Commit Graph

107 Commits

Author SHA1 Message Date
Brian Picciano
ffd276bd3e Refactor how nebula certs are signed and propagated
I had previously made the mistake of thinking that the Curve25519 key
which is generated for each host to use in nebula communication could
also be used for signing. This is not the case, Ed25519 is used for
signing and is different thant Curve25519.

Rather than figuring out how to convert the Curve25519 key into an
Ed25519 key, which there is no apparent support for in the standard
library, I opted to instead ship a separate key just for signing with
each host. Doing this required a bit of refactoring in order to keep all
the different keys straight and ensure all data which needs a signature
still has it.
2022-11-05 15:23:29 +01:00
Brian Picciano
e9ac1336ba Small fixes to documentation and various small bugs 2022-11-05 13:57:21 +01:00
Brian Picciano
c0ebca193d Add Name field to admin.CreationParams 2022-11-05 13:15:42 +01:00
Brian Picciano
bd5a5552bc Add Glossary, remove "participant" as a term 2022-11-05 12:03:51 +01:00
Brian Picciano
46685113e0 "cryptic-net network" -> "cryptic network" throughout docs 2022-11-05 11:50:11 +01:00
Brian Picciano
5c8c24e73e Add documentation for admin create-network 2022-11-03 15:38:31 +01:00
Brian Picciano
b935457439 Various fixes to bugs in admin create-network 2022-11-03 14:54:46 +01:00
Brian Picciano
6ba8b948c2 Update firewall information in "Contributing Storage" doc 2022-11-03 14:30:54 +01:00
Brian Picciano
be25907444 Remove reference to cryptic.io in daemon.yml 2022-11-03 14:25:50 +01:00
Brian Picciano
3ac86e07cf Use yaml instead of tgz for bootstrap file 2022-11-02 14:34:40 +01:00
Brian Picciano
7d95825f97 Use yaml to encode admin file, not tgz 2022-11-02 14:02:21 +01:00
Brian Picciano
745fe31324 Updates to existing documentation 2022-10-30 02:22:03 +02:00
Brian Picciano
287313e00a Update daemon-process-tree 2022-10-30 00:38:26 +02:00
Brian Picciano
7dceb659ef Store full nebula cert for each host in garage, rather than just the IP
This allows each host to verify the cert against the CA cert. We also
now have each host sign the yaml file that it posts to garage, to ensure
that a host can't arbitrarily overwrite another host's file.
2022-10-29 21:11:40 +02:00
Brian Picciano
711d568036 Use a real private key for garage instances 2022-10-29 00:09:18 +02:00
Brian Picciano
b26f4bdd6a Move proc locking into entrypoint
This completely cleans up all logic that used to be in crypticnet.
2022-10-27 00:45:40 +02:00
Brian Picciano
28159608c8 Factor out crypticnet.Env completely 2022-10-27 00:37:03 +02:00
Brian Picciano
b23a4cafa6 Remove Bootstrap from Env 2022-10-27 00:25:58 +02:00
Brian Picciano
08f47bd514 Move daemon.yml types and functionality out of entrypoint and Env 2022-10-26 23:21:31 +02:00
Brian Picciano
03618ba72c Reimplement dnsmasq-entrypoint in go
This allowed for deleting all script utilities and environment variable
logic.
2022-10-26 22:18:16 +02:00
Brian Picciano
2200d85992 Make populating garage ports optional 2022-10-26 21:47:39 +02:00
Brian Picciano
6ef21ff186 Don't set bootstrap host entry during admin create-network 2022-10-26 21:30:30 +02:00
Brian Picciano
be2250fddd Small fixes to get admin create-network working 2022-10-25 21:15:09 +02:00
Brian Picciano
9288d8cf48 Fix and improve version string 2022-10-20 22:30:30 +02:00
Brian Picciano
5e399209b2 Rename go-workspace to just entrypoint, clean out unused wait-for tools 2022-10-20 22:06:22 +02:00
Brian Picciano
47e45e0071 Factor out nebula-entrypoint
As part of this all "wait" constraints have been migrated to pure-go
implementations, taking advantage of pmux's `StartAfterFunc` argument.

nebula-entrypoint was the final main process besides the entrypoint
itself, allowing us to get rid of cryptic-net-main.
2022-10-20 21:59:46 +02:00
Brian Picciano
8ba88b4dfc Use migrated and upgraded pmux 2022-10-20 20:57:26 +02:00
Brian Picciano
8d92b9fe2b Factor out update-global-bucket 2022-10-19 16:53:38 +02:00
Brian Picciano
0d53d0c6d6 move garage/default.nix to nix/garage.nix 2022-10-19 16:25:11 +02:00
Brian Picciano
936ca8d48f Factor out garage-apply-layout-diff
The new code runs the equivalent functionality within the daemon go
code. It was required to make Env be immutable in order to prevent race
conditions (this really should have been done from the beginning
anyway).
2022-10-19 16:20:26 +02:00
Brian Picciano
41e0b56617 Implement admin create-network command
This required a lot of re-implementation of how garage gets interacted
with, including updating cluster layout using the admin API and
initialization of the global bucket key.
2022-10-19 15:41:18 +02:00
Brian Picciano
7a25e1b6e6 Initial implementation of garage.AdminClient 2022-10-16 22:17:24 +02:00
Brian Picciano
eba9b23e61 Introduce admin.CreationParams 2022-10-16 22:07:03 +02:00
Brian Picciano
f720d7accd Enable the garage admin interface 2022-10-16 21:22:58 +02:00
Brian Picciano
51e21c3e46 Get rid of garage web port
It's not clear how we would be using it at this point, and garage 0.8.0
allows us to leave it off, so might as well do so.
2022-10-16 21:12:33 +02:00
Brian Picciano
5e08061cd6 Factor out garage-entrypoint
The daemon entrypoint now starts the garage child processes directly,
without the extra step of indirection
2022-10-16 20:48:33 +02:00
Brian Picciano
18422a1084 Re-arrange sub-commands in entrypoint somewhat 2022-10-16 20:44:24 +02:00
Brian Picciano
3b19552173 Remove hash.bin functionality from TGZWriter 2022-10-16 17:06:50 +02:00
Brian Picciano
77cb74f316 Fix bash scripts not having been updated with new bootstrap layout 2022-10-16 16:57:22 +02:00
Brian Picciano
bf0f29f8b6 Fix small error in daemon child process diagram 2022-10-16 16:52:07 +02:00
Brian Picciano
bdd0259280 Basic implementation of the admin package 2022-10-16 16:39:05 +02:00
Brian Picciano
cf52cbff52 Update daemon process tree diagram 2022-10-16 15:54:51 +02:00
Brian Picciano
93bdd3ebd4 Update host's config in bootstrap using daemon.yml prior to starting pmux
Previously if the `daemon.yml` of a host was changed it would first
start up, load that new daemon.yml in, persist the new configuration for
the host to garage using `update-garage-host`, pull that config back
down and persist it to the bootstrap in `runDaemonPmuxOnce`, and restart
all child processes so they get the new config.

Now, once `daemon.yml` is loaded in we immediately merge it into and
persist this host's bootstrap file, prior to ever starting child
processes. This removes the necessity of restarting those process at
start.

This change also allows the bootstrap file to be the sole repository of
information required to pick a garage node to connect to, since it is
presumably always as up-to-date as it can possibly be. This allows for
removing some more logic from `Env`.
2022-10-16 15:38:15 +02:00
Brian Picciano
51b2fbba36 Don't support legacy bootstrap format, we have to redo all bootstraps anyway 2022-10-16 15:11:49 +02:00
Brian Picciano
30584973be Fix global bucket key path in bootstrap having accidentally changed 2022-10-15 18:55:24 +02:00
Brian Picciano
af7c8dde32 More big refactoring leading up to network creation
The `bootstrap/creator` package is gone, almost as quickly as it
arrived. The `Bootstrap` type is now able to write its own tgz file, and
the two places where bootstrap files are being created pull the data
down to do so and create the `Bootstrap` structs directly.

The structure of the bootstrap file itself has been changed, now there's
just a single `hosts` directory which contains files which are yaml
encodings of the `Host` type, rather than having it be split into
`nebula` and `garage` directories. This makes creating bootstrap files a
lot easier.
2022-10-15 18:41:07 +02:00
Brian Picciano
836e69735d Some large inter-related refactors, moving towards network creation command
Host types have been moved within the `bootstrap` package.

Refactored how boostrap FS is interacted with. There is now a
`Bootstrap` struct which has pre-loaded all data within the bootstrap
FS. This helps centralize the logic around reading the data (though not
yet completely).

Choosing of the garage node to interact with no longer occurs in like
three different places. It occurs at the environment level now, and is
aided by the new `garage.Peer` type.
2022-10-15 16:28:03 +02:00
Brian Picciano
004be0c2aa Implement creation of CACert 2022-10-15 13:17:48 +02:00
Brian Picciano
0e41a06121 Refactor how bootstrap files are created
The new code makes it a lot clearer what the sources of each
file/directory is, and makes it more difficult to forget to add a file
or directory. This will be helpful when it comes to bootstrapping an
entire network, which will require yet a third way of generating
bootstrap files.
2022-10-11 22:01:19 +02:00
Brian Picciano
24b7fe6339 Update nebula to v1.6.1 in go-workspace 2022-10-11 20:18:14 +02:00