)]}' { "log": [ { "commit": "99f477412a2e701f89f7698be1dd432adcfff17c", "tree": "43c088e34cfa9171a5587573f4d824f9d09e0a69", "parents": [ "9d6c4c78bca9da0db7e40e5de776528f3d83a7dd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 04 20:21:42 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "curator: provisions for implementing multiple gRPC services\n\nWe want to run some other gRPC services on the Curator leader/follower\nimplementations other than just the Curator gRPC service.\n\nThis decouples the local types from implementing a particular gRPC\nservice (instead proxying through an interface) and splits out the\nimplementation of the Curator gRPC service from the main leader objects.\n\nThis should allow us to add an implementation of eg. a Management gRPC\nservice in a testable manner (the only thing we have to dependency\ninject is the leadership struct, and that\u0027s trivial to do with a simple\netcd test server).\n\nChange-Id: Ia0ea65e40a775bf49661d0b99c0185aa83547ed0\nReviewed-on: https://review.monogon.dev/c/monogon/+/260\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "9d6c4c78bca9da0db7e40e5de776528f3d83a7dd", "tree": "71cba058637a866b7c87e3f296dd4995d0171cfe", "parents": [ "257acab41f5a35575ca0f2dbc9568b1bd75d2570" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 20 21:16:27 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 11 15:38:58 2021 +0000" }, "message": "Support injecting container images for development\n\nThis adds the LoadImage RPC and an accompanying subcommand\nto the debug API which allows loading images into\nan existing Metropolis node for\ndevelopment or testing.\n\nChange-Id: I51d802630ae4c95fb874e01bfb6510ab69c322e1\nReviewed-on: https://review.monogon.dev/c/monogon/+/219\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "257acab41f5a35575ca0f2dbc9568b1bd75d2570", "tree": "fdc41d8de424f74525b7a92024c12f00ed8928fa", "parents": [ "1445396219351e711f82d4cebad6e84a46553bda" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 10 12:36:17 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 11 11:28:06 2021 +0000" }, "message": "m/p/devicemapper: Support creating read-only devices\n\nI originally thought this is not going to be needed as R/W control can be done through devicemapper itself, but verity requires a read-only table.\n\nWhile we\u0027re here let\u0027s also add some doc comments to the Target struct.\n\nExisting functionality is covered by existing tests, read-only functionality will be exercised by verity tests once they land.\n\nChange-Id: Ib76bcffb14b5fe40d8d77bd9731b591d0d8cf22f\nReviewed-on: https://review.monogon.dev/c/monogon/+/262\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1445396219351e711f82d4cebad6e84a46553bda", "tree": "798347e10dba644f861fd9dbf55fe59cef9fb82f", "parents": [ "6767e052c761f2b19a4966f707c65d8bc08c3c3c" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Jul 23 16:58:02 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Aug 10 14:39:14 2021 +0000" }, "message": "m/n/b/mkverity: implement a dm-verity hash image generator\n\nBackground: https://github.com/monogon-dev/monogon/issues/57\n\nThe piece of code included implements a subset of veritysetup\nfunctionality (see: dm-verity). It was written in an attempt to\nminimize projected higher maintenance cost of packaging cryptsetup\nfor metropolis in the long term.\n\nThe implementation was verified with the original veritysetup tool:\n\u003e$ ./go-veritysetup format file1 file2\n\u003e33359c1f1bdd25e7afc2e98cd27c440e7af9ef2fb55462ce562a1b8254bf02e4\n\u003e$ veritysetup --debug --verbose verify file1 file2 33359c1f1bdd25e7afc2e98cd27c440e7af9ef2fb55462ce562a1b8254bf02e4\n\nKtest-based tests and buildsystem integration are still pending.\n\nCompatibility with the original cryptsetup tool might be dropped\neventually, if it\u0027s found beneficial to do so.\n\nChange-Id: I5a6e1b18b692b1701e405013f132f6f2711b2c96\nReviewed-on: https://review.monogon.dev/c/monogon/+/250\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "6767e052c761f2b19a4966f707c65d8bc08c3c3c", "tree": "9fc05de5509f43721699819f4d159330a82fc3e6", "parents": [ "3cb0f4bdc0766574854a2db578fddd97b6648f6e" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Aug 02 17:48:35 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Aug 05 16:18:20 2021 +0000" }, "message": "scripts: stable directory matching\n\n2nd go at I30e1f0ec1b2a958decaffab181f3b80a4f37b2ce\n\nChange-Id: Id64776b079bc0e47963630b9f160aafed918b50e\nReviewed-on: https://review.monogon.dev/c/monogon/+/259\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "3cb0f4bdc0766574854a2db578fddd97b6648f6e", "tree": "abb60b92caf3bd63cb757fcbbda0631280d9c4e5", "parents": [ "439b95eb515c86ba8ce9917da258c0875f36f038" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jul 19 15:22:07 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jul 21 09:42:55 2021 +0000" }, "message": "scripts: check if running from original checkout\n\nChange-Id: I42e6b9e38a86a05c8ddbd2716ed2bd4d1db59331\nReviewed-on: https://review.monogon.dev/c/monogon/+/217\nReviewed-by: Sergiusz Bazanski \u003cserge@nexantic.com\u003e\n" }, { "commit": "439b95eb515c86ba8ce9917da258c0875f36f038", "tree": "b7590aaac27700868ca1638af4d2e84bfb1a975f", "parents": [ "f9edf520bd3fa049b8f1d5f09f0ee727864ca8c7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jun 30 23:16:13 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 20 14:43:28 2021 +0000" }, "message": "m/n/c/{cluster,curator}: move NodeCredentials to cluster\n\nThis keeps the NodeCredentials/NodeCertificate logic types near their\nconsumer, the cluster bootstrap code. It also rewrites these structures\nto be centered around the x509 data itself.\n\nThis is a followup to https://review.monogon.dev/c/monogon/+/186 .\nAttempting to introduce it into that change was too complex due to the\nsurrounding cluster/curator refactoring.\n\nWe also take this opportunity to write some simple tests for the\ncredential validation logic.\n\nChange-Id: Iead3cfdd5778274508d79799f4750f5fdf9385bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/197\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "f9edf520bd3fa049b8f1d5f09f0ee727864ca8c7", "tree": "1fd016dcbeccbc7b8bbfc32960c43bd0dbaffe5f", "parents": [ "a959cbd12c29b62045f02b1d22cdf1e36c0261a4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 15:57:13 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 20 14:42:45 2021 +0000" }, "message": "metropolis/node/core: use curator\n\nThis finally switches over the node startup code to use the full Cluster\nManager / Curator / Role Server chain to bring up the node.\n\nChange-Id: Iaf6173671aed107a67b4201d9d1ad8bb33baa90f\nReviewed-on: https://review.monogon.dev/c/monogon/+/189\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "a959cbd12c29b62045f02b1d22cdf1e36c0261a4", "tree": "7f44cdf24c3c02f7d9ba866a2d37275673a0dd11", "parents": [ "0d93777cf32dd0d0f6f8d75d8396f7140cff9d13" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 15:56:51 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 20 12:02:29 2021 +0000" }, "message": "metropolis/node/core/cluster: use curator\n\nThis refactors the cluster manager. It removes all etcd storage\nfunctionality (which now lives in the curator) and otherwise dusts\nthings off slightly (some file renames, some comments to reflect the now\nclarified and limited scope of the cluster manager).\n\nChange-Id: Ic62d8402c0618fb5e0e65966b0d732a2cab564e0\nReviewed-on: https://review.monogon.dev/c/monogon/+/188\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "0d93777cf32dd0d0f6f8d75d8396f7140cff9d13", "tree": "f6abee66c82ba141ad449575a6d35d06408c6ed4", "parents": [ "963c4090f74341d8efc61b49ba5934a18434371c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 15:54:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 20 12:02:29 2021 +0000" }, "message": "m/n/core/roleserver: implement\n\nThis implements the Role Server, which is the new service responsible\nfor actually running Metropolis workloads like the Kubernetes services.\n\nThis decouples starting Kubernetes from node startup code, and handles\ncases like nodes changing roles at runtime.\n\nChange-Id: Ie5f7f2c30b05fe74ca003805532dba50bf3821d0\nReviewed-on: https://review.monogon.dev/c/monogon/+/187\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "963c4090f74341d8efc61b49ba5934a18434371c", "tree": "65e0e58e997e155290118e53aebfc228aa3e20be", "parents": [ "2098b98c7deaf9115742cf73071f888e0513cf2f" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 05 18:50:08 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 19 10:52:16 2021 +0000" }, "message": "m/n/c/consensus_test: move timeout handling to Bazel\n\nThe test regularly exceeds timeout on slower machines, and besides,\nthat\u0027s the proper way to do it.\n\nChange-Id: Ic4a8ac717bd7f6e70d4d4ac0b156f42ff5addef8\nReviewed-on: https://review.monogon.dev/c/monogon/+/215\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\nReviewed-by: Sergiusz Bazanski \u003cserge@nexantic.com\u003e\n" }, { "commit": "2098b98c7deaf9115742cf73071f888e0513cf2f", "tree": "6037aec601525299a09d8996f4ebe0c1e4a91674", "parents": [ "79fc1e9fd6ee8777f097ab251b828d82e33b7bad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 15:13:46 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 15:34:42 2021 +0000" }, "message": "m/pkg/combinectx: reformat\n\nSeems like this slipped past the cracks on original review - we should\nadd CI for this.\n\nChange-Id: I35cc1d14710109d4d2d0a60b573400b65cb7d350\nReviewed-on: https://review.monogon.dev/c/monogon/+/212\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "79fc1e9fd6ee8777f097ab251b828d82e33b7bad", "tree": "a1c50daa06f2ea66fb5fcf14e85331385facdb68", "parents": [ "50009e024b50eda2c69b884600d0850c73d62b6d" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 06 16:25:22 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:49:55 2021 +0000" }, "message": "metropolis/*: move tests to supervisor harness\n\nThis somewhat simplifies test code (barely), but more importantly pipes\nlogs from runnables into test stdout, thereby making debugging much\neasier.\n\nChange-Id: I3e597bbac8497bea3477afd54f61b592a0d08355\nReviewed-on: https://review.monogon.dev/c/monogon/+/206\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "50009e024b50eda2c69b884600d0850c73d62b6d", "tree": "28ee724fd39c537e09a755fbd593dc15d31e288e", "parents": [ "ebe025936fc86f53e7316f894f54dd6ef9b0a9d7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 14:35:27 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:48:54 2021 +0000" }, "message": "m/n/core/consensus: parse etcd server logs\n\nThis finally gives us easy to read etcd logs instead of raw JSON dumps\ninto stdout. Instead of simply parsing them as raw logs, we convert them\ninto leveled logs.\n\nChange-Id: I7cfe18b9c4e24d7742a01a77f5d9c6ddee647493\nReviewed-on: https://review.monogon.dev/c/monogon/+/209\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "ebe025936fc86f53e7316f894f54dd6ef9b0a9d7", "tree": "0dd0a48c297e69a8bcbe53ef65d3dba7f53961a3", "parents": [ "020b7c53a59f7f4e31976d7b3f08011dadb1c9c4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 14:23:26 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:45:29 2021 +0000" }, "message": "m/pkg/logtree/unraw: implement\n\nThis is another part of the generic external leveled log ingestion\nmechanism. This parts takes care of ingesting external data either by\nexposing an io.Writer or a named pipe on the filesystem from which\nexternal logs are parsed and then inejcted into the logtree.\n\nChange-Id: Ie2263496ca4d50220abdd8e4d37a35730d127319\nReviewed-on: https://review.monogon.dev/c/monogon/+/208\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "020b7c53a59f7f4e31976d7b3f08011dadb1c9c4", "tree": "9c6b8ea68b0a4db7d4a8b90b636feff712998235", "parents": [ "f8a8e65685cb621dc7fb39043a6d01caee5dcaf0" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 14:22:28 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:45:21 2021 +0000" }, "message": "metropolis/pkg/logtree: allow logging external leveled payloads\n\nThis is in preparation for making the mechanism to ingest external\nlogging more generic (currently we have an ad-hoc solution for klog, but\nwe now also want to implement one for etcd).\n\nChange-Id: I6e6f656e5d83ad22d67a81fbeb87c8d369796e18\nReviewed-on: https://review.monogon.dev/c/monogon/+/207\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "f8a8e65685cb621dc7fb39043a6d01caee5dcaf0", "tree": "db6142898e003969628a3ec879f6af77780f8da4", "parents": [ "f0b4da54afc17f4b2b1c31ddb9433ee888aea699" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 06 16:23:43 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:36:48 2021 +0000" }, "message": "m/pkg/{logtree,supervisor}: add test helpers\n\nThis adds two functions:\n\n logtree.PipeAllToStderr\n supervisor.NewHarness\n\nThese are designed to simplify tests that exercise code which expects to\nbe run as a supervisor runnable and/or have access to a logtree\ninstance.\n\nChange-Id: Ibce77aa4927515af7c273d07ced15215ff456ecc\nReviewed-on: https://review.monogon.dev/c/monogon/+/205\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "f0b4da54afc17f4b2b1c31ddb9433ee888aea699", "tree": "a4ef4b8154c4024714209710696310bfd7bc2764", "parents": [ "35e43d133a16750adfa1683473f5c2648a010b1a" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 21 20:05:59 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:31:45 2021 +0000" }, "message": "m/n/core/curator: implement leader and Node/PKI state\n\nThis implements actual Curator logic for nodes and PKI. These will\nreplace the cluster manager\u0027s equivalent logic.\n\nThere are two entry points to this logic:\n\n - the gRPC service\u0027s Watch method for accessing node status\n - bootstrap logic to create a node when the cluster manager bootstraps\n the cluster.\n\nTest plan: a followup CR will introduce tests for the Curator - more\ngranular than the full E2E suite. DO NOT MERGE UNTIL THEN, as this is\ncritical code.\n\nChange-Id: I8c40a821b846012b90cf9a5df27901d1b49f388c\nReviewed-on: https://review.monogon.dev/c/monogon/+/186\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "35e43d133a16750adfa1683473f5c2648a010b1a", "tree": "6aa1e8bcebd03a74b3950128436c5a37268d87c0", "parents": [ "3c885deeda9ab560ee29e94159782ce4323af80e" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 06 13:12:14 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:24:21 2021 +0000" }, "message": "m/pkg/supervisor: move internal testhelpers\n\nThese are helper functions used for internal supervisor tests. This move\nis in preparation for writing the other kind of \u0027test helers\u0027: ones that\nare used by tests in other libraries when interacting with supervisor\ntypes.\n\nChange-Id: I64efe19b68c7c244ad426167565b0083a1b86fcf\nReviewed-on: https://review.monogon.dev/c/monogon/+/204\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "3c885deeda9ab560ee29e94159782ce4323af80e", "tree": "5d6a18c0b822accc5c279240c0d7e52ca071a361", "parents": [ "aad79488d417eefafd4102bda9bd10d6473cf6c7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 17:21:00 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 05 18:19:36 2021 +0000" }, "message": "m/n/core/curator: implement gRPC listener\n\nThis implements the Curator listener and listener dispatcher, two\nrunnables responsible for maintaining an active Curator RPC\nimplementation (either leader or follower) and switching over\nappropriately as the election status changes.\n\nThis might be overengineered. The implementation switchover logic and\ncontext joining could possibly be ripped out and replaced by plain gRPC\nsocket close and re-open on switchover.\n\nTesting plan: implements unit tests for switching/dispatching.\n\nChange-Id: Ib62195b336d0754d99865d7a2a32ba2ffa3543ce\nReviewed-on: https://review.monogon.dev/c/monogon/+/185\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "aad79488d417eefafd4102bda9bd10d6473cf6c7", "tree": "a638f94700704699b4ae4a5ad6b5214d6adcb479", "parents": [ "cbf1fa97307024b1f0c60c88e8ebf968a42bf980" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:40:36 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 05 18:19:29 2021 +0000" }, "message": "metropolis/handbook: init\n\nThis is the beginning of the Metropolis Handbook, the main end-user\ndocumentation of Metropolis.\n\nIt is built using mdbook, and currently contains only the default\ncontent from `mdbook init`.\n\nFuture work: start writing the handbook, build in CI, publish in CI.\n\nChange-Id: I81753350215b2f7aabc17925eadfd20706e1fdb5\nReviewed-on: https://review.monogon.dev/c/monogon/+/202\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "cbf1fa97307024b1f0c60c88e8ebf968a42bf980", "tree": "728f661bb449220c98556fdd0635714db750ac9c", "parents": [ "e7bb94c0b2b2a7694c8985c5da80e814a51c4bdf" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:28:50 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 18:16:43 2021 +0000" }, "message": "third_party/rust: initialize, add mdbook\n\nAs we want to use [mdbook](https://github.com/rust-lang/mdBook) to build\ndocumentation, we now have to pull it into the monorepo, alongside\nsupport for Rust in general.\n\nTesting plan: bazel run //third_party/rust:cargo_bin_mdbook. The CI\nshould also pick this up now.\n\nChange-Id: I6cf5d02d926bb0de61a5c882828accd35f3a1076\nReviewed-on: https://review.monogon.dev/c/monogon/+/201\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "e7bb94c0b2b2a7694c8985c5da80e814a51c4bdf", "tree": "89d182c5ef72d7f8e73b2eca677105cf6e91af88", "parents": [ "dd7b2d22fb0e13547505bacd862b92bf56a35983" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:11:58 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:27:17 2021 +0000" }, "message": "build/ci/Dockerfile: add ibazel\n\nibazel (a.k.a. bazel-watcher) is a tool which wraps bazel and\nautomatically rebuilds/restarts targets if source files or\ndependencies change.\n\nChange-Id: Ifd5b53619c597c28eaef217067e619430f71d885\nReviewed-on: https://review.monogon.dev/c/monogon/+/199\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "dd7b2d22fb0e13547505bacd862b92bf56a35983", "tree": "ef18d20d2688a62bdf80147ec343e05789ac6cae", "parents": [ "76003f807b24a22476b14bc308939fc62e1ad6a2" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:13:22 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 16:28:59 2021 +0000" }, "message": "third_party/go: add package missing from dependency graph\n\nThis is a Windows-specific package being pulled in by github.com/spf13/cobra.\n\nWe don\u0027t need it, and we don\u0027t ever build it (it\u0027s behind a select()\ngate depending on the Windows platform), but its lack causes us to not\nbe able to perform Bazel queries against anything that stumbles upon\nthis select statement.\n\nNotably, things like ibazel don\u0027t work without the ability to query\ndependencies of a target. In theory, cquery could be used of query (and\ncquery would know that it\u0027s not running on a windows platform and not\nattempt to resolve the missing package). This might happen some day,\nbut:\n\n 1) cquery currently does not support the buildfiles() function, which\n is needed by tools like ibazel to find not only source/data/target\n dependencies for a taret, but also every BUILD/.bzl file that\n influenced that target.\n\n See: https://github.com/bazelbuild/bazel-watcher/issues/305#issuecomment-627312885\n\n 2) It\u0027s generally good practice to not have missing objects in our\n dependency graph, I think. We will sooner or later start using this\n data in CI and other automation, and it might be useful to make an\n assumption, at some point, that we don\u0027t ever have a broken\n target dependency graph.\n\nTesting plan: the following now works:\n\n bazel query \u0027deps(set(//...))\u0027 --output\u003dxml\n\nChange-Id: Ic45e293b868b0aaa707f31384b4b24626ba23e29\nReviewed-on: https://review.monogon.dev/c/monogon/+/200\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "76003f807b24a22476b14bc308939fc62e1ad6a2", "tree": "24fc636b5c47569aa8e64119bd4b1f81a794c9ab", "parents": [ "e30d7d08548fe233cacff5870971f08318ff9646" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 16:39:01 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jun 30 12:29:59 2021 +0000" }, "message": "m/n/core/curator: implement leader election\n\nThis implements the leader election functionality subset of the curator.\nIt does not yet implement any business logic, just the switchover\nbetween acting as a leader and a follower.\n\nTest plan: implements an integration test for the leader election with\nan in-memory etcd cluster.\n\nChange-Id: Id77ecc35a9f2b18e716fffd3caf2de193982d676\nReviewed-on: https://review.monogon.dev/c/monogon/+/184\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "e30d7d08548fe233cacff5870971f08318ff9646", "tree": "be4b12585cf856db8fc74746f5bfed69748195cd", "parents": [ "db77e82767ff620de89d75a7f3e9a6c37b1d0973" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jun 23 18:50:19 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 24 09:08:20 2021 +0000" }, "message": "m/n/core/consensus/client: add context to ThinClient\n\nThis context ends up in the returned clientv3.Client structure and is\naccessible under .Ctx(). This is used by some library code, and all\netcd clients by default have a context, so that library code will fail\nif none is set.\n\nChange-Id: If2b9fb0720725d623c05ea4947fdf99fe6d5d1d0\nReviewed-on: https://review.monogon.dev/c/monogon/+/195\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "db77e82767ff620de89d75a7f3e9a6c37b1d0973", "tree": "f6e30c8aaae105c02324a16e640f5de97a3be2c7", "parents": [ "d98ad45e64b542f9945939d35cba9ebd352ff913" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jun 08 14:08:34 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jun 22 12:06:18 2021 +0000" }, "message": "Protocol specification for VMs\n\nThese are the protobufs for the VM system communication\n\nChange-Id: I16915c5391a05b7c7a9c68a0017dc2365de7e367\nReviewed-on: https://review.monogon.dev/c/monogon/+/125\nReviewed-by: Sergiusz Bazanski \u003cserge@nexantic.com\u003e\n" }, { "commit": "d98ad45e64b542f9945939d35cba9ebd352ff913", "tree": "cd8fa82c4ccd2bf0616986615f3eb2d7c4798f30", "parents": [ "7f17d9b41f248f4b009f5d702622616f62d0a2fa" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 15:55:17 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 22 12:05:20 2021 +0000" }, "message": "metropolis/n/kubernetes/pki: remove verbose \u0027ensure\u0027 cert logging\n\nChange-Id: Ie12f12a2966282d364730a1c7a148fae78ab236d\nReviewed-on: https://review.monogon.dev/c/monogon/+/190\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "7f17d9b41f248f4b009f5d702622616f62d0a2fa", "tree": "fdb69964144f9b654a746d15e86d34f0bf1b108b", "parents": [ "63fabd954a5303f6bba41557da55b1940198058f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 16:11:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 22 12:05:16 2021 +0000" }, "message": "m/n/core/localstorage: add curator ephemeral directory\n\nThis is where the curator will listen for local gRPC connections from\nthe rest of the node code.\n\nChange-Id: Id0ea2e4e05d04bbea4b3b88dd51122d394317578\nReviewed-on: https://review.monogon.dev/c/monogon/+/183\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "63fabd954a5303f6bba41557da55b1940198058f", "tree": "547628727ea80a09eced09a402945d81263f6778", "parents": [ "30653eeb3adcbebfecb4216569dc247b51cfb464" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 15:47:22 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 21 09:12:58 2021 +0000" }, "message": "m/n/c/curator/proto: add API proto\n\nThis is the initial API of the curator service we\u0027re about to implement.\nThe TODO comments already reflect the state of the implementation as is\nnow, and as will be stacked on top of this change.\n\nTesting Plan: proto change only, no logic yet.\n\nChange-Id: I2c11b0d5f2112b7872ea348815d81ded4be874bd\nReviewed-on: https://review.monogon.dev/c/monogon/+/162\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "30653eeb3adcbebfecb4216569dc247b51cfb464", "tree": "32171ac29f074a717c6e8ddb621a130f68428069", "parents": [ "fac8b2e265836dea105e8463a3a22b189764fd3f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 15:44:29 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 21 09:12:58 2021 +0000" }, "message": "metropolis/proto/common: factor out common messages\n\nIn preparation for moving some proto structures from this proto package\n(eg. Node etcd serialization) into //metropolis/node/core/curator, we\nfully specify and document all elements of the Node/Cluster FSM states\nand a shared NodeRoles structure.\n\nThese will be shared by both serialized etcd state in the curator, the\ncurator API and possibly other APIs in the future. They are critical to\nthe Metropolis concept, so we aim to have them deduplicated across all\nuses, and that\u0027s why they\u0027re supposed to end up in\n//metropolis/proto/common.\n\nThese effectively temporarily duplicate definitions from\n//metropolis/proto/private, but these will be removed in an upcoming CL.\n\nTesting plan: no-op, in preparation for use in a further CL.\n\nChange-Id: I97087c7348a90e2dbe4cef03f7f55c7b58823ff1\nReviewed-on: https://review.monogon.dev/c/monogon/+/161\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "fac8b2e265836dea105e8463a3a22b189764fd3f", "tree": "0f78f138d0095d99a1bf529e29c29cb668a1f0b4", "parents": [ "b9013af7fa0247191099ec1f471a2d751537f545" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 04 12:23:26 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 08 10:23:53 2021 +0000" }, "message": "m/pkg/event: split out ValueWatch from Value\n\nSummary:\nThis implements a small TODO, letting the etcd Value implementation only\nimplement the Watch part of the interface.\n\nTest Plan: Refactor.\n\nChange-Id: I9ccd73ce4d165182d9588387230e71bcb425ab94\nReviewed-on: https://review.monogon.dev/c/monogon/+/122\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "b9013af7fa0247191099ec1f471a2d751537f545", "tree": "dec4a8c6e2ccefe41c2269f7938004a10d3792e1", "parents": [ "4166a71f51d9546c1dfd9f99b5fdffcb9301b57b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 29 16:47:56 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 08 10:23:53 2021 +0000" }, "message": "m/n/core/consensus/client: implement ThinClient()\n\nSummary:\nThis implements a ThinClient function on Namespaced which returns an\nclientv3.Client. These can be useful when dealing with existing code\nwhich expects this type, but only uses non-management APIs. For example,\nthe clientv3 concurrency library.\n\nTest Plan: To be used by future code, and basic enough that it IMO does not warrant unit tests?\n\nChange-Id: Ic6e38ff654bafd8bb385cf108637f8ed058015dc\nReviewed-on: https://review.monogon.dev/c/monogon/+/121\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "4166a71f51d9546c1dfd9f99b5fdffcb9301b57b", "tree": "a1e5341a9b71f973e1c24734872b0e1cc897f93c", "parents": [ "c89df2f0de65533e0801c6472cc4cee8b13cd761" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 07 21:58:54 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 08 00:02:06 2021 +0000" }, "message": "m/pkg/combinectx: implement\n\nThis implements combinectx, a Go library for combining two contexts into\na single one. We need this for the new curator logic (where we want to\ncancel RPC calls both when the incoming request gets canceled but also\nwhen leadership status changes), and this functionality has been\nfactored out as a reusable, generic library.\n\nPrior art:\n\n1) https://github.com/golang/go/issues/36503\n Proposal to add Merge() to context stdlib package. Unimplemented.\n\n2) https://github.com/teivah/onecontext\n Complex reflect-based logic for arbitrary amount of contexts to join,\n no functionality to detect which context caused the joined context to\n be canceled.\n\n3) https://github.com/LK4D4/joincontext\n No functionality to detect which context caused the joined context to\n be canceled.\n\nChange-Id: I774607da38b06c192ff0fee133eb258abd500864\nReviewed-on: https://review.monogon.dev/c/monogon/+/123\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "c89df2f0de65533e0801c6472cc4cee8b13cd761", "tree": "b65e4c12ab0c629dcc311335ad0151e1b19f3bbe", "parents": [ "dcf654592593e4ad897bfb34a5a9238a3223cca4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 27 15:51:37 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Mon May 31 16:51:31 2021 +0000" }, "message": "m/pkg/event/etcd: implement etcd-backed Value\n\nThis implements Event Value stored in etcd, with each Value\ncorresponding to a single KV value stored in etcd.\n\nComes with more lines of unit tests than lines of code.\n\nChange-Id: I5514f211ded6640836ed801ddaf1b2fcc31ae552\nReviewed-on: https://review.monogon.dev/c/monogon/+/64\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "dcf654592593e4ad897bfb34a5a9238a3223cca4", "tree": "4e350701a7690864c7885479ad5b9066f0cf3833", "parents": [ "216fe7b3ae949376467f626f339423a31ea7da97" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 19:02:28 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Mon May 31 10:01:43 2021 +0000" }, "message": ".git-ignore-revs: init\n\nTo use:\n\n git config blame.ignoreRevsFile .git-ignore-revs\n\nAfterwards, any `git blame` will not show the bulk changes implemented\nby the commits mentioned within the file.\n\nChange-Id: I128f0470eecd417044f4f9e197dee69df4385699\nReviewed-on: https://review.monogon.dev/c/monogon/+/68\nReviewed-by: Sergiusz Bazanski \u003cserge@nexantic.com\u003e\n" }, { "commit": "216fe7b3ae949376467f626f339423a31ea7da97", "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b", "parents": [ "6ebdc418f3c4799c12368e34ea78dc9c9757fb54" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 18:36:16 2021 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 17:54:03 2021 +0200" }, "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n" }, { "commit": "6ebdc418f3c4799c12368e34ea78dc9c9757fb54", "tree": "55dcecf2fda5b992c703dea87ef2cea495f6ffe0", "parents": [ "67483ded56f26ced15581d7a87314d776cf5ecb0" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 16:25:55 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 15:53:36 2021 +0000" }, "message": "RFC: build/analysis: add commentwrap\n\nThis adds a Go analyzer which limits the length of comment lines to 80\ncharacters.\n\nRationale:\n\nMonogon currently follows gofmt style. Gofmt in itself is already quite\nopinionated, but one thing it explicitly does not check for is maximum\nline length.\n\nThis implements a limit for the maximum length of a comment line in Go\nsource within Monogon. It explicitly does not limit code line length, as\nthese can be handled much more easily by soft reflows.\n\nThe tool used, github.com/corverroos/commentwrap, will now be\nautomatically ran by our nogo pass, and prevent any line of commnets\nwithin Go to be longer than 80 characters, with the exception of:\n\n - cgo/generate directives\n - TODOs\n - indented comments (eg. sample code or long URLs)\n\nDownsides:\n\n1. We have to reformat the entire codebase. CR/67 does this.\n\n2. We end up with a bulk Git commit that will pollute Git history. A\n followup CR attempts to resolve this by using Git\u0027s ignoreRevsFile\n functionality.\n\n3. There\u0027s currently no integration with IntelliJ and no way to\n automatically reformat code. If this RFC gets approved, a follow up\n CR will be created that adds integration/automation to make this\n easier to work against.\n\nOpen questions:\n\n1. Is 80 characters the right limit? I, personally, quite like it, but\n am willing to compromise on line length.\n\nChange-Id: I063d64596ca5ef038a8426c6b9f806b65c18451e\nReviewed-on: https://review.monogon.dev/c/monogon/+/66\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "67483ded56f26ced15581d7a87314d776cf5ecb0", "tree": "89be0e284fcf5ccf91041f4e2821c46c0a8058f4", "parents": [ "0ef9629ffd82027c5dbff11f3530b86136636597" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon May 24 15:13:50 2021 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 25 09:55:21 2021 +0000" }, "message": "Remove localconfig from README\n\nI277b642a broke this. The intended use was to rebuild generated\nprotobuf sources whenever the source file is modified. This was\nuseful, so we should restore it later - undocument it meanwhile.\n\nChange-Id: Ie565eecc4c11fcf9b9aea6e35e31f6ec87ff3d5f\nReviewed-on: https://review.monogon.dev/c/monogon/+/81\nReviewed-by: Sergiusz Bazanski \u003cserge@nexantic.com\u003e\n" }, { "commit": "0ef9629ffd82027c5dbff11f3530b86136636597", "tree": "b28ac6ae9aff11c0fdbdf6e50d75d2d8b830dd76", "parents": [ "bd0d24e1fda0ee0cd8231d25eff499894226e04d" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 15:41:32 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue May 25 09:52:53 2021 +0000" }, "message": "build/analysis: move nogo configuration\n\nThis moves the nogo config JSON file from the root of the repository,\nand cleans up the BUILD file in preparation for adding extra, possibly\ncustom, analyzers.\n\nChange-Id: Id85c9cd8515b9178712329fe425c1e1740f04d8b\nReviewed-on: https://review.monogon.dev/c/monogon/+/65\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "bd0d24e1fda0ee0cd8231d25eff499894226e04d", "tree": "3fb068803b9141172a154df14760a66199cd088c", "parents": [ "7fe19f7b49f4366fcba12b8f3cbef40913370ba9" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 19 14:27:36 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Thu May 20 10:08:56 2021 +0000" }, "message": "scripts: refactor for reliability\n\nThis is a small refactor/rewrite pass to scripts/create_container.sh and\nscripts/bin/bazel.\n\nFirst of all, it moves the IntelliJ aspect overriding logic from parsing\ncommand line flags in scripts/bin/bazel to replace the path that the\naspect is loaded from to crafting the build container in a way that the\naspect is already located where it\u0027s expected.\n\nThis allows us to vastly simplify the scripts/bin/bazel wrapper, and\nmost notably fixes an issue where it wasn\u0027t able to handle Bazel flags\nthat contained spaces and were wrapped in \"\"/\u0027\u0027 delimited strings.\nInstead of adding more and more flag replacing logic in this script, we\ngot rid of that logic entirely, and now the only thing that the wrapper\nscript does is set the output root and run Bazel within the container.\n\nAt the same time, we also fix discovering newer IntelliJ versions. On my\nmachine, it was still discovering my 2019 installation and using an old\nversion of the aspect.\n\nWe also generally dust off the scripts/create_container.sh script by\nensuring all variables are always used within double quotes (the\nprevious implementation could\u0027ve accidentally removed some directory from\nthe host if the user homedir contained spaces) and moving all of the\nlogic into a function that uses local variables.\n\nTested on my local workstation, IntelliJ sync works.\n\nChange-Id: I63ae042ffe0fc7f384b98768ed66b7426b3f5df4\nReviewed-on: https://review.monogon.dev/c/monogon/+/63\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "7fe19f7b49f4366fcba12b8f3cbef40913370ba9", "tree": "b79aff206c2c12a8338d53a79d9071cdb09f91fa", "parents": [ "acae1ef4088e0e9579d7c35b2f7ce1de21c5ac22" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 19 12:24:54 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed May 19 11:28:38 2021 +0000" }, "message": "intellij: fix e2e configurations, remove watcherTasks\n\nEnd-to-end test configurations within IntelliJ were not updated since\nthe metropolis package rename from //core into //metropolis.\n\nAdditionally, the watcherTasks seem to also have been broken forever, as\nthey attempted to build proto paths that didn\u0027t exist, and trigger\ngoimports which we haven\u0027t used for ages. This just removes them, as\nI\u0027m not exactly sure what their intended use was.\n\nChange-Id: I277b642a2b4a6c897150652106eac17cbc8c9732\nReviewed-on: https://review.monogon.dev/c/monogon/+/62\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "acae1ef4088e0e9579d7c35b2f7ce1de21c5ac22", "tree": "761455858b1e1491981d1d58dc093ca93402d541", "parents": [ "7b73537d3fe08f5bbca741c7abbd95115ac2e6c2" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 19 11:31:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed May 19 11:28:32 2021 +0000" }, "message": "*: replace nxt -\u003e monogon\n\nThese are hopefully the last leftovers from the nxt monorepo.\n\nThis change breaks existing build containers and IntelliJ setups, and\nunfortunately thrashes developer workstation Bazel caches.\n\nRunning `scripts/bin/destroy_container.sh \u0026\u0026\nscripts/bin/create_container.sh` and then following the IntelliJ setup\nguide in //README.md should be enough to fix everything.\n\nDid that locally and was able to set up a fully working IntelliJ\nIDE against this change.\n\nChange-Id: I090f4e4f2ea03998569a4ea3d1aa4cd4ec570f8a\nReviewed-on: https://review.monogon.dev/c/monogon/+/61\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "7b73537d3fe08f5bbca741c7abbd95115ac2e6c2", "tree": "697598d90a1a6f4c0bf95d90f675735c3b6f716f", "parents": [ "44e4fad51a379333b2b308326d2f3ce5fe9b1fca" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 18 20:19:12 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 18 19:22:23 2021 +0000" }, "message": "gitignore: add .idea and .ijwb\n\nChange-Id: I5b2aedc26b0a4177d50a28bf791ead1677ea3f97\nReviewed-on: https://review.monogon.dev/c/monogon/+/31\nReviewed-by: Sergiusz Bazanski \u003cserge@nexantic.com\u003e\n" }, { "commit": "44e4fad51a379333b2b308326d2f3ce5fe9b1fca", "tree": "c7fc46e41218b30a88107898086d961fd2a61560", "parents": [ "5aa494f9576756992113c72164ec6dc298071276" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 18 19:25:21 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue May 18 18:14:00 2021 +0000" }, "message": "gitignore: add vim swp files\n\nChange-Id: I09a1f8d314fd79464fd355779f6b51d0c1302854\nReviewed-on: https://review.monogon.dev/c/monogon/+/29\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "5aa494f9576756992113c72164ec6dc298071276", "tree": "076d9ea79874838d89cffa74f1f0d160a5884422", "parents": [ "6feb746cfafeedb600ae12e22be910ad376b30a5" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 18 18:57:10 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue May 18 18:12:39 2021 +0000" }, "message": "build/ci: move Dockerfile, document new CI\n\nThis moves the Builder Imager Dockerfile into //build/ci, adds some\nsmall changes to make it usable as a Jenkins agent base, documents its\nusage, and adds a script which builds and pushes that image into an\nexternal container registry.\n\nWe also remove the old Phabricator-based CI scripting.\n\nChange-Id: I332608f7d7105f675104db3ee2d787b2412fcbe9\nReviewed-on: https://review.monogon.dev/c/monogon/+/28\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "6feb746cfafeedb600ae12e22be910ad376b30a5", "tree": "6b8f67cc7f183cfaa3b533a20d069abd1e7f3b07", "parents": [ "99d210d48afc2207ffb4064c58068faa9449a981" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 18 15:49:15 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue May 18 15:37:38 2021 +0000" }, "message": "build/ci: add presubmit Jenkinsfile\n\nThis implements a basic presubmit Jenkinsfile which should be consumed\n(in this CR already) by CI machinery running against review.monogon.dev.\n\nThis presubmit exercises the same build targets as the old, internal\nPhabricator CI. The build executing agents are based off of the \u0027monogon\nbuilder\u0027 Docker image defined within build/Dockerfile. A follow up CR\nwill remove the leftover of Phabricator CI machinery and explicitly\ndocument how that agent image is built and used.\n\nWe also reformat a generated .bzl file to remove a spurious copyright\nheader. This appeases Gazelle/Fietsje checks.\n\nFinally, we add a .gitignore which ignores build files to make the\nGazelle/Fietsje dirty checkout detection work correctly. The internal\nversion of the metropolis repository had an equivalent .gitignore which\nwasn\u0027t carried over during the initial migration into the Monogon\nmonorepo.\n\nChange-Id: Ib88b8b50dbc6fcd034757558697e6ae2334235b1\nReviewed-on: https://review.monogon.dev/c/monogon/+/26\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "99d210d48afc2207ffb4064c58068faa9449a981", "tree": "781a73c0e5bf7e9ff586653eef0cce594b90def0", "parents": [ "4e0dba61375bcb989d86cacf18cf00ebfe6303b4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 17 15:29:18 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 18 14:06:11 2021 +0200" }, "message": "m/n/k/plugins/kvmdevice: export resource name variable for easier consumption\n\nTrivial change to consume the resource name of this device plugin as\na variable.\n\nTest Plan: Trivial change\n\nX-Origin-Diff: phab/D791\nGitOrigin-RevId: d71d878f87be1da5a547e17b9965f92e737b644c\n" }, { "commit": "4e0dba61375bcb989d86cacf18cf00ebfe6303b4", "tree": "698e22e7ce446670c6833c60bf1bd58b5a1b5c65", "parents": [ "be57a039071a451763adc6c3456b7d79ca1999bb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 17 15:25:15 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 18 14:06:08 2021 +0200" }, "message": "m/b/kube-code-generator: return go_generated_srcs output group for generated library\n\nTogether with D763 this allows the IntelliJ Bazel/Go code intelligence to pick up\nour generated Kubernetes clients. This sadly has some unrelated changes in there because\nbuildifier has opinions on code formatting.\n\nTest Plan: Tested in subsequent revisions.\n\nX-Origin-Diff: phab/D790\nGitOrigin-RevId: 7b0dc03cac63b5e79b3c2590614a4ed1f56a36ba\n" }, { "commit": "be57a039071a451763adc6c3456b7d79ca1999bb", "tree": "391ebab65e54c88c0b101a137371b283c5fd3812", "parents": [ "3536e4d4923e76486167c85c2b09a1cf4ca5502d" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 11 13:41:52 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 11 13:42:23 2021 +0200" }, "message": "m/test/launch: fix TPM tempdir permissions, wrap errors\n\nOn Linux, the following generally fails:\n\n $ cd /tmp\n $ mkdir test\n $ cd test/\n $ chmod 644 .\n $ touch foo\n touch: cannot touch \u0027foo\u0027: Permission denied\n\nThis changes our launch code to create a temporary TPM directory with\n755 instead of 644 permissions, preventing a situation like above\nmanifesting in our new CI.\n\nThis didn\u0027t manifest before as we always ran builds through podman, and\nthere this behaviour doesn\u0027t appear to hold, probably because we are uid\n0 there:\n\n $ podman exec -it monogon-dev bash\n bash-5.0# id\n uid\u003d0(root) gid\u003d0(root) groups\u003d0(root) context\u003dunconfined_u:system_r:spc_t:s0\n bash-5.0# cd /tmp/\n bash-5.0# mkdir test\n bash-5.0# cd test/\n bash-5.0# chmod 644 .\n bash-5.0# touch foo\n\nWe also drive-by some unwrapped error returns to be a bit more helpful.\n\nTest Plan: Tested on new CI, manually.\n\nX-Origin-Diff: phab/D773\nGitOrigin-RevId: 5a55a7878109717f0c17251a659dfc6ee04b94f4\n" }, { "commit": "3536e4d4923e76486167c85c2b09a1cf4ca5502d", "tree": "7e0fba60817509fc4514ae9faf58acf0b0118a92", "parents": [ "68ca5eebd0ccd00a2d60eb42289c64357fb2e83f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 11 11:58:56 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 11 12:09:36 2021 +0200" }, "message": "WORKSPACE: bump rules_docker\n\nThis fixes the following build issue on machines without a cache:\n\nError in download_and_extract: java.io.IOException: Error downloading [https://api.github.com/repos/google/go-containerregistry/tarball/8a2841911ffee4f6892ca0083e89752fb46c48dd] to /home/ci/.cache/bazel/_bazel_ci/0a07aad6377a57fb9a149ee20941825f/external/com_github_google_go_containerregistry/temp4646182565351458604/8a2841911ffee4f6892ca0083e89752fb46c48dd.tar.gz: Checksum was cadb09cb5bcbe00688c73d716d1c9e774d6e4959abec4c425a1b995faf33e964 but wanted 60b9a600affa5667bd444019a4e218b7752d8500cfa923c1ac54ce2f88f773e2\n\nSee https://github.com/bazelbuild/rules_docker/issues/1814\n\nTest Plan: The build should pass.\n\nX-Origin-Diff: phab/D772\nGitOrigin-RevId: 64da076b378bc060c80c8b471eab908a0e52747a\n" }, { "commit": "68ca5eebd0ccd00a2d60eb42289c64357fb2e83f", "tree": "5706f5b4fa8dc44775dbabe24cd577f1d37a0422", "parents": [ "93bba15a0059da200a5d09a2bd7ec5ed5a667c60" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 27 16:09:16 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 11 12:09:33 2021 +0200" }, "message": "m/pkg/event: move MemoryValue to subpackage\n\nThis keeps metropolis/pkg/event as a pure interface package, and\nmoves the memory-backed implementation to a subpackage.\n\nTest Plan: Refactor, coevered by tests.\n\nX-Origin-Diff: phab/D764\nGitOrigin-RevId: 1337bf55a7752293791b3efe8648bbf5f6e6e9e1\n" }, { "commit": "93bba15a0059da200a5d09a2bd7ec5ed5a667c60", "tree": "49f27c6425af3549f7fe4ddbf9a1880e2f0490b3", "parents": [ "f055a7fce0263a30fd2c853b5ed002a765fc23e8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 04 13:41:18 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 04 18:49:19 2021 +0200" }, "message": "Update IntelliJ aspect patch to work with generated embedded libraries\n\nThis hacks the IntelliJ aspect to propagate import metadata (mainly import\npaths and files) along an `embed` attribute to the go_library. This is done since\nthere is a whitelist on the Java side which prevents it from picking up metadata\nfrom rules not called go_library. By technically making embedded libraries\npart of the go_library, they can be properly picked up.\n\nTest Plan: Works on my machine(tm)\n\nX-Origin-Diff: phab/D763\nGitOrigin-RevId: eed6a6d24d634aa1b21ccbd3521f3cfd8378340a\n" }, { "commit": "f055a7fce0263a30fd2c853b5ed002a765fc23e8", "tree": "de2dc0daeebfc7ecce2b1987ffb13eb4f2475088", "parents": [ "2666513457e8d7a282560a7090f35439ab9695ce" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 16:22:33 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Apr 14 14:35:09 2021 +0200" }, "message": "third_party/linux: build using unhermetic rule\n\nThis replaces ad-hoc genrules (for the node Linux image and the ktest\nimage) with a real Bazel rule with an attached transition which ensures\nwe end up with the same-ish configurations for all builds of an image.\n\nThis reduces rebuilds of the ktest Linux kernel, from three down to one.\n\nBefore: https://drive.google.com/file/d/1c6VmY2bqx9Pgs61TOUfgMi8Sn0WQeobu/view\n\nAfter: https://drive.google.com/file/d/13eO1rLhoBCMMRUKrmJz8QnhdAR3ctIGb/view\n\nWe also drive-by fix the Kubernetes CTS test suite to run on a single-node\nCluster (instead of failing early due to that being currently reworked).\n\nTest Plan: Build system refactor, following existing test.\n\nX-Origin-Diff: phab/D761\nGitOrigin-RevId: b5545ac5fd402fbf0340d941a90b9ea6ea0b6d43\n" }, { "commit": "2666513457e8d7a282560a7090f35439ab9695ce", "tree": "328d8f62ddb665b6cd057272f7cae2713aa247ad", "parents": [ "a105db57640d6abf6de368ec0c33a3a5b4f93893" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Apr 13 16:55:59 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:33 2021 +0200" }, "message": "Fix TCP BBR setting\n\nI previously set the TCP queuing discipline to BBR without actually compiling in BBR.\nSee T943. This actually builds in BBR and sets it as default in the kernel config, thus removing\nthe need to manually set it in userspace.\n\nTest Plan: CI\n\nBug: T943\n\nX-Origin-Diff: phab/D760\nGitOrigin-RevId: 779a709e4298ec59bfdcf462fe2f3563952204b6\n" }, { "commit": "a105db57640d6abf6de368ec0c33a3a5b4f93893", "tree": "dc96244d0b2922768d7f29431bab2a9ac581a1a6", "parents": [ "c75c9d4f30174c089cce47c608683bf09396fa30" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Apr 12 19:57:46 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:13 2021 +0200" }, "message": "m/n/core/cluster: migrate to events and etcd namespaced client\n\nThis moves the status of the cluster manager to use a local event\nvariable. Watchers (like the node startup code) can now use this to get\nupdates on the state of the node and its cluster membership in a way\nthat\u0027s more abstracted from a sequential startup. This will permit us to\nmove a lof othe startup code into code common across different node\nlifecycle paths.\n\nTest Plan: Refactor, exercised by e2e.\n\nX-Origin-Diff: phab/D757\nGitOrigin-RevId: 31a3600ad2aab90a1e7f84d741e7ea40a0422724\n" }, { "commit": "c75c9d4f30174c089cce47c608683bf09396fa30", "tree": "a3d34c7ac52f16650de55ba28d3621add81e5f99", "parents": [ "886d2892d1717bc130cfa008742c06c29f7ff186" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 16:40:14 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:11 2021 +0200" }, "message": "m/n/c/consensus: add client\n\nThis implementes a thin wrapper around etcd\u0027s clientv3.Client, with the\nfollowing advantages:\n\n - Only implements KV, Watcher and Lease interfaces, ie. unprivileged\n namespaceable interfaces - not cluster management interfaces. These\n will be available to both remote and local etcd connections.\n - Adds recursive namespacing functionality, which permits different\n parts of the subsystem to receive their own somewhat-sandboxed etcd\n subtree. This not only makes the etcd keyspace layout more strict,\n but also simplifies passing around etcd clients, as major components\n (like the kubernetes subsystem) can hand out its own sub-clients,\n instead of them having to be globally declared ahead of time.\n\nTest Plan: Exercised by tests.\n\nX-Origin-Diff: phab/D756\nGitOrigin-RevId: 03fead9a89c301a2e70df8a007b7ecb60b2364c7\n" }, { "commit": "886d2892d1717bc130cfa008742c06c29f7ff186", "tree": "e9d67752d55d52e948662521e96d83f343473dea", "parents": [ "0565ea3191d445bdaab647213d59ed3d7218630a" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 16:39:39 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:08 2021 +0200" }, "message": "metropolis/test/launch: add InsecureKey\n\nCurrently, the node startup parameters are empty. Let\u0027s populate them with a development (\u0027insecure\u0027) key when started from the launch library.\n\nTest Plan: Future revision in stack will make use of this.\n\nX-Origin-Diff: phab/D754\nGitOrigin-RevId: 0cfa3c1d71911423ff169afc027edb768151de67\n" }, { "commit": "0565ea3191d445bdaab647213d59ed3d7218630a", "tree": "fd5f395dd2f54a1582538e7b5ac2b724db987625", "parents": [ "09c275bc489bc1de406be9a2e8f158eaa87b7c61" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 11:52:00 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:06 2021 +0200" }, "message": "m/n/core/cluster: factor out bootstrap into separate file\n\nTest Plan: Refactor.\n\nX-Origin-Diff: phab/D753\nGitOrigin-RevId: 2e39db6673b2a0a6c1d7593f230fa691643e4c06\n" }, { "commit": "09c275bc489bc1de406be9a2e8f158eaa87b7c61", "tree": "31c62a93e37f6052aa99e2addacef6c060d75e85", "parents": [ "37050126ef89ec30cc677c272471debe55ec0d69" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 30 12:47:09 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:04:05 2021 +0200" }, "message": "Add ftrace support to DebugService\n\nThis allows us to do ad-hoc kernel-level tracing on a running Metropolis node.\nUseful for tracking down complex bugs.\n\nExample: `bazel run //metropolis/cli/dbg -- trace -function_graph_filter blkdev_* function_graph`\n\nTest Plan: Debug utility, manually tested\n\nX-Origin-Diff: phab/D748\nGitOrigin-RevId: 924eb795250412a73eb30c0eef4a8c1cc726e5fd\n" }, { "commit": "37050126ef89ec30cc677c272471debe55ec0d69", "tree": "c64a64a622ec1c3e1e72fc12a6d4252c0e803cc1", "parents": [ "2999427c182463840a339cf0e82885d8a3b6e79f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 30 14:00:27 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:04:01 2021 +0200" }, "message": "Implement Block PVCs in our storage backend\n\nThis implements full support for Block PVCs in our Kubernetes storage backend.\nThe block PVCs are backed by files made available to the pods using loop devices and\nhave read-only and online expansion support.\n\nThis also requires a Kubernetes patch because they call losetup if block PVCs are used\nwith CSI to establish a form of lock on the backing block device. This lock is not\nexclusive and does absolutely nothing for our use case and could get very expensive\non dense machines so I removed it.\n\nTest Plan: Comes with E2E tests\n\nX-Origin-Diff: phab/D746\nGitOrigin-RevId: 430d3f445286c0d3498b2153df333a19f3fcab89\n" }, { "commit": "2999427c182463840a339cf0e82885d8a3b6e79f", "tree": "5e28c819a3db52d3fb77b92be6b78938a107d5cd", "parents": [ "30167f5cf55829d38f9d480466d7b5742c62a5fc" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Apr 12 14:25:18 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:03:58 2021 +0200" }, "message": "metropolis/vm: add kube/{generated,apis}\n\nThis is a first pass at the vm.metropolis.monogon.dev Kubnernetes API,\ncontaining the VirtualMachine resource.\n\nThis also adds all the required BUILDfile boilerplate for the output\n(generated) directory.\n\nTest Plan: Builds should pass, eg. bazel build //metropolis/vm/kube/...\n\nX-Origin-Diff: phab/D752\nGitOrigin-RevId: d05c1a38e26b14c11b7a5d5885b15bbca8662174\n" }, { "commit": "30167f5cf55829d38f9d480466d7b5742c62a5fc", "tree": "fd89a3bb8a1c08b10d870a6b185b2deffa131cac", "parents": [ "9956e72c6c0b4f6436dc9493bc213965ee0cc191" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:49:01 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:03:56 2021 +0200" }, "message": "Add VM infrastructure smoke test\n\nThis adds an E2E test which exercises the VM infrastructure (Kubernetes, KVM device plugin and QEMU).\nThis test should ensure that nobody breaks the core infrastructure Metropolis VMs rely on.\n\nTest Plan: This is a test\n\nX-Origin-Diff: phab/D740\nGitOrigin-RevId: ddf629725dfb664ace5a50efee9ed9442962d6f7\n" }, { "commit": "9956e72c6c0b4f6436dc9493bc213965ee0cc191", "tree": "7842ac67432e3a187dda6a2dcb46d11088934159", "parents": [ "dca59d924dac4345099e5acd99405b5451d29cdb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 24 18:48:55 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:03:53 2021 +0200" }, "message": "Add Loop Device package\n\nThis adds Loop device support in our Linux kernel and adds a Go package for working with them.\nIt also drive-by adds a pre-mounted tmpfs to ktest as that is quite useful in a lot of situations.\n\nTest Plan: Comes with ktests.\n\nX-Origin-Diff: phab/D745\nGitOrigin-RevId: fa06bcdddc033efb136f56da3b4a91159273bf88\n" }, { "commit": "dca59d924dac4345099e5acd99405b5451d29cdb", "tree": "68d28ada7050e81f854589bf335447a0673f9e57", "parents": [ "58ec09eece3b2ca32112668cc6e5f1fd63ffa2a7" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 19:02:53 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 19:04:11 2021 +0200" }, "message": "scripts: replace /bin/bash by /usr/bin/env bash\n\nTest Plan: Set up environment locally; CI\n\nX-Origin-Diff: phab/D759\nGitOrigin-RevId: 01142b03dcfb44c1dcb42169cc9af187c1518107\n" }, { "commit": "58ec09eece3b2ca32112668cc6e5f1fd63ffa2a7", "tree": "380874242b1aa2555d122369b4384d445da808a0", "parents": [ "57a9d3e7c609203b95ee7d09db87a43a64f79be9" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:34:19 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:59:03 2021 +0200" }, "message": "scripts: clean up build environment launch scripts\n\n- With a privileged container (which makes the Bazel sandbox work), the SELinux\n trick doesn\u0027t work anyway. Replace it by a `z` modifier which tells podman to\n set the right SELinux context on systems that have it.\n\n- Do not fail if IntelliJ is absent.\n\nTest Plan: works on my machineā„¢\n\nX-Origin-Diff: phab/D758\nGitOrigin-RevId: b9020bdd54fccde222872ca609ee79b1805dd479\n" }, { "commit": "57a9d3e7c609203b95ee7d09db87a43a64f79be9", "tree": "79a1199f3a7c0f4a8fdb00a2131244f59b9c205c", "parents": [ "7353e17fcd3b158e575ca4455ee75224fa4f0921" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 17:31:48 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:59:01 2021 +0200" }, "message": "WORKSPACE: fix repository path of gperf fork\n\nTest Plan: CI\n\nX-Origin-Diff: phab/D755\nGitOrigin-RevId: 65d4541c8a60e57825548abc831d6593161780ce\n" }, { "commit": "7353e17fcd3b158e575ca4455ee75224fa4f0921", "tree": "7208b1e0dd5ba9af5f97c31a49aa5007525bc4c3", "parents": [ "b76580c0189209f7feef90f0900e0758aaf122ce" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 31 22:09:22 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:58:58 2021 +0200" }, "message": "metropolis/build: add kube-code-generator\n\nThis implements kube-code-generator, a set of Bazel rules for generating\nKubernetes resource APIs based on a Go library, using\nk8s.io/code-generator.\n\nTest Plan: Was considering adding a test for this - but this is practically best tested with the next change in the stack, which actually uses it to implement the VM hypervisor kube API.\n\nX-Origin-Diff: phab/D751\nGitOrigin-RevId: 31e3b632c2e83282c8b2c415402cddea66d4ce51\n" }, { "commit": "b76580c0189209f7feef90f0900e0758aaf122ce", "tree": "72cd514a620bb623ca7056a9b21e158bbc89b4fd", "parents": [ "339f97dc7ae48876f77b1195a8840f9369fb5d25" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 31 22:07:01 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:58:55 2021 +0200" }, "message": "metropolis/build: add gotoolwrap\n\nThis adds gotoolwrap, a tiny Go executable used to wrap binaries that\nwant to access the monogon workspace as a GOPATH during build steps.\n\nTest Plan: Used further down the stack in code generation.\n\nX-Origin-Diff: phab/D750\nGitOrigin-RevId: 83d11b94d025d3652fce88917b1664d93454c60f\n" }, { "commit": "339f97dc7ae48876f77b1195a8840f9369fb5d25", "tree": "126cb2059727f7bf4fe50adff74aeeb93e8c618b", "parents": [ "fa99799583dfc3b485012dd0575287643f568b72" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 31 22:16:52 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:58:27 2021 +0200" }, "message": "third_party/go: add k8s.io/code-generator\n\nTest Plan: New dep. Used further down change stack.\n\nX-Origin-Diff: phab/D749\nGitOrigin-RevId: 4cd0cab36dbd2aa17f944ad6fb3bf90af638ebef\n" }, { "commit": "fa99799583dfc3b485012dd0575287643f568b72", "tree": "8bde1e2205ef987181a1bbbb1c8f33fbd29e402d", "parents": [ "55f01c3c338166f2ca7e67ae5d6c3ae6b7ac75c4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 23 17:29:42 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:58:25 2021 +0200" }, "message": "third_party/qemu: better explain tb_invalidate_phys_range patch\n\nAt a glance, this change looks somewhat scary, and might be interpreted\nas an attempt to backdoor qemu.\n\nThis better explains what\u0027s going on, and adds an extra always-firing\nassert to prove that there\u0027s nothing up our sleeves, and that this\nbranch should never be taken in the first place.\n\nTest Plan: Refactor, should be covered by tests.\n\nX-Origin-Diff: phab/D744\nGitOrigin-RevId: c86638cf9e90041d2ad19d26715c7d4dd5a43e98\n" }, { "commit": "55f01c3c338166f2ca7e67ae5d6c3ae6b7ac75c4", "tree": "1ad925573330bf4b776e02722037d7073f553948", "parents": [ "5e113ddc3e845be6d7d7b87332af6aa48a3d18a2" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Mar 30 22:12:24 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Mar 30 22:15:10 2021 +0200" }, "message": "Update README.md\n\nGitOrigin-RevId: 00bf68e07ac704b5ebfb2c058104abf1fcab5232\n" }, { "commit": "5e113ddc3e845be6d7d7b87332af6aa48a3d18a2", "tree": "55aad63113388bcbd10c70180bb913b0389c9ab3", "parents": [ "647cbb28101e628206562fa5c60e1ed8e5307e8a" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Mar 30 14:22:57 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Mar 30 14:22:57 2021 +0200" }, "message": "Add top-level Apache 2 LICENSE\n\nAll contributions to date are copyrighted by Nexantic, and are explicitly\nlicensed under the Apache 2 license.\n\nTest Plan: N/A\n\nX-Origin-Diff: phab/D747\nGitOrigin-RevId: 830c1c7d183c09b964829979e2d38ba165ba13b9\n" }, { "commit": "647cbb28101e628206562fa5c60e1ed8e5307e8a", "tree": "b4796da9b3f4c25d9fdc4ebc4137cdaa513b38fc", "parents": [ "bb95ebd12f8777b1b653653bcb54a081b6c54771" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 16 15:09:56 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 16 15:09:56 2021 +0100" }, "message": "Make QEMU build under musl\n\nQEMU and its glib dependency use a few very bespoke glibc extensions which\nmusl doesn\u0027t implement. This disables their use to make this build on both glibc and musl.\n\nTest Plan: `bazel build --crosstool_top\u003d//build/toolchain/musl-host-gcc:musl_host_cc_suite @qemu//:qemu-x86_64-softmmu` works\n\nX-Origin-Diff: phab/D738\nGitOrigin-RevId: 606f750be4259ca8fcc19f4c0cc0ddd54dff2090\n" }, { "commit": "bb95ebd12f8777b1b653653bcb54a081b6c54771", "tree": "0c52fbe31ea06cf4b1151e991f3da4ed6515b426", "parents": [ "b60d9cb51462a82a89f9c16f5ca6b4541de6d450" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 16 15:06:51 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 16 15:06:51 2021 +0100" }, "message": "Include compiler-specific headers in musl toolchain sysroot\n\nCurrently our musl sysroot does not include any compiler-specific headers. This makes the musl\ntoolchain unable to build more complicated things like QEMU. Since the musl toolchain is not actually\na real toolchain, but just a thin wrapper around the host toolchain this is a problem as these headers\nare not static. For a lack of better options it has thus been decided that we\u0027re just going to manually\nmerge the headers for our build container in.\n\nThis is expected to be removed as soon as we have a proper toolchain.\n\nTest Plan: Tested in subsequent revision\n\nX-Origin-Diff: phab/D737\nGitOrigin-RevId: a1ed1d229c87980341c80b22263f5d9a4cf9924c\n" }, { "commit": "b60d9cb51462a82a89f9c16f5ca6b4541de6d450", "tree": "6d9d0debaa652988ecbae503c56748f9a17ed481", "parents": [ "c4a3aab4c8d14d05b7e2448ab11897b6f9093046" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Feb 18 17:34:00 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Feb 18 17:34:00 2021 +0100" }, "message": "Add C/C++ header rewriter\n\nThis adds a C/C++ header rewriter utility. See the top comment on a quick description of how it works.\nNo workspace rule is provided yet, that will come later.\n\nTest Plan: This is a build utility, doesn\u0027t really matter.\n\nX-Origin-Diff: phab/D705\nGitOrigin-RevId: 4bf274d8301f3a38a1ec7512bf310be9815fb647\n" }, { "commit": "c4a3aab4c8d14d05b7e2448ab11897b6f9093046", "tree": "61585da074852ab286fab9fefa671e35fc1e4658", "parents": [ "42e61c6a3601d7f63176af3f53a3ac9c53120099" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:31:19 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:31:19 2021 +0100" }, "message": "metropolis/proto: remove internal\n\nThis is now unused (as it has been replaced by proto/private) and can be\nremoved.\n\nTest Plan: Refactor.\n\nX-Origin-Diff: phab/D736\nGitOrigin-RevId: e71dfd70d36d0ae9b29e2b287fcc337cf2520a51\n" }, { "commit": "42e61c6a3601d7f63176af3f53a3ac9c53120099", "tree": "2fd6e86b1a0dee6b4928f04ac359b4b262806d73", "parents": [ "34fe8c666811c63f33ba970ba0e39d25804ab4a3" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Mar 18 15:07:18 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Mar 18 15:07:18 2021 +0100" }, "message": "m/n/core/cluster: rewrite bootstrap to conform to cluster lifecycle DD\n\nThis removes the existing cluster/manager code and reimplements it from\nscratch, finally implementing the cluster lifecycle design document for\ncluster bootstrap.\n\nTest Plan:\nE2e should cover this. Maybe we could unit test the manager? But that would\nrequire a ton of DI work. Not sure if it\u0027s worth it.\n\nX-Origin-Diff: phab/D735\nGitOrigin-RevId: b00c97b0a102a21605d16086df82a6ece6eb7f4d\n" }, { "commit": "34fe8c666811c63f33ba970ba0e39d25804ab4a3", "tree": "fce90696e07eb76efea1436047393ad66ac04404", "parents": [ "3ea1a3a30d41980a8a5b5f321b3e7bc8af96dc29" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:20:09 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:20:09 2021 +0100" }, "message": "m/node/core/consensus: always use member name as address\n\nInstead of explicitly giving the consensus service an address to listen\non, we now just give it a hostname. Etcd will resolve the name itself on\nstartup. It\u0027s not yet known if it will re-resolve it and handle changes.\nIf that\u0027s not the case, we will have to implement a restarting\nbabysitter process instead.\n\nTest Plan: E2e tests should cover this.\n\nX-Origin-Diff: phab/D734\nGitOrigin-RevId: c2255b2956137e2bbd705ac1965418c0540d0046\n" }, { "commit": "3ea1a3a30d41980a8a5b5f321b3e7bc8af96dc29", "tree": "0d4ab65ff6af76e3115ac8a82452216301aebce4", "parents": [ "72068da814af80568cb106b877ef8f5e526e684c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:17:33 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:17:33 2021 +0100" }, "message": "m/node/core/conensus: handle etcd restarts\n\nThis makes the etcd service more reliable in case of transient failures\nwhen starting in a new cluster. Previously, any restart of etcd on the\nfirst (bootstrapping) node would cause etcd to get stuck and never start\nagain (as certificates were already created). This changes the logic to\nallow existing certificates.\n\nThis also handles the case of etcd attempting to start as the network is\nreconfigured, and eg. the external hostname is not yet resolvable.\n\nTest Plan:\nNo tests yet. This should be tested by a more comprehensive e2e test where we\nrandomly kill some runnables (see: T872).\n\nX-Origin-Diff: phab/D733\nGitOrigin-RevId: 8ac426f9423ec2353537eec651071e99a5e5ec53\n" }, { "commit": "72068da814af80568cb106b877ef8f5e526e684c", "tree": "31831657903e62d4a813c9d18d47413154f13560", "parents": [ "d8af5bf4c14a5c53d1736695a1210b6eea4d246e" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:15:45 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:15:45 2021 +0100" }, "message": "metropolis/proto: add private\n\nWe add a new proto package, \u0027private\u0027. This will hold all non-public\nproto messages for the implementation of the cluster lifecyclce design\ndocument.\n\nWe duplicate \u0027internal\u0027 for two reasons:\n\n - make it easier to port code accross to use the new protos/cluster\n code, while slowly phasing out protos/internal.\n - \u0027internal\u0027 was a poor name choice, as it\u0027s significant in Go path\n naming, and might cause some problems in the future. We have Bazel\u0027s\n visiblility mechanism to protect accidental use.\n\nTest Plan: New proto, not yet used - see rest of stack.\n\nX-Origin-Diff: phab/D732\nGitOrigin-RevId: 15632353c46068b4f4c5025828c9c8459feaa335\n" }, { "commit": "d8af5bf4c14a5c53d1736695a1210b6eea4d246e", "tree": "83e4c35e105d8fb0e5bf71ac8c93bbd3e7f964b4", "parents": [ "4e090357c4f1f3bae53a5f2feaf20ea5e1bbbe61" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:38:29 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:38:29 2021 +0100" }, "message": "metropolis/node: use Event Value for network status\n\nThis moves over the GetIP API to use our fancy new event/value library.\nThe consumers of this data are currently the cluster manager and the\nkubernetes root service. Both are migrated over.\n\nTest Plan: Refactor, covered by E2E tests.\n\nX-Origin-Diff: phab/D711\nGitOrigin-RevId: 8a1e0dd35236d55492722f4439323cb2ee9574fc\n" }, { "commit": "4e090357c4f1f3bae53a5f2feaf20ea5e1bbbe61", "tree": "335ec273335722befdeca623b8f3f787a2cd6571", "parents": [ "0ed2f96a3a86aff2c9ce36289aa5d58a75f4d59b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:44:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:44:41 2021 +0100" }, "message": "Add KVM device plugin\n\nThis adds a KVM device plugin for Kubernetes. This plugin allows for unprivileged access and granular\ncontrol of KVM access.\n\nTest Plan: Tested in subsequent revision\n\nX-Origin-Diff: phab/D739\nGitOrigin-RevId: 5cd738a47d24e7bfdc29bbd1a31537209e1ebf46\n" }, { "commit": "0ed2f96a3a86aff2c9ce36289aa5d58a75f4d59b", "tree": "afbe1fb6cd0a1667e981edfe97969338437bdaca", "parents": [ "056042962060369bd7607ecfea51c515fc3a8140" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Mar 15 16:39:30 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Mar 15 16:39:30 2021 +0100" }, "message": "metropolis/proto: EnrolmentConfig -\u003e NodeParameters\n\nThis starts off the move to a node configuration API conforming to\nthe lifecycle management design document.\n\nInstead of an Enrolment Config used only to join an existing cluster, we\nmove to a NodeParameters proto that must always be given to a node if\nit\u0027s supposed to either bootstrap a new cluster or join an existing one.\n\nThis links the existing cluster management code (and its state machine)\nto work with this file. However, that state machine will be removed very\nsoon, anyway.\n\nWe also remove everything related to golden tickets.\n\nThis breaks multi-node tests.\n\nX-Origin-Diff: phab/D710\nGitOrigin-RevId: f22615fbccab975f2d5e6928bdc7387ab3aa5714\n" }, { "commit": "056042962060369bd7607ecfea51c515fc3a8140", "tree": "86a6dbf7b1781ed2f5baf332938d4e8211353112", "parents": [ "0ab4edafde3eb22e111e75d6aa5e29faa92c30ca" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:47:21 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:47:21 2021 +0100" }, "message": "m/node/kubernetes: parse klog output from services\n\nThis translates Kubernetes\u0027 logging ingo logging that we can\nquery/filter more easily.\n\nTest Plan: We don\u0027t test resulting logs from the system, and I\u0027m not sure we should?\n\nX-Origin-Diff: phab/D716\nGitOrigin-RevId: ba3f42b9a4e3172bf058bd7dce4283f50dc8e69d\n" }, { "commit": "0ab4edafde3eb22e111e75d6aa5e29faa92c30ca", "tree": "8931f10cd69309ece470c38c3a062ef74f3699a5", "parents": [ "9411f7c2ed0afbbf617075ab37901addc76fadfb" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:43:57 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:43:57 2021 +0100" }, "message": "m/pkg/logtree: implement klog parsing\n\nThis adds logtree.KLogParser, a shim which parses klog/glog-formatted\nlines into logtree leveled logging.\n\nThis will be used to consume logs from external components (like\nKubernetes services) into leveled logging inside logtree.\n\nAn alternative would be to switch all Kubernetes components to\n\u0027structured\u0027 (JSON) logging - but that seems to still be experimental,\nand does not exactly map into something that we can log further. Maybe\nin the future we can switch over, and also copy these over into our own\nbinary/structured logging.\n\nTest Plan: Adds unit tests for parsing, which is the most tricky part.\n\nX-Origin-Diff: phab/D715\nGitOrigin-RevId: 9994d819f15c9542800d488f57c83ab945a35d34\n" }, { "commit": "9411f7c2ed0afbbf617075ab37901addc76fadfb", "tree": "f1f62aa538ba3c2265815d2dbe942377264850a5", "parents": [ "0de189355c6afad6f677029d90fa40dee824141b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "message": "m/node/kubernetes/pki: refactor out CA functionality\n\nThis factors out all non-k8s-specific CA functionality from\nmetropolis/node/kubernetes/pki into metropolis/pkg/pki.\n\nThis will allow us to re-use the same PKI-in-CA system to issue\ncertificates for the Metropolis cluster and nodes.\n\nWe also drive-by change some Kubernetes/PKI interactions to make things\ncleaner. Notably, this implements Certificate.Mount to return a\nfileargs.FileArgs containing all the files neede to use this\nCertificate.\n\nTest Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though.\n\nX-Origin-Diff: phab/D709\nGitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad\n" }, { "commit": "0de189355c6afad6f677029d90fa40dee824141b", "tree": "3e926e04415d4310b120cc641e4cd7893c5a6b61", "parents": [ "735119f8efcd1ce8689703fe455e39f2146b0b3e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:36:48 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:36:48 2021 +0100" }, "message": "Add QEMU into the monorepo\n\nThis adds QEMU and all its dependencies into the monorepo. Enough features are enabled that\nthis QEMU should be both usable for running tests for Metropolis as well as running customer VMs in\ncontainers. Thus we can also get rid of the QEMU ambient dependency.\n\nAll dependencies have their includes fully rewritten as to be reusable without a huge effort. QEMU itself\nrelies on `includes` attributes since the patch would otherwise be enormous and it is a binary and thus\nany include path madness ends there.\n\nOverall though this is quite nice, the final QEMU build with full optimization is \u003c10MiB and has no further\nambient dependencies. It also has full io_uring support, which works very well with our 5.10 kernel.\nTPM support is also included.\n\nThis is not used anywhere, replacing the ambient dependency and shipping a container will be in an upcoming\nrevision.\n\nTest Plan:\nManually tested to run a Ubuntu cloud image with io_uring and virtio. Automated tests will follow as\npart of its roles in this repo.\n\nX-Origin-Diff: phab/D712\nGitOrigin-RevId: 9c2607d75c875b1d65346e3cdac1a5e08467ea33\n" }, { "commit": "735119f8efcd1ce8689703fe455e39f2146b0b3e", "tree": "40fd14c0a07c12974d01d67997349917b40f5d69", "parents": [ "ddd6caff9edac56dad727a79eb5b0faf4dbd6cb9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:30:01 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:30:01 2021 +0100" }, "message": "Host toolchain minimal features\n\nTest Plan: Tested with QEMU and the existing codebase.\n\nX-Origin-Diff: phab/D713\nGitOrigin-RevId: ecfc94ab2b4880447c628fc2e41b5ed6234f90d8\n" }, { "commit": "ddd6caff9edac56dad727a79eb5b0faf4dbd6cb9", "tree": "120710eb4a9acf0c3ad1086d9f6f6f3c850a0d70", "parents": [ "bcae658f9530e95cde2ac931beacae71c9fb240e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "message": "Build mkfs.xfs using rules_cc\n\nThis drops the old big genrule for mkfs.xfs and replaces it with a nice rules_cc build system\nwith the help of bazel_cc_fix generated patches and our musl-based toolchain.\nWhile we\u0027re at it I bumped the versions of all related dependencies to their latest stable release.\nThis also means pulling in ini.h which is a dependency of the new xfstools version.\n\nInstructions to regenerate the patches are included in the spec files.\n\nToolchain selection is done by the existing transition in our rootfs rule so we automatically get a musl-built\nstatic binary when building for the rootfs.\n\nTest Plan: Tested with E2E tests, should fail fairly catastrophically if something were wrong.\n\nX-Origin-Diff: phab/D708\nGitOrigin-RevId: 648a05cdd08cfa84a8a9f4c057c52446e7005631\n" }, { "commit": "bcae658f9530e95cde2ac931beacae71c9fb240e", "tree": "649848ec85c0f168a8672fab143d1b53b0b55903", "parents": [ "c00318e448212b01a8121059be3c3e9b35bd13a7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:09:50 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:09:50 2021 +0100" }, "message": "Add common template_file rule\n\nThis adds a template_file rule, which is used often when building C/C++ dependencies which use\nautotools or similar build systems upstream. Taken from an existing repo of various Bazel helper rules.\n\nTest Plan: None\n\nX-Origin-Diff: phab/D707\nGitOrigin-RevId: 9cc818803b2fed9e15677924dbc9137c39459151\n" }, { "commit": "c00318e448212b01a8121059be3c3e9b35bd13a7", "tree": "38011616a2112e14591da1b06ac65ac8ec75b372", "parents": [ "32d73486f4ea778cd3ea58e2d579e862cf67fb9c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 03 12:39:24 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 03 12:39:24 2021 +0100" }, "message": "m/pkg/event: implement\n\nThis specifies event.{Value,Watcher}, an interface for data that might\nbe updated by its producer, and which is watched for such updates by\nmultiple consumers.\n\nIt also implements MemoryValue, a Value that is stored in memory.\n\nTest Plan: adds unit tests.\n\nX-Origin-Diff: phab/D706\nGitOrigin-RevId: 271fd4e88969817b66318d3e03d50b70cf2819b8\n" }, { "commit": "32d73486f4ea778cd3ea58e2d579e862cf67fb9c", "tree": "78e3444e0b55df55f512415dbfd34977cdca2350", "parents": [ "6c4199afe4dc4d446679b862f528e840e60925df" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 01 23:49:17 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 01 23:49:17 2021 +0100" }, "message": "metropolis: introduce AAA.Escrow RPC\n\nThis is a combined proto change and design document RFC.\n\nThis implements a generic \u0027Escrow\u0027 methid, used to allow external\nentities to log into a Metropolis cluster. This flow\u0027s subject vaguely\ncorresponds to \u0027Entity\u0027 objects from the Lifecycle DD, but this will be\nmore precisely defined in a subsequent change which introduces the\nactual entities objects, the way they\u0027re identified, and the way they\u0027re\nstored in the cluster.\n\nIn addition, this formalizes the part of the LDD in which entities are\nable to perform hardware attestation on nodes. The hardware attestation\npart is not fully implemented, but is placed within the bounds of the\nEscrow streaming RPC. Entities might also be able to performs this\nhardware attestation in a separate RPC call (having already requested a\nshort-lived certificate permitting access to RPC), but this is not yet\nsure.\n\nThis design, is in a way, a modernized version of GSSAPI. It assumes it\nruns over a confidential channel (TLS), and that it only ever returns\nx509 certificates emitted for the requesting client. It is also designed\nto handle flows that we expect to use within Metropolis.\n\nThis design has some known limitations:\n\n1) Limited decisionmaking abitility by the server to decide which proofs\n are needed - ie., the server cannot change its mind what other proofs\n are needed as the client presents some. Currently the server can\n decide the proofs only based on the parameters given by the client,\n and the initial context of the connection, ie. its originating\n address and the presented TLS certificate.\n2) Limited expressibility of required proofs to the client, currently\n all listed must be fulfilled.\n\nThis, however, can be extended as the protocol evolves, and can continue\nto support simple clients that handle only this protocol. Especially 2)\nmight be limiting us from preventing things like accepting emergency\ncertificates without necessarily needing an OIDC login, even though OIDC\nlogins are required for other kinds of certificates. We are explicitly\ntrying to keep things simple for now, and just not write ourselves into\na corner here.\n\nFinally, this API should cover all scenarios expressed within T865 -\nminus the entity storage part within the cluster.\n\nTest Plan: Proto change and review process.\n\nX-Origin-Diff: phab/D698\nGitOrigin-RevId: 92892b5522a4d41d572fd4c10f24d26f72919aeb\n" }, { "commit": "6c4199afe4dc4d446679b862f528e840e60925df", "tree": "fcea4d9f54f2e04cf1d203e104c4a14bfa103702", "parents": [ "5999e92b2da34cbbd50391327ec01081a91866ee" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 17:34:29 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 17:34:29 2021 +0100" }, "message": "Set reasonable defaults for our kernel\u0027s network configuration\n\nThis sets a number of sysctl options to tune the kernel for a datacenter-like environment by increasing\nbuffers and choosing a better congestion control algorithm. It also enforces reverse path filtering to\nprevent spoofing from CAP_NET_ADMIN-enabled containers and blocks source routing as we have no need for that\nand it might some day interfere with policy efforts.\n\nTo set all these options a small helper structure has been added which makes setting these more compact\nand nicer to read.\n\nTest Plan: Covered by E2E for breakage, scalability improvements not yet testable\n\nBug: T495\n\nX-Origin-Diff: phab/D704\nGitOrigin-RevId: 427b2513d604090e51b37587d772f240112be09d\n" }, { "commit": "5999e92b2da34cbbd50391327ec01081a91866ee", "tree": "164e447b7d17e89f2b1046c3da51af141deaa08b", "parents": [ "3a99c590543394ceb5260282ef8e924b44e8eef8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "message": "Bump Linux kernel to 5.10\n\nThis bumps our Linux kernel to 5.10. There\u0027s one minor fix in fsinfo accounting for the fact that strings are\nnow null-terminated. While debugging this I also drive-by fixed a minor typing issue in quotactl.go.\n\nThis drops support for the old initramfs loading method (which was the driving force for the EROFS changes)\nas refactors in the kernel made the patch we carried until now non-viable. Nothing uses it anymore, everything is\neither a microvm-style machine which doesn\u0027t use EFI and thus doesn\u0027t suffer from the issue or uses EROFS.\n\nTest Plan: No new functionality, should be covered by E2E tests.\n\nX-Origin-Diff: phab/D697\nGitOrigin-RevId: d8e40954abb66cb082eecbca372b94a7e40b84a8\n" }, { "commit": "3a99c590543394ceb5260282ef8e924b44e8eef8", "tree": "e1b727a0c12b387e1bc12d71826405b8b588fa40", "parents": [ "6b13bf1a98c4a612d13ae939e68802e77fb45474" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:57:21 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:57:21 2021 +0100" }, "message": "Switch Metropolis to EROFS-based root filesystem\n\nThis gets rid of the old large initramfs and switches to an EROFS-based root\nfilesystem. It also drops the copy \u0026 remount compatibility code. As this filesystem is\nproperly read-only and not just ephemeral, this also brings various changes to the code\nto make systems compatible with that.\n\nTest Plan: Covered by E2E tests, also manually smoke-tested.\n\nX-Origin-Diff: phab/D696\nGitOrigin-RevId: 037f2b8253e7cff8435cc79771fad05f53670ff0\n" }, { "commit": "6b13bf1a98c4a612d13ae939e68802e77fb45474", "tree": "bcd1f6566df193d026889da174a6773b8689d643", "parents": [ "10b9ee96d4c2b8a011af4cd4db3390c1fd1ddf93" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:54:24 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:54:24 2021 +0100" }, "message": "Add EROFS creation utility and Bazel rule\n\nThis adds a binary which can create EROFS filesystems from a spec and a Bazel rule similar to\nnode_initramfs which creates EROFS filesystems.\n\nTest Plan: Tested in subsequent revision\n\nX-Origin-Diff: phab/D695\nGitOrigin-RevId: 4e8f970938c93606da46f475387de1e013b1c35c\n" }, { "commit": "10b9ee96d4c2b8a011af4cd4db3390c1fd1ddf93", "tree": "ea0ca7da66e44cc52defa1a307e47642ca83a150", "parents": [ "2073ce34e57b0be3cedd39b8934869abb6f73582" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 12:14:23 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 12:14:23 2021 +0100" }, "message": "erofs: Don\u0027t modify caller\u0027s data\n\nThe erofs library\u0027s directory writer appends data to parameters. Because of the way slices work in Go this\nresults in the caller\u0027s data being changed, which is obviously undesirable. Fix this by making a copy first.\n\nTest Plan: Minimal change, should be covered by existing tests\n\nX-Origin-Diff: phab/D703\nGitOrigin-RevId: ebf473c1049e5e8035802382220aba98c4498877\n" }, { "commit": "2073ce34e57b0be3cedd39b8934869abb6f73582", "tree": "8c7f86cecb41848e0614da742935cc656be02239", "parents": [ "7b82227c87f477e9d986d648b8ad63f4268dde3b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 18:52:59 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 18:52:59 2021 +0100" }, "message": "Bump Bazel to 4.0.0\n\nThis bumps Bazel to 4.0.0 because we want to use ProtoModule. The update was relatively painless,\nno incompat-flags needed to be switched back off. `bazel_gazelle` is pinned on a master version\nsince they haven\u0027t released a Bazel 4-comaptible version yet and I have one patch against Kubernetes\u0027s\ninfra repo which is going upstream.\n\nTest Plan: Build system change, should be covered by existing tests\n\nX-Origin-Diff: phab/D701\nGitOrigin-RevId: 24f675e6ba33efb9f46191eccca95088d7d2d1f1\n" }, { "commit": "7b82227c87f477e9d986d648b8ad63f4268dde3b", "tree": "bd4f8afb09a40f4217709f956c2344c67f95e660", "parents": [ "378a4455aedda838f60c546e55199092f24952ed" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 17:03:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 17:03:41 2021 +0100" }, "message": "Drop legacy kubelet log path\n\nIt looks like the Kubernetes update broke E2E tests on the EROFS stack because of some change\nto how the legacy log dir is handled. Kubelet currently just crashes because it can\u0027t mkdir\n/var/log/containers. This directory is apparently only used by fluentd for log collection in upstream\nE2E tests and with dockershim, both of which we don\u0027t care about. So let\u0027s just nuke it.\n\nTest Plan: Fixes things on top of the EROFS stack\n\nX-Origin-Diff: phab/D700\nGitOrigin-RevId: 45b7f76a61b7234845ab55fcfbc37a66f69fe065\n" } ], "next": "378a4455aedda838f60c546e55199092f24952ed" }