)]}' { "log": [ { "commit": "a4516f9887e43b774e49c22db93cdf289dc9cfb1", "tree": "8a0761a3480074b01d5584a1cd5c111a69f76594", "parents": [ "6e8f69c53a2c82f5a760ab2e8152218cc86f3430" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Dec 04 20:27:05 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Dec 04 20:27:05 2019 +0000" }, "message": "Add minimal functionality test for k8s control plane\n\nBasic functionality test that sends the bootstrap RPC call,\nwaits for the k8s control plane to come up and runs a simple\nkubectl command (that is expected to fail).\n\nAdds reflection to the server to make grpc_cli easier to use.\n\nTest Plan:\nRan `:launch` (because we modified its config) and `:test_boot`,\nsaw a nicely booted k8s cluster:\n\n{P90}\n\nX-Origin-Diff: phab/D275\nGitOrigin-RevId: fe01e3f3ed09877aa76c15946664c9d9bdc4751b\n" }, { "commit": "6e8f69c53a2c82f5a760ab2e8152218cc86f3430", "tree": "1556b56e0a0cdb5108c301dc88710b5b2d74ba1b", "parents": [ "b7a18fd9be7732e9ed9b29f33b7f545916da207b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 18 10:44:24 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 18 10:44:24 2019 +0100" }, "message": "Initial Kubernetes Control Plane\n\nThis adds a minimum viable Kubernetes Control Plane consisting of a\nkube-apiserver, kube-controller-manager and kube-scheduler. It contains\ntwo small CAs for Kubernetes Identity management based on shared\ncertificates and contains changes for exposing etcd via UNIX socket\nso that the apiserver can talk to it.\n\nTest Plan:\nTested by manually calling Setup() and observing subsequent logs and\nconnecting to the API server.\n\nBug: T485\n\nX-Origin-Diff: phab/D271\nGitOrigin-RevId: e56f3e50eb9d33ea291289faa1aac3bebdeb3346\n" }, { "commit": "049049626fe28957009c7957fba5e04bd928ae78", "tree": "7ffc478b5e0a44a50ff06a1ded7c031af2085d1e", "parents": [ "f79bfac498914c90395c577f4a2f70956d9a5c56" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 11 15:21:14 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 11 15:21:14 2019 +0100" }, "message": "Added kube-controlplane binary\n\nThis adds a custom binary which contains all Kubernetes control plane\ncomponents. This is necessary since every control plane binary by itself\nis around 130MiB and this combined one is only around 150MiB. This\ncan be cut in half to around 70MiB as soon as Kubernetes can be built\nproviderless by Bazel.\n\nI\u0027m not entirely happy with the integration, we may need gazelle\nexclusions and a plan to deal with go mod since it can\u0027t resolve the\ndependencies in a reasonable way.\n\nTest Plan: Manual test with kubectl (this by itself is not runnable)\n\nBug: T485\n\nX-Origin-Diff: phab/D256\nGitOrigin-RevId: d76702f2cd0d71463ff891e5a44eac7b66be07f0\n" }, { "commit": "f79bfac498914c90395c577f4a2f70956d9a5c56", "tree": "bf9eb32f936f07a6228262c7b7a2e2b145c1423f", "parents": [ "60a85b669e05f788bc63663568102a23c78d6195" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 18 11:16:39 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 18 11:16:39 2019 +0100" }, "message": "Increase test_boot timeout to 60s\n\nUnbreaks master ()\n\nTest Plan: N/A\n\nGitOrigin-RevId: 4b3eb37ba37ff93e86e1739ab662299d6a280b51\n" }, { "commit": "45333b68dd60942adc61a29f50b2c72420b792e3", "tree": "64d2997e5b7bf68d5bc7084b07a765ddf5c9aa58", "parents": [ "719362043a48b7d1575b53885c3e95dade55f0bf" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 11 15:26:27 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 11 15:26:27 2019 +0100" }, "message": "Enable network loopback interface\n\nAbsence of a properly enabled loopback interface caused weird\nbehavior in the Kubernetes control plane.\n\nTest Plan: Issues with kube-apiserver were no longer observed.\n\nX-Origin-Diff: phab/D257\nGitOrigin-RevId: 9b8a18a28463a29e85945587765f155de86f68b3\n" }, { "commit": "719362043a48b7d1575b53885c3e95dade55f0bf", "tree": "47d2be8211a290469db9e5b3c777dcd35c92d7d9", "parents": [ "399fe83ccccf616b5bc47c91693f86bce526f652" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 18 10:22:57 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 18 10:22:57 2019 +0100" }, "message": "Added fileargs helper package\n\nThis helps with working with commandline software that mostly takes its\nconfiguration from files.\nIt exposes a data-friendly interface and hides\nall the messy file operations.\n\nTest Plan: Has been tested with Kubernetes\n\nX-Origin-Diff: phab/D270\nGitOrigin-RevId: 432f61830679225be54de577c0c2282b0ac8c306\n" }, { "commit": "7670e67e72d6d4aaac174b91f4465a67479e1026", "tree": "e76d204e13a52816182f86599f22c6ce95eebeb6", "parents": [ "383d4bb84b7b5062b859f81db10e3f16bd427739" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 13:49:53 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 13:49:53 2019 +0100" }, "message": "Improve core/scripts:launch ergonomics\n\n- Disable qemu monitor multiplexing. We don\u0027t need the monitor for most\n debugging tasks, and disabling it means we can kill the VM using Ctrl-C.\n\n- Strip metacharacters and DOS newlines from qemu serial output.\n This makes logs easier to read in the CI, and prevents it from\n messing with terminal settings locally.\n\n- Copy swtpm_data to a temporary directory to ensure we never override\n the build inputs (which can happen in a local run without sandbox).\n\n Re-running the target no longer triggers rebuilds for swtpm_data.\n\n- Remove local tag from :launch - it works fine in the sandbox.\n\nTest Plan:\nRan the test multiple times, no rebuilds occurred:\n\n bazel test core/scripts:test_boot\n\nX-Origin-Diff: phab/D264\nGitOrigin-RevId: 70d52e8a4cf24747d18fbaffeddb6e30bcdf61da\n" }, { "commit": "383d4bb84b7b5062b859f81db10e3f16bd427739", "tree": "9430d87be1ea0716b4075d5d19a358c2e3630383", "parents": [ "68c58755e0a56e1b1c565d80f99056ec4948fbec" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 22:53:58 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 22:53:58 2019 +0100" }, "message": "Run \"bazel test //...\" in CI\n\nThis will build all buildable targets and test all testable targets.\n\nThe hardcoded Harbormaster rules have been removed in Phabricator.\n\nAdds a simple test for booting Smalltown.\n\nBUILD files that are injected into repositories have been renamed to\nBUILD.repo to ensure that Bazel does not recognize them as local BUILD\nfiles and attempt to build them.\n\nTest Plan: Covered by CI :)\n\nBug: T483\n\nX-Origin-Diff: phab/D262\nGitOrigin-RevId: 3512a5e13430001f4e6f91d21ac503564c8fb085\n" }, { "commit": "68c58755e0a56e1b1c565d80f99056ec4948fbec", "tree": "f122ab392769d33620077c65ddf0f0a3aed43d1c", "parents": [ "5ed291ea1833ffd07665b6194f7b6db2b7c1c4aa" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 21:00:59 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 21:00:59 2019 +0100" }, "message": "Improve documentation, remove dead code plus some minor refactorings\n\nThis improves our code-to-comments ratio by a lot.\n\nOn the refactorings:\n\n- Simplify the cluster join mode to just a single protobuf message -\n a node can either join an existing cluster or bootstrap a new one.\n All of the node-level setup like hostname and trust backend is done\n using the setup call, since those are identical for both cases.\n\n- We don\u0027t need a node name separate from the hostname. Ideally, we would\n get rid of IP addresses for etcd as well.\n\n- Google API design guidelines suggest the `List` term (vs. `Get`).\n\n- Add username to comments for consistency. I think the names provide\n useful context, but git blame is a thing. What do you think?\n\n- Fixed or silenced some ignored error checks in preparation of using\n an errcheck linter. Especially during early boot, many errors are\n obviously not recoverable, but logging them can provide useful debugging info.\n\n- Split up the common package into smaller subpackages.\n\n- Remove the audit package (this will be a separate service that probably\n uses it own database, rather than etcd).\n\n- Move storage constants to storage package.\n\n- Remove the unused KV type.\n\nI also added a bunch of TODO comments with discussion points.\nAdded both of you as blocking reviewers - please comment if I\nmisunderstood any of your code.\n\nTest Plan: Everything compiles and scripts:launch works (for whatever that\u0027s worth).\n\nX-Origin-Diff: phab/D235\nGitOrigin-RevId: 922fec5076e8d683e1138f26d2cb490de64a9777\n" }, { "commit": "a4ea9d03f1fb4248739392615967eaf07842e74b", "tree": "e2b8e2e3d9aa83ca7f650f2a0d972023869c1d3b", "parents": [ "e47ace84cb3e30375dcb4236c17ee9710a77a6ad" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 31 11:40:30 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 31 11:40:30 2019 +0100" }, "message": "Added bootstrap CA\n\nThis adds a self-contained CA for bootstrapping and securing etcd\nusing certificates of infinite duration and a CRL for near-instant\nrevocation.\n\nThe bootstrapping problem is addressed by first\ngenerating the CA and issuing initial certificates and then\ninjecting them once the consensus system is up and running.\nAll files are also kept on the encrypted persistent data store to\nprevent the same bootstrapping problem when the node is already\ninitialized. The CRL is synchronized using a sync loop on every\nnode running the consensus service and distributed inside that.\n\nThe CA uses Ed25519-based cryptography and identifies the\nhosts by their external hostname.\n\nTest Plan:\nInitial bootstrapping manually tested on a single node using a\nmanual gRPC call for Setup() and openssl s_client for connecting\nto etcd.\n\nX-Origin-Diff: phab/D233\nGitOrigin-RevId: bd67818b5b649b13e0c098e480059ef990826542\n" }, { "commit": "654930736a90fb7f2dadf280dc9044d8e57bce06", "tree": "55fbb824cb781fac42c9924b2883b63cf97b91ef", "parents": [ "5f1d05f7ad386d6832a5230c78f6c155659a32e9" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 13:40:44 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 13:40:44 2019 +0000" }, "message": "Use flag package for mkimage command line parsing\n\nTest Plan: Covered by CI\n\nX-Origin-Diff: phab/D248\nGitOrigin-RevId: 3b59e11885c78e8321d8a44b22e67d85268b5765\n" }, { "commit": "5f1d05f7ad386d6832a5230c78f6c155659a32e9", "tree": "b37adaa75a67eb544deaea512c0fd829747836a0", "parents": [ "4d39d37035c5e46274183f36221c2e50f99bb411" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 13:58:40 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 13:58:40 2019 +0000" }, "message": "Split up linux_kernel build folder to separate repo changes\n\nThis separates the kernel build steps (that happen in our main repo)\nand the things we inject into @linux_kernel.\n\nTest Plan: Covered by CI\n\nX-Origin-Diff: phab/D249\nGitOrigin-RevId: 98982d005ba582f9f08783915ee0603ff8634f55\n" }, { "commit": "0bcaaee19dc2338751705a83126cec40a1b8a2e8", "tree": "00b3015ea5085c7a66aa8f27cd71e750a8745bf2", "parents": [ "f08704a6a47e9a0cdbf7b9173c24f2f8eca581d5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Wed Nov 06 12:42:39 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Wed Nov 06 12:42:39 2019 +0100" }, "message": "Build core with separate initramfs\n\nBuild the initramfs separately and include it via mkimage. Also includes\na patch to the kernel which adds support for hardcoded cmdline\nto the Linux efistub.\n\nThis lowers build times by a lot, for normal changes they are now\nbelow 5s\n\nTest Plan: Ran `bazel run //core/scripts:launch`\n\nX-Origin-Diff: phab/D245\nGitOrigin-RevId: 206c7c5c979c10ffd25c36dfefd8b9290a6a3f43\n" }, { "commit": "f08704a6a47e9a0cdbf7b9173c24f2f8eca581d5", "tree": "89aaa4d65404fd5c2d36bab78faf7fa658fd1ad5", "parents": [ "052af2dce813dba9f74ffc05ffd760e60a37c23b" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 12:34:53 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 12:34:53 2019 +0000" }, "message": "Dynamic \"make -j\" parameter\n\nThis obviously interferes with Bazel\u0027s own scheduler, but these are\nour only compute-intensive compilation tasks, anyway.\n\nFixes T522\n\nTest Plan:\n{F16451}\n\n(fun fact: that EPYC 7401P wasn\u0027t faster than the 3900X)\n\nBug: T522\n\nX-Origin-Diff: phab/D236\nGitOrigin-RevId: 8735ece9eea6ed2cd38fda8823a674d0298b6dbc\n" }, { "commit": "6c39ea1355bf2853abdbd2f69a7eece222c44b78", "tree": "a0377ac95e3036fb06886c1b9be504faf4773850", "parents": [ "3e6018fcf0645da7876eec06d1604438bea0550e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 04 11:39:42 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 04 11:39:42 2019 +0100" }, "message": "Added Kubernetes to build system\n\nThis adds Kubernetes and its dependencies to the WORKSPACE. A small patch\nis needed to make this compatible with Bazel 1.0+ since they still use\n0.23.\n\nTest Plan:\n`bazel test @kubernetes//pkg/...` (:warning: slow)\nThere is one single test failure with OpenAPI, but I\u0027m not yet sure if it\nis actually meaningful since the individual tests of the OpenAPI generated\ncode pass just fine.\n\n`bazel build @kubernetes//cmd/kube-controller-manager @kubernetes//cmd/kube-scheduler @kubernetes//cmd/kube-apiserver`\nAll three required binaries for the control plane build just fine\n\nX-Origin-Diff: phab/D237\nGitOrigin-RevId: 1c0708272636fb68ca6ced6666f885344bb81a7c\n" }, { "commit": "0d7c91e331022831a974c2e34d32bb5b89ddc89c", "tree": "5b822873c015053f4b697d60c33fa3b1ef9a3a4b", "parents": [ "043daa57020dd36e074488dcb432114a548a3d2a" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "message": "Implement monorepo layout\n\nImplemented the nexantic monorepo.\n\nSmalltown code was moved to `core`. From now on all code will live in top level directories named after the projects with the exception for general purpose libraries which should go to `\u003clang\u003elibs`.\n\nGeneral build and utility folders are underscore prefixed.\n\nThe repo name will from now on be rNXT (nexantic). I think this change makes sense since components in this repo will not all be part of Smalltown, the Smalltown brand has been claimed by Signon GmbH so we need to change it anyway and the longer we wait the harder it will be to change/move it.\n\nTest Plan: Launched Smalltown using `./scripts/bin/bazel run //core/scripts:launch`\n\nX-Origin-Diff: phab/D210\nGitOrigin-RevId: fa5a7f08143d2ead2cb7206b4c63ab641794162c\n" } ] }