)]}' { "log": [ { "commit": "24bf6fdd43f3abb5a96d3081753fbdcc6bd3c1de", "tree": "f1d31a396adfe2489659ac0743a3e173d44c2a4c", "parents": [ "632049b3e6ffda1039ef569ec2c234a7eadceae4" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Feb 12 04:48:24 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 17 13:53:17 2025 +0000" }, "message": "osbase/build: replace label_keyed_string_dict with string_keyed_label_dict\n\nBefore bazel 7.4 the string_keyed_label_dict attribute type wasn\u0027t available. fsspec_core_impl was using a label_keyed_string_dict which is structurally wrong but there was no alternative for it. This replaces that usage.\n\nChange-Id: I36c02c84e6aa2557cd2beb09c07d3ceca501553d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3853\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "52700ae56c5d541e711fbd5f27373b3dc200f8dc", "tree": "ed5e75883fc44d14f7824b0a5ed40a6ab650923e", "parents": [ "e8beaed8dcde2c198e91addb0baa884079363581" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 28 15:07:08 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 11 15:05:46 2025 +0000" }, "message": "m/n/k8s: add nftables network policy controller\n\nThis integrates my K8s network policy controller. In its current form it\ndoes not have many guarantees as the custom CNI plugin is not yet in\nthere but it mostly works. Also there is still a DNS hole as host-local\nservices are not properly policed yet.\n\nIt has a basic smoke test using the connectivity testing helper as well\nas some metrics to make sure it is integrated properly and to be able to\nmonitor its performance.\n\nChange-Id: Ia2f54b9975361270678ce742ae5e32df25e515c5\nReviewed-on: https://review.monogon.dev/c/monogon/+/3740\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "08fd1cb799ef2629a2da846584cd42fe2d6ecb35", "tree": "891510981041e930b88ddead221836deb5a30a8c", "parents": [ "6948d336e97fc71734013fc5c219671e3bea7965" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 10 19:11:17 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 11 11:59:57 2025 +0000" }, "message": "osbase/socksproxy: implement hostname addresses\n\nThis is required by quite a few clients, like Chrome. Implement it for\nbetter usability of our userspace network while debugging.\n\nChange-Id: I5db16d3702800b79f88d11c132ce8f7469839ec4\nReviewed-on: https://review.monogon.dev/c/monogon/+/3842\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "59094470108cac86cc8a9615cb934075a2c8780c", "tree": "ad823351a916d3391a5738a800c9866a0cae1428", "parents": [ "5ffa636e48f42aef08bd8d186db2213fc8d0d665" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Feb 10 10:17:33 2025 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Feb 10 16:16:47 2025 +0000" }, "message": "m/test/launch/cli/launch-cluster: use metroctl_lite\n\nThis avoids building the bundle and thus speeds up the build of\nlaunch-cluster. metroctl_lite is already used in\n//metropolis/test/launch.\n\nChange-Id: I67ef3e92f068d4314f1ef9942ed2fe49992ce48f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3839\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "de57e6f273b05ebf9f58bf4a4ca9734038bcad9f", "tree": "8bc29c1edb49cdb69870f13794add9a3fc1b5762", "parents": [ "c359d550ca8bf59acc77dd9aefc5b09572a7e399" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jan 08 16:34:08 2025 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 10 16:00:22 2025 +0000" }, "message": "m/test/e2e/connectivity: add connectivity tester\n\nThis adds a connectivity testing framework. It uses pod agents and\ncommunicates with them over stdio. This is used to implement a simple\nsmoke test and will later be used to test network policy controllers.\n\nChange-Id: If40673a91336dbe3a7a383bf2e9d17736fad3bdc\nReviewed-on: https://review.monogon.dev/c/monogon/+/3756\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6d33a4342a16200d628f30ff91b169927fc2867a", "tree": "e65ad23cb6d0b795420b5ec625a757784d4c3e3b", "parents": [ "7887f758de8f9106a484ca59d9734304aa919e36" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 04 14:34:25 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Feb 06 17:03:43 2025 +0000" }, "message": "treewide: add license header and enable haslicense linter\n\nChange-Id: I873a8d4082d75e8f813d8a726a41187eea7a065e\nReviewed-on: https://review.monogon.dev/c/monogon/+/3825\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "b69a71ca61b99fc68e83d5735eb449f638ef8b1e", "tree": "69aa2c20e8002355ca7657523b617923b2243e39", "parents": [ "8f1254d1919c7cda42c611c9e1d83cf9a2ef8034" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 23 14:12:46 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 03 14:05:23 2025 +0000" }, "message": "o/t/ktest: switch to proper rule\n\nThis was previously implemented as a macro, lacking proper transitions.\nReimplement it as a proper test rule.\n\nChange-Id: I237a2fcc29ea6dfbb294ce6313c9ff457def12b8\nReviewed-on: https://review.monogon.dev/c/monogon/+/3722\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8f1254d1919c7cda42c611c9e1d83cf9a2ef8034", "tree": "5be283b1ba93876be9c5c53f256ef55793b35bd3", "parents": [ "32e74305db44feaa564da55b3108ff3cc3f1fd32" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 28 14:10:05 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 03 11:13:25 2025 +0000" }, "message": "m/test/launch: extend GetKubeClientSet with rest.Config\n\nK8s streaming transports need a separate rest.Config, expose that from\nthe GetKubeClientSet.\n\nChange-Id: I7c4ee5dae0349bd6742afcbaf23aa7536b1bdf88\nReviewed-on: https://review.monogon.dev/c/monogon/+/3811\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a10d0cb2c85c0ede60be6cc6d2dc7a66750ddecb", "tree": "540bc92832ea12cc8427c0bcd785498dfcc30119", "parents": [ "f408e8123a3919a27d51983973a1bd41eaac1162" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jan 13 14:44:15 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jan 23 20:14:58 2025 +0000" }, "message": "treewide: Fix ENUM_VALUE_PREFIX rule exception\n\nChange-Id: Ibc2fd66711f6aa347e88e2379c12db1898373700\nReviewed-on: https://review.monogon.dev/c/monogon/+/3804\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "2f9f624dee572823d0ead529c1507bb3605d9ae5", "tree": "29977f8a39336929d45189a119bc7e4bf82c4bf5", "parents": [ "3b62407486d2c1fe7cd24a5f38e86fb19d1e2fa3" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Jan 11 08:25:54 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jan 23 19:05:38 2025 +0000" }, "message": "treewide: Fix PACKAGE_DIRECTORY_MATCH rule exception\n\nChange-Id: I8c4061f8d147a4708167b0674abfa23784a7f40d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3801\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "3b62407486d2c1fe7cd24a5f38e86fb19d1e2fa3", "tree": "bfe8bbebd74234a135aa48bb72d071097120c487", "parents": [ "15c46ccb52bc2544d35eee9a80b3c2fb5c0756e2" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Jan 11 07:16:35 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jan 23 19:05:38 2025 +0000" }, "message": "treewide: add buf_proto_lint_test to all proto_library targets\n\nChange-Id: Iaf6dc22fdbef6fcfd0bedff755bcdb06b56a6631\nReviewed-on: https://review.monogon.dev/c/monogon/+/3800\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "4beaf4fac641e77fd08b7b9a3139f7d27fddac72", "tree": "6185d3a82ca7350d0db9ceb56fadf5e68bc02adc", "parents": [ "5c52062f02eb3b32b39ed4ccb9aa6e70c7e1af0d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 14 16:10:55 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 16 12:38:32 2025 +0000" }, "message": "m/t/launch: use undeclared test outputs for node logs\n\nThis allows easy access to node logs for failed tests. If\nNodeLogsToFiles is set and the environment variable is available, this\nis used instead of the test temp dir.\n\nChange-Id: Icf0a99280e4bfabb34f9259ea0e94ac3d6cc4b05\nReviewed-on: https://review.monogon.dev/c/monogon/+/3781\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "156248b949f3da7c8d0f4f46cb97ac7606464952", "tree": "ff52faf242a29f1916edad64bca6282f8030ee66", "parents": [ "227c5cbbdd8f682b6e4d4cc661fa0d6e734206f2" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Jan 10 00:27:45 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Jan 10 20:13:30 2025 +0000" }, "message": "treewide: format repo with buildifier\n\nChange-Id: Ia7aebeb7bba5b119c9157d1ad805cc477bcbb68a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3774\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "3a171d123fff540c8c9d646152a5d5ed9ef873de", "tree": "62fe245a0182c3ba931d8c33278f2dd89c35e77b", "parents": [ "0996ea85ca6200e1729941d316f7891835871938" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 09 23:51:23 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jan 09 21:19:31 2025 +0000" }, "message": "treewide: add race-detector config\n\nThis also disables all `pure \u003d \"on\"` attributes as they propagate too\nfar and break the race detector because rules_go contradicts itself by\nforcing pure go even when CGO is required by the race detector. We build\neverything for our node images static and pure via a transition anyway,\nso this is actually fine.\n\nChange-Id: I5cd3879fba4258caa94df4dbea5c6472867b7e34\nReviewed-on: https://review.monogon.dev/c/monogon/+/3725\nTested-by: Jenkins CI\nReviewed-by: Hendrik Hofstadt \u003chendrik@monogon.tech\u003e\n" }, { "commit": "5c717dd5a7dfecc7a0c629abf5b0b9af7583fe95", "tree": "d698cacb7a91551f73fd909c330cb41c660e86d8", "parents": [ "deaf0c044579516df1fb510c106e8e7881028701" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jan 08 19:35:29 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 09 13:04:14 2025 +0000" }, "message": "m/t/e2e/suites/kubernetes: remove orphaned tests\n\nThese were never automatically exercised as they relied on a\nmanually-set environment variable. The infrastructure that they were\ntesting was long removed, remove them as well.\n\nChange-Id: Ifdf89cfc21fd9069db2577d3ffc7c7ad674da703\nReviewed-on: https://review.monogon.dev/c/monogon/+/3757\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "681d5157b955f6b942c620837d1a9e90bdefc983", "tree": "254905b461e1545d960fafbdad1ec2c250fc383f", "parents": [ "2edb96aeded0f67904ac9630088454fb12a62317" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jan 08 00:19:33 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jan 08 20:54:21 2025 +0000" }, "message": "treewide: clean up test static binary targets\n\nThis removes some intermediate targets only used for transitions by\nconsolidating them into a single one.\n\nChange-Id: I46dcbcb731038edd2b67259de1811018f5ba43da\nReviewed-on: https://review.monogon.dev/c/monogon/+/3753\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\nVouch-Run-CI: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "a5b00bd43cceaf807e56ae609c6acdb9f94fa983", "tree": "5c2c0fe0d3947ddc7d82f6c4b34bedaeb26b7f39", "parents": [ "70e5a977302e5ce90c94488b7da0d55894dea3ec" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 09 22:52:31 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 23 13:11:29 2024 +0000" }, "message": "metropolis/test/launch: fix data race\n\nChange-Id: Id427d73cf32ff06a074fce5903d66050dd9e28cb\nReviewed-on: https://review.monogon.dev/c/monogon/+/3688\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d1a8b64d305c57f45416fc40b39211541113a373", "tree": "17fcd0e77576b200e75a940fb26ce2334a7a8553", "parents": [ "d77e26ee216738393a9808c95266bbcb91ca0e68" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Dec 03 17:40:41 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Dec 04 08:28:03 2024 +0000" }, "message": "treewide: add more ptr.To usages\n\nChange-Id: Ibf511bc012a17e39d6b7b4f3a7d9abc1304d755f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3677\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "2ecccae4ff62b687ec5e218349fcf8a42069dfc9", "tree": "c5a5914c9d3bd8fb37a5650a6b3e4881f9fc2610", "parents": [ "d58edf4e2f745427d69ecc72bfe9a9ead69d697d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 27 22:03:35 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 02 16:50:54 2024 +0000" }, "message": "m/node: enable user namespaces in K8s\n\nThis enables the two feature gates for user namespace support in K8s.\nWe did not previously have a passwd file which caused Go\u0027s UserLookup\nto fail with an unexpected error. Add an mostly-empty placeholder file\nto placate it.\n\nChange-Id: I71a7a6dc889a289512075a25b7e551f2cd65ffb6\nReviewed-on: https://review.monogon.dev/c/monogon/+/3665\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "73beb693ce8aed1c1caffaec2f01b2b9c65516b3", "tree": "378d3b779febf33b1666438b1dd003053d9fd21c", "parents": [ "be70c9247b7c8f7ab0eef4b0c7b1faaf934b8f97" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Nov 27 17:47:09 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 27 19:34:17 2024 +0000" }, "message": "m/node/kubernetes: remove local-strict storage class\n\nIt turns out that the local-strict storage class did not have an effect\non readonly volumes, or on gVisor. And after updating runc to 1.2.0, it\nno longer has an effect anywhere. It appears that setting noexec and\nsimilar flags in the CSI server, using a storage class, is the wrong\napproach and just happened to work by accident. Instead, this should\nprobably be implemented as a Kubernetes feature to set per-mount-point\nflags on the VolumeMount.\n\nThis commit thus removes the local-strict storage class and the mount\noptions processing in the provisioner and CSI server. This will allow\nupdating runc.\n\nAdditionally, the StatefulSet end-to-end test is extended to also run\ntests with gVisor. gVisor apparently does not support block volumes.\n\nSee: https://github.com/monogon-dev/monogon/issues/361\nChange-Id: Ic2f50aa3bc9442ca1dbb9e8742d5b8fecbfc3614\nReviewed-on: https://review.monogon.dev/c/monogon/+/3658\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "be70c9247b7c8f7ab0eef4b0c7b1faaf934b8f97", "tree": "b1126b8ddaf845314329bd33249e2ec0db6940dd", "parents": [ "0ec0c53061acd57cf545440a723c1fd9817ed080" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 21 11:16:03 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 21 12:57:42 2024 +0000" }, "message": "m/node/kubernetes: fix attaching block PVs\n\nAttaching a block PV to a container failed with the error:\n\"failed to create device node at target path: file exists\".\nThis happened because there was already a directory at the path.\nThe directory should only be created for mounts, not for block devices.\n\nI also extended the PV end-to-end test to add a block volume, and check\nthat it can be opened as a block device and has the expected size.\n\nChange-Id: I40ca82cfcbfee1cb3196a900423f967b45790a64\nReviewed-on: https://review.monogon.dev/c/monogon/+/3623\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "652c2ad2e499ca709523978e04b3a3dbb6df642c", "tree": "4a31c1797694ed53331d1a998922c3587d940d5b", "parents": [ "36f0375c9834d82016cb077142d2eaaea981d7a5" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Nov 19 17:40:50 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Nov 20 13:55:19 2024 +0000" }, "message": "m/node/kubernetes: fix PV mount flags and add e2e test\n\nMount flags did not work because of two problems:\n- The provisioner did not copy them from the StorageClass to the\n PersistentVolume.\n- The CSI server used \u003d instead of |\u003d when adding flags, so only one of\n the flags was added or removed.\n\nThere was an existing e2e test for PVs, however this only created the\nPVC/PV without even attaching it to a container. I extended this test to\nattach the PV and check from inside the container that it has the\nexpected mount flags and quota.\n\nThe existing e2e test also created a block PV, however attaching a block\nPV to a container was not tested and is apparently broken, so I removed\nthis test for now.\n\nChange-Id: Ie14adfafd333eab38d2b5f1b4ce8a2aa8795eae0\nReviewed-on: https://review.monogon.dev/c/monogon/+/3613\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "36f0375c9834d82016cb077142d2eaaea981d7a5", "tree": "301dacf15758e619d2c7fc0901e90ce6a5229f81", "parents": [ "1fc5eb01ef91a4c6fc936a177329b845f0bb45d7" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Nov 19 17:41:05 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Nov 20 13:55:19 2024 +0000" }, "message": "m/test/e2e/suites/kubernetes: increase test timeouts\n\nThese timeouts are too short and cause spurious test failures.\n\nChange-Id: I21252337a150bb5774ef031eea53ec1a366f7fbd\nReviewed-on: https://review.monogon.dev/c/monogon/+/3614\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "78567601398f4db5a8080fd30038ff7ac6affe0f", "tree": "757ee7c8d374317366a2535dbfb48ceaa66700f0", "parents": [ "beec27c6bdc2da730ffa2a2be6a68e1610148913" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 31 13:42:04 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 05 13:11:03 2024 +0000" }, "message": "metropolis: remove stutter in ClusterConfiguration.KubernetesConfig\n\nWe already know this is a config (it lives in ClusterConfiguration), no\nneed to call that a config again.\n\nThis doesn\u0027t break any compatibility yet as field names are not (yet)\nunder a stability guarantee.\n\nChange-Id: Ib6492d1c8303cbd0620b979b8047ec9757e301c0\nReviewed-on: https://review.monogon.dev/c/monogon/+/3594\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "39f4f5c360e7a286bff4adaeabc52393dc28dc22", "tree": "c81382f2408a83ab7391414738713633b8fc9608", "parents": [ "1e39914fbcecda7ec236e67f143bbefc31eee9da" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Oct 29 09:41:50 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Oct 30 13:10:29 2024 +0000" }, "message": "metropolis: add cluster domain config and metroctl param\n\nThis adds a --cluster parameter to metroctl and a cluster domain field\nto the bootstrap configuration. It is not yet used anywhere, but later\nthe cluster domain will be used to identify the cluster.\n\nThe length of the cluster domain is limited to 80, to allow for\nconstructing subdomains. This limit could be increased later if needed,\nbut it cannot easily be decreased, so I chose a conservative value that\nshould be enough in most cases.\n\nChange-Id: I627cca8eb1d92c4b06e4dfd6b6926a013e8f33ae\nReviewed-on: https://review.monogon.dev/c/monogon/+/3508\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1e39914fbcecda7ec236e67f143bbefc31eee9da", "tree": "806a09d23eec324d7ff131f42ddfab13cc0f98e0", "parents": [ "20498ddc40079451c83ba3708afc57d820866cb3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 22 10:58:15 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 30 11:42:51 2024 +0000" }, "message": "metropolis: first pass API for reconfiguring cluster\n\nThis implements management.ConfigureCluster. This API is based around\nProtobuf FieldMasks, which is a new thing in the Metropolis codebase\n(node config mutation is performed via optional fields).\n\nWhether this is the right way to do this is to be discussed.\nAlternatives considered are:\n\n1. Always insert a full new config, providing the old one as a base. The\n downside of that is the potential conflicts that will spring up the\n moment we have systems regularly mutate independent parts of the\n config. Additionally, this might lead to some odd behaviour when\n dealing with clients that don\u0027t have support for newer versions of\n the config proto.\n2. Use optional fields, like in Node role code. However, this has the\n downside of duplicating protos (one for the config state, one for the\n mutation request). Plus, protobuf optionals are still somewhat\n unusual.\n3. Provide individual requests for mutating fields (like with Node\n labels). This also results in a lot of boilerplate code.\n4. Something akin to JSON Patch, but for protobufs, which doesn\u0027t seem\n to exist.\n\nChange-Id: I42e5eabd42076e947f4bc8399b843e0e1fd48548\nReviewed-on: https://review.monogon.dev/c/monogon/+/3591\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "20498ddc40079451c83ba3708afc57d820866cb3", "tree": "08849c86dba480fd56e4252a302ee804d8ac7fae", "parents": [ "e99638e3c7a2f1a604d49c47cc7a2685bfff8c5e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 17:07:08 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis/test/launch: synchronize test node labels to kubernetes\n\nChange-Id: I57361503debb1d25873a72be18e947d2d1f11511\nReviewed-on: https://review.monogon.dev/c/monogon/+/3470\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e99638e3c7a2f1a604d49c47cc7a2685bfff8c5e", "tree": "636c243a58100c971cc3e224abf2c54324aad00a", "parents": [ "9579be5e09b6293edc78d3142b0c67a24afda93c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 17:06:44 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis/node/kubernetes: synchronize metropolis node labels to kubernetes\n\nThis extends the labelmaker to manage Kubernetes node labels mirrored\nfrom Metropolis node labels.\n\nNote that currently there is no way to edit a ClusterConfiguration at\ncluster runtime, but this will come in a future CL.\n\nChange-Id: If7dbc3796085a8b85c1b5b2a181bcb1cee3d1db4\nReviewed-on: https://review.monogon.dev/c/monogon/+/3469\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6d1ff36763f1d48cf8620afd17321a06d2fbe228", "tree": "e0f48b5b138f51579de1ce2662e1b3a39acec6d3", "parents": [ "677de978403a58cd219e77b312b647927bd560ac" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 15:15:31 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis/node/kubernetes: update labels based on node roles\n\nThis implements the labelmaker, a reconciling loop running on Kubernetes\ncontroller nodes which updates Kubernetes node labels based on cluster\ndata.\n\nCurrently it only updates role labels based on cluster roles, but this\ncan be extended in the future to also replicate Metropolis node labels\ninto Kubernetes node labels.\n\nChange-Id: I9c5ba92bb46f064aa03836720d4a80adc6061ab9\nReviewed-on: https://review.monogon.dev/c/monogon/+/3464\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "0bc92a087ee0eb279ab29c3aba5d127b4202a2ea", "tree": "9c481ad86d6324cdd6bdfff4a55af4d4b4689f3c", "parents": [ "61b97a375aee98f58c13c13be672b442aecc8440" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 01 22:53:08 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Oct 10 15:55:35 2024 +0000" }, "message": "treewide: bump rules_oci to v2.0.0\n\nChange-Id: Idbeb3a3b7645c5b6f774eb43d218ca0bc79dccc1\nReviewed-on: https://review.monogon.dev/c/monogon/+/3474\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a512b0e03b370ea86b383212863d81b6d9677f3a", "tree": "373bb9ff7fd8e63928205c28d8480c33bfd8f2aa", "parents": [ "5fb8a3fc41a1c59636adaf55c6495c1a671ef7ad" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Sep 28 03:57:43 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 08 13:55:15 2024 +0000" }, "message": "metropolis/vm: delete vm package\n\nThis only contains the CRD right now and is not used/implemented\nanywhere. This is also the only usage of kube-code-gen which breaks with\nthe newest version of rules_go. Since we don\u0027t plan to use this\nin the near future this also gets deleted, because even if we need it\nagain, we can just revert this change.\n\nChange-Id: I29ab75541957fce6a7dd8414c0df3cfdf90f8ec3\nReviewed-on: https://review.monogon.dev/c/monogon/+/3465\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "d5538b52d7a8739f7123458c10973be36b27b9ff", "tree": "fd718931af36798650ddbf1a8978a94220994e82", "parents": [ "1dcede9600e4c1584da4fbe89128970ea9532860" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Sep 25 13:16:49 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "m/n/c/consensus: fix startup after removing a cluster node\n\nThe consensus service was waiting for all initial peers to be DNS\nresolvable before starting etcd. However, the list of initial peers is\nnever updated. If an etcd member is removed from the cluster, it is no\nlonger resolvable, but may still be contained in initial peer lists. The\nconsensus service then fails to start, as it is blocked forever waiting\nfor the removed peer to become resolvable.\n\nThe wait for resolvability was added in c1cb37ce9c43 with this\nexplanation:\n\n\u003e It also makes the consensus service wait for DNS resolvability before\n\u003e attempting to join an existing cluster, which makes etcd startup much\n\u003e cleaner (as etcd will itself crash if it cannot immediately resolve\n\u003e its ExistingPeers in startup).\n\nThis does not appear to be needed anymore. I did not observe etcd\ncrashes after removing the wait for resolvability.\n\nI extended the e2e test to test this scenario. After removing the\nconsensus role, it also deletes the node and reboots the remaining\nnodes. I moved these tests to the ha_cold suite, because with encryption\nenabled, we currently cannot reboot a node in a 2-node cluster.\n\nChange-Id: If811c79ea127550fa9ca750014272fa885767c77\nReviewed-on: https://review.monogon.dev/c/monogon/+/3454\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1dcede9600e4c1584da4fbe89128970ea9532860", "tree": "1561bfcc59a2663ee432339bf4d815e399571a9a", "parents": [ "39d9c24f7167eb853aed0e1865ef8b187adf5bba" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Sep 25 13:07:11 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "m/test/launch/cli/launch-cluster: add allow-reboot flag\n\nWith the `-allow-reboot` flag set, it is possible to reboot a node with\n`metroctl node reboot`.\n\nChange-Id: I5c16f40d231803e31452a3b3c524be209d501526\nReviewed-on: https://review.monogon.dev/c/monogon/+/3453\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "39d9c24f7167eb853aed0e1865ef8b187adf5bba", "tree": "dc8229e272c2f78eac56bdf4fde135809444f255", "parents": [ "8d82f8d261b14b73385ba66e44279c53bb9fef13" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 24 13:49:55 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "metropolis: reduce usage of identity.NodeID\n\nEventually, we want to be able to rotate node keypairs. To allow this,\nthe node ID needs to become independent of the public key. This change\nis a refactoring which starts this work by reducing the usage of\nidentity.NodeID, the function which derives a node ID from a public key.\n\nChange-Id: I5231ed0a7be37c23327fec93481b00c74374af07\nReviewed-on: https://review.monogon.dev/c/monogon/+/3445\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ad8982fcd78a3408c024d9031fa611b48dd86304", "tree": "b6a7f84b0d7d8e1d4531883eac22dab990c6f1c7", "parents": [ "fc6e1cf11d0d96fac1e8d52b5787b207f8b1fd9f" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 17 13:56:34 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "m/node/core: remove etcd membership before removing consensus role\n\nWhen removing the consensus role, we also need to remove etcd\nmembership. It is safer to remove membership first, and then the role,\nbecause otherwise, the etcd cluster is in a degraded state during the\ntime where etcd on the node has been stopped, but the node is still\ncounted as a voting member by etcd.\n\nIf the membership is removed, but then removing the role fails, the\ncluster ends up in an inconsistent state. If the affected node was the\ncurator or etcd leader, that will almost certainly happen. In this case,\nthe request can just be retried until it succeeds, and then the cluster\nstate is consistent again between etcd membership and roles.\n\nChange-Id: I1ab526470a4201e76817e8ca0a597996fb903d1f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3437\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5f1a7de2dfb5db1884fcb677a0bd38daf6dd3c97", "tree": "fd52bf35b4b2e6b5c51f56d62424c9d0820ef537", "parents": [ "e337e938ae8e08dffa3a01045571188413ce70ff" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 19 02:00:14 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 19 12:06:50 2024 +0000" }, "message": "treewide: fix %v in cases where we should use %w\n\nWe should always use %w when using fmt.Errorf as you can use error.Is to\ncompare the underlying error. When printing an error the use of %w is\nwrong and should be replaced with %v.\n\nChange-Id: I741111bd91dcee4099144d2ecaffa879fdbb34a2\nReviewed-on: https://review.monogon.dev/c/monogon/+/2993\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ca8d951b683a3f0c64da7f61d4f74567d50623ac", "tree": "8e8f7af5a5902c0807d77d6774dfd8b426510624", "parents": [ "04aa3df595521dab1fe8fb12b716d2826a37105f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 12 14:20:57 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 16 16:29:59 2024 +0000" }, "message": "metropolis/resolver: use logging.Leveled\n\nThis moves the resover client library to use logging.Leveled instead of\nan ad-hoc logger interface.\n\nBy now having multiple level of logs, and by defaulting metroctl to show\nerrors and warnings, this should fix #302.\n\nChange-Id: I7cae1cf1be377ec824ad46ea1da1b23b46e01903\nReviewed-on: https://review.monogon.dev/c/monogon/+/3432\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5abcc7a8a8eb891c0f8920fbd4fa0104e751841b", "tree": "9aa19c4a6dd5234b241f6f6a0b82f3d2878e4ce3", "parents": [ "0700357ac03ceb039c0c66e07f06da164d53d5b5" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Aug 26 13:59:11 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 10 14:50:21 2024 +0000" }, "message": "m/test/launch/cli/launch-cluster: fix metroctl path\n\nos.Executable() returns the path to launch-cluster, not metroctl. This \nbug meant that trying to use kubectl on the cluster instead launched \nanother cluster.\n\nChange-Id: I94305c2688e55e2d2776d4a141d80b9f4ee3ec8f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3352\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0700357ac03ceb039c0c66e07f06da164d53d5b5", "tree": "8ea2f279903ea08850cf521f8cc25277467aed1f", "parents": [ "12b9a5d23a8cd59b2b9861aca47b81ed44abbdfd" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Aug 26 10:42:16 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 10 14:50:21 2024 +0000" }, "message": "m/test/launch: make disk size configurable\n\nThis adds a flag to the launch-cluster command to specify the disk size \nof the VMs. This takes advantage of the previously added data partition \ngrowing feature.\n\nFixes: https://github.com/monogon-dev/monogon/issues/309\nChange-Id: Iecf8d8c186af16dfa9ed0418ec96c51e58900052\nReviewed-on: https://review.monogon.dev/c/monogon/+/3351\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6120f38e1a10a1389f9413209ea6b6f23be56258", "tree": "e05e708b1c8c9a8fabdd725f66e8885dec448857", "parents": [ "e1420ab79117be4c97818fa708f62fea3ff6d265" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Sep 03 16:31:10 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Sep 10 12:10:09 2024 +0000" }, "message": "cli/metroctl: add metroctl_lite for use in tests\n\nIt is the same target just without any data dependencies to ensure we\ndont have large dependency tree when running tests.\n\nChange-Id: Iebd0fbd880de07bbd853ea8dce8e9fbb193506af\nReviewed-on: https://review.monogon.dev/c/monogon/+/3372\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "62e6f0b9a4561118f691f2d886a7e2c026cec333", "tree": "1a587dfea077d6111018913573cce7152cf1340b", "parents": [ "b2d6c33bbb47a4b59bfb8c63934de500815a6a91" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 03 12:18:56 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 04 19:40:28 2024 +0000" }, "message": "metropolis/launch: expose VNC socket\n\nThis can be used to manually test our upcoming console terminal.\n\nDrive-by add a timeout to retrieving initial cluster credentials in\ntest, as this wasn\u0027t capped and caused tests to fail at the Bazel 300\nsec timeout for a trivial case of a misconfigured qemu that wouldn\u0027t\nlaunch.\n\nChange-Id: I31fe8b82f3d7ad606c0ca1b03f51373fc746d499\nReviewed-on: https://review.monogon.dev/c/monogon/+/3370\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "732a88411de08ac44d1f2bdb6b948c39c9ddc727", "tree": "6c7b78cf514254594d3ccadbb41f6364dd2cc286", "parents": [ "688ee2b59301e5a0494890003a85583f8da07ec5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 26 23:25:37 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 27 21:40:54 2024 +0000" }, "message": "treewide: update to Kubernetes 1.31\n\nOverall not that bad, we got rid of some workarounds and added some new\nones. Biggest change is a significant refactor of the hyperkube package\nas Kubernetes really doesn\u0027t like multiple of their top-level Cobra\ncommands to be instantiated. One new patch for gVisor as new fields got\nadded to a Linux struct which caused codegen to rename an existing one.\nThat patch will go away once [1] is released as this has been changed\nback again.\nOtherwise mostly standard rebases of patches. We currently have a\nwarning in kubelet as our containerd CRI does not support the\nRuntimeConfig RPC, but no released version of containerd has that and\nthe fallback works fine for now.\n\n[1] https://go-review.googlesource.com/c/sys/+/607876\n\nChange-Id: I275e5fb78bc1d09c4ca0e8b5705edbaa80f30d96\nReviewed-on: https://review.monogon.dev/c/monogon/+/3355\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a9b060b0bf7d965c7f04f1d005d7f3767715d5bc", "tree": "3f04781571d00e3b9640bb24da27cd0c7b6c121a", "parents": [ "397f7eaa1e98554f8b9fed2c748e492bf739027b" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Aug 07 10:42:29 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Aug 21 12:34:45 2024 +0000" }, "message": "m/test/launch: allow specifying launch parameters\n\nThis adds flags to the launch-cluster command for specifying the size of\nthe cluster, tpm and storage security configuration, number of CPUs and\nRAM size for all nodes, and assigning roles to specific nodes.\n\nAs an example, the following command launches a cluster with tpm\ndisabled, 4 nodes, 2 CPUs and 4 GiB of RAM on each node, and assigns the\nKubernetes Worker role to all except the first node:\n\nbazel run //metropolis:launch-cluster -- -tpm-mode\u003ddisabled \\\n-num-nodes\u003d4 -cpu\u003d2 -ram\u003d4G -kubernetes-worker\u003d1-3\n\nThe default storage security policy was changed to insecure, as this\nspeeds up cluster launch.\n\nThe cluster configuration flags are defined in a new separate package to\navoid code duplication.\n\nFixes: https://github.com/monogon-dev/monogon/issues/315\nChange-Id: Icf8b7fcbd6e609f4785b2a60ce5e7be14b641884\nReviewed-on: https://review.monogon.dev/c/monogon/+/3307\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c2290c2e21ee5615d341d56799516829c2fea540", "tree": "fdbf849c7e459508b844c7aff2a33e79f4c1b12e", "parents": [ "be0b4c9158371b29c21badc5702ee50ed8179935" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 15 19:56:00 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 20 13:03:42 2024 +0000" }, "message": "treewide: move build helper to more fitting places\n\nChange-Id: I3d0cfe9283222d403ae369ec9db09201ad511e15\nReviewed-on: https://review.monogon.dev/c/monogon/+/3327\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "82e6af71ad2b7927de8d754799271ee9f39506f9", "tree": "4da4ec95a6e4c5f58957c555d8646e46dbb25c6d", "parents": [ "bceb1604c4d6ce1396c63083d2fd8aae98346cf3" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 23 00:05:42 2024 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 13 12:43:45 2024 +0000" }, "message": "treewide: replace hardcoded runfiles paths\n\nWe hardcoded some of the runfiles paths to find specific files. This replaces the hardcoded paths by a call to rlocationpath. This prevents running a target without the correct dependencies at build time instead of at runtime\n\nChange-Id: I7ce56935ac80be6b28b824ccb0781ab401bd6521\nReviewed-on: https://review.monogon.dev/c/monogon/+/3301\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0b9276519a7475c3a341f78d83ca8d18cec3b38a", "tree": "4824ee5afec87621b60d6cf06e22d3c696d3a978", "parents": [ "a3e38cf9a4fcc0940402c4f18172662a84e28151" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Jul 31 18:08:50 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Aug 05 07:36:08 2024 +0000" }, "message": "m/test/launch: consistently use 0-based node indices\n\nPreviously, the first node was sometimes called node 1 in the logs, and \nsometimes node 0. Now it is always called node 0.\n\nOnce all nodes are up, node info is now printed in the order of node \nnumbers. Previously this was random as this was iterating over a map \n(cluster.Nodes).\n\nChange-Id: I0757c89951d7292f2f720237604a3554af4bf404\nReviewed-on: https://review.monogon.dev/c/monogon/+/3293\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "3325b4b940370ad4282fdaa6027a5672ff8fdc2a", "tree": "7308d80e86a0d0ea34a5d2d5c8dac8cb2dd8efeb", "parents": [ "41b244857ee793cbf74552ec39f2ff614a686a56" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 15 19:19:49 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 22 21:25:58 2024 +0000" }, "message": "workspace: bump bazel_gazelle to v0.37.0\n\nChange-Id: I45a7769d80781075fdfb1c438240a75629dd572a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3220\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "9f21f5396aa18bc9f2f83c867ff883f49bbf02ae", "tree": "c232f42c84bd6b7ace576261a188134cb0c69771", "parents": [ "f430fbfe35b70283090b6174cf5a920163c0148c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue May 07 15:14:20 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 04 12:19:37 2024 +0000" }, "message": "treewide: introduce osbase package and move things around\n\nAll except localregistry moved from metropolis/pkg to osbase,\nlocalregistry moved to metropolis/test as its only used there anyway.\n\nChange-Id: If1a4bf377364bef0ac23169e1b90379c71b06d72\nReviewed-on: https://review.monogon.dev/c/monogon/+/3079\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "53458ba5e9a9be9d7bbca7b01fb7ad5ff1201698", "tree": "0da5c7f8d4bec5c26d13b727de829bbb4bf91111", "parents": [ "dac0bba8b4762def59b5f929f6e9cc04f376e3e3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 18 09:56:46 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 25 08:21:11 2024 +0000" }, "message": "m/test/launch: order nodes in NodeIDs correctly\n\nThis ensures that referring to node by number via NodeIDs is possible -\nie. that NodeIDs[n] is the ID of the nth node as defined in NodeOpts or\nas used as the \u0027idx\u0027 argument in RebootNode.\n\nThis was never and is still not correctly formalized, even in comments,\nand is yet another proof that the cluster launch code deserves to be\nrewritten from first principles.\n\nFixes #301.\n\nChange-Id: I1ad13dc3bdd35a0c34f86e5d051ca9378491c876\nReviewed-on: https://review.monogon.dev/c/monogon/+/3168\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "30e30b3323f05cb76a5168c24a487e4d8138b653", "tree": "f658e7c3537c1511dc84d6d2acad99a5c514269b", "parents": [ "11198c83ff733a10bfd731f20abadd286e753e28" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed May 22 14:11:56 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 12 10:00:40 2024 +0000" }, "message": "m/node: allow specifying node labels during node registration\n\nChange-Id: Ie7fc7387314cd2f59661c2d07530b712f8f29b48\nReviewed-on: https://review.monogon.dev/c/monogon/+/3104\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "11198c83ff733a10bfd731f20abadd286e753e28", "tree": "62d9f95bf1736fd9e3f77d6e21256223ff86a89d", "parents": [ "41113935d59f3c0210b04d6251b1559979c677fb" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed May 22 14:11:01 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 12 10:00:40 2024 +0000" }, "message": "m/node: allow specifying node labels during cluster bootstrap\n\nWe also drive-by refactor ProvideBootstrapData to take a structure\ninstead of a bunch of unnamed arguments.\n\nChange-Id: I8d876fd726fa87420789513540b20f523994d801\nReviewed-on: https://review.monogon.dev/c/monogon/+/3103\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2b6dc312656035aedade6f368af1994bdb8b6021", "tree": "488e63bfdf22b6b389e160a01d4f731c3956e2f3", "parents": [ "8111b901b88c8ef9ca5e113584c928de4bfdd24d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 04 17:44:55 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 11 17:01:21 2024 +0000" }, "message": "metropolis/test: create swtpm TPMs at runtime instead of compile time\n\nThe generated TPM data is random (it contains generated cryptographic\nkeys) so we really shouldn\u0027t be building it with Bazel.\n\nInstead, let\u0027s create it at runtime for e2e tests, and also actually\ngenerate separate TPM data per node with a common issuer for all.\n\nMoving the logic out of //metropolis/node also feels deserved, as this\nis all squarely in test territory.\n\nChange-Id: I257ee54c88ede685ba3faf573282b0f9228b10e8\nReviewed-on: https://review.monogon.dev/c/monogon/+/3132\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b07c57a3d0d7bc3d63e86e0b50c2ed4f5c6e5af6", "tree": "a189e5d724ab5f83cc0e6d237b8cb4bc1fcf1be2", "parents": [ "551a8199dab7faaa0bfb2c082c7f55a0940df247" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 04 14:33:27 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 11 17:01:21 2024 +0000" }, "message": "metropolis: use swtpm from monorepo\n\nChange-Id: I6da94c7eaa31930d120955a17661152fc284f4a0\nReviewed-on: https://review.monogon.dev/c/monogon/+/3130\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "551a8199dab7faaa0bfb2c082c7f55a0940df247", "tree": "a3401e58cc04141b08ba72eafd57ad287163885f", "parents": [ "2dc428095db12457baa21f1016ed32e016dab5b1" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 04 14:32:11 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 11 17:01:21 2024 +0000" }, "message": "m/test/swptm/swtpm_cert: init\n\nThis is a Go reimplementaiton of swtpm_cert from upstream swtpm.\n\nChange-Id: I5738709fbe9512cfb3c853622f0ff6655506e9a9\nReviewed-on: https://review.monogon.dev/c/monogon/+/3129\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "2dc428095db12457baa21f1016ed32e016dab5b1", "tree": "64099a44141eb5d5909accafd14925fadc53a9ce", "parents": [ "72c1f2b4fde0477c9e1d02803fe8c5ffef116f42" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 04 14:30:19 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 11 17:01:21 2024 +0000" }, "message": "m/test/swptm/certtool: init\n\nThis implements a minimal GnuTLS certtool replacement. It will be used\nby swtpm_setup and friends when generating an emulated TPM certificate.\n\nChange-Id: I7635ccdc50459fec9287ea790488e110c6ce3094\nReviewed-on: https://review.monogon.dev/c/monogon/+/3128\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d02c6c7745943f19d453f6fba0bfb701e7f222df", "tree": "47a142a6b71e2aaa8e6a1ac9dc8d948158b70fec", "parents": [ "327cdbaec24fe9eddf6cb7589acbe7e8612eb6a4" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed May 22 18:19:00 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 04 15:54:09 2024 +0000" }, "message": "m/test/launch/cli: turn targets back into binaries and aliases\n\nWe had some kind of hack to get //metropolis:{launch,launch-cluster} to\nwork as `bazel test` targets, but I see no reason to ever want that.\n\nHaving the thing go through a test_suite and a native_test broke passing\nSIGINT and caused the emulated environments to continue running in the\nbackground forked off the server when the user exited via Ctrl-C.\n\nFor some reason, running in tests also allowed us to do a weird hack in\nwhich we could resolve the TPM config directory as a runfile and list\nfiles there (running via `bazel run` broke that). Let\u0027s also fix this to\njust use a file list instead.\n\nChange-Id: I3389617272307275e2755e540b233f88ca80f0bd\nReviewed-on: https://review.monogon.dev/c/monogon/+/3105\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "dd5b03c0f43dabdd1b2882a4147f5b4a828543b8", "tree": "c5ad7f6f841cce6f18fbf85c1820503e6fe740a6", "parents": [ "a42844a2d797d0ddc3a8eb0658ecd26f949277df" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu May 16 18:07:06 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed May 22 12:12:27 2024 +0000" }, "message": "m/test/launch/cluster: make node images use qcow2-based snapshots instead of copying\n\nThis is a mild speedup, saving a few seconds from every E2E test (time\nwhich would\u0027ve otherwise been spent copying image blocks) and\nalleviating IOPS pressure as the test runs on tests which don\u0027t use\nintegrity checking.\n\nChange-Id: I8feece1c028b62e54dc0b45732443d7c93515d7f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3093\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "adcf5d79ca9e4dd370d24e6579932a3dbaf5bd50", "tree": "bc038e72961171e033b9fb85abea5731ee38eb26", "parents": [ "0726486159ad5ee1e1ddcd8d8e1e52bb6cf11e20" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue May 21 13:46:25 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue May 21 12:55:58 2024 +0000" }, "message": "metropolis/test: fix %v in cases where we should use %w\n\nChange-Id: I3ad73960ad6655332c9d223e13796ca410dca582\nReviewed-on: https://review.monogon.dev/c/monogon/+/3095\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "99b021469b209bf184cd8d18749a7c1e74852a50", "tree": "9b916b10f5048cd40e9b0c929926d6d70abb36fa", "parents": [ "d5d33ba1e0798b48f56e6a1bc9178af9fc778179" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 17 16:33:28 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu May 16 08:35:09 2024 +0000" }, "message": "m/test/e2e: split out tests into subpackages\n\nThe end-to-end tests have grown large enough that they merit their own\ntest targets. To make this more Go-idiomatic, we split away the tests\nnot just int separate Bazel targets, but also Go packages.\n\nWe also add per-test resource requests for Bazel, including a new\nresource kind (iops). This makes the tests more deterministic and allows\nuse to eg. use --runs_per_test\u003d10 to deflake test logic without hitting\nresource contention issues.\n\n//metropolis/test/e2e/suites/core:core_test PASSED in 35.1s\n Stats over 10 runs: max \u003d 35.1s, min \u003d 26.6s, avg \u003d 31.9s, dev \u003d 2.6s\n//metropolis/test/e2e/suites/ha:ha_test PASSED in 114.6s\n Stats over 10 runs: max \u003d 114.6s, min \u003d 90.1s, avg \u003d 100.9s, dev \u003d 7.6s\n//metropolis/test/e2e/suites/ha_cold:ha_cold_test PASSED in 67.8s\n Stats over 10 runs: max \u003d 67.8s, min \u003d 55.5s, avg \u003d 62.0s, dev \u003d 4.1s\n//metropolis/test/e2e/suites/kubernetes:kubernetes_test PASSED in 80.9s\n Stats over 10 runs: max \u003d 80.9s, min \u003d 58.8s, avg \u003d 68.6s, dev \u003d 6.0s\n\nChange-Id: I8f31e09f599fd90c9941e2b69f36789817fa90ce\nReviewed-on: https://review.monogon.dev/c/monogon/+/3086\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8bc82868fd289220078ff317235db084349d9f70", "tree": "38c893fc96169d4c79a7d699d83158f86f564d04", "parents": [ "b765f24f8f1c93b817c8a3f4f1eef2514562b140" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 30 11:47:09 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon May 13 10:44:10 2024 +0000" }, "message": "third_party/linux: fix LACP issues\n\nThis fixes two major issues with the Linux LACP implementation:\nFirst, the bond interface indicates carrier availability before any port\nis even in aggregation state. It pretty much only cares about underlying\nport carrier state which is not meaningful in LACP-controlled\naggregation.\nSecond, individual ports are added to the list of transmitting ports\nimmediately after coming up. This causes packets to be transmitted\nbefore the LACP state indicates that this should happen.\n\nFix both of these issues by only enabling ports when the LACP state\nmachine places them in collecting/distributing state and making the bond\ncarrier state dependent on ports being enabled. This makes the interface\nalso behave logically consistent, i.e. it can transmit packets when its\ncarrier is reported up and not when its carrier is reported down.\n\nWhile in there, fix some timer-related annoyances which make convergence\nunnecessarily slow.\n\nThis also comes with a ktest which can be used for testing and\nverification of these changes.\n\nChange-Id: I60d0ed483f4f4ccea4d582b80e2bb29ff741783d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3073\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "b765f24f8f1c93b817c8a3f4f1eef2514562b140", "tree": "1afe10327fcbbefa99de0bf3bfcb0d28ca77abca", "parents": [ "da1c950d5099b7384d9239d3590393080e9bc8f4" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed May 08 01:40:02 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon May 13 10:07:41 2024 +0000" }, "message": "metropolis/cli/pkg/context: replace with signal.NotifyContext\n\nChange-Id: I457ccb83c7e25988755bb9463a8c83fc328a722b\nReviewed-on: https://review.monogon.dev/c/monogon/+/3081\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "ddc5e6a098c24c1e69b5c692f534b05dbc763367", "tree": "962bc2b07f054b9c2552018a305fca2d9ee277f9", "parents": [ "2d83a128f6096b8133af9edec00e1cd0cd8215b0" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Apr 23 23:44:34 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon May 06 13:34:32 2024 +0000" }, "message": "treewide: update to UwUbernetes (Kubernetes 1.30)\n\nCo-authored-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nCo-authored-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nChange-Id: Id923f503938314ef8fb4243f36604752edbb4605\nReviewed-on: https://review.monogon.dev/c/monogon/+/3047\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "7be54aa2e0614d174d664c67f8dfccd5a2f1e856", "tree": "0af35e56eadcb6449676a0c6eb51ce90e815ed02", "parents": [ "500f6e08356b1cf358e619247582be784616964e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 09 12:07:10 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 25 12:01:18 2024 +0000" }, "message": "m/test/e2e: add TestE2EColdStartHA\n\nThis exercises full cluster shutdown and restart.\n\nChange-Id: I546a46c7c8d34da23466b8b959076135c503b077\nReviewed-on: https://review.monogon.dev/c/monogon/+/2943\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "500f6e08356b1cf358e619247582be784616964e", "tree": "acbefa8a8ff731ef38ea547172d8c87249209e77", "parents": [ "e564f17cc268763402ccaed1d2416309568c06f9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 03 12:06:40 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 25 12:01:18 2024 +0000" }, "message": "m/t/launch/cluster: add ShutdownNode/StartNode calls\n\nThis is a simplistic implementation of the ability to shut down and then\nstart nodes back up.\n\nThis has the following known issues:\n\n 1. Starting a node back up won\u0027t start it\u0027s TPM emulator again.\n 2. LaunchNode and StartNode likely should be reworked into CreateNode\n and StartNode.\n\nA future change will clean this up, but this is enough to be able to\nimplement cold cluster startup tests.\n\nChange-Id: I2ed34a30c8659e5023866aaa8f4ff19caafb53fd\nReviewed-on: https://review.monogon.dev/c/monogon/+/2942\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "e564f17cc268763402ccaed1d2416309568c06f9", "tree": "bc2a39f001bad14a9e6688d7e258ac1640200d83", "parents": [ "d5cabdeb41f24c70ca6977a6f8bfb798719d1df1" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 03 12:06:06 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 25 12:01:18 2024 +0000" }, "message": "m/t/launch/cluster: allow specifying InitialClusterConfiguration\n\nThis allows different tests to run clusters with different\nClusterConfigurations.\n\nChange-Id: I159ced96e95c6762c493c590e596c1a8dd94b35d\nReviewed-on: https://review.monogon.dev/c/monogon/+/2941\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a3cd52cd6c211c28dfe7a601c7f59a05bc058781", "tree": "94faa3ea035d1056fe560f05764291dec45932e7", "parents": [ "8732d437505cb1280004bcaa8a330aaf57ba402e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 18 23:21:16 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Apr 24 22:29:11 2024 +0000" }, "message": "treewide: documentation on exported values should start with their name\n\nChange-Id: I1bd89db3d9be101a682d8c18ebeb18f19fb189f4\nReviewed-on: https://review.monogon.dev/c/monogon/+/3029\nTested-by: Jenkins CI\nVouch-Run-CI: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b41b548058101e663a9591beaf2c491a44638d56", "tree": "4e977981d188d2e1d8cc37ba717c9a1787a04324", "parents": [ "513df18bf6ae7ad0cc17807674ee561c518d0654" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 18 23:24:01 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Apr 24 22:29:11 2024 +0000" }, "message": "treewide: remove duplicate imports\n\nChange-Id: I3708f9b6fb95d9463e3b9da12757a4b19416124f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3026\nVouch-Run-CI: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "73e9882a907654dbecfb55ea0f30030e0fedbb1e", "tree": "b69ef493fcdf76614ed82d64f1a9ec8c79bb0375", "parents": [ "07541ae311e9477cf1e5a20af82a81ee77840afe" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 18 23:13:49 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Apr 24 22:29:11 2024 +0000" }, "message": "treewide: cleanup error string formatting\n\nChange-Id: I9012ba58dded916984468219b214200144a439b9\nReviewed-on: https://review.monogon.dev/c/monogon/+/3023\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nVouch-Run-CI: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "af821c801fb70dc3d178dc3ca0c3d4538f9f29aa", "tree": "a5f527030125139c9b09be3c37ea2ee862320ce3", "parents": [ "d5f851bb477638436826adec756fe562db526865" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Apr 23 15:03:52 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Apr 24 13:15:14 2024 +0000" }, "message": "treewide: replace error assertions with errors.As\n\nChange-Id: I369cc1dd8f745203f6f24093049d60d971acdf11\nReviewed-on: https://review.monogon.dev/c/monogon/+/3038\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d5f851bb477638436826adec756fe562db526865", "tree": "d981b1c62d613b45fb55023da289098d7e377705", "parents": [ "69fec522d5db79d07bb1f227c2ab39c57fdf2831" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Apr 23 14:59:37 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Apr 24 13:15:14 2024 +0000" }, "message": "treewide: replace error comparisons and assertions with errors.Is\n\nChange-Id: Id2424eb155f2c6842c72c5fafd124d428ef901f2\nReviewed-on: https://review.monogon.dev/c/monogon/+/2994\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "6b20781437269c2d7a2497896bf396f9ecd3c184", "tree": "7cf726bde966a9e8945a82fc32619aa508708142", "parents": [ "690511d310507c9435916256869b7a0ead6fa8cf" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Apr 22 19:13:15 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Apr 23 19:37:31 2024 +0000" }, "message": "treewide: replace fmt.Errorf with fmt.Sprintf in panic calls\n\nSince we are inside a panic anyway, let\u0027s not use Errorf as we only need\na string.\n\nChange-Id: Id43e403124e0fa60e038397d3153f96181c916e2\nReviewed-on: https://review.monogon.dev/c/monogon/+/3034\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ee8c81bebb610af692db594dfbb848c506a5fd6a", "tree": "ced910e5099b8e465516639918e8e336cd27c826", "parents": [ "28296493299f49fe82c2fe4b085ad6cf72097daf" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 03 11:59:38 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 23 12:05:29 2024 +0000" }, "message": "m/t/launch/cluster: make LaunchNode non-blocking\n\nThis is an API change that will help down the line when implementing\nnode shutdowns/startups. It brings the \u0027done\u0027 channel as a LaunchNode\nargument, making the function call itself non-blocking.\n\nChange-Id: Ic536826be8a25b9af9376c771c35c8767641ec8c\nReviewed-on: https://review.monogon.dev/c/monogon/+/2940\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "e84726bf41988c062c86968fd17e1a90a53a9174", "tree": "aefd64754a2a02819bd3d0fd012129f635f15b53", "parents": [ "f779b8fbd5b9d7deb17bb8833ade823bd6ebc185" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 17 16:32:32 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 17 16:16:51 2024 +0000" }, "message": "m/test/launch/cluster: make runfile aware\n\nResolving paths from metropolis/... doesn\u0027t seem to work in some tests\n(noticed while reworking E2E test package layout, but I\u0027m not exactly\nsure why it\u0027s only surfacing then...).\n\nChange-Id: Idc30ba79b188f60f0502910ad065aefacdb2db83\nReviewed-on: https://review.monogon.dev/c/monogon/+/2992\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "538292d66196e8ba1a63454c4a9e2aa547684ef3", "tree": "d590a37f8d29c49e041411b07d83eec84c6931f5", "parents": [ "5ad3144690965827669ce29f71c534caae42b901" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 17 14:50:02 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 17 15:12:25 2024 +0000" }, "message": "metropolis: replace node pubkey with id in cluster directory\n\nThe pubkey in the cluster directory was never used in the first place,\nand its presence complicates things (exposes the notion of nodes having\na public key and potentially causes reliance on the public key in\nuntrusted scenarios, eg. when the cluster directory is persisted to\nuntrusted storage).\n\nLet\u0027s just replace that field with a string node ID instead, as that\u0027s\nalso immediately useful in future code (persisting host name mapping\nbetween reboots).\n\nChange-Id: I9b29ee36974ef6edce6076b5df1b8b330fef8bd8\nReviewed-on: https://review.monogon.dev/c/monogon/+/2981\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "88049727772bb3ad1f00307919da67c6d2743402", "tree": "13b0015edb805c3c39f7f77e0bead11436f68713", "parents": [ "2006753ea2e8f51cdfc51ad085663fdae4ff8782" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 11 23:09:23 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Apr 17 15:04:59 2024 +0000" }, "message": "treewide: fix t.Fatal calls in non-test goroutines\n\nFunctions that abruptly terminate a test, such as the\nFatal, Fatalf, FailNow, and Skip{,f,Now} methods of *testing.T,\nmust be called from the test goroutine itself, as they call\nruntime.Goexit internally to stop the calling goroutine, not the\ntest.\n\nChange-Id: I4926c802bfbb11aeec6e130b0f4fb2407879cbd4\nReviewed-on: https://review.monogon.dev/c/monogon/+/2972\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5e460a92353ec619f4f12fffbe3281d40c85cf61", "tree": "193a72608c05ad45f3a60a4ac84a8f5d731d7f73", "parents": [ "438ae2e52cb0aa8dea021419d921c687330e7d3b" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 11 01:33:09 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Apr 15 21:19:50 2024 +0000" }, "message": "treewide: remove unnecessary types and conversions\n\nChange-Id: Ifcaa9ceeec243b3646c9b6e0a6fad7ef2db8fd90\nReviewed-on: https://review.monogon.dev/c/monogon/+/2954\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a27272c3219b22cf8470c81eaf529234e744332c", "tree": "ad4039f178e4566c3d879eccb5a82082e5694749", "parents": [ "1a8062f7171aefab8bacb9a5a378db97dfea1c12" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 11 22:54:29 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Apr 15 19:08:20 2024 +0000" }, "message": "metropolis/test/ktest/init: remove redundant error check\n\nChange-Id: I0af54a6d947481e3513ac82ee5790e70a71ed4c0\nReviewed-on: https://review.monogon.dev/c/monogon/+/2971\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a7a82f32c7e0ab2765cda5f32f8d3bc6ff7a6fca", "tree": "6867ed20da73232d289d0e7b701361a877cd8532", "parents": [ "1ba1e1d299dd398db1c4434e0a0081edacfe3676" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 11 01:40:25 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Apr 15 19:08:20 2024 +0000" }, "message": "metropolis/test/launch/cluster: remove redundant logic\n\nChange-Id: I993ac428f29423da62469a2fcea6b8d1d0ea7b87\nReviewed-on: https://review.monogon.dev/c/monogon/+/2963\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "37cfcc109508d5370900228d5f20f2183ed2d65b", "tree": "8f6ed3609c784eab89d28b8e7b8e5b8ab83a1bda", "parents": [ "c16f0488f8466a3e0ea81fb12ae249fe46bba892" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 21 11:59:07 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 11 15:16:05 2024 +0000" }, "message": "m/test/e2e: Implement TestE2ECoreHA\n\nThis is a basic test which exercises a TPM-sealed three-node cluster by\nperforming a rolling restart of control plane nodes.\n\nChange-Id: Ic6f46192d8ccba1ef7a767988cf5a216beb5a4c6\nReviewed-on: https://review.monogon.dev/c/monogon/+/2884\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c16f0488f8466a3e0ea81fb12ae249fe46bba892", "tree": "123524a64bf0c1aadf29c8384127a6ea9ddc021c", "parents": [ "bc969572bb153f88ac164243b4ad82fda435b748" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 21 11:57:41 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 11 15:16:05 2024 +0000" }, "message": "m/test/util: implement MustTestEventual\n\nThis allows us to early abort tests in which some critical TestEventual\nblocks fail.\n\nChange-Id: I82d2dd692abdc04b33d30571ea5ff55dc52635c9\nReviewed-on: https://review.monogon.dev/c/monogon/+/2883\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bc969572bb153f88ac164243b4ad82fda435b748", "tree": "a9f50923fbb47025b2d5ebcdf0282464c2b220ad", "parents": [ "19b110bd2f003e9e56bc5b1ca908a342beac9828" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 21 11:56:13 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 11 15:16:05 2024 +0000" }, "message": "m/t/launch/cluster: use Health for node liveness in RebootNode\n\nDepending on just heartbeat timestamps is buggy. A node\u0027s Health is\ncalculated on demand, and the calculation is aware of expected heartbeat\nintervals configured within the cluster, let\u0027s use that, gated by an\nadditional condition to make sure that the last heartbeat has been\nissued after the check has started.\n\nChange-Id: Id5982182a43ae9371b7d25451fedf91df3329218\nReviewed-on: https://review.monogon.dev/c/monogon/+/2882\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3bdb5fcf023968526dfe7fadb89b0911bc6d7074", "tree": "37a8c1abdee1cf54b25ca0adf868ed879e4db7b3", "parents": [ "22a71c147af31d02a0db298e2ca8356078471b93" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Mar 14 18:47:35 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Apr 03 15:49:26 2024 +0000" }, "message": "metropolis/core/metrics: expose containerd metrics endpoint\n\nThis adds containerd as another metrics endpoint. It is only available\non nodes with the KubernetesWorker role.\n\nChange-Id: I5f6269165a81d9a4c4cff48d3ed6b6a55d7f4f46\nReviewed-on: https://review.monogon.dev/c/monogon/+/2861\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "276a746de8b2b551f7088e88c93da0e0b15c99d6", "tree": "de82f9b1f243151c7a7d8d52bb8136a1d07c4f3f", "parents": [ "87d9c59a3b3dbbd4264f9c8b224e58fc5ff18815" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 12 21:28:54 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 21 10:09:21 2024 +0000" }, "message": "m/test/e2e: test NodePort\n\nThis was originally written as a test for validating fixes for\nthe issue that NodePort was not working if any non-local pods were in\nthe NodePort service, even for externalTrafficPolicy: cluster services.\nAs it turns out CL:2795 fixed this, the changes in previous versions of\nthis CL broke it again. So now it just consists of the test itself,\nwhich passes.\n\nChange-Id: If4cf4ffc46a5456b4defa330776e043593e61b29\nReviewed-on: https://review.monogon.dev/c/monogon/+/1924\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "87d9c59a3b3dbbd4264f9c8b224e58fc5ff18815", "tree": "d927065d7f56bc46207a9df2c60c9c580757e5dd", "parents": [ "5d5d733b9fb3d9892b37840124d959fae07c98b9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 20 12:35:11 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 20 12:11:01 2024 +0000" }, "message": "m/test/launch/cluster: fix duplicate NodeIDs entries\n\nThis code loop looks for any NEW nodes and inserts them into\ncluster.{Nodes,NodeIDs}. The first structure is a lookup from NodeID to\nnode information, the latter is a list of NodeIDs used to look up\nnumeric node IDs (in order of startup/detection) to NodeIDs.\n\nThe loop in the code runs multiple times to catch any NEW nodes might\ntake a while to appear, and exits once the expected number of nodes have\nbeen detected.\n\nThe bug caused the code to repeatedly insert into Nodes[NodeID] (which\nis fine, but wasteful) and into NodeIDs. The latter resulted in a\nNodeIDs that contained duplicate entries.\n\nTo make sure we only handle each NEW node once, we skip nodes that have\nalready been seen.\n\nThis bug caused us to sometimes act on wrong nodes in E2E tests (any\ntime tests were looking up node number -\u003e node ID -\u003e Node via .NodeIDs\nand .Nodes, they had a chance of picking the wrong node ID / node for a\ngiven node number).\n\nChange-Id: Ie459c8277c0d03902ce23f3b20b0c4e367cc015b\nReviewed-on: https://review.monogon.dev/c/monogon/+/2881\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "87bbf7e4b41500316e93f98bee0564eb2cfb0366", "tree": "c0b34141f5ee75e73a6e490e40540928594453f6", "parents": [ "d6a88022d0c8ffdd2b938f161b8825148762b099" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 18 18:22:25 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 19 12:51:28 2024 +0000" }, "message": "m/test/l/cluster: use sparse-aware copy for images\n\nThis speeds up the image copy significantly as the file is less than 10%\nallocated. Especially for many concurrent runs this greatly reduces disk\nbottlenecking.\n\nThis has been tested by comparing the SHA256 hash of both the original\nand the copied image, which is still the same.\n\nChange-Id: I65f62537f048bc180cd732c53a03f980e016b723\nReviewed-on: https://review.monogon.dev/c/monogon/+/2874\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "68cf38a2ca4fdc370e78e9b8d23e55c0b9cc9c72", "tree": "c0aa9300bdb617fb577e3a0a6b2e802c0ddad15d", "parents": [ "240faa45248cb64227fa74ae57822af0340b884f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Mar 07 15:52:28 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Mar 11 16:34:34 2024 +0000" }, "message": "m/t/l/cluster: fix wrong metroctl path in launch-cluster wrapper\n\nChange-Id: I3dfd740fb45809bc81555d87083a0476600f60e1\nReviewed-on: https://review.monogon.dev/c/monogon/+/2836\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6a328e61aece941c0b91a97c8303c235ce80f596", "tree": "2a4fe2f61f6fa669de2b1df016e8c6df05a70c13", "parents": [ "9ce4071f43ce45198b702176a84342e9a8fc6e90" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 12 17:37:50 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 19 10:08:55 2024 +0000" }, "message": "root: move metropolis-specific tools to metropolis/, rename launch-multi2 to launch-cluster\n\nSince we now have more than one top-level project it makes sense to not\nhave metropolis aliases in the root.\n\nWe also drive-by rename launch-multi2 to launch-cluster and bump it up\nto three nodes.\n\nChange-Id: Ic99065465006e0dace05bcc1f2a702d430014b84\nReviewed-on: https://review.monogon.dev/c/monogon/+/2764\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "244b567d827331be5bcc147562dd00db1d2b6579", "tree": "8a0222cdfbe1fd2e10bc682ec1871ba263bbfae7", "parents": [ "b40b918b88971002fd82f4e172ee347b435e41f5" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 06 10:18:56 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 12 14:23:45 2024 +0000" }, "message": "treewide: remove direct access to external/\n\nThis prepares the repositoriy to be compatible with the flag\n--nolegacy_external_runfiles. This reduces runfiles \u0026 sandbox creation\n times.\n\nChange-Id: I06720be4a3c873d68d8278dcb24271ed874f7134\nReviewed-on: https://review.monogon.dev/c/monogon/+/2747\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b40b918b88971002fd82f4e172ee347b435e41f5", "tree": "e225e83ee1cc281b8ba8728efa0a4c1029559faf", "parents": [ "2a1d1b2e90a44e140dd95a492de0c857287e071f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 06 07:08:35 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 12 14:11:09 2024 +0000" }, "message": "treewide: replace deprecated qemu short-form option \u0027readonly\u0027\n\nChange-Id: Id9fb95ab8b975cdbe76fc711ab20c16e3a91592a\nReviewed-on: https://review.monogon.dev/c/monogon/+/2746\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "2a1d1b2e90a44e140dd95a492de0c857287e071f", "tree": "392015b9ffa5f6f38da494c0a2fc519f16883113", "parents": [ "5d556cae21803212ac72a3713ed449b412f777af" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 06 07:07:42 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 12 14:11:04 2024 +0000" }, "message": "treewide: replace datafile pkg with rules_go/runfiles pkg\n\nrules_go/runfiles provides the same functionality as our datafile\npackage. This change also contains some specifics for the now active\nbzlmod, which replaces all WORKSPACE related behaviour. As example the\nWORKSPACE name is now always set to _main.\n\n\nChange-Id: I1a69c72b479330a627b402135670f218c297906f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2745\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "568c38c74f95612fc3c236539b037ebe490302ee", "tree": "8380bdc8956c3843cce7fae9cf4c700576d22d87", "parents": [ "7eeef0f448a4ec1737e2e63961f24f51eec5deae" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 05 14:40:39 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Feb 08 11:10:07 2024 +0000" }, "message": "m/c/metroctl: use TOFU CA for Kubernetes with node pinning hack\n\nNow that we have a persisted CA certificate in metroctl, we can use it\nwhen generating a kubeconfig to verify the cluster.\n\nThere\u0027s a catch though: the presented node certificates do not have any\n\u0027global\u0027 name (just per-node names), and we can\u0027t easily tell Kubernetes\nto trust any name from a given CA. Thus, we introduce a hack to pin the\nname of the node we\u0027re connecting to within the generated kubeconfig.\n\nChange-Id: Iea6aa5c0012c793fcb42a94c3c9bf35ea5787ab1\nReviewed-on: https://review.monogon.dev/c/monogon/+/2744\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7eeef0f448a4ec1737e2e63961f24f51eec5deae", "tree": "690afce7d61fed7284991d3622d2b4b7f5948c14", "parents": [ "925ec3de7a8562ef478216c77dff68c8235aeabd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 05 14:40:15 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Feb 08 11:10:07 2024 +0000" }, "message": "m/c/metroctl: implement TOFU for CA certificates\n\nThis implements trust-on-first-use (TOFU) for connecting to a Metropolis\ncluster.\n\nIf no locally persisted CA is available, one will be retrieved from the\ncluster. If it is then accepted, it will be persisted for future use.\n\nTo retrieve the Cluster CA certificate we implement a new\nunauthenticated call in the CuratorLocal service. The alternative would\nbe to include the CA certificate in the served TLS chain, but that would\nlikely cause some backwards compatibility problems with existing client\nsoftware.\n\nFull TOFU (with an SSH style prompt) will be performed when the user\nfirst takes ownership of a cluster. Otherwise, user credentials\nincluding a certificate will be present, which allows the process to be\nsimplified by just retrieving a remote CA and checking it against the\nsignature of the credentials.\n\nChange-Id: I20002399935c2f13adc4526f5cceddad84b36a8f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2743\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0c2801516b5191472bd4bc1a07ab6f414a805b27", "tree": "ddcffa8351f934c0a7066a6341b8bc6888e90ab3", "parents": [ "ad86a55c9c507478e2c4989f50912d7869164066" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 05 14:33:19 2024 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Feb 08 11:10:07 2024 +0000" }, "message": "m/n/core/rpc: limit API footgun availability\n\nThis unifies the interface of the\nNew{Ephemeral,Authenticated}Credentials calls. They now use the same set\nof CredentialsOpt options which allows both calls to request a\nparticular verification of the remote side of the connection.\nNewEphemeralCredentials also now requires an explicit WantInsecure\noption which surfaces attempts to dial the cluster without CA/node\nverification.\n\nChange-Id: Ibb65cb0952f6ff2092a3f55fe1c5a31bd2b72b36\nReviewed-on: https://review.monogon.dev/c/monogon/+/2741\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0974b2275edc21ce3b76606ba7f8eed84e5cc9f0", "tree": "b9bd73528dc6823168273fb8eb58d02054e90047", "parents": [ "c834b7dd62f20188f3ffd7cbb092e2536403474b" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 16 14:04:15 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 23 15:52:54 2024 +0000" }, "message": "treewide: replace rules_docker with rules_oci\n\nrules_docker is not maintained anymore and recommends migration to\nrules_oci\n\nChange-Id: I089f3cf44888b3c3c0baa2c84a319b04b1a7dec4\nReviewed-on: https://review.monogon.dev/c/monogon/+/2712\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "62f1d3680947e1d78bacf2a7277fb4b2007ebacb", "tree": "38c2fe1d57b68788f79ae018075b246f228310cc", "parents": [ "60461b2b23eb57319525a3e00d7ae57e51598ebc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 14 16:18:24 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 14 16:44:03 2023 +0000" }, "message": "treewide: stop using LZ4 for initrd compression\n\nThere are two issues at play here: One is a bug in pierrec/lz4 when\nusing the legacy framing format [1]. This bit us when we hit a broken\nsize region with CL:2130, taking hours to debug.\n\nThe other is the fact that the Linux LZ4 frame format has significant\ndesign issues [2], especially with concatenanted initrds.\n\nThe first issue could be fixed by switching to a different LZ4\nimplementation (we do even have the reference impl in the monorepo) but\nthere is no API to generate the legacy frame format and things like [3],\na patch carried by Ubuntu to fix more edge cases just do not inspire\nconfidence in such a solution.\n\nThus, this CL switches over to using zstd for compressing initrds.\n\nZstd is slower than LZ4 for decompressing, but it still decompresses at\nmultiple GB/s per core while having a much better compression ratio.\nIt also doesn\u0027t have any Linux-specific bits and Linux uses the\nreference implementation for decoding, which should make it much more\nrobust. So overall I think this is a good tradeoff.\n\n[1] https://github.com/pierrec/lz4/issues/156\n[2] https://github.com/lz4/lz4/issues/956#issuecomment-736705712\n[3] https://launchpadlibrarian.net/507407918/0001-unlz4-Handle-0-size-chunks-discard-trailing-padding-.patch\n\nChange-Id: I69cf69f2f361de325f4b39f2d3644ee729643716\nReviewed-on: https://review.monogon.dev/c/monogon/+/2313\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1dc60af36a57d434689032234fdc9e9d00ed957e", "tree": "df6f6d4fef63fb3fa13b4f06b9a06e0339caaec2", "parents": [ "e0c0617e33e3b9c9a69b150189b1b13c010de9e0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 03 15:40:09 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Oct 05 13:46:24 2023 +0000" }, "message": "m/node: replace image genrule with proper rule\n\nThe genrule has issues with transitions so replace it with a proper\nrule.\n\nChange-Id: Ie5c38ae17da07a3694a6d0ea7a6580c588916175\nReviewed-on: https://review.monogon.dev/c/monogon/+/2205\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "be25a3b839debc10817670fac0c20660a87bea12", "tree": "df5c6ef648ad41fb5037a53976835709737454bd", "parents": [ "b551b65225b7398ed4eb8b3361f50c7998f56ce1" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 19 16:31:56 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:52:41 2023 +0000" }, "message": "metropolis/test/launch/cluster: expose metrics port\n\nChange-Id: I2ef17374db665c5491f9594de2ae4474be5163a4\nReviewed-on: https://review.monogon.dev/c/monogon/+/1948\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5d0906e1db869ddeac081567b469671a5ff25f7c", "tree": "c12afd970111219040b457fc739823513fcb2957", "parents": [ "ffbf393575c52f7444f66d4bef86ecd81e3fdb98" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 20 20:23:57 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:45:04 2023 +0000" }, "message": "metropolis/test/util: move TestCurator to utils package\n\nTo use it inside other tests this change moves the TestCurator\nto allow usage inside other tests\n\nChange-Id: I75be31f490eb84e5c9bc56b65317ea5483415dcf\nReviewed-on: https://review.monogon.dev/c/monogon/+/1954\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ffbf393575c52f7444f66d4bef86ecd81e3fdb98", "tree": "05d223a1d481de0e9725997174d45e5874fad785", "parents": [ "a004576acfd826bf8a2a3371a3fde787afb9629b" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 13:02:42 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 12:36:21 2023 +0000" }, "message": "metropolis/test/util: move in NewEphemeralClusterCredentials from rpc\n\nChange-Id: I41603b19a76ea91c2191b0118183957973fc9ccd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1960\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "150f24a5421dc1449d79a801524a7c98754f7bca", "tree": "c4f69b7e6260a241f3d946b36eda309e2539ccba", "parents": [ "901c7326fe067707812757e4e9409f756edf0e37" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 13 20:11:06 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 19 12:17:34 2023 +0000" }, "message": "metropolis/test: use localregistry\n\nThis removes everything but the preseed test image from the preseed\nimage pool, instead opting to serve all test image via localregistry.\n\nThe registry API is served from a dedicated IP inside the virtual\nnetwork and forwarded to an ephemeral listener on the host. The relevant\ninfrastructure is added to the launch package.\n\nAs it is required to add configuration to containerd for this registry\nanyways as it does not and should not have TLS we take that opportunity\nto give it a descriptive name (test.monogon.internal).\n\nVisibilities of images are also adjusted as they are now referenced much\ncloser to their point of use.\n\nAgainst main this saves 51MiB in bundle size (289MiB -\u003e 238MiB).\n\nChange-Id: I31f732eb8c4ccec486204f35e3635b588fd9c85b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1927\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" } ], "next": "a0bc6d3f0ce4f3a73eb0019e4f18f508ee36ce21" }