)]}' { "log": [ { "commit": "a4b88849c4691a1674d4427ee73a79ae8ea76460", "tree": "c7e187fc439da01546cf701d5501dab799a91ee9", "parents": [ "d14be0eb8bcffb6ba597f26e3ad57b311ca376fc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 03 17:34:56 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 11:37:10 2023 +0000" }, "message": "m/n/c/localstorage: fix logic error determining ESP\n\nThe OS integration of the A/B update engine has a logic error which\ncaused it to provide all partitions as ESP, of which the last one\n(the data partition) stuck.\n\nChange-Id: Ia721f9f515ca65f710f07ba25b3be68544158a7c\nReviewed-on: https://review.monogon.dev/c/monogon/+/2030\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d14be0eb8bcffb6ba597f26e3ad57b311ca376fc", "tree": "3a1286f0eb3623db53c4cb2c880eb5a1059ae1f0", "parents": [ "c07d74efd282261c68d33d745d52a6703448c8fd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 31 16:46:14 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 11:37:10 2023 +0000" }, "message": "m/n/c/update: implement kexec-based activation\n\nAs we\u0027ve had some issues with EFI-based slot activation and enterprise\nserver firmware is extremely slow, this implements kexec-based\nactivation. This just kexecs into the freshly-installed slot instead of\nrebooting. It still updates the BootOrder on successful boot to allow\ncold-boots if the server crashes or loses power, but no longer uses the\nNextBoot mechanism to boot into the new slot once (this is taken care of\nby kexec).\n\nChange-Id: I6092c47d988634ba39fb6bdd7fd7ccd41ceb02ef\nReviewed-on: https://review.monogon.dev/c/monogon/+/2021\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8e87a062badeb7f6b93c6486925aa99c616cd8a6", "tree": "73226d80fb80580c02c092d41aac59da1d94d1f9", "parents": [ "3961acd37445d5139040b910e093e759828552ad" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 31 01:33:10 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:33:25 2023 +0000" }, "message": "metropolis/node/core/update: set partition start and size in efi\n\nChange-Id: I1dc6b6738a375c6fc581d51494d13fbeda7b724d\nReviewed-on: https://review.monogon.dev/c/monogon/+/2026\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a622379880cd043e0a12ab25129801e2c63d82bb", "tree": "2b624fc68521ec72a3d018b2b71cfe755939795a", "parents": [ "0b84a9f5e2caef3f66e4d912b6ac18429dff2c2d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 31 17:13:11 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 02 10:12:22 2023 +0000" }, "message": "m/n/c/consensus: fix format directive error\n\nThat %w points to err which is not actually populated in this code path.\n\nChange-Id: I025eafbd4733cb584c67af2479992c9368d414e9\nReviewed-on: https://review.monogon.dev/c/monogon/+/2022\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "0b84a9f5e2caef3f66e4d912b6ac18429dff2c2d", "tree": "e44c00c20213a01877783405929f27edc3357d79", "parents": [ "35fcf0397be02883ace364e650b3e8d9a2281e24" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 27 14:20:31 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 01 13:30:41 2023 +0000" }, "message": "metropolis/node: show build commit on startup\n\nPreviously it was not possible to identify the running version,\nwith this change the build commit and tree state gets stamped into the binary\nand printed on boot.\n\nChange-Id: I3916e3d40dc87f28a58eb74c6450218550fb3214\nReviewed-on: https://review.monogon.dev/c/monogon/+/1978\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "35fcf0397be02883ace364e650b3e8d9a2281e24", "tree": "cb1297a2e4a34eeebb9faf09b44c3b95cf603f7f", "parents": [ "ad131883747f73e51526dd6f163df23b913f69ed" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 29 04:15:58 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "metropolis: implement A/B updates\n\nThis implements an A/B update mechanism using two slots, A and B.\nThis is realized with two system partitions as well as two EFI\nloaders/kernels.\n\nThe A/B system relies on two EFI loader entries. This has the advantage\nthat there is no preloader required, which makes the system more\nreliable as well as avoiding the complexity of having an un-updatable\npreloader (CoreOS has this issue where their GRUB2 crashed booting newer\nkernels, sadly the issue seems lost with the migration to Fedora\nCoreOS). It also means that the operator can easily override the slot\nbeing booted via the boot loader entries. Primary disadvantage is that\nit relies on EFI working somewhat to spec.\n\nNew versions are booted into only once by setting NextBoot, if the\nbootup doesn\u0027t succeed, i.e. if the boot doesn\u0027t get to a cluster rejoin\nthe next boot will be the old slot. Once it gets to this stage the\npermanent BootOrder is changed.\n\nThe EFI loaders don\u0027t know if they are slot A or B because they are\nidentical and relying on OptionalData in the boot entry to indicate the\nslot means that if the EFI boot entries go away, recovering is very hard.\nThus the loaders look at their own file name to determine what slot they\nare in. If no slot could be determined, they default to booting slot A.\nIt is planned to eventually use Authenticode Stamping (passing data in\nfake certificates) to stamp the slot into the loader without affecting\nthe TPM hash logged.\n\nChange-Id: I40de2df8ff7ff660c17d2c97f3d9eb1bd4ddf5bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/1874\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "ad131883747f73e51526dd6f163df23b913f69ed", "tree": "e5dee1d605cf4df4c507529185a82b49dbb841b3", "parents": [ "cb9f3d3d495b12e26772271e368340a38244d586" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 28 16:42:20 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "treewide: port everything to blockdev\n\nThis gets rid of most ad-hoc block device code, using blockdev for\neverything. It also gets rid of diskfs for everything but tests. This\nenables Metropolis to be installed on non-512-byte block sizes.\n\nChange-Id: I644b5b68bb7bed8106585df3179674789031687a\nReviewed-on: https://review.monogon.dev/c/monogon/+/1873\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "fd49f22e3a98d42ffe4d508a1e49ef2549fa8ecf", "tree": "cbca6bd43f671088aaac950a996055d1a3536b09", "parents": [ "4c6720da59d460d74487fb9bf42f42334cf191d3" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 20 14:27:50 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 26 16:49:54 2023 +0000" }, "message": "metropolis/node/core/metrics: export (controller-manager|scheduler) metrics\n\nChange-Id: Ie61551655cbf1130bb5f5beb2923dac1aa52f868\nReviewed-on: https://review.monogon.dev/c/monogon/+/1952\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "4c6720da59d460d74487fb9bf42f42334cf191d3", "tree": "b10de2997c7c711bc579e7cb38c04ffa5d86cd0d", "parents": [ "c37a886044f368ef7b0de61fc77daae8c52e74e8" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 25 14:44:19 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 26 16:41:04 2023 +0000" }, "message": "metropolis/node/core/metrics: migrate labels to sd-meta naming scheme\n\nChange-Id: Ie5ad32d5383abbe13ff9c347d47ecc10f090bccb\nReviewed-on: https://review.monogon.dev/c/monogon/+/1971\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c37a886044f368ef7b0de61fc77daae8c52e74e8", "tree": "5ed030955e1f57d7fb5df9fa49597e62a808e071", "parents": [ "78a538df4c1112bad6bee08509385af8d0ecc77a" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 19 16:33:21 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 26 16:39:41 2023 +0000" }, "message": "metropolis/node/core/metrics: expose etcd metrics\n\nChange-Id: Ie916d497b44c05ab51b13d0bb14f4e850291a77e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1950\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "4ac7112b135518b610a84a3a6db535dbb41f1fcf", "tree": "19bcc8dd598928d6413d6721ef52ee211406a8d9", "parents": [ "e5abee60401840f9af83d9181f9ce36f886b10ce" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 13:08:34 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 26 10:47:46 2023 +0000" }, "message": "metropolis/node/core/rpc: decouple from pki\n\nChange-Id: I15d3e7d1142f0f95081e73c985d96f8d103df55e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1961\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e5abee60401840f9af83d9181f9ce36f886b10ce", "tree": "9887e5c3f28cd295ec19f35a01469286530fe8b3", "parents": [ "be25a3b839debc10817670fac0c20660a87bea12" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 19 16:33:36 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:52:41 2023 +0000" }, "message": "metropolis/node/core/metrics: allow exporters without executables\n\nChange-Id: I8f05c5a2a59018e8979c48a0253f2c068a71e5cd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1949\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b551b65225b7398ed4eb8b3361f50c7998f56ce1", "tree": "3ae89cf74847693ae13f2c18063a48d4fb8563ba", "parents": [ "5d0906e1db869ddeac081567b469671a5ff25f7c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 16:01:42 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:45:04 2023 +0000" }, "message": "metropolis/node/core/metrics: implement http_sd discovery endpoint\n\nWe provide prometheus metrics but dont have a way to discover all nodes,\nthis change implements a new http endpoint: /discovery. It implements the\nhttp_sd api and returns all current cluster nodes including their roles as\nlabel.\n\nChange-Id: I931a88e2afb285482d122dd059c96f9ebfab4052\nReviewed-on: https://review.monogon.dev/c/monogon/+/1934\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5d0906e1db869ddeac081567b469671a5ff25f7c", "tree": "c12afd970111219040b457fc739823513fcb2957", "parents": [ "ffbf393575c52f7444f66d4bef86ecd81e3fdb98" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 20 20:23:57 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:45:04 2023 +0000" }, "message": "metropolis/test/util: move TestCurator to utils package\n\nTo use it inside other tests this change moves the TestCurator\nto allow usage inside other tests\n\nChange-Id: I75be31f490eb84e5c9bc56b65317ea5483415dcf\nReviewed-on: https://review.monogon.dev/c/monogon/+/1954\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ffbf393575c52f7444f66d4bef86ecd81e3fdb98", "tree": "05d223a1d481de0e9725997174d45e5874fad785", "parents": [ "a004576acfd826bf8a2a3371a3fde787afb9629b" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 13:02:42 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 12:36:21 2023 +0000" }, "message": "metropolis/test/util: move in NewEphemeralClusterCredentials from rpc\n\nChange-Id: I41603b19a76ea91c2191b0118183957973fc9ccd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1960\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a004576acfd826bf8a2a3371a3fde787afb9629b", "tree": "09a029faa89414ea4e7ceaaaa4a424e2ea20f3ae", "parents": [ "9933ef0d18cf42a604fc7ed25cec3e05f8ab6368" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jul 20 19:27:41 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Fri Jul 21 12:04:38 2023 +0000" }, "message": "Set flaky\u003dTrue on roleserve_test and memory_test\n\nThese are frequent CI failures.\n\nChange-Id: Ic45f4dcd22bb608bc96da84c9de74faae1f8daab\nReviewed-on: https://review.monogon.dev/c/monogon/+/1953\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "4f28b9ed6387dc22225f5e60a78f91ab8e3d65bd", "tree": "6b0e7b9014a99a92e23e0a5d2d7c25a8a4e566ba", "parents": [ "46a45f941632de6ef0085eee373a6c3dad5e9f53" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 19 17:11:05 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 20 10:54:36 2023 +0000" }, "message": "m/n/core/identity: decouple from localstorage\n\nChange-Id: I825bc7d71f9866b0052e550f0d113bd8bc726fdc\nReviewed-on: https://review.monogon.dev/c/monogon/+/1946\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3df66ebf2ae75de9e62302332412655e8fb45d04", "tree": "afe917d9fa6eba01dbc9aac0b59a7a189c3c64ce", "parents": [ "f0ec0f670512f82b8e1428acd577ffe1693d1f8f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 15:58:07 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 18 14:52:36 2023 +0000" }, "message": "metropolis/node/core/metrics: configure node-exporter collectors\n\nTo have a better overview over the nodes we enable additional collectors\nand tell the filesystem collector to not report high cardinality mountpoints.\n\nChange-Id: I267c7c82d671f03c037aabcb067a06fdf29aef65\nReviewed-on: https://review.monogon.dev/c/monogon/+/1933\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "93910e666218954def8e1e3b304909f7dbb7a1b5", "tree": "bc584ab34d4c5e0caa094d94bcee99ccf01f50a7", "parents": [ "7d1a0dee36f43f232481eb7ca4ec5d520a526907" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 06 16:15:06 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 06 23:09:14 2023 +0000" }, "message": "m/n/core/curator: fix clusternet sync issues\n\nClusternet sync was broken whenever a node just started a curator\nwatcher, as the curator\u0027s codepath to serve the backlog wasn\u0027t copying\nover clusternet data.\n\nThis shouldn\u0027t have happened, especially as we implemented a unified\nfunction to convert node data into node update data, we just forgot to\nuse it during the initial backlog generation code on the curator.\n\nI\u0027ve spent some time trying to come up with a testcase that would\nautomatically catch any further bug of this type, but that\u0027s not really\ndoable without having more formalized type casts between all the\ndifferent types a node can be encoded in (curator in-memory, curator\nproto state, api node object). But we do still update one of the curator\ntests to catch this particular regression.\n\nChange-Id: I203d9a41b735db63d076c7e68a9fc6fe2f795ab4\nReviewed-on: https://review.monogon.dev/c/monogon/+/1912\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "521a83591361c7c0353944a1e742eb70e013cf9b", "tree": "63f4d9499151fb7416318f0f2bdc12f3c1f37523", "parents": [ "a0bc6d3f0ce4f3a73eb0019e4f18f508ee36ce21" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 29 12:38:17 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 03 13:40:32 2023 +0000" }, "message": "m/n/core/clusternet: avoid spurious updates, log more\n\nThis should make debugging\nhttps://github.com/monogon-dev/monogon/issues/235 easier, as I haven\u0027t\nbeen able to replicate it locally.\n\nChange-Id: I23f1a1d3d22841558e0db3e32b76b8bb8319fd3d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1876\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3722025f8ed0b46eb7f48c7c0fbfc53de9e84340", "tree": "34c8a1fbe2a6996ace1fe1b9e893b550bffd9ba3", "parents": [ "ca1cff0f214a1ed5ee967d421f5fe1fd5afa756d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 29 12:39:08 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 29 10:46:39 2023 +0000" }, "message": "m/n/core/devmgr: load modules in separate goroutines\n\nIf we spend too much time processing kobject uevents, we get an ENOBUFS\nerror:\n\n root.devmgr: error receiving kobject uevent: no buffer space available\n\nThis is a hot-fix for this issue. A better solution would be to have a\nsingle goroutine that handles all loading in order to avoid goroutine\nleaks. But this will do for now.\n\nChange-Id: Id085e1e489760c33b1f278dd7c17bf58c01bdad8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1877\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8481f7506b4c67de54fa96b5510007dc2c66a348", "tree": "591d0e285c1d36aeb813b75c0f8d76e62b688a2d", "parents": [ "a380d67c4f648aaf576adba0ea22d40d3782bf44" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 27 00:51:28 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 27 10:07:32 2023 +0000" }, "message": "m/n/c/network: fix SNAT\n\nThe previous change to this broke clusternet as it tried to masquerade\ntraffic destined to that interface, but that is an unnumbered interface,\ncausing the masquerade to fail and all inter-node traffic to be\nrejected. Fix this by including the clusternet interface in the list of\ninterfaces not to NAT for.\n\nChange-Id: I4a79a1978b1aa449fca1dd2d0a2b0a5decc63ea8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1857\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a380d67c4f648aaf576adba0ea22d40d3782bf44", "tree": "eead98807b56e6ab66eca83102119c5a5477209c", "parents": [ "7053598586ab00378938c245b7ad748f671a991d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jun 26 13:17:42 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jun 26 13:48:52 2023 +0000" }, "message": "m/n/core/rpc/resolver: log current processor state on watcher error\n\nWe seem to be having some resolvers getting stuck in production like so:\n\nI0626 09:52:39.708844 resolver.go:275] CURUPDATE: error in loop: when receiving node: rpc error: code \u003d Unimplemented desc \u003d unknown service metropolis.node.core.curator.proto.api.Curator\nI0626 09:52:39.708850 resolver.go:276] CURUPDATE: retrying in 10.040771699s...\n\nThis introduces extra logging that should help us figure out what\nexactly broke, or at least bring us a bit closer to figuring it out.\n\nChange-Id: I658cff6ae86e9124141b5d2c36dceafa377842e9\nReviewed-on: https://review.monogon.dev/c/monogon/+/1852\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7053598586ab00378938c245b7ad748f671a991d", "tree": "fd52caf5360282ca315e98e407a4d42f906a2800", "parents": [ "60d6b902d66a4c5c0a2a926c85936935106b9180" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 22 19:37:38 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jun 26 11:44:11 2023 +0000" }, "message": "m/n/c/rpc/resolver: dampen curator updates\n\nThis makes the resolver only process node updates if some curator data\nwas actually changed.\n\nFixes https://github.com/monogon-dev/monogon/issues/233\n\nChange-Id: I790adfc4aa3562864faf807d32ac00d9e3bd0bea\nReviewed-on: https://review.monogon.dev/c/monogon/+/1851\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "b390d715897e29064102257f4837959e694f9bf9", "tree": "4d705eb9b84b87f3be6c3da31d24bf959da1f768", "parents": [ "3546615448c39dff683bb1723344ed283b279d46" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 21:47:59 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jun 26 09:32:41 2023 +0000" }, "message": "m/n/c/curator: clean up stale leader election after reboot\n\nThis is useful if we reboot a leader and it comes back while its\u0027 old\nstale leader election key/value is present.\n\nWithout this, other nodes would continue to connect to the newly\nrebooted leader even though it is not a leader anymore, confusing\nthemselves and cluster operators in the process.\n\nChange-Id: I306e7040550084ef39ab20c3c289a3137145a2d9\nReviewed-on: https://review.monogon.dev/c/monogon/+/1845\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3546615448c39dff683bb1723344ed283b279d46", "tree": "ed3285dfa7a0adcc76f64766707a28e24d0373e4", "parents": [ "2f7e0a281e72ae45fff6c4d79934442367475b81" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 20:01:11 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jun 22 17:12:03 2023 +0000" }, "message": "m/n/core/localstorage/crypt: read partition data from uevent\n\nPreviously we only checked the blockdevices itself,\nbut in the real-world the minor-id is not always the partition offset.\nThis scans all blockdevs that are partitions and creates them correctly\n\nChange-Id: I8f3d99761e9e883783b398496ec8b35f28f3557d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1813\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "2f7e0a281e72ae45fff6c4d79934442367475b81", "tree": "4dcd2233a274bef4645c4bfbbbd62f072d11481a", "parents": [ "c49b207a66a994ccda382d685022d08cbd9ee582" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 22 16:56:13 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 22 16:36:33 2023 +0000" }, "message": "m/node: enlarge K8s networks\n\nFor bigger clusters, the current 10.0.0.0/16 subnet is far too small.\nSwitch to 10.192.0.0/11 which should be out of the way of most of our\ntest infra and is large enough for 8192 nodes with 253 pods which is\nbig enough for the time being. Also migrate the service network\nto 10.224.0.0/16 and make it much bigger. It does not need to be in the\npod CIDR, so move it out of there.\nBut for large clusters this will continue to be a problem until we have\na better allocation algorithm or switch to IPv6 with 464xlat (which\nis not supported on Linux currently however).\n\nChange-Id: Ib3a019fffacec2172721f04c01133b44bffba73b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1848\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c49b207a66a994ccda382d685022d08cbd9ee582", "tree": "b0eed5a22bdb110ea4c115a2bea403e1e00e5dc2", "parents": [ "51a3ed59a1408fe5d8103dca5b6a04dbaa4e5b6a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 23:12:01 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 22 12:38:25 2023 +0000" }, "message": "m/n/core/net/hostsfile: do not stomp over cluster directory\n\nIf we join a cluster after reboot, we already have a cluster directory\non the ESP. We should not write over it with an empty one, but instead\nwait until we\u0027ve received a recent copy of it from the cluster.\n\nFixes https://github.com/monogon-dev/monogon/issues/228\n\nChange-Id: Ibbfa23009eaa9feb99a332ac0c5e17dd89aea7bf\nReviewed-on: https://review.monogon.dev/c/monogon/+/1846\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "186109c55db3121749311fc2e954be0eaccdf249", "tree": "d65cd1416c480bf517bede017f5688ad4352e0ab", "parents": [ "d2fc01fb49e7f1decb534a9ae8da7ba8814406d9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 16:57:36 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 21:52:37 2023 +0000" }, "message": "m/n/core/roleserve: persist node roles across reboots\n\nThis allows us nodes to attempt to bring up some services before they\nget fully connectivity to the cluster.\n\nThis is especially useful if a node cannot establish connectivity to the\ncluster, eg. because it\u0027s the only control plane node that just started\nup.\n\nFixes https://github.com/monogon-dev/monogon/issues/226\n\nChange-Id: I030ccc02851e74ceb8dc043203083aa5b6854b55\nReviewed-on: https://review.monogon.dev/c/monogon/+/1842\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d2fc01fb49e7f1decb534a9ae8da7ba8814406d9", "tree": "3b4991d6c8cd45e40066dbc1ebe9c66b508d10ce", "parents": [ "6a09bd5dbf49c438dc9c5743c8724ddc6efbe505" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 16:49:23 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 21:52:37 2023 +0000" }, "message": "m/n/core/n/hostsfile: only persist control plane nodes in ClusterDirectory\n\nThis fixes some ugly startup issues where a node attempts to communicate\nvia control plane protocols to nodes that have no chance of running the\ncontrol plane.\n\nIn general, the Cluster Directory predates the split between control\nplane and worker nodes, and its definition should likely be formally\nupdated to only contain control plane nodes.\n\nChange-Id: Ie290829a010aef0c3a587326e864fe93bf991220\nReviewed-on: https://review.monogon.dev/c/monogon/+/1840\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "6a09bd5dbf49c438dc9c5743c8724ddc6efbe505", "tree": "d4829766a1844f761187c70a44b5101363d8637c", "parents": [ "eca5af965b6d95d953066a298ee896791ee00796" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 21 17:40:32 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 21 16:04:12 2023 +0000" }, "message": "m/n/c/network: make SNAT generic\n\nThis changes the SNAT/Masquerade rule from being a thing set up per\ninterface which was only implemented by the dynamic network runnable to\na generic rule set up by the general network service part shared between\nthe static and dynamic implementations. It also tries to avoid NATing\nhost-originated traffic. Matching on interface names is argubly ugly but\nthe alternative is patching CNI plugins, which is also ugly.\n\nChange-Id: I7ec40fc244ae4689b6f96ab87dbebe9a6c43dd70\nReviewed-on: https://review.monogon.dev/c/monogon/+/1844\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "83b2a3612d375d60f97500352c1f8a2197c99645", "tree": "aba96d8a6503d92983f365dd27fa7e81f511c53c", "parents": [ "9fd3c3de3d48f328c5771f3659235774aa7df984" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 22:15:25 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 20 16:36:17 2023 +0000" }, "message": "m/n/core/cluster: dont print cluster directory\n\nIf a cluster has hundreds of nodes, the bootup will print all of them.\nWhen you have a particularly slow serial connection,\nit can hide crash reports and other more important messages.\n\nChange-Id: I50b75795ec3ebadefe364bf94c3b907c257ffa71\nReviewed-on: https://review.monogon.dev/c/monogon/+/1821\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ea6353fd49b3978cfef7f99ada99a99f8bc10715", "tree": "b854dec6f99a7555abc32b1ca27b74b2af815294", "parents": [ "98a6cccb052c5d17f4f2429edf41d57bd74b7ffd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:08:55 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:18:34 2023 +0000" }, "message": "metropolis/clusternet: fix race condition\n\nThis gives the wireguard backend a copy of the peer data instead of a\npointer into mutable memory.\n\nChange-Id: I47ee83f3d484cc809c35d2e1779b519ec60c7c78\nReviewed-on: https://review.monogon.dev/c/monogon/+/1825\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "98a6cccb052c5d17f4f2429edf41d57bd74b7ffd", "tree": "da656463788abd785a884743e5c5f75e0da7f7c7", "parents": [ "c1ce95f7e86c74a76ae2b29986905cb34cb19e56" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:09:12 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:18:27 2023 +0000" }, "message": "metropolis/consensus: fix race condition\n\nThis returns a copy of each status, instead of the same status, possibly\nmutated.\n\nChange-Id: Ic4ed425a38b001b0139a81c46c61af551b966166\nReviewed-on: https://review.monogon.dev/c/monogon/+/1826\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "c1ce95f7e86c74a76ae2b29986905cb34cb19e56", "tree": "aef29ffa1227fe5e8e07b610838489290be2c7a5", "parents": [ "2e9898d28213ec4e3fc48d962c2e2afbc0c6595c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:09:25 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:18:21 2023 +0000" }, "message": "metropolis/rpc: fix race condition\n\nThis hands off a copy of the curator map across a channel instead of the\nmutable map itself.\n\nChange-Id: Ib7f4ed795648517ae19938c52a6cb193f293ac8b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1827\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2e9898d28213ec4e3fc48d962c2e2afbc0c6595c", "tree": "e0c778089bb8a3c67d24dd2db3cbbd302ce823b6", "parents": [ "5b13d8112a63282d12690ce05dbfa245f910d5a9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:09:41 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:18:11 2023 +0000" }, "message": "metropolis/curator: fix race condition in tests\n\ngrpclog cannot be accessed concurrently with gRPC requests possibly\nalready running. Let\u0027s just remove this integration in tests.\n\nChange-Id: I074c583baf3a7f87e76e7dde6080e3efdb19d5c8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1828\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "54e212a9914ad8003fc4e353f96651340d287c2d", "tree": "df3b1624d9679e30aefac9b98b2f9b91523eca0b", "parents": [ "d34299ebe13211802739d698e526be78161eac6f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 14 13:45:11 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 11:37:55 2023 +0000" }, "message": "metropolis: implement Metrics Service\n\nThis is the first pass at a Metrics Service. It currently consists of an\nHTTP reverse proxy which authenticates incoming connections using the\nCluster CA and certificates, and passes these connections over to a\nlocally running node_exporter.\n\nIn the future more exporters will be added, and we will likely also run\nour own exporter for Metropolis-specific metrics.\n\nChange-Id: Ibab52aa303965dd7d975f5035f411d1c56ad73e6\nReviewed-on: https://review.monogon.dev/c/monogon/+/1816\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "d34299ebe13211802739d698e526be78161eac6f", "tree": "2016915e8cb17311904638c13f934b2150b25aa4", "parents": [ "89974c6f9e4f81d6d819d041a7f5286772df7124" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 15 11:07:47 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jun 15 11:47:12 2023 +0000" }, "message": "m/n/core/network/hostsfile: fix nodeMap data race\n\nChange-Id: I7c052691712ebd39e2a23a9497d4d6d0c0ab1e0c\nReviewed-on: https://review.monogon.dev/c/monogon/+/1817\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "89974c6f9e4f81d6d819d041a7f5286772df7124", "tree": "db0e768e42262a04ddb11fa3c1a85420e54b4796", "parents": [ "6d563cac226b327d41d95bf0219b3ff972ab6952" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 14 22:15:10 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 15 10:02:31 2023 +0000" }, "message": "m/n/c/cluster: set StorageSecurity in bootstrap path\n\nCurrently this is only set properly in the register path, causing the\nconfiguration of the bootstrap node to be inconsistent. This causes\nbootup to fail with `Node startup failed: sealed configuration has\ninvalid node unlock key (wanted 32 bytes, got 0)`.\nFix this by also persisting the chosen storage security option in the\nnode configuration when bootstrapping.\n\nChange-Id: I93bf75d412c9aa7c09b5a739ce65b6873d947fd5\nReviewed-on: https://review.monogon.dev/c/monogon/+/1815\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "98054a1ddb45d9e0246a0f7f7b93f9e90619a544", "tree": "52ce0573faf5cddbb60c7ed99463837ba14426c8", "parents": [ "0c2f9ded884f7f54d74a8c251c51231841f71728" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 14 18:16:21 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 17:07:27 2023 +0000" }, "message": "metropolis/node: fix non-secure TPM/storage policy codepaths\n\nThis fixes enoug things to pass manually ran E2E tests with the initial\ncluster confiugration changed to a number of possible combinations\n(with/without TPM, with authenticated/encrypted/insecure storage).\n\nThese should, of course, be automatically tested. However, that is\npending on the extension of E2E test system that will let it run\nlong-term tests against real clusters. Otherwise we\u0027d just waste tons of\ntime running the entire matrix of possible combinations on every CR.\n\nChange-Id: I71a56f9a31c738ee2b2d4dfa10d2a58fd5cb0554\nReviewed-on: https://review.monogon.dev/c/monogon/+/1810\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "0c2f9ded884f7f54d74a8c251c51231841f71728", "tree": "9a084723cea0b9cc183b694386aa0e322b5d465f", "parents": [ "b7ff592e4f08022df5d980a03a396f4ff5330b29" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 14 15:19:27 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 14 15:41:41 2023 +0000" }, "message": "m/n/c/network: improve restartability\n\nDeletes all newly-added interfaces as well as sets all reconfigured\ninterfaces to down if an error occurs in an effort to improve\nrestartability.\n\nChange-Id: I715514c7f6b7a6f45a1c66333fd540556be2b29b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1808\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "6c45434189e387b234109b68b1ed5a8f2cd5b439", "tree": "4cff8bb2fac00df28699559256ce7649b38877e1", "parents": [ "46bf7d6c6437dfbf9dcc1e1d7d80fcc1c601f9b5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 01 12:23:38 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 13 13:44:46 2023 +0000" }, "message": "m/node: build Linux with modules\n\nThis introduces modules into our Linux build. I originally didn\u0027t want\nto do this, this is why this wasn\u0027t done until now. But various things\nin the kernel weren\u0027t set up for this, for example the AMD and Intel KVM\nmodules cannot both be loaded, only the first one loaded works. Also,\nthe Linux kernel cannot load firmware for built-in modules reliably as\nthe filesystem it tries to load it from is not always mounted first,\neven if the kernel itself mounts it.\n\nThe firmware issue was brought up multiple times on LKML, but Linus is\nof the opinion that the firmware should be next to the kernel module,\nthus either built-in (not viable for licensing and size reasons) or the\nmodules need to be loadable and on the same filesystem as the firmware.\n\nThus unless we want to carry signifcant patches against the Kernel in a\ndeadlock-prone area, we are forced to adopt a design with loadable\nmodules (or ship everything twice in an initramfs which is also not\ndesirable).\n\nThe kernel config currently only has the modules as non-builtin which\nrequire firmware, everything else has been left as-is. For boot-time\nperformance it would eventually be a good idea to move to a setup with\nmore modules once we\u0027re confident in the implementation and everything\ncan deal with late-loaded modules/devices.\n\nAs a drive-by fix this also moves the kernel builds to out-of-tree so\nthat we no longer pollute the source folder. Bazel protected us from\nserious issues due to this, but it\u0027s still bad practice.\n\nChange-Id: Iced8e12234565e5b7447e732716651e05e67d55b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1791\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "46bf7d6c6437dfbf9dcc1e1d7d80fcc1c601f9b5", "tree": "19b26feaf61870790ce3b27dac3623cba40e6119", "parents": [ "c7b036bca213962a7e60f3edb47624606799d074" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 01 12:24:19 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 13 13:44:46 2023 +0000" }, "message": "m/n/c/devmgr: init\n\nAdd a minimal device manager based on kobject/uevents. Currently this\nonly loads kernel modules. Further functionality will be added in\nsubsequent CLs.\n\nChange-Id: I444ecdaff3f8ddb9ec169b094ba03e169dd70c4e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1790\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0e291a193cbfd0b169e749e7f28adc954a58f560", "tree": "01b7ad51279b9060c3c967a0061826d37dbfaf01", "parents": [ "4264b8c641109c05c4828b40cd2e01e686890903" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 01 12:22:45 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 13 13:03:53 2023 +0000" }, "message": "m/node: clean up DNS service\n\nThe primary change in here is that CoreDNS now only listens on the\nloopback interface by default.\nThis fixes #217 as it cannot be accessed from the outside anymore.\nSince the containers do not share the host network namespace, they can\nnow no longer access the DNS service. This is solved by introducing a\nnew Network Service API to add listener IPs and using a link-local IP,\n169.254.77.53 for the container DNS.\nWhile at it, I cleaned up various parts of the DNS code.\n\nChange-Id: Id7b618f62690032db335e8478b9de84410c210a1\nReviewed-on: https://review.monogon.dev/c/monogon/+/1759\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "fe3d8fd61a81c09a1544d8cf1e13326c179c5972", "tree": "d1803d9e307e5aea697c02fcb17e82e2c4fb605d", "parents": [ "90a70a0e1cab83ba1601d355d07f285dff0d4d55" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue May 30 20:50:09 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 06 12:11:51 2023 +0000" }, "message": "m/n/core/roleserve: rework cluster membership, reuse control plane connections\n\nThis changes up roleserver internals to simplify the handling of cluster\nmembership state. The end goal is to allow reusing control plane gRPC\nconnections across different components in a node, but the refactor goes\na bit beyond that.\n\nEver since the introduction of the rpc resolver, we have effectively\nsimplifies the control plane startup problem. This is because the\nresolver allows the rest of the system to dynamically switch between\ndifferent gRPC endpoints for the control plane.\n\nWhat this means is that some of the existing complexity in the\nroleserver (which predates the resolver) can be thrown away. Notably, we\nremove the ClusterMembership structure, and replace it with two\nsignificantly simpler structures that represent two separate facts about\nhe local node:\n\n1. localControlPlane carries information about whether this node has a\n locally running control plane. This is only used by the statuspusher\n (to report whether the control plane is running) and by the\n Kubernetes control plane.\n\n2. curatorConnection carries the credentials, resolver and an open gRPC\n connection to the control plane, and is the only roleserver\n EventValue now used by the vast majority of the roleserver runnables.\n\nThe resulting code, especially inside the control plane roleserver\nrunnable, is now less complex, at the cost of a bit of an ugly refactor.\n\nChange-Id: Idbe1ff2ac3bfb2d570bed040a2f78ccabb66caba\nReviewed-on: https://review.monogon.dev/c/monogon/+/1749\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "90a70a0e1cab83ba1601d355d07f285dff0d4d55", "tree": "d72351725c2d58ba3194e40f85fa5730ab2a798c", "parents": [ "ce68ab953ef5501a3da3367372daf25801bc0ee7" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue May 30 15:15:27 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 06 12:11:51 2023 +0000" }, "message": "m/n/core/roleserve: do not store cluster directory, populate resolver earlier\n\nThis cleans up the roleserver code slightly, as I\u0027ve noticed the cluster\ndirectory actually does not need to be stored anymore now that we have\nthe rpc resolver.\n\nChange-Id: Ibe9f55691602bc937205c5fb54833683e80d4804\nReviewed-on: https://review.monogon.dev/c/monogon/+/1748\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "fd6d4ebffd699ed87cd8bb41dd7a74e40cbe519c", "tree": "8cb613a43199be0dd5a93d98955c95f8d3e7779d", "parents": [ "f1628ac0972b8ee7da19322514dc229872b5982b" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu May 25 14:45:48 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed May 31 12:25:21 2023 +0000" }, "message": "m/node: introduce node storage setting and cluster policy\n\nThis adds NodeStorageSecurity and a corresponding\nClusterConfiguration.StorageSecurityPolicy, and pipes it into the\nMetropolis node bootstrap and registration flow.\n\nAll the various settings have so far only been tested manually. For now\nthe default behaviour (which is exercised by tests) is the same as\npreviously: require encryption and authentication.\n\nIn the future, we will have to expand our end-to-end testing to properly\nexercise all the various settings and verify their enforcement and\neffect. But that has to come in a follow-up CR as this one is already\nlarge enough as is.\n\nChange-Id: I76f3e37639ef02f4fc708af47ae5014408dc7c21\nReviewed-on: https://review.monogon.dev/c/monogon/+/1747\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f1628ac0972b8ee7da19322514dc229872b5982b", "tree": "9720402ab66d83dbd69844ffea60403e73756f26", "parents": [ "2b0f3d3df1fd3f71b57bb2ea581a649678b2451e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu May 25 14:43:19 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed May 31 12:25:21 2023 +0000" }, "message": "m/n/core/localstorage/crypt: support more enc/auth modes\n\nThis is in preparation for introducing configurable disk\nencryption/authentication policies in Metropolis (eg. low integrity\nmode).\n\nWe also use the opportunity to add some tests for the newly refactored\ncrypt library. All modes go through an end-to-end test making sure data\nis preserved and repeatedly mapping/unmapping the device works.\n\nThis change also disables insecure mode in debug builds. The equivalent\nfunctionality will be re-established at a higher level in the cluster\ncode in a subsequent change, alongside the encryption/authentication\npolicy code.\n\nChange-Id: I85db001c7c37a918cb491b1fcc3a51ea1d715817\nReviewed-on: https://review.monogon.dev/c/monogon/+/1724\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2b0f3d3df1fd3f71b57bb2ea581a649678b2451e", "tree": "1018cd62c66bff7c239ae4df9ff076b4b4c832c9", "parents": [ "886c386f9acf84d2600878c61e5f1822a5fb8c1b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 03 15:39:11 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 31 11:29:13 2023 +0000" }, "message": "m/n/c/network: set status with static config\n\nThis makes the static network service also set the network state if no\nautoconfiguration is in use.\nThis is currently quite hacky, it essentially checks if any interface\nuses IPv4 autoconfig/DHCP and if not it choses the first IPv4 address\nand sets that as the external address.\n\nChange-Id: I53cebfaa373512eec3d26c59640c0328297acf32\nReviewed-on: https://review.monogon.dev/c/monogon/+/1644\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f2af76024340e782002f5d07333e2f3d09031554", "tree": "fcdf868bbbd891404514b5ee06a6716ab8e8d9fb", "parents": [ "2d1ebd3567567d9e6563776e637006c1d8d88e68" ], "author": { "name": "Florian Klink", "email": "flokli@flokli.de", "time": "Sat May 27 17:55:21 2023 +0300" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon May 29 21:11:43 2023 +0000" }, "message": "metropolis/node/core/minit: update year in copyright header\n\nThis updates the copyright line to include 2023.\n\nChange-Id: I8442cb10d369ee1a13485f601242fee65c210ede\nReviewed-on: https://review.monogon.dev/c/monogon/+/1725\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ab583b389efd2f334dda56e858fa298987d15cc8", "tree": "e9592d2a3173807168be265e3728fead655b0e1e", "parents": [ "a3904fc44595376bc725fed7ac74dfa80d1ada94" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue May 02 22:41:45 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 03 13:31:56 2023 +0000" }, "message": "m/n/core: always start network service\n\nFix logic bug causing the network service not to be started when\nstatic network config is in use.\n\nWe really need tests for this.\n\nChange-Id: I8ae29809ee453891f0781aa4e1b9f7a160610bff\nReviewed-on: https://review.monogon.dev/c/monogon/+/1643\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "a3904fc44595376bc725fed7ac74dfa80d1ada94", "tree": "47d1177071dd190b6409731959d7bc471aaa7229", "parents": [ "ca9cfcf9cfbb0ae46ee4f6f0d207cdbd7085e460" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue May 02 19:33:52 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 03 09:47:02 2023 +0000" }, "message": "m/n/c/l/crypt: select partitions more specifically\n\nThis changes partition selection to only consider block devices which\ncontain the ESP we booted from if known.\n\nThis prevents us from mounting spurious partitions sharing the same\ntype identifiers.\n\nWhile at it, convert to our GPT library.\n\nChange-Id: Ie9f5bd596f793439a467759d5066529f3912028b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1641\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "0508c6df9ab35ebbf0f0367ba1f7ed74bdfb20c8", "tree": "93f0a16c0770ad473d5ad0b89ddcf00bea652293", "parents": [ "f0b22ff77c0126ac092aa1c6965f08a7c50002a1" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue May 02 18:56:03 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 03 09:47:02 2023 +0000" }, "message": "m/n/c/cluster: fix logic error in bootstrap\n\nThere was a missing condition in there, causing the code to erroneously\nreturn with an error even though none occurred.\n\nChange-Id: Ib36f3f1606508655ed5990aed624ef51c45a3b97\nReviewed-on: https://review.monogon.dev/c/monogon/+/1638\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f0b22ff77c0126ac092aa1c6965f08a7c50002a1", "tree": "e957358311a40371a2ab77f5c86d25035d03ed43", "parents": [ "dea7cd0e3d0aeee571f25209d76b52cc495a389f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue May 02 16:04:20 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue May 02 15:12:13 2023 +0000" }, "message": "m/node: also log to ttyS1\n\nSome systems have their serial console connected to ttyS1, not ttyS0.\nWe currently have no way of passing this information to the system as we\nlock down boot parameters and\nthere is significant risk in letting people change this, both in terms\nof security (some kernel parameters can affect the integrity of the OS)\nas well as availability as such a setting needs to be respected by both\nA and B loaders, thus any misconfiguration could make the node\nnon-functional without an obvious way to roll back.\n\nThus this just adds ttyS1 to the list of serial consoles for the time\nbeing. When we have such a mechanism, we\u0027ll likely undo the hardcoding\nof all consoles anyways.\n\nFixes #216\n\nChange-Id: I2f35edad049ceae1bb5cfc22b89bf6a1664cfbf8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1625\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "76e39d81415a51926e784d441760773574ecbdb9", "tree": "f826797d76881dfdc21dbca5ea8ddd673ac3d5ff", "parents": [ "f984e1eaea94cfdbd6bc23ab438f02028800fb9c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Apr 20 22:55:15 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Fri Apr 21 10:21:02 2023 +0000" }, "message": "m/n/c/network: fix add/modify condition\n\nThe unset value for Index is 0, not -1. This caused new links to\nincorrectly use the LinkModify path.\n\nChange-Id: I92f3fcaa8e4df9097251e3e27bd69c75a2ad878b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1588\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "28883b7d12852e85f03dc9c7f0bb4499cfccf22e", "tree": "e5ff99135a12ff747588f2488509734a2f85c2a0", "parents": [ "4c825320dc1e02f98c40065494bb6ae11bf81835" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 11 13:30:44 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 18 11:48:46 2023 +0000" }, "message": "m/n/c/network: configure given DNS servers\n\nActually configure the list of statically-configured DNS servers.\n\nChange-Id: I174be38195db4e63af2dfe7499e3e721f7b54556\nReviewed-on: https://review.monogon.dev/c/monogon/+/1524\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "4c825320dc1e02f98c40065494bb6ae11bf81835", "tree": "95ee82c569b0a6a61795bbe0429072241df3ef49", "parents": [ "b902dfc271e2375d8928ad4faef0da7b1b75ec57" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 11 13:25:14 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 18 11:48:46 2023 +0000" }, "message": "m/n/c/network: static networking fixes\n\nThis fixes three issues with static networking:\n\nIt joins interfaces to a master in down state as otherwise Linux\ncan return an error.\n\nIt takes up the automatically-created loopback interface as otherwise we\nhave no working loopback interface which causes some weird breakage.\n\nIt also patches netlink to use RTM_SETLINK instead of RTM_NEWLINK for\nreconfiguring interfaces as otherwise Linux sometimes returns an error.\n\nChange-Id: I512e38c6edc1a6d964feb552b1a3995165d74730\nReviewed-on: https://review.monogon.dev/c/monogon/+/1523\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b902dfc271e2375d8928ad4faef0da7b1b75ec57", "tree": "8144257b867070adfe775916b418fe9c89d57cd3", "parents": [ "e3032bd090603b0344727647028d03273bd7d3f5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Fri Apr 07 01:20:31 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 18 11:48:46 2023 +0000" }, "message": "m/n/c/n/dns: fix race condition\n\nThis fixes a race condition where updates could be lost while CoreDNS\nis in the process of starting.\n\nChange-Id: I87e83e2fd2de1bba456f135697815f0ddeb226d9\nReviewed-on: https://review.monogon.dev/c/monogon/+/1520\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "e4a4ce1dbbc8abc8a0817f80fcb27437a9e6ca63", "tree": "1d2fc878f2e74e1e077dd8848c983c00e6ffcb6d", "parents": [ "5df62bae21bd89f15321a54a33a2ff59f5cbdce8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 18:29:54 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 17 09:14:54 2023 +0000" }, "message": "metropolis: finish implementing TPMMode\n\nThis wraps up the implementation of TPMMode in ClusterConfiguration,\nallowing operators to select whether nodes should or should not use\ntheir TPM, based on local availability.\n\nWe keep the default behaviour to require a TPM, as we\u0027d like to be\nsecure by default.\n\nChange-Id: Ic8ac76d88ecc9de51f58ca99c92daede79d78ad7\nReviewed-on: https://review.monogon.dev/c/monogon/+/1495\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5df62bae21bd89f15321a54a33a2ff59f5cbdce8", "tree": "45e397cafdbff558801e94c4c124bbb8e4d8a55b", "parents": [ "10b2154450b4e43d2b959137f47bceeaf9c9f1f3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 17:56:46 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 17 09:14:54 2023 +0000" }, "message": "metropolis: implement cluster configuration\n\nThis adds a cluster configuration to Metropolis. We\u0027ll be keeping any\nnon-node-specific options there. The config is stored in etcd by the\ncurator.\n\nAn initial cluster configuration can be specified when bootstrapping a\ncluster. By design the configuration is then immutable by default, but\nwe might add some purpose-specific management API calls to change some\nvalues if needed.\n\nWe initialize the cluster configuration with a setting for node TPM\npolicy, \u0027TPMMode\u0027. It\u0027s currently populated on cluster bootstrap, but\nnot used otherwise. That will come in a follow-up CR.\n\nChange-Id: I44ddcd099c9ae68c20519c77e3fa77c894cf5a20\nReviewed-on: https://review.monogon.dev/c/monogon/+/1494\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "2cfafc9a4c34152dd93b58aa82df1720fb4dd6d6", "tree": "7a944999ab576f4b421651c2c4d513b0b572a1be", "parents": [ "d0be371ea905c3729f98d91d255d775b7c5193d3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 16:42:47 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 13 14:03:02 2023 +0000" }, "message": "metropolis/node/kubernetes: move worker services to KubernetesWorker nodes\n\nThis finalizes the Big Split. After this change, nodes will only run a\nkubelet (and related services) if they have a KubernetesWorker role\nattached.\n\nThe first node in a new cluster now starts out with KubernetesController\nand ConsensusMember. All joined nodes start with no roles attached.\n\nChange-Id: I25a059318450b7d2dd3c19f3653fc15367867693\nReviewed-on: https://review.monogon.dev/c/monogon/+/1380\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "85ad26a4389b926e2d4656f540257169eacdc4aa", "tree": "ed69090952b8734c0d2dc2a52019921d34a9d75a", "parents": [ "3ecb04a95b2d877ea4ef6adad0059183858af5a9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 27 17:00:00 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Apr 06 14:26:33 2023 +0000" }, "message": "m/node: implement static network config\n\nAllows using a static network configuration in Monogon OS.\n\nThis plumbs in support for the new static network configuration mode of\nthe network service into Monogon OS. It introduces a new NodeParameter\nfield as well as an ESP file to persistently hold this configuration.\nThe file is not sealed or encrypted to allow recovery of nodes with\nbroken network configuration.\n\nChange-Id: Ia398368a8d1c0eef4bca53bb279a97a144bdbd20\nReviewed-on: https://review.monogon.dev/c/monogon/+/1403\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "3ecb04a95b2d877ea4ef6adad0059183858af5a9", "tree": "aa1d41084169ee9de32cd67837cbec8edd79b886", "parents": [ "9ae5f77a472650a9f43186c585e395387cfc1f91" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 16 20:41:20 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Apr 06 14:26:33 2023 +0000" }, "message": "m/n/c/network: add support for static network configuration\n\nFor certain network configurations autoconfiguration doesn\u0027t work or\nis not appropriate, so for these a static configuration needs to be\nused. The monorepo has recently gained net.proto, a Protobuf-based\nnetwork specification. This implements support for using this instead of\nautoconfiguration in the Monogon network service.\n\nChange-Id: Ifaec4e98b5a871308bde94c26fc09a7f0bcfd064\nReviewed-on: https://review.monogon.dev/c/monogon/+/1364\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b565cc679cd5af598dc863890a3e1cce98eb1c57", "tree": "eddf2b4b5636b0c5086cf8fb874927cdc73659c1", "parents": [ "9104e381ab7a2c90087843de00204eed9ed7cf99" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 30 18:43:51 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 14:19:17 2023 +0000" }, "message": "m/n/core/clusternet: grab external IP address prefix from network service\n\nThis moves the logic for merging the node IP and node prefixes from the\nsubmitter of the prefixes into the clusternet logic itself.\n\nThis means clusternet now has two independent sources of prefix data:\nthe network service\u0027s external IP address, and the kubelet\u0027s node\nprefixes.\n\nThis simplifies use in a worker/controller split, where a controller\nnode normally doesn\u0027t submit any prefixes as it\u0027s not running a kubelet\nor kubelet-adjacent prefixes - but we still want it to submit its\nexternal IP address.\n\nChange-Id: I46c9430228ce966426d3a8d33a765ecfdfca0d29\nReviewed-on: https://review.monogon.dev/c/monogon/+/1479\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "98e05e1e5fd348ac07e221732251734256777ecd", "tree": "d202ec3537c7f6faa903910bc5eb0258a8eb6f72", "parents": [ "6c8ee0b3224934cf10b576e8caea15e4ad18a759" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 05 12:44:14 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 10:13:54 2023 +0000" }, "message": "metropolis/*: confine etcd output in tests\n\nThe etcd test cluster logic produces some very chatty logs that end up\nin stdout.\n\nThis confines the etcd logs themselves, as well as gRPC logs that the\ntest logic also always enables by default.\n\nChange-Id: I1070f14b20e870865b510ae24015402c0469ceff\nReviewed-on: https://review.monogon.dev/c/monogon/+/1487\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "29974f3ba444e129cc142133778d09fa61e9679b", "tree": "76fe13f1af556f1fbef15532025bba918c16150e", "parents": [ "630fb5c5349b13330b7de6f8300b495b801db061" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 05 12:29:09 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 10:13:54 2023 +0000" }, "message": "m/p/logtree: pipe to t.Log in tests instead of stdout\n\nChange-Id: I12506a0553810d934872aa0dd03478a66ba6e95f\nReviewed-on: https://review.monogon.dev/c/monogon/+/1488\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "1fb2b10801eb4ea56a1e00f174923ec83f039623", "tree": "8e1ef90a747d7d9559088deb321af96b09d626bb", "parents": [ "86afa224665bb3c465c0ff36d97baafebc673264" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 10:13:46 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 09:55:51 2023 +0000" }, "message": "m/node/core: run hostsfile from roleserver, provide feedback on cluster directory\n\nNot providing a heartbeat and status until we save a cluster directory\nto ESP is a quick and dirty way to make sure we don\u0027t mark a node as\nHEALTHY until it has performed the bare minimum of setup to be\nrebootable.\n\nThis is important in our E2E tests to reduce flakiness.\n\nIn the future we should have some node status field or general \u0027sync\u0027\nAPI exposed, but this will do for now.\n\nChange-Id: Ibad9e91f01abeacdfe4400ef7cb36ca17f68ba0a\nReviewed-on: https://review.monogon.dev/c/monogon/+/1498\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "86afa224665bb3c465c0ff36d97baafebc673264", "tree": "d4cdce3099580c1b34b8855be47807bfbc05643a", "parents": [ "7920852953a4b0846ddb16cb82a038b064ba473a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 10:47:50 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 09:55:51 2023 +0000" }, "message": "m/n/c/cluster: when registering, save node credentials before starting roleserver\n\nThis makes sure we don\u0027t start heartbeating (and generally running any\nproduction roles) before we have our newly generated credentials\npersisted into ESP.\n\nIn turn this should make our E2E tests less flaky.\n\nChange-Id: I6440c53b346080015e082d97af06f795f7b8ed60\nReviewed-on: https://review.monogon.dev/c/monogon/+/1497\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "7920852953a4b0846ddb16cb82a038b064ba473a", "tree": "afa919bc332a93bd0666714843632cffa1095170", "parents": [ "4e6eae2bec769a565eece47438fcb594e7da2765" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 28 20:14:58 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 05 14:14:44 2023 +0000" }, "message": "m/n/kubernetes: use node clusternet to submit cluster networking routes\n\nThis completes the work on using the new cluster networking service from\nKubernetes, thereby allowing non-worker nodes to participate in cluster\nnetworking.\n\nChange-Id: I7f3759186d7c8cc49833be29963f82a1714d293e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1418\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e012b728d98e51e6b5564873f10c06c4f4c81415", "tree": "65d21fa881c46451a2c8234ef10cd4283e2f85b5", "parents": [ "cff8eb9db471c6dd85f92e1828ecd268c2737dda" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 17:49:04 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 04 16:51:11 2023 +0000" }, "message": "metropolis: implement NodeManagement.Logs\n\nThis takes the implementation from the debug service, dusts it off a\nbit, adds tests and moves eerything to the new node mgmt service.\n\nChange-Id: Id3b70126a2551775d8328c0c4e424ec0e675f40f\nReviewed-on: https://review.monogon.dev/c/monogon/+/1439\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a6d8b39959427e4f7e922f7dc095687e07a0caaa", "tree": "820548670c0e392197a2d7603bb7659ccd9cd9ea", "parents": [ "3fe6615bd837038023b9839fb7300030999c60ff" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 03 15:23:57 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 03 15:09:45 2023 +0000" }, "message": "third_party/go: bump grpc-go\n\nWe\u0027re about to include some new-ish cloud.google.com/go packages, and\nthese want a fairly new grpc-go.\n\nThis version of grpc-go finally deprecates some resolver struct fields,\nwhich means we need to migrate away from them.\n\nThe changes also pull in a bunch of golang.org/x/ updates, including one\nthat breaks our importsort patch in goimports.\n\nChange-Id: I2570af45694a5bf18eb7fabb44120d19c5e487da\nReviewed-on: https://review.monogon.dev/c/monogon/+/1472\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "93d593b8b51a597a030d589d4f7435236a52b2c5", "tree": "8fb78b1c9951431b96150e0910420bb62fc15101", "parents": [ "f50c31ff196d2d5ae6c73d732e3d241020cf7882" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 28 16:43:47 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 30 15:38:07 2023 +0000" }, "message": "m/n/core/clusternet: init\n\nThis implements the new cluster networking daemon. This is just the\ndaemon itself with some tests. It\u0027s not yet used.\n\nChange-Id: Ida34b647db0d075fcaaf2d57c9a8a14701713552\nReviewed-on: https://review.monogon.dev/c/monogon/+/1416\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b58102ce51699183af43248c88aa22b8407baa7c", "tree": "ee5560579ec7b32636bb4d9eee4e77271c9d3459", "parents": [ "da11486352f2aaccfa271a8aaf06a3bef09b0a3a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 17:48:18 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 30 14:19:03 2023 +0000" }, "message": "m/n/core/rpc: do not log RPC traces from NodeManagement.Logs\n\nChange-Id: I3106d7fe66a8cdd047e08af62844b20d11636bf5\nReviewed-on: https://review.monogon.dev/c/monogon/+/1438\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "da11486352f2aaccfa271a8aaf06a3bef09b0a3a", "tree": "c5a4f5488061d4c0a8660014bc4f4838361ee4aa", "parents": [ "bc7397214147701d6e70141ff70bf6e84f9aab62" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 17:46:42 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 30 14:19:03 2023 +0000" }, "message": "metropolis/proto: move log-related types to common\n\nHaving them in API is kinda weird, especially as we\u0027re\ngenerating/parsing them from a few libraries already.\n\nChange-Id: I87b4b51f151443c60b87e3e50753c395fcf6e845\nReviewed-on: https://review.monogon.dev/c/monogon/+/1437\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bc7397214147701d6e70141ff70bf6e84f9aab62", "tree": "7be96e5fc859010fdf9bf9b381300fbd9d73d07f", "parents": [ "a58047b542002a3045dc18c72ca8889f06b54329" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 28 20:12:01 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 30 14:18:53 2023 +0000" }, "message": "m/n/core/curator: prevent nodes from sharing wireguard keys\n\nAs WireGuard keys nodes by public key, we must do our best to never let\ntwo nodes share the same public key.\n\nChange-Id: Ib8bc9b839355c1ee94dcf3ba42368055b47c2c21\nReviewed-on: https://review.monogon.dev/c/monogon/+/1415\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "b91938fe16d74272c14e13cad5c6bd8f82391bc4", "tree": "c70a0acf239851748611957bee9d0275740b56ed", "parents": [ "b40c008a6842a232c18b955375d4f1432b32cd53" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:31:22 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 17:18:22 2023 +0000" }, "message": "metropolis: stub out log service\n\nThe server side and client-side implementations are not quite ready yet,\nbut we\u0027re commiting this early so that we can start implementing more\nnode-local management RPCs.\n\nChange-Id: I81b615b0f77dc7750cc738d60ee4923c3182721b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1429\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b40c008a6842a232c18b955375d4f1432b32cd53", "tree": "3fd188eb8b831102c9ab8997579554d200057ed3", "parents": [ "8535cb5bc5437960430ff94d3ea7280ccf931340" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:28:04 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 17:18:22 2023 +0000" }, "message": "m/n/core/mgmt: implement node-local management service\n\nChange-Id: I1e8a8ff46d1172e00f2d991ae3cc3af1929b6e4e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1428\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8535cb5bc5437960430ff94d3ea7280ccf931340", "tree": "57edb5cf064ad8b43aef52c1bbb974dd5cce7c26", "parents": [ "30fd15406e2c9cba7391f6af96c775b313a115fa" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:15:08 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 17:18:22 2023 +0000" }, "message": "m/n/core/rpc: implement node verification in authenticated connections\n\nThe current API of NewAuthenticatedCredentials is not easily extensible,\nso switch over to such an API now.\n\nThis then adds a WantRemoteNode option which verifies that the remote\nconnection is established to a node with a given ID.\n\nChange-Id: Ie9f6b33d8b032729181bae5591eba9856ea2f523\nReviewed-on: https://review.monogon.dev/c/monogon/+/1427\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "30fd15406e2c9cba7391f6af96c775b313a115fa", "tree": "cd19f1366d884c5b3110a7396b9cc5514dedecc2", "parents": [ "8fab014d343633828dc4df3c670def9c75fa4485" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:19:02 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 17:18:22 2023 +0000" }, "message": "m/n/core/curator: return denormalized node id in GetNodes\n\nThis is mostly useful when using filters to get just one node, eg.\n`node.id \u003d \"metropolis-1234567890\"`.\n\nChange-Id: I154508751b0e610742374b65915c07b64a7f7b71\nReviewed-on: https://review.monogon.dev/c/monogon/+/1426\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3ac3a2ecfab884ff26939834578ce731ee1778ac", "tree": "4d0cc471eac7e2986a7bb3d0690b1b348930d6a1", "parents": [ "03139ef5370599ee89add5d4733d18a7e902e8ab" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:20:06 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:09:47 2023 +0000" }, "message": "m/n/core/identity: prevent crash when verifying nil CA certs\n\nWe have some \u0027ca \u003d\u003d nil means do not verify\u0027 logic around in our\ncodebase, and this prevents programming errors from panicking.\n\nChange-Id: I047a06984dd40d709294edaf5d658c61667cb954\nReviewed-on: https://review.monogon.dev/c/monogon/+/1423\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "03139ef5370599ee89add5d4733d18a7e902e8ab", "tree": "df9bd2236136a01df1cc6c377f9d2eb76cc98e1e", "parents": [ "8b4a5ea7468f26c693f9497e61e722614a4617ac" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 13:37:07 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:09:38 2023 +0000" }, "message": "m/n/c/curator: tell filter users what\u0027s wrong with their filter expression\n\nChange-Id: I994a76ba57e13a34a91b0e547b8173dbc583dd37\nReviewed-on: https://review.monogon.dev/c/monogon/+/1424\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8b4a5ea7468f26c693f9497e61e722614a4617ac", "tree": "c0f5912709fff737b6c4edf6e1da0c9053066e95", "parents": [ "4e6fe4aefa98b1c027c4e934472c94b60abe727e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:16:59 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:09:32 2023 +0000" }, "message": "m/n/core/rpc: shorten proto messages in traces\n\nWe\u0027ll have binary RPC logs in the future that will contain all RPC\nmessages. We definitely don\u0027t want kilobytes of prototext in our main\nlogtree or even in the RPC spans.\n\nChange-Id: I9abc5654ce977ff97a293b04f9c1fddfb71ed4a0\nReviewed-on: https://review.monogon.dev/c/monogon/+/1425\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "677887828c5440ac794e2cbd892f2c3314f7b63e", "tree": "4704995fc5fcd838f615efeaf3c6f2a4b578160e", "parents": [ "e6bc2275053e06ea8d1274d132e5bb071aac6a75" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 28 20:13:18 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 12:34:59 2023 +0000" }, "message": "m/n/core/curator: check that pubkey is given when expecting self-signed certificate\n\nPeerInfo.Unauthenticated does not imply Unauthenticated.SelfSigned,\nwhich might be nil if a client connects without a certificate at all.\nThis makes sure we don\u0027t crash when that happens.\n\nChange-Id: I52ceefe13f1eab9efe549e900a1ae715086b499e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1414\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e6bc2275053e06ea8d1274d132e5bb071aac6a75", "tree": "0b9147f9fef9610f7ca285e1457c90b8f292abd0", "parents": [ "0731937d1f66230495e770fcdeaac16aaed8a0cb" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 28 16:28:13 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 28 18:22:38 2023 +0000" }, "message": "m/n/c/curator: implement cluster networking storage\n\nThis is just the Curator side, the client implementation will come in a\nsubsequent change.\n\nChange-Id: I4a9b5ad5c77662e11122d0a1cea22d80ecfe4299\nReviewed-on: https://review.monogon.dev/c/monogon/+/1413\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "218d708b0dffe7a8516d97b13b2cd0f4b91fd756", "tree": "4884e81008c897e385411598021656daa266bf1c", "parents": [ "c25ca5d06e3c006987b77350e3f55cccd358e117" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 14:48:37 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 14:07:47 2023 +0000" }, "message": "m/n/core/curator: fix another crash in IssueCertificates\n\nWe should have a no-go check for this, this should\u0027ve been easily found.\n\nChange-Id: I1c22e0436da1c71dffc6494a5d5b1867879e17c7\nReviewed-on: https://review.monogon.dev/c/monogon/+/1394\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "c25ca5d06e3c006987b77350e3f55cccd358e117", "tree": "cd00ee88800059299481cc7e006feccbafffae32", "parents": [ "6b7731ee4017d5f412fa487c12b5fcab1b91cd44" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 14:29:05 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 13:35:54 2023 +0000" }, "message": "m/n/core/curator: fix crash in IssueCertificates\n\nChange-Id: Ib0e1f08bfcc2e70cd638f0863450508d10ab9a93\nReviewed-on: https://review.monogon.dev/c/monogon/+/1393\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6b7731ee4017d5f412fa487c12b5fcab1b91cd44", "tree": "b47ce1057e5034690d6ee42862a6acdd79ce91eb", "parents": [ "d02f2166634fd8c2ef3433ab7212088802cc7f89" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 17:58:04 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 13:35:41 2023 +0000" }, "message": "m/n/core: hide verbose supervisor logs from console\n\nChange-Id: I617c4b966caa35253ba53407fbfadc6615b50822\nReviewed-on: https://review.monogon.dev/c/monogon/+/1388\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "d02f2166634fd8c2ef3433ab7212088802cc7f89", "tree": "92d7a6eaf0dc07ba4ac53d07deaa325218281e62", "parents": [ "1ec1fe9f8af947c972f803d778f95d145606a6d0" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 17:57:20 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 13:34:11 2023 +0000" }, "message": "m/n/core: fix crash on exit\n\nThe current code crashes on exit if a console wasn\u0027t opened.\n\nChange-Id: I7fc235953fe04b8ea924a380e7eb9195a8883d6d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1387\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "fe39cc21b69bb9fd9f641dfc6b3514386cbb0d4c", "tree": "2c4ff1bc567bb6b5e276bef2028fc196cbc37f2b", "parents": [ "e88ffe9af09b2740bfe0c47ec1efae0380d4f706" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 14:21:54 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 12:21:21 2023 +0000" }, "message": "m/n/c/curator: implement IssueCertificate for Kubernetes Workers\n\nThis is not yet used in this change, but will be very soon.\n\nChange-Id: I0283941f15211515537d2b23e0c8cd72dc2d77c5\nReviewed-on: https://review.monogon.dev/c/monogon/+/1378\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e88ffe9af09b2740bfe0c47ec1efae0380d4f706", "tree": "da2fac1e9bd4343250bc01c1bff81062d7ee60a7", "parents": [ "e6719b379b19ad4439b5fd38da035a3043008d97" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 13:38:46 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 12:04:17 2023 +0000" }, "message": "m/n/kubernetes: factor out generating KPKI, support multiple endpoints in Kubeconfig\n\nChange-Id: I0e648c24ffa134314a03715575d1af1b925fd450\nReviewed-on: https://review.monogon.dev/c/monogon/+/1377\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e6719b379b19ad4439b5fd38da035a3043008d97", "tree": "e3008346b5b32b327c7537451aeaabbf5b144bb7", "parents": [ "ac43801262f2ef399c4b61172823d6d88ec3575e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 17:57:50 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 12:04:07 2023 +0000" }, "message": "m/n/core: do not show minit error on failure\n\nChange-Id: I42018ea1d177c5a49c827242a6c8be93363e49bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/1389\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ac43801262f2ef399c4b61172823d6d88ec3575e", "tree": "d4df4f7dc8121d53432d860c4e234484adafa1f4", "parents": [ "439c1b0485e58600b3fce4e97da9fa362b1de099" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 18:01:29 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 08:32:21 2023 +0000" }, "message": "m/n/core/cluster: don\u0027t cry wolf about missing nodeparams sources\n\nChange-Id: I4498b122dc5c63af89b2c9909250dfc0b6dae732\nReviewed-on: https://review.monogon.dev/c/monogon/+/1390\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "5d6cdf4891f5a0662e5485b5fd34039d7bb1f664", "tree": "4e44e0444adb3c770e545dcfcacd3cdd00ccf40c", "parents": [ "d85a40ab6fa79efca11b02522b89855952226f33" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 11:11:05 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 12:18:03 2023 +0000" }, "message": "m/n/c/core/cluster: notify whenever storage takes longer than 5 seconds to mount\n\nFixes: https://github.com/monogon-dev/monogon/issues/139\nChange-Id: I86398e51cee90c2c5a5a3cb943d85bd09ea311b8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1382\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d6fee31d519a22720ae0342e02ccdba405b62ded", "tree": "b440f3b977eabe81de0ee24f99f385d710dfd84d", "parents": [ "c64ba1ec847af9314790d8f13ff9ead06a9be45c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 11:11:48 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 11:57:32 2023 +0000" }, "message": "m/n/c/roleserve/controlplane: wrap tpm errors\n\nChange-Id: I0ec10b6065c529b7772a884fd48c7c6f7b5df0bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/1383\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e013f1b87807b7c0eb7440cec41e568ef288b499", "tree": "14fee72b90e222cd7ad2b4b865bf8c7637a4fd5e", "parents": [ "6fdca3f2e8b60f53f69c8cd39a02109cc47059ac" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 11:49:54 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 11:33:51 2023 +0000" }, "message": "m/n/core/localstorage: add helper functions for PKIDirectory\n\nChange-Id: I2798b9d6fcaedcf7a5e8e01e322797ebb8a1389d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1376\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "6fdca3f2e8b60f53f69c8cd39a02109cc47059ac", "tree": "f875b3e103037078ece4842fcdd77cbb87d7a6cf", "parents": [ "f71fe9278055d5a892448554aa7c59862256db7d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Mar 20 17:47:07 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 11:33:51 2023 +0000" }, "message": "m/n/kubernetes: start splitting, run apiproxy\n\nThis begins the process to split the Kubernetes service into a\ncontroller and a worker service.\n\nFirst, we rename the existing service to a Controller, create a Worker\nservice, and make the Worker service run our new tinylb-based apiserver\nloadbalancer.\n\nWe also make the roleserver aware of this change by making it spawn both\nthe controller and worker services according to roles.\n\nWe will move services to the Worker in follow up change requests.\n\nChange-Id: I76e98baa0603ad5df30b5892dd69154b895b35fa\nReviewed-on: https://review.monogon.dev/c/monogon/+/1374\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d174e556db5e2ad25e406babf34442a529756081", "tree": "27627eb19faf5d3f9eb18bdeceff7cdc57ebc122", "parents": [ "c1cb37ce9c43b1eae0325d2dbc0c480185f3d981" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 10:49:54 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 15:37:05 2023 +0000" }, "message": "m/n/core/localstorage: remove unused PKI options\n\nChange-Id: Ifa6011fe7ab2868fac93483d0988c772c6f6fdf4\nReviewed-on: https://review.monogon.dev/c/monogon/+/1375\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c1cb37ce9c43b1eae0325d2dbc0c480185f3d981", "tree": "16127799671c8aaf6ee3bb2548bc8579fd1d719b", "parents": [ "7457ee940f2fff2df6e6eef89dcfbd3a9c67cfb9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 17:54:33 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 13:30:48 2023 +0000" }, "message": "m/n/core/consensus: log etcd into sub-DN and wait for DNS resolvability\n\nThis lets us distrnguish between things that etcd logs (which is often\nextremely verbose) what our own consensus service says.\n\nIt also makes the consensus service wait for DNS resolvability before\nattempting to join an existing cluster, which makes etcd startup much\ncleaner (as etcd will itself crash if it cannot immediately resolve its\nExistingPeers in startup).\n\nChange-Id: Icc6a5a40fc56733cc24ccd88af0a73feba4f6922\nReviewed-on: https://review.monogon.dev/c/monogon/+/1356\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3600690988cd075c4e775018bcc9d0f345dd3e86", "tree": "3a2c20f519667ae15591aea1245e98697a1d7f58", "parents": [ "0b3aac94581f63b3024b261fa6a9f298d0cca52b" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Mar 17 00:16:57 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Mar 20 14:09:21 2023 +0000" }, "message": "m/n/c/rpc/resolver: correctly close watcher on context cancel\n\nWithout this change, a watcher can be stuck forever closing a connection\nto a resolver if that resolver has already exited due to its context\nbeing canceled.\n\nChange-Id: I99dc0f04ff840128879721d3e6368c07345564b7\nReviewed-on: https://review.monogon.dev/c/monogon/+/1371\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "fe5192dc5369ab47be1552a6935f9cb745d9f837", "tree": "f41853b28d396a6fb1fbd9b6a9f5d16e679d0c59", "parents": [ "356cbf3e49af75d9cccf92fd8d0a3236727f6761" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 11:33:56 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 21:23:27 2023 +0000" }, "message": "m/n/core/cluster: clean up\n\nThe cluster.Manager structure got heavily refactored over its life, and\nwe ended up with a whole bunch of stuff that wasn\u0027t even being used.\nLet\u0027s clean that up.\n\nWe also change the oneway logic to use a channel instead of a locked\nboolean.\n\nChange-Id: I3e8158ad5938be1636efc9d7fad7eb6d6e953ccf\nReviewed-on: https://review.monogon.dev/c/monogon/+/1354\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" } ], "next": "b76b8d19c05e5df546e2b2dc08f6cdbec2a9ead0" }