)]}' { "log": [ { "commit": "cf7bd147a0e8b61133472471eb7193566d8b1a4e", "tree": "3521de5e73c456870dbbce86d907e3557593b452", "parents": [ "d07489b551c242df6ed73d07d17b47feb3827b48" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:20:09 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:42:45 2023 +0000" }, "message": "metropolis/node: remove genrule image_gcp\n\nThis is currently very flaky and we dont use it anyway\n\nChange-Id: Idf91cdc3f45da11635a8ee78617d209665a5bbc7\nReviewed-on: https://review.monogon.dev/c/monogon/+/2028\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d07489b551c242df6ed73d07d17b47feb3827b48", "tree": "2684f906758105cb9108c19069091a9d86ad7786", "parents": [ "8e87a062badeb7f6b93c6486925aa99c616cd8a6" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 13:09:02 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:33:41 2023 +0000" }, "message": "metropolis/pkg/efivarfs: write variables with 0644 perms\n\nThe kernel creates all files with these permissions, so having different ones\nis useless.\n\nChange-Id: Iaafb6080de349f95e566bb2e4faf821864cf75e6\nReviewed-on: https://review.monogon.dev/c/monogon/+/2025\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8e87a062badeb7f6b93c6486925aa99c616cd8a6", "tree": "73226d80fb80580c02c092d41aac59da1d94d1f9", "parents": [ "3961acd37445d5139040b910e093e759828552ad" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 31 01:33:10 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:33:25 2023 +0000" }, "message": "metropolis/node/core/update: set partition start and size in efi\n\nChange-Id: I1dc6b6738a375c6fc581d51494d13fbeda7b724d\nReviewed-on: https://review.monogon.dev/c/monogon/+/2026\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3961acd37445d5139040b910e093e759828552ad", "tree": "3ed82aa3adca72268431acd88135e2afa2397468", "parents": [ "a622379880cd043e0a12ab25129801e2c63d82bb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 02 17:55:06 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 02 16:33:55 2023 +0000" }, "message": "m/p/gpt: fix protective MBR off-by-one\n\nSince the protective MBR partition starts at block 1 (the first is the\nthe protective MBR itself) that first block needs to be subtracted from\nits size.\n\nChange-Id: I99bbb449c27596efd2dd260ffb388a9a69a09589\nReviewed-on: https://review.monogon.dev/c/monogon/+/2024\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "a622379880cd043e0a12ab25129801e2c63d82bb", "tree": "2b624fc68521ec72a3d018b2b71cfe755939795a", "parents": [ "0b84a9f5e2caef3f66e4d912b6ac18429dff2c2d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 31 17:13:11 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 02 10:12:22 2023 +0000" }, "message": "m/n/c/consensus: fix format directive error\n\nThat %w points to err which is not actually populated in this code path.\n\nChange-Id: I025eafbd4733cb584c67af2479992c9368d414e9\nReviewed-on: https://review.monogon.dev/c/monogon/+/2022\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "0b84a9f5e2caef3f66e4d912b6ac18429dff2c2d", "tree": "e44c00c20213a01877783405929f27edc3357d79", "parents": [ "35fcf0397be02883ace364e650b3e8d9a2281e24" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 27 14:20:31 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 01 13:30:41 2023 +0000" }, "message": "metropolis/node: show build commit on startup\n\nPreviously it was not possible to identify the running version,\nwith this change the build commit and tree state gets stamped into the binary\nand printed on boot.\n\nChange-Id: I3916e3d40dc87f28a58eb74c6450218550fb3214\nReviewed-on: https://review.monogon.dev/c/monogon/+/1978\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "35fcf0397be02883ace364e650b3e8d9a2281e24", "tree": "cb1297a2e4a34eeebb9faf09b44c3b95cf603f7f", "parents": [ "ad131883747f73e51526dd6f163df23b913f69ed" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 29 04:15:58 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "metropolis: implement A/B updates\n\nThis implements an A/B update mechanism using two slots, A and B.\nThis is realized with two system partitions as well as two EFI\nloaders/kernels.\n\nThe A/B system relies on two EFI loader entries. This has the advantage\nthat there is no preloader required, which makes the system more\nreliable as well as avoiding the complexity of having an un-updatable\npreloader (CoreOS has this issue where their GRUB2 crashed booting newer\nkernels, sadly the issue seems lost with the migration to Fedora\nCoreOS). It also means that the operator can easily override the slot\nbeing booted via the boot loader entries. Primary disadvantage is that\nit relies on EFI working somewhat to spec.\n\nNew versions are booted into only once by setting NextBoot, if the\nbootup doesn\u0027t succeed, i.e. if the boot doesn\u0027t get to a cluster rejoin\nthe next boot will be the old slot. Once it gets to this stage the\npermanent BootOrder is changed.\n\nThe EFI loaders don\u0027t know if they are slot A or B because they are\nidentical and relying on OptionalData in the boot entry to indicate the\nslot means that if the EFI boot entries go away, recovering is very hard.\nThus the loaders look at their own file name to determine what slot they\nare in. If no slot could be determined, they default to booting slot A.\nIt is planned to eventually use Authenticode Stamping (passing data in\nfake certificates) to stamp the slot into the loader without affecting\nthe TPM hash logged.\n\nChange-Id: I40de2df8ff7ff660c17d2c97f3d9eb1bd4ddf5bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/1874\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "ad131883747f73e51526dd6f163df23b913f69ed", "tree": "e5dee1d605cf4df4c507529185a82b49dbb841b3", "parents": [ "cb9f3d3d495b12e26772271e368340a38244d586" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 28 16:42:20 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "treewide: port everything to blockdev\n\nThis gets rid of most ad-hoc block device code, using blockdev for\neverything. It also gets rid of diskfs for everything but tests. This\nenables Metropolis to be installed on non-512-byte block sizes.\n\nChange-Id: I644b5b68bb7bed8106585df3179674789031687a\nReviewed-on: https://review.monogon.dev/c/monogon/+/1873\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "cb9f3d3d495b12e26772271e368340a38244d586", "tree": "ba362d7665cf7c48f246b9040ce65a506ea5b93b", "parents": [ "1e0e3a47f72a8fb251bec9a98cb3d6acffe79989" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 15:21:49 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "m/p/blockdev: add darwin implementation\n\nThis adds a minimal blockdev implementation for Darwin/macOS.\nProperly implementing Discard() is left for later as it would require\nextending x/sys/unix and it is allowed to just return ErrUnsupported\nfor all calls.\n\nChange-Id: I5f3c85935301857c1f25edd8b8f9acdbe4abf4ad\nReviewed-on: https://review.monogon.dev/c/monogon/+/1977\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1e0e3a47f72a8fb251bec9a98cb3d6acffe79989", "tree": "64f18c66ac03870d1cbbae02b91e6f14a4ebc090", "parents": [ "fd49f22e3a98d42ffe4d508a1e49ef2549fa8ecf" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 28 16:40:18 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "m/p/blockdev: init\n\nAdds blockdev, a package providing a Go interface for generic block\ndevices as well as an implementation of it for Linux and auxiliary\ntypes.\n\nThis will replace most ad-hoc block device handling in the monorepo.\n\nChange-Id: I3a4e3b7c31a8344f7859210bbb4942977d1ad1d2\nReviewed-on: https://review.monogon.dev/c/monogon/+/1871\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "fd49f22e3a98d42ffe4d508a1e49ef2549fa8ecf", "tree": "cbca6bd43f671088aaac950a996055d1a3536b09", "parents": [ "4c6720da59d460d74487fb9bf42f42334cf191d3" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 20 14:27:50 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 26 16:49:54 2023 +0000" }, "message": "metropolis/node/core/metrics: export (controller-manager|scheduler) metrics\n\nChange-Id: Ie61551655cbf1130bb5f5beb2923dac1aa52f868\nReviewed-on: https://review.monogon.dev/c/monogon/+/1952\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "4c6720da59d460d74487fb9bf42f42334cf191d3", "tree": "b10de2997c7c711bc579e7cb38c04ffa5d86cd0d", "parents": [ "c37a886044f368ef7b0de61fc77daae8c52e74e8" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 25 14:44:19 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 26 16:41:04 2023 +0000" }, "message": "metropolis/node/core/metrics: migrate labels to sd-meta naming scheme\n\nChange-Id: Ie5ad32d5383abbe13ff9c347d47ecc10f090bccb\nReviewed-on: https://review.monogon.dev/c/monogon/+/1971\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c37a886044f368ef7b0de61fc77daae8c52e74e8", "tree": "5ed030955e1f57d7fb5df9fa49597e62a808e071", "parents": [ "78a538df4c1112bad6bee08509385af8d0ecc77a" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 19 16:33:21 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 26 16:39:41 2023 +0000" }, "message": "metropolis/node/core/metrics: expose etcd metrics\n\nChange-Id: Ie916d497b44c05ab51b13d0bb14f4e850291a77e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1950\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "78a538df4c1112bad6bee08509385af8d0ecc77a", "tree": "7c0c3d44f2334a2305242f768322f36a175434a9", "parents": [ "90613afdf11f7831fc0a673f2fe502c28ab93729" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jul 25 21:39:04 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 26 12:39:17 2023 +0000" }, "message": "t/{linux,-firmware}: fix Zenbleed (CVE-2023-20593)\n\nThis fixes the Zenbleed vulnerability by including the latest fixed\nmicrocode from linux-firmware. They don\u0027t do proper release management\nbut just tag a date approximately every month to keep distros happy.\nThus we need to use a master commit to get the fixes now.\n\nAlso update Linux to 5.15.122 to make sure that we know in case the\nmicrocode fix somehow didn\u0027t get applied.\n\nChange-Id: I5e26826e6df0f665e1a23efe8587dfb93edb2d94\nReviewed-on: https://review.monogon.dev/c/monogon/+/1974\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "90613afdf11f7831fc0a673f2fe502c28ab93729", "tree": "1f524cdd0e25a3dd28ff350803d2bc296c3d6fda", "parents": [ "88a76b7a89b3fc81b9135b1197e1ea6fd3698121" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 20 14:26:18 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 26 12:04:58 2023 +0000" }, "message": "metropolis/node/kubernetes: fix mtls authentication to (controller-manager|scheduler)\n\nPreviously it wasn\u0027t possible to authenticate against the services\nas they had no CA they trusted for the sent client certificate.\n\nChange-Id: Ic7cd2419a9e3496680a9393424c7ca1780c4d38c\nReviewed-on: https://review.monogon.dev/c/monogon/+/1951\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "88a76b7a89b3fc81b9135b1197e1ea6fd3698121", "tree": "b1ab3800149e95405b41a21bd74437c1f43c55e7", "parents": [ "4ac7112b135518b610a84a3a6db535dbb41f1fcf" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 13:10:33 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 26 10:47:46 2023 +0000" }, "message": "build/ci: ensure that we can build metroctl for macOS\n\nWe should probably soon have separate CI targets for different\nbuild/test kinds/targets, but this will do for now.\n\nChange-Id: I710a498f771fc8fd225c1e3b4666fb28e7421b7d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1962\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "4ac7112b135518b610a84a3a6db535dbb41f1fcf", "tree": "19bcc8dd598928d6413d6721ef52ee211406a8d9", "parents": [ "e5abee60401840f9af83d9181f9ce36f886b10ce" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 13:08:34 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 26 10:47:46 2023 +0000" }, "message": "metropolis/node/core/rpc: decouple from pki\n\nChange-Id: I15d3e7d1142f0f95081e73c985d96f8d103df55e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1961\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e5abee60401840f9af83d9181f9ce36f886b10ce", "tree": "9887e5c3f28cd295ec19f35a01469286530fe8b3", "parents": [ "be25a3b839debc10817670fac0c20660a87bea12" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 19 16:33:36 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:52:41 2023 +0000" }, "message": "metropolis/node/core/metrics: allow exporters without executables\n\nChange-Id: I8f05c5a2a59018e8979c48a0253f2c068a71e5cd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1949\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "be25a3b839debc10817670fac0c20660a87bea12", "tree": "df5c6ef648ad41fb5037a53976835709737454bd", "parents": [ "b551b65225b7398ed4eb8b3361f50c7998f56ce1" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 19 16:31:56 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:52:41 2023 +0000" }, "message": "metropolis/test/launch/cluster: expose metrics port\n\nChange-Id: I2ef17374db665c5491f9594de2ae4474be5163a4\nReviewed-on: https://review.monogon.dev/c/monogon/+/1948\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "b551b65225b7398ed4eb8b3361f50c7998f56ce1", "tree": "3ae89cf74847693ae13f2c18063a48d4fb8563ba", "parents": [ "5d0906e1db869ddeac081567b469671a5ff25f7c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 16:01:42 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:45:04 2023 +0000" }, "message": "metropolis/node/core/metrics: implement http_sd discovery endpoint\n\nWe provide prometheus metrics but dont have a way to discover all nodes,\nthis change implements a new http endpoint: /discovery. It implements the\nhttp_sd api and returns all current cluster nodes including their roles as\nlabel.\n\nChange-Id: I931a88e2afb285482d122dd059c96f9ebfab4052\nReviewed-on: https://review.monogon.dev/c/monogon/+/1934\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5d0906e1db869ddeac081567b469671a5ff25f7c", "tree": "c12afd970111219040b457fc739823513fcb2957", "parents": [ "ffbf393575c52f7444f66d4bef86ecd81e3fdb98" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 20 20:23:57 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:45:04 2023 +0000" }, "message": "metropolis/test/util: move TestCurator to utils package\n\nTo use it inside other tests this change moves the TestCurator\nto allow usage inside other tests\n\nChange-Id: I75be31f490eb84e5c9bc56b65317ea5483415dcf\nReviewed-on: https://review.monogon.dev/c/monogon/+/1954\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ffbf393575c52f7444f66d4bef86ecd81e3fdb98", "tree": "05d223a1d481de0e9725997174d45e5874fad785", "parents": [ "a004576acfd826bf8a2a3371a3fde787afb9629b" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 13:02:42 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 12:36:21 2023 +0000" }, "message": "metropolis/test/util: move in NewEphemeralClusterCredentials from rpc\n\nChange-Id: I41603b19a76ea91c2191b0118183957973fc9ccd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1960\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a004576acfd826bf8a2a3371a3fde787afb9629b", "tree": "09a029faa89414ea4e7ceaaaa4a424e2ea20f3ae", "parents": [ "9933ef0d18cf42a604fc7ed25cec3e05f8ab6368" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jul 20 19:27:41 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Fri Jul 21 12:04:38 2023 +0000" }, "message": "Set flaky\u003dTrue on roleserve_test and memory_test\n\nThese are frequent CI failures.\n\nChange-Id: Ic45f4dcd22bb608bc96da84c9de74faae1f8daab\nReviewed-on: https://review.monogon.dev/c/monogon/+/1953\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "9933ef0d18cf42a604fc7ed25cec3e05f8ab6368", "tree": "484c711598ccef01f2218564a79a8352c657958b", "parents": [ "394b67e4208e1b2f06e61ab7e69ae58f444a56d8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 06 18:28:29 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 20 11:48:17 2023 +0000" }, "message": "m/p/efivarfs: BootOrder fixes\n\nThis doesn\u0027t need to be a pointer as it\u0027s a slice.\nThere was also a bug left in here because it previously skipped over\nthe attributes field which we now treat separately.\n\nChange-Id: Icc80496e9bc826ae11201f96a703fb80f97c478a\nReviewed-on: https://review.monogon.dev/c/monogon/+/1913\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "394b67e4208e1b2f06e61ab7e69ae58f444a56d8", "tree": "76280f2c02e4afe2f9ace484f7fd61040326df47", "parents": [ "4f28b9ed6387dc22225f5e60a78f91ab8e3d65bd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 19 17:34:34 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 20 10:54:36 2023 +0000" }, "message": "m/cli/metroctl: implement buildkind\u003dlite\n\nUsers can now build metroctl with:\n\n bazel build //metropolis/cli/metroctl --//metropolis/cli/metrocli:buildkind\u003dlite\n\nTo request a metroctl built without a direct dependency on the rest of\nMetropolis. Such a metroctl tool will not be able to run `genusb`\nwithout manually specifying a metropolis bundle and metropolis installer\nkernel.\n\nChange-Id: Ic8c135392a7d0ec3120e5dbed8fd6636de578633\nReviewed-on: https://review.monogon.dev/c/monogon/+/1947\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "4f28b9ed6387dc22225f5e60a78f91ab8e3d65bd", "tree": "6b0e7b9014a99a92e23e0a5d2d7c25a8a4e566ba", "parents": [ "46a45f941632de6ef0085eee373a6c3dad5e9f53" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 19 17:11:05 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 20 10:54:36 2023 +0000" }, "message": "m/n/core/identity: decouple from localstorage\n\nChange-Id: I825bc7d71f9866b0052e550f0d113bd8bc726fdc\nReviewed-on: https://review.monogon.dev/c/monogon/+/1946\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "46a45f941632de6ef0085eee373a6c3dad5e9f53", "tree": "07f2b51255011347175505c94c2a99ebdb0832c4", "parents": [ "9508b12bba50625eaccadc4aacf908ba538e3dd6" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 19 17:09:52 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 20 10:54:36 2023 +0000" }, "message": "m/c/metroctl: move installer dependency to runfiles\n\nThis is the first step in not requiring a full Metropolis build to build\nmetroctl.\n\nThings are still actively coupled at build time, but the resulting\nbinary can now run without any embedded installer.\n\nChange-Id: I55fc53c57ac6d1d3e75a225e7d7c79bae5759b67\nReviewed-on: https://review.monogon.dev/c/monogon/+/1945\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "9508b12bba50625eaccadc4aacf908ba538e3dd6", "tree": "acaf5e1981fc98101f25924a6fb44cf827f826c5", "parents": [ "150f24a5421dc1449d79a801524a7c98754f7bca" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Fri Jul 14 17:54:17 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Jul 19 15:57:32 2023 +0000" }, "message": "*: fully hermetic builds and nix shell support\n\nThis change is a slightly more polished version of Serge\u0027s experiment:\n- https://review.monogon.dev/c/monogon/+/1148\n- https://bin.monogon.dev/pasta/sloth-parrot-ant\n- https://bin.monogon.dev/pasta/eel-seal-wolf\n\nThere are two execution environments we have to support:\n\n- Most builds run inside a sandbox, which is a Fedora\n environment and does not require any host dependencies at all.\n\n- Bazel itself and the tooling we require to bootstrap\n the sandbox (mainly, Go and Proto toolchains). This has to\n work directly on the host.\n\nWe first make the sandbox fully hermetic by setting\n--experimental_use_hermetic_linux_sandbox, which set up an empty /\ninstead of mounting over individual directories, removing any remaining\nhost paths from the sandbox (except /proc and /dev/shm, which are\nrequired by some toolchains). We also force static values for the shell,\n$TMPDIR and $PATH, which would otherwise leak into the sandbox.\n\nFor the host, we use buildFHSUserEnv to build an environment which\nsupports our static toolchains, and well as a clean Bazel build\nwithout all the nixpkgs patches which would otherwise break our custom\ntoolchains and sandbox implementation.\n\nThis allows us to use the exact same toolchains on NixOS and other\ndistros for perfect reproducibility.\n\nFixes https://github.com/monogon-dev/monogon/issues/174.\nFixes https://github.com/monogon-dev/monogon/issues/175.\n\nCo-authored-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nChange-Id: I665471a45b315ce7e93ef16d9d056d7622886959\nReviewed-on: https://review.monogon.dev/c/monogon/+/1929\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "150f24a5421dc1449d79a801524a7c98754f7bca", "tree": "c4f69b7e6260a241f3d946b36eda309e2539ccba", "parents": [ "901c7326fe067707812757e4e9409f756edf0e37" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 13 20:11:06 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 19 12:17:34 2023 +0000" }, "message": "metropolis/test: use localregistry\n\nThis removes everything but the preseed test image from the preseed\nimage pool, instead opting to serve all test image via localregistry.\n\nThe registry API is served from a dedicated IP inside the virtual\nnetwork and forwarded to an ephemeral listener on the host. The relevant\ninfrastructure is added to the launch package.\n\nAs it is required to add configuration to containerd for this registry\nanyways as it does not and should not have TLS we take that opportunity\nto give it a descriptive name (test.monogon.internal).\n\nVisibilities of images are also adjusted as they are now referenced much\ncloser to their point of use.\n\nAgainst main this saves 51MiB in bundle size (289MiB -\u003e 238MiB).\n\nChange-Id: I31f732eb8c4ccec486204f35e3635b588fd9c85b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1927\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "901c7326fe067707812757e4e9409f756edf0e37", "tree": "f07f9dc363f0448076024ec4217858dcf47bcb88", "parents": [ "3df66ebf2ae75de9e62302332412655e8fb45d04" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 13 20:10:37 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 19 11:54:30 2023 +0000" }, "message": "m/p/localregistry: init\n\nAdds the localregistry package, which serves Bazel-built container\nimages via the Docker/OCI V2 registry API.\n\nThis will be used to serve test images instead of preseeding them.\n\nChange-Id: I0c2ceb9a83f807c9c87ab03bc1141ca67cc64268\nReviewed-on: https://review.monogon.dev/c/monogon/+/1926\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "3df66ebf2ae75de9e62302332412655e8fb45d04", "tree": "afe917d9fa6eba01dbc9aac0b59a7a189c3c64ce", "parents": [ "f0ec0f670512f82b8e1428acd577ffe1693d1f8f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 15:58:07 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 18 14:52:36 2023 +0000" }, "message": "metropolis/node/core/metrics: configure node-exporter collectors\n\nTo have a better overview over the nodes we enable additional collectors\nand tell the filesystem collector to not report high cardinality mountpoints.\n\nChange-Id: I267c7c82d671f03c037aabcb067a06fdf29aef65\nReviewed-on: https://review.monogon.dev/c/monogon/+/1933\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "f0ec0f670512f82b8e1428acd577ffe1693d1f8f", "tree": "690b280b94ed797149986fbbbd697ca216386235", "parents": [ "e95007b7090921e2aa4fdc24fea3d23f1bda048e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 13:43:38 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 18 13:58:24 2023 +0000" }, "message": "metropolis/cli/metroctl: add cert export command\n\nTo scrape metrics we currently need the owner certificate in a usable format.\n\nChange-Id: Ic6695b14a764d71d9c7b698c113fe0109d5820bf\nReviewed-on: https://review.monogon.dev/c/monogon/+/1932\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e95007b7090921e2aa4fdc24fea3d23f1bda048e", "tree": "2884539aa61dcf8a8390299869fa63999382f841", "parents": [ "5c829a4aae48ab0f81f24cde89cf8a85e4adcf3e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 19:05:30 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 18 12:01:46 2023 +0000" }, "message": "metropolis/node: pretend usage of metropolis ports as node port\n\nWithout this additional change, the repair job detects that we are not\nusing the ports with a service. Since we are using them just not with a\nservice, lets just pretend to have a valid service\n\nChange-Id: Ia226415393031761bdf1d683a8389db65f76bcec\nReviewed-on: https://review.monogon.dev/c/monogon/+/1938\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5c829a4aae48ab0f81f24cde89cf8a85e4adcf3e", "tree": "1734b3ea9565bf167405d1c4dd85a15272a76537", "parents": [ "800e7c9514c1ea5aa9267a19217086363d6d8c4d" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Fri Jul 14 17:41:42 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Jul 17 10:06:40 2023 +0000" }, "message": "third_party/chrony: fix chrony source\n\nThe Git snapshot download currently returns a 500 status code.\nDownload the official release instead.\n\nChange-Id: I673584ec2ea6152ca7338bd3609d2264d31b69bd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1928\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "800e7c9514c1ea5aa9267a19217086363d6d8c4d", "tree": "3543adb39b0f1ba5d84f651a2840edc885b7dce4", "parents": [ "d1c392a788043f2bd82d936a334bd01e1be97421" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 12 22:37:39 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 13 10:23:27 2023 +0000" }, "message": "m/p/tpm: fix garbage when logging PCRs\n\nCasting an int to a string causes it to be interpreted as a byte of an\nUTF-8 string, not converted to the respective UTF-8 character(s).\nUse strconv instead to actually convert the integers to valid UTF-8\ntext.\n\nChange-Id: I4878d9312f2fd2f2401e7fc3ba0e7a69cbca4d9e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1925\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "d1c392a788043f2bd82d936a334bd01e1be97421", "tree": "1bdf2d7a4d7a54b2d8bda0c3c729eb2c9eef90a4", "parents": [ "0553f885b84ca97384ffdb942b30c67d23166a16" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 06 19:10:56 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jul 11 10:48:05 2023 +0000" }, "message": "m/n/kubernetes: fix CSI local PV publishing\n\nExperimentally confirmed to fix pods stuck in creating because the\nmount syscall failed with ENOENT because the target directory did not\nexist. The current CSI spec now explicitly says that creation of\ntarget_path is the responsibility of the storage plugin, so let\u0027s\nactually create that directory.\n\nChange-Id: I57d8086f2e70040095206c36e4302b352d06bb84\nReviewed-on: https://review.monogon.dev/c/monogon/+/1914\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "0553f885b84ca97384ffdb942b30c67d23166a16", "tree": "aacfd7d09e462de3c5cfc4cb5cb23840e0b5f6c3", "parents": [ "93910e666218954def8e1e3b304909f7dbb7a1b5" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Sat Jul 08 22:13:30 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Jul 10 11:33:56 2023 +0000" }, "message": "webug: shrink tabs in monospace areas\n\nThis makes prototxt output more readable by saving\nsome horizontal space.\n\nChange-Id: Ia0703f280dfb8c8dd9e3899cc20cefc81773d1e1\nReviewed-on: https://review.monogon.dev/c/monogon/+/1921\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "93910e666218954def8e1e3b304909f7dbb7a1b5", "tree": "bc584ab34d4c5e0caa094d94bcee99ccf01f50a7", "parents": [ "7d1a0dee36f43f232481eb7ca4ec5d520a526907" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 06 16:15:06 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 06 23:09:14 2023 +0000" }, "message": "m/n/core/curator: fix clusternet sync issues\n\nClusternet sync was broken whenever a node just started a curator\nwatcher, as the curator\u0027s codepath to serve the backlog wasn\u0027t copying\nover clusternet data.\n\nThis shouldn\u0027t have happened, especially as we implemented a unified\nfunction to convert node data into node update data, we just forgot to\nuse it during the initial backlog generation code on the curator.\n\nI\u0027ve spent some time trying to come up with a testcase that would\nautomatically catch any further bug of this type, but that\u0027s not really\ndoable without having more formalized type casts between all the\ndifferent types a node can be encoded in (curator in-memory, curator\nproto state, api node object). But we do still update one of the curator\ntests to catch this particular regression.\n\nChange-Id: I203d9a41b735db63d076c7e68a9fc6fe2f795ab4\nReviewed-on: https://review.monogon.dev/c/monogon/+/1912\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7d1a0dee36f43f232481eb7ca4ec5d520a526907", "tree": "f63118614604040cdea0edfbfd7b644a124e8cda", "parents": [ "0300077941db0edfdcac0ae42e4a5dad3e8d3fd7" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 05 01:17:15 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 05 09:31:04 2023 +0000" }, "message": "m/cli/metroctl: implement `k8s configure` command\n\nChange-Id: I3da7a627b1ada462e62b739bde2073743262e23e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1905\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0300077941db0edfdcac0ae42e4a5dad3e8d3fd7", "tree": "979cfc5f4269d3428b725acd79b9a216db8a6f82", "parents": [ "a2ee88d585b9b8603f47544c95f09b380b92b5e2" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 03 02:19:28 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 04 18:58:49 2023 +0000" }, "message": "metropolis/node: allow all ports as NodePorts except special ones\n\nAs we dont have hostPort implemented we can only provide NodePorts to\napplications. To allow apps to use all ports we have to increase the range\nbut have to prevent them from using reserved metropolis ones. This is\ncurrently prevented by patching the allocator and hardcode all of them.\n\nChange-Id: I7c0e8b17643d1ec03e1a1b678bc6276881b1c5e5\nReviewed-on: https://review.monogon.dev/c/monogon/+/1884\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a2ee88d585b9b8603f47544c95f09b380b92b5e2", "tree": "c92d30b80722b0c47130e35fde86c20875471659", "parents": [ "f83f5037ab5e09b7c57a01fe7ff3c2eba3b69f4c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 04 14:58:10 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 04 18:58:45 2023 +0000" }, "message": "cloud: package scruffy into the cloud container bundle\n\nChange-Id: Ic82e2d530dd4a3f97c4985427754d38ad4afcfc1\nReviewed-on: https://review.monogon.dev/c/monogon/+/1896\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f83f5037ab5e09b7c57a01fe7ff3c2eba3b69f4c", "tree": "99286697f55a59cd15a6331ee64a70b0e046d3cc", "parents": [ "7e0649b4ea4e450dde5ea309d984209226d995a3" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 04 14:59:14 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 04 18:58:40 2023 +0000" }, "message": "WORKSPACE: add gazelle generate directive for this monorepo\n\nTo allow usage of metropolis code inside other repositories via e.g.\npatches, we need to expose metropolis as gazelle repository\n\nChange-Id: I07ab413d66aef2be67f78c80ad8202204e788d76\nReviewed-on: https://review.monogon.dev/c/monogon/+/1897\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7e0649b4ea4e450dde5ea309d984209226d995a3", "tree": "6491043e47a6e8288c3e0887666f21103b6e5812", "parents": [ "0e06e57b7d9a3cc6050bfacfeead3eb54ec8fd29" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jul 04 18:07:34 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jul 04 18:58:09 2023 +0000" }, "message": "third_party/go: remove etcd-fix-stub.patch\n\nThis doesn\u0027t seem to be necessary anymore, tests pass without this.\n\nChange-Id: Ia56b49f7b1c96978af45b42bb72b4618344f08d2\nReviewed-on: https://review.monogon.dev/c/monogon/+/1902\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0e06e57b7d9a3cc6050bfacfeead3eb54ec8fd29", "tree": "e3e6e2b894c55d84295fb949902fb5c9f7297115", "parents": [ "5308730b6181304ae1d34acf0f2bea6c4cb65339" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jul 04 17:41:22 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jul 04 18:58:06 2023 +0000" }, "message": "third_party/go: remove unreferences patches\n\nChange-Id: Idd00b552c621e3a227fc097e175f0c82fa1a7249\nReviewed-on: https://review.monogon.dev/c/monogon/+/1901\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5308730b6181304ae1d34acf0f2bea6c4cb65339", "tree": "f54596d0c24dd78aa64a97c72d24763b8892e818", "parents": [ "12c814085ac4b58922ca5d88ee571b8ee5ee7ece" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 27 16:36:31 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 04 10:47:13 2023 +0000" }, "message": "cloud/bmaas/bmdb: correctly handle installation report\n\nPreviously we ignored the result of an installation report.\nThe bmdb does now store the result and correctly triggers\na recovery flow of the installation fails.\n\nChange-Id: Ie8445cf9178ba84c6362b61ef8fa47208ab690be\nReviewed-on: https://review.monogon.dev/c/monogon/+/1865\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "12c814085ac4b58922ca5d88ee571b8ee5ee7ece", "tree": "a392fb27ca7e53b9e528e1b1bba7125dcf7e3ac0", "parents": [ "72a903fb7b60d629a8f25a2eadf34c7fa1948c10" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 03 02:16:08 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 03 13:55:41 2023 +0000" }, "message": "cloud/shepherd/equinix/cli: replace old argument handling and wrong loop\n\nChange-Id: I1c1657432296170a6a214d4a5907c86c8a3daeec\nReviewed-on: https://review.monogon.dev/c/monogon/+/1883\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "72a903fb7b60d629a8f25a2eadf34c7fa1948c10", "tree": "1189b483e1984a0e26fc20aac901d32264f3b1fc", "parents": [ "521a83591361c7c0353944a1e742eb70e013cf9b" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 27 15:49:36 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 03 13:50:27 2023 +0000" }, "message": "cloud/shepherd/equinix/cli: Rename servers before deletion\n\nThis avoids collisions when redeploying servers\n\nChange-Id: I94c8c5e0b1b601ee6513f7baddb251053ce9430b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1864\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "521a83591361c7c0353944a1e742eb70e013cf9b", "tree": "63f4d9499151fb7416318f0f2bdc12f3c1f37523", "parents": [ "a0bc6d3f0ce4f3a73eb0019e4f18f508ee36ce21" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 29 12:38:17 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 03 13:40:32 2023 +0000" }, "message": "m/n/core/clusternet: avoid spurious updates, log more\n\nThis should make debugging\nhttps://github.com/monogon-dev/monogon/issues/235 easier, as I haven\u0027t\nbeen able to replicate it locally.\n\nChange-Id: I23f1a1d3d22841558e0db3e32b76b8bb8319fd3d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1876\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a0bc6d3f0ce4f3a73eb0019e4f18f508ee36ce21", "tree": "6f77b3184d1cd558dfd8f29437fb61c2e74df431", "parents": [ "3722025f8ed0b46eb7f48c7c0fbfc53de9e84340" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 28 18:57:40 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 03 08:03:11 2023 +0000" }, "message": "m/test/e2e: split core/kubernetes tests, clean up\n\nThis splits the large TestE2E function into two separate functions and\ntests: one which exercises the core functionality of Kubernetes, the\nother which exercises just the Kubernetes bits.\n\nThis allows for easier testing during development, and generally trades\noff higher resources usage for faster execution time in CI.\n\nAt the same time we do some small cleanups of the E2E functionality:\n\n 1. Node startup is now parallelized.\n 2. Non-bootstrap nodes can now be left in NEW (this was used in\n diagnosing issue #234, but it currently unused in the main code).\n 3. Kubernetes access now goes over SOCKS.\n 4. Some Cluster helper functions have been added.\n\nAll in all this should allow us writing more E2E tests in the future,\nand at some point also maybe turn Cluster into an interface that is\nimplemented both by the current framework but also some persistent tests\nrunning against long-term VMs/physical machines.\n\nChange-Id: Ia4586b2aaa5fc8c979d35f4b49513638481e4c10\nReviewed-on: https://review.monogon.dev/c/monogon/+/1870\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3722025f8ed0b46eb7f48c7c0fbfc53de9e84340", "tree": "34c8a1fbe2a6996ace1fe1b9e893b550bffd9ba3", "parents": [ "ca1cff0f214a1ed5ee967d421f5fe1fd5afa756d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 29 12:39:08 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 29 10:46:39 2023 +0000" }, "message": "m/n/core/devmgr: load modules in separate goroutines\n\nIf we spend too much time processing kobject uevents, we get an ENOBUFS\nerror:\n\n root.devmgr: error receiving kobject uevent: no buffer space available\n\nThis is a hot-fix for this issue. A better solution would be to have a\nsingle goroutine that handles all loading in order to avoid goroutine\nleaks. But this will do for now.\n\nChange-Id: Id085e1e489760c33b1f278dd7c17bf58c01bdad8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1877\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ca1cff0f214a1ed5ee967d421f5fe1fd5afa756d", "tree": "7ea16e63681ad4695f7d7cd1115c0168fc553d4b", "parents": [ "4599aa2dfa42a7b694ad295bc700db03de96d7f5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jun 26 17:52:44 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 29 10:41:38 2023 +0000" }, "message": "m/p/efivarfs: refactor\n\nThis accomplishes three things:\n\nFirst, split out the variable access layer from the rest of the code.\nThis cleans up the attribute handling, which is now done centrally as\nwell as making the high-level functions very short and clean. They now\nalso return better errors.\n\nSecond this introduces proper types for LoadOption, which can now also\nbe unmarshaled which was a requirement for A/B updates. This required\nimplementation of EFI\u0027s DevicePath structure.\nWhile refactoring the higher-level functions for this, this also\nfixes a bug where the variable index (the 4 hex nibbles at the end) were\nimproperly generated as lowercase hex.\n\nThird, this adds new high-level functions for interacting with more\nboot-related variables needed for the A/B effort.\n\nChange-Id: I53490fa4898a5e7a5498ecc05a9078bd2d66c26e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1855\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "4599aa2dfa42a7b694ad295bc700db03de96d7f5", "tree": "411035d2b647dcb1adc68db8f22c4384befa8294", "parents": [ "6f5995153827f2b191cc2faebe21ca58764af33b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 28 13:09:32 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 28 12:20:57 2023 +0000" }, "message": "m/n/k8s: fix start after unclean shutdown\n\nBoth the kvmdevice as well as the CSI runnables listen on Unix sockets.\nThese are normally removed on close (this is actually the default for\nsockets opened wiht ListenUnix, thus drop setting this), but when an\nunclean shutdown occurs they persist. Since one cannot listen on an\nalready-existing socket, opportunistically remove them before listening.\n\nChange-Id: I11d986a2816fde3d7ffef0817ae3bbf39bba4faf\nReviewed-on: https://review.monogon.dev/c/monogon/+/1867\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "6f5995153827f2b191cc2faebe21ca58764af33b", "tree": "e80d2e3c933116c3488145949d9114de8576511f", "parents": [ "de097947a7c54f1d5e0abb30b18539637a3245d2" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 26 19:08:19 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 27 19:40:23 2023 +0000" }, "message": "cloud/bmaas/bmdb/scruffy: initialize, implement BMDB metrics\n\nThis creates a new BMaaS component, Scruffy the Janitor.\n\nScruffy will run a bunch of housekeeping jobs that aren\u0027t tied to a\nparticular provider or even region. Currently Scruffy just collects BMDB\nmetrics by periodically polling the BMDB SQL database.\n\nChange-Id: Icafa714811757eaaf31fed43184ded8512bde067\nReviewed-on: https://review.monogon.dev/c/monogon/+/1819\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "de097947a7c54f1d5e0abb30b18539637a3245d2", "tree": "579a5de8cd4cb379d708f676bb6897acee00dffc", "parents": [ "d69848409ba4f34102f709f591e1432e6b458856" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 27 13:55:10 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 27 19:40:23 2023 +0000" }, "message": "go/algorithm/cartesian: implement cartesian product\n\nChange-Id: I9553266ce64a104f5b8bab2e83d9d7234994cd4b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1863\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d69848409ba4f34102f709f591e1432e6b458856", "tree": "0dbd46449cb0fa070835f2238c4eda5edbb72461", "parents": [ "a551c58f3ceb3af37e5e596c3b5fc84609d6e429" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 27 11:31:48 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 27 10:19:47 2023 +0000" }, "message": "intellij: update patch\n\nBroken by upstream: https://github.com/bazelbuild/intellij/commit/464dbd5cfbbe9b63b928d9b5b01e3156a9b2ec95\n\nChange-Id: I41bc0f333ea68636c35721dfc9d60c35ed687cd8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1859\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "a551c58f3ceb3af37e5e596c3b5fc84609d6e429", "tree": "90f380e1401e6da73762c027c5fb4df9dd357774", "parents": [ "8481f7506b4c67de54fa96b5510007dc2c66a348" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 27 01:09:09 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 27 10:07:47 2023 +0000" }, "message": "m/t/e2e: adapt runtime test\n\nSince we\u0027re now defaulting to runc, test gVisor separately instead of\nrunc.\n\nChange-Id: Idbf9c961526ea82e20113286fd801553ad785aa9\nReviewed-on: https://review.monogon.dev/c/monogon/+/1858\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8481f7506b4c67de54fa96b5510007dc2c66a348", "tree": "591d0e285c1d36aeb813b75c0f8d76e62b688a2d", "parents": [ "a380d67c4f648aaf576adba0ea22d40d3782bf44" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 27 00:51:28 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 27 10:07:32 2023 +0000" }, "message": "m/n/c/network: fix SNAT\n\nThe previous change to this broke clusternet as it tried to masquerade\ntraffic destined to that interface, but that is an unnumbered interface,\ncausing the masquerade to fail and all inter-node traffic to be\nrejected. Fix this by including the clusternet interface in the list of\ninterfaces not to NAT for.\n\nChange-Id: I4a79a1978b1aa449fca1dd2d0a2b0a5decc63ea8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1857\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a380d67c4f648aaf576adba0ea22d40d3782bf44", "tree": "eead98807b56e6ab66eca83102119c5a5477209c", "parents": [ "7053598586ab00378938c245b7ad748f671a991d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jun 26 13:17:42 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jun 26 13:48:52 2023 +0000" }, "message": "m/n/core/rpc/resolver: log current processor state on watcher error\n\nWe seem to be having some resolvers getting stuck in production like so:\n\nI0626 09:52:39.708844 resolver.go:275] CURUPDATE: error in loop: when receiving node: rpc error: code \u003d Unimplemented desc \u003d unknown service metropolis.node.core.curator.proto.api.Curator\nI0626 09:52:39.708850 resolver.go:276] CURUPDATE: retrying in 10.040771699s...\n\nThis introduces extra logging that should help us figure out what\nexactly broke, or at least bring us a bit closer to figuring it out.\n\nChange-Id: I658cff6ae86e9124141b5d2c36dceafa377842e9\nReviewed-on: https://review.monogon.dev/c/monogon/+/1852\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7053598586ab00378938c245b7ad748f671a991d", "tree": "fd52caf5360282ca315e98e407a4d42f906a2800", "parents": [ "60d6b902d66a4c5c0a2a926c85936935106b9180" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 22 19:37:38 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jun 26 11:44:11 2023 +0000" }, "message": "m/n/c/rpc/resolver: dampen curator updates\n\nThis makes the resolver only process node updates if some curator data\nwas actually changed.\n\nFixes https://github.com/monogon-dev/monogon/issues/233\n\nChange-Id: I790adfc4aa3562864faf807d32ac00d9e3bd0bea\nReviewed-on: https://review.monogon.dev/c/monogon/+/1851\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "60d6b902d66a4c5c0a2a926c85936935106b9180", "tree": "d0d690bb830ebd611318626110db510015b5ce58", "parents": [ "62a1edd234557c46facfd23661ff08c37c8e911f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 20 16:02:40 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jun 26 11:34:08 2023 +0000" }, "message": "m/p/gpt: switch to msguid\n\nReplaces the old UUID mangling code with the newly-introduced msguid.\n\nChange-Id: I667e41c28959b4b95265c1ffdcf7f5bfcad4083d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1850\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "62a1edd234557c46facfd23661ff08c37c8e911f", "tree": "7555b7996b1761d6eef4777a2ea482520b2c1db2", "parents": [ "b390d715897e29064102257f4837959e694f9bf9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 20 16:01:44 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jun 26 11:34:03 2023 +0000" }, "message": "m/p/msguid: init\n\nAdds a new msguid package which contains functions for encoding and\ndecoding Microsoft\u0027s mixed-endian GUID/UUID format. This format is\nused by Microsoft as well as a bunch of UEFI-related standards.\n\nChange-Id: Icca8ef7ad7f7359808ea7f19e3824639f7b1e2eb\nReviewed-on: https://review.monogon.dev/c/monogon/+/1849\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b390d715897e29064102257f4837959e694f9bf9", "tree": "4d705eb9b84b87f3be6c3da31d24bf959da1f768", "parents": [ "3546615448c39dff683bb1723344ed283b279d46" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 21:47:59 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jun 26 09:32:41 2023 +0000" }, "message": "m/n/c/curator: clean up stale leader election after reboot\n\nThis is useful if we reboot a leader and it comes back while its\u0027 old\nstale leader election key/value is present.\n\nWithout this, other nodes would continue to connect to the newly\nrebooted leader even though it is not a leader anymore, confusing\nthemselves and cluster operators in the process.\n\nChange-Id: I306e7040550084ef39ab20c3c289a3137145a2d9\nReviewed-on: https://review.monogon.dev/c/monogon/+/1845\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3546615448c39dff683bb1723344ed283b279d46", "tree": "ed3285dfa7a0adcc76f64766707a28e24d0373e4", "parents": [ "2f7e0a281e72ae45fff6c4d79934442367475b81" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 20:01:11 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jun 22 17:12:03 2023 +0000" }, "message": "m/n/core/localstorage/crypt: read partition data from uevent\n\nPreviously we only checked the blockdevices itself,\nbut in the real-world the minor-id is not always the partition offset.\nThis scans all blockdevs that are partitions and creates them correctly\n\nChange-Id: I8f3d99761e9e883783b398496ec8b35f28f3557d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1813\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "2f7e0a281e72ae45fff6c4d79934442367475b81", "tree": "4dcd2233a274bef4645c4bfbbbd62f072d11481a", "parents": [ "c49b207a66a994ccda382d685022d08cbd9ee582" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 22 16:56:13 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 22 16:36:33 2023 +0000" }, "message": "m/node: enlarge K8s networks\n\nFor bigger clusters, the current 10.0.0.0/16 subnet is far too small.\nSwitch to 10.192.0.0/11 which should be out of the way of most of our\ntest infra and is large enough for 8192 nodes with 253 pods which is\nbig enough for the time being. Also migrate the service network\nto 10.224.0.0/16 and make it much bigger. It does not need to be in the\npod CIDR, so move it out of there.\nBut for large clusters this will continue to be a problem until we have\na better allocation algorithm or switch to IPv6 with 464xlat (which\nis not supported on Linux currently however).\n\nChange-Id: Ib3a019fffacec2172721f04c01133b44bffba73b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1848\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c49b207a66a994ccda382d685022d08cbd9ee582", "tree": "b0eed5a22bdb110ea4c115a2bea403e1e00e5dc2", "parents": [ "51a3ed59a1408fe5d8103dca5b6a04dbaa4e5b6a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 23:12:01 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 22 12:38:25 2023 +0000" }, "message": "m/n/core/net/hostsfile: do not stomp over cluster directory\n\nIf we join a cluster after reboot, we already have a cluster directory\non the ESP. We should not write over it with an empty one, but instead\nwait until we\u0027ve received a recent copy of it from the cluster.\n\nFixes https://github.com/monogon-dev/monogon/issues/228\n\nChange-Id: Ibbfa23009eaa9feb99a332ac0c5e17dd89aea7bf\nReviewed-on: https://review.monogon.dev/c/monogon/+/1846\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "51a3ed59a1408fe5d8103dca5b6a04dbaa4e5b6a", "tree": "b17dd748b088b4c7899c4aee0a1ab862a59509b4", "parents": [ "186109c55db3121749311fc2e954be0eaccdf249" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 21 16:45:15 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 22 12:33:31 2023 +0000" }, "message": "m/n/k/containerd: change default runtime to runc\n\nFor high-security usecases it might still make sense to force gVisor,\nbut generally people expect runc as the default runtime. gVisor can\nstill be used by specifying a runtimeclass in the pod.\n\nChange-Id: Idc02275fd00c2a7dff3ce6949268294afa5644eb\nReviewed-on: https://review.monogon.dev/c/monogon/+/1839\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "186109c55db3121749311fc2e954be0eaccdf249", "tree": "d65cd1416c480bf517bede017f5688ad4352e0ab", "parents": [ "d2fc01fb49e7f1decb534a9ae8da7ba8814406d9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 16:57:36 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 21:52:37 2023 +0000" }, "message": "m/n/core/roleserve: persist node roles across reboots\n\nThis allows us nodes to attempt to bring up some services before they\nget fully connectivity to the cluster.\n\nThis is especially useful if a node cannot establish connectivity to the\ncluster, eg. because it\u0027s the only control plane node that just started\nup.\n\nFixes https://github.com/monogon-dev/monogon/issues/226\n\nChange-Id: I030ccc02851e74ceb8dc043203083aa5b6854b55\nReviewed-on: https://review.monogon.dev/c/monogon/+/1842\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d2fc01fb49e7f1decb534a9ae8da7ba8814406d9", "tree": "3b4991d6c8cd45e40066dbc1ebe9c66b508d10ce", "parents": [ "6a09bd5dbf49c438dc9c5743c8724ddc6efbe505" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 16:49:23 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 21:52:37 2023 +0000" }, "message": "m/n/core/n/hostsfile: only persist control plane nodes in ClusterDirectory\n\nThis fixes some ugly startup issues where a node attempts to communicate\nvia control plane protocols to nodes that have no chance of running the\ncontrol plane.\n\nIn general, the Cluster Directory predates the split between control\nplane and worker nodes, and its definition should likely be formally\nupdated to only contain control plane nodes.\n\nChange-Id: Ie290829a010aef0c3a587326e864fe93bf991220\nReviewed-on: https://review.monogon.dev/c/monogon/+/1840\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "6a09bd5dbf49c438dc9c5743c8724ddc6efbe505", "tree": "d4829766a1844f761187c70a44b5101363d8637c", "parents": [ "eca5af965b6d95d953066a298ee896791ee00796" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 21 17:40:32 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 21 16:04:12 2023 +0000" }, "message": "m/n/c/network: make SNAT generic\n\nThis changes the SNAT/Masquerade rule from being a thing set up per\ninterface which was only implemented by the dynamic network runnable to\na generic rule set up by the general network service part shared between\nthe static and dynamic implementations. It also tries to avoid NATing\nhost-originated traffic. Matching on interface names is argubly ugly but\nthe alternative is patching CNI plugins, which is also ugly.\n\nChange-Id: I7ec40fc244ae4689b6f96ab87dbebe9a6c43dd70\nReviewed-on: https://review.monogon.dev/c/monogon/+/1844\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "eca5af965b6d95d953066a298ee896791ee00796", "tree": "095d92aeddcd7861b4c204bc2a9abb5db24977cb", "parents": [ "2876efab007ae58856891dbe5cb3e985d948c6d9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:31:37 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 15:01:58 2023 +0000" }, "message": ".bazelrc: add go tags: {net,osuser}go\n\nThis makes our code not use glibc-based implementations of user and host\nresolution even when cgo is enabled for race detection.\n\nChange-Id: I162105ef58291dc225fb158b56c93cfb7bce9a54\nReviewed-on: https://review.monogon.dev/c/monogon/+/1834\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "2876efab007ae58856891dbe5cb3e985d948c6d9", "tree": "25d2194ef0afd0337d12725dc5848ad870923a22", "parents": [ "83b2a3612d375d60f97500352c1f8a2197c99645" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:30:40 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 15:01:51 2023 +0000" }, "message": "third_party/go: disable btrfs in containerd\n\nThis makes sure that if we build with cgo enabled (for race testing) we\nstill don\u0027t attempt to build btrfs.\n\nChange-Id: Ic608188ad1dc0b21c9f1822afa2b455bfd56959f\nReviewed-on: https://review.monogon.dev/c/monogon/+/1830\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "83b2a3612d375d60f97500352c1f8a2197c99645", "tree": "aba96d8a6503d92983f365dd27fa7e81f511c53c", "parents": [ "9fd3c3de3d48f328c5771f3659235774aa7df984" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 22:15:25 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 20 16:36:17 2023 +0000" }, "message": "m/n/core/cluster: dont print cluster directory\n\nIf a cluster has hundreds of nodes, the bootup will print all of them.\nWhen you have a particularly slow serial connection,\nit can hide crash reports and other more important messages.\n\nChange-Id: I50b75795ec3ebadefe364bf94c3b907c257ffa71\nReviewed-on: https://review.monogon.dev/c/monogon/+/1821\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "9fd3c3de3d48f328c5771f3659235774aa7df984", "tree": "ed1c39faa59c9bfd6a3bdd6a2bdfe6814c73e2f6", "parents": [ "9739a4f0d1a48cbc4e9f6092d3bd471e833bb8c0" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:18:36 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:19:54 2023 +0000" }, "message": "build/toolchain/musl-host-gcc: handle non-workspace-root execution\n\nThis is needed to build stdlib with cgo, which is in turn required for\nthe race checker to be enabled.\n\nChange-Id: Ic81542925a02c626f157dfd8c6650de3dbb30c7d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1832\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "9739a4f0d1a48cbc4e9f6092d3bd471e833bb8c0", "tree": "a0d1048b3a37d0050b0ff5aba250435c039d29be", "parents": [ "30021af6eaf9f2963d83314c283ebdd23fff2674" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:40:21 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:19:47 2023 +0000" }, "message": "build: add cgo to nogo exceptions\n\nSeems like cgo is placing some files in a separate directory in the\nworkspace root.\n\nChange-Id: Icd94dec7281350339f0b1dd88d61556d75982d64\nReviewed-on: https://review.monogon.dev/c/monogon/+/1836\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "30021af6eaf9f2963d83314c283ebdd23fff2674", "tree": "b8be79d10a869ebb1e2aac4a5a89ce187206bb60", "parents": [ "ea6353fd49b3978cfef7f99ada99a99f8bc10715" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:30:11 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:19:43 2023 +0000" }, "message": "metropolis/node/build: allow impure code in root if race checking is enabled\n\nThis allows us to build the root filesystem with race detection enabled.\n\nChange-Id: I370ce2114090f828f0d9843fd4a7dc87c47bd153\nReviewed-on: https://review.monogon.dev/c/monogon/+/1835\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ea6353fd49b3978cfef7f99ada99a99f8bc10715", "tree": "b854dec6f99a7555abc32b1ca27b74b2af815294", "parents": [ "98a6cccb052c5d17f4f2429edf41d57bd74b7ffd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:08:55 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:18:34 2023 +0000" }, "message": "metropolis/clusternet: fix race condition\n\nThis gives the wireguard backend a copy of the peer data instead of a\npointer into mutable memory.\n\nChange-Id: I47ee83f3d484cc809c35d2e1779b519ec60c7c78\nReviewed-on: https://review.monogon.dev/c/monogon/+/1825\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "98a6cccb052c5d17f4f2429edf41d57bd74b7ffd", "tree": "da656463788abd785a884743e5c5f75e0da7f7c7", "parents": [ "c1ce95f7e86c74a76ae2b29986905cb34cb19e56" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:09:12 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:18:27 2023 +0000" }, "message": "metropolis/consensus: fix race condition\n\nThis returns a copy of each status, instead of the same status, possibly\nmutated.\n\nChange-Id: Ic4ed425a38b001b0139a81c46c61af551b966166\nReviewed-on: https://review.monogon.dev/c/monogon/+/1826\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "c1ce95f7e86c74a76ae2b29986905cb34cb19e56", "tree": "aef29ffa1227fe5e8e07b610838489290be2c7a5", "parents": [ "2e9898d28213ec4e3fc48d962c2e2afbc0c6595c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:09:25 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:18:21 2023 +0000" }, "message": "metropolis/rpc: fix race condition\n\nThis hands off a copy of the curator map across a channel instead of the\nmutable map itself.\n\nChange-Id: Ib7f4ed795648517ae19938c52a6cb193f293ac8b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1827\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2e9898d28213ec4e3fc48d962c2e2afbc0c6595c", "tree": "e0c778089bb8a3c67d24dd2db3cbbd302ce823b6", "parents": [ "5b13d8112a63282d12690ce05dbfa245f910d5a9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:09:41 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:18:11 2023 +0000" }, "message": "metropolis/curator: fix race condition in tests\n\ngrpclog cannot be accessed concurrently with gRPC requests possibly\nalready running. Let\u0027s just remove this integration in tests.\n\nChange-Id: I074c583baf3a7f87e76e7dde6080e3efdb19d5c8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1828\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5b13d8112a63282d12690ce05dbfa245f910d5a9", "tree": "f69de58cf76b274e4c83f2472d08b578afb64fdc", "parents": [ "d20af4f15347651efa7b90490f8e657d35281883" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:22:23 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:18:03 2023 +0000" }, "message": "third_party/linux: ignore more configuration settings\n\nChange-Id: Id1117d86d742a94f762f186e6c1f9193dc4e0597\nReviewed-on: https://review.monogon.dev/c/monogon/+/1829\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d20af4f15347651efa7b90490f8e657d35281883", "tree": "49f01ce9ba6d73e06cf7ff3b7184c5db1d9c7b25", "parents": [ "e1a4ac5eaec848a8b1d883c3963cfe399c71cb7d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:08:24 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:06:46 2023 +0000" }, "message": "metropolis/pkg/cmd: fix race condition\n\ncmd.Wait should not be accessed concurrently.\n\nChange-Id: Icaaa1a22b1d23211dc1259af6cf97463228944ae\nReviewed-on: https://review.monogon.dev/c/monogon/+/1824\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e1a4ac5eaec848a8b1d883c3963cfe399c71cb7d", "tree": "ef289013336335c69407d780bbccb614fb258282", "parents": [ "7e1c489409345f7212efdfcdfb105a5bbfd365c2" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 20 12:17:54 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 20 12:33:09 2023 +0000" }, "message": "cloud/agent: generate hwreport only if a first heartbeat was successful\n\nThis is mostly a hack but as we dont have a way (yet) to know when all devices\nare registered, we just wait until the first heartbeat was sent and only after\nthat sent a hwreport. This should at least make sure that all important network\ninterfaces are registered.\n\nChange-Id: Icdfc43c212470dcc37a2f916524b5f29ee42ae42\nReviewed-on: https://review.monogon.dev/c/monogon/+/1823\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7e1c489409345f7212efdfcdfb105a5bbfd365c2", "tree": "be82408747ad02bdd08c6e3b5f0cacfa56d154ca", "parents": [ "54e212a9914ad8003fc4e353f96651340d287c2d" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 20 12:07:02 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 20 12:27:20 2023 +0000" }, "message": "c/shepherd/equinix/wrapngo: correct metric endpoint matcher\n\nAs stated in the error message its projects instead of project\n\nChange-Id: I4bee1fd7821d80280b314b8beaecfd88e48d81fd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1822\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "54e212a9914ad8003fc4e353f96651340d287c2d", "tree": "df3b1624d9679e30aefac9b98b2f9b91523eca0b", "parents": [ "d34299ebe13211802739d698e526be78161eac6f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 14 13:45:11 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 11:37:55 2023 +0000" }, "message": "metropolis: implement Metrics Service\n\nThis is the first pass at a Metrics Service. It currently consists of an\nHTTP reverse proxy which authenticates incoming connections using the\nCluster CA and certificates, and passes these connections over to a\nlocally running node_exporter.\n\nIn the future more exporters will be added, and we will likely also run\nour own exporter for Metropolis-specific metrics.\n\nChange-Id: Ibab52aa303965dd7d975f5035f411d1c56ad73e6\nReviewed-on: https://review.monogon.dev/c/monogon/+/1816\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "d34299ebe13211802739d698e526be78161eac6f", "tree": "2016915e8cb17311904638c13f934b2150b25aa4", "parents": [ "89974c6f9e4f81d6d819d041a7f5286772df7124" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 15 11:07:47 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jun 15 11:47:12 2023 +0000" }, "message": "m/n/core/network/hostsfile: fix nodeMap data race\n\nChange-Id: I7c052691712ebd39e2a23a9497d4d6d0c0ab1e0c\nReviewed-on: https://review.monogon.dev/c/monogon/+/1817\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "89974c6f9e4f81d6d819d041a7f5286772df7124", "tree": "db0e768e42262a04ddb11fa3c1a85420e54b4796", "parents": [ "6d563cac226b327d41d95bf0219b3ff972ab6952" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 14 22:15:10 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 15 10:02:31 2023 +0000" }, "message": "m/n/c/cluster: set StorageSecurity in bootstrap path\n\nCurrently this is only set properly in the register path, causing the\nconfiguration of the bootstrap node to be inconsistent. This causes\nbootup to fail with `Node startup failed: sealed configuration has\ninvalid node unlock key (wanted 32 bytes, got 0)`.\nFix this by also persisting the chosen storage security option in the\nnode configuration when bootstrapping.\n\nChange-Id: I93bf75d412c9aa7c09b5a739ce65b6873d947fd5\nReviewed-on: https://review.monogon.dev/c/monogon/+/1815\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "6d563cac226b327d41d95bf0219b3ff972ab6952", "tree": "02c80c9ad94b0302ffed71fb3b4763104574c394", "parents": [ "634a3cf16ecf4cd551847185e7b539d16ad52d2d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 14 13:44:20 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 15 09:31:47 2023 +0000" }, "message": "third_party/go: pull in node_exporter, add to metropolis rootfs\n\nChange-Id: I5efe5257e7740bf1721f3dd6f130a3c618e33381\nReviewed-on: https://review.monogon.dev/c/monogon/+/1806\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "634a3cf16ecf4cd551847185e7b539d16ad52d2d", "tree": "7653202205bd238b3d9d02c2bf87ae66e277d933", "parents": [ "b37d7d8ef4e318c9d35d34eff79fa0a304ff35aa" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 20:01:33 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 19:19:16 2023 +0000" }, "message": "metropolis/cli/metroctl: dont segfault on missing status\n\nChange-Id: Ib1a594e0ccca0f6a993e651b62e8adcfb9dc1ea4\nReviewed-on: https://review.monogon.dev/c/monogon/+/1814\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b37d7d8ef4e318c9d35d34eff79fa0a304ff35aa", "tree": "d9426085481415352c83263204c81e2796032eed", "parents": [ "c09327c6393202f0b425313a18a834954aeba572" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 19:06:44 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 18:18:30 2023 +0000" }, "message": "metropolis/cli/metroctl: dont write hostPort and report correct context\n\nChange-Id: I9ddccf35cf7a1fe7ee839250ceab0925fe8f0138\nReviewed-on: https://review.monogon.dev/c/monogon/+/1811\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c09327c6393202f0b425313a18a834954aeba572", "tree": "80eebf9133ee9126295b1f3aa1a80578854b830a", "parents": [ "1600d9b3aa84c3259a3e8355cba7702825924b6d" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 17:48:56 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 18:18:30 2023 +0000" }, "message": "metropolis/cli/metroctl: set storage security policy inside installer\n\nWithout it the installed metropolis node will fail initialization\n\nChange-Id: I137107260fc7c4f50052791f58454dd07b98c29c\nReviewed-on: https://review.monogon.dev/c/monogon/+/1809\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1600d9b3aa84c3259a3e8355cba7702825924b6d", "tree": "89699bcfedda33bb6aa7a69a4a9b11d58e6009c6", "parents": [ "98054a1ddb45d9e0246a0f7f7b93f9e90619a544" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 14 20:00:59 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 14 18:16:09 2023 +0000" }, "message": "m/c/metroctl: add newline between unapproved nodes\n\nChange-Id: I1db00eb9396e597a4596ad2b491a75bbcebacd62\nReviewed-on: https://review.monogon.dev/c/monogon/+/1812\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "98054a1ddb45d9e0246a0f7f7b93f9e90619a544", "tree": "52ce0573faf5cddbb60c7ed99463837ba14426c8", "parents": [ "0c2f9ded884f7f54d74a8c251c51231841f71728" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 14 18:16:21 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jun 14 17:07:27 2023 +0000" }, "message": "metropolis/node: fix non-secure TPM/storage policy codepaths\n\nThis fixes enoug things to pass manually ran E2E tests with the initial\ncluster confiugration changed to a number of possible combinations\n(with/without TPM, with authenticated/encrypted/insecure storage).\n\nThese should, of course, be automatically tested. However, that is\npending on the extension of E2E test system that will let it run\nlong-term tests against real clusters. Otherwise we\u0027d just waste tons of\ntime running the entire matrix of possible combinations on every CR.\n\nChange-Id: I71a56f9a31c738ee2b2d4dfa10d2a58fd5cb0554\nReviewed-on: https://review.monogon.dev/c/monogon/+/1810\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "0c2f9ded884f7f54d74a8c251c51231841f71728", "tree": "9a084723cea0b9cc183b694386aa0e322b5d465f", "parents": [ "b7ff592e4f08022df5d980a03a396f4ff5330b29" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 14 15:19:27 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 14 15:41:41 2023 +0000" }, "message": "m/n/c/network: improve restartability\n\nDeletes all newly-added interfaces as well as sets all reconfigured\ninterfaces to down if an error occurs in an effort to improve\nrestartability.\n\nChange-Id: I715514c7f6b7a6f45a1c66333fd540556be2b29b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1808\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "b7ff592e4f08022df5d980a03a396f4ff5330b29", "tree": "fb6173e39e0423c47f897939277ae68bd218e346", "parents": [ "e59e6e1ec670e6315fb8ce7fefd7a8551aec75db" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Jun 14 11:57:41 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Jun 14 11:18:26 2023 +0000" }, "message": "intellij: update aspect path\n\nUpstream change:\nhttps://github.com/bazelbuild/intellij/commit/d1a5ccc3d4d971224faafc6684e0216855e59d47\n\nChange-Id: I287fae1dcff38164eaea3aeaecf768247b8302c5\nReviewed-on: https://review.monogon.dev/c/monogon/+/1805\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "e59e6e1ec670e6315fb8ce7fefd7a8551aec75db", "tree": "bc642135ff1f2911e55942c2f1246c94d2a97370", "parents": [ "6c45434189e387b234109b68b1ed5a8f2cd5b439" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 13 16:11:43 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 13 18:52:29 2023 +0000" }, "message": "cloud/bmaas: first round of indexes\n\nThese are based on inspecting the production database, and should be\nenough to get us out of the woods wrt. BMDB performance.\n\nChange-Id: Ice285f25bc1d2825a04750fc6d62ef0925b9d643\nReviewed-on: https://review.monogon.dev/c/monogon/+/1804\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "6c45434189e387b234109b68b1ed5a8f2cd5b439", "tree": "4cff8bb2fac00df28699559256ce7649b38877e1", "parents": [ "46bf7d6c6437dfbf9dcc1e1d7d80fcc1c601f9b5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 01 12:23:38 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 13 13:44:46 2023 +0000" }, "message": "m/node: build Linux with modules\n\nThis introduces modules into our Linux build. I originally didn\u0027t want\nto do this, this is why this wasn\u0027t done until now. But various things\nin the kernel weren\u0027t set up for this, for example the AMD and Intel KVM\nmodules cannot both be loaded, only the first one loaded works. Also,\nthe Linux kernel cannot load firmware for built-in modules reliably as\nthe filesystem it tries to load it from is not always mounted first,\neven if the kernel itself mounts it.\n\nThe firmware issue was brought up multiple times on LKML, but Linus is\nof the opinion that the firmware should be next to the kernel module,\nthus either built-in (not viable for licensing and size reasons) or the\nmodules need to be loadable and on the same filesystem as the firmware.\n\nThus unless we want to carry signifcant patches against the Kernel in a\ndeadlock-prone area, we are forced to adopt a design with loadable\nmodules (or ship everything twice in an initramfs which is also not\ndesirable).\n\nThe kernel config currently only has the modules as non-builtin which\nrequire firmware, everything else has been left as-is. For boot-time\nperformance it would eventually be a good idea to move to a setup with\nmore modules once we\u0027re confident in the implementation and everything\ncan deal with late-loaded modules/devices.\n\nAs a drive-by fix this also moves the kernel builds to out-of-tree so\nthat we no longer pollute the source folder. Bazel protected us from\nserious issues due to this, but it\u0027s still bad practice.\n\nChange-Id: Iced8e12234565e5b7447e732716651e05e67d55b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1791\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "46bf7d6c6437dfbf9dcc1e1d7d80fcc1c601f9b5", "tree": "19b26feaf61870790ce3b27dac3623cba40e6119", "parents": [ "c7b036bca213962a7e60f3edb47624606799d074" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 01 12:24:19 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 13 13:44:46 2023 +0000" }, "message": "m/n/c/devmgr: init\n\nAdd a minimal device manager based on kobject/uevents. Currently this\nonly loads kernel modules. Further functionality will be added in\nsubsequent CLs.\n\nChange-Id: I444ecdaff3f8ddb9ec169b094ba03e169dd70c4e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1790\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c7b036bca213962a7e60f3edb47624606799d074", "tree": "f0385f1ff6fe9a9fe41f62f32c0079006a1c5038", "parents": [ "5832cd92957a6933c0fd644496d957ea2d8ef36d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 01 12:23:57 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 13 13:44:46 2023 +0000" }, "message": "m/p/kmod: init\n\nThis adds a package for working with Linux kernel loadable modules in\nGo. It contains syscall wrappers for loading and unloading modules, a\nmetadata format for fast lookup of modules handling devices using a\ncustom radix tree, parsers for module info metadata and various utility\nfunctions and data structures.\n\nA significant amount of the code in here has no formal spec and is\nwritten against behavior and information extracted from the reference\nkmod code as well as the Linux kernel itself.\n\nChange-Id: I3d527f3631f4dd1832b9cfba2d50aeb03a2b88a8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1789\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5832cd92957a6933c0fd644496d957ea2d8ef36d", "tree": "23d8faa7707807c1da543dbb91840c308790d694", "parents": [ "0e291a193cbfd0b169e749e7f28adc954a58f560" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 13 13:09:55 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 13 13:26:12 2023 +0000" }, "message": "cloud/bmaas/bmdb/webug: Use a flag for strict consistency\n\nChange-Id: I4ef6372108e4ada94a70525c6ec335e305dca320\nReviewed-on: https://review.monogon.dev/c/monogon/+/1801\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "0e291a193cbfd0b169e749e7f28adc954a58f560", "tree": "01b7ad51279b9060c3c967a0061826d37dbfaf01", "parents": [ "4264b8c641109c05c4828b40cd2e01e686890903" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 01 12:22:45 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 13 13:03:53 2023 +0000" }, "message": "m/node: clean up DNS service\n\nThe primary change in here is that CoreDNS now only listens on the\nloopback interface by default.\nThis fixes #217 as it cannot be accessed from the outside anymore.\nSince the containers do not share the host network namespace, they can\nnow no longer access the DNS service. This is solved by introducing a\nnew Network Service API to add listener IPs and using a link-local IP,\n169.254.77.53 for the container DNS.\nWhile at it, I cleaned up various parts of the DNS code.\n\nChange-Id: Id7b618f62690032db335e8478b9de84410c210a1\nReviewed-on: https://review.monogon.dev/c/monogon/+/1759\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" } ], "next": "4264b8c641109c05c4828b40cd2e01e686890903" }