)]}' { "log": [ { "commit": "be57a039071a451763adc6c3456b7d79ca1999bb", "tree": "391ebab65e54c88c0b101a137371b283c5fd3812", "parents": [ "3536e4d4923e76486167c85c2b09a1cf4ca5502d" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 11 13:41:52 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 11 13:42:23 2021 +0200" }, "message": "m/test/launch: fix TPM tempdir permissions, wrap errors\n\nOn Linux, the following generally fails:\n\n $ cd /tmp\n $ mkdir test\n $ cd test/\n $ chmod 644 .\n $ touch foo\n touch: cannot touch \u0027foo\u0027: Permission denied\n\nThis changes our launch code to create a temporary TPM directory with\n755 instead of 644 permissions, preventing a situation like above\nmanifesting in our new CI.\n\nThis didn\u0027t manifest before as we always ran builds through podman, and\nthere this behaviour doesn\u0027t appear to hold, probably because we are uid\n0 there:\n\n $ podman exec -it monogon-dev bash\n bash-5.0# id\n uid\u003d0(root) gid\u003d0(root) groups\u003d0(root) context\u003dunconfined_u:system_r:spc_t:s0\n bash-5.0# cd /tmp/\n bash-5.0# mkdir test\n bash-5.0# cd test/\n bash-5.0# chmod 644 .\n bash-5.0# touch foo\n\nWe also drive-by some unwrapped error returns to be a bit more helpful.\n\nTest Plan: Tested on new CI, manually.\n\nX-Origin-Diff: phab/D773\nGitOrigin-RevId: 5a55a7878109717f0c17251a659dfc6ee04b94f4\n" }, { "commit": "3536e4d4923e76486167c85c2b09a1cf4ca5502d", "tree": "7e0fba60817509fc4514ae9faf58acf0b0118a92", "parents": [ "68ca5eebd0ccd00a2d60eb42289c64357fb2e83f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 11 11:58:56 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 11 12:09:36 2021 +0200" }, "message": "WORKSPACE: bump rules_docker\n\nThis fixes the following build issue on machines without a cache:\n\nError in download_and_extract: java.io.IOException: Error downloading [https://api.github.com/repos/google/go-containerregistry/tarball/8a2841911ffee4f6892ca0083e89752fb46c48dd] to /home/ci/.cache/bazel/_bazel_ci/0a07aad6377a57fb9a149ee20941825f/external/com_github_google_go_containerregistry/temp4646182565351458604/8a2841911ffee4f6892ca0083e89752fb46c48dd.tar.gz: Checksum was cadb09cb5bcbe00688c73d716d1c9e774d6e4959abec4c425a1b995faf33e964 but wanted 60b9a600affa5667bd444019a4e218b7752d8500cfa923c1ac54ce2f88f773e2\n\nSee https://github.com/bazelbuild/rules_docker/issues/1814\n\nTest Plan: The build should pass.\n\nX-Origin-Diff: phab/D772\nGitOrigin-RevId: 64da076b378bc060c80c8b471eab908a0e52747a\n" }, { "commit": "68ca5eebd0ccd00a2d60eb42289c64357fb2e83f", "tree": "5706f5b4fa8dc44775dbabe24cd577f1d37a0422", "parents": [ "93bba15a0059da200a5d09a2bd7ec5ed5a667c60" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 27 16:09:16 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 11 12:09:33 2021 +0200" }, "message": "m/pkg/event: move MemoryValue to subpackage\n\nThis keeps metropolis/pkg/event as a pure interface package, and\nmoves the memory-backed implementation to a subpackage.\n\nTest Plan: Refactor, coevered by tests.\n\nX-Origin-Diff: phab/D764\nGitOrigin-RevId: 1337bf55a7752293791b3efe8648bbf5f6e6e9e1\n" }, { "commit": "93bba15a0059da200a5d09a2bd7ec5ed5a667c60", "tree": "49f27c6425af3549f7fe4ddbf9a1880e2f0490b3", "parents": [ "f055a7fce0263a30fd2c853b5ed002a765fc23e8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 04 13:41:18 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 04 18:49:19 2021 +0200" }, "message": "Update IntelliJ aspect patch to work with generated embedded libraries\n\nThis hacks the IntelliJ aspect to propagate import metadata (mainly import\npaths and files) along an `embed` attribute to the go_library. This is done since\nthere is a whitelist on the Java side which prevents it from picking up metadata\nfrom rules not called go_library. By technically making embedded libraries\npart of the go_library, they can be properly picked up.\n\nTest Plan: Works on my machine(tm)\n\nX-Origin-Diff: phab/D763\nGitOrigin-RevId: eed6a6d24d634aa1b21ccbd3521f3cfd8378340a\n" }, { "commit": "f055a7fce0263a30fd2c853b5ed002a765fc23e8", "tree": "de2dc0daeebfc7ecce2b1987ffb13eb4f2475088", "parents": [ "2666513457e8d7a282560a7090f35439ab9695ce" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 16:22:33 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Apr 14 14:35:09 2021 +0200" }, "message": "third_party/linux: build using unhermetic rule\n\nThis replaces ad-hoc genrules (for the node Linux image and the ktest\nimage) with a real Bazel rule with an attached transition which ensures\nwe end up with the same-ish configurations for all builds of an image.\n\nThis reduces rebuilds of the ktest Linux kernel, from three down to one.\n\nBefore: https://drive.google.com/file/d/1c6VmY2bqx9Pgs61TOUfgMi8Sn0WQeobu/view\n\nAfter: https://drive.google.com/file/d/13eO1rLhoBCMMRUKrmJz8QnhdAR3ctIGb/view\n\nWe also drive-by fix the Kubernetes CTS test suite to run on a single-node\nCluster (instead of failing early due to that being currently reworked).\n\nTest Plan: Build system refactor, following existing test.\n\nX-Origin-Diff: phab/D761\nGitOrigin-RevId: b5545ac5fd402fbf0340d941a90b9ea6ea0b6d43\n" }, { "commit": "2666513457e8d7a282560a7090f35439ab9695ce", "tree": "328d8f62ddb665b6cd057272f7cae2713aa247ad", "parents": [ "a105db57640d6abf6de368ec0c33a3a5b4f93893" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Apr 13 16:55:59 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:33 2021 +0200" }, "message": "Fix TCP BBR setting\n\nI previously set the TCP queuing discipline to BBR without actually compiling in BBR.\nSee T943. This actually builds in BBR and sets it as default in the kernel config, thus removing\nthe need to manually set it in userspace.\n\nTest Plan: CI\n\nBug: T943\n\nX-Origin-Diff: phab/D760\nGitOrigin-RevId: 779a709e4298ec59bfdcf462fe2f3563952204b6\n" }, { "commit": "a105db57640d6abf6de368ec0c33a3a5b4f93893", "tree": "dc96244d0b2922768d7f29431bab2a9ac581a1a6", "parents": [ "c75c9d4f30174c089cce47c608683bf09396fa30" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Apr 12 19:57:46 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:13 2021 +0200" }, "message": "m/n/core/cluster: migrate to events and etcd namespaced client\n\nThis moves the status of the cluster manager to use a local event\nvariable. Watchers (like the node startup code) can now use this to get\nupdates on the state of the node and its cluster membership in a way\nthat\u0027s more abstracted from a sequential startup. This will permit us to\nmove a lof othe startup code into code common across different node\nlifecycle paths.\n\nTest Plan: Refactor, exercised by e2e.\n\nX-Origin-Diff: phab/D757\nGitOrigin-RevId: 31a3600ad2aab90a1e7f84d741e7ea40a0422724\n" }, { "commit": "c75c9d4f30174c089cce47c608683bf09396fa30", "tree": "a3d34c7ac52f16650de55ba28d3621add81e5f99", "parents": [ "886d2892d1717bc130cfa008742c06c29f7ff186" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 16:40:14 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:11 2021 +0200" }, "message": "m/n/c/consensus: add client\n\nThis implementes a thin wrapper around etcd\u0027s clientv3.Client, with the\nfollowing advantages:\n\n - Only implements KV, Watcher and Lease interfaces, ie. unprivileged\n namespaceable interfaces - not cluster management interfaces. These\n will be available to both remote and local etcd connections.\n - Adds recursive namespacing functionality, which permits different\n parts of the subsystem to receive their own somewhat-sandboxed etcd\n subtree. This not only makes the etcd keyspace layout more strict,\n but also simplifies passing around etcd clients, as major components\n (like the kubernetes subsystem) can hand out its own sub-clients,\n instead of them having to be globally declared ahead of time.\n\nTest Plan: Exercised by tests.\n\nX-Origin-Diff: phab/D756\nGitOrigin-RevId: 03fead9a89c301a2e70df8a007b7ecb60b2364c7\n" }, { "commit": "886d2892d1717bc130cfa008742c06c29f7ff186", "tree": "e9d67752d55d52e948662521e96d83f343473dea", "parents": [ "0565ea3191d445bdaab647213d59ed3d7218630a" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 16:39:39 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:08 2021 +0200" }, "message": "metropolis/test/launch: add InsecureKey\n\nCurrently, the node startup parameters are empty. Let\u0027s populate them with a development (\u0027insecure\u0027) key when started from the launch library.\n\nTest Plan: Future revision in stack will make use of this.\n\nX-Origin-Diff: phab/D754\nGitOrigin-RevId: 0cfa3c1d71911423ff169afc027edb768151de67\n" }, { "commit": "0565ea3191d445bdaab647213d59ed3d7218630a", "tree": "fd5f395dd2f54a1582538e7b5ac2b724db987625", "parents": [ "09c275bc489bc1de406be9a2e8f158eaa87b7c61" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 11:52:00 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:06 2021 +0200" }, "message": "m/n/core/cluster: factor out bootstrap into separate file\n\nTest Plan: Refactor.\n\nX-Origin-Diff: phab/D753\nGitOrigin-RevId: 2e39db6673b2a0a6c1d7593f230fa691643e4c06\n" }, { "commit": "09c275bc489bc1de406be9a2e8f158eaa87b7c61", "tree": "31c62a93e37f6052aa99e2addacef6c060d75e85", "parents": [ "37050126ef89ec30cc677c272471debe55ec0d69" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 30 12:47:09 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:04:05 2021 +0200" }, "message": "Add ftrace support to DebugService\n\nThis allows us to do ad-hoc kernel-level tracing on a running Metropolis node.\nUseful for tracking down complex bugs.\n\nExample: `bazel run //metropolis/cli/dbg -- trace -function_graph_filter blkdev_* function_graph`\n\nTest Plan: Debug utility, manually tested\n\nX-Origin-Diff: phab/D748\nGitOrigin-RevId: 924eb795250412a73eb30c0eef4a8c1cc726e5fd\n" }, { "commit": "37050126ef89ec30cc677c272471debe55ec0d69", "tree": "c64a64a622ec1c3e1e72fc12a6d4252c0e803cc1", "parents": [ "2999427c182463840a339cf0e82885d8a3b6e79f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 30 14:00:27 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:04:01 2021 +0200" }, "message": "Implement Block PVCs in our storage backend\n\nThis implements full support for Block PVCs in our Kubernetes storage backend.\nThe block PVCs are backed by files made available to the pods using loop devices and\nhave read-only and online expansion support.\n\nThis also requires a Kubernetes patch because they call losetup if block PVCs are used\nwith CSI to establish a form of lock on the backing block device. This lock is not\nexclusive and does absolutely nothing for our use case and could get very expensive\non dense machines so I removed it.\n\nTest Plan: Comes with E2E tests\n\nX-Origin-Diff: phab/D746\nGitOrigin-RevId: 430d3f445286c0d3498b2153df333a19f3fcab89\n" }, { "commit": "2999427c182463840a339cf0e82885d8a3b6e79f", "tree": "5e28c819a3db52d3fb77b92be6b78938a107d5cd", "parents": [ "30167f5cf55829d38f9d480466d7b5742c62a5fc" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Apr 12 14:25:18 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:03:58 2021 +0200" }, "message": "metropolis/vm: add kube/{generated,apis}\n\nThis is a first pass at the vm.metropolis.monogon.dev Kubnernetes API,\ncontaining the VirtualMachine resource.\n\nThis also adds all the required BUILDfile boilerplate for the output\n(generated) directory.\n\nTest Plan: Builds should pass, eg. bazel build //metropolis/vm/kube/...\n\nX-Origin-Diff: phab/D752\nGitOrigin-RevId: d05c1a38e26b14c11b7a5d5885b15bbca8662174\n" }, { "commit": "30167f5cf55829d38f9d480466d7b5742c62a5fc", "tree": "fd89a3bb8a1c08b10d870a6b185b2deffa131cac", "parents": [ "9956e72c6c0b4f6436dc9493bc213965ee0cc191" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:49:01 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:03:56 2021 +0200" }, "message": "Add VM infrastructure smoke test\n\nThis adds an E2E test which exercises the VM infrastructure (Kubernetes, KVM device plugin and QEMU).\nThis test should ensure that nobody breaks the core infrastructure Metropolis VMs rely on.\n\nTest Plan: This is a test\n\nX-Origin-Diff: phab/D740\nGitOrigin-RevId: ddf629725dfb664ace5a50efee9ed9442962d6f7\n" }, { "commit": "9956e72c6c0b4f6436dc9493bc213965ee0cc191", "tree": "7842ac67432e3a187dda6a2dcb46d11088934159", "parents": [ "dca59d924dac4345099e5acd99405b5451d29cdb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 24 18:48:55 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:03:53 2021 +0200" }, "message": "Add Loop Device package\n\nThis adds Loop device support in our Linux kernel and adds a Go package for working with them.\nIt also drive-by adds a pre-mounted tmpfs to ktest as that is quite useful in a lot of situations.\n\nTest Plan: Comes with ktests.\n\nX-Origin-Diff: phab/D745\nGitOrigin-RevId: fa06bcdddc033efb136f56da3b4a91159273bf88\n" }, { "commit": "dca59d924dac4345099e5acd99405b5451d29cdb", "tree": "68d28ada7050e81f854589bf335447a0673f9e57", "parents": [ "58ec09eece3b2ca32112668cc6e5f1fd63ffa2a7" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 19:02:53 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 19:04:11 2021 +0200" }, "message": "scripts: replace /bin/bash by /usr/bin/env bash\n\nTest Plan: Set up environment locally; CI\n\nX-Origin-Diff: phab/D759\nGitOrigin-RevId: 01142b03dcfb44c1dcb42169cc9af187c1518107\n" }, { "commit": "58ec09eece3b2ca32112668cc6e5f1fd63ffa2a7", "tree": "380874242b1aa2555d122369b4384d445da808a0", "parents": [ "57a9d3e7c609203b95ee7d09db87a43a64f79be9" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:34:19 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:59:03 2021 +0200" }, "message": "scripts: clean up build environment launch scripts\n\n- With a privileged container (which makes the Bazel sandbox work), the SELinux\n trick doesn\u0027t work anyway. Replace it by a `z` modifier which tells podman to\n set the right SELinux context on systems that have it.\n\n- Do not fail if IntelliJ is absent.\n\nTest Plan: works on my machine™\n\nX-Origin-Diff: phab/D758\nGitOrigin-RevId: b9020bdd54fccde222872ca609ee79b1805dd479\n" }, { "commit": "57a9d3e7c609203b95ee7d09db87a43a64f79be9", "tree": "79a1199f3a7c0f4a8fdb00a2131244f59b9c205c", "parents": [ "7353e17fcd3b158e575ca4455ee75224fa4f0921" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 17:31:48 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:59:01 2021 +0200" }, "message": "WORKSPACE: fix repository path of gperf fork\n\nTest Plan: CI\n\nX-Origin-Diff: phab/D755\nGitOrigin-RevId: 65d4541c8a60e57825548abc831d6593161780ce\n" }, { "commit": "7353e17fcd3b158e575ca4455ee75224fa4f0921", "tree": "7208b1e0dd5ba9af5f97c31a49aa5007525bc4c3", "parents": [ "b76580c0189209f7feef90f0900e0758aaf122ce" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 31 22:09:22 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:58:58 2021 +0200" }, "message": "metropolis/build: add kube-code-generator\n\nThis implements kube-code-generator, a set of Bazel rules for generating\nKubernetes resource APIs based on a Go library, using\nk8s.io/code-generator.\n\nTest Plan: Was considering adding a test for this - but this is practically best tested with the next change in the stack, which actually uses it to implement the VM hypervisor kube API.\n\nX-Origin-Diff: phab/D751\nGitOrigin-RevId: 31e3b632c2e83282c8b2c415402cddea66d4ce51\n" }, { "commit": "b76580c0189209f7feef90f0900e0758aaf122ce", "tree": "72cd514a620bb623ca7056a9b21e158bbc89b4fd", "parents": [ "339f97dc7ae48876f77b1195a8840f9369fb5d25" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 31 22:07:01 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:58:55 2021 +0200" }, "message": "metropolis/build: add gotoolwrap\n\nThis adds gotoolwrap, a tiny Go executable used to wrap binaries that\nwant to access the monogon workspace as a GOPATH during build steps.\n\nTest Plan: Used further down the stack in code generation.\n\nX-Origin-Diff: phab/D750\nGitOrigin-RevId: 83d11b94d025d3652fce88917b1664d93454c60f\n" }, { "commit": "339f97dc7ae48876f77b1195a8840f9369fb5d25", "tree": "126cb2059727f7bf4fe50adff74aeeb93e8c618b", "parents": [ "fa99799583dfc3b485012dd0575287643f568b72" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 31 22:16:52 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:58:27 2021 +0200" }, "message": "third_party/go: add k8s.io/code-generator\n\nTest Plan: New dep. Used further down change stack.\n\nX-Origin-Diff: phab/D749\nGitOrigin-RevId: 4cd0cab36dbd2aa17f944ad6fb3bf90af638ebef\n" }, { "commit": "fa99799583dfc3b485012dd0575287643f568b72", "tree": "8bde1e2205ef987181a1bbbb1c8f33fbd29e402d", "parents": [ "55f01c3c338166f2ca7e67ae5d6c3ae6b7ac75c4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 23 17:29:42 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:58:25 2021 +0200" }, "message": "third_party/qemu: better explain tb_invalidate_phys_range patch\n\nAt a glance, this change looks somewhat scary, and might be interpreted\nas an attempt to backdoor qemu.\n\nThis better explains what\u0027s going on, and adds an extra always-firing\nassert to prove that there\u0027s nothing up our sleeves, and that this\nbranch should never be taken in the first place.\n\nTest Plan: Refactor, should be covered by tests.\n\nX-Origin-Diff: phab/D744\nGitOrigin-RevId: c86638cf9e90041d2ad19d26715c7d4dd5a43e98\n" }, { "commit": "55f01c3c338166f2ca7e67ae5d6c3ae6b7ac75c4", "tree": "1ad925573330bf4b776e02722037d7073f553948", "parents": [ "5e113ddc3e845be6d7d7b87332af6aa48a3d18a2" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Mar 30 22:12:24 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Mar 30 22:15:10 2021 +0200" }, "message": "Update README.md\n\nGitOrigin-RevId: 00bf68e07ac704b5ebfb2c058104abf1fcab5232\n" }, { "commit": "5e113ddc3e845be6d7d7b87332af6aa48a3d18a2", "tree": "55aad63113388bcbd10c70180bb913b0389c9ab3", "parents": [ "647cbb28101e628206562fa5c60e1ed8e5307e8a" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Mar 30 14:22:57 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Mar 30 14:22:57 2021 +0200" }, "message": "Add top-level Apache 2 LICENSE\n\nAll contributions to date are copyrighted by Nexantic, and are explicitly\nlicensed under the Apache 2 license.\n\nTest Plan: N/A\n\nX-Origin-Diff: phab/D747\nGitOrigin-RevId: 830c1c7d183c09b964829979e2d38ba165ba13b9\n" }, { "commit": "647cbb28101e628206562fa5c60e1ed8e5307e8a", "tree": "b4796da9b3f4c25d9fdc4ebc4137cdaa513b38fc", "parents": [ "bb95ebd12f8777b1b653653bcb54a081b6c54771" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 16 15:09:56 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 16 15:09:56 2021 +0100" }, "message": "Make QEMU build under musl\n\nQEMU and its glib dependency use a few very bespoke glibc extensions which\nmusl doesn\u0027t implement. This disables their use to make this build on both glibc and musl.\n\nTest Plan: `bazel build --crosstool_top\u003d//build/toolchain/musl-host-gcc:musl_host_cc_suite @qemu//:qemu-x86_64-softmmu` works\n\nX-Origin-Diff: phab/D738\nGitOrigin-RevId: 606f750be4259ca8fcc19f4c0cc0ddd54dff2090\n" }, { "commit": "bb95ebd12f8777b1b653653bcb54a081b6c54771", "tree": "0c52fbe31ea06cf4b1151e991f3da4ed6515b426", "parents": [ "b60d9cb51462a82a89f9c16f5ca6b4541de6d450" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 16 15:06:51 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 16 15:06:51 2021 +0100" }, "message": "Include compiler-specific headers in musl toolchain sysroot\n\nCurrently our musl sysroot does not include any compiler-specific headers. This makes the musl\ntoolchain unable to build more complicated things like QEMU. Since the musl toolchain is not actually\na real toolchain, but just a thin wrapper around the host toolchain this is a problem as these headers\nare not static. For a lack of better options it has thus been decided that we\u0027re just going to manually\nmerge the headers for our build container in.\n\nThis is expected to be removed as soon as we have a proper toolchain.\n\nTest Plan: Tested in subsequent revision\n\nX-Origin-Diff: phab/D737\nGitOrigin-RevId: a1ed1d229c87980341c80b22263f5d9a4cf9924c\n" }, { "commit": "b60d9cb51462a82a89f9c16f5ca6b4541de6d450", "tree": "6d9d0debaa652988ecbae503c56748f9a17ed481", "parents": [ "c4a3aab4c8d14d05b7e2448ab11897b6f9093046" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Feb 18 17:34:00 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Feb 18 17:34:00 2021 +0100" }, "message": "Add C/C++ header rewriter\n\nThis adds a C/C++ header rewriter utility. See the top comment on a quick description of how it works.\nNo workspace rule is provided yet, that will come later.\n\nTest Plan: This is a build utility, doesn\u0027t really matter.\n\nX-Origin-Diff: phab/D705\nGitOrigin-RevId: 4bf274d8301f3a38a1ec7512bf310be9815fb647\n" }, { "commit": "c4a3aab4c8d14d05b7e2448ab11897b6f9093046", "tree": "61585da074852ab286fab9fefa671e35fc1e4658", "parents": [ "42e61c6a3601d7f63176af3f53a3ac9c53120099" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:31:19 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:31:19 2021 +0100" }, "message": "metropolis/proto: remove internal\n\nThis is now unused (as it has been replaced by proto/private) and can be\nremoved.\n\nTest Plan: Refactor.\n\nX-Origin-Diff: phab/D736\nGitOrigin-RevId: e71dfd70d36d0ae9b29e2b287fcc337cf2520a51\n" }, { "commit": "42e61c6a3601d7f63176af3f53a3ac9c53120099", "tree": "2fd6e86b1a0dee6b4928f04ac359b4b262806d73", "parents": [ "34fe8c666811c63f33ba970ba0e39d25804ab4a3" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Mar 18 15:07:18 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Mar 18 15:07:18 2021 +0100" }, "message": "m/n/core/cluster: rewrite bootstrap to conform to cluster lifecycle DD\n\nThis removes the existing cluster/manager code and reimplements it from\nscratch, finally implementing the cluster lifecycle design document for\ncluster bootstrap.\n\nTest Plan:\nE2e should cover this. Maybe we could unit test the manager? But that would\nrequire a ton of DI work. Not sure if it\u0027s worth it.\n\nX-Origin-Diff: phab/D735\nGitOrigin-RevId: b00c97b0a102a21605d16086df82a6ece6eb7f4d\n" }, { "commit": "34fe8c666811c63f33ba970ba0e39d25804ab4a3", "tree": "fce90696e07eb76efea1436047393ad66ac04404", "parents": [ "3ea1a3a30d41980a8a5b5f321b3e7bc8af96dc29" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:20:09 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:20:09 2021 +0100" }, "message": "m/node/core/consensus: always use member name as address\n\nInstead of explicitly giving the consensus service an address to listen\non, we now just give it a hostname. Etcd will resolve the name itself on\nstartup. It\u0027s not yet known if it will re-resolve it and handle changes.\nIf that\u0027s not the case, we will have to implement a restarting\nbabysitter process instead.\n\nTest Plan: E2e tests should cover this.\n\nX-Origin-Diff: phab/D734\nGitOrigin-RevId: c2255b2956137e2bbd705ac1965418c0540d0046\n" }, { "commit": "3ea1a3a30d41980a8a5b5f321b3e7bc8af96dc29", "tree": "0d4ab65ff6af76e3115ac8a82452216301aebce4", "parents": [ "72068da814af80568cb106b877ef8f5e526e684c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:17:33 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:17:33 2021 +0100" }, "message": "m/node/core/conensus: handle etcd restarts\n\nThis makes the etcd service more reliable in case of transient failures\nwhen starting in a new cluster. Previously, any restart of etcd on the\nfirst (bootstrapping) node would cause etcd to get stuck and never start\nagain (as certificates were already created). This changes the logic to\nallow existing certificates.\n\nThis also handles the case of etcd attempting to start as the network is\nreconfigured, and eg. the external hostname is not yet resolvable.\n\nTest Plan:\nNo tests yet. This should be tested by a more comprehensive e2e test where we\nrandomly kill some runnables (see: T872).\n\nX-Origin-Diff: phab/D733\nGitOrigin-RevId: 8ac426f9423ec2353537eec651071e99a5e5ec53\n" }, { "commit": "72068da814af80568cb106b877ef8f5e526e684c", "tree": "31831657903e62d4a813c9d18d47413154f13560", "parents": [ "d8af5bf4c14a5c53d1736695a1210b6eea4d246e" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:15:45 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:15:45 2021 +0100" }, "message": "metropolis/proto: add private\n\nWe add a new proto package, \u0027private\u0027. This will hold all non-public\nproto messages for the implementation of the cluster lifecyclce design\ndocument.\n\nWe duplicate \u0027internal\u0027 for two reasons:\n\n - make it easier to port code accross to use the new protos/cluster\n code, while slowly phasing out protos/internal.\n - \u0027internal\u0027 was a poor name choice, as it\u0027s significant in Go path\n naming, and might cause some problems in the future. We have Bazel\u0027s\n visiblility mechanism to protect accidental use.\n\nTest Plan: New proto, not yet used - see rest of stack.\n\nX-Origin-Diff: phab/D732\nGitOrigin-RevId: 15632353c46068b4f4c5025828c9c8459feaa335\n" }, { "commit": "d8af5bf4c14a5c53d1736695a1210b6eea4d246e", "tree": "83e4c35e105d8fb0e5bf71ac8c93bbd3e7f964b4", "parents": [ "4e090357c4f1f3bae53a5f2feaf20ea5e1bbbe61" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:38:29 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:38:29 2021 +0100" }, "message": "metropolis/node: use Event Value for network status\n\nThis moves over the GetIP API to use our fancy new event/value library.\nThe consumers of this data are currently the cluster manager and the\nkubernetes root service. Both are migrated over.\n\nTest Plan: Refactor, covered by E2E tests.\n\nX-Origin-Diff: phab/D711\nGitOrigin-RevId: 8a1e0dd35236d55492722f4439323cb2ee9574fc\n" }, { "commit": "4e090357c4f1f3bae53a5f2feaf20ea5e1bbbe61", "tree": "335ec273335722befdeca623b8f3f787a2cd6571", "parents": [ "0ed2f96a3a86aff2c9ce36289aa5d58a75f4d59b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:44:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:44:41 2021 +0100" }, "message": "Add KVM device plugin\n\nThis adds a KVM device plugin for Kubernetes. This plugin allows for unprivileged access and granular\ncontrol of KVM access.\n\nTest Plan: Tested in subsequent revision\n\nX-Origin-Diff: phab/D739\nGitOrigin-RevId: 5cd738a47d24e7bfdc29bbd1a31537209e1ebf46\n" }, { "commit": "0ed2f96a3a86aff2c9ce36289aa5d58a75f4d59b", "tree": "afbe1fb6cd0a1667e981edfe97969338437bdaca", "parents": [ "056042962060369bd7607ecfea51c515fc3a8140" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Mar 15 16:39:30 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Mar 15 16:39:30 2021 +0100" }, "message": "metropolis/proto: EnrolmentConfig -\u003e NodeParameters\n\nThis starts off the move to a node configuration API conforming to\nthe lifecycle management design document.\n\nInstead of an Enrolment Config used only to join an existing cluster, we\nmove to a NodeParameters proto that must always be given to a node if\nit\u0027s supposed to either bootstrap a new cluster or join an existing one.\n\nThis links the existing cluster management code (and its state machine)\nto work with this file. However, that state machine will be removed very\nsoon, anyway.\n\nWe also remove everything related to golden tickets.\n\nThis breaks multi-node tests.\n\nX-Origin-Diff: phab/D710\nGitOrigin-RevId: f22615fbccab975f2d5e6928bdc7387ab3aa5714\n" }, { "commit": "056042962060369bd7607ecfea51c515fc3a8140", "tree": "86a6dbf7b1781ed2f5baf332938d4e8211353112", "parents": [ "0ab4edafde3eb22e111e75d6aa5e29faa92c30ca" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:47:21 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:47:21 2021 +0100" }, "message": "m/node/kubernetes: parse klog output from services\n\nThis translates Kubernetes\u0027 logging ingo logging that we can\nquery/filter more easily.\n\nTest Plan: We don\u0027t test resulting logs from the system, and I\u0027m not sure we should?\n\nX-Origin-Diff: phab/D716\nGitOrigin-RevId: ba3f42b9a4e3172bf058bd7dce4283f50dc8e69d\n" }, { "commit": "0ab4edafde3eb22e111e75d6aa5e29faa92c30ca", "tree": "8931f10cd69309ece470c38c3a062ef74f3699a5", "parents": [ "9411f7c2ed0afbbf617075ab37901addc76fadfb" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:43:57 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:43:57 2021 +0100" }, "message": "m/pkg/logtree: implement klog parsing\n\nThis adds logtree.KLogParser, a shim which parses klog/glog-formatted\nlines into logtree leveled logging.\n\nThis will be used to consume logs from external components (like\nKubernetes services) into leveled logging inside logtree.\n\nAn alternative would be to switch all Kubernetes components to\n\u0027structured\u0027 (JSON) logging - but that seems to still be experimental,\nand does not exactly map into something that we can log further. Maybe\nin the future we can switch over, and also copy these over into our own\nbinary/structured logging.\n\nTest Plan: Adds unit tests for parsing, which is the most tricky part.\n\nX-Origin-Diff: phab/D715\nGitOrigin-RevId: 9994d819f15c9542800d488f57c83ab945a35d34\n" }, { "commit": "9411f7c2ed0afbbf617075ab37901addc76fadfb", "tree": "f1f62aa538ba3c2265815d2dbe942377264850a5", "parents": [ "0de189355c6afad6f677029d90fa40dee824141b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "message": "m/node/kubernetes/pki: refactor out CA functionality\n\nThis factors out all non-k8s-specific CA functionality from\nmetropolis/node/kubernetes/pki into metropolis/pkg/pki.\n\nThis will allow us to re-use the same PKI-in-CA system to issue\ncertificates for the Metropolis cluster and nodes.\n\nWe also drive-by change some Kubernetes/PKI interactions to make things\ncleaner. Notably, this implements Certificate.Mount to return a\nfileargs.FileArgs containing all the files neede to use this\nCertificate.\n\nTest Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though.\n\nX-Origin-Diff: phab/D709\nGitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad\n" }, { "commit": "0de189355c6afad6f677029d90fa40dee824141b", "tree": "3e926e04415d4310b120cc641e4cd7893c5a6b61", "parents": [ "735119f8efcd1ce8689703fe455e39f2146b0b3e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:36:48 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:36:48 2021 +0100" }, "message": "Add QEMU into the monorepo\n\nThis adds QEMU and all its dependencies into the monorepo. Enough features are enabled that\nthis QEMU should be both usable for running tests for Metropolis as well as running customer VMs in\ncontainers. Thus we can also get rid of the QEMU ambient dependency.\n\nAll dependencies have their includes fully rewritten as to be reusable without a huge effort. QEMU itself\nrelies on `includes` attributes since the patch would otherwise be enormous and it is a binary and thus\nany include path madness ends there.\n\nOverall though this is quite nice, the final QEMU build with full optimization is \u003c10MiB and has no further\nambient dependencies. It also has full io_uring support, which works very well with our 5.10 kernel.\nTPM support is also included.\n\nThis is not used anywhere, replacing the ambient dependency and shipping a container will be in an upcoming\nrevision.\n\nTest Plan:\nManually tested to run a Ubuntu cloud image with io_uring and virtio. Automated tests will follow as\npart of its roles in this repo.\n\nX-Origin-Diff: phab/D712\nGitOrigin-RevId: 9c2607d75c875b1d65346e3cdac1a5e08467ea33\n" }, { "commit": "735119f8efcd1ce8689703fe455e39f2146b0b3e", "tree": "40fd14c0a07c12974d01d67997349917b40f5d69", "parents": [ "ddd6caff9edac56dad727a79eb5b0faf4dbd6cb9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:30:01 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:30:01 2021 +0100" }, "message": "Host toolchain minimal features\n\nTest Plan: Tested with QEMU and the existing codebase.\n\nX-Origin-Diff: phab/D713\nGitOrigin-RevId: ecfc94ab2b4880447c628fc2e41b5ed6234f90d8\n" }, { "commit": "ddd6caff9edac56dad727a79eb5b0faf4dbd6cb9", "tree": "120710eb4a9acf0c3ad1086d9f6f6f3c850a0d70", "parents": [ "bcae658f9530e95cde2ac931beacae71c9fb240e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "message": "Build mkfs.xfs using rules_cc\n\nThis drops the old big genrule for mkfs.xfs and replaces it with a nice rules_cc build system\nwith the help of bazel_cc_fix generated patches and our musl-based toolchain.\nWhile we\u0027re at it I bumped the versions of all related dependencies to their latest stable release.\nThis also means pulling in ini.h which is a dependency of the new xfstools version.\n\nInstructions to regenerate the patches are included in the spec files.\n\nToolchain selection is done by the existing transition in our rootfs rule so we automatically get a musl-built\nstatic binary when building for the rootfs.\n\nTest Plan: Tested with E2E tests, should fail fairly catastrophically if something were wrong.\n\nX-Origin-Diff: phab/D708\nGitOrigin-RevId: 648a05cdd08cfa84a8a9f4c057c52446e7005631\n" }, { "commit": "bcae658f9530e95cde2ac931beacae71c9fb240e", "tree": "649848ec85c0f168a8672fab143d1b53b0b55903", "parents": [ "c00318e448212b01a8121059be3c3e9b35bd13a7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:09:50 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:09:50 2021 +0100" }, "message": "Add common template_file rule\n\nThis adds a template_file rule, which is used often when building C/C++ dependencies which use\nautotools or similar build systems upstream. Taken from an existing repo of various Bazel helper rules.\n\nTest Plan: None\n\nX-Origin-Diff: phab/D707\nGitOrigin-RevId: 9cc818803b2fed9e15677924dbc9137c39459151\n" }, { "commit": "c00318e448212b01a8121059be3c3e9b35bd13a7", "tree": "38011616a2112e14591da1b06ac65ac8ec75b372", "parents": [ "32d73486f4ea778cd3ea58e2d579e862cf67fb9c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 03 12:39:24 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 03 12:39:24 2021 +0100" }, "message": "m/pkg/event: implement\n\nThis specifies event.{Value,Watcher}, an interface for data that might\nbe updated by its producer, and which is watched for such updates by\nmultiple consumers.\n\nIt also implements MemoryValue, a Value that is stored in memory.\n\nTest Plan: adds unit tests.\n\nX-Origin-Diff: phab/D706\nGitOrigin-RevId: 271fd4e88969817b66318d3e03d50b70cf2819b8\n" }, { "commit": "32d73486f4ea778cd3ea58e2d579e862cf67fb9c", "tree": "78e3444e0b55df55f512415dbfd34977cdca2350", "parents": [ "6c4199afe4dc4d446679b862f528e840e60925df" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 01 23:49:17 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 01 23:49:17 2021 +0100" }, "message": "metropolis: introduce AAA.Escrow RPC\n\nThis is a combined proto change and design document RFC.\n\nThis implements a generic \u0027Escrow\u0027 methid, used to allow external\nentities to log into a Metropolis cluster. This flow\u0027s subject vaguely\ncorresponds to \u0027Entity\u0027 objects from the Lifecycle DD, but this will be\nmore precisely defined in a subsequent change which introduces the\nactual entities objects, the way they\u0027re identified, and the way they\u0027re\nstored in the cluster.\n\nIn addition, this formalizes the part of the LDD in which entities are\nable to perform hardware attestation on nodes. The hardware attestation\npart is not fully implemented, but is placed within the bounds of the\nEscrow streaming RPC. Entities might also be able to performs this\nhardware attestation in a separate RPC call (having already requested a\nshort-lived certificate permitting access to RPC), but this is not yet\nsure.\n\nThis design, is in a way, a modernized version of GSSAPI. It assumes it\nruns over a confidential channel (TLS), and that it only ever returns\nx509 certificates emitted for the requesting client. It is also designed\nto handle flows that we expect to use within Metropolis.\n\nThis design has some known limitations:\n\n1) Limited decisionmaking abitility by the server to decide which proofs\n are needed - ie., the server cannot change its mind what other proofs\n are needed as the client presents some. Currently the server can\n decide the proofs only based on the parameters given by the client,\n and the initial context of the connection, ie. its originating\n address and the presented TLS certificate.\n2) Limited expressibility of required proofs to the client, currently\n all listed must be fulfilled.\n\nThis, however, can be extended as the protocol evolves, and can continue\nto support simple clients that handle only this protocol. Especially 2)\nmight be limiting us from preventing things like accepting emergency\ncertificates without necessarily needing an OIDC login, even though OIDC\nlogins are required for other kinds of certificates. We are explicitly\ntrying to keep things simple for now, and just not write ourselves into\na corner here.\n\nFinally, this API should cover all scenarios expressed within T865 -\nminus the entity storage part within the cluster.\n\nTest Plan: Proto change and review process.\n\nX-Origin-Diff: phab/D698\nGitOrigin-RevId: 92892b5522a4d41d572fd4c10f24d26f72919aeb\n" }, { "commit": "6c4199afe4dc4d446679b862f528e840e60925df", "tree": "fcea4d9f54f2e04cf1d203e104c4a14bfa103702", "parents": [ "5999e92b2da34cbbd50391327ec01081a91866ee" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 17:34:29 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 17:34:29 2021 +0100" }, "message": "Set reasonable defaults for our kernel\u0027s network configuration\n\nThis sets a number of sysctl options to tune the kernel for a datacenter-like environment by increasing\nbuffers and choosing a better congestion control algorithm. It also enforces reverse path filtering to\nprevent spoofing from CAP_NET_ADMIN-enabled containers and blocks source routing as we have no need for that\nand it might some day interfere with policy efforts.\n\nTo set all these options a small helper structure has been added which makes setting these more compact\nand nicer to read.\n\nTest Plan: Covered by E2E for breakage, scalability improvements not yet testable\n\nBug: T495\n\nX-Origin-Diff: phab/D704\nGitOrigin-RevId: 427b2513d604090e51b37587d772f240112be09d\n" }, { "commit": "5999e92b2da34cbbd50391327ec01081a91866ee", "tree": "164e447b7d17e89f2b1046c3da51af141deaa08b", "parents": [ "3a99c590543394ceb5260282ef8e924b44e8eef8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "message": "Bump Linux kernel to 5.10\n\nThis bumps our Linux kernel to 5.10. There\u0027s one minor fix in fsinfo accounting for the fact that strings are\nnow null-terminated. While debugging this I also drive-by fixed a minor typing issue in quotactl.go.\n\nThis drops support for the old initramfs loading method (which was the driving force for the EROFS changes)\nas refactors in the kernel made the patch we carried until now non-viable. Nothing uses it anymore, everything is\neither a microvm-style machine which doesn\u0027t use EFI and thus doesn\u0027t suffer from the issue or uses EROFS.\n\nTest Plan: No new functionality, should be covered by E2E tests.\n\nX-Origin-Diff: phab/D697\nGitOrigin-RevId: d8e40954abb66cb082eecbca372b94a7e40b84a8\n" }, { "commit": "3a99c590543394ceb5260282ef8e924b44e8eef8", "tree": "e1b727a0c12b387e1bc12d71826405b8b588fa40", "parents": [ "6b13bf1a98c4a612d13ae939e68802e77fb45474" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:57:21 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:57:21 2021 +0100" }, "message": "Switch Metropolis to EROFS-based root filesystem\n\nThis gets rid of the old large initramfs and switches to an EROFS-based root\nfilesystem. It also drops the copy \u0026 remount compatibility code. As this filesystem is\nproperly read-only and not just ephemeral, this also brings various changes to the code\nto make systems compatible with that.\n\nTest Plan: Covered by E2E tests, also manually smoke-tested.\n\nX-Origin-Diff: phab/D696\nGitOrigin-RevId: 037f2b8253e7cff8435cc79771fad05f53670ff0\n" }, { "commit": "6b13bf1a98c4a612d13ae939e68802e77fb45474", "tree": "bcd1f6566df193d026889da174a6773b8689d643", "parents": [ "10b9ee96d4c2b8a011af4cd4db3390c1fd1ddf93" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:54:24 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:54:24 2021 +0100" }, "message": "Add EROFS creation utility and Bazel rule\n\nThis adds a binary which can create EROFS filesystems from a spec and a Bazel rule similar to\nnode_initramfs which creates EROFS filesystems.\n\nTest Plan: Tested in subsequent revision\n\nX-Origin-Diff: phab/D695\nGitOrigin-RevId: 4e8f970938c93606da46f475387de1e013b1c35c\n" }, { "commit": "10b9ee96d4c2b8a011af4cd4db3390c1fd1ddf93", "tree": "ea0ca7da66e44cc52defa1a307e47642ca83a150", "parents": [ "2073ce34e57b0be3cedd39b8934869abb6f73582" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 12:14:23 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 12:14:23 2021 +0100" }, "message": "erofs: Don\u0027t modify caller\u0027s data\n\nThe erofs library\u0027s directory writer appends data to parameters. Because of the way slices work in Go this\nresults in the caller\u0027s data being changed, which is obviously undesirable. Fix this by making a copy first.\n\nTest Plan: Minimal change, should be covered by existing tests\n\nX-Origin-Diff: phab/D703\nGitOrigin-RevId: ebf473c1049e5e8035802382220aba98c4498877\n" }, { "commit": "2073ce34e57b0be3cedd39b8934869abb6f73582", "tree": "8c7f86cecb41848e0614da742935cc656be02239", "parents": [ "7b82227c87f477e9d986d648b8ad63f4268dde3b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 18:52:59 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 18:52:59 2021 +0100" }, "message": "Bump Bazel to 4.0.0\n\nThis bumps Bazel to 4.0.0 because we want to use ProtoModule. The update was relatively painless,\nno incompat-flags needed to be switched back off. `bazel_gazelle` is pinned on a master version\nsince they haven\u0027t released a Bazel 4-comaptible version yet and I have one patch against Kubernetes\u0027s\ninfra repo which is going upstream.\n\nTest Plan: Build system change, should be covered by existing tests\n\nX-Origin-Diff: phab/D701\nGitOrigin-RevId: 24f675e6ba33efb9f46191eccca95088d7d2d1f1\n" }, { "commit": "7b82227c87f477e9d986d648b8ad63f4268dde3b", "tree": "bd4f8afb09a40f4217709f956c2344c67f95e660", "parents": [ "378a4455aedda838f60c546e55199092f24952ed" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 17:03:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 17:03:41 2021 +0100" }, "message": "Drop legacy kubelet log path\n\nIt looks like the Kubernetes update broke E2E tests on the EROFS stack because of some change\nto how the legacy log dir is handled. Kubelet currently just crashes because it can\u0027t mkdir\n/var/log/containers. This directory is apparently only used by fluentd for log collection in upstream\nE2E tests and with dockershim, both of which we don\u0027t care about. So let\u0027s just nuke it.\n\nTest Plan: Fixes things on top of the EROFS stack\n\nX-Origin-Diff: phab/D700\nGitOrigin-RevId: 45b7f76a61b7234845ab55fcfbc37a66f69fe065\n" }, { "commit": "378a4455aedda838f60c546e55199092f24952ed", "tree": "aa78b858535224fe8c9b24c2ff7e9ed2c903080b", "parents": [ "74e8e5c35fea1ec9ce13c8a2d16100bab45d42d9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 13:47:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 13:47:41 2021 +0100" }, "message": "Add EROFS library\n\nThis adds a library to write EROFS filesystems. It supports most of the non-deprecated features the\nfilesystem supports other than extended inodes (which have no benefits for most use cases where EROFS would be\nappropriate). EROFS\u0027s variable-length extent compression is partially implemented but it requires an LZ4\ncompressor with support for fixed-size output which Go\u0027s https://github.com/pierrec/lz4 doesn\u0027t have. This means\nthat VLE compression is currently not wired up.\n\nThis will be used later as a replacement for our current initramfs-based root filesystem.\n\nTest Plan: Has both integration and some unit tests. Confirmed working for our whole rootfs.\n\nX-Origin-Diff: phab/D692\nGitOrigin-RevId: 8c52b45ea05c617c80047e99c04c2b63e1b60c7c\n" }, { "commit": "74e8e5c35fea1ec9ce13c8a2d16100bab45d42d9", "tree": "3ec734c4b86fed54a5039623c789dd4b805b3b6e", "parents": [ "19eb0006edc79edc53fb53ea0eed67e93f4c8eba" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 14:00:50 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 14:00:50 2021 +0100" }, "message": "Make containerd work with read-only root\n\nThis makes containerd work with a read-only root. There were a few config mistakes on our side which\ncaused it to write to the rootfs (mostly leftovers from the switch to /ephemeral) and a semi-hardcoded path\nin /var/lib/cni from containernetworking/cni. This is technically configurable, but it would require patching\nthree different repos (see diff message) and getting all of them to agree to take the change and wait for\nit to propagate to all repos (containerd is known to be slow to release stuff). So let\u0027s just hack in\nthis one-line diff for the time being.\n\nTest Plan: Should be covered by existing tests\n\nX-Origin-Diff: phab/D694\nGitOrigin-RevId: 0e8f5dbfb216539c16e64130af9fe1023722ae1b\n" }, { "commit": "19eb0006edc79edc53fb53ea0eed67e93f4c8eba", "tree": "704a52ab75bde43409d80246cf23bce6b6be3467", "parents": [ "842536b10bd1b11e62317940feef215442a8ecb4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 21 14:25:25 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 21 14:25:25 2021 +0100" }, "message": "third_party: bump Kubernetes to 1.19.7\n\nThis... didn\u0027t exactly go well. Turns out a change between rc.1 and rc.2\nbroke our runc runtime by enabling seccomp by default for pod sandboxes.\n\nWe work around this by reverting this change, and filing T916 to solve\nthis soon.\n\nThis fixes T910 and T909.\n\nTest Plan: kube bump, CI should run e2e, didn\u0027t run CTS.\n\nBug: T910, T909\n\nX-Origin-Diff: phab/D691\nGitOrigin-RevId: 78afca77c294895859e0af9150128d82677d875b\n" }, { "commit": "842536b10bd1b11e62317940feef215442a8ecb4", "tree": "264906157b5cd51ef39e952326b85da48b5bbb5b", "parents": [ "f12bedfa4cd144c3abc4deac58405067d55f9c87" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 13:54:57 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 13:54:57 2021 +0100" }, "message": "Make Kubernetes work with read-only root\n\nThis makes Kubernetes work with a read-only root. There\u0027s two places where they hardcode\npaths: One is the DeviceManager socket path (/var/lib/kubelet/device-plugins/kubelet.sock), that one\nis easy to fix because KubeletRootDir is available one scope above. The other one is the pod logs dir\nwhich is too far removed from the main Kubelet config, so I just changed their hardcoded path to ours.\nThe first patch should be upstreamable, for the second one we\u0027d need to take a different approach to upstream.\n\nTest Plan: Should be covered by existing E2E tests.\n\nX-Origin-Diff: phab/D693\nGitOrigin-RevId: 4606ab228a24bd4a0274f8e3156123710a59f2aa\n" }, { "commit": "f12bedfa4cd144c3abc4deac58405067d55f9c87", "tree": "ddbc408e424a0ea8e446bcf0022ee16278202d63", "parents": [ "c3ad846e0eaf4cf008130a643ff247aa27531e17" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "message": "*: bump up Go dependencies\n\nThis started off as \u0027let\u0027s bump gVisor\u0027. However, pulling that thread\nresulted in quite a few things that also required bumping for the build\nto actually work. Here I come back from a day in the Bazel mines,\nbearing fruits of my labor.\n\nNotable changes:\n\n - bump up gVisor\n - bump up containerd\n - bump up Bazel\n - bump up rules_go, rules_docker, Gazelle\n - use google.golang.org/protobuf (the \u0027new\u0027 go proto package)\n - bump up gRPC (but not too much, as go-etcd is still straggling)\n\nNotable effects:\n\n - new gVisor supports TTY allocation (kubectl run -it\n --image\u003dubuntu:20.04 ubuntu bash now works!)\n\nNotable notes:\n\n - gVisor shim has new been rolled into the main gVisor package and is\n slightly easier to build (we can get rid of a bunch of patches).\n - Opencontainers\u0027 runtime-specs now follow containerd instead of gVisor\n - gVisor had to be taught to use the slightly newer runtime-specs via a\n new patch.\n - go_rule() in Starlark is now deprecated, and we had to change our\n Starlark rule definitions to use rule() instead. We also had to patch\n gVisor to do that (as there hasn\u0027t yet been a release that rolled\n this up).\n - Gazelle now supports different naming schemes for generated Go\n targets - either the old //foo/bar:go_default_library scheme, or a\n new and nicer //foo/bar:bar scheme. We currently force the usage of\n the old scheme, as switching over is probably not going to be easy\n (we use a lot of external Bazel files, and we have to wait for their\n compatibility with the new scheme first).\n - New Bazel/rules_go sets a TMPDIR long enough to generate paths (via\n ioutil.TempDir) to which sockets cannot be bound (108-byte limit).\n - The new protobuf API is incompatible with gogoproto. containerd/ttrpc\n uses gogoproto, but we are smart enough to pull in the old protobuf\n library as gogoproto\u0027s transitive dep. However, ttrpc also wants to\n use some proto-generated grpc bits, and that doesn\u0027t work. We have to\n pull in a ttrpc fork from a PR that hasn\u0027t yet been merged that fixes\n this issue.\n\nTest Plan: Refactor only, should be covered by tests.\n\nX-Origin-Diff: phab/D689\nGitOrigin-RevId: 1188c0605d25e7f40307fab5fd96e7019f3a9171\n" }, { "commit": "c3ad846e0eaf4cf008130a643ff247aa27531e17", "tree": "d9a8287f49f596c8ffd9c7d0dce6939c16a06707", "parents": [ "febf0b0defa3a4ccfb58f4c77ddb095a2668162a" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 08 16:45:51 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 08 16:45:51 2021 +0100" }, "message": "ci: build both debug and non-debug builds, add secondary cache\n\nThis runs `test //... -c dbg` in addition to `test //...`. Because switching to-and-from the debug configuration causes the local cache to get thrashed, we add a secondary cache via --disk_cache. This should, at some point, be replaced with a proper remote cache instead.\n\nWe also drive-by fix a debug build issue.\n\nFixes T883.\n\nTest Plan: This should test more things in CI now.\n\nBug: T883\n\nX-Origin-Diff: phab/D688\nGitOrigin-RevId: 9c35c4737d6b205a6bc74d50665c37535ac1d5ba\n" }, { "commit": "febf0b0defa3a4ccfb58f4c77ddb095a2668162a", "tree": "03043ebb7c96fc2b8293221fdb59740dc162942e", "parents": [ "31370b07f0df2dc2765d812d4ce00a6b35185b16" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:34:28 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:34:28 2021 +0100" }, "message": "script: nexantic -\u003e monogon\n\nThis replaces the \u0027nexantic\u0027 build container with one called \u0027monogon\u0027.\n\nAlso drive-by fix Fietsje\u0027s proto package path.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D687\nGitOrigin-RevId: 15165f3b57927836dc9601454b31dce4b2c09c7d\n" }, { "commit": "31370b07f0df2dc2765d812d4ce00a6b35185b16", "tree": "15563902eee9591083284441c8505b084b275d0a", "parents": [ "313816f41244d7520eb2b6f8c231328ee5b7a4ef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "message": "*: git.monogon.dev -\u003e source.monogon.dev\n\nThis implements T882, setting our (virtual) GOPATH to source.monogon.dev\nfor this repository.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D686\nGitOrigin-RevId: c5e2309089948ffc3a98e68e2e0e1cbb157d3a36\n" }, { "commit": "313816f41244d7520eb2b6f8c231328ee5b7a4ef", "tree": "7a8aa08b48b22a7843afd76c14b8fd2ebe3c2cfb", "parents": [ "d9ed6560d5db2783252945e1dd3c2e4f908c019e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Dec 22 16:52:26 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Dec 22 16:52:26 2020 +0100" }, "message": "Disable integrity and encryption for debug builds\n\nThis disables disk encryption and integrity when running in the debug profile.\nIt also makes mkfs.xfs not issue discards as the backend is either a sparse file\n(during development) or dm-crypt/dm-integrity which ignores them. In both cases\nthey are counterproductive and slow things down.\n\nTest Plan: Not exercised by normal tests, manually tested.\n\nX-Origin-Diff: phab/D681\nGitOrigin-RevId: 24fae1e3de8d852b414ebd50f3fbe032440683fb\n" }, { "commit": "d9ed6560d5db2783252945e1dd3c2e4f908c019e", "tree": "7b90c06406fa071f1a7927c25d3526339a509758", "parents": [ "0be9be88224dd87eedb10436b11615fa59862271" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:06:44 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:06:44 2021 +0100" }, "message": "build: remove cilium\n\nThis was used back when we were considering CIlium for our networking\nlayer. However, we abandoned that idea, and as such these are all\nunnecessary.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D685\nGitOrigin-RevId: 30f296d7626d64cc1a07a73e4e7bbd18d9e9d933\n" }, { "commit": "0be9be88224dd87eedb10436b11615fa59862271", "tree": "2cffcd0ca273ada48c0b42a36bd25bb1cc2da35c", "parents": [ "549b72b2d65051403301f53111509f77e88b379b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "message": "metropolis: Lock down visibility rules\n\nThis formalizes the package structure introduced by D683.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D684\nGitOrigin-RevId: 574aa14c71faf94f4a5c02a2110e2e3fef7d36ac\n" }, { "commit": "549b72b2d65051403301f53111509f77e88b379b", "tree": "b4e523d5d17e8130545e58b58870b4a18118a780", "parents": [ "696f39abb19ffcca03e9fc5a98681338216b1e7f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "message": "metropolis: unify utility packages\n\nOne last sweeping rename / reshuffle.\n\nWe get rid of //metropolis/node/common and //golibs, unifying them into\na single //metropolis/pkg meta-package.\n\nThis is to be documented somwhere properly, but here\u0027s the new logic\nbehind selecting where to place a new library package:\n\n - if it\u0027s specific to k8s-on-metropolis, put it in\n //metropolis/node/kubernetes/*. This is a self-contained tree that\n other paths cannot import from.\n - if it\u0027s a big new subsystem of the metropolis core, put it in\n //metropolis/node/core. This can be imported by anything in\n //m/n (eg the Kubernetes code at //m/n/kubernetes\n - otherwise, treat it as generic library that\u0027s part of the metropolis\n project, and put it in //metropolis/pkg. This can be imported by\n anything within //metropolis.\n\nThis will be followed up by a diff that updates visibility rules.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D683\nGitOrigin-RevId: 883e7f09a7d22d64e966d07bbe839454ed081c79\n" }, { "commit": "696f39abb19ffcca03e9fc5a98681338216b1e7f", "tree": "3eb962a59b2af0c3fb3cf40a05c405ae23b7f8a9", "parents": [ "81de89b8675ee0ce677225ffef1cd3ee6ad9f56f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Dec 22 16:54:01 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Dec 22 16:54:01 2020 +0100" }, "message": "Make kube-apiserver use supervisor helper for commands\n\nAll other Kubernetes services already use this and it enables them to log\ninto logtree. Make kube-apiserver also do the same.\n\nTest Plan: Covered by existing tests\n\nX-Origin-Diff: phab/D680\nGitOrigin-RevId: 59df1342edc2cb27c22ffa9b4eb9101d7d1b400f\n" }, { "commit": "81de89b8675ee0ce677225ffef1cd3ee6ad9f56f", "tree": "e518c0a70ec203314fcd9415d01a484ac3182a91", "parents": [ "520c934288d32979ed54b7ffde74428e4583509b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Dec 22 10:59:14 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Dec 22 10:59:14 2020 +0100" }, "message": "scripts: remove cockroachdb container\n\nRemoving Anubis/Delta in D676 frees us from needing to run a cockroachdb\ncontainer.\n\nTest Plan: Refactor, covered by tests.\n\nX-Origin-Diff: phab/D678\nGitOrigin-RevId: 704b0d9f2ea1f09e143758f1b3aa336a84904b74\n" }, { "commit": "520c934288d32979ed54b7ffde74428e4583509b", "tree": "47fe9a4317e2a13789f4a8f855490ef98edc2065", "parents": [ "6df7c4f6b2c9a896357cb6c4e236d588f4e23277" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Dec 22 10:58:41 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Dec 22 10:58:41 2020 +0100" }, "message": "sqlboiler: remove\n\nWe do not use any SQL anymore in this repository, so we do not need sqlboiler.\n\nTest Plan: Refactor, covered by CI.\n\nX-Origin-Diff: phab/D677\nGitOrigin-RevId: 1ed24f3d57774be14e6611582f691e73b1106ea9\n" }, { "commit": "6df7c4f6b2c9a896357cb6c4e236d588f4e23277", "tree": "1f6690534fa123509708fe197ef3f35e6edf6903", "parents": [ "df952416e693f5b3180f1e69b6021a589cdc80d9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Dec 21 15:02:00 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Dec 21 15:02:00 2020 +0100" }, "message": "Properly exit CTS on signals\n\nThis kills the loops when the global context is cancelled ensuring reliable termination\nof the CTS with Ctrl+C or a signal.\n\nTest Plan: Manually tested by aborting the CTS with Ctrl+C\n\nX-Origin-Diff: phab/D673\nGitOrigin-RevId: a2f367cd4a7a57bb573bd57656148681add048a2\n" }, { "commit": "df952416e693f5b3180f1e69b6021a589cdc80d9", "tree": "9ad8fdce45516e723b3ebe1aa49aec8b2d8194e6", "parents": [ "662b5b3119b0798980b887d1ef9fa1b5632aa7fb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Dec 21 14:59:36 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Dec 21 14:59:36 2020 +0100" }, "message": "Fix nanoswitch logging after logtree refactor\n\nThe LogTree refactor left nanoswitch without a way to sink its logs as it doesn\u0027t have\na gRPC endpoint to read them from and logtree doesn\u0027t output to any stdout/stderr by default.\nThis adds a simple sink similar to what\u0027s currently used the node code.\n\nTest Plan: Manually tested\n\nX-Origin-Diff: phab/D672\nGitOrigin-RevId: 8698f9f920f36adf11fa1ef34a47723514eaa665\n" }, { "commit": "662b5b3119b0798980b887d1ef9fa1b5632aa7fb", "tree": "3e1fc4ab033530e6d579112ba500d2c6edb43368", "parents": [ "39f2f691726dc6e0a291aa8609085b835a313dad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "message": "smalltown -\u003e metropolis\n\nThis pass removes all mentions of Smalltown, both from code and comments,\nand replaces them with appropriate new terminology.\n\nTest Plan: Refactor, covered by CI.\n\nX-Origin-Diff: phab/D674\nGitOrigin-RevId: 04a94d44ef07d46f7821530da5614daefe16d7ea\n" }, { "commit": "39f2f691726dc6e0a291aa8609085b835a313dad", "tree": "23d34844fa68be991d514bf8bd89bc5042779091", "parents": [ "686444ed962d75053832ce59527cf15a552a7fc0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Dec 21 14:51:42 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Dec 21 14:51:42 2020 +0100" }, "message": "Make LaunchCluster not close DebugClient it\u0027s returning\n\nLaunchCluster currently closes the gRPC connection underpinning the DebugService\nit\u0027s returning. This causes all further calls to that service to immediately return with\na CANCELED error. There\u0027s no reason why it should do this (probably a refactoring artifact),\nso just remove the Close call. Fixes T881.\n\nTest Plan: CTS is not run as part of automated test still because it takes too long.\n\nBug: T881\n\nX-Origin-Diff: phab/D671\nGitOrigin-RevId: 6bfa382cba6a15b146b2f24311507456b58cdf98\n" }, { "commit": "686444ed962d75053832ce59527cf15a552a7fc0", "tree": "6c522bf2b538dafe4e5c345c96a353418ecd0c41", "parents": [ "553ab2b7a7f96e38ff7e381dcbefc095ed3520df" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 14:21:14 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 14:21:14 2020 +0100" }, "message": "launch-multi2: split up logs from nodes into prefixed lines\n\nCurrently it\u0027s impossible to tell apart logs from each node.\n\nIn general, we should move this over the the debug logging API instead\nof relying on qemu stdout, but this will do for now.\n\nTest Plan: Shouldn\u0027t affect any tests, as we don\u0027t actually test multi-node setups. Truth be told, we should.\n\nX-Origin-Diff: phab/D670\nGitOrigin-RevId: 7b4e170e634096bc40432fbef0844d9924957182\n" }, { "commit": "553ab2b7a7f96e38ff7e381dcbefc095ed3520df", "tree": "d8ea94719a7cf18b330a9adf772749a465419cb5", "parents": [ "77cb6c5ec3acadf02ad5005dd751cfbf0ec1602f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:59:33 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:59:33 2020 +0100" }, "message": "nanoswitch: document shorter lease time\n\nThis was bumped down from 12h in D656, but the comment did not get\nupdated.\n\nTest Plan: Comment change. No test needed.\n\nX-Origin-Diff: phab/D669\nGitOrigin-RevId: fbd6bf76844b4eec4a20d4a52b472e2e47fff537\n" }, { "commit": "77cb6c5ec3acadf02ad5005dd751cfbf0ec1602f", "tree": "7ddfcdf78c489a5d6fad7a20bd3580d803407450", "parents": [ "26d41999e0c71813648c16ad84bba810c3b9d593" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "message": "core -\u003e metropolis\n\nSmalltown is now called Metropolis!\n\nThis is the first commit in a series of cleanup commits that prepare us\nfor an open source release. This one just some Bazel packages around to\nfollow a stricter directory layout.\n\nAll of Metropolis now lives in `//metropolis`.\n\nAll of Metropolis Node code now lives in `//metropolis/node`.\n\nAll of the main /init now lives in `//m/n/core`.\n\nAll of the Kubernetes functionality/glue now lives in `//m/n/kubernetes`.\n\nNext steps:\n - hunt down all references to Smalltown and replace them appropriately\n - narrow down visibility rules\n - document new code organization\n - move `//build/toolchain` to `//monogon/build/toolchain`\n - do another cleanup pass between `//golibs` and\n `//monogon/node/{core,common}`.\n - remove `//delta` and `//anubis`\n\nFixes T799.\n\nTest Plan: Just a very large refactor. CI should help us out here.\n\nBug: T799\n\nX-Origin-Diff: phab/D667\nGitOrigin-RevId: 6029b8d4edc42325d50042596b639e8b122d0ded\n" }, { "commit": "26d41999e0c71813648c16ad84bba810c3b9d593", "tree": "13b60089a6d8e40aab345820498e9e703ad41f7a", "parents": [ "023093c104fbddc568e624949ec68a5722dcd180" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Dec 15 19:27:58 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Dec 15 19:27:58 2020 +0100" }, "message": "intellij: use Bazel-built goimports\n\nTest Plan: Tested the watcher, it fixed my code\n\nX-Origin-Diff: phab/D663\nGitOrigin-RevId: 0e06b3a4043e1671d8bb553312c8894d7c916933\n" }, { "commit": "023093c104fbddc568e624949ec68a5722dcd180", "tree": "497fe0f51477767642ad885d089daf9e5659d639", "parents": [ "18b4d653647c23e3a4cd10832d5d6dbd56a4e37e" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Dec 15 18:48:19 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Dec 15 18:48:19 2020 +0100" }, "message": "intellij: add run configurations for fietsje and gazelle\n\nTest Plan: Did the thing\n\nX-Origin-Diff: phab/D662\nGitOrigin-RevId: a2b6da33c09256e78774e83e84972034131fcb77\n" }, { "commit": "18b4d653647c23e3a4cd10832d5d6dbd56a4e37e", "tree": "d985a3feb246a1e8f365f48659b9e0e5f592ea66", "parents": [ "a4edfa9e12ce6db3216da01be7bf35825893c749" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Dec 14 18:27:07 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Dec 14 18:27:07 2020 +0100" }, "message": "intellij: add localconfig helper\n\nAdds a little helper tool which merges a watcherTasks template with the local\nproject config. This restores the functionality lost in D658.\n\nAlso cured me of any remaining nostalgic feelings towards XML.\n\nTest Plan:\nDeleted all watchers, ran the script, re-opened project,\nwatchers are back and functional. Local watchers with the same name got\noverwritten. Additional watchers were untouched.\n\nX-Origin-Diff: phab/D661\nGitOrigin-RevId: 83f7c1506476378145781c816d776fd451aed40c\n" }, { "commit": "a4edfa9e12ce6db3216da01be7bf35825893c749", "tree": "387c7d4d0f0499609ac03fea2c68afda5aa862be", "parents": [ "dbac6ccbf5325aa737280ac79b3cc5916e9b57f6" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Dec 13 18:55:21 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Dec 13 18:55:21 2020 +0100" }, "message": "Fix IntelliJ instructions in README\n\nWe probably need more in-depth instructions for the open source project,\nbut the existing ones should at least be correct.\n\nTest Plan: N/A\n\nX-Origin-Diff: phab/D660\nGitOrigin-RevId: 5e9dd3379c17a23539651624dfc64daafd156b28\n" }, { "commit": "dbac6ccbf5325aa737280ac79b3cc5916e9b57f6", "tree": "677c4bf05829f1f5c2d586710caa1e8c2ced63aa", "parents": [ "9601f26770e2aed2c8c37a490e936ce300b1a01d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 30 10:57:26 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 30 10:57:26 2020 +0100" }, "message": "Replace temporary DHCP client with dhcp4c\n\nThis replaces our temporary DHCP client with the new one. The old GetIP()\ninterface is still preserved temporarily and will be ripped out in another revision\nstacked on top of this one. nanoswitch also got some updates to support renewals which\nit previously didn\u0027t have to do. This does leave the hacky channel system in place, supervisor observables are still in the design phase.\n\nTest Plan: E2E tests still pass\n\nX-Origin-Diff: phab/D656\nGitOrigin-RevId: cc2f11e3989f4dbc6814fcfa22f6be81d7f88460\n" }, { "commit": "9601f26770e2aed2c8c37a490e936ce300b1a01d", "tree": "4d378d512ac02685b7eccbd8ef41ace024cef2d9", "parents": [ "ede8a80d816f8c102ed4de13ba25512024582a75" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Dec 09 19:44:41 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Dec 09 19:44:41 2020 +0100" }, "message": "Implement DHCPv4 default callbacks\n\nThis implements common callbacks to manage interface IPs and\nroutes in the kernel from DHCPv4.\n\nTest Plan: New integration tests against our kernel via ktest.\n\nX-Origin-Diff: phab/D657\nGitOrigin-RevId: 3c39dddbd0e4151e6e902de150243296e6e459b4\n" }, { "commit": "ede8a80d816f8c102ed4de13ba25512024582a75", "tree": "6ac77e0709b7a1422e240323b43d78b838c93bca", "parents": [ "56a7ae643059875a074ab6e3ca92754520483edd" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Dec 11 14:53:50 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Dec 11 14:53:50 2020 +0100" }, "message": "Remove .ijwb and .idea, migrate to import_run_configurations\n\nThe Bazel IntelliJ team has stated that while checking in the .ijwb folder\ntechnically sorta-kinda works, they recommend against it since they cannot\nguarantee any kind of backwards compatibility. Indeed, bootstrapping a\nworking IDE project from a clean checkout with .ijwb has been a\ndelicate matter in the past and is currently broken again.\n\nDo the supported thing instead and nuke .ijwb and .idea and ignore them.\nThe .bazelproject file can then be used to create a new project using\nFile → Import Bazel project, creating the workspace from scratch.\n\nRun configurations are now created by the Bazel plugin, and those XML\nfiles come with a backwards compatibility promise.\n\nThis means that we lose all other shared settings except run\nconfigurations. If there\u0027s particular configs that we want to keep, we\nneed to write custom tooling which mangles the XML configs, which will\nallows us to deal with backwards compatibility and differences in\ndeveloper setups (i.e. outside contributors).\n\nTest Plan:\nCloned the project from scratch, imported the Bazel\nproject, everything worked on the first try :O\n\nX-Origin-Diff: phab/D658\nGitOrigin-RevId: 979ac5345fd8a5f26a5f8ec3d5882ea477b48a69\n" }, { "commit": "56a7ae643059875a074ab6e3ca92754520483edd", "tree": "b949c496629eea44dfb0407fc90bef5bcb9bf894", "parents": [ "21b039bcd224dc0ba0050e7281cef8d73071d0a4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 29 11:03:30 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 29 11:03:30 2020 +0100" }, "message": "Added DHCPv4 Client\n\nThis adds a bare-bones DHCPv4 client. Currently leases are handled by a single callback which\ncan then be used to implement option observers and other ways to deal with them.\n\nTest Plan: Some tests already here, more coming.\n\nX-Origin-Diff: phab/D645\nGitOrigin-RevId: 76fae7080cdd8ba59cf77368179cae0bc9c9c824\n" }, { "commit": "21b039bcd224dc0ba0050e7281cef8d73071d0a4", "tree": "755d4fc794aadf9f547cda07656c57576aac4e3d", "parents": [ "edf5c4ff49e1aac2f7cd9052aa694f9b4c786457" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Nov 25 16:00:39 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Nov 25 16:00:39 2020 +0100" }, "message": "Fix nanoswitch not setting DHCP lease time\n\nThe original implementation of this used an accessor (due to\nconfusing naming on dhcpv4\u0027s part) and passed the value to be set the\ndefault value. Found when testing with the new DHCP client which\ncorrectly rejected these leases as invalid.\n\nTest Plan: Works with the new DHCP client and in E2E\n\nX-Origin-Diff: phab/D654\nGitOrigin-RevId: 841b161a02809d3c43768ff7a529905f90290f2c\n" }, { "commit": "edf5c4ff49e1aac2f7cd9052aa694f9b4c786457", "tree": "839c754fe09465aead87385cea5ecc5940f16146", "parents": [ "12971d6c8031d06f497c81ae1ed2a5bee488e7d2" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Nov 25 13:45:31 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Nov 25 13:45:31 2020 +0100" }, "message": "logtree: slightly rearrange LeveledPayload/LogEntry\n\nThese were in awkward spots, a leftover from the multiple implementation\npasses of the logtree implementation.\n\nTo make things slightly easier to grok, we move payload.go into\nleveled_payload.go, to make it explicitly a subelement of the leveled\npart of the LogTree.\n\nWe also move LogEntry and its related functions into its own file,\nlogtree_entry.go, as logtree_access.go was a slightly awkward spot, too.\n\nTest Plan: Refactor, covered by existing tests.\n\nX-Origin-Diff: phab/D651\nGitOrigin-RevId: 298d68c91a7cd59059f21ade35ea17f0c9a93cc7\n" }, { "commit": "12971d6c8031d06f497c81ae1ed2a5bee488e7d2", "tree": "3332b72dda28e9c3d476aba0dd63d8465a3245f7", "parents": [ "b0272187ee577a94edb803b81413165b7c1a89ba" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Nov 17 12:12:58 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Nov 17 12:12:58 2020 +0100" }, "message": "logtree: capture multiple lines in leveled log entries\n\nThis implements a solution to a disputed answer to the following\nquestion:\n\n “What happens when someone calls Infof(\"foo\\nbar\")?”\n\nMultiple answers immediately present themselves:\n\n a) Don\u0027t do anything, whatever consumers logs needs to expect that\n they might contain newlines.\n b) Yell/error/panic so that the programmer doesn\u0027t do this.\n c) Split the one Info call into multiple Info calls, one per line,\n somewhere in the logging path.\n\nFollowing the argumentation for these we establish the follwoing\nrequirments for any solution:\n\n 1) We want the programmer to be able to log multiple lines from a\n single Info call and have that not fail. This is especially\n important for reliability - we don\u0027t want an accidental codepath\n that suddenly starts printing %s-formatted user-controlled\n messages to start erroring out in production. This rules out b).\n 2) We want to allow emitting multiple lines that will not be\n interleaved when viewing the log data. This rules out c).\n 3) We want to prohibit log injection by malicious \\n-containing\n payloads (in case of %s-formatted user-controlled content). This\n rules out a).\n 4) If multiple lines are allowed in a leveled payload, the type\n system should support that, so that log consumers/tools will not\n forget to account for the possible newlines. This too rules out\n a).\n\nWith these in mind, we instead opt for a different solutions: changing\nthe API of logtree and logging protos to contain multiple possible lines\nper single log entry. This is a breaking change, but since all access to\nlogs is currently self-contained within the Monogon OS codebase, we can\nafford this.\n\nTo support this change, we change the access API (at LogEntry and\nLeveledPayload level) to contain two different methods for retrieving\nthe canonical representation of an entry:\n\n fn String() string\n\nwhich returns a string with possible intra-string newlines (but no\ntrailing newlines), but with each newline-delimited chunk having the\ncanonical text representation prefix for this message. This prevents\nnewline injection into logs creating fake prefixes.\n\n fn Strings() (prefix string, lines []string)\n\nwhich returns a common prefix for this entry (in its text\nrepresentation) and a set of lines that were contained in the original\nlog entry. This allows slightly smarter consuming code to make more\nactive decisions regarding the rendering of a multi-line entry, while\nstill providing a canonical text formatted representation of that log\nentry.\n\nThese permit simple log access code that prints log data into a terminal\n(or terminal-like view), like dbg, to continue using the String() call.\nIn fact, no changes had to be made to dbg for it to continue working,\neven though the API underneath changed.\n\nNaturally, raw logging entries continue to contain only a single line,\nso no change is implemented in the LineBuffer API. The containing\nLogEntry for raw log entries emits single-lined Strings() results and no\nnewline-containing strings in String() results.\n\nTest Plan: Updated unit tests to cover this.\n\nX-Origin-Diff: phab/D650\nGitOrigin-RevId: 4e339a930c4cbefff91b289b07bc31f774745eca\n" }, { "commit": "b0272187ee577a94edb803b81413165b7c1a89ba", "tree": "e270e4fc6d3497b4a6c8624ea7cd8ebbe7246a59", "parents": [ "967be21df6e1f0e14ab66e904f5904261962f099" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Nov 02 18:39:44 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Nov 02 18:39:44 2020 +0100" }, "message": "core: plug logtree into NodeDebugService\n\nThis introduces a new Proto API for accessing debug logs. Currently this\nis implemented to be used by the debug service. However, these proto\ndefinitions will likely be reused for production cluster APIs.\n\nThe implementation mostly consists of adding the proto, implementing\nto/from conversion methods, and altering the debug service to use the\nnew API.\n\nWe also move all of the debug service implementation into a separate file,\nto slightly clean up main.go. This produces an unfortunately colorful\ndiff, but it\u0027s just moving code around.\n\nTest Plan: Manually tested using the dbg tool. We currently don\u0027t properly test the debug service. I suppose we should do that for the production cluster APIs, and just keep on going for now.\n\nX-Origin-Diff: phab/D649\nGitOrigin-RevId: ac454681e4b72b2876e313b3aeababa179eb1fa3\n" }, { "commit": "967be21df6e1f0e14ab66e904f5904261962f099", "tree": "4d231b6ff6f32802010a5c7b53c596ee72094319", "parents": [ "3a15d04cbb362f1f0aca32d7a9009d2462df4e4c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Nov 02 11:26:59 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Nov 02 11:26:59 2020 +0100" }, "message": "core: replace logbuffer with logtree\n\nTest Plan: Component logs are currently untested?\n\nX-Origin-Diff: phab/D643\nGitOrigin-RevId: 44ace0a1937aee9ba6a49db6e862907ec24d6ea3\n" }, { "commit": "3a15d04cbb362f1f0aca32d7a9009d2462df4e4c", "tree": "c19c00e6a49c542f95fd10f0bad207b2becd8771", "parents": [ "c7359679c41a68cf2a33c717c60c8cb433fb4239" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 11 21:16:14 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 11 21:16:14 2020 +0100" }, "message": "core/network/dhcp: fix logging call typo\n\nTest Plan: Looked at log output\n\nX-Origin-Diff: phab/D644\nGitOrigin-RevId: 2bd00682030c03dbf767b43e020f1e8b78a22a60\n" }, { "commit": "c7359679c41a68cf2a33c717c60c8cb433fb4239", "tree": "3f6d7f5116ac3ceca7a38bc145471c32d923434c", "parents": [ "f6a5d31feb0417b42c8cb8ce87a9cab98449beb6" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Oct 30 16:38:57 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Oct 30 16:38:57 2020 +0100" }, "message": "core: replace zap with logtree\n\nTest Plan: Effective refactor. Only tests that could be affected are e2e tests that should continue to run, because we still are logging into the qemu console, even if differently.\n\nX-Origin-Diff: phab/D642\nGitOrigin-RevId: 0f12b1bc985af08a3cc269569273184321763e4b\n" }, { "commit": "f6a5d31feb0417b42c8cb8ce87a9cab98449beb6", "tree": "0f12f6135441ab216df98c0501b1fc0c7ee17eea", "parents": [ "f68153cf4d0a7a588113c847b2203e4c5c3529e8" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Oct 30 16:39:17 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Oct 30 16:39:17 2020 +0100" }, "message": "core/internal/common/service: delete\n\nThis is the old service abstraction that we\u0027ve replaced with supervisor,\nbut forgot to remove.\n\nTest Plan: Refactor (removal of old code), covered by existing tests.\n\nX-Origin-Diff: phab/D641\nGitOrigin-RevId: b5771fc295bed61bb93dd14c12b67684670a0aad\n" }, { "commit": "f68153cf4d0a7a588113c847b2203e4c5c3529e8", "tree": "7453347ca5a87f5f16090c874885105e3bfb805f", "parents": [ "1bfa0c2d9107cecb56ef6243133cfa12f4c3317b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 13:54:37 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 13:54:37 2020 +0100" }, "message": "logtree: implement raw logging\n\nTest Plan: Covered by new tests.\n\nX-Origin-Diff: phab/D640\nGitOrigin-RevId: 786ab2851710bf2819dcb91571b3567e8da3e377\n" }, { "commit": "1bfa0c2d9107cecb56ef6243133cfa12f4c3317b", "tree": "aeb008c1f685962e2d2387ed348435ef52534794", "parents": [ "248b2ecab2a933024b443b29bb7f9872f38f2956" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Oct 14 16:45:07 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Oct 14 16:45:07 2020 +0200" }, "message": "logtree: rename payload to leveledpayload\n\nTest Plan: Refactor, covered by tests.\n\nX-Origin-Diff: phab/D639\nGitOrigin-RevId: 6c268c8b437a93c97720f110dbc9c39e95402648\n" }, { "commit": "248b2ecab2a933024b443b29bb7f9872f38f2956", "tree": "04aac2dcb6bdc74d19d5cfd35e45a52e20e1e3a8", "parents": [ "a7dca8956f9e0182f51b74d1309f49f177416eef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 15:55:51 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 15:55:51 2020 +0100" }, "message": "logbuffer: split out LineBuffer\n\nWe want to be able to use similar line-oriented buffering in LogTree.\nRather than repeat ourselves, let\u0027s fact this out into a nice little\nlibrary.\n\nTest Plan: Covered by existing logbuffer tests, added some extra linebuffer-specific ones.\n\nX-Origin-Diff: phab/D636\nGitOrigin-RevId: 38e832d323ed9f1723feaa9f9169caad18619e55\n" }, { "commit": "a7dca8956f9e0182f51b74d1309f49f177416eef", "tree": "dd35e9e4433795b5a0d8eafbd814bc692dc58ccd", "parents": [ "5e4fc2d107722f748f90cad06601c1b20e0934fc" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 13:53:53 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 13:53:53 2020 +0100" }, "message": "scripts: update aspects patch to support custom toolchains\n\nTest Plan: tested locally, syncs, works again.\n\nX-Origin-Diff: phab/D635\nGitOrigin-RevId: 2a50ef50b2e3db86252d59359042c001b85ac318\n" }, { "commit": "5e4fc2d107722f748f90cad06601c1b20e0934fc", "tree": "3f29a0772e9182a7e7cc0073b61b00f58013e071", "parents": [ "fa5c2fccc528b40f216687e02f0c1cd004e013d6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Sep 22 18:35:15 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Sep 22 18:35:15 2020 +0200" }, "message": "Add support for runc container runtime\n\nAdds the runc container runtime, its containerd shim, required Linux features and plumbs it into\nKubernetes using RuntimeClasses and containerd runtime selection. Also adds support for building C-based\ntargets as part of our initramfs.\n\nThe Bazel portion is a bit verbose but since label dicts cannot be reasonably concatenated and closures\nare prohibited in Starlark I see no better way.\n\nFor this to be usable for most images new Linux binfmt options have been added. The hashbang binfmt\nshouldn\u0027t have any negative impact, but binfmt_misc has a registry which is only namespaced if used\nwith user namespaces, which are currently not used and thus might represent an exploit vector. This\nis tracked in T864.\n\nTest Plan: New E2E tests covering this feature have been added.\n\nX-Origin-Diff: phab/D625\nGitOrigin-RevId: 1e7e27166135437b2965eca4dc238f3255c9b1ba\n" }, { "commit": "fa5c2fccc528b40f216687e02f0c1cd004e013d6", "tree": "f39c24f681176b7bbf36fe6af304c6902124f552", "parents": [ "4efaa019244db96128941965aa72c0e1371b0d2d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Sep 28 13:32:12 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Sep 28 13:32:12 2020 +0200" }, "message": "Use CoreDNS for everything and make directives dynamic\n\nThis moves CoreDNS from Kubernetes to the network tree and uses\nit for OS-side resolution too. For this to work together with Kubernetes it now\ncontains a dynamic directive system which allows various parts of the OS\nto register and unregister directives at runtime. This system is used to hook\nKubernetes and DHCP-supplied DNS servers into the configuration.\n\nThis also enables the hosts plugin to resolve the local hostname from within\nCoreDNS to avoid querying external DNS servers for that (T773).\n\nTest Plan:\nCTS covers K8s-related tests, external resolution manually tested from\na container.\n\nBug: T860, T773\n\nX-Origin-Diff: phab/D628\nGitOrigin-RevId: f1729237f3d17d8801506f4d299b90e7dce0893a\n" }, { "commit": "4efaa019244db96128941965aa72c0e1371b0d2d", "tree": "167da813dbd4f5a1eb4bcd608d94464c5f215d8a", "parents": [ "06d65bc4e57c4c83150a3b67fc33763d5360b80f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 01 14:32:52 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 01 14:32:52 2020 +0200" }, "message": "Remove Cilium from Initramfs\n\nThis removes Cilium from the Initramfs. It still leaves it as a dependency\neither for later cleanup or if we want to use it for something.\n\nTest Plan: Covered by existing tests, doesn\u0027t affect anything anyways.\n\nBug: T866\n\nX-Origin-Diff: phab/D629\nGitOrigin-RevId: 1378dd4db05685795fef2d91770d5dfa5b891b5a\n" }, { "commit": "06d65bc4e57c4c83150a3b67fc33763d5360b80f", "tree": "3ee27d08628e68d5c5f971e24519bc3f0fc8082e", "parents": [ "9e861a87775191faf1a027f603a0074446cd1319" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Sep 24 10:51:59 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Sep 24 10:51:59 2020 +0200" }, "message": "logtree: chase out some documentation typos\n\nTest Plan: only documentation changes.\n\nX-Origin-Diff: phab/D627\nGitOrigin-RevId: 78b1983bd67c632f467227689371113f26da5842\n" }, { "commit": "9e861a87775191faf1a027f603a0074446cd1319", "tree": "01fb624b542762594bad6e88d67c947263837769", "parents": [ "5faa2fc7fb6266486183fdc1455e711079d33e37" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Sep 16 13:46:41 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Sep 16 13:46:41 2020 +0200" }, "message": "//build/toolchain/musl-host-gcc: implement\n\nThis is a cc_toolchain which runs on x86 systems with Linux/gcc and\ntargets Smalltown via static musl builds.\n\nIt is currently unused, but can be tested by trying to build any\ncc_binary with\n--crosstool_top\u003d//build/toolchain/musl-host-gcc:musl_host_cc_suite .\n\nTest Plan: This has been tested manually by running it against a simple cc_binary. Another revision on top of this will attempt to build mkfs.xfs with it.\n\nX-Origin-Diff: phab/D623\nGitOrigin-RevId: ebdf51ee76d9d5a7fd94725c66ef53783f787df7\n" }, { "commit": "5faa2fc7fb6266486183fdc1455e711079d33e37", "tree": "17203f2ac8ed9124b4573b2f9a05aaa92335190c", "parents": [ "5ade732e7778b774caf03c850fbfaa7b67132d9b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Sep 07 14:09:30 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Sep 07 14:09:30 2020 +0200" }, "message": "logtree: implement\n\nThis implements logtree, as per go/logtree .\n\nSome API changes are present, the design doc will be updated to reflect\nthese and the rationale behind the changes.\n\nThis implementation is missing \u0027raw\u0027 log functionality, this will be\nadded in a diff on top (as the implementation is trivial, but we want\nto keep this diff as simple as possible).\n\nTest Plan: covered by tests\n\nX-Origin-Diff: phab/D624\nGitOrigin-RevId: 6d1e0fb16f47e4b0dc9a18765cecb9314bbcb441\n" }, { "commit": "5ade732e7778b774caf03c850fbfaa7b67132d9b", "tree": "ad467196bf11717d4193f45c346112ffe97c375b", "parents": [ "a50e845df333a4d7531793e3fed61ca8411384f5" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Aug 27 13:27:51 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Aug 27 13:27:51 2020 +0200" }, "message": "logtree: implement LeveledLogger interface\n\nThis implementes the equivalent of StructuredLogger from go/logtree as\na pure interface for further implementation by LogTree (or other logging\nmechanism, eg. in tests).\n\nStructuredLogger was a slightly poor name (because of the unfortunate\nindustry understanding of what structured logging is), so we go ahead\nand rename that. Once this change goes through, the design document will\nbe reflected to rename \u0027Structured Logging\u0027 to \u0027Leveled Logging\u0027.\n\nWe base the API off of github.com/golang/glog, but without a single\nglobal instance. Other API differences include:\n - No {Info,Warning,Error,Fatal}ln calls, as these are pretty much\n equivalent to {Info,Warning,Error,Fatal} calls.\n - V(n) now returns an interface with .Enabled(), instead of a boolean\n value. This is necessary as the returned value will have to carry\n its corresponding LeveledLogger instead of calling global functions.\n\nTest Plan: plain interface, untested\n\nX-Origin-Diff: phab/D620\nGitOrigin-RevId: 06c7e3a88751ff7503e8106fac2360cf8de621c4\n" } ], "next": "a50e845df333a4d7531793e3fed61ca8411384f5" }