)]}' { "log": [ { "commit": "cb1e4da5b3c1d2d5efa6a4495af40f8fc50c72ad", "tree": "39b896bb35e4a4e55a03e8cff431018b8390737d", "parents": [ "1612d4b51f74e439d1efb4b8957d440d148035b7" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 11 16:42:52 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 22 11:18:43 2021 +0000" }, "message": "m/n/c/curator: implement Curator.CommitNode\n\nThis takes a node from STANDBY to UP. This is the last step required in\na node\u0027s registration flow.\n\nChange-Id: I6806e84abb862088335a76c42738db43aec75c62\nReviewed-on: https://review.monogon.dev/c/monogon/+/443\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "1612d4b51f74e439d1efb4b8957d440d148035b7", "tree": "c69d3d08b638ed54ef938a97166893e7b9779cf5", "parents": [ "5b60e581bdc1cd420a281e3a110367e310337850" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Nov 12 13:54:15 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 22 11:18:43 2021 +0000" }, "message": "m/n/c/curator: implement Management.ApproveNode\n\nThis takes a node from NEW to STANDBY. This is the second-to-last\nstep requires in a node\u0027s regsitration flow.\n\nChange-Id: I88f9c7d2cd824c7d3182195b784a725ec9528d28\nReviewed-on: https://review.monogon.dev/c/monogon/+/442\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "5b60e581bdc1cd420a281e3a110367e310337850", "tree": "f5bf40f16039a685243f04ea64e4d279b3ab41ac", "parents": [ "5611447f05c85eb5d0b7f7c5865911b1d560ef66" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Nov 10 19:57:17 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Nov 18 17:10:32 2021 +0000" }, "message": "m/p/efivarfs: add boot settings manipulation routines\n\nThis adds CreateBootEntry and SetBootOrder.\n\nBoth functions can be used to adjust EFI boot settings by writing to\nEFI variable files exposed through efivarfs.\n\nChange-Id: I0b1364357bcf1e8dabf24ef4046861924306e029\nReviewed-on: https://review.monogon.dev/c/monogon/+/436\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5611447f05c85eb5d0b7f7c5865911b1d560ef66", "tree": "19274d1fae7747027ad2758d3027f0e09b9c599e", "parents": [ "6cefe518de0b964db90c1b10d57b8be47aa4448e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 11 14:47:54 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 15:40:45 2021 +0000" }, "message": "m/n/c/curator: implement Management.GetNodes\n\nThis is a management call that provides detailed per-node details.\nCurrently it returns all information about all nodes, but can be then\nextended to allow filtering and selective/masked field retrieval.\n\nThis call is then used to implement a test which exercises\nCurator.NodeRegister and GetNodes.\n\nChange-Id: Ia093d9f03a4213b01acbb0fdac9714d8e7b02dd3\nReviewed-on: https://review.monogon.dev/c/monogon/+/434\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "6cefe518de0b964db90c1b10d57b8be47aa4448e", "tree": "c6ad847d934e0769c89c809e91077208f2a3adb3", "parents": [ "531e2c25995933a2e3110f5a53852bdbb5a2a39c" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 08 18:19:42 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Nov 18 15:13:32 2021 +0000" }, "message": "m/p/efivarfs: import the EFI boot entry data type\n\nThis imports marshal.go from the Softmetal project.\n\nThe complete MIT license under which it was released was added at the\nstart of the file. It was renamed to boot.go which better reflects its\npurpose in its current context. The implementation was adapted for\nMetropolis.\n\nChange-Id: I41d1b10bf5105c52fa7de7695def5b6f3a9b192e\nReviewed-on: https://review.monogon.dev/c/monogon/+/427\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "531e2c25995933a2e3110f5a53852bdbb5a2a39c", "tree": "b8b8dd9d56e6aebb9eaab8225e5f31fc999d8db3", "parents": [ "ed86976004c8a9d8d06e787ece3d59b04dba11f9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 17 20:00:05 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 18 14:12:47 2021 +0000" }, "message": "WORKSPACE: bump Linux to 5.15.2\n\nThis involves ripping out fsinfo because there now is quotactl_fd which\nhandles what we originally used fsinfo for. I also enabled a few new\ninteresting kernel features in the config like the Landlock LSM and\nKFENCE.\n\nChange-Id: Ic0a113893a437b2c8068d06984fdc386f34e6adb\nReviewed-on: https://review.monogon.dev/c/monogon/+/444\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "ed86976004c8a9d8d06e787ece3d59b04dba11f9", "tree": "523b4d1ec2ee73e3b612c5aa02ae8cab87766a11", "parents": [ "fbd38e280916f0883263cf0b566984d3fea4ff39" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 13:30:58 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 13:11:11 2021 +0000" }, "message": "scripts: rename container image to full path as used in CI\n\nThis is needed due to what seems like a Podman bug: I have previously\nbuilt this image for CI (using scripts/push_ci_image.sh), which tagged\nit gcr.io/monogon-infra/monogon-builder:... . Then, when I ran\nscripts/create_container.sh it would actually not tag the container\nas monogon-builder, but instead as gcr.io/monogon-infra/monogon-builder.\nThis meant that scripts/bin/bazel kept using an older version of the\nimage than I expected.\n\nI would debug this further, but at some point we should have done this\nre-tag for local developer images anyway, as this will enable us to pull\nthis builder image from GCR in some cases if necessary (sparing some\ndevelopers the local image build step).\n\nChange-Id: I24445f94e7808cb4c478395358a4aa520df5906b\nReviewed-on: https://review.monogon.dev/c/monogon/+/446\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "fbd38e280916f0883263cf0b566984d3fea4ff39", "tree": "44abb583a39606b61940523e873af4d92a787be4", "parents": [ "579015afff6be9d6c87c867b0645f254b9aeb2d8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 08 14:41:16 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 13:01:16 2021 +0000" }, "message": "m/proto: switch from CA pubkey to CA certificate in ClusterDirectory/Register\n\nA CA certificate is a strict superset of the public key, and using it\ninstead of a public key allows us to connect to the cluster securely by\nreusing standard/existing x509 CA auth, instead of having to implement a\ncheck based on just a public key.\n\nBackwards-incompatible proto change, but we\u0027re pre-MVP, and this flow is\njust being implemented.\n\nChange-Id: I014780a6ec3e5e8c6e81532531b18ad1438c8258\nReviewed-on: https://review.monogon.dev/c/monogon/+/424\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "579015afff6be9d6c87c867b0645f254b9aeb2d8", "tree": "9d561def0da0671c67fd6aaea2e128e8dc01b432", "parents": [ "ad5b47d816f50f8f63f65b63861adea811ed85e8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 13:20:20 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 12:34:46 2021 +0000" }, "message": "m/p/supervisor: deflake tests\n\nThis removes some poorly designed test code which attempted to\nsynchronize with a goroutine in a way that\u0027s unsound in Go\u0027s concurrency\nmodel. Instead of doing a non-blocking read and failing if there is no\nsending goroutine, we just block. Test timeouts will, in this case,\ncause the test to error out.\n\nChange-Id: I5338693c578c8eb8b494a1a651a04de6a54df15c\nReviewed-on: https://review.monogon.dev/c/monogon/+/445\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "ad5b47d816f50f8f63f65b63861adea811ed85e8", "tree": "a2009c5079c8306975dab490491f84900d8942c5", "parents": [ "516d300df9a34da5b39944017cebf1b11897e7a0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 13:52:56 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Nov 18 12:15:03 2021 +0000" }, "message": "m/t/i/testos: introduce stub os for installer tests\n\nTestOS is a tiny \"operating system\" which is packaged the exact same\nway as an actual Metropolis node but only outputs a single flag before\nexiting. It\u0027s used for decoupling the installer tests from the\nMetropolis Node code.\n\nChange-Id: I156ee05a6c54b831696aeadd207f2c20db65a25c\nReviewed-on: https://review.monogon.dev/c/monogon/+/432\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "516d300df9a34da5b39944017cebf1b11897e7a0", "tree": "b045662801001e5c53412baa6d744346892830f0", "parents": [ "c6c092be9c8774192867620d1df41c6014e20de1" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 01 00:05:41 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 16 14:39:15 2021 +0000" }, "message": "m/n/c/curator: implement Curator.RegisterNode\n\nThis is the \u0027Register\u0027 call from the cluster lifecycle design document.\nWe don\u0027t yet call it from node startup code, but we do exercise it in a\nCurator test.\n\nChange-Id: Ife617b148a25fc8aecb0ed15f78a758ca4538016\nReviewed-on: https://review.monogon.dev/c/monogon/+/423\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "c6c092be9c8774192867620d1df41c6014e20de1", "tree": "ea4b7ca337f1465bfb71298a578cee55977e96a1", "parents": [ "c2e3b1b7f29708fa136e9195645b31fce530c1f0" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Nov 09 13:09:37 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Nov 16 13:18:01 2021 +0000" }, "message": "m/p/efivarfs: init\n\nThis adds a package supporting efivarfs operations.\n\nChange-Id: Ib0d0713a121efaa0ecdd7e70d8c9d27f4697f958\nReviewed-on: https://review.monogon.dev/c/monogon/+/426\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "c2e3b1b7f29708fa136e9195645b31fce530c1f0", "tree": "94d45711f78c1c1cc859e251519838350ce91938", "parents": [ "44d2ad428573bb20ee6be4b957b1abbacad50fcb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 11 11:06:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 16 12:47:21 2021 +0000" }, "message": "WORKSPACE: bump rules_go go 0.29 and Go to 1.17.1\n\nThe changes to nogo are from rules_go being able to use go_library\ntargets as part toolchain definitions. gVisor needed to be bumped\nto be compatible with Go 1.17. It also needs a fix for us not having\nthe systemd cgroup controller.\n\nChange-Id: I058b5c68d97809a286fbe36df00e49e55874dfd5\nReviewed-on: https://review.monogon.dev/c/monogon/+/438\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "44d2ad428573bb20ee6be4b957b1abbacad50fcb", "tree": "441b11be3d9ac7dd6038f7a043055893403cf542", "parents": [ "8fda084b12ad482da4b76888078cc53bfd3c2e20" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Nov 10 17:05:34 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Nov 12 15:19:22 2021 +0000" }, "message": "m/cli/metroctl: reformat\n\nAnother annoying instance of my local gofmt/goimports having stronger\nopinions about code formatting than our CI. Really ought to synchronize\nthem together ASAP.\n\nChange-Id: Ia4b9a30be3c19c0fc755d7659f26e7233b4f4598\nReviewed-on: https://review.monogon.dev/c/monogon/+/435\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "8fda084b12ad482da4b76888078cc53bfd3c2e20", "tree": "42e77f22b4b0f2c69dd7264c6ca5759df7b92789", "parents": [ "f73d8a993251c8fda30ce665c7f4eabdb7a203e3" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 19:47:51 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 11 13:24:38 2021 +0000" }, "message": "build/ci: bump Bazel to 4.2.0\n\nThis bumps Bazel to 4.2.0 in preparation for other rule updates.\n\nChange-Id: I786320e335a721a103859a87e066e199565e9fa0\nReviewed-on: https://review.monogon.dev/c/monogon/+/437\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f73d8a993251c8fda30ce665c7f4eabdb7a203e3", "tree": "80d1f94ce1be04bef15b4632083ad7e2745bbcb3", "parents": [ "80861fd796e8f32e2866fa3757ff92ee186a9e8f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 02 21:19:45 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 09 17:01:29 2021 +0000" }, "message": "m/n/c/network/hostsfile: implement\n\nThis implementes a dedicated runnable for maintaining hostsfile-like\nlocal state based on the node\u0027s local state and any possible cluster\ndata.\n\nThis needs to be able to be maintained by a single runnable regardless\nof the cluster enrolment process (bootstrap, register or join), and\nregardless of the state of enrolment (don\u0027t have networking data, only\nhave local networking data, have cluster state from any kind of\navailable cluster dialer).\n\nFor now this is just piped into the bootstrap logic and has no access to\ncluster data, but a planned revamp of the enrolment logic into the\nroleserver will fully integrate this with cluster information.\n\nChange-Id: Icc472a0da302109882c5a6d8b4e124a7b9af4813\nReviewed-on: https://review.monogon.dev/c/monogon/+/422\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "80861fd796e8f32e2866fa3757ff92ee186a9e8f", "tree": "3e02b5ce623b8d429f082a0e8f8a06fba546c163", "parents": [ "f758ce419a4a63261e4cacf8b8795a17d024df87" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 02 22:14:06 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 09 16:41:17 2021 +0000" }, "message": "m/n/c/curator: implement Watching NodesInCluster\n\nThis pipes etcd ranged watchers for nodes into a Curator RPC. This is to\nbe used by systems that need to compile information based on all/some\nnodes in the cluster, eg. when building a cluster directory or hosts\nfile with DNS mappings.\n\nThe existence of both NodeInCluster and NodesInCluster could be argued\nas unnecessary, and it might make sense to merge NodeInCluster\nfunctionality into NodesInCluster with a filter-by-node-id field. We\nshould consider doing this once the dust settles.\n\nWe also use this opportunity to write tests for Node{,s}InCluster.\n\nChange-Id: I544657b1bfe266a37230760236510024c6007c24\nReviewed-on: https://review.monogon.dev/c/monogon/+/420\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "f758ce419a4a63261e4cacf8b8795a17d024df87", "tree": "593f6821c2fe9e2c37eb9a4629e5a97650739f8c", "parents": [ "3ec8116383edfbe4aa4e04803f45a7201998ac80" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 03:40:43 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 13:54:32 2021 +0000" }, "message": "m/node: add a crude MVP bundle\n\nSince the bundle format will likely need some more time cooking let\u0027s\njust use a quick\u0027n\u0027dirty ZIP file for now. This is explicitly not stable\nand will be replaced by the actual bundle format before release. But\nit allows us to untangle various parts of the installer machinery and\nland them while this is still cooking.\n\nChange-Id: I7ba7875232e4b9a03a4dd564f2ca02d2663f829c\nReviewed-on: https://review.monogon.dev/c/monogon/+/430\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "3ec8116383edfbe4aa4e04803f45a7201998ac80", "tree": "41ffa2346ec8452832c1b85bfd41323051eec57c", "parents": [ "0b12170ae5e0ca561d1575a8e107da1b9690b2ca" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 03:37:03 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 13:54:32 2021 +0000" }, "message": "workspace: bump rules_pkg\n\nThis updates rules_pkg to 0.5.1 and registers its dependencies so that\nwe can actually use it.\n\nChange-Id: I4f9c225bfaed05da7a85c88f707df96b6ce1f1ce\nReviewed-on: https://review.monogon.dev/c/monogon/+/429\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "0b12170ae5e0ca561d1575a8e107da1b9690b2ca", "tree": "ce34dfbff7d4aed88d314e9fdf683874ee8cfa49", "parents": [ "b7f8e9a05f2e47e63b697ae93a9c72741aef98c1" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Sat Nov 06 12:54:58 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 08 13:04:23 2021 +0000" }, "message": "m/c/m/core: adjust the minimum ESP size\n\nOVMF firmware refuses to boot from a smaller ESP.\n\nThis is due to unknown factors. This patch addresses that problem by\nadjusting the partition\u0027s minimum size to slightly more than FAT\u0027s\nadvertised lower bound of 32MiB.\n\nChange-Id: I1516ce19a162cd8da51e92aa7783c5a48ecfa77f\nReviewed-on: https://review.monogon.dev/c/monogon/+/421\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b7f8e9a05f2e47e63b697ae93a9c72741aef98c1", "tree": "f47454e0d2b266674b520a3125884aca20ea5fa5", "parents": [ "dc7e31c81095fe809e3bfe07bbda36a21f54464e" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Oct 20 13:41:41 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 08 10:03:59 2021 +0000" }, "message": "third_party/linux: expose PARTUUID through uevent\n\nThe kernel was patched to expose partition UUIDs.\n\nThis was inspired by a change [1] that didn\u0027t make it into mainline.\nThe patch is meant for internal use and would need to be adapted for\nmainlining due to recent changes in the part of codebase involved.\n\n[1] https://lkml.org/lkml/2017/10/10/1130\n\nChange-Id: Ie34bf6f46ba95e39c5d8589414f98f06435aaae2\nReviewed-on: https://review.monogon.dev/c/monogon/+/407\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "dc7e31c81095fe809e3bfe07bbda36a21f54464e", "tree": "20ac8760617b9aa18968b5fb7fad288aeabca6f4", "parents": [ "d32d1eaec33b9b6e8a2ce6f207892d7a2b236382" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Oct 07 22:23:39 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 08 10:03:04 2021 +0000" }, "message": "m/node: move kernel cmdline to the unified kernel image\n\nThe upcoming installer code relies on its own params.\n\nChange-Id: I6408ffa3f14ae184e05786a48b59499ac25d8928\nReviewed-on: https://review.monogon.dev/c/monogon/+/406\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "d32d1eaec33b9b6e8a2ce6f207892d7a2b236382", "tree": "dc8e209fe34fbe3575223ac47864b1b7558a9f12", "parents": [ "8d45a0598ae83b8da89442ce8960e64f065182c7" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Nov 02 00:06:07 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 04 12:40:54 2021 +0000" }, "message": "build/ci: install headless JDK\n\nAs discussed in monogon-dev/monogon#83, we can avoid\npulling in a number of unnecessary dependencies by using\na headless JDK. Improves upon I4622349, which would break Jenkins.\n\nChange-Id: Iff4aef30b9c1ae76293d9a29cf0a86945eabc679\nReviewed-on: https://review.monogon.dev/c/monogon/+/414\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "8d45a0598ae83b8da89442ce8960e64f065182c7", "tree": "76fc262f260152be7be130ed2a078738e03073c2", "parents": [ "52304a8aa84604846e316e28c955b67e68c52f34" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 18 17:24:24 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Nov 03 15:01:37 2021 +0000" }, "message": "m/pkg/event/etcd: implement ranged watchers\n\nThis adds a new mode of operation to etcd Values/Watchers in which a\nrange of etcd keys is watched for updates instead of a single key.\n\nThis allows the implementation of watching a collection of objects\nstored in etcd for updates, eg. the node state in the Curator.\n\nThis has been implemented within the existing API of Event Values, which\nis likely the biggest contention point of this change. An alternative\nwould be to design a separate API for multi-value use, but this should\nallow us to more easily integrate with the existing code. We make use of\nGo\u0027s options-as-varargs paradigm to not break any existing use of this\ncodebase.\n\nSome behaviour of the Get() operation in ranged context is left\nunderdefined, but none of the expected users of this codebase are\nexpected to depend on this. Once the dust settles a bit, we can attempt\nto formalize this more strongly.\n\nChange-Id: I8f84d74332765e52b9bbec04b626d00f05c23071\nReviewed-on: https://review.monogon.dev/c/monogon/+/419\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "52304a8aa84604846e316e28c955b67e68c52f34", "tree": "df8518bb50b9665af7f4897665d8aa16f4a43e7f", "parents": [ "ba7bf7dc83c15cbd94a1f71b7992df7d7fc7d752" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 29 16:56:18 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Nov 03 11:36:20 2021 +0000" }, "message": "m/node: implement Port type for node ports\n\nThis allows us to use %v/%s to get a pretty port name where needed.\n\nWe also drive-by remove MasterServicePort which is a leftover from\na pre-curator cluster service implementation.\n\nChange-Id: Id8feddf87269b13dd1dad2460a015c1a7ecbc6d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/418\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ba7bf7dc83c15cbd94a1f71b7992df7d7fc7d752", "tree": "b3594e9440c82c099a5be021cabed1ab84a8f789", "parents": [ "1fd64a2ac8675eb532a8a01361c0b7251e8b9754" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 29 16:59:00 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 02 19:49:35 2021 +0000" }, "message": "m/pkg/supervisor: log instances of runnables pending restart\n\nThis can be helpful to debug stuck runnables that cannot restart due to\nsome of their children not restarting yet.\n\nWe should probably also keep a list of \u0027stuck\u0027 runnables and expose them\nvia some introspection API?\n\nChange-Id: Ia6219f6e721987b0746cb5cd0e5f11c4edc01cc6\nReviewed-on: https://review.monogon.dev/c/monogon/+/415\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "1fd64a2ac8675eb532a8a01361c0b7251e8b9754", "tree": "819b0c9d2d4f5d22d792a13adc38663a05df7b4e", "parents": [ "d102ebed4e10b33db95f6d6ff0c7fbc7dbb6b614" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 29 16:59:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 02 19:49:31 2021 +0000" }, "message": "m/p/logtree/unraw: close fifo on context cancel\n\nThis makes unraw runnables capable of being restarted instead of being\nstuck forever in canceling.\n\nChange-Id: I99d66d25b96644cc6a2da431fd4ca1873e552104\nReviewed-on: https://review.monogon.dev/c/monogon/+/416\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "d102ebed4e10b33db95f6d6ff0c7fbc7dbb6b614", "tree": "2cbfbb0c12dd60af859b6a8b2f63b80ee8eaa0ca", "parents": [ "57479bb5c00df6127e592716b6d644c3c13d75e9" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Oct 31 16:03:12 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Nov 02 14:05:30 2021 +0000" }, "message": "README.md: friendlier wip notice, link website\n\nChange-Id: I831a9d8bd875ba5047b873e93b18ce5fa65b62a6\nReviewed-on: https://review.monogon.dev/c/monogon/+/412\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "57479bb5c00df6127e592716b6d644c3c13d75e9", "tree": "db782aca2c0ea03fac70ab9d0cc89d30abf838ea", "parents": [ "070ec4eb5f6853185209494455a9a7b751cf32e1" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 26 14:01:06 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 02 12:35:45 2021 +0000" }, "message": "m/c/metroctl/core: add frontend-independent metroctl support pkg\n\nThis adds metroctl/core, a package which contains parts of metroctl\nwhich do significant amounts of work beyond just providing a CLI for\nthem.\nThis package is intended to be used for integrating with functions\nprovided by metroctl, for example for using them in integration tests\nor writing other frontends providing functionality similar to metroctl\n(like a GUI or webapp).\n\nChange-Id: I8a56bfbefce8d18c6c9be3349e3c7a15a699d009\nReviewed-on: https://review.monogon.dev/c/monogon/+/411\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\nVouch-Run-CI: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "070ec4eb5f6853185209494455a9a7b751cf32e1", "tree": "58e1edfe5c83976feeac07606c65252cafcf6aba", "parents": [ "6ef7f9bb94890748cc7c635f187fce7c5f497fe3" ], "author": { "name": "curiousleo", "email": "leo.markert@gmail.com", "time": "Mon Nov 01 16:22:10 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 01 17:39:47 2021 +0000" }, "message": "build/ci: Remove JDK from builder image\n\nThe JDK is not used and pulls in further unnecessary dependencies.\n\nChange-Id: I46223497d6809b911ab200bd255c20054e7c78d2\nReviewed-on: https://review.monogon.dev/c/monogon/+/413\nVouch-Run-CI: Leopold Schabel \u003cleo@nexantic.com\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "6ef7f9bb94890748cc7c635f187fce7c5f497fe3", "tree": "8252a2bfde15ebc883195717762ba313978ca946", "parents": [ "da3be1bde2f7cffc518433c8f65569079a30655e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Oct 21 13:02:40 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 25 18:46:55 2021 +0000" }, "message": "m/n/core: mount efivars\n\nWe will need them for lots of upcoming things, let\u0027s mount them\nso things which need them can use them.\n\nChange-Id: I4417c370615da154bc7cb8b8804cb268d0fd617e\nReviewed-on: https://review.monogon.dev/c/monogon/+/405\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "da3be1bde2f7cffc518433c8f65569079a30655e", "tree": "f1f308bfaec9ab63d86fdbbfeb414a296ac1a280", "parents": [ "66e589595ecbefdc1466ea5e98e9c237e3300f8e" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Oct 17 22:15:10 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 18 10:00:04 2021 +0000" }, "message": "build/ci: output link to Gerrit change\n\nChange-Id: I126e724052fea1cd04584b4a11d016dbd1c292a7\nReviewed-on: https://review.monogon.dev/c/monogon/+/384\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "66e589595ecbefdc1466ea5e98e9c237e3300f8e", "tree": "c5bf14131ce984dea96ee6825c12b5e3cf7a342a", "parents": [ "a1a96b454eb3c21d03b7f95f1917dd6ce1b84b8a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:06:56 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 11 13:27:02 2021 +0000" }, "message": "m/test: refactor cluster launch code, use for e2e tests\n\nThis is a light dust-off pass for the existing cluster launch code.\nNotably, we separate Metropolis-specific code into a subpackage\n(allowing us to make the package itself depend on the required\nnode/kernel images, without introducing dependency loops or unnecessary\ndependencies on the Metropolis node image).\n\nWe also make the LaunchCluster code return an already authenticated\nManagement client, and subsequent changes will use this client to add\nmore nodes to the running cluster.\n\nWe then move the E2E test to use LaunchCluster instead of LaunchNode, in\npreparation for running a multi-node cluster in the E2E test.\n\nWe also add some more log calls and clean up the existing ones to make\nit clear which subsystem (launch, launch/cluster or e2e) is respondible\nfor each message.\n\nChange-Id: I838bdc75073831fe94b9cdcef4fb3ab6bf8cba2c\nReviewed-on: https://review.monogon.dev/c/monogon/+/343\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a1a96b454eb3c21d03b7f95f1917dd6ce1b84b8a", "tree": "349684ba3c542d059472cb23e67c36fdff980dcb", "parents": [ "4b1e37c88d7472fa378393e7a2e545b7a87145c9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 19:29:57 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 08 15:34:28 2021 +0000" }, "message": "b/toolbase/gotoolchain: fix IntelliJ integration\n\nThis adds OutputGroupInfo(go_generated_srcs) to expose the Generated\ntoolchain source code to the IntelliJ Bazel aspect, removes the\nunnecessary GoArchive output (which seems to not be used when embedding\ninto another go_library) and does a reformat (as per IntelliJ\nconfiguration).\n\nChange-Id: I4bb981d8fa86b5960a7bcceab87607fdff6d1f13\nReviewed-on: https://review.monogon.dev/c/monogon/+/348\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "4b1e37c88d7472fa378393e7a2e545b7a87145c9", "tree": "8f1670f60907fb204bb159f11af637076a43af8f", "parents": [ "2f58ac0ba336ad64e5708a4bb72163e368410959" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 28 12:49:15 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 08 15:34:28 2021 +0000" }, "message": "build/fietsje: split into monogon-specific library and cli tool\n\nThis is a first pass at sightly modularizing fietsje. This allows\nfietsje-for-Monogon to be used as a Go library, and moves all the\ntoolbase startup logic into its own executable package. This allows us\nto call fietsje from some multi-purpose CI/check tool that I\u0027m slowly\nimplementing on the side.\n\nFietsje should still be split up further, allowing a generic fietsje\nlibrary to be used for more than just the Monogon repository - but that\nwill come at a later point.\n\nChange-Id: Ic59c0bb954c5416fda95d3604d5aa94553dc1030\nReviewed-on: https://review.monogon.dev/c/monogon/+/331\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "2f58ac0ba336ad64e5708a4bb72163e368410959", "tree": "f0047b265e47d3e934220f93147bbe663d7ac097", "parents": [ "eac8f7312382f20c17082f2871b50aea92e0a45e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 11:47:20 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 16:07:56 2021 +0000" }, "message": "m/n/c/curator: return CA public key in GetClusterInfo\n\nThis is needed for node registration (and is generally useful data\nwhenever a caller might not be aware of the CA\u0027s public key but already\nhas access to a Management client). In theory, all callers should be\naware of the public key, but in the future some other cluster\nverification might be performed with the CA public key ignored on\nconnectivity, but used by some other logic.\n\nChange-Id: If1928435bd5606c733460eb1a4a29a6578c8c723\nReviewed-on: https://review.monogon.dev/c/monogon/+/342\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "eac8f7312382f20c17082f2871b50aea92e0a45e", "tree": "cb1e0051ef3d97a64e367c77eaaf1c1217df2fbd", "parents": [ "bf5994514f50390c64c2ae6be2371687d312850c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 23:30:37 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 16:03:27 2021 +0000" }, "message": "m/n/core: run dedicated PID 1 reaper\n\nThis introduces minit, a tiny init implementation, written in C, built\nagainst musl. It does one thing: reap children. No support for TTY, no\nconfigurability, just the bare minimum for a working system.\n\nWe also drive-by remove some dead code from main.go.\n\nThis solves https://github.com/monogon-dev/monogon/issues/15\n\nChange-Id: I666ff2042f19639465ff918590a39b8e219ee7d6\nReviewed-on: https://review.monogon.dev/c/monogon/+/346\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bf5994514f50390c64c2ae6be2371687d312850c", "tree": "679766afdb62bd1721bfb48acb71c394c691f595", "parents": [ "bf68fa9d8cbf6d283da8d538c1f28d8f53df0fcd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 00:00:22 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 14:50:22 2021 +0000" }, "message": "build/ci: attempt to prevent Jenkins from killing Bazel\n\nEvery so often in CI we see the following:\n\n Server terminated abruptly (error code: 14, error message: \u0027Socket closed\u0027, log file: \u0027/home/ci/.cache/bazel/_bazel_ci/8746318cfadba75371ec634ee6e84c81/server/jvm.out\u0027)\n\nNot sure what causes it, but setting this magical value apparently\ncauses Jenkins\u0027 ProcessTreeKiller to stop killing all subprocesses of an\nexisting process, which might be causing the above. We\u0027ll find out.\n\nChange-Id: Ibe48126dcf547735183c8789260bac6c42a0a10e\nReviewed-on: https://review.monogon.dev/c/monogon/+/347\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "bf68fa9d8cbf6d283da8d538c1f28d8f53df0fcd", "tree": "d62cda0e060b4376dec815629f72e1661d77a73f", "parents": [ "bc671d09b9cdeb420260797c22020aa12059eb36" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:53:58 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 14:50:09 2021 +0000" }, "message": "m/n/c/roleserve: implement ClusterAgent\n\nThe ClusterAgent is a runnable that is scheduled to run on all cluster\nnodes. It\u0027s currently used to report the current node status to the\nCluster, and in the future can be used to implement hearbeat detection\nfor nodes.\n\nChange-Id: Iff394e2cc37064d1e42fd27e40884dda83d88418\nReviewed-on: https://review.monogon.dev/c/monogon/+/341\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bc671d09b9cdeb420260797c22020aa12059eb36", "tree": "868fe4b9601c2c5c1f63106f3f0160037cb76462", "parents": [ "3be483247a07a6ebe73dd044f6ad299e19a04c7b" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:53:32 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 14:49:55 2021 +0000" }, "message": "m/n/core: implement GetClusterInfo\n\nThis implements Management.GetClusterInfo which is used to retrieve a\nClusterDirectory. This in turn will be used by nodes that wish to\nregister into a cluster.\n\nThis could\u0027ve been skipped and instead Curator.Watch could\u0027ve been used.\nHowever, the Curator service is only really (currently) intended to be\nused by node-to-node communications. To keep with the current design, we\nimplement a separate RPC, but we should maybe reconsider if this\nseparation makes sense.\n\nChange-Id: Ie9d475731f4faafdc51a2aa51a1582ee1a259fd2\nReviewed-on: https://review.monogon.dev/c/monogon/+/340\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3be483247a07a6ebe73dd044f6ad299e19a04c7b", "tree": "91e414202d66fd57a7064d9cd6ff975530b56143", "parents": [ "826a9e94db7345bbb1932fa51049bc6e090391e3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:24:26 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 14:49:50 2021 +0000" }, "message": "m/n/c/curator: share locks across leader service instances\n\nThis is needed to lock access to nodes between the Curator and Managment\ninstances.\n\nChange-Id: I4609d87a961339235a13af57236f80c9976819ed\nReviewed-on: https://review.monogon.dev/c/monogon/+/339\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "826a9e94db7345bbb1932fa51049bc6e090391e3", "tree": "f602a0ec7c7f6d251be419b6e62014c65080a407", "parents": [ "27b6c4fd36a3e664cb9ed209e498404090d550a2" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 21:23:48 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 14:49:38 2021 +0000" }, "message": "m/pkg/logtree/unraw: deflake tests\n\nThis test was flaking quite seriously on CI, due to races between the\nsupervisor\u0027s test harness logging a startup message and the test\u0027s own\nlogging exercise logic.\n\nFixing that, I also spotted a rare flake that occurs when a\nNamedPipeReader restart races a write to the named pipe, possible\ncausing the write to be sent to the old but still running\nNamedPipeReader. We fix that in the test, as fixing this in the code\nitself is difficult and the resulting problem (a lost log line in this\nrare race condition) isn\u0027t that bad.\n\nChange-Id: If749798498acb9bf9e6557fd9cbcc441207b9726\nReviewed-on: https://review.monogon.dev/c/monogon/+/345\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "27b6c4fd36a3e664cb9ed209e498404090d550a2", "tree": "bf7a7ed35c26d8c560be92e33dd0ab09a82c4a5a", "parents": [ "2893e980368c0bbb843aa422386462a964623b40" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 18:55:46 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:37:21 2021 +0000" }, "message": "m/n/c/curator: use UnimplementedXXX stubs for follower unimplemented code\n\nChange-Id: Iecf9adf91c8ae4c6af5854e35dbf3362b1b31865\nReviewed-on: https://review.monogon.dev/c/monogon/+/344\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2893e980368c0bbb843aa422386462a964623b40", "tree": "0e95252b16a85991de6f0901bc7dcaf2ac566145", "parents": [ "96043bc1cb55b1271b21309b2011d64d2361a0fd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 09 13:06:16 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:29:42 2021 +0000" }, "message": "m/n/c/curator: add UpdateStatus\n\nThis implements Curator.UpdateStatus, which lets nodes self-report some\nstatus items. Currently this is their external IP address, which is\nneeded to generate a Cluster Directory which is in turn needed to\nregister into a cluster.\n\nChange-Id: Ib5464ca78ee3466d9b9f89b7af8b40f613ae8dcc\nReviewed-on: https://review.monogon.dev/c/monogon/+/332\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "96043bc1cb55b1271b21309b2011d64d2361a0fd", "tree": "b4db59595d8635154de74b0a244a6bb28bc52d2d", "parents": [ "3379a5d0ffcd652031c135f2ffe7600272fa0093" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 12:10:13 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:29:16 2021 +0000" }, "message": "*: import reformats\n\nAs caused by my IntelliJ/gofmt locally. We really need to do gofmt\nchecks in CI, especially now that we nearly have the tooling ready for\nit.\n\nChange-Id: Id105ba9ad8a34b8b8e883d52d621d47b0ea888d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/338\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3379a5d0ffcd652031c135f2ffe7600272fa0093", "tree": "6c771e39336d5df9f7d956fadb9578b94b25b174", "parents": [ "6adf8840e846b15b7b34151c3432c886b540f420" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 09 12:56:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:13:53 2021 +0000" }, "message": "m/n/core: factor out gRPC/TLS into rpc and identity libraries\n\nThis is an annoying large change, which started its life as me pulling\nthe \u0027let\u0027s add tests for authentication\u0027 thread, and ended up in\nunifying a whole bunch of dispersed logic under two new libraries.\n\nNotable changes:\n\n - m/n/core/identity now contains the NodeCertificate (now called Node)\n and NodeCredentials types. These used to exist in the cluster code,\n but were factored out to prevent loops between the curator, the\n cluster enrolment logic, and other code. They can now be shared by\n nearly all of the node code, removing the need for some conversions\n between subsystems/packages.\n - Alongside Node{,Credentials} types, the identity package contains\n code that creates x509 certificate templates and verifies x509\n certificates, and has functions specific to nodes and users - not\n clients and servers. This allows moving most of the rest of\n certificate checking code into a single set of functions, and allows\n us to test this logic thoroughly.\n - pki.{Client,Server,CA} are not used by the node core code anymore,\n and can now be moved to kubernetes-specific code (as that was their\n original purpose and that\u0027s their only current use).\n - m/n/core/rpc has been refactored to deduplicate code between the\n local/external gRPC servers and unary/stream interceptors for these\n servers, also allowing for more thorough testing and unified\n behaviour between all.\n - A PeerInfo structure is now injected into all gRPC handlers, and is\n unified to contain information both about nodes, users, and possibly\n unauthenticated callers.\n - The AAA.Escrow implementation now makes use of PeerInfo in order to\n retrieve the client\u0027s certificate, instead of rolling its own logic.\n - The EphemeralClusterCredentials test helper has been moved to the rpc\n library, and now returns identity objects, allowing for simplified\n test code (less juggling of bare public keys and\n {x509,tls}.Certificate objects).\n\nChange-Id: I9284966b4f18c0d7628167ca3168b4b4037808c1\nReviewed-on: https://review.monogon.dev/c/monogon/+/325\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "6adf8840e846b15b7b34151c3432c886b540f420", "tree": "c10422b27c730cdc7bdfb56e493aac784de5904a", "parents": [ "2f9f3876dd51d6a3031220d578a18c98270c74a8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 05 13:39:11 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 05 16:00:31 2021 +0000" }, "message": "m/c/metroctl: add skeleton and dependencies\n\nThis adds the skeleton for the Metropolis control command line,\nmetroctl. It currently consists of a single root command doing nothing\nand the dependency updates for viper, the library providing command\nline parsing and completion support.\nActual functionality will be in subsequent CLs.\n\nChange-Id: I73d0e2956d9550902a80295928e94cb32bb12cfc\nReviewed-on: https://review.monogon.dev/c/monogon/+/337\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "2f9f3876dd51d6a3031220d578a18c98270c74a8", "tree": "2174a0aacd26955d17d7ac462c00769001226469", "parents": [ "5d40c67126d51ab1d78f44f51ec23cb75e9887fc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 29 19:48:08 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 04 15:04:34 2021 +0000" }, "message": "m/n/b/unifiedefi: add bazel rule for EFI unified kernel images\n\nThis adds a new Bazel rule for generating EFI unified kernel images.\nIt also wraps the current Metropolis kernel in one for future use\nand as a cheap test.\n\nChange-Id: I74d7a25cc3c12d5f240eb218fbbd8ba09db1333a\nReviewed-on: https://review.monogon.dev/c/monogon/+/336\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5d40c67126d51ab1d78f44f51ec23cb75e9887fc", "tree": "9158b3c5c4a922c3e8759923c52a136ac206c229", "parents": [ "296bde209e76f677dc0f38d003a27df83bcf0f5a" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 28 15:06:37 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Sep 30 13:14:43 2021 +0000" }, "message": "third_party/efistub: init\n\nAdds the EFI stub from systemd-boot, built using our new EFI toolchain.\nThis allows us to bundle kernels, command lines and other data into\nsingle EFI payloads and also sign them later.\n\nA rules to build these unified EFI payloads is coming later.\n\nChange-Id: I789e893ff88541f3dc9e7400ccd2565ae414e554\nReviewed-on: https://review.monogon.dev/c/monogon/+/335\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "296bde209e76f677dc0f38d003a27df83bcf0f5a", "tree": "c4afb8f42d8856bca4cafedbd022f9b61967022b", "parents": [ "605efbe76a4317b50bc5499041784f303a9bdc37" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 28 15:04:40 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Sep 30 13:14:43 2021 +0000" }, "message": "third_party/gnuefi: init\n\nAdds GNU EFI, not for the hacky trampolines but for the EFI headers\nand the standard library.\nThe \"canonical\" EDK II headers are extremely hard to use so almost\neveryone not inside the EDK II uses these.\n\nChange-Id: I1189bb4c0897e9fed0da3e6471092d7fb09646cb\nReviewed-on: https://review.monogon.dev/c/monogon/+/334\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "605efbe76a4317b50bc5499041784f303a9bdc37", "tree": "a8599cf7715aaa2035163aeba83666d0d6506804", "parents": [ "bc7614ee942aee814865a5967c642802040476ed" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 28 14:01:01 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Sep 30 13:14:43 2021 +0000" }, "message": "b/t/llvm-efi: add EFI toolchain based on LLVM\n\nThis adds a Bazel toolchain for building EFI binaries using rules_cc\nwith LLVM installed in the container.\n\nIt does not yet add an EFI standard library.\n\nChange-Id: I9eb15de6f4f800ab6351607d2fb01dad3135da9f\nReviewed-on: https://review.monogon.dev/c/monogon/+/333\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "bc7614ee942aee814865a5967c642802040476ed", "tree": "12573dc1932f0477dffec7a21cf635f8b3ea140a", "parents": [ "356b896eb4c3db9608d637c775845a09fc20fd07" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 09 13:07:09 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 29 13:04:33 2021 +0000" }, "message": "m/n/c/curator: fix watch fail on context timeout\n\nFixes https://github.com/monogon-dev/monogon/issues/75.\n\nChange-Id: Iefb772fa55499271e85fec500f50e6c77e49d05a\nReviewed-on: https://review.monogon.dev/c/monogon/+/326\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "356b896eb4c3db9608d637c775845a09fc20fd07", "tree": "af30addfbc8caba5275febf71847196f13aba8a5", "parents": [ "116c4a69dc90827d82023c362cbc26a17e188787" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Aug 10 17:27:15 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Sep 28 12:14:43 2021 +0000" }, "message": "m/n/b/mkverity: refactor into VerityEncoder\n\nThe implementation was refactored into a stream-oriented VerityEncoder and exposed for use outside the mkverity tool. In addition, end-to-end tests were provided.\n\nChange-Id: I2d009ca8030d6a86e9d6dbe6d6ae60a3b84d2d74\nReviewed-on: https://review.monogon.dev/c/monogon/+/314\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "116c4a69dc90827d82023c362cbc26a17e188787", "tree": "dac0e28341a03ede45012c1945879348020967da", "parents": [ "ab4ef137f84411197c20e477aa8d7dd23f82d8ea" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 24 14:22:27 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 27 18:58:01 2021 +0000" }, "message": "build/fietsje: move to toolbase\n\nThis removes some of the bash magic copied over from Gazelle, and\ninstead uses toolbase to achieve the same effect.\n\nChange-Id: I6ea3bfda68092c00ea58883bb9b1f7c0779a97e6\nReviewed-on: https://review.monogon.dev/c/monogon/+/330\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "ab4ef137f84411197c20e477aa8d7dd23f82d8ea", "tree": "30d663886742a10d2fb499b21f4f836560fb300c", "parents": [ "cbd02be30a3960034ba1be55eabf0aa185604499" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 24 13:58:13 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 27 18:58:01 2021 +0000" }, "message": "build/toolbase/gotoolchain: init\n\nAnother piece of the toolbase puzzle, this one is a library which\nprovides information about the Go SDK picked by Bazel/rules_go, and\nallows to build tools that call the `go` tool.\n\nThis is effectively the logic from //build/fietsje:def.bzl, but\nrewritten to be reusable. In a later CL, we will make Fietsje use this\nlogic instead of its existing starlark/shell magic.\n\nChange-Id: I2be723089410c81843b54df77bcd665a4e050cbb\nReviewed-on: https://review.monogon.dev/c/monogon/+/329\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "cbd02be30a3960034ba1be55eabf0aa185604499", "tree": "eb64c22a5851773ade075837cf3c4a040c54181b", "parents": [ "c72aa433ff68b76317233ba8805d55845e9efd1a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 24 13:39:12 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 27 18:58:01 2021 +0000" }, "message": "build/toolbase: init\n\nIn an effort to better the developer/CI experience, I\u0027m moving some of\nour presubmit checks into a Go tool. This is a helper library that will\nbe used to interact with a Monogon workspace checkout from Go, both in\nthe new presubmit tool but also any other future tools that would like\nto operate on source code.\n\nChange-Id: Ie5f1b1d0153a1c853c241e167d2d3a469c636c94\nReviewed-on: https://review.monogon.dev/c/monogon/+/328\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "c72aa433ff68b76317233ba8805d55845e9efd1a", "tree": "ecdcb336a19c6cca8bbd426870b2ca023ec55207", "parents": [ "080f7ff710e359f2dab0d8ace98f0aa8e443d98d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 22 09:35:16 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 27 18:54:36 2021 +0000" }, "message": "m/n/k/containerd: less verbose runsc logging\n\nThis disables debug logging on non -c dbg builds of Metropolis, making\nthe console output less verbose.\n\nThis should maybe just be \u0027fixed\u0027 by making logtree -\u003e console smarter,\nie. implement log output filters, but this will do for now - and I think\nin general we don\u0027t want to have super verbose per-syscall logging\nenabled unless necessary.\n\nThe implementation picks between two runsc .tomls to build the node\nimage with, which works for now but we might have to move to a\nfull-blown config generator (build-time or runtime) when we also start\nhaving differences between containerd.toml.\n\nChange-Id: I5539ca6f4763a769e879f7d50637aa36f3ffd29b\nReviewed-on: https://review.monogon.dev/c/monogon/+/327\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "080f7ff710e359f2dab0d8ace98f0aa8e443d98d", "tree": "f515ece2d0503d897d2c09e18d9fcb5e2f57cee3", "parents": [ "44d6b832490adc28d787f392db1c9e40c9ff3438" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 09 13:01:00 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 21 08:41:43 2021 +0000" }, "message": "m/n/core/curator: add thin etcd storage abstraction\n\nThis implements etcdPrefix, a more formalized way to represent objects\nstored within etcd under some unique ID key.\n\nThis ensures any time objects are retrieved by key they are not\naccidentally traversing /-delimited \u0027path\u0027 elements, and implements the\nmildly complex range start/end computation operation for when all\nobjects from within a prefix must retrieved.\n\nChange-Id: Ib095f466faaf453b5f61a35642df6b0c1076ae05\nReviewed-on: https://review.monogon.dev/c/monogon/+/322\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "44d6b832490adc28d787f392db1c9e40c9ff3438", "tree": "f04b490de46c451931df9e078969eb550632e937", "parents": [ "e306d780504ae3ddfad3eb852c7adc5ec9757d89" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Sep 06 22:02:04 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Sep 08 12:21:08 2021 +0000" }, "message": "Use a temporary ntp.monogon.dev CNAME instead of pool.ntp.org\n\nWe\u0027re currently trying to get a vendor zone assigned\n(monogon-dev/monogon#72). Meanwhile, use a CNAME pointing\nto pool.ntp.org to avoid a freak accident where someone uses\na WIP version of Metropolis to deploy a million plastic routers.\n\nChange-Id: Ib39006c65a23d2df3a1230c28b0b7245b9e3e3c4\nReviewed-on: https://review.monogon.dev/c/monogon/+/320\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e306d780504ae3ddfad3eb852c7adc5ec9757d89", "tree": "3e8e2c7a21430777db525c9ed4717a2cab1c114a", "parents": [ "d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 01 13:01:06 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 06 09:05:40 2021 +0000" }, "message": "m/n/time: add time service\n\nThis adds a bare-minimum time service based on chrony/NTP for keeping\nthe system clock and RTC on Metropolis nodes accurate.\n\nIt also introduces a UID/GID registry in the Metropolis node code\nas this is the first unprivileged service to run on the node itself.\n\nIt does not yet use a secure time source, this is tracked as #73.\n\nChange-Id: I873971e6d3825709bc8c696e227bece4cfbda93a\nReviewed-on: https://review.monogon.dev/c/monogon/+/319\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9", "tree": "37e0b443caf904f0b78d423ba6580c1416f5bc11", "parents": [ "9ffa1f9577003ab70a6b483475874f3552d1ccc3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:03:06 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 03 11:15:40 2021 +0000" }, "message": "m/n/core/rpc: create library for common gRPC functions\n\nThis is the beginning of consolidating all gRPC-related code into a\nsingle package.\n\nWe also run the Curator service publicly and place it behind a new\nauthorization permission bit. This is in preparation for Curator\nfollowers needing access to this Service.\n\nSome of the service split and authorization options are likely to be\nchanged in the future (I\u0027m considering renaming Curator to something\nelse, or at least clearly stating that it\u0027s a node-to-node service).\n\nChange-Id: I0a4a57da15b35688aefe7bf669ba6342d46aa3f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/316\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "9ffa1f9577003ab70a6b483475874f3552d1ccc3", "tree": "a688d02424e8601ed830d12021b5867688d31438", "parents": [ "6bd415920b84bd695038caeb386f1e97184f0c51" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:42:23 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 02 10:38:15 2021 +0000" }, "message": "m/n/core/curator: authenticated RPC\n\nThis adds authentication middleware (server interceptors) for gRPC\nservices running on the public curator listener.\n\nMost of this code is testing harnesses to start up just the curator\nlistener with enough of a PKI infrastructure copy from a real Metropolis\ncluster to be able to start running tests against GetRegisterTicket.\n\nChange-Id: I429ff29e3c1233d74e8da619ddb543d56bc051b9\nReviewed-on: https://review.monogon.dev/c/monogon/+/311\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "6bd415920b84bd695038caeb386f1e97184f0c51", "tree": "60a125e0a299663c392218ed8b80cf33ea31aabd", "parents": [ "68dcee136984e2e16b7682e0c0758c1df831a84c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Aug 23 13:18:37 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 12:56:15 2021 +0000" }, "message": "m/node: add Management service, implement GetRegisterTicket RPC\n\nThis follows the Cluster Lifecycle design document.\n\nDO NOT MERGE: this needs a stacked CL on top which implements\nauthentication for the Management service.\n\nChange-Id: I19422a63b9dbf2fc0c7f4cbe204851af35b4dbdf\nReviewed-on: https://review.monogon.dev/c/monogon/+/307\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "68dcee136984e2e16b7682e0c0758c1df831a84c", "tree": "56e89baa3ba3a88b23fe7acf6929c357107509e4", "parents": [ "40025ff859d65f1a50ae38b20841f9e0a908050b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 31 13:12:07 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 01 10:33:47 2021 +0000" }, "message": "third_party/chrony: support dropping privileges\n\nEnables the configuration flags to build with privdrop and\ncapabilities support and adds the libcap dependency.\n\nThis makes chrony capable of running without root privileges.\n\nChange-Id: Ia80dcde80cc7a72c47a1fd30ab4dfb21c902f737\nReviewed-on: https://review.monogon.dev/c/monogon/+/318\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "40025ff859d65f1a50ae38b20841f9e0a908050b", "tree": "4a81af38eea054baf3cada86a1a94a572096e683", "parents": [ "031243f5a276726080a92410f7d3503e5870ed49" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 31 13:06:02 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 01 10:33:39 2021 +0000" }, "message": "third_party/cap: initialize\n\nThis adds libcap which is needed for any chance at running chrony as non-root.\n\nUpstream contains a multi-stage codegen based on various external utilities\nwhich has been replaced by a clean Go script. Upstream is capable of also\nusing gperf to generate hash tables for faster lookups, but due to the\nextremely low amount of items (~40) and the additional complexity this is\nnot enabled.\n\nThis is not tested standalone, but it has been tested with chrony.\n\nChange-Id: I638f6aea98158cd2e2838531a5a6125e724838f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/317\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "031243f5a276726080a92410f7d3503e5870ed49", "tree": "ab582e63dccf71c27e916d23ea24d5f250774d41", "parents": [ "cbeb8a01de2ac264f41b403b6fdc33dca7b5e568" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 24 12:14:27 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 26 16:02:23 2021 +0000" }, "message": "m/p/devicemapper: fix GC closing control fd\n\nThe devicemapper package stored a reference to its control file\ndescriptor as a uintptr after opening it thorugh os.Open(). This is a\nproblem as os.newFile (internally called by os.Open) sets a finalizer\non the os.File which closes the fd as soon as the object is GCed.\nBecause no such reference was kept by the devicemapper package, the GC\ncould end up closing the fd.\n\nTo fix this, the package now keeps the original os.File around and\njust grabs an Fd as necessary. While we\u0027re at it, let\u0027s make the\ncontrol file descriptor implementation threadsafe.\n\nChange-Id: I6f7e0a398f28c1141627904ccbd2d99dd248bc78\nReviewed-on: https://review.monogon.dev/c/monogon/+/310\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "cbeb8a01de2ac264f41b403b6fdc33dca7b5e568", "tree": "944b19b5fea9647e0604274d4a052a3fa5bacc1d", "parents": [ "c1bf6aa7ac83513659d56756009d572deffa7177" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 24 15:17:04 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 25 12:05:29 2021 +0000" }, "message": "*: bump protobuf/protoc\n\nThis gets rid of the following spurious warnings when building\nmetropolis/proto:\n\n metropolis/proto/api/aaa.proto: warning: Import metropolis/proto/ext/authorization.proto but not used.\n metropolis/proto/api/management.proto: warning: Import metropolis/proto/ext/authorization.proto but not used.\n\nChange-Id: Id61a058977e969ccabd2ebccfee53f3268dcf177\nReviewed-on: https://review.monogon.dev/c/monogon/+/312\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "c1bf6aa7ac83513659d56756009d572deffa7177", "tree": "fafe3258a74a97171a9d11d917a19c2e7387db73", "parents": [ "1f9a03b3f952320824b1ae49e56da3cb814cd5b0" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Aug 23 13:05:24 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 24 17:26:35 2021 +0000" }, "message": "m/n/core/curator: fix listener stuckness on restarts\n\nThis makes both gRPC listener runnables (local and public) manage their\nown listening sockets, allowing them to restart independently of\neachother, and making sure that any listening sockets are cleaned up.\n\nWe also fix the existing curator test (which does not exercise the\nlisteners, just leadership election) to place the curators and their\nlocal sockets in /tmp instead of the default bazel tempdir (as a path\nbased on that is longer than the maximum domain socket path). This makes\nthese tests slightly less noisy (as they kept crashing while not being\nable to listen to the local socket).\n\nThis should\u0027ve been caught by a curator listener test, if we had one\n(other than the e2e test). I\u0027m growing keen on spending some time\nwriting enough of a harness to actually do that. Maybe once we have a\nfollower implementation ready…\n\nChange-Id: I0267292781b6ee8aff1d0557d420bbaa3c3d79f6\nReviewed-on: https://review.monogon.dev/c/monogon/+/304\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "1f9a03b3f952320824b1ae49e56da3cb814cd5b0", "tree": "315ea3ca5711b2dca9173dcf825c18e031affa84", "parents": [ "b9044c888097757c36933062f27b5f5ee103ee5f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 17 13:40:53 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 24 17:26:20 2021 +0000" }, "message": "m/test/e2e: retrieve owner credentials in e2e test\n\nThis exercises AAA.Escrow for the initial cluster owner within our large\ne2e test suite. The certificate retrieved this way is not yet used, but\nis verified to be emitted for the correct public key.\n\nChange-Id: Id33178cd223e3180d6f834c6fac94d6d657d5349\nReviewed-on: https://review.monogon.dev/c/monogon/+/290\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b9044c888097757c36933062f27b5f5ee103ee5f", "tree": "b07722231a9cf0fd3c0b81486bd637e11cbd7b6b", "parents": [ "3bb23219009a98643a562b1e59e3a4080f422c51" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 24 11:59:47 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 24 16:12:52 2021 +0000" }, "message": "m/p/devicemapper: make parameter encoding part of package\n\nThe DM kernel interface gets a single parameter string for each DM\ntarget in a table but internally the kernel immediately decodes it into\nan argv-style list of string arguments. Because everything needs to do\nit and it can be quite hard to get right, let\u0027s make it part of the\ndevicemapper package. Properly encoding this also means you get\nactionable errors when you pass invalid data instead of weird kernel\nerrors or misbehavior.\n\nChange-Id: I8060871a7459183c0395e5e4e8aac517544b2e87\nReviewed-on: https://review.monogon.dev/c/monogon/+/309\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "3bb23219009a98643a562b1e59e3a4080f422c51", "tree": "52173a35ecc7029ce0d5cb681bc215a362b0d730", "parents": [ "41d275a63864e67deacad5b2ec0b435b01984034" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 24 16:27:21 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 24 14:43:38 2021 +0000" }, "message": "build/ci: disable concurrent presubmit builds\n\nThis prevents more than one presubmit job from executing globally in\nJenkins.\n\nThis will naturally make things more slow, but should let us\ntroubleshoot \u0027Socket closed\u0027 errors.\n\nIf after this still keeps happening, the theory that Jenkins is somehow\nscheduling multiple different pipelines per agent/executor (and causing\nBazel server conflicts) is wrong and we need to look elsewhere.\n\nIf it stops the problem, the builds will likely effectively be faster\n(because we won\u0027t waste so much time retriggering builds), and we can\nthen further debug why is it that multiple pipeline stages get scheduled\non the same agent/executor.\n\nChange-Id: I90a8cdbb6b79fef4b9a33471ff20b821e9988ae9\nReviewed-on: https://review.monogon.dev/c/monogon/+/313\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "41d275a63864e67deacad5b2ec0b435b01984034", "tree": "b5acf06483c0c33f0e988c82cbb25db4ceea777f", "parents": [ "5b2ae5500a90dc48b9713095e5f1580b9c9646d9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 17 13:09:43 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 24 13:18:12 2021 +0000" }, "message": "m/n/c/curator: implement AAA.Escrow for initial owner pubkey\n\nThis finally implements AAA.Escrow in Metropolis.\n\nWe\u0027re not yet implementing multi-user support, so this currently only\nimplements retrieving an Owner certificate using the owner public key\nspecified in NodeParameters.cluster_bootstrap.\n\nChange-Id: I64a7ba025a8069d82b3c804ca3e2a706de2b0fbf\nReviewed-on: https://review.monogon.dev/c/monogon/+/289\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5b2ae5500a90dc48b9713095e5f1580b9c9646d9", "tree": "1f6efbed2aa20716c18772bb30dbafacd6f07db3", "parents": [ "03758714f4b7be2a712831beecfdfcbf151b4c66" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 17 13:00:14 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Aug 23 12:26:16 2021 +0000" }, "message": "m/n/c/curator: listen on public gRPC\n\nThis enables listening on CuratorPort (which was called\nNodeServicePort) using TLS node certificates. No service is yet running\non the new gRPC listener.\n\nChange-Id: I436ac1ae9cbdb257419ad114262fc2a7516396b1\nReviewed-on: https://review.monogon.dev/c/monogon/+/288\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "03758714f4b7be2a712831beecfdfcbf151b4c66", "tree": "1a7e2f3096a130897f53c28d4f9b72ea871264d0", "parents": [ "8ff4b7c6f20c9dda91c0eefc524e9bb6c3bff52d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 17 12:52:11 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Aug 20 09:03:18 2021 +0000" }, "message": "m/n/core: save owner public key in etcd\n\nThis is an early implementation of storing user credentials. It\ncurrently does not support more then the owner credentials.\n\nThese are not yet used anywhere, but will be in a follow-up CL.\n\nChange-Id: Ib876f7aaff44531dcae5a27875a960aaa9ec029f\nReviewed-on: https://review.monogon.dev/c/monogon/+/287\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8ff4b7c6f20c9dda91c0eefc524e9bb6c3bff52d", "tree": "6e455a4fe977b47492cc8f1db58b1c5288225036", "parents": [ "158e9a415a72bfacfdf9f46eb06b30486680299f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 17 19:21:18 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Aug 20 09:02:55 2021 +0000" }, "message": "third_party/chrony: initialize\n\nFirst pass at building chrony. Minimal functionality, notably skipped\nfeatures are:\n\n - PRIVDROP (requires libcap)\n - NTS (requires gnutls)\n\nDo we need anything else?\n\nTested with:\n\n $ bazel build \u0027@chrony//:chrony\u0027 --crosstool_top\u003d//build/toolchain/musl-host-gcc:musl_host_cc_suite\n $ file bazel-bin/external/chrony/chrony\n bazel-bin/external/chrony/chrony: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped\n $ bazel-bin/external/chrony/chrony -v\n chronyd (chrony) version 4.1-monogon (NTP RTC SCFILTER ASYNCDNS)\n\nChange-Id: I56ac15a23e5741c0428580268cf40ae7744078d4\nReviewed-on: https://review.monogon.dev/c/monogon/+/293\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "158e9a415a72bfacfdf9f46eb06b30486680299f", "tree": "ef5884479bc8da914cb69f7c111d06e32cbe2a1e", "parents": [ "a41caacc71418f7307d851fad95991cf80bdcb41" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 17 17:04:54 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 11:52:17 2021 +0000" }, "message": "m/n/core: reformat\n\nWe should get this into CI, as my IntelliJ keeps finding Go files that\naren\u0027t properly reformatted.\n\nChange-Id: I7ea736994bea13ccebc787548fadf3da984e334e\nReviewed-on: https://review.monogon.dev/c/monogon/+/291\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a41caacc71418f7307d851fad95991cf80bdcb41", "tree": "cbcf9af76f29ccb94b7c2b94d75f1e8eb39cfb3d", "parents": [ "5253884d51cb64c1d1afcb2d7b969f7c2b50b302" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 12 17:00:55 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "m/pkg/pki: forbid External/Managed certificates without name\n\nThis ensures any stored certificates must have a name set - otherwise\nthey end up being created with an empty string as a name, and end up\ncolliding with eachother.\n\nChange-Id: I9e415b6ff89dbda179526920d58e33e638a28cec\nReviewed-on: https://review.monogon.dev/c/monogon/+/286\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "5253884d51cb64c1d1afcb2d7b969f7c2b50b302", "tree": "10a6bf03472e9c14da2515ea7755d74bb3f660e6", "parents": [ "99f477412a2e701f89f7698be1dd432adcfff17c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 11 16:22:41 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "m/pkg/pki: refactor, allow for external certificates\n\nThe pki library supported managing certificates in two modes:\n\n - default, when name !\u003d \"\"\n - volatile/ephemeral, when name \u003d\u003d \"\"\n\nThe difference between the two being that default certificates were\nfully stored in etcd (key and x509 certificate), while volatile\ncertificates weren\u0027t stored at all. However, both kinds needed private\nkeys passed to the pki library.\n\nWe want to be able to emit certificates without having private keys for\nthat certificate, so we end up a third mode of operation: \u0027external\ncertificates\u0027. These are still stored in etcd, but without any\ncorresponding private key.\n\nIn the future we might actually get rid of ephemeral certificates by\nexpanding the logic of external certificates to provide a full audit log\nand revocation system, instead of matching by Certificate Name. But this\nwill do for now.\n\nWe also use this opportunity to write some simple tests for this\npackage.\n\nChange-Id: I193f4b147273b0a3981c38d749b43362d3c1b69a\nReviewed-on: https://review.monogon.dev/c/monogon/+/263\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "99f477412a2e701f89f7698be1dd432adcfff17c", "tree": "43c088e34cfa9171a5587573f4d824f9d09e0a69", "parents": [ "9d6c4c78bca9da0db7e40e5de776528f3d83a7dd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 04 20:21:42 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "curator: provisions for implementing multiple gRPC services\n\nWe want to run some other gRPC services on the Curator leader/follower\nimplementations other than just the Curator gRPC service.\n\nThis decouples the local types from implementing a particular gRPC\nservice (instead proxying through an interface) and splits out the\nimplementation of the Curator gRPC service from the main leader objects.\n\nThis should allow us to add an implementation of eg. a Management gRPC\nservice in a testable manner (the only thing we have to dependency\ninject is the leadership struct, and that\u0027s trivial to do with a simple\netcd test server).\n\nChange-Id: Ia0ea65e40a775bf49661d0b99c0185aa83547ed0\nReviewed-on: https://review.monogon.dev/c/monogon/+/260\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "9d6c4c78bca9da0db7e40e5de776528f3d83a7dd", "tree": "71cba058637a866b7c87e3f296dd4995d0171cfe", "parents": [ "257acab41f5a35575ca0f2dbc9568b1bd75d2570" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 20 21:16:27 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 11 15:38:58 2021 +0000" }, "message": "Support injecting container images for development\n\nThis adds the LoadImage RPC and an accompanying subcommand\nto the debug API which allows loading images into\nan existing Metropolis node for\ndevelopment or testing.\n\nChange-Id: I51d802630ae4c95fb874e01bfb6510ab69c322e1\nReviewed-on: https://review.monogon.dev/c/monogon/+/219\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "257acab41f5a35575ca0f2dbc9568b1bd75d2570", "tree": "fdc41d8de424f74525b7a92024c12f00ed8928fa", "parents": [ "1445396219351e711f82d4cebad6e84a46553bda" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 10 12:36:17 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 11 11:28:06 2021 +0000" }, "message": "m/p/devicemapper: Support creating read-only devices\n\nI originally thought this is not going to be needed as R/W control can be done through devicemapper itself, but verity requires a read-only table.\n\nWhile we\u0027re here let\u0027s also add some doc comments to the Target struct.\n\nExisting functionality is covered by existing tests, read-only functionality will be exercised by verity tests once they land.\n\nChange-Id: Ib76bcffb14b5fe40d8d77bd9731b591d0d8cf22f\nReviewed-on: https://review.monogon.dev/c/monogon/+/262\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1445396219351e711f82d4cebad6e84a46553bda", "tree": "798347e10dba644f861fd9dbf55fe59cef9fb82f", "parents": [ "6767e052c761f2b19a4966f707c65d8bc08c3c3c" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Jul 23 16:58:02 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Aug 10 14:39:14 2021 +0000" }, "message": "m/n/b/mkverity: implement a dm-verity hash image generator\n\nBackground: https://github.com/monogon-dev/monogon/issues/57\n\nThe piece of code included implements a subset of veritysetup\nfunctionality (see: dm-verity). It was written in an attempt to\nminimize projected higher maintenance cost of packaging cryptsetup\nfor metropolis in the long term.\n\nThe implementation was verified with the original veritysetup tool:\n\u003e$ ./go-veritysetup format file1 file2\n\u003e33359c1f1bdd25e7afc2e98cd27c440e7af9ef2fb55462ce562a1b8254bf02e4\n\u003e$ veritysetup --debug --verbose verify file1 file2 33359c1f1bdd25e7afc2e98cd27c440e7af9ef2fb55462ce562a1b8254bf02e4\n\nKtest-based tests and buildsystem integration are still pending.\n\nCompatibility with the original cryptsetup tool might be dropped\neventually, if it\u0027s found beneficial to do so.\n\nChange-Id: I5a6e1b18b692b1701e405013f132f6f2711b2c96\nReviewed-on: https://review.monogon.dev/c/monogon/+/250\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "6767e052c761f2b19a4966f707c65d8bc08c3c3c", "tree": "9fc05de5509f43721699819f4d159330a82fc3e6", "parents": [ "3cb0f4bdc0766574854a2db578fddd97b6648f6e" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Aug 02 17:48:35 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Aug 05 16:18:20 2021 +0000" }, "message": "scripts: stable directory matching\n\n2nd go at I30e1f0ec1b2a958decaffab181f3b80a4f37b2ce\n\nChange-Id: Id64776b079bc0e47963630b9f160aafed918b50e\nReviewed-on: https://review.monogon.dev/c/monogon/+/259\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "3cb0f4bdc0766574854a2db578fddd97b6648f6e", "tree": "abb60b92caf3bd63cb757fcbbda0631280d9c4e5", "parents": [ "439b95eb515c86ba8ce9917da258c0875f36f038" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jul 19 15:22:07 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jul 21 09:42:55 2021 +0000" }, "message": "scripts: check if running from original checkout\n\nChange-Id: I42e6b9e38a86a05c8ddbd2716ed2bd4d1db59331\nReviewed-on: https://review.monogon.dev/c/monogon/+/217\nReviewed-by: Sergiusz Bazanski \u003cserge@nexantic.com\u003e\n" }, { "commit": "439b95eb515c86ba8ce9917da258c0875f36f038", "tree": "b7590aaac27700868ca1638af4d2e84bfb1a975f", "parents": [ "f9edf520bd3fa049b8f1d5f09f0ee727864ca8c7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jun 30 23:16:13 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 20 14:43:28 2021 +0000" }, "message": "m/n/c/{cluster,curator}: move NodeCredentials to cluster\n\nThis keeps the NodeCredentials/NodeCertificate logic types near their\nconsumer, the cluster bootstrap code. It also rewrites these structures\nto be centered around the x509 data itself.\n\nThis is a followup to https://review.monogon.dev/c/monogon/+/186 .\nAttempting to introduce it into that change was too complex due to the\nsurrounding cluster/curator refactoring.\n\nWe also take this opportunity to write some simple tests for the\ncredential validation logic.\n\nChange-Id: Iead3cfdd5778274508d79799f4750f5fdf9385bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/197\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "f9edf520bd3fa049b8f1d5f09f0ee727864ca8c7", "tree": "1fd016dcbeccbc7b8bbfc32960c43bd0dbaffe5f", "parents": [ "a959cbd12c29b62045f02b1d22cdf1e36c0261a4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 15:57:13 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 20 14:42:45 2021 +0000" }, "message": "metropolis/node/core: use curator\n\nThis finally switches over the node startup code to use the full Cluster\nManager / Curator / Role Server chain to bring up the node.\n\nChange-Id: Iaf6173671aed107a67b4201d9d1ad8bb33baa90f\nReviewed-on: https://review.monogon.dev/c/monogon/+/189\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "a959cbd12c29b62045f02b1d22cdf1e36c0261a4", "tree": "7f44cdf24c3c02f7d9ba866a2d37275673a0dd11", "parents": [ "0d93777cf32dd0d0f6f8d75d8396f7140cff9d13" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 15:56:51 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 20 12:02:29 2021 +0000" }, "message": "metropolis/node/core/cluster: use curator\n\nThis refactors the cluster manager. It removes all etcd storage\nfunctionality (which now lives in the curator) and otherwise dusts\nthings off slightly (some file renames, some comments to reflect the now\nclarified and limited scope of the cluster manager).\n\nChange-Id: Ic62d8402c0618fb5e0e65966b0d732a2cab564e0\nReviewed-on: https://review.monogon.dev/c/monogon/+/188\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "0d93777cf32dd0d0f6f8d75d8396f7140cff9d13", "tree": "f6abee66c82ba141ad449575a6d35d06408c6ed4", "parents": [ "963c4090f74341d8efc61b49ba5934a18434371c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 15:54:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 20 12:02:29 2021 +0000" }, "message": "m/n/core/roleserver: implement\n\nThis implements the Role Server, which is the new service responsible\nfor actually running Metropolis workloads like the Kubernetes services.\n\nThis decouples starting Kubernetes from node startup code, and handles\ncases like nodes changing roles at runtime.\n\nChange-Id: Ie5f7f2c30b05fe74ca003805532dba50bf3821d0\nReviewed-on: https://review.monogon.dev/c/monogon/+/187\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "963c4090f74341d8efc61b49ba5934a18434371c", "tree": "65e0e58e997e155290118e53aebfc228aa3e20be", "parents": [ "2098b98c7deaf9115742cf73071f888e0513cf2f" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 05 18:50:08 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 19 10:52:16 2021 +0000" }, "message": "m/n/c/consensus_test: move timeout handling to Bazel\n\nThe test regularly exceeds timeout on slower machines, and besides,\nthat\u0027s the proper way to do it.\n\nChange-Id: Ic4a8ac717bd7f6e70d4d4ac0b156f42ff5addef8\nReviewed-on: https://review.monogon.dev/c/monogon/+/215\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\nReviewed-by: Sergiusz Bazanski \u003cserge@nexantic.com\u003e\n" }, { "commit": "2098b98c7deaf9115742cf73071f888e0513cf2f", "tree": "6037aec601525299a09d8996f4ebe0c1e4a91674", "parents": [ "79fc1e9fd6ee8777f097ab251b828d82e33b7bad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 15:13:46 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 15:34:42 2021 +0000" }, "message": "m/pkg/combinectx: reformat\n\nSeems like this slipped past the cracks on original review - we should\nadd CI for this.\n\nChange-Id: I35cc1d14710109d4d2d0a60b573400b65cb7d350\nReviewed-on: https://review.monogon.dev/c/monogon/+/212\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "79fc1e9fd6ee8777f097ab251b828d82e33b7bad", "tree": "a1c50daa06f2ea66fb5fcf14e85331385facdb68", "parents": [ "50009e024b50eda2c69b884600d0850c73d62b6d" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 06 16:25:22 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:49:55 2021 +0000" }, "message": "metropolis/*: move tests to supervisor harness\n\nThis somewhat simplifies test code (barely), but more importantly pipes\nlogs from runnables into test stdout, thereby making debugging much\neasier.\n\nChange-Id: I3e597bbac8497bea3477afd54f61b592a0d08355\nReviewed-on: https://review.monogon.dev/c/monogon/+/206\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "50009e024b50eda2c69b884600d0850c73d62b6d", "tree": "28ee724fd39c537e09a755fbd593dc15d31e288e", "parents": [ "ebe025936fc86f53e7316f894f54dd6ef9b0a9d7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 14:35:27 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:48:54 2021 +0000" }, "message": "m/n/core/consensus: parse etcd server logs\n\nThis finally gives us easy to read etcd logs instead of raw JSON dumps\ninto stdout. Instead of simply parsing them as raw logs, we convert them\ninto leveled logs.\n\nChange-Id: I7cfe18b9c4e24d7742a01a77f5d9c6ddee647493\nReviewed-on: https://review.monogon.dev/c/monogon/+/209\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "ebe025936fc86f53e7316f894f54dd6ef9b0a9d7", "tree": "0dd0a48c297e69a8bcbe53ef65d3dba7f53961a3", "parents": [ "020b7c53a59f7f4e31976d7b3f08011dadb1c9c4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 14:23:26 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:45:29 2021 +0000" }, "message": "m/pkg/logtree/unraw: implement\n\nThis is another part of the generic external leveled log ingestion\nmechanism. This parts takes care of ingesting external data either by\nexposing an io.Writer or a named pipe on the filesystem from which\nexternal logs are parsed and then inejcted into the logtree.\n\nChange-Id: Ie2263496ca4d50220abdd8e4d37a35730d127319\nReviewed-on: https://review.monogon.dev/c/monogon/+/208\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "020b7c53a59f7f4e31976d7b3f08011dadb1c9c4", "tree": "9c6b8ea68b0a4db7d4a8b90b636feff712998235", "parents": [ "f8a8e65685cb621dc7fb39043a6d01caee5dcaf0" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 14:22:28 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:45:21 2021 +0000" }, "message": "metropolis/pkg/logtree: allow logging external leveled payloads\n\nThis is in preparation for making the mechanism to ingest external\nlogging more generic (currently we have an ad-hoc solution for klog, but\nwe now also want to implement one for etcd).\n\nChange-Id: I6e6f656e5d83ad22d67a81fbeb87c8d369796e18\nReviewed-on: https://review.monogon.dev/c/monogon/+/207\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "f8a8e65685cb621dc7fb39043a6d01caee5dcaf0", "tree": "db6142898e003969628a3ec879f6af77780f8da4", "parents": [ "f0b4da54afc17f4b2b1c31ddb9433ee888aea699" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 06 16:23:43 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:36:48 2021 +0000" }, "message": "m/pkg/{logtree,supervisor}: add test helpers\n\nThis adds two functions:\n\n logtree.PipeAllToStderr\n supervisor.NewHarness\n\nThese are designed to simplify tests that exercise code which expects to\nbe run as a supervisor runnable and/or have access to a logtree\ninstance.\n\nChange-Id: Ibce77aa4927515af7c273d07ced15215ff456ecc\nReviewed-on: https://review.monogon.dev/c/monogon/+/205\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "f0b4da54afc17f4b2b1c31ddb9433ee888aea699", "tree": "a4ef4b8154c4024714209710696310bfd7bc2764", "parents": [ "35e43d133a16750adfa1683473f5c2648a010b1a" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 21 20:05:59 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:31:45 2021 +0000" }, "message": "m/n/core/curator: implement leader and Node/PKI state\n\nThis implements actual Curator logic for nodes and PKI. These will\nreplace the cluster manager\u0027s equivalent logic.\n\nThere are two entry points to this logic:\n\n - the gRPC service\u0027s Watch method for accessing node status\n - bootstrap logic to create a node when the cluster manager bootstraps\n the cluster.\n\nTest plan: a followup CR will introduce tests for the Curator - more\ngranular than the full E2E suite. DO NOT MERGE UNTIL THEN, as this is\ncritical code.\n\nChange-Id: I8c40a821b846012b90cf9a5df27901d1b49f388c\nReviewed-on: https://review.monogon.dev/c/monogon/+/186\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "35e43d133a16750adfa1683473f5c2648a010b1a", "tree": "6aa1e8bcebd03a74b3950128436c5a37268d87c0", "parents": [ "3c885deeda9ab560ee29e94159782ce4323af80e" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 06 13:12:14 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:24:21 2021 +0000" }, "message": "m/pkg/supervisor: move internal testhelpers\n\nThese are helper functions used for internal supervisor tests. This move\nis in preparation for writing the other kind of \u0027test helers\u0027: ones that\nare used by tests in other libraries when interacting with supervisor\ntypes.\n\nChange-Id: I64efe19b68c7c244ad426167565b0083a1b86fcf\nReviewed-on: https://review.monogon.dev/c/monogon/+/204\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "3c885deeda9ab560ee29e94159782ce4323af80e", "tree": "5d6a18c0b822accc5c279240c0d7e52ca071a361", "parents": [ "aad79488d417eefafd4102bda9bd10d6473cf6c7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 17:21:00 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 05 18:19:36 2021 +0000" }, "message": "m/n/core/curator: implement gRPC listener\n\nThis implements the Curator listener and listener dispatcher, two\nrunnables responsible for maintaining an active Curator RPC\nimplementation (either leader or follower) and switching over\nappropriately as the election status changes.\n\nThis might be overengineered. The implementation switchover logic and\ncontext joining could possibly be ripped out and replaced by plain gRPC\nsocket close and re-open on switchover.\n\nTesting plan: implements unit tests for switching/dispatching.\n\nChange-Id: Ib62195b336d0754d99865d7a2a32ba2ffa3543ce\nReviewed-on: https://review.monogon.dev/c/monogon/+/185\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "aad79488d417eefafd4102bda9bd10d6473cf6c7", "tree": "a638f94700704699b4ae4a5ad6b5214d6adcb479", "parents": [ "cbf1fa97307024b1f0c60c88e8ebf968a42bf980" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:40:36 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 05 18:19:29 2021 +0000" }, "message": "metropolis/handbook: init\n\nThis is the beginning of the Metropolis Handbook, the main end-user\ndocumentation of Metropolis.\n\nIt is built using mdbook, and currently contains only the default\ncontent from `mdbook init`.\n\nFuture work: start writing the handbook, build in CI, publish in CI.\n\nChange-Id: I81753350215b2f7aabc17925eadfd20706e1fdb5\nReviewed-on: https://review.monogon.dev/c/monogon/+/202\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "cbf1fa97307024b1f0c60c88e8ebf968a42bf980", "tree": "728f661bb449220c98556fdd0635714db750ac9c", "parents": [ "e7bb94c0b2b2a7694c8985c5da80e814a51c4bdf" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:28:50 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 18:16:43 2021 +0000" }, "message": "third_party/rust: initialize, add mdbook\n\nAs we want to use [mdbook](https://github.com/rust-lang/mdBook) to build\ndocumentation, we now have to pull it into the monorepo, alongside\nsupport for Rust in general.\n\nTesting plan: bazel run //third_party/rust:cargo_bin_mdbook. The CI\nshould also pick this up now.\n\nChange-Id: I6cf5d02d926bb0de61a5c882828accd35f3a1076\nReviewed-on: https://review.monogon.dev/c/monogon/+/201\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" } ], "next": "e7bb94c0b2b2a7694c8985c5da80e814a51c4bdf" }