mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-08-26 17:11:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor(initramfs): rename rotd to trustd (#148)

Browse Source
This commit is contained in:
Andrew Rynhard 2018-08-30 07:45:15 -07:00 committed by GitHub
parent 80b5e3631a
commit b370ce043e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 114 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/image/.conform.yaml
View File

@ -65,6 +65,6 @@ tasks:
COPY --from=dianemo/kernel:{{ .Docker.Image.Tag }} /tmp/lib/modules /generated/rootfs/lib/modules
COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/osd /generated/rootfs/bin/osd
COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/proxyd /generated/rootfs/bin/proxyd
COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/rotd /generated/rootfs/bin/rotd
COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/trustd /generated/rootfs/bin/trustd
COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/init /generated/rootfs/bin/init
RUN {{if .Git.IsClean}}XZ_OPT=-9e{{else}}XZ_OPT=-0{{end}} tar -cvpJf /generated/rootfs.tar.xz -C /generated/rootfs .

50
src/initramfs/.conform.yaml
View File

@ -15,20 +15,20 @@ stages:
destination: ../../build/osctl-darwin-amd64
tasks:
- src
- osd
- proxyd
- rotd
- osctl
- init
- test
- initramfs
- trustd
- proxyd
- osd
- osctl
- test
- image
generate:
artifacts:
- source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/osd/proto
destination: ./cmd/osd
- source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto
destination: ./cmd/rotd
- source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto
destination: ./cmd/trustd
tasks:
- proto
tasks:
@ -36,13 +36,13 @@ tasks:
template: |
FROM scratch
WORKDIR /tmp
COPY --from=src /osctl-linux-amd64 osctl-linux-amd64
COPY --from=src /osctl-darwin-amd64 osctl-darwin-amd64
COPY --from=src /osd osd
COPY --from=src /proxyd proxyd
COPY --from=src /rotd rotd
COPY --from=src /initramfs/init init
COPY --from=src /initramfs/initramfs.xz initramfs.xz
COPY --from=src /trustd trustd
COPY --from=src /proxyd proxyd
COPY --from=src /osd osd
COPY --from=src /osctl-linux-amd64 osctl-linux-amd64
COPY --from=src /osctl-darwin-amd64 osctl-darwin-amd64
CMD false
init:
template: |
@ -107,27 +107,22 @@ tasks:
WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/osd
COPY ./cmd/osd/proto ./proto
RUN protoc -I/usr/local/include -I./proto --go_out=plugins=grpc:proto proto/api.proto
WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/rotd
COPY ./cmd/rotd/proto ./proto
WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/trustd
COPY ./cmd/trustd/proto ./proto
RUN protoc -I/usr/local/include -I./proto --go_out=plugins=grpc:proto proto/api.proto
proxyd:
template: |
WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }}
{{ if and .Git.IsClean .Git.IsTag }}
RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \
-ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=ProxyD -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \
-ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Proxyd -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \
-o /{{ .Docker.CurrentStage }}
{{ else }}
RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \
-ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=ProxyD -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \
-ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Proxyd -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \
-o /{{ .Docker.CurrentStage }}
{{ end }}
RUN chmod +x /{{ .Docker.CurrentStage }}
rotd:
template: |
WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }}
RUN CGO_ENABLED=0 go build -a -ldflags "-s -w" -o /{{ .Docker.CurrentStage }}
RUN chmod +x /{{ .Docker.CurrentStage }}
src:
template: |
FROM dianemo/tools:{{ .Docker.Image.Tag }} AS {{ .Docker.CurrentStage }}
@ -147,3 +142,16 @@ tasks:
RUN chmod +x ./hack/test.sh
RUN ./hack/test.sh --lint ./hack/golangci-lint.yaml
RUN ./hack/test.sh --unit
trustd:
template: |
WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }}
{{ if and .Git.IsClean .Git.IsTag }}
RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \
-ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Trustd -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \
-o /{{ .Docker.CurrentStage }}
{{ else }}
RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \
-ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Trustd -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \
-o /{{ .Docker.CurrentStage }}
{{ end }}
RUN chmod +x /{{ .Docker.CurrentStage }}

4
src/initramfs/cmd/init/main.go
View File

@ -110,8 +110,8 @@ func root() (err error) {
log.Println("starting OS services")
services.Start(&service.OSD{})
if data.Services.Kubeadm.Init != nil {
services.Start(&service.ROTD{})
services.Start(&service.ProxyD{})
services.Start(&service.Trustd{})
services.Start(&service.Proxyd{})
}
// Start the services essential to running Kubernetes.

10
src/initramfs/cmd/init/pkg/service/kubeadm.go
View File

@ -15,7 +15,7 @@ import (
"github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants"
"github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions"
"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto"
"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto"
"github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509"
"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/middleware/auth/basic"
"github.com/autonomy/dianemo/src/initramfs/pkg/net"
@ -90,8 +90,8 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) {
creds := basic.NewCredentials(
data.Security.OS.CA.Crt,
data.Services.ROTD.Username,
data.Services.ROTD.Password,
data.Services.Trustd.Username,
data.Services.Trustd.Password,
)
var conn *grpc.ClientConn
@ -107,7 +107,7 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) {
if err != nil {
return
}
client := proto.NewROTDClient(conn)
client := proto.NewTrustdClient(conn)
files := []string{
"/etc/kubernetes/pki/ca.crt",
@ -248,7 +248,7 @@ func parse(data userdata.UserData) ([]byte, error) {
return buf.Bytes(), err
}
func writeFiles(client proto.ROTDClient, files []string) (err error) {
func writeFiles(client proto.TrustdClient, files []string) (err error) {
errChan := make(chan error)
doneChan := make(chan bool)
ctx, cancelFunc := context.WithTimeout(context.Background(), 5*time.Minute)

16
src/initramfs/cmd/init/pkg/service/proxyd.go
View File

@ -6,22 +6,22 @@ import (
"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
)
// ProxyD implements the Service interface. It serves as the concrete type with
// Proxyd implements the Service interface. It serves as the concrete type with
// the required methods.
type ProxyD struct{}
type Proxyd struct{}
// Pre implements the Service interface.
func (p *ProxyD) Pre(data userdata.UserData) error {
func (p *Proxyd) Pre(data userdata.UserData) error {
return nil
}
// Post implements the Service interface.
func (p *ProxyD) Post(data userdata.UserData) (err error) {
func (p *Proxyd) Post(data userdata.UserData) (err error) {
return nil
}
// Cmd implements the Service interface.
func (p *ProxyD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
func (p *Proxyd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
cmdArgs.Name = "proxyd"
cmdArgs.Path = "/bin/proxyd"
cmdArgs.Args = []string{}
@ -30,12 +30,12 @@ func (p *ProxyD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
}
// Condition implements the Service interface.
func (p *ProxyD) Condition(data userdata.UserData) func() (bool, error) {
func (p *Proxyd) Condition(data userdata.UserData) func() (bool, error) {
return conditions.WaitForFileExists("/etc/kubernetes/admin.conf")
}
// Env implements the Service interface.
func (p *ProxyD) Env() []string { return []string{} }
func (p *Proxyd) Env() []string { return []string{} }
// Type implements the Service interface.
func (p *ProxyD) Type() Type { return Forever }
func (p *Proxyd) Type() Type { return Forever }

20
src/initramfs/cmd/init/pkg/service/rotd.go
View File

@ -7,24 +7,24 @@ import (
"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
)
// ROTD implements the Service interface. It serves as the concrete type with
// Trustd implements the Service interface. It serves as the concrete type with
// the required methods.
type ROTD struct{}
type Trustd struct{}
// Pre implements the Service interface.
func (p *ROTD) Pre(data userdata.UserData) error {
func (p *Trustd) Pre(data userdata.UserData) error {
return nil
}
// Post implements the Service interface.
func (p *ROTD) Post(data userdata.UserData) (err error) {
func (p *Trustd) Post(data userdata.UserData) (err error) {
return nil
}
// Cmd implements the Service interface.
func (p *ROTD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
cmdArgs.Name = "rotd"
cmdArgs.Path = "/bin/rotd"
func (p *Trustd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
cmdArgs.Name = "trustd"
cmdArgs.Path = "/bin/trustd"
cmdArgs.Args = []string{
"--port=50001",
"--userdata=" + constants.UserDataPath,
@ -34,12 +34,12 @@ func (p *ROTD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
}
// Condition implements the Service interface.
func (p *ROTD) Condition(data userdata.UserData) func() (bool, error) {
func (p *Trustd) Condition(data userdata.UserData) func() (bool, error) {
return conditions.None()
}
// Env implements the Service interface.
func (p *ROTD) Env() []string { return []string{} }
func (p *Trustd) Env() []string { return []string{} }
// Type implements the Service interface.
func (p *ROTD) Type() Type { return Forever }
func (p *Trustd) Type() Type { return Forever }

8
src/initramfs/cmd/osd/main.go
View File

@ -39,20 +39,20 @@ func main() {
}
if *generate {
if len(data.Services.ROTD.Endpoints) == 0 {
if len(data.Services.Trustd.Endpoints) == 0 {
log.Fatalf("at least one root of trust endpoint is required")
}
creds := basic.NewCredentials(
data.Security.OS.CA.Crt,
data.Services.ROTD.Username,
data.Services.ROTD.Password,
data.Services.Trustd.Username,
data.Services.Trustd.Password,
)
// TODO: In the case of failure, attempt to generate the identity from
// another RoT.
var conn *grpc.ClientConn
conn, err = basic.NewConnection(data.Services.ROTD.Endpoints[0], *rotPort, creds)
conn, err = basic.NewConnection(data.Services.Trustd.Endpoints[0], *rotPort, creds)
if err != nil {
return
}

8
src/initramfs/cmd/osd/pkg/gen/gen.go
View File

@ -9,7 +9,7 @@ import (
stdlibnet "net"
"time"
"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto"
"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto"
"github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509"
"github.com/autonomy/dianemo/src/initramfs/pkg/net"
"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
@ -18,19 +18,19 @@ import (
// Generator represents the OS identity generator.
type Generator struct {
client proto.ROTDClient
client proto.TrustdClient
}
// NewGenerator initializes a Generator with a preconfigured grpc.ClientConn.
func NewGenerator(conn *grpc.ClientConn) (g *Generator) {
client := proto.NewROTDClient(conn)
client := proto.NewTrustdClient(conn)
return &Generator{
client: client,
}
}
// Certificate implements the proto.ROTDClient interface.
// Certificate implements the proto.TrustdClient interface.
func (g *Generator) Certificate(in *proto.CertificateRequest) (resp *proto.CertificateResponse, err error) {
ctx := context.Background()
resp, err = g.client.Certificate(ctx, in)

6
src/initramfs/cmd/rotd/main.go → src/initramfs/cmd/trustd/main.go
View File

@ -4,7 +4,7 @@ import (
"flag"
"log"
"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/pkg/reg"
"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/pkg/reg"
"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/factory"
"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/middleware/auth/basic"
"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/tls"
@ -40,8 +40,8 @@ func main() {
creds := basic.NewCredentials(
data.Security.OS.CA.Crt,
data.Services.ROTD.Username,
data.Services.ROTD.Password,
data.Services.Trustd.Username,
data.Services.Trustd.Password,
)
err = factory.Listen(

10
src/initramfs/cmd/rotd/pkg/reg/reg.go → src/initramfs/cmd/trustd/pkg/reg/reg.go
View File

@ -11,24 +11,24 @@ import (
"path"
"time"
"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto"
"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto"
"github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509"
"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
"google.golang.org/grpc"
)
// Registrator is the concrete type that implements the factory.Registrator and
// proto.ROTDServer interfaces.
// proto.TrustdServer interfaces.
type Registrator struct {
Data *userdata.OSSecurity
}
// Register implements the factory.Registrator interface.
func (r *Registrator) Register(s *grpc.Server) {
proto.RegisterROTDServer(s, r)
proto.RegisterTrustdServer(s, r)
}
// Certificate implements the proto.ROTDServer interface.
// Certificate implements the proto.TrustdServer interface.
func (r *Registrator) Certificate(ctx context.Context, in *proto.CertificateRequest) (resp *proto.CertificateResponse, err error) {
// TODO: Verify that the request is coming from the IP addresss declared in
// the CSR.
@ -44,7 +44,7 @@ func (r *Registrator) Certificate(ctx context.Context, in *proto.CertificateRequ
return resp, nil
}
// WriteFile implements the proto.ROTDServer interface.
// WriteFile implements the proto.TrustdServer interface.
func (r *Registrator) WriteFile(ctx context.Context, in *proto.WriteFileRequest) (resp *proto.WriteFileResponse, err error) {
if err = os.MkdirAll(path.Dir(in.Path), os.ModeDir); err != nil {
return

76
src/initramfs/cmd/rotd/proto/api.pb.go → src/initramfs/cmd/trustd/proto/api.pb.go
View File

@ -35,7 +35,7 @@ func (m *CertificateRequest) Reset() { *m = CertificateRequest{} }
func (m *CertificateRequest) String() string { return proto.CompactTextString(m) }
func (*CertificateRequest) ProtoMessage() {}
func (*CertificateRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_api_92247eb635a417db, []int{0}
return fileDescriptor_api_6d48f67e45b68bdd, []int{0}
}
func (m *CertificateRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_CertificateRequest.Unmarshal(m, b)
@ -74,7 +74,7 @@ func (m *CertificateResponse) Reset() { *m = CertificateResponse{} }
func (m *CertificateResponse) String() string { return proto.CompactTextString(m) }
func (*CertificateResponse) ProtoMessage() {}
func (*CertificateResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_api_92247eb635a417db, []int{1}
return fileDescriptor_api_6d48f67e45b68bdd, []int{1}
}
func (m *CertificateResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_CertificateResponse.Unmarshal(m, b)
@ -115,7 +115,7 @@ func (m *WriteFileRequest) Reset() { *m = WriteFileRequest{} }
func (m *WriteFileRequest) String() string { return proto.CompactTextString(m) }
func (*WriteFileRequest) ProtoMessage() {}
func (*WriteFileRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_api_92247eb635a417db, []int{2}
return fileDescriptor_api_6d48f67e45b68bdd, []int{2}
}
func (m *WriteFileRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_WriteFileRequest.Unmarshal(m, b)
@ -167,7 +167,7 @@ func (m *WriteFileResponse) Reset() { *m = WriteFileResponse{} }
func (m *WriteFileResponse) String() string { return proto.CompactTextString(m) }
func (*WriteFileResponse) ProtoMessage() {}
func (*WriteFileResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_api_92247eb635a417db, []int{3}
return fileDescriptor_api_6d48f67e45b68bdd, []int{3}
}
func (m *WriteFileResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_WriteFileResponse.Unmarshal(m, b)
@ -202,107 +202,107 @@ var _ grpc.ClientConn
// is compatible with the grpc package it is being compiled against.
const _ = grpc.SupportPackageIsVersion4
// ROTDClient is the client API for ROTD service.
// TrustdClient is the client API for Trustd service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type ROTDClient interface {
type TrustdClient interface {
Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error)
WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error)
}
type rOTDClient struct {
type trustdClient struct {
cc *grpc.ClientConn
}
func NewROTDClient(cc *grpc.ClientConn) ROTDClient {
return &rOTDClient{cc}
func NewTrustdClient(cc *grpc.ClientConn) TrustdClient {
return &trustdClient{cc}
}
func (c *rOTDClient) Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) {
func (c *trustdClient) Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) {
out := new(CertificateResponse)
err := c.cc.Invoke(ctx, "/proto.ROTD/Certificate", in, out, opts...)
err := c.cc.Invoke(ctx, "/proto.Trustd/Certificate", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *rOTDClient) WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error) {
func (c *trustdClient) WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error) {
out := new(WriteFileResponse)
err := c.cc.Invoke(ctx, "/proto.ROTD/WriteFile", in, out, opts...)
err := c.cc.Invoke(ctx, "/proto.Trustd/WriteFile", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// ROTDServer is the server API for ROTD service.
type ROTDServer interface {
// TrustdServer is the server API for Trustd service.
type TrustdServer interface {
Certificate(context.Context, *CertificateRequest) (*CertificateResponse, error)
WriteFile(context.Context, *WriteFileRequest) (*WriteFileResponse, error)
}
func RegisterROTDServer(s *grpc.Server, srv ROTDServer) {
s.RegisterService(&_ROTD_serviceDesc, srv)
func RegisterTrustdServer(s *grpc.Server, srv TrustdServer) {
s.RegisterService(&_Trustd_serviceDesc, srv)
}
func _ROTD_Certificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
func _Trustd_Certificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CertificateRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ROTDServer).Certificate(ctx, in)
return srv.(TrustdServer).Certificate(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/proto.ROTD/Certificate",
FullMethod: "/proto.Trustd/Certificate",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ROTDServer).Certificate(ctx, req.(*CertificateRequest))
return srv.(TrustdServer).Certificate(ctx, req.(*CertificateRequest))
}
return interceptor(ctx, in, info, handler)
}
func _ROTD_WriteFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
func _Trustd_WriteFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(WriteFileRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ROTDServer).WriteFile(ctx, in)
return srv.(TrustdServer).WriteFile(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/proto.ROTD/WriteFile",
FullMethod: "/proto.Trustd/WriteFile",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ROTDServer).WriteFile(ctx, req.(*WriteFileRequest))
return srv.(TrustdServer).WriteFile(ctx, req.(*WriteFileRequest))
}
return interceptor(ctx, in, info, handler)
}
var _ROTD_serviceDesc = grpc.ServiceDesc{
ServiceName: "proto.ROTD",
HandlerType: (*ROTDServer)(nil),
var _Trustd_serviceDesc = grpc.ServiceDesc{
ServiceName: "proto.Trustd",
HandlerType: (*TrustdServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Certificate",
Handler: _ROTD_Certificate_Handler,
Handler: _Trustd_Certificate_Handler,
},
{
MethodName: "WriteFile",
Handler: _ROTD_WriteFile_Handler,
Handler: _Trustd_WriteFile_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "api.proto",
}
func init() { proto.RegisterFile("api.proto", fileDescriptor_api_92247eb635a417db) }
func init() { proto.RegisterFile("api.proto", fileDescriptor_api_6d48f67e45b68bdd) }
var fileDescriptor_api_92247eb635a417db = []byte{
// 217 bytes of a gzipped FileDescriptorProto
var fileDescriptor_api_6d48f67e45b68bdd = []byte{
// 219 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0x2c, 0xc8, 0xd4,
0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x05, 0x53, 0x4a, 0x6a, 0x5c, 0x42, 0xce, 0xa9, 0x45,
0x25, 0x99, 0x69, 0x99, 0xc9, 0x89, 0x25, 0xa9, 0x41, 0xa9, 0x85, 0xa5, 0xa9, 0xc5, 0x25, 0x42,
@ -312,9 +312,9 @@ var fileDescriptor_api_92247eb635a417db = []byte{
0xd5, 0x2d, 0x33, 0x07, 0x6e, 0xa4, 0x10, 0x17, 0x4b, 0x41, 0x62, 0x49, 0x06, 0x58, 0x21, 0x67,
0x10, 0x98, 0x0d, 0x12, 0x4b, 0x49, 0x2c, 0x49, 0x94, 0x60, 0x02, 0x6b, 0x06, 0xb3, 0xc1, 0xea,
0x52, 0x8b, 0x72, 0x25, 0x98, 0x15, 0x18, 0x35, 0x58, 0x83, 0xc0, 0x6c, 0x25, 0x61, 0x2e, 0x41,
0x24, 0xf3, 0x20, 0x56, 0x1b, 0x4d, 0x60, 0xe4, 0x62, 0x09, 0xf2, 0x0f, 0x71, 0x11, 0x72, 0xe3,
0xe2, 0x46, 0x72, 0x9a, 0x90, 0x24, 0xc4, 0x83, 0x7a, 0x98, 0xde, 0x92, 0x92, 0xc2, 0x26, 0x05,
0x31, 0x4e, 0x89, 0x41, 0xc8, 0x81, 0x8b, 0x13, 0x6e, 0x8b, 0x90, 0x38, 0x54, 0x29, 0xba, 0x3f,
0xa4, 0x24, 0x30, 0x25, 0x60, 0x26, 0x24, 0xb1, 0x81, 0xa5, 0x8c, 0x01, 0x01, 0x00, 0x00, 0xff,
0xff, 0x45, 0xd6, 0xa4, 0x2f, 0x67, 0x01, 0x00, 0x00,
0x24, 0xf3, 0x20, 0x56, 0x1b, 0x4d, 0x62, 0xe4, 0x62, 0x0b, 0x29, 0x2a, 0x2d, 0x2e, 0x49, 0x11,
0x72, 0xe3, 0xe2, 0x46, 0x72, 0x9c, 0x90, 0x24, 0xc4, 0x8b, 0x7a, 0x98, 0x1e, 0x93, 0x92, 0xc2,
0x26, 0x05, 0x31, 0x50, 0x89, 0x41, 0xc8, 0x81, 0x8b, 0x13, 0x6e, 0x8f, 0x90, 0x38, 0x54, 0x29,
0xba, 0x4f, 0xa4, 0x24, 0x30, 0x25, 0x60, 0x26, 0x24, 0xb1, 0x81, 0xa5, 0x8c, 0x01, 0x01, 0x00,
0x00, 0xff, 0xff, 0x80, 0xe5, 0x5e, 0xbe, 0x69, 0x01, 0x00, 0x00,
}

4
src/initramfs/cmd/rotd/proto/api.proto → src/initramfs/cmd/trustd/proto/api.proto
View File

@ -3,8 +3,8 @@ syntax = "proto3";
package proto;
// The ROTD service definition.
service ROTD {
// The Trustd service definition.
service Trustd {
rpc Certificate(CertificateRequest) returns (CertificateResponse) {}
rpc WriteFile(WriteFileRequest) returns (WriteFileResponse) {}
}

6
src/initramfs/pkg/userdata/userdata.go
View File

@ -47,7 +47,7 @@ type Networking struct {
// Services represents the set of services available to configure.
type Services struct {
Kubeadm *Kubeadm `yaml:"kubeadm"`
ROTD *ROTD `yaml:"rotd"`
Trustd *Trustd `yaml:"trustd"`
}
// File represents a files to write to disk.
@ -73,12 +73,12 @@ type InitConfiguration struct {
SelfHosted bool `yaml:"selfHosted,omitempty"`
}
// ROTD describes the configuration of the Root of Trust (RoT) service. The
// Trustd describes the configuration of the Root of Trust (RoT) service. The
// username and password are used by master nodes, and worker nodes. The master
// nodes use them to authenticate clients, while the workers use them to
// authenticate as a client. The endpoints should only be specified in the
// worker user data, and should include all master nodes participating as a RoT.
type ROTD struct {
type Trustd struct {
Username string `yaml:"username"`
Password string `yaml:"password"`
Endpoints []string `yaml:"endpoints,omitempty"`