannot reboot a node in a 2-node cluster.\n\nChange-Id: If811c79ea127550fa9ca750014272fa885767c77\nReviewed-on: https://review.monogon.dev/c/monogon/+/3454\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1dcede9600e4c1584da4fbe89128970ea9532860", "tree": "1561bfcc59a2663ee432339bf4d815e399571a9a", "parents": [ "39d9c24f7167eb853aed0e1865ef8b187adf5bba" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Sep 25 13:07:11 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "m/test/launch/cli/launch-cluster: add allow-reboot flag\n\nWith the `-allow-reboot` flag set, it is possible to reboot a node with\n`metroctl node reboot`.\n\nChange-Id: I5c16f40d231803e31452a3b3c524be209d501526\nReviewed-on: https://review.monogon.dev/c/monogon/+/3453\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "39d9c24f7167eb853aed0e1865ef8b187adf5bba", "tree": "dc8229e272c2f78eac56bdf4fde135809444f255", "parents": [ "8d82f8d261b14b73385ba66e44279c53bb9fef13" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 24 13:49:55 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "metropolis: reduce usage of identity.NodeID\n\nEventually, we want to be able to rotate node keypairs. To allow this,\nthe node ID needs to become independent of the public key. This change\nis a refactoring which starts this work by reducing the usage of\nidentity.NodeID, the function which derives a node ID from a public key.\n\nChange-Id: I5231ed0a7be37c23327fec93481b00c74374af07\nReviewed-on: https://review.monogon.dev/c/monogon/+/3445\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8d82f8d261b14b73385ba66e44279c53bb9fef13", "tree": "f7332695f7546dd34ac043ac4ce4d6dcc6547dce", "parents": [ "ad8982fcd78a3408c024d9031fa611b48dd86304" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Sep 18 11:22:46 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "m/n/c/curator: maintain consistency between roles and etcd members\n\nWhen updating the consensus role, both etcd membership and the role need\nto be updated. It is possible that the etcd membership change is applied\nbut the role update fails, resulting in an inconsistency. This change\nadds a background process which cleans up this inconsistency by updating\nroles to match etcd membership.\n\nThis is partially based on previous work by Serge Bazanski, where this\nbackground sync was performed in the opposite direction: etcd membership\nis removed if the role is missing. Here, I instead update the role based\non etcd membership. This has the benefit that we finish partially\napplied management operations, instead of fighting them.\n\nCo-authored-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nChange-Id: I8871b068d1d20c65bcbea5289eafe54676906819\nReviewed-on: https://review.monogon.dev/c/monogon/+/3438\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "ad8982fcd78a3408c024d9031fa611b48dd86304", "tree": "b6a7f84b0d7d8e1d4531883eac22dab990c6f1c7", "parents": [ "fc6e1cf11d0d96fac1e8d52b5787b207f8b1fd9f" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 17 13:56:34 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "m/node/core: remove etcd membership before removing consensus role\n\nWhen removing the consensus role, we also need to remove etcd\nmembership. It is safer to remove membership first, and then the role,\nbecause otherwise, the etcd cluster is in a degraded state during the\ntime where etcd on the node has been stopped, but the node is still\ncounted as a voting member by etcd.\n\nIf the membership is removed, but then removing the role fails, the\ncluster ends up in an inconsistent state. If the affected node was the\ncurator or etcd leader, that will almost certainly happen. In this case,\nthe request can just be retried until it succeeds, and then the cluster\nstate is consistent again between etcd membership and roles.\n\nChange-Id: I1ab526470a4201e76817e8ca0a597996fb903d1f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3437\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "fc6e1cf11d0d96fac1e8d52b5787b207f8b1fd9f", "tree": "85ee090a2aa8cfe6bdc64e9116066350f8d12605", "parents": [ "e551d31d39e7cf13e7adf2f66941e6989a708c60" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 18 17:34:07 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Sep 23 15:44:49 2024 +0000" }, "message": "metropolis/cli/metroctl: don\u0027t print usage for runtime errors\n\nChange-Id: I91fdca45e874ea1ec9112df556a9a7392fd45bfd\nFixes: https://github.com/monogon-dev/monogon/issues/352\nReviewed-on: https://review.monogon.dev/c/monogon/+/3440\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5f1a7de2dfb5db1884fcb677a0bd38daf6dd3c97", "tree": "fd52bf35b4b2e6b5c51f56d62424c9d0820ef537", "parents": [ "e337e938ae8e08dffa3a01045571188413ce70ff" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 19 02:00:14 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 19 12:06:50 2024 +0000" }, "message": "treewide: fix %v in cases where we should use %w\n\nWe should always use %w when using fmt.Errorf as you can use error.Is to\ncompare the underlying error. When printing an error the use of %w is\nwrong and should be replaced with %v.\n\nChange-Id: I741111bd91dcee4099144d2ecaffa879fdbb34a2\nReviewed-on: https://review.monogon.dev/c/monogon/+/2993\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e337e938ae8e08dffa3a01045571188413ce70ff", "tree": "f82fa1f5722c3eae99506510056fb6a5ce736309", "parents": [ "7a1b27df41a9729dd9669cdaabd6864afc5e85b7" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sun Sep 15 20:14:39 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 18 22:27:59 2024 +0000" }, "message": "m/n/k/containerd: set device ownership based on security context\n\nWhen a user deploys a pod with a kvm device it is owned by root. By\nsetting device_ownership_from_security_context to true, containerd\nwill chown these devices to the uid/gid set in the securityContext.\nFor more informations see\nhttps://kubernetes.io/blog/2021/11/09/non-root-containers-and-devices/\n\nChange-Id: I1a0285dfc560c3c662d5e2eb8e37e68d87408b83\nReviewed-on: https://review.monogon.dev/c/monogon/+/3428\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "7a1b27df41a9729dd9669cdaabd6864afc5e85b7", "tree": "fe32eee491bd556f3379ac2fba779d56314f045c", "parents": [ "d0e39cbad2e12cbb23caa7d36ccbd4821285ac51" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Feb 22 23:54:58 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 18 19:39:51 2024 +0000" }, "message": "metropolis/cli/metroctl: implement install ssh\n\nThis implements another way of installing metropolis via ssh. It does\nthis by uploading the files to the target machine and then doing a kexec\ninto the install environment. If it fails at any point it will print the\nerror and reboot.\n\nChange-Id: I1ac6538896709c386b053a84903fa04940c1f012\nReviewed-on: https://review.monogon.dev/c/monogon/+/2079\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e4b1d20497b31ce639b6d8d8fb7079ea49686144", "tree": "4f143be7218443701acf6fb1830762a4a749c34d", "parents": [ "c5d28e49c53c7dd0b1f88160514342a1e1b98958" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 17 23:44:46 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 18 18:31:28 2024 +0000" }, "message": "m/node/core: fix nodeparams dependent on network\n\nThe GCP nodeparams gathering strategy depends on network availability.\nWith the introduction of static network configuration that got added to\nNodeParameters which meant that they needed to be there before the\nnetwork could be initialized. This dependency loop stalls bootup on GCP\nforever.\n\nFix it by splitting up NodeParameter gathering into a local and a\nnon-local phase. In setups where metadata is gathered via network\nautomated network configuration is generally always available to break\nthis dependency loop. Thus we can start networking after the local phase\nhas finished and run the non-local (i.e. networked) phase later.\n\nChange-Id: I661b9b474f67f2289f427327efa4c3eaa19393e7\nFixes: https://github.com/monogon-dev/monogon/issues/353\nReviewed-on: https://review.monogon.dev/c/monogon/+/3439\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ca8d951b683a3f0c64da7f61d4f74567d50623ac", "tree": "8e8f7af5a5902c0807d77d6774dfd8b426510624", "parents": [ "04aa3df595521dab1fe8fb12b716d2826a37105f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 12 14:20:57 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 16 16:29:59 2024 +0000" }, "message": "metropolis/resolver: use logging.Leveled\n\nThis moves the resover client library to use logging.Leveled instead of\nan ad-hoc logger interface.\n\nBy now having multiple level of logs, and by defaulting metroctl to show\nerrors and warnings, this should fix #302.\n\nChange-Id: I7cae1cf1be377ec824ad46ea1da1b23b46e01903\nReviewed-on: https://review.monogon.dev/c/monogon/+/3432\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3c5d0635f855f16780792a6be311f71b4d59f20b", "tree": "4a48292bf17a874f2d627901ee4f7e9145c5b040", "parents": [ "a036c4e792e4b497c512991291b0cc18bc12b5e3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 12 10:49:12 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 16 14:03:22 2024 +0000" }, "message": "osbase/logtree.LeveledLogger -\u003e go/logging.Leveled\n\nThis factors out the common leveled logger interface out of the logtree.\nWe want to use the same interface outside of logtree/supervisor usage\nwithin the resolver code, which will be exposed to clients.\n\nChange-Id: I299e76d91e8cefddf8f36f1e58432418c4694df2\nReviewed-on: https://review.monogon.dev/c/monogon/+/3411\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a036c4e792e4b497c512991291b0cc18bc12b5e3", "tree": "d759d4504d042a62577a1b57a9093a4ab97f0f67", "parents": [ "96e014e23888e09c12a8f0dd78ac13a1b319751d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 10 19:11:57 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 16 12:21:19 2024 +0000" }, "message": "m/n/c/mgmt: move and factor out reboot code\n\nMake sure we do not have two copies of mostly temporary reboot code\nsitting around and put it in a sensible place.\n\nChange-Id: I293a699dbfc3cfe23378485c512d8769b2859ab8\nReviewed-on: https://review.monogon.dev/c/monogon/+/3396\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "96e014e23888e09c12a8f0dd78ac13a1b319751d", "tree": "40504bb1497ed5f3624d299b6b241c2a92cc3af2", "parents": [ "58321127dc8e4c44cfb0eee372a313b277857a2e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Sep 10 02:26:13 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 12 23:31:41 2024 +0000" }, "message": "metropolis/installer: migrate to bringup package\n\nChange-Id: Ib6215bc51fdef45476198eceffbd0fd1fd362f1b\nReviewed-on: https://review.monogon.dev/c/monogon/+/3393\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "154e6d90cd52d48d274e0fe14f070342a6c5b2b8", "tree": "ebbbb10d975d6f84cfa56bd45db904379d2ddb84", "parents": [ "437d62480bbd4e34b443e7380071bc0c41c5a948" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 11 17:26:31 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 12 09:23:42 2024 +0000" }, "message": "metropolis: prevent printk console pollution\n\nThis implements two separate approaches to limit printk pollution of the\nnew tconsole:\n\n 1. Sets the minimum printk level to EMERG. Everything lower than this\n level will not get blasted to tty0.\n 2. Jut in case something does a spurious EMERG printk (or something\n just writes to tty0), we redraw the console. This makes it\n self-healing.\n\nChange-Id: I69370ebf6c3cb3cacc8b6ea1ad3703e758bbf50c\nReviewed-on: https://review.monogon.dev/c/monogon/+/3398\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "437d62480bbd4e34b443e7380071bc0c41c5a948", "tree": "276b2cf12b559106623bde38e11eec3287bebd1a", "parents": [ "c752ec63559ecd9b486cc9df2cdb37366ceda427" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Sep 10 02:26:27 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 11 20:20:14 2024 +0000" }, "message": "m/n/c/u/e2e/testos: migrate to bringup package\n\nChange-Id: I661e4240f5fc3a40acac38250212ab892ac121c1\nReviewed-on: https://review.monogon.dev/c/monogon/+/3394\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "cc32cc4945e51da605a961022440f5456455ce30", "tree": "0bb5e4c3c4252ff561e6960819e1bba81e7ca30f", "parents": [ "5a5c66bf9f8b7429687705e30b35e5ef2249a068" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 09 20:14:05 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 11 13:45:13 2024 +0000" }, "message": "m/c/metroctl: implement reboot and poweroff\n\nImplements node-level reboot and poweroff commands, both routed to the\nReboot RPC.\n\nThese are approximately modeled after systemd\u0027s systemctl as that\u0027s\nwhat most people will be familiar with.\n\nChange-Id: I5578bb0a37cd8f0ac9438ae5f2f5db0bf025672b\nReviewed-on: https://review.monogon.dev/c/monogon/+/3391\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "5a5c66bf9f8b7429687705e30b35e5ef2249a068", "tree": "8f0bf5954e9f9083084b132414abdc52ec626df9", "parents": [ "32ccd10f990e435ddd830c86e1ca312b065da0da" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 22 16:11:44 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 11 13:40:22 2024 +0000" }, "message": "metropolis: add Reboot RPC\n\nThis adds a new Reboot RPC to reboot a running node. It also supports\nrebooting into the passive slot and powering off the node.\n\nChange-Id: I329b22ea879adeb65a3e31103d39ad89813d61e8\nReviewed-on: https://review.monogon.dev/c/monogon/+/3354\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "32ccd10f990e435ddd830c86e1ca312b065da0da", "tree": "1a8c4175af9b07031cdefe16ef96685d9ae91555", "parents": [ "509c70950fb77ded605f98f38c99a1dfc1f1aef4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 09 19:57:03 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 11 13:40:22 2024 +0000" }, "message": "m/n/c/cluster: ensure A/B state exists\n\nWe always want to make sure that A/B boot state tracking is done, even when registering or bootstrapping. Call MarkBootSuccessful for both remaining paths.\n\nChange-Id: I7ffa5d05e0e038dd816a5e3dc488948bb37501b2\nReviewed-on: https://review.monogon.dev/c/monogon/+/3390\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1640c289768c3007154b4240e21457778dfcd105", "tree": "c41ae608df011ec6cab878c2efd364c199495338", "parents": [ "73c632ff52f3669a4cf1d72bacb36f4c480c09b0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 09 17:50:48 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 11 13:40:22 2024 +0000" }, "message": "m/n/c/update: allow kexec\u0027ing the next slot\n\nThis allows asking the update service to stage the next slot into kexec,\nallowing for kexec-assisted reboots.\n\nChange-Id: I8aea80918ecbf714c3ae10462ee26bbc5bad0d2e\nReviewed-on: https://review.monogon.dev/c/monogon/+/3387\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "73c632ff52f3669a4cf1d72bacb36f4c480c09b0", "tree": "dba07e3e0ec98bf3b133d366ecfd68a18d53e6c0", "parents": [ "d735a3c8cc39ba707768137815e1294224efe6bd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 05 13:51:57 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 11 11:19:39 2024 +0000" }, "message": "tconsole: add logs page\n\nThis is a basic log console. Future work can be performed to make the\ndisplay more compact, allow scrollback functionality and maybe scrolling\nto the sides to see longer lines.\n\nChange-Id: I81defe874542acfe89137035d0fc6de9861d3e33\nReviewed-on: https://review.monogon.dev/c/monogon/+/3382\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d735a3c8cc39ba707768137815e1294224efe6bd", "tree": "5a535552aa5729480c5ccc53153f673dc2f377be", "parents": [ "0d9e125d30455e7d4352e1394fead5b093846621" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 05 13:51:44 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 11 11:19:39 2024 +0000" }, "message": "tconsole: add status bar\n\nThis adds a status bar to the bottom of the tconsole. It contains a page\nselector and clock.\n\nChange-Id: Ia932fe793ff067f3d096046d8bd93c060bac807a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3381\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "0d9e125d30455e7d4352e1394fead5b093846621", "tree": "e69047b94bba04e16d4cbfa89a4c7ffd30a3a176", "parents": [ "5abcc7a8a8eb891c0f8920fbd4fa0104e751841b" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 03 12:16:47 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 11 11:19:39 2024 +0000" }, "message": "tconsole: init\n\nThis introduces the \u0027tconsole\u0027 (terminal console), the default\ninterface to show in /dev/tty1 on a Metropolis node.\n\nCurrently it just shows some basic status in a single page. Upcoming\nchanges will reintroduce a simple log dump on a different page, as well\nas entirely new features like supervision tree inspection.\n\nTo iterate quickly on the console, a \u0027standalone\u0027 target is added which\nexercises the console on the user\u0027s terminal with fake node data.\nHowever only the actual console in Linux displays colours as intended.\n\nChange-Id: I5cfba2bdb320daa080a073e76bf0494aeab6a4d4\nReviewed-on: https://review.monogon.dev/c/monogon/+/3371\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5abcc7a8a8eb891c0f8920fbd4fa0104e751841b", "tree": "9aa19c4a6dd5234b241f6f6a0b82f3d2878e4ce3", "parents": [ "0700357ac03ceb039c0c66e07f06da164d53d5b5" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Aug 26 13:59:11 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 10 14:50:21 2024 +0000" }, "message": "m/test/launch/cli/launch-cluster: fix metroctl path\n\nos.Executable() returns the path to launch-cluster, not metroctl. This \nbug meant that trying to use kubectl on the cluster instead launched \nanother cluster.\n\nChange-Id: I94305c2688e55e2d2776d4a141d80b9f4ee3ec8f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3352\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0700357ac03ceb039c0c66e07f06da164d53d5b5", "tree": "8ea2f279903ea08850cf521f8cc25277467aed1f", "parents": [ "12b9a5d23a8cd59b2b9861aca47b81ed44abbdfd" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Aug 26 10:42:16 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 10 14:50:21 2024 +0000" }, "message": "m/test/launch: make disk size configurable\n\nThis adds a flag to the launch-cluster command to specify the disk size \nof the VMs. This takes advantage of the previously added data partition \ngrowing feature.\n\nFixes: https://github.com/monogon-dev/monogon/issues/309\nChange-Id: Iecf8d8c186af16dfa9ed0418ec96c51e58900052\nReviewed-on: https://review.monogon.dev/c/monogon/+/3351\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "12b9a5d23a8cd59b2b9861aca47b81ed44abbdfd", "tree": "f8bd6cf5f8dfd0be8808360f24f96a93b93c9c85", "parents": [ "c39b1dc86b0af53d0aee5ca0f1a32ab79408167d" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Aug 26 17:22:03 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 10 14:50:21 2024 +0000" }, "message": "m/n/c/localstorage: grow data partition before initializing\n\nThis adds the feature of growing the data partition before initializing,\nif there is free space after the partition. This is mainly useful for\nvirtual machines whose disk is initialized from a smaller image.\n\nChange-Id: I3ce071f73f494dc3a32ce79fd9db415ceb0e6f0d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3348\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6120f38e1a10a1389f9413209ea6b6f23be56258", "tree": "e05e708b1c8c9a8fabdd725f66e8885dec448857", "parents": [ "e1420ab79117be4c97818fa708f62fea3ff6d265" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Sep 03 16:31:10 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Sep 10 12:10:09 2024 +0000" }, "message": "cli/metroctl: add metroctl_lite for use in tests\n\nIt is the same target just without any data dependencies to ensure we\ndont have large dependency tree when running tests.\n\nChange-Id: Iebd0fbd880de07bbd853ea8dce8e9fbb193506af\nReviewed-on: https://review.monogon.dev/c/monogon/+/3372\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ca6da6adf2fa3b88c743c9d7f88ef9cfea4e0823", "tree": "08cb2a1a2593333a77f932d117f53e8aea493251", "parents": [ "442cf688ef848811b1fa17d8a7cd7c7aaf774195" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 09 17:55:15 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 09 20:37:57 2024 +0000" }, "message": "m/n/c/update: implement Rollback\n\nImplement a mechanism for manual rollbacks, useful for cases where\nrolling forward is not an option or automated rollbacks did not catch an\nissue. To ensure that the rollback does not break the machine, the\nalternate slot is only tried on next boot and that version needs to set\nthe slot active before it is permanently activated.\n\nChange-Id: I2fe4dfedcecd5bf7d1bdebdd070e40e817bca7c3\nReviewed-on: https://review.monogon.dev/c/monogon/+/3386\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "442cf688ef848811b1fa17d8a7cd7c7aaf774195", "tree": "b09cc8b514288118facd2ee2ab4255265a392937", "parents": [ "93d2e6c9014c17e86e357f7285e2a3378a6dbbcb" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 05 18:28:48 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Sep 09 11:32:45 2024 +0000" }, "message": "m/n/c/consensus: handle empty etcd member Name\n\nWhen an etcd member has not been started yet, the member.Name field is\nthe empty string. In this case, we need to extract the node id from\nPeerURLs instead.\n\nChange-Id: I41aa39423bd4c7888467d65eb2a3f96e7d02e617\nReviewed-on: https://review.monogon.dev/c/monogon/+/3385\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "93d2e6c9014c17e86e357f7285e2a3378a6dbbcb", "tree": "3d3c0d1f26660d141c4bcacf19def7958fd835e7", "parents": [ "14e634795ccfe49710f6f7b5d6c1819f575480a6" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 05 17:47:09 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Sep 09 11:32:45 2024 +0000" }, "message": "m/cli/metroctl: fix confusing logs\n\nIf there is an error, it previously logged both the error and success\nmessage, which is confusing.\n\nChange-Id: I2b4cbed205a035eae2b10412a527536593f38e24\nReviewed-on: https://review.monogon.dev/c/monogon/+/3384\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "14e634795ccfe49710f6f7b5d6c1819f575480a6", "tree": "aa56ba6100eb4c03a59c07b06726e102ede07017", "parents": [ "62e6f0b9a4561118f691f2d886a7e2c026cec333" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 05 15:34:26 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Sep 09 11:32:45 2024 +0000" }, "message": "m/n/c/curator: refactor consensus status access\n\nWe already obtain the consensus status when starting the curator, and it\nseems strange to do it again in one RPC handler.\n\nChange-Id: I3dd9d93b16180011392f8b64c94b0267ec30815f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3383\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "62e6f0b9a4561118f691f2d886a7e2c026cec333", "tree": "1a587dfea077d6111018913573cce7152cf1340b", "parents": [ "b2d6c33bbb47a4b59bfb8c63934de500815a6a91" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 03 12:18:56 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 04 19:40:28 2024 +0000" }, "message": "metropolis/launch: expose VNC socket\n\nThis can be used to manually test our upcoming console terminal.\n\nDrive-by add a timeout to retrieving initial cluster credentials in\ntest, as this wasn\u0027t capped and caused tests to fail at the Bazel 300\nsec timeout for a trivial case of a misconfigured qemu that wouldn\u0027t\nlaunch.\n\nChange-Id: I31fe8b82f3d7ad606c0ca1b03f51373fc746d499\nReviewed-on: https://review.monogon.dev/c/monogon/+/3370\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "b2d6c33bbb47a4b59bfb8c63934de500815a6a91", "tree": "474ea1474ceb7e6a58db658d41e4905ae7235b36", "parents": [ "f538ce4e8ca06767b9723d1f7969691d76561936" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 03 12:18:24 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 04 19:40:28 2024 +0000" }, "message": "metropolis/roleserver: expose cluster credentials to external users\n\nThis will be used by the terminal console to access information about\nthe node ID and CA fingerprint.\n\nChange-Id: Ia9ff6ab1b5b903415b8275d6b4156ba176bbbf1b\nReviewed-on: https://review.monogon.dev/c/monogon/+/3369\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f538ce4e8ca06767b9723d1f7969691d76561936", "tree": "cb7d709acb6f3ec11c839796b9ee68175c7bda30", "parents": [ "18e9a3f6a499f45e7a00b5d8613165124bb984f8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 03 12:17:25 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 04 19:40:28 2024 +0000" }, "message": "metropolis/minit: do not log to /dev/console, bump year\n\n/dev/console and /dev/tty overlap, causing us to emit the copyright\nnotice twice.\n\nChange-Id: Ibe4f816dda9a32cfc614eed4ad19159bf72c6c4a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3368\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "732a88411de08ac44d1f2bdb6b948c39c9ddc727", "tree": "6c7b78cf514254594d3ccadbb41f6364dd2cc286", "parents": [ "688ee2b59301e5a0494890003a85583f8da07ec5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 26 23:25:37 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 27 21:40:54 2024 +0000" }, "message": "treewide: update to Kubernetes 1.31\n\nOverall not that bad, we got rid of some workarounds and added some new\nones. Biggest change is a significant refactor of the hyperkube package\nas Kubernetes really doesn\u0027t like multiple of their top-level Cobra\ncommands to be instantiated. One new patch for gVisor as new fields got\nadded to a Linux struct which caused codegen to rename an existing one.\nThat patch will go away once [1] is released as this has been changed\nback again.\nOtherwise mostly standard rebases of patches. We currently have a\nwarning in kubelet as our containerd CRI does not support the\nRuntimeConfig RPC, but no released version of containerd has that and\nthe fallback works fine for now.\n\n[1] https://go-review.googlesource.com/c/sys/+/607876\n\nChange-Id: I275e5fb78bc1d09c4ca0e8b5705edbaa80f30d96\nReviewed-on: https://review.monogon.dev/c/monogon/+/3355\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "10ef8f93d9c3acc3307819b679578f50c6798559", "tree": "aa957dd6625fac3c0afc62f17b9d8332fd3473d0", "parents": [ "1b1d95d14cb8727cd8c6a1b3efe88cef98b7bd0a" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 13 15:35:10 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 22 12:05:26 2024 +0000" }, "message": "treewide: move //net to //osbase/net\n\nThe net package contains the utility to dump a network configuration in\nproto format. It should be in osbase.\n\nChange-Id: I4d25d9c7d600f4a04b9b79bd1ba98286bf9daec3\nReviewed-on: https://review.monogon.dev/c/monogon/+/3313\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "a9b060b0bf7d965c7f04f1d005d7f3767715d5bc", "tree": "3f04781571d00e3b9640bb24da27cd0c7b6c121a", "parents": [ "397f7eaa1e98554f8b9fed2c748e492bf739027b" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Aug 07 10:42:29 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Aug 21 12:34:45 2024 +0000" }, "message": "m/test/launch: allow specifying launch parameters\n\nThis adds flags to the launch-cluster command for specifying the size of\nthe cluster, tpm and storage security configuration, number of CPUs and\nRAM size for all nodes, and assigning roles to specific nodes.\n\nAs an example, the following command launches a cluster with tpm\ndisabled, 4 nodes, 2 CPUs and 4 GiB of RAM on each node, and assigns the\nKubernetes Worker role to all except the first node:\n\nbazel run //metropolis:launch-cluster -- -tpm-mode\u003ddisabled \\\n-num-nodes\u003d4 -cpu\u003d2 -ram\u003d4G -kubernetes-worker\u003d1-3\n\nThe default storage security policy was changed to insecure, as this\nspeeds up cluster launch.\n\nThe cluster configuration flags are defined in a new separate package to\navoid code duplication.\n\nFixes: https://github.com/monogon-dev/monogon/issues/315\nChange-Id: Icf8b7fcbd6e609f4785b2a60ce5e7be14b641884\nReviewed-on: https://review.monogon.dev/c/monogon/+/3307\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "397f7eaa1e98554f8b9fed2c748e492bf739027b", "tree": "e0184b594e51a432b41f7ada43efdb1342e67061", "parents": [ "53964c1343dd37e29c8a61a44f47202b3f3726cc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 20 21:26:06 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 21 12:33:07 2024 +0000" }, "message": "m/n/kubernetes: set PV inode quota relative to capacity\n\nThis removes the hardcoded 100k inode limit which is very low for large\nPVs in favor of a scaled value dependent on its capacity. This\ntechnically allows overcommit as the inode space is not accounted for on\nthe capacity side, but this was already the case before, just with a\nstatic limit.\n\nChange-Id: I48816cd904127397907c1372e7cbb4b9b5ea60f2\nReviewed-on: https://review.monogon.dev/c/monogon/+/3339\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "53964c1343dd37e29c8a61a44f47202b3f3726cc", "tree": "c7d2c72ce7bf42810a452dd37576c8cdab98638a", "parents": [ "91bf1c89cbb61cf9f8183306196bfda97dd852a5" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Jul 29 17:59:32 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Aug 21 11:10:01 2024 +0000" }, "message": "WORKSPACE: remove CoreDNS dependency\n\nThis is no longer needed, CoreDNS was replaced by the new DNS server \nimplementation.\n\nChange-Id: I0c1072645a9e8ba196eabf6c549924def00b0212\nReviewed-on: https://review.monogon.dev/c/monogon/+/3281\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "91bf1c89cbb61cf9f8183306196bfda97dd852a5", "tree": "6c2c49d69e6db68917f2170055ddae5496664093", "parents": [ "a48bd3c3220063ed6beecf0b36ef6959f79f3790" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Jul 29 17:31:33 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Aug 21 11:10:01 2024 +0000" }, "message": "treewide: integrate new DNS server\n\nThis integrates the new DNS server into the network service, replacing \nCoreDNS.\n\nChange-Id: I1d2e0fd3315dc2c602a8f805ed701633799e9986\nReviewed-on: https://review.monogon.dev/c/monogon/+/3260\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2542ef844695ed5b4d636b4aedecfd7ec6809166", "tree": "221ca06d7acbfe8e7bc58b87d1902f0a70c9cb09", "parents": [ "5b075f7157dfac40ff5c26478cfb74deaf5ae48a" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 20 13:33:02 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 20 13:37:21 2024 +0000" }, "message": "m/c/metroctl: fix crash deleting node without status\n\nIf status for a node is not present, which might happen for multiple\nreasons, metroctl node delete crashes trying to dereference a nil status\nvalue. Fix this by not printing status info if it\u0027s not available.\n\nFixes: https://github.com/monogon-dev/monogon/issues/341\nChange-Id: I204cd9a70c2b44238da0356ee2629325aa713bea\nReviewed-on: https://review.monogon.dev/c/monogon/+/3333\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "5b075f7157dfac40ff5c26478cfb74deaf5ae48a", "tree": "d79fb94a4044b0bc33504ce7b511ed93db34a04c", "parents": [ "c2290c2e21ee5615d341d56799516829c2fea540" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sun Aug 18 23:51:23 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 20 13:03:51 2024 +0000" }, "message": "metropolis/cli/metroctl: Add missing role to command error message\n\nChange-Id: I06530fcc296022c5d24aee396073f6ce20d41135\nReviewed-on: https://review.monogon.dev/c/monogon/+/3331\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c2290c2e21ee5615d341d56799516829c2fea540", "tree": "fdbf849c7e459508b844c7aff2a33e79f4c1b12e", "parents": [ "be0b4c9158371b29c21badc5702ee50ed8179935" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 15 19:56:00 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 20 13:03:42 2024 +0000" }, "message": "treewide: move build helper to more fitting places\n\nChange-Id: I3d0cfe9283222d403ae369ec9db09201ad511e15\nReviewed-on: https://review.monogon.dev/c/monogon/+/3327\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "be0b4c9158371b29c21badc5702ee50ed8179935", "tree": "ac18da68113403d9461227d5604ac2864f800ba3", "parents": [ "6920c47bdd3cd6a0f78b4815bc6378c98c9d159e" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Aug 15 10:08:22 2024 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Aug 19 13:12:18 2024 +0000" }, "message": "Revert \"metropolis/node/core: mount /sys/fs/bpf\"\n\nThis reverts commit 201b527e632caec8480500bc1cca5d8ab0f5896b.\n\nThe mount does not propagate to privileged containers,\nso we don\u0027t need this to be mounted on the host after all.\n\nChange-Id: I6f6589664396f5285ba28b981faf8654929ea99a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3262\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "cc27faac73b1bff4b0d31ffacb0d938022db75ea", "tree": "d081a0655a5cebd62fc19e4ce9d67515e939e626", "parents": [ "5748bd9df1a0c92c1fb04056a6c2d88809741026" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 01 02:18:35 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 13 14:39:14 2024 +0000" }, "message": "m/n/b/mkimage/osimage: rename osimage.Create to osimage.Write\n\nWe aren\u0027t creating an osimage, we are writing it to a disk.\n\nChange-Id: If3769e18dbe988556b0c607ad82b734f21637836\nReviewed-on: https://review.monogon.dev/c/monogon/+/3294\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "82e6af71ad2b7927de8d754799271ee9f39506f9", "tree": "4da4ec95a6e4c5f58957c555d8646e46dbb25c6d", "parents": [ "bceb1604c4d6ce1396c63083d2fd8aae98346cf3" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 23 00:05:42 2024 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 13 12:43:45 2024 +0000" }, "message": "treewide: replace hardcoded runfiles paths\n\nWe hardcoded some of the runfiles paths to find specific files. This replaces the hardcoded paths by a call to rlocationpath. This prevents running a target without the correct dependencies at build time instead of at runtime\n\nChange-Id: I7ce56935ac80be6b28b824ccb0781ab401bd6521\nReviewed-on: https://review.monogon.dev/c/monogon/+/3301\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "bceb1604c4d6ce1396c63083d2fd8aae98346cf3", "tree": "a0ce4ce421b7be39709ad4bcf51d8e4e048d024d", "parents": [ "efbde1900fbeb9ab7cab58cd53a39f8cab859e7c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 10 18:17:32 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Aug 12 13:01:56 2024 +0000" }, "message": "m/n/b/mkimage/osimage: allow planning for installations\n\nThis allows planning an installation before actually committing any\nwrites to the underlying blockdevice. By adding this we can ensure we\ndon\u0027t brick any machines/bring them into a state where only manual\nintervention brings it back.\n\nChange-Id: I5f760c8aa83669a23b7ba55ba7ea471743e9e849\nReviewed-on: https://review.monogon.dev/c/monogon/+/3212\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "efbde1900fbeb9ab7cab58cd53a39f8cab859e7c", "tree": "3bd21c61782fd93566490507e31bec2da74eb6b0", "parents": [ "f9a8dcda408842251433b7d3d734d4f0710d1ba2" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 31 14:53:20 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 06 14:35:51 2024 +0000" }, "message": "metropolis/node: export core/supervisor metrics\n\nChange-Id: Ibe3be27f9a5b3fc5e36babecc74d7d784d1f5e10\nReviewed-on: https://review.monogon.dev/c/monogon/+/3292\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0b9276519a7475c3a341f78d83ca8d18cec3b38a", "tree": "4824ee5afec87621b60d6cf06e22d3c696d3a978", "parents": [ "a3e38cf9a4fcc0940402c4f18172662a84e28151" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Jul 31 18:08:50 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Aug 05 07:36:08 2024 +0000" }, "message": "m/test/launch: consistently use 0-based node indices\n\nPreviously, the first node was sometimes called node 1 in the logs, and \nsometimes node 0. Now it is always called node 0.\n\nOnce all nodes are up, node info is now printed in the order of node \nnumbers. Previously this was random as this was iterating over a map \n(cluster.Nodes).\n\nChange-Id: I0757c89951d7292f2f720237604a3554af4bf404\nReviewed-on: https://review.monogon.dev/c/monogon/+/3293\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "a3e38cf9a4fcc0940402c4f18172662a84e28151", "tree": "add9e62b0d9598619e0000353999729fc7b376b2", "parents": [ "58079040557df838ec418d96155df0b273331dab" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 31 14:40:04 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 01 10:11:03 2024 +0000" }, "message": "metroctl: add metrics command\n\nThis is a little helper command to access Node metrics easily for people\n(eg. developers!) who don\u0027t have a metrics collection infrastructure set\nup.\n\nChange-Id: Ibe3b4356db88e31c3156289ab8d8ca2985266b4b\nReviewed-on: https://review.monogon.dev/c/monogon/+/3288\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "e5e90a8911f93d2f7b6bdd7b57cd06d430b353a5", "tree": "04dc5ad0bf34805b8ad14af7f31d8510f4b47370", "parents": [ "d7f5993d91979bd5c68c6d46332ff781d014c21e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 17 23:46:22 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 25 12:10:57 2024 +0000" }, "message": "treewide: migrate external rules to bzlmod\n\nThis is a huge one as it was very annoying to migrate them separately. This migrates rules_go, gazelle, rust_rust, protobuf to bzlmod\n\nChange-Id: If39591d43ed4c2afa2979ee5915e9d1cfa1574a9\nReviewed-on: https://review.monogon.dev/c/monogon/+/3234\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "201b527e632caec8480500bc1cca5d8ab0f5896b", "tree": "b57aa1b85cfa8ab5878809bf286b713f360da831", "parents": [ "f65898347121ef898f7efcaacfd7f2063045132a" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Jul 24 16:31:42 2024 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jul 25 12:02:52 2024 +0000" }, "message": "metropolis/node/core: mount /sys/fs/bpf\n\nRequired for BPF maps. Currently only used by specific customer\nworkloads which run inside the host network namespace.\n\nChange-Id: Ib948c76ff5eecbc4f8b76d6b48e0eb5ce2e1b1ae\nReviewed-on: https://review.monogon.dev/c/monogon/+/3249\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "4cfcc0b0b25fba463225feae64232d40e02b570c", "tree": "69a7d9ce2d531c763d482e340afe5ceced40c068", "parents": [ "c5e0dbd3437d5c739d42d7724a619b126eabdbf5" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Jul 24 13:23:26 2024 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jul 25 12:02:52 2024 +0000" }, "message": "metropolis/node/kubernetes: allow privileged pods\n\nThere are valid use cases for privileged pods in low-assurance clusters.\nIn particular, \"kubectl debug node/... --profile\u003dsysadmin\" is very\nuseful for debugging and requires privileged pods.\n\nIn a production cluster, we\u0027d want to restrict privileged pods\nand other dangerous capabilities (which are already allowed)\nusing pod security or more sophisticated admission controllers,\nincluding enforcing future cluster integrity policy levels.\n\nChange-Id: I8f6470f636cdd13b7c980f04f08f95aaff833b20\nReviewed-on: https://review.monogon.dev/c/monogon/+/3246\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" } ], "next": "c5e0dbd3437d5c739d42d7724a619b126eabdbf5" }