)]}' { "log": [ { "commit": "399ce5537c9d74b2335add19dcb6a4043d9468b5", "tree": "a7e086c69c69f8745ca123764c6929e090e0d80b", "parents": [ "0ea448a92ad342bcb0ecb05a2aa9652ebe48b62a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 29 12:52:42 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 30 15:50:59 2022 +0000" }, "message": "m/n/core/rpc: provide lower-level gRPC dialing constructs\n\nThis replaces the 2x2 cartesian product of ready-made dialing functions\n(New{Authenticated,Ephemeral}Client{Test,}) with plain gRPC Dial\nOptions.\n\nThis is partially to reduce the magical aspect of the RPC library (after\nall, we are just using gRPC here, no need for these wrappers), but\nmostly in preparation for having another dimension added: dynamic\ncluster resolving, which will also be just provided as a Dial Option.\n\nChange-Id: Id051ca5204e4b44afcc10164f376ccf08af46120\nReviewed-on: https://review.monogon.dev/c/monogon/+/640\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "49a1ea42df1cf9f6f3b401a52565496c32b18308", "tree": "f6237d3438df1638517ab42b8609460738845518", "parents": [ "f3c4b42225fb7340e12cc74f9afc2ecc241e4304" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Mar 15 13:43:59 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Mar 17 07:51:54 2022 +0000" }, "message": "m/c/p/datafile: expose ResolveRunfile\n\nThis exposes ResolveRunfile, which can be used to access runfiles using\na filesystem path.\n\nChange-Id: Ib3c41f86264368a076840618c682cb288b3b6f98\nReviewed-on: https://review.monogon.dev/c/monogon/+/630\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f3c4b42225fb7340e12cc74f9afc2ecc241e4304", "tree": "b4d570c6a64df0444216c62903445880f0ce915b", "parents": [ "58cf3bca19e0d04a5dda6ad32a72459bb03df3cf" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 10 00:37:57 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 15 12:50:10 2022 +0000" }, "message": "m/n/core/rpc: remove leftover local/external listener abstractions\n\nThis continues cleanup work after review.monogon.dev/624.\n\nChange-Id: Ic38f4547627d382a4405cf4b3336aa7cac80849b\nReviewed-on: https://review.monogon.dev/c/monogon/+/629\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "58cf3bca19e0d04a5dda6ad32a72459bb03df3cf", "tree": "5c11fb1f25eae37790ef870b1b937bfe6302674b", "parents": [ "ec19b60842e905a4400e5f8b46b783a54d0a025a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 09 20:33:36 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Mar 11 11:40:50 2022 +0000" }, "message": "m/n/core: remove local listener from curator\n\nWhile working on a client library to access a cluster reliably, a\nthought popped into my head:\n\nDo we even need to run the local (UNIX domain socket) listener in the\nCurator?\n\nAnd, after checking all code paths, to my surprise... no, not really.\nWhy did we ever do it? Perhaps because we started differently structured\ncluster bootstrap codebase that caused it to be a hard requirement. Or\nmaybe it was just a momentary lapse of reason. Regardless, with the\ncurrent codebase, it makes no sense: we always have Node credentials\navailable, and we run the Curator on all network interfaces. So why not\njust connect over loopback and use TLS?\n\nHere are some of the benefits of removing the local listener:\n\nIt removes a whole bunch of code, and pulling at a few more threads in\nthe Curator and RPC codebases will probably let us remove quite a bit\nmore now unused abstractions.\n\nIt leads to a more secure product, as we have one less privilege domain\nsocket to worry about (although we still have the etcd one... but that\u0027s\na whole different can of worms).\n\nAnd most importantly, it paves the way for a vastly simplified cluster\nclient - one in which the transport is the same regardless of whether we\nconnect to a local or remote curator. This should let us use bog\nstandard gRPC load balancing / resolving extensions to reach the Curator\nin an idiomatic and robust way.\n\nChange-Id: I1fe9b04ba3b5f4e001050c25aec61a761077492f\nReviewed-on: https://review.monogon.dev/c/monogon/+/624\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "ec19b60842e905a4400e5f8b46b783a54d0a025a", "tree": "b4c0d22ef5dc693a21fef4e987d9c82457d816f6", "parents": [ "662182fd732fb523ee76bdc069f603bc378a6d2e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 09 20:41:31 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Mar 11 11:00:50 2022 +0000" }, "message": "m/p/supervisor: wait for runnables to exit in TestHarness\n\nThis ensures that tests which aren\u0027t marked as parallel won\u0027t interfere\nwith eachother due to still running runnables (for example, gracefully\nterminating gRPC services listening on some stable port number).\n\nTo implement this, we add the Liquidator, a goroutine responsible for\nmaintaining a minimum viable supervisor processor which records all\nrunnables\u0027 exits. These can then be inspected by the TestHarness to\nensure that all runnables are truly dead.\n\nChange-Id: I436f9608d1e0e04796f7198b641e7d625df885f8\nReviewed-on: https://review.monogon.dev/c/monogon/+/625\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "662182fd732fb523ee76bdc069f603bc378a6d2e", "tree": "0dbebeb12a8be1de9f19d31d6c6319e005af749e", "parents": [ "74440ac441be981eb570dc37036e71bf25a04492" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 10 14:06:48 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 10 16:24:34 2022 +0000" }, "message": "m/p/tpm: use secretbox with seal/unseal for larger payloads\n\nNatively the Seal/Unseal operation in the TPM 2.0 specification only\nsupports up to 128 bytes of payload. If you need to seal more than that\nthe specification tells you to generate and seal a key and use that to\nencrypt and authenticate the rest of the data. This CL implements said\nmechanism transparently as part of the Seal and Unseal functions using\na nacl-compatible secretbox as the authenticated encryption primitive.\n\nChange-Id: I0a724b12aae5e5151d103b52ed13b71c864076ab\nReviewed-on: https://review.monogon.dev/c/monogon/+/626\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b6c0aa9703d7b92ea0a94f16a81a7218fc80d36b", "tree": "fde7cf7668a12c10d903576adc591d8d33b62412", "parents": [ "942f5e2188f67d78fe8da86f42e1902427792f2b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 24 17:53:40 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 12:26:08 2022 +0000" }, "message": "metropolis: use microcode\n\nThis ties together all previous work and actually makes the installer\nand OS use microcode via the early microcode loader.\n\nChange-Id: I4e3214c30e4eff1d231d462fceddd2e353d28731\nReviewed-on: https://review.monogon.dev/c/monogon/+/549\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "942f5e2188f67d78fe8da86f42e1902427792f2b", "tree": "b3465cd8996a224a678f12cf1d858173077dadd1", "parents": [ "d3ce0ac027b205b1eeccbbcb062c9d417e205df4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 27 15:03:10 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 12:05:38 2022 +0000" }, "message": "b/ci: update build container to Fedora 35\n\nFedora 32 is EOL since over half a year, update to the current stable\nFedora release.\n\ntoolchains: adds clang as it\u0027s no longer part of the llvm package,\nchanges toolchain path references to GCC 11, and rebuilds the sysroot.\n\nedk2: update to latest stable (old version cannot build with a newer\nminor version of Python 3) and patch to disable -Werror and make the\nnewer included Brotli version work as it natively includes BUILD\nfiles which need to be patched out to make the source files accessible.\n\nlinux: add patch to fix PVH ELF note entrypoint with binutils 2.32+ as\notherwise the .notes section gets emitted with broken alignment.\n\nm/t/launch: RunMicroVM is broken if SerialPort is not set with newer\nQEMU versions because fcntl(2) fails to interact with a broken file\ndescriptor. This is due to a confusion between nil interfaces and\ninterfaces containing a nil pointer causing Go to improperly pass the\nfile descriptor. Changing the type of SerialPort to the actual\ninterface resolves the issue.\n\nChange-Id: I03a8cbf4f80a7363794dad1ff62ccb57e778cac3\nReviewed-on: https://review.monogon.dev/c/monogon/+/529\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "d3ce0ac027b205b1eeccbbcb062c9d417e205df4", "tree": "b026e8c1b1d327531a739449b383ad21f8fd9c20", "parents": [ "304d42c86f034386a957eaec36b0d254aef8dc76" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 03 12:51:21 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 11:52:07 2022 +0000" }, "message": "m/n/b/fwprune: process links from metadata file\n\nThe linux-firmware repository has a metadata file called WHENCE which\ncontains mostly license and origin information, but critically it also\ncontains data for symbolic links which are not materialized inside the\nrepo itself. So we need to parse that file and create these symlinks\nourselves.\n\nChange-Id: I9e6973e60d6f06e844dc879f658c9dd1913c432d\nReviewed-on: https://review.monogon.dev/c/monogon/+/555\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "304d42c86f034386a957eaec36b0d254aef8dc76", "tree": "404c736fb81daec84ba0ae93f52e9ba0a28cb127", "parents": [ "0e22b1a41b028693e0e69db22cc8b708b09070f0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 24 17:53:08 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 11:52:00 2022 +0000" }, "message": "m/n/b/mkpayload: support multiple initramfs files\n\nLinux supports multiple concatinated initramfs files and requires using\nmultiple to provide certain data like microcode for the early loader.\nThis allows building such payloads with mkpayload.\n\nChange-Id: Ie7ee7886bbfe481d7b723e0476a26ee26425a0b6\nReviewed-on: https://review.monogon.dev/c/monogon/+/548\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "0e22b1a41b028693e0e69db22cc8b708b09070f0", "tree": "e191f9275622f25b9d671abffe74f7f35d1724f8", "parents": [ "d348fd1c66194c0fff46e39a16131a7bd0e45707" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Feb 14 15:00:55 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Mar 07 13:41:55 2022 +0000" }, "message": "m/n/core: save NUK and Node Credentials\n\nThis makes the node save its Node Unlock Key and Node Credentials after\nregistering.\n\nChange-Id: Ie16e8fd149745e22a2c02e56ccf3c2d87d052079\nReviewed-on: https://review.monogon.dev/c/monogon/+/537\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b6aa3f7a4bb57fa3d29c846fcfcc6c0d267ae8b7", "tree": "6a5ddca18251baf74ba5a0734bd86fd54ab89def", "parents": [ "f099c09760ea9b860b87776b8386f8c29a164fea" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 20:28:54 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 03 11:39:00 2022 +0000" }, "message": "m/n/core: print scary warning message when running debug build\n\nThis is to make users aware that debug builds of Metropolis provide\nabsolutely no security and should never be used if not debugging.\n\nChange-Id: I64cbe6d77ba40b9539abb5e946fa3231658eec21\nReviewed-on: https://review.monogon.dev/c/monogon/+/553\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f099c09760ea9b860b87776b8386f8c29a164fea", "tree": "ccb1523d90612ceb3d5f96d54fd169caf0e325c5", "parents": [ "80deba52ce3d1ff3c60fa2901cbbb0135e40f90b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 24 17:22:26 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 19:32:09 2022 +0000" }, "message": "m/n/build: format efi.bzl\n\nThese are the changes from running buildifier on efi.bzl.\nThis is in preparation for changing this file as otherwise the\nformatting changes would be intertwined with actual changes.\n\nChange-Id: I2e32e011107e5af9301300d927a2196fbe06e574\nReviewed-on: https://review.monogon.dev/c/monogon/+/547\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "80deba52ce3d1ff3c60fa2901cbbb0135e40f90b", "tree": "659869cf80fae0c808d7caae2d8341669bd8e1c5", "parents": [ "ac82c0d984cd23b4b35163b223c9ed0001df8f55" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 24 17:07:13 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 19:32:09 2022 +0000" }, "message": "m/node: build microcode payloads\n\nThis adds a builder for loadable microcode payloads for the Linux\nkernel and microcode for Intel and AMD CPUs. It also adds a rule\ngenerating a microcode payload for Metropolis at\n//metropolis/node:ucode but does not integrate it yet.\n\nChange-Id: I00145e4c983d9ff3e81881e92cbecc3e09392665\nReviewed-on: https://review.monogon.dev/c/monogon/+/546\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "ac82c0d984cd23b4b35163b223c9ed0001df8f55", "tree": "8f89e032104961783859b32a5c3525cda48b638a", "parents": [ "6dff6d6a57b999eb91f1b9cf956e2ebc18c2defd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 13:32:45 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 19:23:13 2022 +0000" }, "message": "m/n/core: only run debug service in debug build\n\nThis excludes the debug service from non-debug builds as it exposes a\nbunch of unauthenticated interfaces for debugging to the world.\nThe Kubernetes tests were the last user of this service but getting\nKubernetes credentials is now handled by an authenticated production\nservice (the authproxy).\nSome parts of the debug service functionality, namely GetLogs will also\nbe needed outside of debug builds, but nothing depends on its\navailability so we can do this right away.\n\nChange-Id: I5ba3d2853c69ae295d6224b359b36c160b58c430\nReviewed-on: https://review.monogon.dev/c/monogon/+/552\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "6dff6d6a57b999eb91f1b9cf956e2ebc18c2defd", "tree": "4db4fa350e81b0fc52db7cf81f4c620114b28d18", "parents": [ "636032e843efcdef0716ed9956f40642d07b8d4c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Jan 28 18:15:14 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Feb 23 16:15:54 2022 +0000" }, "message": "m/n/roleserve: reactive service management\n\nBottom line up first: this starts etcd, the curator and Kubernetes on\nnodes that register into the cluster. Effectively, this is multi-node\nsupport.\n\nThis significantly refactors the node roleserver to start both the\ncontrol plane and Kubernetes on demand, based on roles assigned by the\ncluster (or due to bootstrapping a new cluster). Most importantly, we\npretty much remove all cluster-bootstrapping code from the node startup\nprocess, thereby making the first node and any subsequent nodes not go\nthrough different codepaths.\n\nIn addition, access to the cluster Curators is now also mediated via\nthe roleserver, which is the component aware whether the node code\nshould connect to the local curator (if the control plane is running) or\nto remote curators (if the control plane is not [yet] running).\n\nThis implementation is a bit verbose as we make heavy use of untyped\nEvent Values, and we add quite a few lines repeated of code to combine\ndata from different values into something that a goroutine can wait on.\nOnce Go 1.18 lands we should be able to make this code much nicer.\n\nThere\u0027s still a few things that need to be implemented for all flows to\nbe working fully (notably, we can end up with stale curator clients,\ncurator clients are not load balanced across multiple curators, and\ncluster directories for connecting to the curator do not get updated\nafter startup). However, these are all features that we should be able\nto easily implement once this lands.\n\nCurrently this is only covered by the e2e test. The individual workers\nwithin roleserver should be able to be independently tested, and this is\nsomething I plan on doing very soon as another change on top, while this\none is being reviewed.\n\nWith time, the two large startup components (the cluster \"enrolment\"\nmanager and the roleserver) have slightly lost their original purpose\nand their names aren\u0027t exactly fitting anymore. I might rename them in\nan upcoming change, if anyone has any good naming ideas I\u0027m all ears :).\n\nChange-Id: Iaf0fc9f6fdd2122e6aae19607be1648382063e66\nReviewed-on: https://review.monogon.dev/c/monogon/+/532\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "636032e843efcdef0716ed9956f40642d07b8d4c", "tree": "9499a197eec2483636b1fc940d8b7e78d3a29161", "parents": [ "5839e97231f31fac6730a1d553fe7114d37a1521" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jan 26 14:21:33 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Feb 23 16:15:54 2022 +0000" }, "message": "m/test/launch: fail ROC on non-UNAVAILABLE errors\n\nThis makes RetrieveOwnerKeys fail fast in tests if some non-transient\n(ie. non-UNAVAILABLE) error is encountered. I hit this while developing\nsomething around the codebase and it took me way too long to figure out\nwhy the e2e test was stalling.\n\nThis really begs doing a pass on all retry loops to make sure we don\u0027t\nget stuck like this. Perhaps we should formalize this, too.\n\nChange-Id: I048f5ac79802330f789e67ba316bc38f04d83331\nReviewed-on: https://review.monogon.dev/c/monogon/+/531\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5839e97231f31fac6730a1d553fe7114d37a1521", "tree": "9a3da7bf6f6546c527750bd8e5c101ecb3824740", "parents": [ "54c4f181c3195f4cc4e53aa5f8311ee161c75bbd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 16 15:46:19 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Feb 23 16:15:54 2022 +0000" }, "message": "m/n/core/{curator,cluster}: refactor against new Consensus API\n\nThis updates the Curator and the Cluster Manager to use the new\nConsensus API, notably to use JoinParameters and ServiceHandle.Watch.\n\nUsing JoinParameters end-to-end requires piping them through a node\u0027s\nroles. For this we create a new ConsensusMember role and replicate all\nthe data from JoinParameters there.\n\nWe also move a whole bunch of logic that used to live in the Cluster\nManager\u0027s Status object away from it. Instead, now the Consensus\nServiceHandle is exposed directly to downstream users, providing the\nsame functionality.\n\nChange-Id: I8cfa247011554553836019f60ea172dd6069f49c\nReviewed-on: https://review.monogon.dev/c/monogon/+/522\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "54c4f181c3195f4cc4e53aa5f8311ee161c75bbd", "tree": "63885ce4e8b7d2020731fe0a658250f0a9b9ce23", "parents": [ "5a637b05610cfa0ecc7bfb5a6875f6c5fa98da11" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Feb 18 13:20:13 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 21 11:58:32 2022 +0000" }, "message": "m/n/c/rpc: trace authentication details\n\nThis slightly reworks the server interceptors to clearly log\nauthentication information and resulting PeerInfo, if any.\n\nChange-Id: I2114b0a6958dd79cf9e4c91f07e909650e1f6de6\nReviewed-on: https://review.monogon.dev/c/monogon/+/543\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "5a637b05610cfa0ecc7bfb5a6875f6c5fa98da11", "tree": "02db33e64d1574b71582b36c846d0d7bb79312a9", "parents": [ "fb0fb6db2a30038fecea4500ffd4281ad510c1d3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Feb 18 12:18:04 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 21 11:58:32 2022 +0000" }, "message": "m/n/c/curator: inject Spans into RPCs, log events\n\nThis uses the new Span/Trace API in the RPC library to inject some spans\ninto all Curator RPC handlers, and converts a bunch of TODO: add logging\ncomments into Trace(ctx).Printf.\n\nChange-Id: Ie480fa7020246b60befa024e000f9e452daabe0c\nReviewed-on: https://review.monogon.dev/c/monogon/+/542\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "fb0fb6db2a30038fecea4500ffd4281ad510c1d3", "tree": "2d2e9a9457da5c50af1a30aa258e9c5d58ba8d15", "parents": [ "d9775a656cb709133407507b1e3a94793dd0ea49" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Feb 18 12:11:28 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 21 11:58:32 2022 +0000" }, "message": "m/n/c/rpc: implement Span/Trace\n\nThis is a first pass at implementing basic support for\nDapper/OpenTracing/OpenTelemetry-style tracing within Metropolis RPCs.\n\nMore precisely, this implements an API to expose an RPC-local Span to\nRPC handlers (unary and streaming). These Spans are currently backed by\na logtree logger, and aren\u0027t processed further (ie. there\u0027s no support\nfor child spans and carrying span information over the wire when\nperforming remote calls from an active Span). However, this allows us to\nat least start emitting Span Events and use them for debugging purposes.\n\nSince we don\u0027t yet have OpenTelemetry in our GOPATH, we reimplement a\nminimum subset of the Span type that should still be compatible with\nreal OpenTelemetry types. Once OpenTelemetry lands in our GOPATH (by way\nof it landing in k8s, for example), we\u0027ll move over to using the real\ntype instead. Then, we can also begin integrating with OpenTelemetry\nproper, ie. start sending traces over to collectors, start\ninjecting/extracing span information over gRPC, etc.\n\nAnother change on top of this one actually uses the Trace(ctx)\nfunctionality within the curator - this is just the library\nimplementation.\n\nChange-Id: I85506303538aacc137a28828ab39ccfd9ff72924\nReviewed-on: https://review.monogon.dev/c/monogon/+/541\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "d9775a656cb709133407507b1e3a94793dd0ea49", "tree": "c836f791e5bd2c3e737f43fce279f0b803384006", "parents": [ "17c4c8bb0feaa0395b31757c8186521ec3c0d723" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Feb 15 13:28:55 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Feb 15 20:10:48 2022 +0000" }, "message": "m/p/logtree: implement WithAddedStackDepth\n\nThis is a prerequisite to easily pass over trace-based events into\nlogtree. It allows a testing/Test.Helper()-like mechanism to skip some\nstackframes within a call tree to the logger in order to log pertinent\nlog origins instead of a wrapper.\n\nChange-Id: Ida9732f8505ff4a400e689045bea318a185f7983\nReviewed-on: https://review.monogon.dev/c/monogon/+/538\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "17c4c8bb0feaa0395b31757c8186521ec3c0d723", "tree": "abcc2f8419659ac3f9dcb55a1c0c3de43f4008f0", "parents": [ "b6a9d3c613847de99be456f17c6b18cc4d1c4e63" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 01 12:59:47 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 08 13:06:05 2022 +0000" }, "message": "m/n/b/fwprune: adapt to fsspec and use\n\nThis modifies the fwprune tool to generate fsspecs instead of making\ncopies and makes it take a list of paths for suffix matching instead\nof a directory as input. It also adds the fsspec_linux_firmware rule\nwhich uses the utility to actually build a partial fsspec. Finally it\nintegrates the linux-firmware external repository and uses that rule\nto ship firmware in Metropolis.\n\nChange-Id: I0552995105eda84e63d7259040ad36d794079308\nReviewed-on: https://review.monogon.dev/c/monogon/+/534\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "b6a9d3c613847de99be456f17c6b18cc4d1c4e63", "tree": "65aa9692174230796bfcc30aba663d5063190d6b", "parents": [ "26d5225a142057b6eb04cff9ba86173a6682b626" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 27 18:56:20 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 08 13:06:05 2022 +0000" }, "message": "m/n/build: implement new fsspec infrastructure\n\nThis makes the node_initramfs and erofs_image use the new common fsspec\ninfrastructure. It also adds the fsspecs attribute to both which can\nlater be used to add arbitrary fsspecs.\n\nChange-Id: I384e04712c0a70f82c5c975911cbb1d0d5e6cabc\nReviewed-on: https://review.monogon.dev/c/monogon/+/530\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "26d5225a142057b6eb04cff9ba86173a6682b626", "tree": "8b5d8b35d0cd629d467b1e01200c2f12a950a588", "parents": [ "cc078df2124306799c66786833746999259ea792" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 07 15:57:54 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Feb 08 13:00:46 2022 +0000" }, "message": "m/p/supervisor: implement sub-loggers\n\nThis permits logging from a runnable into a logtree sub-DN that is not\nbacked by an actualy child runnable. For example, \u0027root.foo\u0027 can request\na SubLogger with name \u0027bar\u0027 to emit logs into \u0027root.foo.bar\u0027.\n\nThis is in preparation for logging RPC calls within supervised\nrunnables, but can also come in handy in other situations where we\u0027d\nlike to log to separete \u0027topics\u0027 within a single runnable.\n\nThis breaks 1:1 correspondence between logtree DNs and supervisor DNs.\nAn alternative would be to introduce extra \u0027tags\u0027/\u0027topics\u0027 eg\nroot.foo:bar, but that would require encoding extra logic to the\nlogtree. However, that would perhaps allow us to introduce higher\ncardinality child loggers, with a logger per RPC. We\u0027ll have to consider\nthis at some later point.\n\nLet\u0027s see where this takes us, there\u0027s a chance we\u0027ll roll this\nback if it\u0027s too confusing from an UX point of view.\n\nChange-Id: Ibdee5c2b400bb8fce76b0a4f781914748793db0e\nReviewed-on: https://review.monogon.dev/c/monogon/+/536\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "cc078df2124306799c66786833746999259ea792", "tree": "43807fcfec2196430b4bd4def124dad2231451db", "parents": [ "8c2c771a750f30b3edf240fc8352e777795e989b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 23 11:51:55 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Feb 02 14:07:37 2022 +0000" }, "message": "m/n/kubernetes: implement Metropolis authenticating proxy\n\nThis implements an authenticating proxy for K8s which can authenticate\nMetropolis credentials and passes the extracted identity information\nback to the Kubernetes API server. It currently only handles user\nauthentication, machine-to-machine authentication is still done by the\nAPI server itself. It also adds a role binding to allow full access\nto the owner as we do not have an identity system yet.\n\nChange-Id: I02043924bb7ce7a1acdb826dad2d27a4c2008136\nReviewed-on: https://review.monogon.dev/c/monogon/+/509\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "8c2c771a750f30b3edf240fc8352e777795e989b", "tree": "f7a30cb1af95485dd83998ca674d89ceffeea4b9", "parents": [ "e2bf5742fe984bfb920fcb8b745bb0c6ac4de4db" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jan 25 19:42:21 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jan 31 16:31:41 2022 +0000" }, "message": "m: enable dm-verity rootfs\n\nThis makes all the existing EFI unified kernel images boot from a\ndm-verity rootfs.\n\nChange-Id: Iac05942e40b81825252e84feb5c79c8ff215680a\nReviewed-on: https://review.monogon.dev/c/monogon/+/527\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "e2bf5742fe984bfb920fcb8b745bb0c6ac4de4db", "tree": "1ff6d79fe3c2b237e6c6e15d6e1c0ac93b7244ba", "parents": [ "ba1da9d64dddec392fd2ae8b495d339f4fe41883" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jan 25 19:36:08 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jan 31 16:31:33 2022 +0000" }, "message": "m/n/build: implement verity_image rule\n\nverity_image provides a dm-verity target image together with its\nmapping table.\n\nChange-Id: I3a16dbae0c25130fdec16aec136792b7236c30e2\nReviewed-on: https://review.monogon.dev/c/monogon/+/526\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "ba1da9d64dddec392fd2ae8b495d339f4fe41883", "tree": "45de7129c77f263721e1a78cde453d11f49899cf", "parents": [ "8ed99764d8bd692f31e84c1ffed8b86df7bca2d6" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jan 25 19:12:02 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jan 31 08:34:28 2022 +0000" }, "message": "m/n/b/mkverity: produce a combined image\n\nmkverity was updated to output a copy of the source image, with Verity\nmetadata appended to it, instead of a separate hash image. This is\nneeded by the upcoming verity rootfs implementation.\n\nChange-Id: I2a311da6851dabf5a09d77551dc3e9d35bcc845f\nReviewed-on: https://review.monogon.dev/c/monogon/+/525\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "8ed99764d8bd692f31e84c1ffed8b86df7bca2d6", "tree": "65048c7c5fb8727941a8279a5a95e0e7b83ca391", "parents": [ "e803fc1e34e349ebdd61e174b0e63c1eeea98d5a" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jan 25 19:02:22 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jan 31 08:34:16 2022 +0000" }, "message": "m/n/b/mkpayload: init\n\nmkpayload is an objcopy wrapper meant to perform actions that neither\nthe buildsystem or objcopy could perform by themselves. This is needed\nby the upcoming dm-verity rootfs integration.\n\nChange-Id: I8ad097a1ad26bec0fb2db4f8b14e75a1b038f8fb\nReviewed-on: https://review.monogon.dev/c/monogon/+/524\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "e803fc1e34e349ebdd61e174b0e63c1eeea98d5a", "tree": "5e76224defdb77441c1750029ab36665a99c2caa", "parents": [ "4c326027feb8b02f5ea0497cd6d2e9ac3956c70a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jan 25 14:58:24 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Jan 26 10:10:45 2022 +0000" }, "message": "m/n/core: verbose logging to tty0 and ttyS0\n\nhttps://review.monogon.dev/517 broke console logging in Nodes, this\nre-enables it by explicitly logging to all available consoles instead of\njust using whatever we get as stderr.\n\nChange-Id: I3ffde421f1ac07492a1bc3293c31f934f602aefb\nReviewed-on: https://review.monogon.dev/c/monogon/+/523\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "4c326027feb8b02f5ea0497cd6d2e9ac3956c70a", "tree": "edd54f05bcac497fadda5cf322cd22e1d7eff67b", "parents": [ "075465c4f4437d6bcd0326cd673aedf2b5bbc686" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 25 13:42:45 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 25 16:57:03 2022 +0000" }, "message": "metropolis/node/build: prepare fsspec for use in initramfs\n\nThis moves fsspec up into the node build directory as it\u0027s going to be\nused in multiple tools (like mkinitcpio) in the future. It also adds\nspecial files support to it as that\u0027s going to be required at least for\ninitramfs support but it may prove useful for erofs as well.\n\nChange-Id: I8d559bb761b4da350c0070b23b5ab393ba6e9872\nReviewed-on: https://review.monogon.dev/c/monogon/+/521\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "075465c4f4437d6bcd0326cd673aedf2b5bbc686", "tree": "057c78acaff2b9f9770bbed6f225dd6f0468e8e3", "parents": [ "0e057feb0b5c932e1b86ba769ad92bfc9bfdcd65" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 16 15:38:49 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Jan 25 14:27:03 2022 +0000" }, "message": "m/t/launch: multi-node launches, prefixed stdout\n\nThis reinstantiates //:launch-test2, with some small fixes for usability\n(prefixed stdout and GetNodes retries to handle cluster connectivity\nissues as the cluster grows).\n\nWe also drive-by port //:launch-test2 and //:launch to use the new and\nshiny clicontext package.\n\nChange-Id: I62a1d827b2087f1173abf19e792a2088dc8b80bb\nReviewed-on: https://review.monogon.dev/c/monogon/+/485\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0e057feb0b5c932e1b86ba769ad92bfc9bfdcd65", "tree": "f4ee473eacbf446c85f553ad417a8e4902c07bb7", "parents": [ "87bf0bf46c83f3a59536f577171985b4fa1db1eb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 16:19:10 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 19:51:25 2022 +0000" }, "message": "metropolis: use hybrid consoles\n\nThis enables two consoles, one on the serial port and one on the\non-screen EFI framebuffer, if it exists. It also enables quiet mode\nwhich stops Linux from logging purely informational messages to\nthe console making it hard to see our own output.\n\nChange-Id: I25499a1dda8cf0c566878ac24877bf19b64ddda6\nReviewed-on: https://review.monogon.dev/c/monogon/+/517\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "87bf0bf46c83f3a59536f577171985b4fa1db1eb", "tree": "2d1e3dc9ba4346a3ee79fb7e70727b973ad2aab0", "parents": [ "73c3fc11b053505a50c29feee878eee0ee2608a2" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 14:27:36 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 16:46:06 2022 +0000" }, "message": "m/n/core/network/dhcp4c: fix logic bug in DNSServers\n\nThis previously accepted all non-undefined (0.0.0.0) IPs as servers on\naccount of the `|| ip4Num !\u003d 0` in the condition. That\u0027s unnecessary\nanyways, so let\u0027s drop it.\nWhile we\u0027re in there I also changed the deduplicating map from a\nmap[uint32]struct{} to a map[uint32]bool, making the code a bit shorter.\n\nChange-Id: Ic15cb96217a300913ebc58580d4314a6449da923\nReviewed-on: https://review.monogon.dev/c/monogon/+/516\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "73c3fc11b053505a50c29feee878eee0ee2608a2", "tree": "848b4bcf51a81fdb6d5780e43ccb7329ce7ecd5c", "parents": [ "8b786897cc419483fa586fd620c3d725d7bd6a95" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 14:24:11 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 16:46:06 2022 +0000" }, "message": "m/n/core/network: fix mistake in requested DHCP options\n\nThis previously requested NameServer (option 5), not DomainNameServer\n(option 6), which meant that on DHCP servers only returning explicitly-\nrequested options we got no DNS servers. While we\u0027re in there also add\nClasslessStaticRoutes to the requested options as a hint that we can now\nprocess that option.\n\nChange-Id: I738c33abbf572c2b7da4e36d4a6cae5b971c830c\nReviewed-on: https://review.monogon.dev/c/monogon/+/515\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "8b786897cc419483fa586fd620c3d725d7bd6a95", "tree": "1e4f582b8c2272b73970e4727171175320aeab7c", "parents": [ "57d06a7cfa461f367d4362ccecf4a2d66068a1f9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 14:21:16 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 16:46:06 2022 +0000" }, "message": "m/n/core: only warn if no TPM 2.0 has been found\n\nCurrently the TPM is basically unused. The only user is the generator of\nnode and cluster unlock keys, which get fed with both TPM and local entropy\nwhich marginally increases security.\nThis converts a missing TPM 2.0 into a warning and falls back to generating\nboth of those keys purely with Linux entropy, allowing Metropolis to boot\non hardware without a TPM 2.0.\n\nChange-Id: I910f9768ede554e5ec2c3a35079a6799d1ee9c8c\nReviewed-on: https://review.monogon.dev/c/monogon/+/514\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "57d06a7cfa461f367d4362ccecf4a2d66068a1f9", "tree": "b7ba9bd74e49faf8965b70bb7a4ee75632ed7b00", "parents": [ "8cde7ae0efa7dbef5d4d17759df5fd0a274db6fc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 14:12:27 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 15:41:41 2022 +0000" }, "message": "m/n/installer: wait for ESP block device to show up\n\nIn real-world hardware disks do not always show up before the kernel\nlaunches the init process. Wait up to 30s for the ESP to show up before\naborting because of that.\n\nChange-Id: I3f7972e699a06d6f9d0333fe0ae3355ae3ce9c73\nReviewed-on: https://review.monogon.dev/c/monogon/+/513\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "705a4025b3a28f5ddc5c62d40d3011437a0199f0", "tree": "2212a99e1dd855e14160e6acae7d4f102484ac73", "parents": [ "edffbb5a67e79fdb075c382995eaa0b52a16bfdd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 23 11:51:06 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jan 12 15:21:36 2022 +0000" }, "message": "m/c/metroctl: add k8s credentials plugin\n\nThis adds a command implementing the K8s client-go credentials\ninterface. It provides Metropolis credentials to Kubernetes clients\nlike kubectl for use with an authenticating proxy being added later.\n\nChange-Id: I11d29f80134c2ec0839f0619eaebc4a4bb2aa3e0\nReviewed-on: https://review.monogon.dev/c/monogon/+/508\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "edffbb5a67e79fdb075c382995eaa0b52a16bfdd", "tree": "7941e1dfb40d13b00dbcd1071c3e7ecfdaee3963", "parents": [ "950c26d52a08499ebf45ee2b4b0e46d3bea66dee" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jan 11 15:27:22 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Jan 12 15:20:32 2022 +0000" }, "message": "m/{t,n}/installer: move to m/installer\n\nChange-Id: I8fd15f1fa1e151369df251d1469e84cfeffd26fd\nReviewed-on: https://review.monogon.dev/c/monogon/+/510\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "950c26d52a08499ebf45ee2b4b0e46d3bea66dee", "tree": "d552fe348af22d24b0897ac1ecc0b001d9bf4786", "parents": [ "cdcc739c88c98e1e174dda4094362c4d9a70db18" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Dec 22 18:56:15 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jan 10 13:06:50 2022 +0000" }, "message": "m/b/fwprune: init\n\nThis adds a utility to filter out firmware that\u0027s actually used by the\nkernel builtins.\n\nChange-Id: If622ee8c5b056c9a75f1ca97bb1e40ae62cdf722\nReviewed-on: https://review.monogon.dev/c/monogon/+/506\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "cdcc739c88c98e1e174dda4094362c4d9a70db18", "tree": "8af9ddccecaa419d98df0442548b11c858f3e3a1", "parents": [ "9a66b18b911e4551c708b4b4fffbe9e89f19d232" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Dec 08 15:34:53 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jan 03 11:37:58 2022 +0000" }, "message": "m/n/installer: reboot on fatal errors\n\nCurrently irrecoverable errors are handled by log.Fatal, which calls\nos.Exit after printing the error message. As this kills the init\nprocess, it leads the kernel to panic and print a long call trace,\nobscuring the true cause of trouble. The kernel then reboots\nimmediately, as it is configured to do so, making it impossible to\nread the logs off the screen when using a graphical console.\n\nThis patch makes the installer hang after displaying status\ninformation.\n\nChange-Id: Ib6a7582b621fd5072e636242f8279be2a831c3f3\nReviewed-on: https://review.monogon.dev/c/monogon/+/488\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1de8b1845e75dc1e020df21b997b2d6fc66fb65e", "tree": "4a41005b1931aa13c3ed4a1b0732de31482a6eb8", "parents": [ "367f759f54e59b24b55024c8070513f9f7e6f4c1" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Dec 21 17:15:18 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Dec 22 15:57:16 2021 +0000" }, "message": "m/node: pass node identity into k8s\n\nThis plumbs through the node identity to K8s as an identity.Node\nobject and gets rid of the os.Hostname invocation that passed around\nthis data out-of-band. It also changes everything in its path to use\nthe newer identity.Node object instead of a plain string so that the\nMetropolis Identity CA is more accessible.\n\nChange-Id: I6db8e1db7e333c0ea364aefd61c27bf50acc25f3\nReviewed-on: https://review.monogon.dev/c/monogon/+/505\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "367f759f54e59b24b55024c8070513f9f7e6f4c1", "tree": "453db92ef4a6d443ffe125b1ed30302cfda992a8", "parents": [ "13050ef7ba39455bd519971221a332eb5c0fcbd6" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Dec 20 18:13:31 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Dec 20 23:32:39 2021 +0000" }, "message": "m/t/installer: re-add a missing import\n\nChange-Id: I8c881aa6f23de5bf985e7015e0e649eafa094b10\nReviewed-on: https://review.monogon.dev/c/monogon/+/504\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "dc1bec4fd5d6b43d2218f466955720b911cefb17", "tree": "ddcc7e89eb8839a8353b83a54046e7553d73f095", "parents": [ "97783222fe1b7585af74ee58206b0f614da68975" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Dec 16 17:38:53 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Dec 17 13:45:19 2021 +0000" }, "message": "m: *: reformat imports\n\nReformat done by goimports with the following patch applied: https://go-review.googlesource.com/c/tools/+/321409/ .\n\nChange-Id: If90ccd1bd087988425e4f74b7cf4e65c14112722\nReviewed-on: https://review.monogon.dev/c/monogon/+/489\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "97783222fe1b7585af74ee58206b0f614da68975", "tree": "1a21deb8bd9f51019a3d229e476b49d357356162", "parents": [ "e2e0371cd685fcfa600a9ad49b29c91fba4a1261" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Dec 14 16:04:26 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Dec 17 13:45:13 2021 +0000" }, "message": "m: {cli,installer}: runfiles through datafile.MustGet\n\nThis implements datafile, a small library to more ergonomically resolve\nBazel runfiles:\n\n1. It also works in cases where a tool doesn\u0027t run through `bazel run`.\n2. It provides a MustGet wrapper which returns already read bytes and\n removes some boilerplate at the callsite.\n3. It allows us to extend the library in the future to prepare special\n \u0027self-contained\u0027 builds of some binaries, for example to bundle the\n installer kernel in metroctl.\n\nWe then use this library to simplify the installer and installer tests.\nIn the installer, we technically remove the ability to specify arbitrary\nkernels/bundles on the command line, but is this functionality actually\nuseful?\n\nChange-Id: I46155b9951729c810e0d36930b470edfdfd82943\nReviewed-on: https://review.monogon.dev/c/monogon/+/484\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "e2e0371cd685fcfa600a9ad49b29c91fba4a1261", "tree": "62d988e1a7f44cbb8fca5315ec59002f6b023c1d", "parents": [ "098a863707da49b0338df29bb0c25826e027d0b5" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Dec 17 12:47:03 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Dec 17 13:45:05 2021 +0000" }, "message": "m/t/installer: stream qemu output in harness\n\nThis allows the installer to hang forever in error cases instead of\nhaving to reboot.\n\nChange-Id: I328524727718e160ae8d6928b6d8b4921f7e036f\nReviewed-on: https://review.monogon.dev/c/monogon/+/490\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "098a863707da49b0338df29bb0c25826e027d0b5", "tree": "8a7c2c4b1535fca9d23169ee42d2521d42723707", "parents": [ "f05e80af8721a0b0ccf5425c4775695d84d09fdf" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Dec 08 15:51:24 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Dec 16 17:04:15 2021 +0000" }, "message": "m/t/installer: deflake by silencing kernel logs\n\nThe installer test was failing due to the success flag getting broken\nin two by the kernel logs, like this:\n\u003eTestOS launched successfully! _TESTOS_LAUNCH_SUC[ 0.963289] kvm:\n\u003eexiting hardware virtualizationCESS_\n\nThis change addresses this problem by setting an adequate loglevel for\nboth the installer and testos kernels.\n\nm/t/installer/BUILD.bazel now defines its own unified kernel image\ntarget with a custom kernel cmdline needed for test purposes.\n\nChange-Id: I43547b6c81f8a1ebc4facb841a600b155af581df\nReviewed-on: https://review.monogon.dev/c/monogon/+/464\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f05e80af8721a0b0ccf5425c4775695d84d09fdf", "tree": "1f4f15962293b345b02ae66e588a9aad35ce2be3", "parents": [ "a9b455f2be1fb9dbda3217adb69bc0076113a814" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 12 11:53:34 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Dec 16 16:32:51 2021 +0000" }, "message": "m/n/core/consensus: refactor for reliability and multinode support\n\nThis implements a big refactor of our consensus service/runnable.\n\nFirst, we move away from the old bespoke API for retrieving the\nconsensus status (and consensus clients) into using Event Values, as the\nrest of the codebase does.\n\nSecond, we move away from the bespoke PKI library used to generate\ncertificates in-memory and then commit them to etcd into using the\nstandard metropolis pki library. We then change the bootstrap process to\nstart a PKI-less etcd instance first, generate the PKI data directly on\nthe running instance, and then restart into a fully PKI-supporting etcd\ninstance.\n\nWe also move away from using etcd-specific private keys into reusing the\nnode\u0027s private key. This makes management slightly easier, but reviewers\nshould consider the security implications of this change.\n\nFinally, we implement and test multi-member cluster support, which is\ndone by exposing an AddNode method to the newly exposed status, and a\nJoinCluster option in the node configuration.\n\nChange-Id: Iea2bf6114cb699d3792efd45d06de2fa5a48feb1\nReviewed-on: https://review.monogon.dev/c/monogon/+/466\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a9b455f2be1fb9dbda3217adb69bc0076113a814", "tree": "aa8484f4e163e02c2c7a80d8e6eeba993416a616", "parents": [ "9e7961b7be5a87aca8bdf6bacb1675625348c883" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Dec 07 03:53:22 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 16 12:00:23 2021 +0000" }, "message": "m/c/metroctl: add takeownership command\n\nThis add a simple command to take ownership of a cluster previously\ninstalled using metroctl install. It calls the newly-formed cluster and\nretrieves a signed owner certificate for the owner key and stores that\nto disk for further use by metroctl.\n\nChange-Id: Ibd2771c571bda41270c3bbb110105f4f8f5b118d\nReviewed-on: https://review.monogon.dev/c/monogon/+/463\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "9e7961b7be5a87aca8bdf6bacb1675625348c883", "tree": "f9688e8dcbaa94db8ecc7be416ab490ecc5e357f", "parents": [ "78e590504a86b38b313bdc6463cdda81f5dc8479" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Dec 15 18:47:31 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 16 12:00:23 2021 +0000" }, "message": "m/node: add PortString method\n\nThis adds the PortString method to Port type as Go very commonly handles\nports as strings. Doing the conversion there avoids littering the\nint-to-string conversion all over the place.\n\nChange-Id: I7b077f697be49ac80fd81fd6d78c25080c9d7b75\nReviewed-on: https://review.monogon.dev/c/monogon/+/487\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "78e590504a86b38b313bdc6463cdda81f5dc8479", "tree": "c4f1e6477a77ddb6a5c42f0d7dd93efb3a5ea738", "parents": [ "fdb7322f8a9061c6c57c89ee1fb4b754589802e7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Dec 15 18:46:18 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 16 12:00:23 2021 +0000" }, "message": "m/c/p/context: add CLI context package\n\nThis adds a package for getting contexts useful in a CLI application.\nThe context inherits from a parent (usually contxt.Background in CLIs)\nand is cancelled when the user cancels the application by interrupting it\n(most commonly by pressing Ctrl+C, but sending a SIGINT will also do).\n\nChange-Id: Ibfeee17f3f6284745d3fbf3395d4b3ca9805258f\nReviewed-on: https://review.monogon.dev/c/monogon/+/486\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "fdb7322f8a9061c6c57c89ee1fb4b754589802e7", "tree": "4590b3e79ba54e670c46642be4bd6e689231b150", "parents": [ "6c35e97e7da34dd8497f4d40172ecf745448ad21" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 13 05:19:25 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 16 11:57:45 2021 +0000" }, "message": "m/n/c/n/dhcp4c: support route configuration (including RFC 3442)\n\nThis implements support for configuring routes other than the default\nroute via our DHCP client. It extends the DHCP lease interface with a\nmethod to return canonicalized routes from a lease containing Router,\nStaticRoute or ClasslessStaticRouting options.\nIt also extends and renames the former ManageDefaultRoutes callback into\nManageRoutes and makes it use the new canonicalized routing data instead\nof just the default router.\n\nChange-Id: Ie6ec20d67c0e9cdfa6be088324b42e0d811e81e9\nReviewed-on: https://review.monogon.dev/c/monogon/+/482\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "6c35e97e7da34dd8497f4d40172ecf745448ad21", "tree": "17e023a1849f629a641c43eff27e4dfdc7a9c04a", "parents": [ "999e1db0130f148ac6e79e1acbb5ee68db1dcb64" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Dec 14 03:08:23 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Dec 14 11:27:13 2021 +0000" }, "message": "metropolis: align EFI partition layout\n\nThis moves non-EFI-related data inside the ESP from under the EFI\nsubdirectory to the root. The data moved is never accessed from EFI and\nthus shouldn\u0027t be under the EFI folder. This also aligns localstorage\nwith the new layout as previously it and osimage didn\u0027t agree on a\nspecific layout, indirectly breaking the installer.\n\nChange-Id: I36bdc9782e181dafab40aaa85cc0b4eaf2448f6e\nReviewed-on: https://review.monogon.dev/c/monogon/+/483\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "999e1db0130f148ac6e79e1acbb5ee68db1dcb64", "tree": "570784da91193e279b2777b809d6c4be55aa120e", "parents": [ "e78a08987e48aa5d9f77954886b7cc544f218638" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 30 20:37:38 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Dec 09 17:51:43 2021 +0000" }, "message": "m/p/pki: implement CRLs\n\nThis implements revokation and CRL watching functionality in the main\nmetropolis PKI library, in preparation for use in the consensus library\n(which has full CRL support). In the future, this should also be\nextended to be used in Metropolis authentication/authorization.\n\nThis also introduces a breaking change by changing the layout of etcd\nstorage for the PKI library - but we\u0027re pre-MVP, so this is fine.\n\nChange-Id: If0775f5447a76949d8498d8853dd7b9c03e0e6dc\nReviewed-on: https://review.monogon.dev/c/monogon/+/465\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e78a08987e48aa5d9f77954886b7cc544f218638", "tree": "77d91020801cf19d2979db69495e40f3aeb889d5", "parents": [ "957c5b142abf8976c212ae013e6c36c4ff80f6c8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 07 17:03:49 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Dec 09 17:51:43 2021 +0000" }, "message": "m/n/c/cluster: implement register flow\n\nChange-Id: I197cbfa96d34c9912c7fc19710db25276e7440fc\nReviewed-on: https://review.monogon.dev/c/monogon/+/454\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "957c5b142abf8976c212ae013e6c36c4ff80f6c8", "tree": "31094f33eb84f70c5c1c2310f6d9dfe683847ef4", "parents": [ "a554528f7b9658e283efae618eb474d9161e0be1" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sat Dec 04 01:34:40 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Dec 09 12:11:28 2021 +0000" }, "message": "m/node: add image_gcp rule\n\nChange-Id: I224c551d13d939ade56ddef7a7b9f5c30f7b6cff\nReviewed-on: https://review.monogon.dev/c/monogon/+/461\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a554528f7b9658e283efae618eb474d9161e0be1", "tree": "443119f6281b390418a589b25864d8a0b99b72df", "parents": [ "612a0335e94100137d8d95cbaf43da328bfb2e80" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sat Dec 04 23:29:44 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Dec 08 19:29:07 2021 +0000" }, "message": "m/n/c/cluster: retrieve node parameters from GCP metadata\n\nThis allows configuration via GCP instance metadata.\n\nChange-Id: I56609019cef998aa779c5a602232767b920a9721\nReviewed-on: https://review.monogon.dev/c/monogon/+/462\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "612a0335e94100137d8d95cbaf43da328bfb2e80", "tree": "839adcb5b38bbf92f5bad000b44816499e324fa0", "parents": [ "290436425ac7e9f9c3a9c5a79520b48c623c95bd" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Nov 17 20:04:52 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Dec 08 17:36:42 2021 +0000" }, "message": "efivarfs, osimage: fix boot entry handling\n\nefivarfs was updated to handle partition UUIDs in the mixed-endian\nformat [1], enabling it to produce correct boot entries. Its interface\nwas changed in the process, leading to further changes in osimage.\n\nIn addition, BootEntry.Marshal will replace any backslash with a\nforward slash in the EFI executable path.\n\n[1] https://en.wikipedia.org/wiki/Universally_unique_identifier#Encoding\n\nChange-Id: Ib8300e01fd1664d0c08bb033b1dc36addb925b20\nReviewed-on: https://review.monogon.dev/c/monogon/+/456\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8f72b5ddae45109331258cea8af0662a608c1123", "tree": "00525a79ad1d4a0baa8e59a5aebae7767a5616d7", "parents": [ "02d69e99f0c8ccdd9f53e5bc6c2a5e4ee26cbd83" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Dec 03 17:08:59 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Dec 07 12:13:07 2021 +0000" }, "message": "coding style: fix error strings\n\nThe way errors are passed to log was changed according to [1].\n\n[1] https://github.com/golang/go/wiki/CodeReviewComments#error-strings\n\nChange-Id: I75194557d4f3b2f9f5e286a40fe4f0a4648eb71f\nReviewed-on: https://review.monogon.dev/c/monogon/+/458\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "02d69e99f0c8ccdd9f53e5bc6c2a5e4ee26cbd83", "tree": "55c4d4efbb2c39c822f16cd988f153f6c9ba6694", "parents": [ "8cde8e70f3705cfdb6fa8ab298919df77ad9022d" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Dec 03 17:21:38 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Dec 06 12:27:04 2021 +0000" }, "message": "m/p/verity: add a missing copyright notice\n\nChange-Id: I330c3bf748c25b44a0616147b430b051bb8a5f99\nReviewed-on: https://review.monogon.dev/c/monogon/+/459\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "8cde8e70f3705cfdb6fa8ab298919df77ad9022d", "tree": "83ce4f31e258d31628241c4872d7f188e22d90f7", "parents": [ "0b93c8d162d9772b124a8f9d586317765bcd7de4" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Nov 30 16:22:20 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Dec 06 12:26:53 2021 +0000" }, "message": "m/t/installer: resolve deps with bazel.Runfile\n\nChange-Id: Ie69b8b6ef12028264d1c396dacb3c00be795ad44\nReviewed-on: https://review.monogon.dev/c/monogon/+/455\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "0b93c8d162d9772b124a8f9d586317765bcd7de4", "tree": "33a17e3388d222a0506a3f630658cace335c172c", "parents": [ "f8ede09aea5ecd9b90213e09efd75210ce0a043c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 03:58:40 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 30 23:00:04 2021 +0000" }, "message": "m/{t,n}/installer: use bundles and test install\n\nThis makes the installer use actual bundles and uses TestOS bundles\nto test the installation process end-to-end.\n\nChange-Id: I64fa412032796d7d7633e9944dbae727d90a863e\nReviewed-on: https://review.monogon.dev/c/monogon/+/433\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "f8ede09aea5ecd9b90213e09efd75210ce0a043c", "tree": "05e175a58fc980c13fe50df879dd157dc4e77723", "parents": [ "dcfc6787c736ae3461138224a33c5d5c560df2ff" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 08 20:50:57 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 30 22:29:22 2021 +0000" }, "message": "m/c/metroctl: use in-tree artifacts if called using bazel run\n\nThis allows for not specifying a bundle or installer and instead\ntaking them from the current build if running under bazel run.\nSo bazel run //metropolis/cli/metroctl -- install will automatically\nbuild and use the bundle and installer. This just changes the defaults,\nif you manually specify installer and/or bundle these are still\nrespected.\n\nChange-Id: I0676c9b28308544712c06881ad6ace2dba4cab2c\nReviewed-on: https://review.monogon.dev/c/monogon/+/425\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "dcfc6787c736ae3461138224a33c5d5c560df2ff", "tree": "5ce2f2719c320e0f77aa5c667ed8221e27a39ca2", "parents": [ "43e2107d9b76e8c1df0974c3125878ca64f2bb61" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 30 05:27:48 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 30 19:38:46 2021 +0000" }, "message": "build/proto_docs: add proto documentation generator\n\nThis adds an HTML documentation generator for our Protobuf files.\nIt consists of a new Bazel rule `proto_docs` which wraps protoc-gen-doc.\nprotoc-gen-doc itself and go-proto-validator which it includes need\nsome light patching because of dumbness in the Go Proto ecosystem that\ndoesn\u0027t exist in our Bazel build.\n\nThis just hooks up everything, it does not yet do anything custom like\nannotating our own authorization metadata or similar.\n\nChange-Id: If6fd7c777210fea700e49242b5339cfafe7c030d\nReviewed-on: https://review.monogon.dev/c/monogon/+/452\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "43e2107d9b76e8c1df0974c3125878ca64f2bb61", "tree": "3dbf072846ba3439240043f6f2f161f02d18ec50", "parents": [ "cb2dcf6c3ffa2d50293faa1708fad975ea237afa" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Oct 08 18:05:29 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Nov 30 15:09:01 2021 +0000" }, "message": "m/{n,t}/installer: init\n\nThis adds partial implementation of the installer [1].\n\nIt needs to be integrated with the installer bundle to become\nfunctional.\n\n[1] https://github.com/monogon-dev/monogon/issues/44\n\nChange-Id: I6223e50dc02bc1ad1a8d1351b556ecba43f30a2f\nReviewed-on: https://review.monogon.dev/c/monogon/+/408\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "764a2de7911a42d57720911332a12895f0aad707", "tree": "dd0e31cee8fb5c753a762462e9eb16f776c3ec73", "parents": [ "e65731049afb6fd49da80f064fa40a28c9d5741d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 22 16:26:36 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 22 20:39:51 2021 +0000" }, "message": "tree-wide: rewrite ioutil functions to their replacements\n\nThe ioutil package has been deprecated in Go 1.16 [1]. This CL removes\nall our own users of that package and rewrites them to use their\nreplacements in the os package. I initially wanted to do this with a\ngofix but because all replacements were signature-compatible I just\ndid it with a few string replaces and then ran goimports to fix up the\nimports.\n\nI intentionally didn\u0027t rewrite the patches as that would require a\ndifferent process and is IMO of less value.\n\n[1] https://github.com/golang/go/issues/42026\n\nChange-Id: Iac6663a1f1ee49f9b1c6e4b3d97e73f2c3b54a13\nReviewed-on: https://review.monogon.dev/c/monogon/+/449\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "e65731049afb6fd49da80f064fa40a28c9d5741d", "tree": "21dcad96d01c15fe0d0044c6ff72fbc18ab9105a", "parents": [ "c71efc9d3b6c9d626e752ec5e17ea6893a3fbe34" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 02 14:15:37 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 22 12:55:56 2021 +0000" }, "message": "m/c/metroctl: add MVP disk/image-only installer\n\nThis adds a very minimalist metroctl install command.\nOnly supports boostrapping and a single owner key.\nBut good enough to set up a node.\n\nChange-Id: I9306a054b9540a3a0c70621f3f5d9cb34fc18d14\nReviewed-on: https://review.monogon.dev/c/monogon/+/417\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "c71efc9d3b6c9d626e752ec5e17ea6893a3fbe34", "tree": "00fc1385013f39898a3cdada31695de69a42a838", "parents": [ "a7d65e1e672f996746084afd679869518a4a2b42" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Sep 07 16:46:25 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 22 12:05:56 2021 +0000" }, "message": "n/b/mkimage/osimage: init\n\nCommon parts of mkimage were moved to osimage.\n\nmkimage remains in use as a frontend to osimage, with backward\ncompatible use semantics.\n\nChange-Id: I08c1c44afdf7bf0c07333ab3c6bbebf53ff4d0db\nReviewed-on: https://review.monogon.dev/c/monogon/+/324\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "a7d65e1e672f996746084afd679869518a4a2b42", "tree": "13d6955bd78a589b68297916d9215062d3c10323", "parents": [ "030a551eb6a6faa99aa184a243acffcf7c74323e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 17:29:49 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 22 11:19:04 2021 +0000" }, "message": "m/n/c/curator: deflake leader election test\n\nThe check for proper leadership re-election was vulnerable to a race\nwhere it assumed optimistically that if a leader got re-elected, other\nnodes would have already established them as followers. This isn\u0027t\nalways the case, so we re-work the check to instead be a wait-until\nconstruct.\n\nChange-Id: I6326dad9a88f7b1ba61c218e37a73e868d722506\nReviewed-on: https://review.monogon.dev/c/monogon/+/448\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "030a551eb6a6faa99aa184a243acffcf7c74323e", "tree": "9e83f1af010b51383a69795a6143f1071d148d09", "parents": [ "cb1e4da5b3c1d2d5efa6a4495af40f8fc50c72ad" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 16:39:39 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 22 11:18:43 2021 +0000" }, "message": "m/n/c/curator: factor out node{Load,Save}\n\nThis removes some duplicated logic between RPC implementations.\n\nChange-Id: I3683ba11635a53f792def4d8dabddc09776ab427\nReviewed-on: https://review.monogon.dev/c/monogon/+/447\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "cb1e4da5b3c1d2d5efa6a4495af40f8fc50c72ad", "tree": "39b896bb35e4a4e55a03e8cff431018b8390737d", "parents": [ "1612d4b51f74e439d1efb4b8957d440d148035b7" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 11 16:42:52 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 22 11:18:43 2021 +0000" }, "message": "m/n/c/curator: implement Curator.CommitNode\n\nThis takes a node from STANDBY to UP. This is the last step required in\na node\u0027s registration flow.\n\nChange-Id: I6806e84abb862088335a76c42738db43aec75c62\nReviewed-on: https://review.monogon.dev/c/monogon/+/443\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "1612d4b51f74e439d1efb4b8957d440d148035b7", "tree": "c69d3d08b638ed54ef938a97166893e7b9779cf5", "parents": [ "5b60e581bdc1cd420a281e3a110367e310337850" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Nov 12 13:54:15 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 22 11:18:43 2021 +0000" }, "message": "m/n/c/curator: implement Management.ApproveNode\n\nThis takes a node from NEW to STANDBY. This is the second-to-last\nstep requires in a node\u0027s regsitration flow.\n\nChange-Id: I88f9c7d2cd824c7d3182195b784a725ec9528d28\nReviewed-on: https://review.monogon.dev/c/monogon/+/442\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "5b60e581bdc1cd420a281e3a110367e310337850", "tree": "f5bf40f16039a685243f04ea64e4d279b3ab41ac", "parents": [ "5611447f05c85eb5d0b7f7c5865911b1d560ef66" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Nov 10 19:57:17 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Nov 18 17:10:32 2021 +0000" }, "message": "m/p/efivarfs: add boot settings manipulation routines\n\nThis adds CreateBootEntry and SetBootOrder.\n\nBoth functions can be used to adjust EFI boot settings by writing to\nEFI variable files exposed through efivarfs.\n\nChange-Id: I0b1364357bcf1e8dabf24ef4046861924306e029\nReviewed-on: https://review.monogon.dev/c/monogon/+/436\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5611447f05c85eb5d0b7f7c5865911b1d560ef66", "tree": "19274d1fae7747027ad2758d3027f0e09b9c599e", "parents": [ "6cefe518de0b964db90c1b10d57b8be47aa4448e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 11 14:47:54 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 15:40:45 2021 +0000" }, "message": "m/n/c/curator: implement Management.GetNodes\n\nThis is a management call that provides detailed per-node details.\nCurrently it returns all information about all nodes, but can be then\nextended to allow filtering and selective/masked field retrieval.\n\nThis call is then used to implement a test which exercises\nCurator.NodeRegister and GetNodes.\n\nChange-Id: Ia093d9f03a4213b01acbb0fdac9714d8e7b02dd3\nReviewed-on: https://review.monogon.dev/c/monogon/+/434\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "6cefe518de0b964db90c1b10d57b8be47aa4448e", "tree": "c6ad847d934e0769c89c809e91077208f2a3adb3", "parents": [ "531e2c25995933a2e3110f5a53852bdbb5a2a39c" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 08 18:19:42 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Nov 18 15:13:32 2021 +0000" }, "message": "m/p/efivarfs: import the EFI boot entry data type\n\nThis imports marshal.go from the Softmetal project.\n\nThe complete MIT license under which it was released was added at the\nstart of the file. It was renamed to boot.go which better reflects its\npurpose in its current context. The implementation was adapted for\nMetropolis.\n\nChange-Id: I41d1b10bf5105c52fa7de7695def5b6f3a9b192e\nReviewed-on: https://review.monogon.dev/c/monogon/+/427\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "531e2c25995933a2e3110f5a53852bdbb5a2a39c", "tree": "b8b8dd9d56e6aebb9eaab8225e5f31fc999d8db3", "parents": [ "ed86976004c8a9d8d06e787ece3d59b04dba11f9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 17 20:00:05 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 18 14:12:47 2021 +0000" }, "message": "WORKSPACE: bump Linux to 5.15.2\n\nThis involves ripping out fsinfo because there now is quotactl_fd which\nhandles what we originally used fsinfo for. I also enabled a few new\ninteresting kernel features in the config like the Landlock LSM and\nKFENCE.\n\nChange-Id: Ic0a113893a437b2c8068d06984fdc386f34e6adb\nReviewed-on: https://review.monogon.dev/c/monogon/+/444\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "fbd38e280916f0883263cf0b566984d3fea4ff39", "tree": "44abb583a39606b61940523e873af4d92a787be4", "parents": [ "579015afff6be9d6c87c867b0645f254b9aeb2d8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 08 14:41:16 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 13:01:16 2021 +0000" }, "message": "m/proto: switch from CA pubkey to CA certificate in ClusterDirectory/Register\n\nA CA certificate is a strict superset of the public key, and using it\ninstead of a public key allows us to connect to the cluster securely by\nreusing standard/existing x509 CA auth, instead of having to implement a\ncheck based on just a public key.\n\nBackwards-incompatible proto change, but we\u0027re pre-MVP, and this flow is\njust being implemented.\n\nChange-Id: I014780a6ec3e5e8c6e81532531b18ad1438c8258\nReviewed-on: https://review.monogon.dev/c/monogon/+/424\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "579015afff6be9d6c87c867b0645f254b9aeb2d8", "tree": "9d561def0da0671c67fd6aaea2e128e8dc01b432", "parents": [ "ad5b47d816f50f8f63f65b63861adea811ed85e8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 13:20:20 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 12:34:46 2021 +0000" }, "message": "m/p/supervisor: deflake tests\n\nThis removes some poorly designed test code which attempted to\nsynchronize with a goroutine in a way that\u0027s unsound in Go\u0027s concurrency\nmodel. Instead of doing a non-blocking read and failing if there is no\nsending goroutine, we just block. Test timeouts will, in this case,\ncause the test to error out.\n\nChange-Id: I5338693c578c8eb8b494a1a651a04de6a54df15c\nReviewed-on: https://review.monogon.dev/c/monogon/+/445\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "ad5b47d816f50f8f63f65b63861adea811ed85e8", "tree": "a2009c5079c8306975dab490491f84900d8942c5", "parents": [ "516d300df9a34da5b39944017cebf1b11897e7a0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 13:52:56 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Nov 18 12:15:03 2021 +0000" }, "message": "m/t/i/testos: introduce stub os for installer tests\n\nTestOS is a tiny \"operating system\" which is packaged the exact same\nway as an actual Metropolis node but only outputs a single flag before\nexiting. It\u0027s used for decoupling the installer tests from the\nMetropolis Node code.\n\nChange-Id: I156ee05a6c54b831696aeadd207f2c20db65a25c\nReviewed-on: https://review.monogon.dev/c/monogon/+/432\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "516d300df9a34da5b39944017cebf1b11897e7a0", "tree": "b045662801001e5c53412baa6d744346892830f0", "parents": [ "c6c092be9c8774192867620d1df41c6014e20de1" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 01 00:05:41 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 16 14:39:15 2021 +0000" }, "message": "m/n/c/curator: implement Curator.RegisterNode\n\nThis is the \u0027Register\u0027 call from the cluster lifecycle design document.\nWe don\u0027t yet call it from node startup code, but we do exercise it in a\nCurator test.\n\nChange-Id: Ife617b148a25fc8aecb0ed15f78a758ca4538016\nReviewed-on: https://review.monogon.dev/c/monogon/+/423\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "c6c092be9c8774192867620d1df41c6014e20de1", "tree": "ea4b7ca337f1465bfb71298a578cee55977e96a1", "parents": [ "c2e3b1b7f29708fa136e9195645b31fce530c1f0" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Nov 09 13:09:37 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Nov 16 13:18:01 2021 +0000" }, "message": "m/p/efivarfs: init\n\nThis adds a package supporting efivarfs operations.\n\nChange-Id: Ib0d0713a121efaa0ecdd7e70d8c9d27f4697f958\nReviewed-on: https://review.monogon.dev/c/monogon/+/426\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "c2e3b1b7f29708fa136e9195645b31fce530c1f0", "tree": "94d45711f78c1c1cc859e251519838350ce91938", "parents": [ "44d2ad428573bb20ee6be4b957b1abbacad50fcb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 11 11:06:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 16 12:47:21 2021 +0000" }, "message": "WORKSPACE: bump rules_go go 0.29 and Go to 1.17.1\n\nThe changes to nogo are from rules_go being able to use go_library\ntargets as part toolchain definitions. gVisor needed to be bumped\nto be compatible with Go 1.17. It also needs a fix for us not having\nthe systemd cgroup controller.\n\nChange-Id: I058b5c68d97809a286fbe36df00e49e55874dfd5\nReviewed-on: https://review.monogon.dev/c/monogon/+/438\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "44d2ad428573bb20ee6be4b957b1abbacad50fcb", "tree": "441b11be3d9ac7dd6038f7a043055893403cf542", "parents": [ "8fda084b12ad482da4b76888078cc53bfd3c2e20" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Nov 10 17:05:34 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Nov 12 15:19:22 2021 +0000" }, "message": "m/cli/metroctl: reformat\n\nAnother annoying instance of my local gofmt/goimports having stronger\nopinions about code formatting than our CI. Really ought to synchronize\nthem together ASAP.\n\nChange-Id: Ia4b9a30be3c19c0fc755d7659f26e7233b4f4598\nReviewed-on: https://review.monogon.dev/c/monogon/+/435\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "f73d8a993251c8fda30ce665c7f4eabdb7a203e3", "tree": "80d1f94ce1be04bef15b4632083ad7e2745bbcb3", "parents": [ "80861fd796e8f32e2866fa3757ff92ee186a9e8f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 02 21:19:45 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 09 17:01:29 2021 +0000" }, "message": "m/n/c/network/hostsfile: implement\n\nThis implementes a dedicated runnable for maintaining hostsfile-like\nlocal state based on the node\u0027s local state and any possible cluster\ndata.\n\nThis needs to be able to be maintained by a single runnable regardless\nof the cluster enrolment process (bootstrap, register or join), and\nregardless of the state of enrolment (don\u0027t have networking data, only\nhave local networking data, have cluster state from any kind of\navailable cluster dialer).\n\nFor now this is just piped into the bootstrap logic and has no access to\ncluster data, but a planned revamp of the enrolment logic into the\nroleserver will fully integrate this with cluster information.\n\nChange-Id: Icc472a0da302109882c5a6d8b4e124a7b9af4813\nReviewed-on: https://review.monogon.dev/c/monogon/+/422\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "80861fd796e8f32e2866fa3757ff92ee186a9e8f", "tree": "3e02b5ce623b8d429f082a0e8f8a06fba546c163", "parents": [ "f758ce419a4a63261e4cacf8b8795a17d024df87" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 02 22:14:06 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 09 16:41:17 2021 +0000" }, "message": "m/n/c/curator: implement Watching NodesInCluster\n\nThis pipes etcd ranged watchers for nodes into a Curator RPC. This is to\nbe used by systems that need to compile information based on all/some\nnodes in the cluster, eg. when building a cluster directory or hosts\nfile with DNS mappings.\n\nThe existence of both NodeInCluster and NodesInCluster could be argued\nas unnecessary, and it might make sense to merge NodeInCluster\nfunctionality into NodesInCluster with a filter-by-node-id field. We\nshould consider doing this once the dust settles.\n\nWe also use this opportunity to write tests for Node{,s}InCluster.\n\nChange-Id: I544657b1bfe266a37230760236510024c6007c24\nReviewed-on: https://review.monogon.dev/c/monogon/+/420\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "f758ce419a4a63261e4cacf8b8795a17d024df87", "tree": "593f6821c2fe9e2c37eb9a4629e5a97650739f8c", "parents": [ "3ec8116383edfbe4aa4e04803f45a7201998ac80" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 03:40:43 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 13:54:32 2021 +0000" }, "message": "m/node: add a crude MVP bundle\n\nSince the bundle format will likely need some more time cooking let\u0027s\njust use a quick\u0027n\u0027dirty ZIP file for now. This is explicitly not stable\nand will be replaced by the actual bundle format before release. But\nit allows us to untangle various parts of the installer machinery and\nland them while this is still cooking.\n\nChange-Id: I7ba7875232e4b9a03a4dd564f2ca02d2663f829c\nReviewed-on: https://review.monogon.dev/c/monogon/+/430\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "0b12170ae5e0ca561d1575a8e107da1b9690b2ca", "tree": "ce34dfbff7d4aed88d314e9fdf683874ee8cfa49", "parents": [ "b7f8e9a05f2e47e63b697ae93a9c72741aef98c1" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Sat Nov 06 12:54:58 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 08 13:04:23 2021 +0000" }, "message": "m/c/m/core: adjust the minimum ESP size\n\nOVMF firmware refuses to boot from a smaller ESP.\n\nThis is due to unknown factors. This patch addresses that problem by\nadjusting the partition\u0027s minimum size to slightly more than FAT\u0027s\nadvertised lower bound of 32MiB.\n\nChange-Id: I1516ce19a162cd8da51e92aa7783c5a48ecfa77f\nReviewed-on: https://review.monogon.dev/c/monogon/+/421\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "dc7e31c81095fe809e3bfe07bbda36a21f54464e", "tree": "20ac8760617b9aa18968b5fb7fad288aeabca6f4", "parents": [ "d32d1eaec33b9b6e8a2ce6f207892d7a2b236382" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Oct 07 22:23:39 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 08 10:03:04 2021 +0000" }, "message": "m/node: move kernel cmdline to the unified kernel image\n\nThe upcoming installer code relies on its own params.\n\nChange-Id: I6408ffa3f14ae184e05786a48b59499ac25d8928\nReviewed-on: https://review.monogon.dev/c/monogon/+/406\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "8d45a0598ae83b8da89442ce8960e64f065182c7", "tree": "76fc262f260152be7be130ed2a078738e03073c2", "parents": [ "52304a8aa84604846e316e28c955b67e68c52f34" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 18 17:24:24 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Nov 03 15:01:37 2021 +0000" }, "message": "m/pkg/event/etcd: implement ranged watchers\n\nThis adds a new mode of operation to etcd Values/Watchers in which a\nrange of etcd keys is watched for updates instead of a single key.\n\nThis allows the implementation of watching a collection of objects\nstored in etcd for updates, eg. the node state in the Curator.\n\nThis has been implemented within the existing API of Event Values, which\nis likely the biggest contention point of this change. An alternative\nwould be to design a separate API for multi-value use, but this should\nallow us to more easily integrate with the existing code. We make use of\nGo\u0027s options-as-varargs paradigm to not break any existing use of this\ncodebase.\n\nSome behaviour of the Get() operation in ranged context is left\nunderdefined, but none of the expected users of this codebase are\nexpected to depend on this. Once the dust settles a bit, we can attempt\nto formalize this more strongly.\n\nChange-Id: I8f84d74332765e52b9bbec04b626d00f05c23071\nReviewed-on: https://review.monogon.dev/c/monogon/+/419\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "52304a8aa84604846e316e28c955b67e68c52f34", "tree": "df8518bb50b9665af7f4897665d8aa16f4a43e7f", "parents": [ "ba7bf7dc83c15cbd94a1f71b7992df7d7fc7d752" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 29 16:56:18 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Nov 03 11:36:20 2021 +0000" }, "message": "m/node: implement Port type for node ports\n\nThis allows us to use %v/%s to get a pretty port name where needed.\n\nWe also drive-by remove MasterServicePort which is a leftover from\na pre-curator cluster service implementation.\n\nChange-Id: Id8feddf87269b13dd1dad2460a015c1a7ecbc6d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/418\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ba7bf7dc83c15cbd94a1f71b7992df7d7fc7d752", "tree": "b3594e9440c82c099a5be021cabed1ab84a8f789", "parents": [ "1fd64a2ac8675eb532a8a01361c0b7251e8b9754" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 29 16:59:00 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 02 19:49:35 2021 +0000" }, "message": "m/pkg/supervisor: log instances of runnables pending restart\n\nThis can be helpful to debug stuck runnables that cannot restart due to\nsome of their children not restarting yet.\n\nWe should probably also keep a list of \u0027stuck\u0027 runnables and expose them\nvia some introspection API?\n\nChange-Id: Ia6219f6e721987b0746cb5cd0e5f11c4edc01cc6\nReviewed-on: https://review.monogon.dev/c/monogon/+/415\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "1fd64a2ac8675eb532a8a01361c0b7251e8b9754", "tree": "819b0c9d2d4f5d22d792a13adc38663a05df7b4e", "parents": [ "d102ebed4e10b33db95f6d6ff0c7fbc7dbb6b614" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 29 16:59:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 02 19:49:31 2021 +0000" }, "message": "m/p/logtree/unraw: close fifo on context cancel\n\nThis makes unraw runnables capable of being restarted instead of being\nstuck forever in canceling.\n\nChange-Id: I99d66d25b96644cc6a2da431fd4ca1873e552104\nReviewed-on: https://review.monogon.dev/c/monogon/+/416\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "57479bb5c00df6127e592716b6d644c3c13d75e9", "tree": "db782aca2c0ea03fac70ab9d0cc89d30abf838ea", "parents": [ "070ec4eb5f6853185209494455a9a7b751cf32e1" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 26 14:01:06 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 02 12:35:45 2021 +0000" }, "message": "m/c/metroctl/core: add frontend-independent metroctl support pkg\n\nThis adds metroctl/core, a package which contains parts of metroctl\nwhich do significant amounts of work beyond just providing a CLI for\nthem.\nThis package is intended to be used for integrating with functions\nprovided by metroctl, for example for using them in integration tests\nor writing other frontends providing functionality similar to metroctl\n(like a GUI or webapp).\n\nChange-Id: I8a56bfbefce8d18c6c9be3349e3c7a15a699d009\nReviewed-on: https://review.monogon.dev/c/monogon/+/411\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\nVouch-Run-CI: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "6ef7f9bb94890748cc7c635f187fce7c5f497fe3", "tree": "8252a2bfde15ebc883195717762ba313978ca946", "parents": [ "da3be1bde2f7cffc518433c8f65569079a30655e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Oct 21 13:02:40 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 25 18:46:55 2021 +0000" }, "message": "m/n/core: mount efivars\n\nWe will need them for lots of upcoming things, let\u0027s mount them\nso things which need them can use them.\n\nChange-Id: I4417c370615da154bc7cb8b8804cb268d0fd617e\nReviewed-on: https://review.monogon.dev/c/monogon/+/405\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "66e589595ecbefdc1466ea5e98e9c237e3300f8e", "tree": "c5bf14131ce984dea96ee6825c12b5e3cf7a342a", "parents": [ "a1a96b454eb3c21d03b7f95f1917dd6ce1b84b8a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:06:56 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 11 13:27:02 2021 +0000" }, "message": "m/test: refactor cluster launch code, use for e2e tests\n\nThis is a light dust-off pass for the existing cluster launch code.\nNotably, we separate Metropolis-specific code into a subpackage\n(allowing us to make the package itself depend on the required\nnode/kernel images, without introducing dependency loops or unnecessary\ndependencies on the Metropolis node image).\n\nWe also make the LaunchCluster code return an already authenticated\nManagement client, and subsequent changes will use this client to add\nmore nodes to the running cluster.\n\nWe then move the E2E test to use LaunchCluster instead of LaunchNode, in\npreparation for running a multi-node cluster in the E2E test.\n\nWe also add some more log calls and clean up the existing ones to make\nit clear which subsystem (launch, launch/cluster or e2e) is respondible\nfor each message.\n\nChange-Id: I838bdc75073831fe94b9cdcef4fb3ab6bf8cba2c\nReviewed-on: https://review.monogon.dev/c/monogon/+/343\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2f58ac0ba336ad64e5708a4bb72163e368410959", "tree": "f0047b265e47d3e934220f93147bbe663d7ac097", "parents": [ "eac8f7312382f20c17082f2871b50aea92e0a45e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 11:47:20 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 16:07:56 2021 +0000" }, "message": "m/n/c/curator: return CA public key in GetClusterInfo\n\nThis is needed for node registration (and is generally useful data\nwhenever a caller might not be aware of the CA\u0027s public key but already\nhas access to a Management client). In theory, all callers should be\naware of the public key, but in the future some other cluster\nverification might be performed with the CA public key ignored on\nconnectivity, but used by some other logic.\n\nChange-Id: If1928435bd5606c733460eb1a4a29a6578c8c723\nReviewed-on: https://review.monogon.dev/c/monogon/+/342\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "eac8f7312382f20c17082f2871b50aea92e0a45e", "tree": "cb1e0051ef3d97a64e367c77eaaf1c1217df2fbd", "parents": [ "bf5994514f50390c64c2ae6be2371687d312850c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 23:30:37 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 16:03:27 2021 +0000" }, "message": "m/n/core: run dedicated PID 1 reaper\n\nThis introduces minit, a tiny init implementation, written in C, built\nagainst musl. It does one thing: reap children. No support for TTY, no\nconfigurability, just the bare minimum for a working system.\n\nWe also drive-by remove some dead code from main.go.\n\nThis solves https://github.com/monogon-dev/monogon/issues/15\n\nChange-Id: I666ff2042f19639465ff918590a39b8e219ee7d6\nReviewed-on: https://review.monogon.dev/c/monogon/+/346\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bf68fa9d8cbf6d283da8d538c1f28d8f53df0fcd", "tree": "d62cda0e060b4376dec815629f72e1661d77a73f", "parents": [ "bc671d09b9cdeb420260797c22020aa12059eb36" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:53:58 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 14:50:09 2021 +0000" }, "message": "m/n/c/roleserve: implement ClusterAgent\n\nThe ClusterAgent is a runnable that is scheduled to run on all cluster\nnodes. It\u0027s currently used to report the current node status to the\nCluster, and in the future can be used to implement hearbeat detection\nfor nodes.\n\nChange-Id: Iff394e2cc37064d1e42fd27e40884dda83d88418\nReviewed-on: https://review.monogon.dev/c/monogon/+/341\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bc671d09b9cdeb420260797c22020aa12059eb36", "tree": "868fe4b9601c2c5c1f63106f3f0160037cb76462", "parents": [ "3be483247a07a6ebe73dd044f6ad299e19a04c7b" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:53:32 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 14:49:55 2021 +0000" }, "message": "m/n/core: implement GetClusterInfo\n\nThis implements Management.GetClusterInfo which is used to retrieve a\nClusterDirectory. This in turn will be used by nodes that wish to\nregister into a cluster.\n\nThis could\u0027ve been skipped and instead Curator.Watch could\u0027ve been used.\nHowever, the Curator service is only really (currently) intended to be\nused by node-to-node communications. To keep with the current design, we\nimplement a separate RPC, but we should maybe reconsider if this\nseparation makes sense.\n\nChange-Id: Ie9d475731f4faafdc51a2aa51a1582ee1a259fd2\nReviewed-on: https://review.monogon.dev/c/monogon/+/340\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" } ], "next": "3be483247a07a6ebe73dd044f6ad299e19a04c7b" }