feat(NODE-1477): Configuration revamp (IC-OS integration)

ic-os/components/conformance_tests/check_file_references.py

@@ -11,12 +11,7 @@
 import tarfile
 import tempfile
 
-ALLOWED_UNDECLARED_DEPENDENCIES = {
-    "ic-os/components/misc/fetch-property.sh": {
-        # fetch-property.sh checks existence of metrics.sh
-        "/opt/ic/bin/metrics.sh",
-    }
-}
+ALLOWED_UNDECLARED_DEPENDENCIES = {}
 
 # Check file patterns /opt/ic/...
 COMPONENT_FILE_PATTERN = r"/opt/ic/[^\s'\"},)]+"

ic-os/components/hostos-scripts/build-bootstrap-config-image.sh

@@ -63,7 +63,7 @@ options may be specified:
     (make sure to quote the argument string so it appears as a single argument
     to the script, e.g. --elasticsearch_tags "testnet1 slo")
 
-  --nns_url url
+  --nns_urls urls
     URL of NNS nodes for sign up or registry access. Can be multiple nodes
     separated by commas.
 
@@ -122,7 +122,7 @@ function build_ic_bootstrap_tar() {
 
     local IPV6_ADDRESS IPV6_GATEWAY DOMAIN HOSTNAME
     local IC_CRYPTO IC_STATE IC_REGISTRY_LOCAL_STORE
-    local NNS_URL NNS_PUBLIC_KEY NODE_OPERATOR_PRIVATE_KEY
+    local NNS_URLS NNS_PUBLIC_KEY NODE_OPERATOR_PRIVATE_KEY
     local BACKUP_RETENTION_TIME_SECS BACKUP_PURGING_INTERVAL_SECS
     local ELASTICSEARCH_HOSTS ELASTICSEARCH_TAGS
     local ACCOUNTS_SSH_AUTHORIZED_KEYS
@@ -170,8 +170,8 @@ function build_ic_bootstrap_tar() {
             --elasticsearch_tags)
                 ELASTICSEARCH_TAGS="$2"
                 ;;
-            --nns_url)
-                NNS_URL="$2"
+            --nns_urls)
+                NNS_URLS="$2"
                 ;;
             --nns_public_key)
                 NNS_PUBLIC_KEY="$2"
@@ -237,8 +237,8 @@ EOF
     if [ "${NNS_PUBLIC_KEY}" != "" ]; then
         cp "${NNS_PUBLIC_KEY}" "${BOOTSTRAP_TMPDIR}/nns_public_key.pem"
     fi
-    if [ "${NNS_URL}" != "" ]; then
-        echo "nns_url=${NNS_URL}" >"${BOOTSTRAP_TMPDIR}/nns.conf"
+    if [ "${NNS_URLS}" != "" ]; then
+        echo "nns_url=${NNS_URLS}" >"${BOOTSTRAP_TMPDIR}/nns.conf"
     fi
     if [ "${BACKUP_RETENTION_TIME_SECS}" != "" ] || [ "${BACKUP_PURGING_INTERVAL_SECS}" != "" ]; then
         echo "backup_retention_time_secs=${BACKUP_RETENTION_TIME_SECS}" >"${BOOTSTRAP_TMPDIR}/backup.conf"

ic-os/components/hostos-scripts/generate-guestos-config/dev-generate-guestos-config.sh

@@ -4,29 +4,18 @@ set -e
 
 # Generate the GuestOS configuration.
 
+source /opt/ic/bin/logging.sh
 # Source the functions required for writing metrics
 source /opt/ic/bin/metrics.sh
 
-SCRIPT="$(basename $0)[$$]"
-
 # Get keyword arguments
 for argument in "${@}"; do
     case ${argument} in
-        -c=* | --config=*)
-            CONFIG="${argument#*=}"
-            shift
-            ;;
-        -d=* | --deployment=*)
-            DEPLOYMENT="${argument#*=}"
-            shift
-            ;;
         -h | --help)
             echo 'Usage:
 Generate GuestOS Configuration
 
 Arguments:
-  -c=, --config=        specify the config.ini configuration file (Default: /boot/config/config.ini)
-  -d=, --deployment=    specify the deployment.json configuration file (Default: /boot/config/deployment.json)
   -h, --help            show this help message and exit
   -i=, --input=         specify the input template file (Default: /opt/ic/share/guestos.xml.template)
   -m=, --media=         specify the config media image file (Default: /run/ic-node/config.img)
@@ -54,84 +43,69 @@ Arguments:
 done
 
 function validate_arguments() {
-    if [ "${CONFIG}" == "" -o "${DEPLOYMENT}" == "" -o "${INPUT}" == "" -o "${OUTPUT}" == "" ]; then
+    if [ "${INPUT}" == "" -o "${OUTPUT}" == "" ]; then
         $0 --help
     fi
 }
 
 # Set arguments if undefined
-CONFIG="${CONFIG:=/boot/config/config.ini}"
-DEPLOYMENT="${DEPLOYMENT:=/boot/config/deployment.json}"
 INPUT="${INPUT:=/opt/ic/share/guestos.xml.template}"
 MEDIA="${MEDIA:=/run/ic-node/config.img}"
 OUTPUT="${OUTPUT:=/var/lib/libvirt/guestos.xml}"
 
-write_log() {
-    local message=$1
-
-    if [ -t 1 ]; then
-        echo "${SCRIPT} ${message}" >/dev/stdout
-    fi
-
-    logger -t ${SCRIPT} "${message}"
-}
-
-function read_variables() {
-    # Read limited set of keys. Be extra-careful quoting values as it could
-    # otherwise lead to executing arbitrary shell code!
-    while IFS="=" read -r key value; do
-        case "$key" in
-            "ipv6_prefix") ipv6_prefix="${value}" ;;
-            "ipv6_gateway") ipv6_gateway="${value}" ;;
-            "ipv4_address") ipv4_address="${value}" ;;
-            "ipv4_prefix_length") ipv4_prefix_length="${value}" ;;
-            "ipv4_gateway") ipv4_gateway="${value}" ;;
-            "domain") domain="${value}" ;;
-        esac
-    done <"${CONFIG}"
+function read_config_variables() {
+    ipv6_prefix=$(get_config_value '.network_settings.ipv6_config.Deterministic.prefix')
+    ipv6_gateway=$(get_config_value '.network_settings.ipv6_config.Deterministic.gateway')
+    ipv4_address=$(get_config_value '.network_settings.ipv4_config.address')
+    ipv4_prefix_length=$(get_config_value '.network_settings.ipv4_config.prefix_length')
+    ipv4_gateway=$(get_config_value '.network_settings.ipv4_config.gateway')
+    domain=$(get_config_value '.network_settings.ipv4_config.domain')
+    elasticsearch_hosts=$(get_config_value '.icos_settings.logging.elasticsearch_hosts')
+    nns_public_key=$(get_config_value '.icos_settings.nns_public_key_path')
+    nns_urls=$(get_config_value '.icos_settings.nns_urls')
+    node_operator_private_key=$(get_config_value '.icos_settings.node_operator_private_key_path')
+    vm_memory=$(get_config_value '.hostos_settings.vm_memory')
+    vm_cpu=$(get_config_value '.hostos_settings.vm_cpu')
+    ssh_authorized_keys=$(get_config_value '.icos_settings.ssh_authorized_keys_path')
 }
 
 function assemble_config_media() {
     cmd=(/opt/ic/bin/build-bootstrap-config-image.sh ${MEDIA})
-    cmd+=(--nns_public_key "/boot/config/nns_public_key.pem")
-    cmd+=(--elasticsearch_hosts "$(/opt/ic/bin/fetch-property.sh --key=.logging.hosts --metric=hostos_logging_hosts --config=${DEPLOYMENT})")
+    cmd+=(--nns_public_key "$nns_public_key")
+    cmd+=(--elasticsearch_hosts "$elasticsearch_hosts")
     cmd+=(--ipv6_address "$(/opt/ic/bin/hostos_tool generate-ipv6-address --node-type GuestOS)")
     cmd+=(--ipv6_gateway "${ipv6_gateway}")
     if [[ -n "$ipv4_address" && -n "$ipv4_prefix_length" && -n "$ipv4_gateway" && -n "$domain" ]]; then
         cmd+=(--ipv4_address "${ipv4_address}/${ipv4_prefix_length}")
         cmd+=(--ipv4_gateway "${ipv4_gateway}")
         cmd+=(--domain "${domain}")
     fi
+    # todo: can I use the fetch-mgmt-mac in hostos tool?
     cmd+=(--hostname "guest-$(/opt/ic/bin/fetch-mgmt-mac.sh | sed 's/://g')")
-    cmd+=(--nns_url "$(/opt/ic/bin/fetch-property.sh --key=.nns.url --metric=hostos_nns_url --config=${DEPLOYMENT})")
-    if [ -f "/boot/config/node_operator_private_key.pem" ]; then
-        cmd+=(--node_operator_private_key "/boot/config/node_operator_private_key.pem")
+    cmd+=(--nns_urls "$nns_urls")
+    if [ -f "$node_operator_private_key" ]; then
+        cmd+=(--node_operator_private_key "$node_operator_private_key")
     fi
-
-    cmd+=(--accounts_ssh_authorized_keys "/boot/config/ssh_authorized_keys")
+    cmd+=(--accounts_ssh_authorized_keys "$ssh_authorized_keys")
 
     # Run the above command
     "${cmd[@]}"
     write_log "Assembling config media for GuestOS: ${MEDIA}"
 }
 
 function generate_guestos_config() {
-    RESOURCES_MEMORY=$(/opt/ic/bin/fetch-property.sh --key=.resources.memory --metric=hostos_resources_memory --config=${DEPLOYMENT})
     MAC_ADDRESS=$(/opt/ic/bin/hostos_tool generate-mac-address --node-type GuestOS)
-    # NOTE: `fetch-property` will error if the target is not found. Here we
-    # only want to act when the field is set.
-    CPU_MODE=$(jq -r ".resources.cpu" ${DEPLOYMENT})
 
     CPU_DOMAIN="kvm"
     CPU_SPEC="/opt/ic/share/kvm-cpu.xml"
-    if [ "${CPU_MODE}" == "qemu" ]; then
+    if [ "${vm_cpu}" == "qemu" ]; then
         CPU_DOMAIN="qemu"
         CPU_SPEC="/opt/ic/share/qemu-cpu.xml"
     fi
 
     if [ ! -f "${OUTPUT}" ]; then
         mkdir -p "$(dirname "$OUTPUT")"
-        sed -e "s@{{ resources_memory }}@${RESOURCES_MEMORY}@" \
+        sed -e "s@{{ resources_memory }}@${vm_memory}@" \
             -e "s@{{ mac_address }}@${MAC_ADDRESS}@" \
             -e "s@{{ cpu_domain }}@${CPU_DOMAIN}@" \
             -e "/{{ cpu_spec }}/{r ${CPU_SPEC}" -e "d" -e "}" \
@@ -152,9 +126,8 @@ function generate_guestos_config() {
 }
 
 function main() {
-    # Establish run order
     validate_arguments
-    read_variables
+    read_config_variables
     assemble_config_media
     generate_guestos_config
 }

ic-os/components/hostos-scripts/generate-guestos-config/generate-guestos-config.sh

@@ -8,26 +8,14 @@ source /opt/ic/bin/logging.sh
 # Source the functions required for writing metrics
 source /opt/ic/bin/metrics.sh
 
-SCRIPT="$(basename $0)[$$]"
-
 # Get keyword arguments
 for argument in "${@}"; do
     case ${argument} in
-        -c=* | --config=*)
-            CONFIG="${argument#*=}"
-            shift
-            ;;
-        -d=* | --deployment=*)
-            DEPLOYMENT="${argument#*=}"
-            shift
-            ;;
         -h | --help)
             echo 'Usage:
 Generate GuestOS Configuration
 
 Arguments:
-  -c=, --config=        specify the config.ini configuration file (Default: /boot/config/config.ini)
-  -d=, --deployment=    specify the deployment.json configuration file (Default: /boot/config/deployment.json)
   -h, --help            show this help message and exit
   -i=, --input=         specify the input template file (Default: /opt/ic/share/guestos.xml.template)
   -m=, --media=         specify the config media image file (Default: /run/ic-node/config.img)
@@ -55,48 +43,47 @@ Arguments:
 done
 
 function validate_arguments() {
-    if [ "${CONFIG}" == "" -o "${DEPLOYMENT}" == "" -o "${INPUT}" == "" -o "${OUTPUT}" == "" ]; then
+    if [ "${INPUT}" == "" -o "${OUTPUT}" == "" ]; then
         $0 --help
     fi
 }
 
 # Set arguments if undefined
-CONFIG="${CONFIG:=/boot/config/config.ini}"
-DEPLOYMENT="${DEPLOYMENT:=/boot/config/deployment.json}"
 INPUT="${INPUT:=/opt/ic/share/guestos.xml.template}"
 MEDIA="${MEDIA:=/run/ic-node/config.img}"
 OUTPUT="${OUTPUT:=/var/lib/libvirt/guestos.xml}"
 
-function read_variables() {
-    # Read limited set of keys. Be extra-careful quoting values as it could
-    # otherwise lead to executing arbitrary shell code!
-    while IFS="=" read -r key value; do
-        case "$key" in
-            "ipv6_prefix") ipv6_prefix="${value}" ;;
-            "ipv6_gateway") ipv6_gateway="${value}" ;;
-            "ipv4_address") ipv4_address="${value}" ;;
-            "ipv4_prefix_length") ipv4_prefix_length="${value}" ;;
-            "ipv4_gateway") ipv4_gateway="${value}" ;;
-            "domain") domain="${value}" ;;
-        esac
-    done <"${CONFIG}"
+function read_config_variables() {
+    ipv6_prefix=$(get_config_value '.network_settings.ipv6_config.Deterministic.prefix')
+    ipv6_gateway=$(get_config_value '.network_settings.ipv6_config.Deterministic.gateway')
+    ipv4_address=$(get_config_value '.network_settings.ipv4_config.address')
+    ipv4_prefix_length=$(get_config_value '.network_settings.ipv4_config.prefix_length')
+    ipv4_gateway=$(get_config_value '.network_settings.ipv4_config.gateway')
+    domain=$(get_config_value '.network_settings.ipv4_config.domain')
+    elasticsearch_hosts=$(get_config_value '.icos_settings.logging.elasticsearch_hosts')
+    nns_public_key=$(get_config_value '.icos_settings.nns_public_key_path')
+    nns_urls=$(get_config_value '.icos_settings.nns_urls')
+    node_operator_private_key=$(get_config_value '.icos_settings.node_operator_private_key_path')
+    vm_memory=$(get_config_value '.hostos_settings.vm_memory')
+    vm_cpu=$(get_config_value '.hostos_settings.vm_cpu')
 }
 
 function assemble_config_media() {
     cmd=(/opt/ic/bin/build-bootstrap-config-image.sh ${MEDIA})
-    cmd+=(--nns_public_key "/boot/config/nns_public_key.pem")
-    cmd+=(--elasticsearch_hosts "$(/opt/ic/bin/fetch-property.sh --key=.logging.hosts --metric=hostos_logging_hosts --config=${DEPLOYMENT})")
+    cmd+=(--nns_public_key "$nns_public_key")
+    cmd+=(--elasticsearch_hosts "$elasticsearch_hosts")
     cmd+=(--ipv6_address "$(/opt/ic/bin/hostos_tool generate-ipv6-address --node-type GuestOS)")
     cmd+=(--ipv6_gateway "${ipv6_gateway}")
     if [[ -n "$ipv4_address" && -n "$ipv4_prefix_length" && -n "$ipv4_gateway" && -n "$domain" ]]; then
         cmd+=(--ipv4_address "${ipv4_address}/${ipv4_prefix_length}")
         cmd+=(--ipv4_gateway "${ipv4_gateway}")
         cmd+=(--domain "${domain}")
     fi
+    # todo: can I use the fetch-mgmt-mac in hostos tool?
     cmd+=(--hostname "guest-$(/opt/ic/bin/fetch-mgmt-mac.sh | sed 's/://g')")
-    cmd+=(--nns_url "$(/opt/ic/bin/fetch-property.sh --key=.nns.url --metric=hostos_nns_url --config=${DEPLOYMENT})")
-    if [ -f "/boot/config/node_operator_private_key.pem" ]; then
-        cmd+=(--node_operator_private_key "/boot/config/node_operator_private_key.pem")
+    cmd+=(--nns_urls "$nns_urls")
+    if [ -f "$node_operator_private_key" ]; then
+        cmd+=(--node_operator_private_key "$node_operator_private_key")
     fi
 
     # Run the above command
@@ -105,22 +92,18 @@ function assemble_config_media() {
 }
 
 function generate_guestos_config() {
-    RESOURCES_MEMORY=$(/opt/ic/bin/fetch-property.sh --key=.resources.memory --metric=hostos_resources_memory --config=${DEPLOYMENT})
     MAC_ADDRESS=$(/opt/ic/bin/hostos_tool generate-mac-address --node-type GuestOS)
-    # NOTE: `fetch-property` will error if the target is not found. Here we
-    # only want to act when the field is set.
-    CPU_MODE=$(jq -r ".resources.cpu" ${DEPLOYMENT})
 
     CPU_DOMAIN="kvm"
     CPU_SPEC="/opt/ic/share/kvm-cpu.xml"
-    if [ "${CPU_MODE}" == "qemu" ]; then
+    if [ "${vm_cpu}" == "qemu" ]; then
         CPU_DOMAIN="qemu"
         CPU_SPEC="/opt/ic/share/qemu-cpu.xml"
     fi
 
     if [ ! -f "${OUTPUT}" ]; then
         mkdir -p "$(dirname "$OUTPUT")"
-        sed -e "s@{{ resources_memory }}@${RESOURCES_MEMORY}@" \
+        sed -e "s@{{ resources_memory }}@${vm_memory}@" \
             -e "s@{{ mac_address }}@${MAC_ADDRESS}@" \
             -e "s@{{ cpu_domain }}@${CPU_DOMAIN}@" \
             -e "/{{ cpu_spec }}/{r ${CPU_SPEC}" -e "d" -e "}" \
@@ -141,9 +124,8 @@ function generate_guestos_config() {
 }
 
 function main() {
-    # Establish run order
     validate_arguments
-    read_variables
+    read_config_variables
     assemble_config_media
     generate_guestos_config
 }

ic-os/components/hostos-scripts/misc/fetch-mgmt-mac.sh

@@ -58,8 +58,6 @@ function fetch_mgmt_mac() {
 function main() {
     # Establish run order
 
-    # NOTE: `fetch-property` will error if the target is not found. Here we
-    # only want to act when the field is set.
     MGMT_MAC=$(jq -r ".deployment.mgmt_mac" ${DEPLOYMENT})
 
     if [ -z "${MGMT_MAC}" ] || [ "${MGMT_MAC}" = "null" ]; then

ic-os/components/hostos-scripts/verbose-logging/verbose-logging.sh

@@ -1,18 +1,8 @@
 #!/bin/bash
 
-CONFIG="${CONFIG:=/boot/config/config.ini}"
+source /opt/ic/bin/config.sh
 
-function read_variables() {
-    # Read limited set of keys. Be extra-careful quoting values as it could
-    # otherwise lead to executing arbitrary shell code!
-    while IFS="=" read -r key value; do
-        case "$key" in
-            "verbose") verbose="${value}" ;;
-        esac
-    done <"${CONFIG}"
-}
-
-read_variables
+verbose=$(get_config_value '.hostos_settings.verbose')
 
 if [[ "${verbose,,}" == "true" ]]; then
     echo "##########################################" >/dev/tty1

ic-os/components/hostos.bzl

@@ -48,9 +48,9 @@ component_files = {
     Label("early-boot/initramfs-tools/hostos/set-machine-id/set-machine-id"): "/etc/initramfs-tools/scripts/init-bottom/set-machine-id/set-machine-id",
 
     # misc
+    Label("misc/config/hostos-config.sh"): "/opt/ic/bin/config.sh",
     Label("misc/logging.sh"): "/opt/ic/bin/logging.sh",
     Label("misc/metrics.sh"): "/opt/ic/bin/metrics.sh",
-    Label("misc/fetch-property.sh"): "/opt/ic/bin/fetch-property.sh",
     Label("misc/vsock/vsock-agent.service"): "/etc/systemd/system/vsock-agent.service",
     Label("misc/vsock/10-vhost-vsock.rules"): "/etc/udev/rules.d/10-vhost-vsock.rules",
     Label("misc/chrony/chrony.conf"): "/etc/chrony/chrony.conf",

ic-os/components/init/bootstrap-ic-node/guestos/bootstrap-ic-node.sh

@@ -3,8 +3,6 @@
 # Provision a node based on an injected "ic-bootstrap.tar" file. This script
 # is meant to be run as a prerequisite before launching orchestrator/replica.
 #
-# The configuration format is described in guestos/docs/ConfigStore.adoc
-#
 # The tar file can be supplied using one of two methods:
 # - as "ic-bootstrap.tar" stored on a (virtual) removable media attached
 #   on first boot

ic-os/components/misc/config/hostos-config.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Shared config utilities.
+
+# Retrieves a value from the config.json file using a JSON path.
+# Arguments:
+#   $1 - JSON path to the desired value (e.g., '.icos_settings.node_operator_private_key_path')
+function get_config_value() {
+    local CONFIG_FILE="/boot/config/config.json"
+    local key=$1
+    jq -r "${key}" "${CONFIG_FILE}"
+}