)]}' { "log": [ { "commit": "a4edfa9e12ce6db3216da01be7bf35825893c749", "tree": "387c7d4d0f0499609ac03fea2c68afda5aa862be", "parents": [ "dbac6ccbf5325aa737280ac79b3cc5916e9b57f6" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Dec 13 18:55:21 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Dec 13 18:55:21 2020 +0100" }, "message": "Fix IntelliJ instructions in README\n\nWe probably need more in-depth instructions for the open source project,\nbut the existing ones should at least be correct.\n\nTest Plan: N/A\n\nX-Origin-Diff: phab/D660\nGitOrigin-RevId: 5e9dd3379c17a23539651624dfc64daafd156b28\n" }, { "commit": "dbac6ccbf5325aa737280ac79b3cc5916e9b57f6", "tree": "677c4bf05829f1f5c2d586710caa1e8c2ced63aa", "parents": [ "9601f26770e2aed2c8c37a490e936ce300b1a01d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 30 10:57:26 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 30 10:57:26 2020 +0100" }, "message": "Replace temporary DHCP client with dhcp4c\n\nThis replaces our temporary DHCP client with the new one. The old GetIP()\ninterface is still preserved temporarily and will be ripped out in another revision\nstacked on top of this one. nanoswitch also got some updates to support renewals which\nit previously didn\u0027t have to do. This does leave the hacky channel system in place, supervisor observables are still in the design phase.\n\nTest Plan: E2E tests still pass\n\nX-Origin-Diff: phab/D656\nGitOrigin-RevId: cc2f11e3989f4dbc6814fcfa22f6be81d7f88460\n" }, { "commit": "9601f26770e2aed2c8c37a490e936ce300b1a01d", "tree": "4d378d512ac02685b7eccbd8ef41ace024cef2d9", "parents": [ "ede8a80d816f8c102ed4de13ba25512024582a75" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Dec 09 19:44:41 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Dec 09 19:44:41 2020 +0100" }, "message": "Implement DHCPv4 default callbacks\n\nThis implements common callbacks to manage interface IPs and\nroutes in the kernel from DHCPv4.\n\nTest Plan: New integration tests against our kernel via ktest.\n\nX-Origin-Diff: phab/D657\nGitOrigin-RevId: 3c39dddbd0e4151e6e902de150243296e6e459b4\n" }, { "commit": "ede8a80d816f8c102ed4de13ba25512024582a75", "tree": "6ac77e0709b7a1422e240323b43d78b838c93bca", "parents": [ "56a7ae643059875a074ab6e3ca92754520483edd" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Dec 11 14:53:50 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Dec 11 14:53:50 2020 +0100" }, "message": "Remove .ijwb and .idea, migrate to import_run_configurations\n\nThe Bazel IntelliJ team has stated that while checking in the .ijwb folder\ntechnically sorta-kinda works, they recommend against it since they cannot\nguarantee any kind of backwards compatibility. Indeed, bootstrapping a\nworking IDE project from a clean checkout with .ijwb has been a\ndelicate matter in the past and is currently broken again.\n\nDo the supported thing instead and nuke .ijwb and .idea and ignore them.\nThe .bazelproject file can then be used to create a new project using\nFile → Import Bazel project, creating the workspace from scratch.\n\nRun configurations are now created by the Bazel plugin, and those XML\nfiles come with a backwards compatibility promise.\n\nThis means that we lose all other shared settings except run\nconfigurations. If there\u0027s particular configs that we want to keep, we\nneed to write custom tooling which mangles the XML configs, which will\nallows us to deal with backwards compatibility and differences in\ndeveloper setups (i.e. outside contributors).\n\nTest Plan:\nCloned the project from scratch, imported the Bazel\nproject, everything worked on the first try :O\n\nX-Origin-Diff: phab/D658\nGitOrigin-RevId: 979ac5345fd8a5f26a5f8ec3d5882ea477b48a69\n" }, { "commit": "56a7ae643059875a074ab6e3ca92754520483edd", "tree": "b949c496629eea44dfb0407fc90bef5bcb9bf894", "parents": [ "21b039bcd224dc0ba0050e7281cef8d73071d0a4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 29 11:03:30 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 29 11:03:30 2020 +0100" }, "message": "Added DHCPv4 Client\n\nThis adds a bare-bones DHCPv4 client. Currently leases are handled by a single callback which\ncan then be used to implement option observers and other ways to deal with them.\n\nTest Plan: Some tests already here, more coming.\n\nX-Origin-Diff: phab/D645\nGitOrigin-RevId: 76fae7080cdd8ba59cf77368179cae0bc9c9c824\n" }, { "commit": "21b039bcd224dc0ba0050e7281cef8d73071d0a4", "tree": "755d4fc794aadf9f547cda07656c57576aac4e3d", "parents": [ "edf5c4ff49e1aac2f7cd9052aa694f9b4c786457" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Nov 25 16:00:39 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Nov 25 16:00:39 2020 +0100" }, "message": "Fix nanoswitch not setting DHCP lease time\n\nThe original implementation of this used an accessor (due to\nconfusing naming on dhcpv4\u0027s part) and passed the value to be set the\ndefault value. Found when testing with the new DHCP client which\ncorrectly rejected these leases as invalid.\n\nTest Plan: Works with the new DHCP client and in E2E\n\nX-Origin-Diff: phab/D654\nGitOrigin-RevId: 841b161a02809d3c43768ff7a529905f90290f2c\n" }, { "commit": "edf5c4ff49e1aac2f7cd9052aa694f9b4c786457", "tree": "839c754fe09465aead87385cea5ecc5940f16146", "parents": [ "12971d6c8031d06f497c81ae1ed2a5bee488e7d2" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Nov 25 13:45:31 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Nov 25 13:45:31 2020 +0100" }, "message": "logtree: slightly rearrange LeveledPayload/LogEntry\n\nThese were in awkward spots, a leftover from the multiple implementation\npasses of the logtree implementation.\n\nTo make things slightly easier to grok, we move payload.go into\nleveled_payload.go, to make it explicitly a subelement of the leveled\npart of the LogTree.\n\nWe also move LogEntry and its related functions into its own file,\nlogtree_entry.go, as logtree_access.go was a slightly awkward spot, too.\n\nTest Plan: Refactor, covered by existing tests.\n\nX-Origin-Diff: phab/D651\nGitOrigin-RevId: 298d68c91a7cd59059f21ade35ea17f0c9a93cc7\n" }, { "commit": "12971d6c8031d06f497c81ae1ed2a5bee488e7d2", "tree": "3332b72dda28e9c3d476aba0dd63d8465a3245f7", "parents": [ "b0272187ee577a94edb803b81413165b7c1a89ba" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Nov 17 12:12:58 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Nov 17 12:12:58 2020 +0100" }, "message": "logtree: capture multiple lines in leveled log entries\n\nThis implements a solution to a disputed answer to the following\nquestion:\n\n “What happens when someone calls Infof(\"foo\\nbar\")?”\n\nMultiple answers immediately present themselves:\n\n a) Don\u0027t do anything, whatever consumers logs needs to expect that\n they might contain newlines.\n b) Yell/error/panic so that the programmer doesn\u0027t do this.\n c) Split the one Info call into multiple Info calls, one per line,\n somewhere in the logging path.\n\nFollowing the argumentation for these we establish the follwoing\nrequirments for any solution:\n\n 1) We want the programmer to be able to log multiple lines from a\n single Info call and have that not fail. This is especially\n important for reliability - we don\u0027t want an accidental codepath\n that suddenly starts printing %s-formatted user-controlled\n messages to start erroring out in production. This rules out b).\n 2) We want to allow emitting multiple lines that will not be\n interleaved when viewing the log data. This rules out c).\n 3) We want to prohibit log injection by malicious \\n-containing\n payloads (in case of %s-formatted user-controlled content). This\n rules out a).\n 4) If multiple lines are allowed in a leveled payload, the type\n system should support that, so that log consumers/tools will not\n forget to account for the possible newlines. This too rules out\n a).\n\nWith these in mind, we instead opt for a different solutions: changing\nthe API of logtree and logging protos to contain multiple possible lines\nper single log entry. This is a breaking change, but since all access to\nlogs is currently self-contained within the Monogon OS codebase, we can\nafford this.\n\nTo support this change, we change the access API (at LogEntry and\nLeveledPayload level) to contain two different methods for retrieving\nthe canonical representation of an entry:\n\n fn String() string\n\nwhich returns a string with possible intra-string newlines (but no\ntrailing newlines), but with each newline-delimited chunk having the\ncanonical text representation prefix for this message. This prevents\nnewline injection into logs creating fake prefixes.\n\n fn Strings() (prefix string, lines []string)\n\nwhich returns a common prefix for this entry (in its text\nrepresentation) and a set of lines that were contained in the original\nlog entry. This allows slightly smarter consuming code to make more\nactive decisions regarding the rendering of a multi-line entry, while\nstill providing a canonical text formatted representation of that log\nentry.\n\nThese permit simple log access code that prints log data into a terminal\n(or terminal-like view), like dbg, to continue using the String() call.\nIn fact, no changes had to be made to dbg for it to continue working,\neven though the API underneath changed.\n\nNaturally, raw logging entries continue to contain only a single line,\nso no change is implemented in the LineBuffer API. The containing\nLogEntry for raw log entries emits single-lined Strings() results and no\nnewline-containing strings in String() results.\n\nTest Plan: Updated unit tests to cover this.\n\nX-Origin-Diff: phab/D650\nGitOrigin-RevId: 4e339a930c4cbefff91b289b07bc31f774745eca\n" }, { "commit": "b0272187ee577a94edb803b81413165b7c1a89ba", "tree": "e270e4fc6d3497b4a6c8624ea7cd8ebbe7246a59", "parents": [ "967be21df6e1f0e14ab66e904f5904261962f099" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Nov 02 18:39:44 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Nov 02 18:39:44 2020 +0100" }, "message": "core: plug logtree into NodeDebugService\n\nThis introduces a new Proto API for accessing debug logs. Currently this\nis implemented to be used by the debug service. However, these proto\ndefinitions will likely be reused for production cluster APIs.\n\nThe implementation mostly consists of adding the proto, implementing\nto/from conversion methods, and altering the debug service to use the\nnew API.\n\nWe also move all of the debug service implementation into a separate file,\nto slightly clean up main.go. This produces an unfortunately colorful\ndiff, but it\u0027s just moving code around.\n\nTest Plan: Manually tested using the dbg tool. We currently don\u0027t properly test the debug service. I suppose we should do that for the production cluster APIs, and just keep on going for now.\n\nX-Origin-Diff: phab/D649\nGitOrigin-RevId: ac454681e4b72b2876e313b3aeababa179eb1fa3\n" }, { "commit": "967be21df6e1f0e14ab66e904f5904261962f099", "tree": "4d231b6ff6f32802010a5c7b53c596ee72094319", "parents": [ "3a15d04cbb362f1f0aca32d7a9009d2462df4e4c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Nov 02 11:26:59 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Nov 02 11:26:59 2020 +0100" }, "message": "core: replace logbuffer with logtree\n\nTest Plan: Component logs are currently untested?\n\nX-Origin-Diff: phab/D643\nGitOrigin-RevId: 44ace0a1937aee9ba6a49db6e862907ec24d6ea3\n" }, { "commit": "3a15d04cbb362f1f0aca32d7a9009d2462df4e4c", "tree": "c19c00e6a49c542f95fd10f0bad207b2becd8771", "parents": [ "c7359679c41a68cf2a33c717c60c8cb433fb4239" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 11 21:16:14 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 11 21:16:14 2020 +0100" }, "message": "core/network/dhcp: fix logging call typo\n\nTest Plan: Looked at log output\n\nX-Origin-Diff: phab/D644\nGitOrigin-RevId: 2bd00682030c03dbf767b43e020f1e8b78a22a60\n" }, { "commit": "c7359679c41a68cf2a33c717c60c8cb433fb4239", "tree": "3f6d7f5116ac3ceca7a38bc145471c32d923434c", "parents": [ "f6a5d31feb0417b42c8cb8ce87a9cab98449beb6" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Oct 30 16:38:57 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Oct 30 16:38:57 2020 +0100" }, "message": "core: replace zap with logtree\n\nTest Plan: Effective refactor. Only tests that could be affected are e2e tests that should continue to run, because we still are logging into the qemu console, even if differently.\n\nX-Origin-Diff: phab/D642\nGitOrigin-RevId: 0f12b1bc985af08a3cc269569273184321763e4b\n" }, { "commit": "f6a5d31feb0417b42c8cb8ce87a9cab98449beb6", "tree": "0f12f6135441ab216df98c0501b1fc0c7ee17eea", "parents": [ "f68153cf4d0a7a588113c847b2203e4c5c3529e8" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Oct 30 16:39:17 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Oct 30 16:39:17 2020 +0100" }, "message": "core/internal/common/service: delete\n\nThis is the old service abstraction that we\u0027ve replaced with supervisor,\nbut forgot to remove.\n\nTest Plan: Refactor (removal of old code), covered by existing tests.\n\nX-Origin-Diff: phab/D641\nGitOrigin-RevId: b5771fc295bed61bb93dd14c12b67684670a0aad\n" }, { "commit": "f68153cf4d0a7a588113c847b2203e4c5c3529e8", "tree": "7453347ca5a87f5f16090c874885105e3bfb805f", "parents": [ "1bfa0c2d9107cecb56ef6243133cfa12f4c3317b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 13:54:37 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 13:54:37 2020 +0100" }, "message": "logtree: implement raw logging\n\nTest Plan: Covered by new tests.\n\nX-Origin-Diff: phab/D640\nGitOrigin-RevId: 786ab2851710bf2819dcb91571b3567e8da3e377\n" }, { "commit": "1bfa0c2d9107cecb56ef6243133cfa12f4c3317b", "tree": "aeb008c1f685962e2d2387ed348435ef52534794", "parents": [ "248b2ecab2a933024b443b29bb7f9872f38f2956" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Oct 14 16:45:07 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Oct 14 16:45:07 2020 +0200" }, "message": "logtree: rename payload to leveledpayload\n\nTest Plan: Refactor, covered by tests.\n\nX-Origin-Diff: phab/D639\nGitOrigin-RevId: 6c268c8b437a93c97720f110dbc9c39e95402648\n" }, { "commit": "248b2ecab2a933024b443b29bb7f9872f38f2956", "tree": "04aac2dcb6bdc74d19d5cfd35e45a52e20e1e3a8", "parents": [ "a7dca8956f9e0182f51b74d1309f49f177416eef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 15:55:51 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 15:55:51 2020 +0100" }, "message": "logbuffer: split out LineBuffer\n\nWe want to be able to use similar line-oriented buffering in LogTree.\nRather than repeat ourselves, let\u0027s fact this out into a nice little\nlibrary.\n\nTest Plan: Covered by existing logbuffer tests, added some extra linebuffer-specific ones.\n\nX-Origin-Diff: phab/D636\nGitOrigin-RevId: 38e832d323ed9f1723feaa9f9169caad18619e55\n" }, { "commit": "a7dca8956f9e0182f51b74d1309f49f177416eef", "tree": "dd35e9e4433795b5a0d8eafbd814bc692dc58ccd", "parents": [ "5e4fc2d107722f748f90cad06601c1b20e0934fc" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 13:53:53 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 13:53:53 2020 +0100" }, "message": "scripts: update aspects patch to support custom toolchains\n\nTest Plan: tested locally, syncs, works again.\n\nX-Origin-Diff: phab/D635\nGitOrigin-RevId: 2a50ef50b2e3db86252d59359042c001b85ac318\n" }, { "commit": "5e4fc2d107722f748f90cad06601c1b20e0934fc", "tree": "3f29a0772e9182a7e7cc0073b61b00f58013e071", "parents": [ "fa5c2fccc528b40f216687e02f0c1cd004e013d6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Sep 22 18:35:15 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Sep 22 18:35:15 2020 +0200" }, "message": "Add support for runc container runtime\n\nAdds the runc container runtime, its containerd shim, required Linux features and plumbs it into\nKubernetes using RuntimeClasses and containerd runtime selection. Also adds support for building C-based\ntargets as part of our initramfs.\n\nThe Bazel portion is a bit verbose but since label dicts cannot be reasonably concatenated and closures\nare prohibited in Starlark I see no better way.\n\nFor this to be usable for most images new Linux binfmt options have been added. The hashbang binfmt\nshouldn\u0027t have any negative impact, but binfmt_misc has a registry which is only namespaced if used\nwith user namespaces, which are currently not used and thus might represent an exploit vector. This\nis tracked in T864.\n\nTest Plan: New E2E tests covering this feature have been added.\n\nX-Origin-Diff: phab/D625\nGitOrigin-RevId: 1e7e27166135437b2965eca4dc238f3255c9b1ba\n" }, { "commit": "fa5c2fccc528b40f216687e02f0c1cd004e013d6", "tree": "f39c24f681176b7bbf36fe6af304c6902124f552", "parents": [ "4efaa019244db96128941965aa72c0e1371b0d2d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Sep 28 13:32:12 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Sep 28 13:32:12 2020 +0200" }, "message": "Use CoreDNS for everything and make directives dynamic\n\nThis moves CoreDNS from Kubernetes to the network tree and uses\nit for OS-side resolution too. For this to work together with Kubernetes it now\ncontains a dynamic directive system which allows various parts of the OS\nto register and unregister directives at runtime. This system is used to hook\nKubernetes and DHCP-supplied DNS servers into the configuration.\n\nThis also enables the hosts plugin to resolve the local hostname from within\nCoreDNS to avoid querying external DNS servers for that (T773).\n\nTest Plan:\nCTS covers K8s-related tests, external resolution manually tested from\na container.\n\nBug: T860, T773\n\nX-Origin-Diff: phab/D628\nGitOrigin-RevId: f1729237f3d17d8801506f4d299b90e7dce0893a\n" }, { "commit": "4efaa019244db96128941965aa72c0e1371b0d2d", "tree": "167da813dbd4f5a1eb4bcd608d94464c5f215d8a", "parents": [ "06d65bc4e57c4c83150a3b67fc33763d5360b80f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 01 14:32:52 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 01 14:32:52 2020 +0200" }, "message": "Remove Cilium from Initramfs\n\nThis removes Cilium from the Initramfs. It still leaves it as a dependency\neither for later cleanup or if we want to use it for something.\n\nTest Plan: Covered by existing tests, doesn\u0027t affect anything anyways.\n\nBug: T866\n\nX-Origin-Diff: phab/D629\nGitOrigin-RevId: 1378dd4db05685795fef2d91770d5dfa5b891b5a\n" }, { "commit": "06d65bc4e57c4c83150a3b67fc33763d5360b80f", "tree": "3ee27d08628e68d5c5f971e24519bc3f0fc8082e", "parents": [ "9e861a87775191faf1a027f603a0074446cd1319" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Sep 24 10:51:59 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Sep 24 10:51:59 2020 +0200" }, "message": "logtree: chase out some documentation typos\n\nTest Plan: only documentation changes.\n\nX-Origin-Diff: phab/D627\nGitOrigin-RevId: 78b1983bd67c632f467227689371113f26da5842\n" }, { "commit": "9e861a87775191faf1a027f603a0074446cd1319", "tree": "01fb624b542762594bad6e88d67c947263837769", "parents": [ "5faa2fc7fb6266486183fdc1455e711079d33e37" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Sep 16 13:46:41 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Sep 16 13:46:41 2020 +0200" }, "message": "//build/toolchain/musl-host-gcc: implement\n\nThis is a cc_toolchain which runs on x86 systems with Linux/gcc and\ntargets Smalltown via static musl builds.\n\nIt is currently unused, but can be tested by trying to build any\ncc_binary with\n--crosstool_top\u003d//build/toolchain/musl-host-gcc:musl_host_cc_suite .\n\nTest Plan: This has been tested manually by running it against a simple cc_binary. Another revision on top of this will attempt to build mkfs.xfs with it.\n\nX-Origin-Diff: phab/D623\nGitOrigin-RevId: ebdf51ee76d9d5a7fd94725c66ef53783f787df7\n" }, { "commit": "5faa2fc7fb6266486183fdc1455e711079d33e37", "tree": "17203f2ac8ed9124b4573b2f9a05aaa92335190c", "parents": [ "5ade732e7778b774caf03c850fbfaa7b67132d9b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Sep 07 14:09:30 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Sep 07 14:09:30 2020 +0200" }, "message": "logtree: implement\n\nThis implements logtree, as per go/logtree .\n\nSome API changes are present, the design doc will be updated to reflect\nthese and the rationale behind the changes.\n\nThis implementation is missing \u0027raw\u0027 log functionality, this will be\nadded in a diff on top (as the implementation is trivial, but we want\nto keep this diff as simple as possible).\n\nTest Plan: covered by tests\n\nX-Origin-Diff: phab/D624\nGitOrigin-RevId: 6d1e0fb16f47e4b0dc9a18765cecb9314bbcb441\n" }, { "commit": "5ade732e7778b774caf03c850fbfaa7b67132d9b", "tree": "ad467196bf11717d4193f45c346112ffe97c375b", "parents": [ "a50e845df333a4d7531793e3fed61ca8411384f5" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Aug 27 13:27:51 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Aug 27 13:27:51 2020 +0200" }, "message": "logtree: implement LeveledLogger interface\n\nThis implementes the equivalent of StructuredLogger from go/logtree as\na pure interface for further implementation by LogTree (or other logging\nmechanism, eg. in tests).\n\nStructuredLogger was a slightly poor name (because of the unfortunate\nindustry understanding of what structured logging is), so we go ahead\nand rename that. Once this change goes through, the design document will\nbe reflected to rename \u0027Structured Logging\u0027 to \u0027Leveled Logging\u0027.\n\nWe base the API off of github.com/golang/glog, but without a single\nglobal instance. Other API differences include:\n - No {Info,Warning,Error,Fatal}ln calls, as these are pretty much\n equivalent to {Info,Warning,Error,Fatal} calls.\n - V(n) now returns an interface with .Enabled(), instead of a boolean\n value. This is necessary as the returned value will have to carry\n its corresponding LeveledLogger instead of calling global functions.\n\nTest Plan: plain interface, untested\n\nX-Origin-Diff: phab/D620\nGitOrigin-RevId: 06c7e3a88751ff7503e8106fac2360cf8de621c4\n" }, { "commit": "a50e845df333a4d7531793e3fed61ca8411384f5", "tree": "d27ebc111fce076181d9ddda5c06882334f91823", "parents": [ "ed0503cbe3c2d85d138f2604b87d73417be6c940" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 09 17:09:27 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 09 17:09:27 2020 +0200" }, "message": "Introduce TPM event log infrastructure\n\nThis adds support for reading the local TPM event log and for parsing the\nresulting blob. Reading the log is implemented as part of our TPM library, but\nfor reading and processing the event log binary structure we rely on Google\u0027s\ngo-attestation. Since they don\u0027t separate their event log processing from the rest\nof the package, I imported the relevant files here directly.\n\nSince TPM event logs are really terrible (see included workarounds and\nhttps://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md)\nit\u0027s probably a bad idea to use them for anything where we can avoid it.\nSo this will likely only be used for EFI boot / secure boot attestation and\neverything we measure will be part of our TPM library with a much less insane format.\n\nTest Plan:\nManually smoke-tested using a custom fixture on a Ryzen 3000 fTPM.\nWe cannot really test this until we have a way of generating and loading\nsecure boot keys since an empty secure boot setup generates no events.\n\nX-Origin-Diff: phab/D622\nGitOrigin-RevId: e730a3ea69c4055e411833c80530f630d77788e4\n" }, { "commit": "ed0503cbe3c2d85d138f2604b87d73417be6c940", "tree": "66fce41e479e22ba8a735fbcbb62d768c0307bd3", "parents": [ "b9431c95082a3de6c87f96b700e69b72e4d87fdc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:21:25 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:21:25 2020 +0200" }, "message": "Add Kubernetes CTS\n\nThis adds patches and build specifications for the Kubernetes Conformance Test Suite. This involves\ngating various cloud-specific tests behind the providerless flag (otherwise we\u0027d gain a ton of additional dependencies)\nand an additional 60MiB in test binary size.\nSince the CTS for weird reasons requires kubectl to be available in the path we first build a kubectl go_image and then\nstack the CTS on top of it. The output bundle is then preseeded for use.\n\nTest Plan: `bazel run //core/tests/e2e/k8s_cts`\n\nBug: T836\n\nX-Origin-Diff: phab/D615\nGitOrigin-RevId: 7d2cd780a3ffb63b217591c5854b4aec4031d83d\n" }, { "commit": "b9431c95082a3de6c87f96b700e69b72e4d87fdc", "tree": "2caae783a1f940e8d9c3ff4bf23ef150b537c225", "parents": [ "ca24cfaef52b388438f06e69352643a4ee0185ca" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Aug 24 18:16:51 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Aug 24 18:16:51 2020 +0200" }, "message": "supervisor: never give up\n\nThis fixes T756, in which supervised processes would reach a negative\nbackoff value. This seems to be caused by the backoff library\u0027s\nExponentialBackoff having a default MaxElapsedTime of 15 minutes, after\nwhich it returns \u0027Stop\u0027, or, -1 seconds.\n\nTest Plan: There\u0027s no easy way to test this. Unfortunately, the behaviour to return Stop is not after a number of calls, but after time has elapsed. We don\u0027t want to wait 15 minutes for a test, and we don\u0027t have an easy way to mock time, either. But I did test this manually and I cannot observe the \u0027negative backoffs\u0027 after 15 minutes anymore.\n\nBug: T756\n\nX-Origin-Diff: phab/D619\nGitOrigin-RevId: 49d8617bcf2c8b36127cb43acde8afb7cc35c99f\n" }, { "commit": "ca24cfaef52b388438f06e69352643a4ee0185ca", "tree": "7333d3472dcf2f57cd7ed73349c5fc224749c296", "parents": [ "339582bb8d52b930c15cee77548f11794bb3b362" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Aug 18 13:49:37 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Aug 18 13:49:37 2020 +0200" }, "message": "Fixups after Node refactor\n\nTest Plan: Tested in the CTS revision.\n\nX-Origin-Diff: phab/D618\nGitOrigin-RevId: 4c591d463a0709fc944f52e32069cb7ababd55ca\n" }, { "commit": "339582bb8d52b930c15cee77548f11794bb3b362", "tree": "00de879bf5fe2b6e227b9439584b2359b935cadd", "parents": [ "b29e0b07048697a8e8b4b33adb98dd6d8e79eddf" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 29 18:13:35 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 29 18:13:35 2020 +0200" }, "message": "Add Kubernetes DNS with CoreDNS\n\nThis adds Kubernetes DNS with a CoreDNS instance running on the host. This has some distinct advantages over\nrunning it inside a container, like a simplified lifecycle (no state reconciliation) and the possibility of redirecting\nall host DNS requests over this instance for observability or central DNSSEC enforcement.\n\nTest Plan: Manually tested (`host kubernetes` in an Alpine container), will be covered by CTS.\n\nX-Origin-Diff: phab/D616\nGitOrigin-RevId: 281f5f384f4ef7eba2c3c3190be8e6a89772295c\n" }, { "commit": "b29e0b07048697a8e8b4b33adb98dd6d8e79eddf", "tree": "b0b9660a1a783aae391bafd1a9fbac56bcad5498", "parents": [ "efb028fdc542dd2f19bf74a3be98506e7a15c7b7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:26:12 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:26:12 2020 +0200" }, "message": "Add CoreDNS build\n\nThis adds CoreDNS and all relevant dependencies. Unused plugins are patched out\nto prevent excessive dependencies and binary size.\n\nTest Plan: `bazel build @com_github_coredns_coredns//:coredns`\n\nX-Origin-Diff: phab/D614\nGitOrigin-RevId: a897bc0e9f908218fd2f414d7e3b902c14e0a374\n" }, { "commit": "efb028fdc542dd2f19bf74a3be98506e7a15c7b7", "tree": "778c7ccea019f423ca9f660125fe8898014aa9d8", "parents": [ "8b0431a9d22b1f2bb8ab3e6eb66ffda5ca4a2ea9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:04:49 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:04:49 2020 +0200" }, "message": "Allow applying patches before BUILD file generation\n\nThis adds support for patching Go dependencies before BUILD file generation and\nalso plumbs that support into fietsje. No actual prepatching is done in this revision.\n\nTest Plan: This has been used successfully in code built on top of it.\n\nX-Origin-Diff: phab/D612\nGitOrigin-RevId: 7013e5f98feb57ac64ff3dc79d1a9bb94e4152a8\n" }, { "commit": "8b0431a9d22b1f2bb8ab3e6eb66ffda5ca4a2ea9", "tree": "9ce1dd78a249056144e83e0884eb19b6febcda18", "parents": [ "b682ba55d4a51babad2beebb470b0fef0e6067ca" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Jul 13 16:56:36 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Jul 13 16:56:36 2020 +0200" }, "message": "Implement image preseeding\n\nThis pulls in the infrastructure to build OCI bundles with Bazel and adds a loader to\nload them into containerd at runtime.\n\nTest Plan: New E2E test using a simple hello world Go image.\n\nBug: T793\n\nX-Origin-Diff: phab/D585\nGitOrigin-RevId: 3bc5e35a89a80a9683778ced72cc79e2d0b684ed\n" }, { "commit": "b682ba55d4a51babad2beebb470b0fef0e6067ca", "tree": "d94c2bb98f3a47896558d9cd4d2cc0271a4558c7", "parents": [ "f85748717f32f0a74816de01b1e5f2e0104342c5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 14:51:36 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 14:51:36 2020 +0200" }, "message": "Add service proxy\n\nThis adds a service proxy based on nfproxy and changes to the service IP allocation to make it work.\nAlso adds support for masquerading outbound traffic for outbound network connectivity.\n\nTest Plan:\nCurrently manually tested by creating an alpine pod and running \u0027apk add curl \u0026\u0026 curl -k https://192.168.188.1:443/\u0027.\nWill be covered later by CTS.\n\nBug: T810\n\nX-Origin-Diff: phab/D580\nGitOrigin-RevId: cace863fd8c2f045560f8abf84c40cc77bc275d4\n" }, { "commit": "f85748717f32f0a74816de01b1e5f2e0104342c5", "tree": "bfac698dc5127fa6440a844c23c6469082256bc3", "parents": [ "57b4375dc2763dbf8444a4786bd41b7ec1a8172b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:12:04 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:12:04 2020 +0200" }, "message": "Make bindata relative to workspace root\n\nThis makes bindata relative to the Bazel workspace root instead of the package. This\nputs it in line with general Bazel expectations about how files are laid out.\n\nTest Plan: Should be covered by existing tests\n\nX-Origin-Diff: phab/D613\nGitOrigin-RevId: ce338fd40d24d6dd222c4fc02f48ada87b562d06\n" }, { "commit": "57b4375dc2763dbf8444a4786bd41b7ec1a8172b", "tree": "96c6ec6648426bd51bbf82573b2fbe28f2044868", "parents": [ "73fc59541abfc457598cc5e62ae4d2c3b84065a1" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 19:17:48 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 19:17:48 2020 +0200" }, "message": "core/internal/cluster: implement multi-node clusters with \u0027golden ticket\u0027.\n\nAs we have fully ripped out all traces of the node management service or\nintegrity checks, we implement a stopgap system that allows us to\ncontinue developing multi-node clusters. This mechanism is enrolment\nusing \u0027golden tickets\u0027, which are protobuf messages that can be\ngenerated via the debug service on an existing cluster, and set on a new\nnode\u0027s EnrolmentConfig to bring that enrol that node into the cluster.\n\nAs this is a stopgap measure (waiting for better cluster lifecycle\ndesign), this is somewhat poorly implemented, with known issues:\n - odd enrolment flow that creates all certificates off-node and results\n in some code duplication in the cluster manager and node debug\n service\n - (more) assumptions that every node is both a kubernetes and etcd\n member.\n - absolutely no protection against consensus loss due to even quorum\n membership, repeated issuance of certificates\n - dependence on knowing the IP address of the new node ahead of time,\n which is not something that our test harness supports well (or that\n we want to rely on at all)\n\nTest Plan: part of existing multi-node tests\n\nX-Origin-Diff: phab/D591\nGitOrigin-RevId: 8f099e6ef37f8d47fb2272a3a14b25ed480e377a\n" }, { "commit": "73fc59541abfc457598cc5e62ae4d2c3b84065a1", "tree": "3eed74792f885733069eedefa2de5dfaaa92052a", "parents": [ "1ebd1e133bac1a7fe0d667ec2ac95f87f63c3701" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 21 12:50:54 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 21 12:50:54 2020 +0200" }, "message": "core/proto: remove NodeDebugService.GetCondition\n\nThis stopped being used after D590 where we moved the debug service to\nstart late enough that we\u0027re sure we already have the prerequisite\nconditions to continue testing. In the future, the debug service might\ngrow some introspection methods into the supervisor - if so, that will\nsomewhat replace this bespoke condition API.\n\nTest Plan: no behavioural changes\n\nX-Origin-Diff: phab/D604\nGitOrigin-RevId: a7edf8a45467fb2be602323b612abe054acf2b11\n" }, { "commit": "1ebd1e133bac1a7fe0d667ec2ac95f87f63c3701", "tree": "c84bca5f68d4bbe959006215bf4711050af04288", "parents": [ "c2c7ad97b50194a550e77b875570ece90259f4ea" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 19:17:16 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 19:17:16 2020 +0200" }, "message": "core/internal/cluster: add new single-node cluster code\n\nThis adds a cluster library, that consists of:\n - a Node object that can be loaded from and saved into etcd,\n representing a node of the cluster that can have different \u0027role\n tags\u0027 assigned to it\n - a cluster Manager, that is responsible for bringing up the local node\n into a cluster (by creaating a new cluster, enrolling into or joining a\n cluster)\n\nThis also gets wired into core/cmd/init, and as such completes a chunk\nof The Refactor. This code should pass tests.\n\nTest Plan: this should work! should be covered by existing e2e tests.\n\nX-Origin-Diff: phab/D590\nGitOrigin-RevId: e88022164e4353249b29fc16849a02805f15dd49\n" }, { "commit": "c2c7ad97b50194a550e77b875570ece90259f4ea", "tree": "cc0d43c49c5d1cb787adf5c548c589fa50e9e72e", "parents": [ "efdb6e9da9ed4d575afe72fde02a27817eca37c4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 17:20:09 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 17:20:09 2020 +0200" }, "message": "core/internal: move containerd and kubernetes to localstorage\n\nThis moves the last users of the old \u0027storage\u0027 library onto \u0027localstorage\u0027. We move a lot of \u0027runtime\u0027 directories to a single `/ephemeral` root. This could be called `/run`, but that might imply FHS compliance - which we don\u0027t have, nor want to have.\n\nWe also slightly refactor Kubernetes services to be a bit nicer to spawn. But generally, this is a pure refactor, with no functional changes.\n\nTest Plan: this should fail. part of a larger stack. D590 is the first tip of the stack that should work.\n\nX-Origin-Diff: phab/D589\nGitOrigin-RevId: d2a7c0bb52c2a7c753199221c609e03474936c22\n" }, { "commit": "efdb6e9da9ed4d575afe72fde02a27817eca37c4", "tree": "b1e1a9bff4b1b91ada8da8673e042bfecda2f505", "parents": [ "b7689bd2d426a5b5fa8375bb6e72aa853610707f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 17:19:27 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 17:19:27 2020 +0200" }, "message": "core/api: move to core/proto\n\nThis is keeping in line with conventions that protobuf files generally\nlive in a \u0027proto/\u0027 directory. Even without that, a lot of the protos in\nthere aren\u0027t actually part of an API, so keeping them in `api/` is a bit\nof a misnomer.\n\nWe also remove unused protos that were part of the old\nintegrity/lifecycle flow. Again, these will make a comeback.\n\nTest Plan: this should fail. part of a larger stack. D590 is the first tip of the stack that should work.\n\nX-Origin-Diff: phab/D588\nGitOrigin-RevId: 4a7af494810348f6bcabd49e63902b4c47e6ec35\n" }, { "commit": "b7689bd2d426a5b5fa8375bb6e72aa853610707f", "tree": "d0e5ff620e783246260f3120cc2b7f74f07f6099", "parents": [ "cb883e2810f61d74df76f0db58be7c5ad31bf8e3" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 18:02:34 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 18:02:34 2020 +0200" }, "message": "cluster/internal: remove old cluster enrolment/integrity/management\n\nThis had to be done sooner or later, as it has been woefully\nunderdesigned. A lot of the TPM2 code will make a comeback, but keeping\nthis around (and buildable) right now is too painful. Once we get\nmulti-node clusters again, and properly design node/cluster lifecycle,\nwe\u0027ll add integrity/attestation support back in.\n\nTest Plan: this should fail. part of a larger stack. D590 is the first tip of the stack that should work.\n\nX-Origin-Diff: phab/D587\nGitOrigin-RevId: e8a43906a767aa4cb66b051027d619ce364269e7\n" }, { "commit": "cb883e2810f61d74df76f0db58be7c5ad31bf8e3", "tree": "2eb844cd60992866181bd061624e9cd1281f4cdc", "parents": [ "a5eaeb8670b0b56f884fbda8ddb92ea0bf78fb5d" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 06 17:47:55 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 06 17:47:55 2020 +0200" }, "message": "core/internal/consensus: refactor\n\nThis refactors the consensus to:\n - use localstorage\n - use the supervisor system\n - have a significantly simpler API for callers (no more\n PrecreateCertificate, etc.)\n - use a watcher for CRLs\n - actually have all bootstrap paths tested\n - keep the CA key in memory (keeping it in etcd only seems like odd\n threat modelling and can posisbly cause issues on quorum losses)\n\nThis breaks the build, as is part of a multi-revision refactor of the\ncore node service code.\n\nTest Plan: adds tests \\o/\n\nX-Origin-Diff: phab/D579\nGitOrigin-RevId: fadee7785028ef806d8243a770c70cb0fb82c20e\n" }, { "commit": "a5eaeb8670b0b56f884fbda8ddb92ea0bf78fb5d", "tree": "9cf2ea8bcfb5ee1170f4055979a69a0cd4266ab9", "parents": [ "f042e6f95bb7dc771bf79f309dbdf0b34da933da" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Jul 16 15:06:50 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Jul 16 15:06:50 2020 +0200" }, "message": "Increase zeroing performance for data partition\n\nIt\u0027s possible to increase queue depth for O_DIRECT in simple cases like ours by just\nsubmitting bigger buffers. As long as they are an exact multiple of the block size this is fine\nand the kernel doesn\u0027t complain. This also enables O_SYNC to prevent any buffering on the guest.\nThis should help to push out data quicker and prevent buffer bloat. The host has its own cache\nanyways.\n\nTest Plan:\nNo change in functionality, I observe more predictable performance (previously\nI sometimes had stalls where the initialization would take \u003e 60s).\n\nX-Origin-Diff: phab/D599\nGitOrigin-RevId: 19554fd9e6d709bde738d01a0d2de190c441640e\n" }, { "commit": "f042e6f95bb7dc771bf79f309dbdf0b34da933da", "tree": "f18c60fb92202ce2d5ec7041c85579865a81509d", "parents": [ "b876fc31f12628562a51c70668b318b9fc50478b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:46:09 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:46:09 2020 +0200" }, "message": "Add Wireguard-based K8s pod networking\n\nThis adds a pod networking runnable based on Wireguard which watches all nodes\nand adds their K8s IPAM allocations as routes into the kernel \u0026 WireGuard. It only depends\non K8s and only performs direct routing.\n\nTest Plan: Manually tested by spinning up a two-node cluster and running two Alpine pods pinging eachother. Can be covered by E2E tests once we can do image preseeding for the test infra (T793).\n\nBug: T487\n\nX-Origin-Diff: phab/D573\nGitOrigin-RevId: ba3fc36f421fd75002f6cf8bea25ed6f1eb457b0\n" }, { "commit": "b876fc31f12628562a51c70668b318b9fc50478b", "tree": "b7f4001c6ab56712dd26473b216e74222b1903f0", "parents": [ "78fd97294dbc8bbf5ef1a490b2d7b7ad96fddcae" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 14 13:54:01 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 14 13:54:01 2020 +0200" }, "message": "Update containerd to 1.4.0-beta.2 and K8s to 1.19.0-rc.0\n\nThis unbreaks bbolt (as part of containerd) on 1.14+ (see https://github.com/etcd-io/bbolt/pull/201 and\nhttps://github.com/etcd-io/bbolt/pull/220), pulls in my patch to ignore image-defined volumes\n(https://github.com/containerd/cri/pull/1504) and gets us some robustness fixes in containerd CNI/CRI integration\n(https://github.com/containerd/cri/pull/1405). This also updates K8s at the same time since they share a lot of\ndependencies and only updating one is very annoying. On the K8s side we mostly get the standard stream of fixes\nplus some patches that are no longer necessary.\n\nOne annoying on the K8s side (but with no impact to the functionality) are these messages in the logs of various\ncomponents:\n```\nW0714 11:51:26.323590 1 warnings.go:67] policy/v1beta1 PodSecurityPolicy is deprecated in v1.22+, unavailable in v1.25+\n```\nThey are caused by KEP-1635, but there\u0027s not explanation why this gets logged so aggressively considering the operators\ncannot do anything about it. There\u0027s no newer version of PodSecurityPolicy and you are pretty much required to use it if\nyou use RBAC.\n\nTest Plan: Covered by existing tests\n\nBug: T753\n\nX-Origin-Diff: phab/D597\nGitOrigin-RevId: f6c447da1de037c27646f9ec9f45ebd5d6660ab0\n" }, { "commit": "78fd97294dbc8bbf5ef1a490b2d7b7ad96fddcae", "tree": "7ae5efa88e132d538d9ec185e6abddd9f46a0570", "parents": [ "cca74b6b61a165e2d1679847731902eaed04bd94" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Jul 13 17:01:42 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Jul 13 17:01:42 2020 +0200" }, "message": "Kubernetes volume \u0026 stamping fixes\n\nThis reenables the projected and downwardapi volume types, both of which are necessary for the CTS to pass\nand are derivatives of the configmap volume which we already support. This also fixes an issue where the stamping\ndefinitions for Kubernetes were not present on our main Kubernetes binary, which broke the CTS.\n\nTest Plan:\nVolumes will be covered by CTS (writing our own tests would be duplicate work), version was manually\ntested to be correct in `bazel run //core/cmd/dbg -- kubectl get nodes` since stamping is hard to test for.\n\nX-Origin-Diff: phab/D584\nGitOrigin-RevId: 403b6c845bc399fdd44ec3ba4ca26e2512a5bc98\n" }, { "commit": "cca74b6b61a165e2d1679847731902eaed04bd94", "tree": "d26996a382862fa446febd25b8bb0c1fc18f621b", "parents": [ "56ae577a9f31df1a903dab7b72cf3f2ac518e5de" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 17:27:53 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 17:27:53 2020 +0200" }, "message": "core/internal/common/supervisor: remove debug logs\n\nThis is currently _extremely_ verbose. We should add this back when we\nget LogTree support landed.\n\nTest Plan: no behavioral changes\n\nX-Origin-Diff: phab/D586\nGitOrigin-RevId: 51295c1394e5583135ecdbd102c7936126ef2664\n" }, { "commit": "56ae577a9f31df1a903dab7b72cf3f2ac518e5de", "tree": "489af3cbef37b1292cbc6927a676feebabe6e6e7", "parents": [ "ac9947fd23ad4dab909a9282ac56fd51dcecb4e4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 18:04:48 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 18:04:48 2020 +0200" }, "message": "Increase E2E gRPC connection reliability\n\nThe E2E test suite sometimes fails because of weird interaction between gRPC and SLIRP\nwhere gRPC has an open connection with SLIRP, but SLIRP hanged while connecting to the actual\nservice. In that case gRPC hangs waiting for the server handshake which will never come as the\nupstream connection is never properly established. This forcibly terminates each gRPC call\nafter 5s to make sure that multiple calls are attempted and it doesn\u0027t hang.\n\nTest Plan: Hard to test, I observe less of these errors\n\nX-Origin-Diff: phab/D583\nGitOrigin-RevId: cc1336aab7f4d13412bdb2e93be027d7e3eb57fc\n" }, { "commit": "ac9947fd23ad4dab909a9282ac56fd51dcecb4e4", "tree": "31ac22eb93c43d6569c79908ea9d446bdc8e6181", "parents": [ "70f65b237aa29f2e9aced8a4a1e1739b6544cb92" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Jul 09 18:58:26 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Jul 09 18:58:26 2020 +0200" }, "message": "intellij: add launch configuration presets for single node and e2e\n\n- Run e2e tests normally with streamed output\n- Run e2e tests without caching and -c dbg\n- Run e2e tests without caching, -c dbg and with dlv\n- Run all tests normally\n- Run a single node cluster normally\n- Run a single node cluster with -c dbg\n\nTest Plan: Ran \u0027em all.\n\nX-Origin-Diff: phab/D582\nGitOrigin-RevId: 6d78ee3ea4e4c4e2c0096fc4e6f449dbcdb333ca\n" }, { "commit": "70f65b237aa29f2e9aced8a4a1e1739b6544cb92", "tree": "35f9b86b2e8b33572495935039e3b9c0a65d30c0", "parents": [ "52f7f291c1987fe98bd10d3ad79d4a0c8772ad03" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 17:02:47 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 17:02:47 2020 +0200" }, "message": "Add init debugging support\n\nThis adds Delve into the initramfs and a conditional hook which attaches Delve to our init\nafter the network is up. This allows for breakpoint-debugging the init itself, at least after the\nvery early node bringup.\n\nTest Plan:\n`bazel run -c dbg //:launch`, then use IDEA\u0027s Go Remote target to connect to localhost:2345\nand set a breakpoint.\n\nBug: T786\n\nX-Origin-Diff: phab/D581\nGitOrigin-RevId: f6b32e7b7f4d36c8492df3e11ee97588817dbd8e\n" }, { "commit": "52f7f291c1987fe98bd10d3ad79d4a0c8772ad03", "tree": "eaf212647f9bab001e62bb35647255b5f107bd2e", "parents": [ "3ff5af330857b2aadcdae9d9e6ca37b7e5d2c56e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:42:02 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:42:02 2020 +0200" }, "message": "Add nanoswitch and cluster testing\n\nAdds nanoswitch and the `switched-multi2` launch target to launch two Smalltown instances on a switched\nnetwork and enroll them into a single cluster. Nanoswitch contains a Linux bridge and a minimal DHCP server\nand connects to the two Smalltown instances over virtual Ethernet cables. Also moves out the DHCP client into\na package since nanoswitch needs it.\n\nTest Plan:\nManually tested using `bazel run //:launch -- switched-multi2` and observing that the second VM\n(whose serial port is mapped to stdout) prints that it is enrolled. Also validated by `bazel run //core/cmd/dbg -- kubectl get node -o wide` returning two ready nodes.\n\nX-Origin-Diff: phab/D572\nGitOrigin-RevId: 9f6e2b3d8268749dd81588205646ae3976ad14b3\n" }, { "commit": "3ff5af330857b2aadcdae9d9e6ca37b7e5d2c56e", "tree": "9792637a9babc59ab73baaafbd370c5ba8a5bd5a", "parents": [ "e50ec399203fa409bfb405169e19f86141d71336" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:34:11 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:34:11 2020 +0200" }, "message": "Expand launch infrastructure and make dependencies use it\n\nAdds support for launching MicroVMs and networking multiple machines to the launch infrastructure\nand its consumers. Also makes use of our own qboot. Also converts ktests to that infra and and fixes\nthe issue making it succeed if the VM couldn\u0027t be started.\n\nTest Plan: E2E tests \u0026 ktests still pass\n\nX-Origin-Diff: phab/D571\nGitOrigin-RevId: 0f317f6d8a06e4a3da343b4a7ff5c87918401426\n" }, { "commit": "e50ec399203fa409bfb405169e19f86141d71336", "tree": "7491ce33f7891e1c2267fee4318a354111465f6a", "parents": [ "2e30e88fe6afcf06bdd01478bc584619e91d4c1b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 30 21:41:39 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 30 21:41:39 2020 +0200" }, "message": "core/internal/localstorage: init\n\nThis implements localstorage and localstorage/declarative, a small\nlibrary for better typed filesystem access. Further down the road this\nwill replace //core/internal/storage, but we\u0027re trying to commit this\nearly.\n\nThis is not used anywhere, and instead comes with a basic test to show\nits workings.\n\nTest Plan: covered by unit tests\n\nX-Origin-Diff: phab/D578\nGitOrigin-RevId: 9a225bc105cc331ce139eb6c195e9af216c8633e\n" }, { "commit": "2e30e88fe6afcf06bdd01478bc584619e91d4c1b", "tree": "c7e8a73330d170df708d8dc6de374d440411f224", "parents": [ "5be29dda1d099e1d72636aec06bd3995f39ae4d8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 15:17:29 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 15:17:29 2020 +0200" }, "message": "Add our own qboot firmware\n\nMy qboot fix (https://github.com/bonzini/qboot/pull/28) has (contrary to what I assumed based on the tests passing)\nnot made it into QEMU yet, so the firmware shipped by it is still affected. This fix not being there silently broke our ktests\nsince the return code processing can in weird conditions wrongly succeed. The fix for this will be another revision, same with\ncode that actually uses this. This is just the build.\n\nTest Plan: Build test: `bazel build @com_github_bonzini_qboot//:qboot-bin`. Also tested in subsequent code depending on it.\n\nX-Origin-Diff: phab/D569\nGitOrigin-RevId: b693220768bc8e39be21fd90eedc7ab79e9c4bcf\n" }, { "commit": "5be29dda1d099e1d72636aec06bd3995f39ae4d8", "tree": "b93a249b2f9cda93a07847708bc81be26be3ad12", "parents": [ "dbfc638fa03704d274f78b31f508dde1e37502ee" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 18:52:45 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 18:52:45 2020 +0200" }, "message": "scripts/create_container: fix cockroachdb startup\n\nAfter moving the build container to --net\u003dhost this broke building //...\n(as sqlboiler touches a local crdb in order to generate SQL\nboilerplate...). This moves cockroachdb to also run with --net\u003dhost, and\nfixes the advertisement address in the same way as it\u0027s fixed in\nrun_ci.sh.\n\nTest Plan: tested this locally :/\n\nX-Origin-Diff: phab/D562\nGitOrigin-RevId: 8b4dcc2b5c3f87c48824d6e0eb665bea44e84116\n" }, { "commit": "dbfc638fa03704d274f78b31f508dde1e37502ee", "tree": "607f2fbd8683bfd5fc855cd03bce700a107f68fd", "parents": [ "71f7a567f372b41b3ea5cf72dfebd0546e3ff7df" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jun 19 20:35:43 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jun 19 20:35:43 2020 +0200" }, "message": "core/internal/kubernetes: refactor PKI fully\n\nWe move ad-hoc certificate/key creation to a little declarative,\nfuture-inspired API.\n\nThe API is split into two distinct layers:\n - an etcd-backed managed certificate storage that understands server\n certificates, client certificates and CAs\n - a Kubernetes PKI object, that understands what certificates are\n needed to bring up a cluster\n\nThis allows for deduplicated path names in etcd, some semantic\ninformation about available certificates, and is in general groundwork\nfor some future improvements, like:\n - a slightly higher level etcd \u0027data store\u0027 api, with\n less-stringly-typed paths\n - simplification of service startup code (there\u0027s a bunch of cleanups\n that can be still done in core/internal/kubernetes wrt. to\n certificate marshaling to the filesystem, etc)\n\nTest Plan: covered by existing tests - but this should also now be nicely testable in isolation!\n\nX-Origin-Diff: phab/D564\nGitOrigin-RevId: a58620c37ac064a15b7db106b7a5cbe9bd0b7cd0\n" }, { "commit": "71f7a567f372b41b3ea5cf72dfebd0546e3ff7df", "tree": "ef5ea6804ca0419e8851d1a21f956508764ba446", "parents": [ "5a09142af47b710bb76df16eca94edefcd3052d7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 16:37:28 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 16:37:28 2020 +0200" }, "message": "Revert \"scripts/create_container: fix cockroachdb startup\"\n\nThis reverts commit 25aee769a555d34ae3c9f12560a8a29986601034.\n\nThis was uh messed up in phabricator and contains changes that shouldn\u0027t\nhave landed.\n\nTest Plan: it\u0027s a revert.\n\nX-Origin-Diff: phab/D567\nGitOrigin-RevId: 0dee3a91f708a9c2aba6cc7dbc929c3c887647c3\n" }, { "commit": "5a09142af47b710bb76df16eca94edefcd3052d7", "tree": "6be9238cf37c51dfc8f99aded4ef06c4ac81bb12", "parents": [ "385c12f84a0f1b6b5d70f228a0fb629f6f8f316c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 14:01:45 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 14:01:45 2020 +0200" }, "message": "scripts/create_container: fix cockroachdb startup\n\nAfter moving the build container to --net\u003dhost this broke building //...\n(as sqlboiler touches a local crdb in order to generate SQL\nboilerplate...). This moves cockroachdb to also run with --net\u003dhost, and\nfixes the advertisement address in the same way as it\u0027s fixed in\nrun_ci.sh.\n\nTest Plan: tested this locally :/\n\nX-Origin-Diff: phab/D562\nGitOrigin-RevId: 25aee769a555d34ae3c9f12560a8a29986601034\n" }, { "commit": "385c12f84a0f1b6b5d70f228a0fb629f6f8f316c", "tree": "ef5ea6804ca0419e8851d1a21f956508764ba446", "parents": [ "032ca1877adc3421343ed35a49c014ca261effff" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jun 17 12:12:42 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jun 17 12:12:42 2020 +0200" }, "message": "build/toolchain: init\n\nThis adds a new, bare-bones, host-based C++ toolchain, and enables it\nfor all target builds. This toolchain replaces the automatically\ngenerated host toolchain from bazel-tools, and differs in the following\nways:\n - uses fully hardcoded paths\n - is the bare minimum required, which allows us full control over all\n aspects of it, notably link arguments\n - does not assume we\u0027re building normal C++ binaries for Linux (for\n instance, the new toolchain does not always link with -lm)\n\nThis is in anticipation of a change by @lorenz that uses cc_binary to\nbuild qboot for tests. However, this is also a good basis to start\nwriting a \u0027real\u0027 toolchain suite for mkfs.xfs, linux \u0026 co.\n\nTest Plan: For now, this is unused - but does not break any existing flow, which is fine. I did test this on a qboot WIP commit from @lorenz, and it at least fixed our immediate problem that it wanted to build it with with -lm,-lstdc++ - which we didn\u0027t.\n\nX-Origin-Diff: phab/D560\nGitOrigin-RevId: 8a5bc5f00a0a0534ea245e556d160f5bab7f8a0c\n" }, { "commit": "032ca1877adc3421343ed35a49c014ca261effff", "tree": "e0d24ad1acf54bc4ad85265cf5a8d4f62c2929a8", "parents": [ "d603f84c6beffb9431f902eccf3f4b06b232a4fb" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 09 20:17:13 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 09 20:17:13 2020 +0200" }, "message": "core/cmd/mkimage: clean up\n\nThis cleans up a few minor issues with the mkimage tool:\n - error logging now goes to stderr; it going to stdout made my life\n painful when debugging a build failure as the output got mangled by\n Bazel\n - repeated actions (copies, mkdirs) are now expressed less verbosely\n - flags are now declared in a more canonical way\n - flags are now named in a more canonical way (underscores vs. hyphens;\n these haven\u0027t been used anywhere in the build, so we\u0027re not breaking\n anything).\n\nTest Plan: Refactor, no change behaviour (apart from stderr logging).\n\nX-Origin-Diff: phab/D558\nGitOrigin-RevId: 2531562acc46ec7aa0a6ac89b883dfd45cddcf82\n" }, { "commit": "d603f84c6beffb9431f902eccf3f4b06b232a4fb", "tree": "f973c093db09f42797926db6edf3a79529995125", "parents": [ "c3ae7588e04e283a9ee798823ff590f2eb26e13f" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jun 09 17:48:09 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jun 09 17:48:09 2020 +0200" }, "message": "core/tests/e2e: increase timeouts\n\nTest Plan: `bazel test core/...`\n\nX-Origin-Diff: phab/D559\nGitOrigin-RevId: de56ac720602c86fbf69e4d44634957b914ca7d0\n" }, { "commit": "c3ae7588e04e283a9ee798823ff590f2eb26e13f", "tree": "dca98f6ae4627ba043527f1a2de01fb3b740be44", "parents": [ "3b544a960249e7000b4fd9ce36f118c261c467df" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 08 17:15:26 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 08 17:15:26 2020 +0200" }, "message": "core/initramfs: add cilium, force static binaries\n\nThis adds a Bazel transition to the initramfs rule to ensure all\nbinaries that are part of it are built statically.\n\nTest Plan: tested by building the binary and checking all binaries are static\n\nX-Origin-Diff: phab/D557\nGitOrigin-RevId: 897b902c6b139fdffd1179caae757f5151ad7804\n" }, { "commit": "3b544a960249e7000b4fd9ce36f118c261c467df", "tree": "7c9c8febf50d0d4066ad952af8ce0fc09205352d", "parents": [ "e28e6d791792806eebbef7bb83681e6b6b815408" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jun 08 19:24:42 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jun 08 19:24:42 2020 +0200" }, "message": "scripts: fietsje cleanliness check in CI\n\nTest Plan: CI\n\nBug: T788\n\nX-Origin-Diff: phab/D553\nGitOrigin-RevId: 25a9553d42c26507297d953849c838d55a1b4043\n" }, { "commit": "e28e6d791792806eebbef7bb83681e6b6b815408", "tree": "0ba4b0342ed6b2a6a009546d4662607a61cd1832", "parents": [ "a013ffaf2d7bc71a06148584020d429903456fff" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 11:39:25 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 11:39:25 2020 +0200" }, "message": "core/tests/e2e: print pprof server port\n\nTest Plan: Ran tests, connected to pprof server address.\n\nX-Origin-Diff: phab/D549\nGitOrigin-RevId: b9aee2334d7ae981144add8996eb3a49d1afdd82\n" }, { "commit": "a013ffaf2d7bc71a06148584020d429903456fff", "tree": "95abf15e717ee2e1b0378ec4f922e84e57c0a1eb", "parents": [ "fc5dbc6646c6e332f5cbb88f6a68b6fbcffebe77" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 15:09:32 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 15:09:32 2020 +0200" }, "message": "core/tests/e2e: wait for all subprocesses we created\n\nTest Plan: `bazel test core/tests/e2e/... --runs_per_test\u003d10`\n\nX-Origin-Diff: phab/D548\nGitOrigin-RevId: e7ed0d0f782fc38dfa94f83ded890187c6fd9c70\n" }, { "commit": "fc5dbc6646c6e332f5cbb88f6a68b6fbcffebe77", "tree": "4ea7cb93b2f0abfca9f547ee1401d39b73a79f5d", "parents": [ "140bddcbe1aac46b168f6fc2178eb9c3870a434c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 28 12:18:07 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 28 12:18:07 2020 +0200" }, "message": "Add E2E tests for basic functionality and port launching to Go\n\nThis adds a new E2E test suite replacing the old log-parsing\nbased one. It also moves launching and controlling Smalltown VMs into\na Go package and command and exposes the \u0027//:launch\u0027 alias.\nThe new E2E test suite covers basic conditions (IP assigned, Data\navailable) and Kubernetes Node, Deployment and StatefulSet tests.\n\nTest Plan: This consists of E2E tests\n\nX-Origin-Diff: phab/D544\nGitOrigin-RevId: 7c624c667c849068bafa544a3a6c635d6d406e1c\n" }, { "commit": "140bddcbe1aac46b168f6fc2178eb9c3870a434c", "tree": "8719383a79e42b1334a53f88bdc015872cba66dd", "parents": [ "e6030f696613983ea00fc93b9e8b826cea7a1e9a" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jun 05 21:01:19 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jun 05 21:01:19 2020 +0200" }, "message": "core: build initramfs using generic initramfs rule\n\nThis chips away at three different things:\n - it brings us closer to hermetic and cross-platform builds by not\n depending on genrule/shell and lz4-the-tool\n - it generalizes initramfs building (allowing for more than one to be\n built, if necessary)\n - sets the stage to use Bazel transitions [1] to force all included Go\n binaries to be built in pure/static mode while allowing host Go\n binaries to use cgo/dynamic linking if necessary, and hopefully also\n allowing us to get rid of some BUILD patches that set pure\u003d\u0027on\u0027 in\n go_binary calls (notably needed in Cilium and some existing\n third_party dependencies).\n\n[1] - https://docs.bazel.build/versions/master/skylark/config.html#user-defined-transitions\n\nTest Plan: build machinery change, covered by existing tests\n\nX-Origin-Diff: phab/D554\nGitOrigin-RevId: a5561eb5ca16e6529b9a4a2b98352f579c424222\n" }, { "commit": "e6030f696613983ea00fc93b9e8b826cea7a1e9a", "tree": "89a0459f2d021a77701faaa73742c21a24f07843", "parents": [ "4cc664da40ef91422fb90039b2a1e90a3f997078" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jun 03 17:52:59 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jun 03 17:52:59 2020 +0200" }, "message": "core/internal/kubernetes: refactor reconciler, move to subpackage\n\nThis makes the reconciler a bit more generic, and thus allows for\nwriting some basic tests (of the reconciler logic and of the declared\nresources).\n\nWe also start the cleanup of //core/internal/kubernetes by moving the\nreconciler into a separate subpackage. This creates two sketchy\ncross-package references that we\u0027ll need to fix in the future once we\ncontinue the cleanup and modularization of the Kubernetes package.\n\nTest Plan: the reconciler is now tested with unit tests!\n\nX-Origin-Diff: phab/D552\nGitOrigin-RevId: b43643065c8174402922c62e80cd9c87fdce2f13\n" }, { "commit": "4cc664da40ef91422fb90039b2a1e90a3f997078", "tree": "9742180802c0f4364641bbc9607dea521d7a9a86", "parents": [ "980d003d69087eb3ef8976a2a7c2df6c7d3c54e7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jun 02 16:08:24 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jun 02 16:08:24 2020 +0200" }, "message": "Reconciler fixup\n\nI made some changes further down the revision stack which weren\u0027t properly propagated.\nThis makes sure the code from subsequent revisions also has the necessary changes.\n\nTest Plan: `bazel run //:launch` no longer shows the reconciler looping\n\nX-Origin-Diff: phab/D547\nGitOrigin-RevId: 2d8c6121b071504048f10cd8a34cbfba2a0f94b7\n" }, { "commit": "980d003d69087eb3ef8976a2a7c2df6c7d3c54e7", "tree": "21d2bb6bd95974f0d3aef170e04f49e1dcd1eb58", "parents": [ "3058b7ab4e220c37624e1204744f0b17efd920d5" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 14:44:49 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 14:44:49 2020 +0200" }, "message": "scripts: create local container with --net\u003dhost\n\nThis makes local debugging easier. We don\u0027t consider the\ncontainer an effective security barrier, anyway.\n\nTest Plan: Connected to a local server.\n\nX-Origin-Diff: phab/D551\nGitOrigin-RevId: d452d9f5a4addf4c526b7ac8f7ac688c36b816c5\n" }, { "commit": "3058b7ab4e220c37624e1204744f0b17efd920d5", "tree": "d501623c882286d2cd5e0977c1dd262db9f65dbe", "parents": [ "b15abadcd33cc25c220a2e8987f11bd967af5765" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 17:51:07 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 17:51:07 2020 +0200" }, "message": "build: add fietsje config and alias for Delve debugger\n\nTest Plan: Debugged a running process using `bazel run :dlv`.\n\nX-Origin-Diff: phab/D550\nGitOrigin-RevId: 3bea727afc0cc275fac19238067d871c42beef19\n" }, { "commit": "b15abadcd33cc25c220a2e8987f11bd967af5765", "tree": "e9744eb8694a12238f345fa409ba1553f813d18d", "parents": [ "0db90ba4fde0be782f2dc43f4e6d269d7c1c5f0b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 16 11:17:12 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 16 11:17:12 2020 +0200" }, "message": "Add PV provisioner\n\nThis adds a new PV provisioner which works together with the\nCSI Node driver to provide storage to workloads on Smalltown.\nIt talks to Kubernetes and listens for PVCs which need to be provisioned\nand PVs which have been released and need to be deleted.\n\nIs is implemented as a per-node agent where every node provisions the\nvolumes scheduled onto it by kube-scheduler.\n\nTest Plan: Manually tested by running `bazel run //core/cmd/dbg -- kubectl create -f $PWD/pv-test.yml` and observing a provisioned PV that\u0027s attached to the pod. An example `test-pv.yml` is in P137.\n\nX-Origin-Diff: phab/D482\nGitOrigin-RevId: 75a871b039e71dd248f937719c471e0277887964\n" }, { "commit": "0db90ba4fde0be782f2dc43f4e6d269d7c1c5f0b", "tree": "49237accda7efdae1c8398aa10da4aaa3ee9a4c8", "parents": [ "8e3b8fc9c4ccf5f92179c249de692e38a92d6ee0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:04:52 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:04:52 2020 +0200" }, "message": "Implement CSI node plugin\n\nThis implements a CSI node plugin with registration support\nbacked by bind mounts from our XFS data partition.\nIt supports online volume expansion (and technically shrinking,\nbut K8s does not support shrinking) and CSI statistics backed by fsquota\n\nTest Plan: TBD\n\nX-Origin-Diff: phab/D471\nGitOrigin-RevId: 6bc37dac3726b39bd5d71cfddb2d53aeee0c8b4d\n" }, { "commit": "8e3b8fc9c4ccf5f92179c249de692e38a92d6ee0", "tree": "0cb705a7be0e42ac642cef771edab856f6676098", "parents": [ "8da5377d65930ff0a4085449c61f09fcfe64ec02" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 19 14:29:40 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 19 14:29:40 2020 +0200" }, "message": "Port kubernetes package to supervisor\n\nThis replaces the ad-hoc goroutine and process management\npreviously in the kubernetes package with a nice supervisor-based\nimplementation which should make it easier to understand and more\nreliable. It also prevents creation of more ad-hoc launching code\nfor future features (like CSI \u0026 Provisioning).\n\nSince porting SmalltownNode is rather involved I just instantiated a\nnew supervision tree in the Kubernetes main service and wired it\nup to the old interface. Once we port SmalltownNode we can just\nremove the legacy Start() method and directly call Run().\n\nTest Plan:\nPasses Bazel tests, Kubernetes functionality was manually\ntested by running `bazel run //core/cmd/dbg -- kubectl run -i --image alpine:edge sh`\nto verify that Kubernetes still works properly. Automated tests for this\nare being worked on.\n\nX-Origin-Diff: phab/D534\nGitOrigin-RevId: 001de38eaa5c7ee661bf5db9a7c3d0125c1b6af2\n" }, { "commit": "8da5377d65930ff0a4085449c61f09fcfe64ec02", "tree": "1bed5948776792298347e315341d199fc7bdcaa6", "parents": [ "6acfc323aa74a424220907218cfa7f303b6992cc" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jun 02 15:56:51 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jun 02 15:56:51 2020 +0200" }, "message": "core/cmd/init: ignore SIGURG\n\nTest Plan: Error is gone.\n\nBug: T743\n\nX-Origin-Diff: phab/D526\nGitOrigin-RevId: ad080bd3299c2c32208ba7553b750b16282c5656\n" }, { "commit": "6acfc323aa74a424220907218cfa7f303b6992cc", "tree": "abb236a6ff03f48907c3feb398a1fac70212cf64", "parents": [ "878f5f9e5f9de93b09d354db7d116fd3d558dbfa" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed May 13 17:01:26 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed May 13 17:01:26 2020 +0200" }, "message": "Add support for gVisor logging\n\nTest Plan: Started Container using `bazel run //core/cmd/dbg -- kubectl run -i busybox --image\u003dbusybox test`, then observed logs using `bazel run //core/cmd/dbg logs containerd.runsc`\n\nX-Origin-Diff: phab/D527\nGitOrigin-RevId: 10dfa1704cbc18becc2005e7b38cc881e6ec50b5\n" }, { "commit": "878f5f9e5f9de93b09d354db7d116fd3d558dbfa", "tree": "994b67ea5264f7e38bb67e9043a369454eaab75d", "parents": [ "9a741a861a4cb5c52b0251a4abf3a2c606b06198" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 12 16:15:39 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 12 16:15:39 2020 +0200" }, "message": "Add Kubernetes Worker and infrastructure\n\nAdds Kubernetes Kubelet with patches for syscall-based mounting and\nsyscall-based (and much faster) metrics. fsquota patches have been\ndeferred to a further revision (for robust emptyDir capacity isolation).\n\nChanges encoding of the node ID to hex since Base64-URL is not supported\nas a character set for K8s names. Also adds `/etc/machine-id` and\n`/etc/os-release` since Kubernetes wants them. `os-release` is generated\nby stamping, `machine-id` is the hex-encoded node ID derived from the\npublic key.\n\nAlso includes a primitive reconciler which automatically ensures a set of\nbuilt-in Kubernetes objects are always present. Currently this includes\na PSP and some basic RBAC policies that are elementary to proper cluster\noperations.\n\nAdds an additional gRPC service (NodeDebugService) to cleanly\ncommunicate with external debug and test tooling. It supports reading\nfrom logbuffers for all externally-run components, checking conditions\n(for replacing log matching in testing and debugging) and getting\ndebug credentials for the Kubernetes cluster.\n\nA small utility (dbg) is provided that interfaces with NodeDebugService\nand provides access to its functions from the CLI. It also incorporates\na kubectl wrapper which directly grabs credentials from the Debug API\nand passes them to kubectl\n(e.g. `bazel run //core/cmd/dbg -- kubectl describe node`).\n\nTest Plan:\nManually tested.\nKubernetes:\n`bazel run //core/cmd/dbg -- kubectl create -f test.yml`\n\nChecked that pods run, logs are accessible and exec works.\n\nReading buffers:\n`bazel run //core/cmd/dbg -- logs containerd`\n\nOutputs containerd logs in the right order.\n\nAutomated testing is in the works, but has been deferred to a future\nrevision because this one is already too big again.\n\nX-Origin-Diff: phab/D525\nGitOrigin-RevId: 0fbfa0c433de405526c7f09ef10c466896331328\n" }, { "commit": "9a741a861a4cb5c52b0251a4abf3a2c606b06198", "tree": "1ec5dddcbc049c76f67585c5d03f184ee6c66a9c", "parents": [ "14cf750cac0d6c6e9504871246a45a226b2eb03e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 28 15:08:45 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 28 15:08:45 2020 +0200" }, "message": "Apply containerd build patch again\n\nThe containerd pure mode build patch is no longer being applied after D535.\ncontainerd is thus no longer executable since we don\u0027t have a dynamic loader\nin Smalltown. This applies the patch again using Fietsje.\n\nTest Plan: Tested under D544\n\nX-Origin-Diff: phab/D545\nGitOrigin-RevId: 76bc4804c4dd0faf5fd38685d0c69bfa4af6ea94\n" }, { "commit": "14cf750cac0d6c6e9504871246a45a226b2eb03e", "tree": "5c17e5c6e9904675403e47f8a8658e966a9506b0", "parents": [ "f369cfa3ab4ad5ba882fa66f2fd1c3df8e5b4495" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu May 28 14:29:56 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu May 28 14:29:56 2020 +0200" }, "message": "fietsje: implement .replace, add Cilium dependencies.\n\nThe new .replace() can be used to mirror \u0027replace\u0027 stanzas in go.mod,\nand that\u0027s what it\u0027s being used for in Cilium, as it ships a handful of\nforked libraries that we have to pull in.\n\nThe Cilium targets are currently unused, but the ones confirmed to build\nare:\n\n - @com_github_cilium_cilium//cilium: cilium API client\n - @com_github_cilium_cilium//daemon:daemon: cilium daemon/agent\n - @com_github_cilium_cilium//operator: cilium operator\n\nThese currently built as dynamic libraries - turning them into\nstatic/pure builds will come in a later build.\n\nTest Plan: how do we test this? :)\n\nX-Origin-Diff: phab/D542\nGitOrigin-RevId: b38c7c1d0be8b0b88ea8f6992c9c5557189399cc\n" }, { "commit": "f369cfa3ab4ad5ba882fa66f2fd1c3df8e5b4495", "tree": "623bb7e085852f87e9ad6618408dc4b3171f7b29", "parents": [ "df12522ed48dbac7edbae32be01a09770b01d0f7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 22 18:36:42 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 22 18:36:42 2020 +0200" }, "message": "fietsje: implement\n\nThis introduces Fietsje, a little Go dependency manager.\n\nFor more information, see third_party/go/fietsje/README.md.\n\nWe also bump some dependencies while we\u0027re at it, notably, sqliboiler\nnow uses Go modules. If we weren\u0027t to do that, we\u0027d have to add more\nheuristics to Fietsje to handle the old version correctly.\n\nTest Plan: fietsje is untested - I\u0027ll add some tests to it. Everything else is just regenerating basically the same repositories.bzl file, but with some bumped dependencies.\n\nX-Origin-Diff: phab/D535\nGitOrigin-RevId: 4fc919e1bd386bc3f3c1c53e672b1e3b9da17dfc\n" }, { "commit": "df12522ed48dbac7edbae32be01a09770b01d0f7", "tree": "167d9d5de66c430cc2ddd37feff561430ed0be5d", "parents": [ "d3c59d22955d01ff4afcada9d4845cd935d820b7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat May 23 00:29:30 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat May 23 00:29:30 2020 +0200" }, "message": "*: unpin rules_go/gazelle\n\nWe unpin these now that Gazelle 0.21.0 is out. This release also changes\nrunfile pathnames for go_binary, so we have to fix up the test_boot.sh\nscript that hardcodes a path.\n\nThis also pulls in a new protobuf version, that we have to let in with\nits imperfections that nogo rightfully complains about.\n\nTest Plan: machinery change, current tests cover this\n\nX-Origin-Diff: phab/D538\nGitOrigin-RevId: ad83d7868608b6883a891d127a6fbaf28f8aa14a\n" }, { "commit": "d3c59d22955d01ff4afcada9d4845cd935d820b7", "tree": "faa355d618630f556b053707cbe5ee60f84a534e", "parents": [ "c88c82db8b1a7f8a07782c970e1d0dfb453f9f66" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 11 16:00:22 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 11 16:00:22 2020 +0200" }, "message": "Update to Go 1.14\n\nUpdates the Go toolchain to 1.14 and gets rid of all upstreamed\npatches. Also shrinks binary sizes.\n\nTest Plan: Should be covered by CI.\n\nX-Origin-Diff: phab/D515\nGitOrigin-RevId: 1c400a6ba6a8d78a02aba925d95486b807eda0e9\n" }, { "commit": "c88c82db8b1a7f8a07782c970e1d0dfb453f9f66", "tree": "22072c4f18e4aaa855577ff0b42a86ef77a9c4cb", "parents": [ "60febd9db40970a31a2f49bdb969897a37c11cc6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Fri May 08 14:35:04 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Fri May 08 14:35:04 2020 +0200" }, "message": "Add containerd \u0026 gVisor support\n\nThis adds containerd, CNI, gVisor and all the necessary shims\nand supporting infrastructure. It also enables all relevant features in\nthe Linux kernel. containerd is designed as a simple supervisor.Runnable.\nIt is not being started yet, this will happen in D497.\n\nSplit out from feature/kubelet.\n\nTest Plan:\nHas been tested in conjunction with the rest of D497, will be\ncovered by a K8s E2E test there.\n\nX-Origin-Diff: phab/D509\nGitOrigin-RevId: 92523516b7e361a30da330eb187787e6045bfd17\n" }, { "commit": "60febd9db40970a31a2f49bdb969897a37c11cc6", "tree": "8ac7756b46db3333e0f81dea04ce1d8bbfe38e62", "parents": [ "fc2c4f5bc24286f24d3fe130bec61cf9fc59982d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 07 14:08:18 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 07 14:08:18 2020 +0200" }, "message": "Clean up consensus etcd log output\n\nIntegrates our Zap logger into our etcd embedded instance to\nclean up the logs. Split out from D497 (ex feature/kubelet).\n\nTest Plan:\n`bazel run //core/scripts:launch` no longer shows etcd JSON\noutput.\n\nX-Origin-Diff: phab/D498\nGitOrigin-RevId: 8df3b9c3edd20310079306479adfadf983af7da2\n" }, { "commit": "fc2c4f5bc24286f24d3fe130bec61cf9fc59982d", "tree": "f467337f1cc022eb06f0d6655a239af7a4a41723", "parents": [ "ac6b6441f65fa160c1a3d2e9b31277e747c96a32" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 06 19:26:32 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 06 19:26:32 2020 +0200" }, "message": "ci: enable race detector in tests\n\nThe Go race detector [1] allows to detect runtime data races between\nGoroutines.\n\nAdding it to the test suite can increase runtime significantly (by\naround 20x), but for the amount of tests we have right now it should\nbe acceptable to always run them on every diff in CI.\n\n[1] - https://golang.org/doc/articles/race_detector.html\n\nTest Plan: consider the test runtime increase before merging\n\nX-Origin-Diff: phab/D496\nGitOrigin-RevId: 655a9ae3d3b4d72eae26180434f685193de6d9a7\n" }, { "commit": "ac6b6441f65fa160c1a3d2e9b31277e747c96a32", "tree": "340b921508eba906823c28740b2010733d108c13", "parents": [ "19bb4125a7eb155a51143046a8501b40702aa650" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 06 19:13:43 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 06 19:13:43 2020 +0200" }, "message": "core/internal/common/supervisor: deflake\n\nWe fix several flaky tests in the supervisor framework, and one bug in the\nsupervisor itself.\n\nTests are deflaked by depending less on tight timing and instead on a\n\u0027settled\u0027 state of the supervisor, which is basically a wait to join the\nsupervisor when it\u0027s done with whatever work it\u0027s currently taking care\nof.\n\nAnother flake, TestBackoff, is fixed by widening the allowed restart\ntime.\n\nFinally, we fix a bug in the supervisor that caused it to spuriously\nrestart children when it would schedule them when their future parents\ncontext was canceled.\n\nFinally, we make some log messages less verbose.\n\nTest Plan: Covered by existing tests that are now less flaky. This was tested with bazel test --runs_per_test\u003d100 to not flake anymore.\n\nX-Origin-Diff: phab/D495\nGitOrigin-RevId: f92f7368708c54c59644d3e7dca03b2b5692c30a\n" }, { "commit": "19bb4125a7eb155a51143046a8501b40702aa650", "tree": "3b3bbc665edc254ba901baaf883ac96712125c18", "parents": [ "f64021170952839c39f25e13e8771d8e377af898" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon May 04 17:57:50 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon May 04 17:57:50 2020 +0200" }, "message": "//core/internal/supervisor: drop panic propagation flag\n\nThis made the race detector unhappy (for a good reason), and was\nactually unused. The only place where we do want panic propagation is in\ntests, and making it configurable by an option passed to New() is much\nmore friendly, anyway.\n\nTest Plan: Behaviour unchanged, covered by existing tests.\n\nX-Origin-Diff: phab/D490\nGitOrigin-RevId: 465a8244445906bbb12e8fec13ccab0c87ab50f6\n" }, { "commit": "f64021170952839c39f25e13e8771d8e377af898", "tree": "06b4841b976cba50dea2f567d300ae2a5b355a14", "parents": [ "bb7db92ee6e788b576e22ece70914e0321a785f7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 04 16:50:31 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 04 16:50:31 2020 +0200" }, "message": "Enable stamping and use correct variables\n\nIn D487 stamping was introduced, but not actually enabled. This enables it.\n\nKubernetes also uses \"volatile\" stamping variables for things that logic\ndepends on. This is a terrible idea because\nyou cannot unbreak a build since volatile stamps don\u0027t trigger a rebuild.\nThe status variables which are not purely informational have been changed\nto \"stable\" variables\n(see https://docs.bazel.build/versions/master/user-manual.html#flag--workspace_status_command).\n\nTest Plan:\nBy itself not really testable, but has been tested on an\nupcoming revision that actually depends on stamping behaving correctly.\n\nX-Origin-Diff: phab/D491\nGitOrigin-RevId: 48dda066d56e29d10fb0f0a88a845d8caf527c98\n" }, { "commit": "bb7db92ee6e788b576e22ece70914e0321a785f7", "tree": "1f4fee21a390625bd9766d0394e3076cf7e34d48", "parents": [ "547b33f2b38dba41f2c171f8730ff5093b267eaf" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "message": "Add all dependencies for Kubernetes worker\n\nAdds Kubelet, CNI plugins, containerd, runc and gVisor using a\npre-baked list of dependencies generated using scripts/gazelle-deps/sh.\n\nThis moves all dependencies of gVisor, Kubernetes, runc, etc into the\nsame \u0027namespace\u0027 of Bazel external repositories, giving us ease of\naccessing code as libraries, and benefits when it comes to version\nauditing.\n\nThe gazelle-deps.sh script is a temporary solution that will be replaced\nASAP, see T725.\n\nThis unblocks T486.\n\nThis is an alternative to D389.\n\nTest Plan: `bazel build //core:image` runs and picks up the new binaries\n\nX-Origin-Diff: phab/D487\nGitOrigin-RevId: a28a25071fa2ae76b272d237ce9af777485065ff\n" }, { "commit": "547b33f2b38dba41f2c171f8730ff5093b267eaf", "tree": "0b1993d79cd3724613e43caed66e81979de0b082", "parents": [ "3dba53221970a81cdc1158cced2c6acf85b33065" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 23 15:27:06 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 23 15:27:06 2020 +0200" }, "message": "Add in-kernel test runner\n\nThis adds a way to run tests inside the Smalltown kernel.\n\nImprovements to the Bazel part of this are tracked in T726\n\nTest Plan: Tested by intentionally failing the test.\n\nX-Origin-Diff: phab/D485\nGitOrigin-RevId: e4aad7f28d122d82a7fcb6699e678cbe022e2f73\n" }, { "commit": "3dba53221970a81cdc1158cced2c6acf85b33065", "tree": "aceb033e536e6de6ec2825c3ee8bfb3a08ccad90", "parents": [ "c452a8dc724400c58a32faf4c4f51291b2675099" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 28 12:23:04 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 28 12:23:04 2020 +0200" }, "message": "Fix ram_utilization_factor deprecation warning\n\nTest Plan: CI\n\nX-Origin-Diff: phab/D486\nGitOrigin-RevId: 2ef96572fab6e00c5b6c414ff542c8559eb6a84b\n" }, { "commit": "c452a8dc724400c58a32faf4c4f51291b2675099", "tree": "8d872a9f7565b63ddd37497797c8b111be89e18c", "parents": [ "5d7d2a42ed0394ecc57ef3cde1d837d8a997ec20" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 20 14:09:39 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 20 14:09:39 2020 +0200" }, "message": "Update built-in container to Fedora 32\n\nUpdates the base image of the built-in dev container to\nFedora 32 to get access to qemu 4.2+ and microvm.\n\nTest Plan: Covered by CI\n\nX-Origin-Diff: phab/D484\nGitOrigin-RevId: 3ac0fd3e9321acdb79814513e1fd7b4c10ef746d\n" }, { "commit": "5d7d2a42ed0394ecc57ef3cde1d837d8a997ec20", "tree": "55ead1cb4ddbd347faf26f7370b46de7e7f634b6", "parents": [ "1d8017549154d0bf2c36610d75eee8de9b25ce02" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:11:02 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:11:02 2020 +0200" }, "message": "Update Kubernetes to 1.18.0\n\nUpdates Kubernetes to 1.18.0 and removes patches that are no\nlonger needed. The directories themselves and the build code that deals\nwith patching is left intact since rebasing D389 and subsequent K8s work\nwould otherwise be unnecessarily complicated.\n\nTest Plan: Should be covered by CI\n\nX-Origin-Diff: phab/D470\nGitOrigin-RevId: 5c7749926f0adcc8d58e3bff3ce6413bab1d797d\n" }, { "commit": "1d8017549154d0bf2c36610d75eee8de9b25ce02", "tree": "854997e22377a1a3b2b2ef00fa9efe8fc2651228", "parents": [ "25b82a85dceb8f3ce847d712fa58809d87f316fb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 02 09:24:51 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 02 09:24:51 2020 +0200" }, "message": "Introduce fsquota package\n\nThis introduces a new fsquota package and\na few low-level support packages to simplify the\nmanagement of filesystem quotas.\n\nTo expose an API that\u0027s nice to use while staying\nperformant and safe the new fsinfo syscall is being\nused. Since that syscall is not yet in mainline it has\nbeen backported to our 5.6 kernel.\n\nTest Plan:\nManually validated on our kernel, automated\ntests are pending some Bazel work to be able to run them\ninside our own kernel.\n\nX-Origin-Diff: phab/D462\nGitOrigin-RevId: bb463056589d2b13b7cf32d48ab0b884e70b1bad\n" }, { "commit": "25b82a85dceb8f3ce847d712fa58809d87f316fb", "tree": "badbb242c6fbd3889af79a5bb493895285d42707", "parents": [ "fd16651a2ef1484b7d8f12d0a7c7f93899af2747" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Mar 23 20:27:51 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Mar 23 20:27:51 2020 +0100" }, "message": "Added logbuffer helper package\n\nThis adds a small package which is used to store logs for other\nbinaries we\u0027re calling. It\u0027s an in-memory non-depleting ring buffer\ncapable of directly taking in a stream (for example from stdout).\nFor reliability it has bounded total memory consumption.\nIt offers a simple interface to get the last n log lines out.\n\nTest Plan: Has 100% test coverage built-in\n\nBug: T667\n\nX-Origin-Diff: phab/D442\nGitOrigin-RevId: 32d5944650793b6cea8ec48a40ea4abb3944ad21\n" }, { "commit": "fd16651a2ef1484b7d8f12d0a7c7f93899af2747", "tree": "f7931a575e0a7133695b2e5a7ec412a2c21731e1", "parents": [ "b1b742f91489cafa199bf5dd6e83d965cb23f63f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Apr 01 17:29:45 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Apr 01 17:29:45 2020 +0200" }, "message": "Update Linux to 5.6\n\nTest Plan: Covered by existing tests.\n\nX-Origin-Diff: phab/D458\nGitOrigin-RevId: ebc83b17a0bcf66997d65763d8ff852a2613887c\n" }, { "commit": "b1b742f91489cafa199bf5dd6e83d965cb23f63f", "tree": "11ad76da23350c0d70ee2f21aa50e56cb1421b57", "parents": [ "9c09c4e9a637dedc1643e32419f56f789e79fec8" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 24 13:58:19 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 24 13:58:19 2020 +0100" }, "message": "core/internal/network: move to supervisor\n\nTest Plan: behaviour shouldn\u0027t change, covered by existing tests\n\nBug: T653\n\nX-Origin-Diff: phab/D430\nGitOrigin-RevId: b92f0953daba6da84bad96120cde2021c4a82e5c\n" }, { "commit": "9c09c4e9a637dedc1643e32419f56f789e79fec8", "tree": "3f8d222ee9d25ede79ba11fee50eb095b6d5658f", "parents": [ "7b5d994379ef72ccf9f4de15d01b9604fc650287" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 24 13:58:01 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 24 13:58:01 2020 +0100" }, "message": "supervisor: init\n\nThis introduces the service supervisor (or supervisor, for short) - a\nlibrary used to reliably run parts of Smalltown.\n\nThe design is outlined in [[ https://phab.monogon.dev/u/supervision | go/supervision ]].\n\nThis only implements the supervision itself, and does not actually use\nit in Smalltown. Another revision based on this one will aims to move at\nleast parts of the codebase onto this library.\n\nTest Plan: the supervision code is integration tested\n\nBug: T653\n\nX-Origin-Diff: phab/D429\nGitOrigin-RevId: cffa73de5957e95af629b78379ffc0c7e8681afb\n" }, { "commit": "7b5d994379ef72ccf9f4de15d01b9604fc650287", "tree": "baaa1bb99c2cb3e081d4f978303be56520a3e4df", "parents": [ "9374393a16b9400866003cd972f9c4711c94869c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 19 16:14:02 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 19 16:14:02 2020 +0100" }, "message": "Update rules_go to 0.22.1 to fix @go_googleapis issue\n\nThis fixes a known issue[1] with rules_go in combination with\nBazel 2.2+ and some protobuf generates (like @go_googleapis).\nAlso updates a few dependencies because rules_go switched to\na newer GRPC compiler.\n\n[1] https://github.com/bazelbuild/bazel/issues/10681\n\nTest Plan: bazel test //... works again on Bazel 2.2+\n\nX-Origin-Diff: phab/D436\nGitOrigin-RevId: d5700cbaa59fefd791f5c9902195f0294a0e6f07\n" }, { "commit": "9374393a16b9400866003cd972f9c4711c94869c", "tree": "d201cb040a78e99baac99e6473c249d790be6b24", "parents": [ "8c8e677b05f92d948f3c864451751b7ca45a8462" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Mar 13 14:20:29 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Mar 13 14:20:29 2020 +0100" }, "message": "test_boot is now a medium-sized test\n\nWe upped the timeout to 120, but Bazel had a lower timeout.\n\nGitOrigin-RevId: 8e9581b20760746e75edc990229be78ddf7992bb\n" }, { "commit": "8c8e677b05f92d948f3c864451751b7ca45a8462", "tree": "d03e67191aa589d5eb0dfc446619e1785e65fcc4", "parents": [ "581b0bd6386a077e29107710e008983b62233ccf" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Mar 12 20:24:13 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Mar 12 20:24:13 2020 +0100" }, "message": ".bazelrc: set --test_output\u003derrors to debug master build failures\n\nBackported from D429,\n\nGitOrigin-RevId: 05a024e59fd598e180249c55a21dc1f8eaa24dc4\n" } ], "next": "581b0bd6386a077e29107710e008983b62233ccf" }