localstorage

package
v0.0.0-...-8d377ce Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNoSealed               = errors.New("no sealed configuration exists")
	ErrSealedUnavailable      = errors.New("sealed configuration temporary unavailable")
	ErrSealedCorrupted        = errors.New("sealed configuration corrupted")
	ErrNoParameters           = errors.New("no parameters found")
	ErrParametersCorrupted    = errors.New("parameters corrupted")
	ErrNoDirectory            = errors.New("no cluster directory found")
	ErrDirectoryCorrupted     = errors.New("cluster directory corrupted")
	ErrNetworkConfigCorrupted = errors.New("network configuration corrupted")
)

Functions

This section is empty.

Types

type CertificateTemplateNamer 

type CertificateTemplateNamer func(pubkey []byte) x509.Certificate

type DataDirectory 

type DataDirectory struct {
	declarative.Directory

	Containerd declarative.Directory   `dir:"containerd"`
	Etcd       DataEtcdDirectory       `dir:"etcd"`
	Kubernetes DataKubernetesDirectory `dir:"kubernetes"`
	Node       DataNodeDirectory       `dir:"node"`
	Volumes    DataVolumesDirectory    `dir:"volumes"`
	// contains filtered or unexported fields
}

DataDirectory is an xfs partition mounted via cryptsetup/LUKS, with a key derived from {global,local}Unlock keys.

func (*DataDirectory) MountExisting 

func (d *DataDirectory) MountExisting(config *ppb.SealedConfiguration, clusterUnlockKey []byte) error

MountExisting mounts the node data partition with the given cluster unlock key. It automatically unseals the node unlock key from the TPM.

func (*DataDirectory) MountNew 

func (d *DataDirectory) MountNew(config *ppb.SealedConfiguration, security cpb.NodeStorageSecurity) ([]byte, error)

MountNew initializes the node data partition and returns the cluster unlock key. It seals the local portion into the TPM. This is a potentially slow operation since it touches the whole partition.

type DataEtcdDirectory 

type DataEtcdDirectory struct {
	declarative.Directory
	PeerPKI PKIDirectory          `dir:"peer_pki"`
	PeerCRL declarative.File      `file:"peer_crl"`
	Data    declarative.Directory `dir:"data"`
}

type DataKubernetesCSIProvisionerDirectory 

type DataKubernetesCSIProvisionerDirectory struct {
	declarative.Directory
	PKI PKIDirectory `dir:"pki"`
}

type DataKubernetesClusterNetworkingDirectory 

type DataKubernetesClusterNetworkingDirectory struct {
	declarative.Directory
	Key declarative.File `file:"private.key"`
}

type DataKubernetesDirectory 

type DataKubernetesDirectory struct {
	declarative.Directory
	ClusterNetworking DataKubernetesClusterNetworkingDirectory `dir:"clusternet"`
	CSIProvisioner    DataKubernetesCSIProvisionerDirectory    `dir:"csiprovisioner"`
	Netservices       DataKubernetesNetservicesDirectory       `dir:"netservices"`
	Kubelet           DataKubernetesKubeletDirectory           `dir:"kubelet"`
}

type DataKubernetesKubeletDirectory 

type DataKubernetesKubeletDirectory struct {
	declarative.Directory
	PKI PKIDirectory `dir:"pki"`

	DevicePlugins struct {
		declarative.Directory
		// Used by Kubelet, hardcoded relative to
		// DataKubernetesKubeletDirectory
		Kubelet declarative.File `file:"kubelet.sock"`
	} `dir:"device-plugins"`

	// Pod logs, hardcoded to /data/kubelet/logs in
	// @com_github_kubernetes//pkg/kubelet/kuberuntime:kuberuntime_manager.go
	Logs declarative.Directory `dir:"logs"`

	Plugins struct {
		declarative.Directory
		VFS declarative.File `file:"dev.monogon.metropolis.vfs.sock"`
		KVM declarative.File `file:"devices.monogon.dev_kvm.sock"`
	} `dir:"plugins"`

	PluginsRegistry struct {
		declarative.Directory
		VFSReg declarative.File `file:"dev.monogon.metropolis.vfs-reg.sock"`
		KVMReg declarative.File `file:"devices.monogon.dev_kvm-reg.sock"`
	} `dir:"plugins_registry"`
}

type DataKubernetesNetservicesDirectory 

type DataKubernetesNetservicesDirectory struct {
	declarative.Directory
	PKI PKIDirectory `dir:"pki"`
}

type DataNodeDirectory 

type DataNodeDirectory struct {
	declarative.Directory
	Credentials    PKIDirectory     `dir:"credentials"`
	PersistedRoles declarative.File `file:"roles.pb"`
}

type DataVolumesDirectory 

type DataVolumesDirectory struct {
	declarative.Directory
}

type ESPBootDirectory 

type ESPBootDirectory struct {
	declarative.Directory
}

type ESPClusterDirectory 

type ESPClusterDirectory struct {
	declarative.File
}

ESPClusterDirectory is a serialized common.ClusterDirectory protobuf. It contains a list of endpoints a registered node might connect to when joining a cluster.

func (*ESPClusterDirectory) Unmarshal 

func (e *ESPClusterDirectory) Unmarshal() (*cpb.ClusterDirectory, error)

type ESPDirectory 

type ESPDirectory struct {
	declarative.Directory
	Metropolis ESPMetropolisDirectory `dir:"metropolis"`
	EFI        ESPEFIDirectory        `dir:"ESP"`
}

ESPDirectory is the EFI System Partition. It is a cleartext partition available to the system at early boot, and must contain all data required for the system to bootstrap, register into, or join a cluster.

type ESPEFIDirectory 

type ESPEFIDirectory struct {
	declarative.Directory
	Boot       ESPBootDirectory          `dir:"BOOT"`
	Metropolis ESPEFIMetropolisDirectory `dir:"metropolis"`
}

type ESPEFIMetropolisDirectory 

type ESPEFIMetropolisDirectory struct {
	declarative.Directory
	BootA declarative.File `file:"boot-a.efi"`
	BootB declarative.File `file:"boot-b.efi"`
}

type ESPMetropolisDirectory 

type ESPMetropolisDirectory struct {
	declarative.Directory
	SealedConfiguration  ESPSealedConfiguration  `file:"sealed_configuration.pb"`
	NodeParameters       ESPNodeParameters       `file:"parameters.pb"`
	ClusterDirectory     ESPClusterDirectory     `file:"cluster_directory.pb"`
	NetworkConfiguration ESPNetworkConfiguration `file:"network_configuration.pb"`
}

ESPMetropolisDirectory is the directory inside the EFI System Partition where Metropolis-related data is stored that's not read by EFI itself like bootstrap-related data.

type ESPNetworkConfiguration 

type ESPNetworkConfiguration struct {
	declarative.File
}

ESPNetworkConfiguration is a serialized net.Net protobuf. If present, it disables automatic network configuration and uses the given configuration to enable network connectivity.

func (*ESPNetworkConfiguration) Marshal 

func (e *ESPNetworkConfiguration) Marshal(n *npb.Net) error

func (*ESPNetworkConfiguration) Unmarshal 

func (e *ESPNetworkConfiguration) Unmarshal() (*npb.Net, error)

type ESPNodeParameters 

type ESPNodeParameters struct {
	declarative.File
}

ESPNodeParameters is the configuration for this node when first bootstrapping a cluster or registering into an existing one. It's a api.NodeParameters protobuf message.

func (*ESPNodeParameters) Unmarshal 

func (e *ESPNodeParameters) Unmarshal() (*apb.NodeParameters, error)

type ESPSealedConfiguration 

type ESPSealedConfiguration struct {
	declarative.File
}

ESPSealedConfiguration is a TPM sealed serialized private.SealedConfiguration protobuf. It contains all data required for a node to be able to join a cluster after startup.

func (*ESPSealedConfiguration) SealSecureBoot 

func (e *ESPSealedConfiguration) SealSecureBoot(c *ppb.SealedConfiguration, tpmUsage cpb.NodeTPMUsage) error

func (*ESPSealedConfiguration) Unseal 

func (e *ESPSealedConfiguration) Unseal(tpmUsage cpb.NodeTPMUsage) (*ppb.SealedConfiguration, error)

type EphemeralConsensusDirectory 

type EphemeralConsensusDirectory struct {
	declarative.Directory
	ClientSocket   declarative.File `file:"client.sock"`
	ServerLogsFIFO declarative.File `file:"server-logs.fifo"`
}

type EphemeralContainerdDirectory 

type EphemeralContainerdDirectory struct {
	declarative.Directory
	ClientSocket  declarative.File      `file:"client.sock"`
	RunSCLogsFIFO declarative.File      `file:"runsc-logs.fifo"`
	Tmp           declarative.Directory `dir:"tmp"`
	RunSC         declarative.Directory `dir:"runsc"`
	IPAM          declarative.Directory `dir:"ipam"`
	CNI           declarative.Directory `dir:"cni"`
	CNICache      declarative.Directory `dir:"cni-cache"` // Hardcoded @com_github_containernetworking_cni via patch
}

type EphemeralDirectory 

type EphemeralDirectory struct {
	declarative.Directory
	Consensus         EphemeralConsensusDirectory  `dir:"consensus"`
	Containerd        EphemeralContainerdDirectory `dir:"containerd"`
	FlexvolumePlugins declarative.Directory        `dir:"flexvolume_plugins"`
	Hosts             declarative.File             `file:"hosts"`
	MachineID         declarative.File             `file:"machine-id"`
}

type EtcDirectory 

type EtcDirectory struct {
	declarative.Directory
	// Symlinked to /ephemeral/hosts, baked into the erofs system image
	Hosts declarative.File `file:"hosts"`
	// Symlinked to /ephemeral/machine-id, baked into the erofs system image
	MachineID declarative.File `file:"machine-id"`
}

type PKIDirectory 

type PKIDirectory struct {
	declarative.Directory
	CACertificate declarative.File `file:"ca.pem"`
	Certificate   declarative.File `file:"cert.pem"`
	Key           declarative.File `file:"cert-key.pem"`
}

func (*PKIDirectory) AllAbsent 

func (p *PKIDirectory) AllAbsent() (bool, error)

AllAbsent returns true if all PKI files (cert, key, CA cert) are missing from the backing store.

func (*PKIDirectory) AllExist 

func (p *PKIDirectory) AllExist() (bool, error)

AllExist returns true if all PKI files (cert, key, CA cert) are present on the backing store.

func (*PKIDirectory) GeneratePrivateKey 

func (p *PKIDirectory) GeneratePrivateKey() error

GeneratePrivateKey will generate an ED25519 private key for this PKIDirectory if it doesn't yet exist.

func (*PKIDirectory) ReadAll 

func (p *PKIDirectory) ReadAll() (ca, cert *x509.Certificate, key ed25519.PrivateKey, err error)

ReadAll reads and parses (PEM + PKCS8/X509) the stored certificates and key of this PKIDirectory.

func (*PKIDirectory) ReadCertificates 

func (p *PKIDirectory) ReadCertificates() (ca, cert *x509.Certificate, err error)

ReadCertificates reads and parses (PEM + X509) the certificates from a PKIDirectory.

func (*PKIDirectory) ReadPrivateKey 

func (p *PKIDirectory) ReadPrivateKey() (ed25519.PrivateKey, error)

ReadPrivateKey loads an ED25519 private key from the PKIDirectory and deserializes it (PEM + PKCS).

func (*PKIDirectory) WriteAll 

func (p *PKIDirectory) WriteAll(cert []byte, key ed25519.PrivateKey, ca []byte) error

WriteAll (over)writes the PKI data in this directory with the given private key, certificate and CA certificate.

For ease of use, the accepted certificates are expected to already be in DER-encoded form (eg. from the Raw field in a x509.Certificate).

func (*PKIDirectory) WriteCertificates 

func (p *PKIDirectory) WriteCertificates(ca, cert []byte) error

WriteCertificates serializes (PEM) and saves the given certificates into the PKIDirectory, overwriting whatever might already be present there.

For ease of use, the accepted certificates are expected to already be in DER-encoded form (eg. from the Raw field in a x509.Certificate).

func (*PKIDirectory) WritePrivateKey 

func (p *PKIDirectory) WritePrivateKey(key ed25519.PrivateKey) error

WritePrivateKey serializes the given private key (PKCS8 + PEM) and writes it to the PKIDirectory, overwriting whatever might already be present there.

type Root 

type Root struct {
	declarative.Directory
	// UEFI ESP partition, mounted from plaintext storage.
	ESP ESPDirectory `dir:"esp"`
	// Persistent Data partition, mounted from encrypted and authenticated storage.
	Data DataDirectory `dir:"data"`
	// FHS-standard /etc directory, containes /etc/hosts, /etc/machine-id, and
	// other compatibility files.
	Etc EtcDirectory `dir:"etc"`
	// Ephemeral data, used by runtime, stored in tmpfs. Things like sockets,
	// temporary config files, etc.
	Ephemeral EphemeralDirectory `dir:"ephemeral"`
	// FHS-standard /tmp directory, used by os.MkdirTemp.
	Tmp TmpDirectory `dir:"tmp"`
	// FHS-standard /run directory. Used by various services.
	Run RunDirectory `dir:"run"`
}

func (*Root) Start 

func (r *Root) Start(ctx context.Context, updateSvc *update.Service) error

type RunDirectory 

type RunDirectory struct {
	declarative.Directory
	// Hardcoded in @com_github_containerd_containerd//pkg/process:utils.go and
	// @com_github_containerd_containerd//runtime/v2/shim:util_unix.go
	Containerd declarative.Directory `dir:"containerd"`
}

type TmpDirectory 

type TmpDirectory struct {
	declarative.Directory
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.