Bootstrap process based on initial data

[akremenetsky]

• Bootstrap process based on initial data
• Core manifest with core set

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a robust, data-driven bootstrapping mechanism for the system. By replacing static configuration files with Jinja2 templates and processing initial setup data from a spec.json file, the system can now dynamically configure its network, DNS, and core components. This change streamlines the initial deployment, enhances flexibility, and improves the overall resilience of the bootstrap process by integrating dynamic resource creation and configuration rendering.

Highlights

• Dynamic Configuration Templating: Transitioned from static configuration files to dynamic Jinja2 templates for network (Netplan), DNS (dnsdist, systemd-resolved), and core application settings (genesis_core, genesis_universal_agent). A new utility, gc-bootstrap-templates, was introduced to render these templates based on initial data.
• Enhanced Bootstrap Process: The core bootstrap script (genesis_core/cmd/bootstrap.py) was significantly refactored to consume initial configuration data from a spec.json file (expected to be mounted from a CD-ROM). This enables dynamic creation of network entities (flat network, subnets), machine pools, and the core node set within the system's database.
• Core Manifest and Compute Resource Management: The core manifest (genesis/manifests/core.yaml.j2) was updated to be templated, incorporating profiles, variables for dynamic IP address assignment, and a detailed definition of the core_set. The bootstrap process now dynamically adds the core node set and its associated nodes and ports to the database.
• Robustness and System Integration: Improvements were made to bootstrap.sh including unconditional systemctl daemon-reload calls, retry logic for PostgreSQL data migration using rsync, CD-ROM detection and mounting, and integration with the new templating and systemd service restarts. Specific handling for core set machines was added to compute agents and builders for boot behavior and port management.

Changelog

• etc/90-genesis-dummy-config.yaml
  • Added a dummy Netplan configuration to disable DHCP for all 'en*' interfaces.
• etc/90-genesis-net-base-config.yaml
  • Removed the static network base configuration file.
• etc/90-genesis-net-config.yaml.j2
  • Added a Jinja2 template for dynamic Netplan network configuration.
• etc/dnsdist/dnsdist-private.conf.j2
  • Renamed dnsdist-private.conf to dnsdist-private.conf.j2.
  • Updated the setLocal directive to use a templated main_ip variable.
• etc/genesis_core/genesis_core.conf.j2
  • Renamed genesis_core.conf to genesis_core.conf.j2.
  • Templated bind_host and gc_boot_api with boot_ip.
  • Corrected the events section to use enabled = False.
• etc/genesis_universal_agent/genesis_universal_agent.conf.j2
  • Renamed genesis_universal_agent.conf to genesis_universal_agent.conf.j2.
  • Templated orch_endpoint and status_endpoint with boot_ip.
  • Added orch_secure_communication setting.
  • Formatted caps_drivers and capabilities into multiline lists.
• etc/systemd/resolved.conf.j2
  • Added a Jinja2 template for systemd-resolved configuration, setting the DNS server dynamically.
• genesis/genesis.yaml
  • Removed the static network configuration file from build artifacts.
  • Added .ruff_cache and output to build exclusions.
  • Changed the genesis-core image format from raw to qcow2.
  • Linked the genesis-core image to the new templated core manifest.
  • Removed commented-out manifest reference.
• genesis/images/bootstrap.sh
  • Removed conditional checks for systemctl commands, making daemon-reload unconditional.
  • Implemented retry logic with rsync for PostgreSQL data directory migration.
  • Removed conditional checks for systemctl commands related to PostgreSQL service management.
  • Added logic to detect and mount CD-ROM devices.
  • Integrated calls to gc-bootstrap-templates, netplan apply, and systemd-resolved/dnsdist service restarts.
• genesis/images/install.sh
  • Removed direct copying of static genesis_core.conf, core.yaml, and startup_cfg.yaml.
  • Updated universal agent configuration copy to only include logging.yaml.
  • Added a symbolic link for the new gc-bootstrap-templates command.
  • Copied the dummy Netplan configuration to disable DHCP.
  • Removed static IP configuration for DNS and dnsdist, deferring to templating.
  • Added functionality to set a default password for the ubuntu user.
• genesis/images/startup_cfg.yaml
  • Removed the static startup configuration file.
• genesis/manifests/core.yaml
  • Removed the static core manifest file.
• genesis/manifests/core.yaml.j2
  • Added a Jinja2 template for the core manifest, including profiles, dynamic variables for replicas and IP addresses, and a detailed core_set definition.
• genesis_core/cmd/bootstrap.py
  • Removed the startup_db_path configuration option.
  • Updated the default manifest_path to a new constant.
  • Introduced new constants for SPEC_PATH, MANIFEST_PATH, MAIN_SUBNET_UUID, and VAR_CORE_IP_ADDRESS_UUID.
  • Refactored _apply_startup_db to dynamically create network entities and machine pools from a spec.json file.
  • Added _net_range helper for calculating IP ranges.
  • Added _add_core_set function to create node sets, nodes, and ports in the database based on the spec.
  • Added _set_defaults function to activate the 'develop' profile and set the core_ip_address variable dynamically.
  • Modified the main function to read spec.json and orchestrate the new bootstrap steps.
• genesis_core/cmd/bootstrap_templates.py
  • Added a new script to render Jinja2 templates for various configuration files (Netplan, core config, UA config, resolved, dnsdist private).
  • Defined CLI options for source and destination paths of all templated files.
  • Implemented _build_template_context to extract dynamic values (MACs, IPs, gateways) from spec.json.
  • Created _render_template to process and write templated configurations.
• genesis_core/common/constants.py
  • Added CORE_SET_UUID constant.
• genesis_core/compute/agents/universal/drivers/pool.py
  • Modified restore_from_dp to truncate dp_ports to one for core set machines, addressing a multi-connection limitation.
• genesis_core/compute/builders/node_set.py
  • Updated gen_nodes to accept node_uuids, allowing pre-defined UUIDs for nodes during infrastructure actualization.
• genesis_core/compute/builders/pool.py
  • Added _is_core_machine helper to identify core set machines by name prefix.
  • Modified _actualize_machine_derivatives_on_create_update to prevent new core set machines from booting via network, ensuring they boot from hd0.
• genesis_core/compute/node_set/dm/models.py
  • Modified gen_nodes to accept an optional node_uuids collection, enabling the use of specific UUIDs when generating nodes.
• pyproject.toml
  • Added a new entry point for gc-bootstrap-templates.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a bootstrap process based on initial data, including a core manifest with a core set, adding new configuration files, modifying existing scripts, and incorporating templating for dynamic configuration to streamline the initial setup and configuration of the Genesis Core environment. However, this implementation introduces several security vulnerabilities. The installation script handles passwords insecurely by using a predictable temporary file in /tmp, and the template rendering logic is susceptible to configuration injection because it lacks validation for external input from the spec.json file. Addressing these issues is critical to ensure the integrity and security of the bootstrap process.

I am having trouble creating individual review comments. Click here to see my feedback.

genesis_core/cmd/bootstrap_templates.py (135)

Data read from /mnt/cdrom/spec.json is rendered into system configuration files (e.g., dnsdist, netplan) using Jinja2 without any validation or escaping. This allows for configuration injection if the spec.json file is compromised or contains malicious values. For example, a malicious IP address could inject Lua code into the dnsdist configuration or manipulate the netplan YAML structure, potentially leading to unauthorized access or command execution.

Remediation:
Validate all inputs from spec.json against expected formats (e.g., using regular expressions for IP and MAC addresses) before passing them to the template engine.

genesis/images/install.sh (250-258)

The script uses a predictable temporary file /tmp/__passwd to set the user password. This is vulnerable to symlink attacks, where an attacker could create a symbolic link at this location to overwrite arbitrary files. Additionally, the password is briefly exposed in a world-readable directory. Furthermore, the script defaults to a weak password ('ubuntu') if GEN_USER_PASSWD is not set.

Remediation:

1. Avoid using weak default passwords.
2. Use mktemp to create a secure temporary file or, preferably, pipe the password directly to chpasswd: printf "%s\n" "ubuntu:$PASSWD" | sudo chpasswd.

genesis/images/bootstrap.sh (142-145)

The if statement checking for systemctl is no longer needed since systemctl is now assumed to be present. Removing this check simplifies the code and reduces unnecessary conditional logic. This can be simplified.

log "running: systemctl daemon-reload"
systemctl daemon-reload || true

log "running: systemctl daemon-reload"
systemctl daemon-reload || true

genesis/images/bootstrap.sh (156-159)

The if statement checking for systemctl is no longer needed since systemctl is now assumed to be present. Removing this check simplifies the code and reduces unnecessary conditional logic. This can be simplified.

log "running: systemctl daemon-reload"
systemctl daemon-reload || true

log "running: systemctl daemon-reload"
systemctl daemon-reload || true

genesis/images/bootstrap.sh (245-247)

The if statement checking for systemctl is no longer needed since systemctl is now assumed to be present. Removing this check simplifies the code and reduces unnecessary conditional logic. This can be simplified.

systemctl stop postgresql || true

systemctl stop postgresql || true

genesis/images/bootstrap.sh (254-257)

The if statement checking for command -v rsync is no longer needed since rsync is now assumed to be present. Instead of using cp, a retry mechanism is implemented to handle potential rsync failures, improving the robustness of the data copying process.

MAX_RETRIES=5
RETRY_COUNT=0
while [[ ${RETRY_COUNT} -lt ${MAX_RETRIES} ]]; do
  if rsync -aHAX --numeric-ids "${OLD_PGDATA}/" "${NEW_PGDATA}/" ; then
    log "rsync completed successfully"
    break
  else
    RETRY_COUNT=$((RETRY_COUNT + 1))
    if [[ ${RETRY_COUNT} -lt ${MAX_RETRIES} ]]; then
      log "rsync failed, retrying in 0.5s (attempt ${RETRY_COUNT}/${MAX_RETRIES})"
      sleep 0.5
    else
      log "ERROR: rsync failed after ${MAX_RETRIES} attempts"
      exit 1
    fi
  fi
done

MAX_RETRIES=5
RETRY_COUNT=0
while [[ ${RETRY_COUNT} -lt ${MAX_RETRIES} ]]; do
  if rsync -aHAX --numeric-ids "${OLD_PGDATA}/" "${NEW_PGDATA}/" ; then
    log "rsync completed successfully"
    break
  else
    RETRY_COUNT=$((RETRY_COUNT + 1))
    if [[ ${RETRY_COUNT} -lt ${MAX_RETRIES} ]]; then
      log "rsync failed, retrying in 0.5s (attempt ${RETRY_COUNT}/${MAX_RETRIES})"
      sleep 0.5
    else
      log "ERROR: rsync failed after ${MAX_RETRIES} attempts"
      exit 1
    fi
  fi
done

genesis/images/bootstrap.sh (270-273)

The if statement checking for systemctl is no longer needed since systemctl is now assumed to be present. Removing this check simplifies the code and reduces unnecessary conditional logic. This can be simplified.

systemctl daemon-reload || true
systemctl start postgresql || true

systemctl daemon-reload || true
systemctl start postgresql || true

genesis/images/bootstrap.sh (278-280)

The if statement checking for systemctl is no longer needed since systemctl is now assumed to be present. Removing this check simplifies the code and reduces unnecessary conditional logic. This can be simplified.

systemctl start postgresql || true

systemctl start postgresql || true

genesis/images/install.sh (165)

Moving the logging.yaml file is good, but the directory should be created first to avoid errors if it doesn't exist.

sudo mkdir -p /etc/genesis_universal_agent
sudo cp "$GC_PATH/etc/genesis_universal_agent/logging.yaml" /etc/genesis_universal_agent/

sudo mkdir -p /etc/genesis_universal_agent
sudo cp "$GC_PATH/etc/genesis_universal_agent/logging.yaml" /etc/genesis_universal_agent/