Merge branch 'main' into felixmcfelix/floating-ip-live

Cargo.toml

@@ -229,7 +229,6 @@ ipnetwork = { version = "0.20", features = ["schemars"] }
 itertools = "0.12.0"
 key-manager = { path = "key-manager" }
 kstat-rs = "0.2.3"
-lazy_static = "1.4.0"
 libc = "0.2.151"
 linear-map = "1.2.0"
 macaddr = { version = "1.0.1", features = ["serde_std"] }
@@ -290,6 +289,7 @@ postgres-protocol = "0.6.6"
 predicates = "3.0.4"
 pretty_assertions = "1.4.0"
 pretty-hex = "0.4.0"
+prettyplease = "0.2.15"
 proc-macro2 = "1.0"
 progenitor = { git = "https://github.com/oxidecomputer/progenitor", branch = "main" }
 progenitor-client = { git = "https://github.com/oxidecomputer/progenitor", branch = "main" }
@@ -339,6 +339,7 @@ slog = { version = "2.7", features = [ "dynamic-keys", "max_level_trace", "relea
 slog-async = "2.8"
 slog-dtrace = "0.2"
 slog-envlogger = "2.2"
+slog-error-chain = { git = "https://github.com/oxidecomputer/slog-error-chain", branch = "main", features = ["derive"] }
 slog-term = "2.9"
 smf = "0.2"
 snafu = "0.7"

common/Cargo.toml

@@ -17,7 +17,6 @@ hex.workspace = true
 http.workspace = true
 ipnetwork.workspace = true
 macaddr.workspace = true
-lazy_static.workspace = true
 proptest = { workspace = true, optional = true }
 rand.workspace = true
 reqwest = { workspace = true, features = ["rustls-tls", "stream"] }
@@ -38,6 +37,7 @@ uuid.workspace = true
 parse-display.workspace = true
 progenitor.workspace = true
 omicron-workspace-hack.workspace = true
+once_cell.workspace = true
 
 [dev-dependencies]
 camino-tempfile.workspace = true

common/src/address.rs

@@ -9,6 +9,7 @@
 
 use crate::api::external::{self, Error, Ipv4Net, Ipv6Net};
 use ipnetwork::{Ipv4Network, Ipv6Network};
+use once_cell::sync::Lazy;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddrV6};
@@ -76,65 +77,78 @@ pub const NTP_PORT: u16 = 123;
 // that situation (which may be as soon as allocating ephemeral IPs).
 pub const NUM_SOURCE_NAT_PORTS: u16 = 1 << 14;
 
-lazy_static::lazy_static! {
-    // Services that require external connectivity are given an OPTE port
-    // with a "Service VNIC" record. Like a "Guest VNIC", a service is
-    // placed within a VPC (a built-in services VPC), along with a VPC subnet.
-    // But unlike guest instances which are created at runtime by Nexus, these
-    // services are created by RSS early on. So, we have some fixed values
-    // used to bootstrap service OPTE ports. Each service kind uses a distinct
-    // VPC subnet which RSS will allocate addresses from for those services.
-    // The specific values aren't deployment-specific as they are virtualized
-    // within OPTE.
-
-    /// The IPv6 prefix assigned to the built-in services VPC.
-    // The specific prefix here was randomly chosen from the expected VPC
-    // prefix range (`fd00::/48`). See `random_vpc_ipv6_prefix`.
-    // Furthermore, all the below *_OPTE_IPV6_SUBNET constants are
-    // /64's within this prefix.
-    pub static ref SERVICE_VPC_IPV6_PREFIX: Ipv6Net = Ipv6Net(
+// Services that require external connectivity are given an OPTE port
+// with a "Service VNIC" record. Like a "Guest VNIC", a service is
+// placed within a VPC (a built-in services VPC), along with a VPC subnet.
+// But unlike guest instances which are created at runtime by Nexus, these
+// services are created by RSS early on. So, we have some fixed values
+// used to bootstrap service OPTE ports. Each service kind uses a distinct
+// VPC subnet which RSS will allocate addresses from for those services.
+// The specific values aren't deployment-specific as they are virtualized
+// within OPTE.
+
+/// The IPv6 prefix assigned to the built-in services VPC.
+// The specific prefix here was randomly chosen from the expected VPC
+// prefix range (`fd00::/48`). See `random_vpc_ipv6_prefix`.
+// Furthermore, all the below *_OPTE_IPV6_SUBNET constants are
+// /64's within this prefix.
+pub static SERVICE_VPC_IPV6_PREFIX: Lazy<Ipv6Net> = Lazy::new(|| {
+    Ipv6Net(
         Ipv6Network::new(
             Ipv6Addr::new(0xfd77, 0xe9d2, 0x9cd9, 0, 0, 0, 0, 0),
             Ipv6Net::VPC_IPV6_PREFIX_LENGTH,
-        ).unwrap(),
-    );
-
-    /// The IPv4 subnet for External DNS OPTE ports.
-    pub static ref DNS_OPTE_IPV4_SUBNET: Ipv4Net =
-        Ipv4Net(Ipv4Network::new(Ipv4Addr::new(172, 30, 1, 0), 24).unwrap());
-
-    /// The IPv6 subnet for External DNS OPTE ports.
-    pub static ref DNS_OPTE_IPV6_SUBNET: Ipv6Net = Ipv6Net(
+        )
+        .unwrap(),
+    )
+});
+
+/// The IPv4 subnet for External DNS OPTE ports.
+pub static DNS_OPTE_IPV4_SUBNET: Lazy<Ipv4Net> = Lazy::new(|| {
+    Ipv4Net(Ipv4Network::new(Ipv4Addr::new(172, 30, 1, 0), 24).unwrap())
+});
+
+/// The IPv6 subnet for External DNS OPTE ports.
+pub static DNS_OPTE_IPV6_SUBNET: Lazy<Ipv6Net> = Lazy::new(|| {
+    Ipv6Net(
         Ipv6Network::new(
             Ipv6Addr::new(0xfd77, 0xe9d2, 0x9cd9, 1, 0, 0, 0, 0),
             Ipv6Net::VPC_SUBNET_IPV6_PREFIX_LENGTH,
-        ).unwrap(),
-    );
-
-    /// The IPv4 subnet for Nexus OPTE ports.
-    pub static ref NEXUS_OPTE_IPV4_SUBNET: Ipv4Net =
-        Ipv4Net(Ipv4Network::new(Ipv4Addr::new(172, 30, 2, 0), 24).unwrap());
-
-    /// The IPv6 subnet for Nexus OPTE ports.
-    pub static ref NEXUS_OPTE_IPV6_SUBNET: Ipv6Net = Ipv6Net(
+        )
+        .unwrap(),
+    )
+});
+
+/// The IPv4 subnet for Nexus OPTE ports.
+pub static NEXUS_OPTE_IPV4_SUBNET: Lazy<Ipv4Net> = Lazy::new(|| {
+    Ipv4Net(Ipv4Network::new(Ipv4Addr::new(172, 30, 2, 0), 24).unwrap())
+});
+
+/// The IPv6 subnet for Nexus OPTE ports.
+pub static NEXUS_OPTE_IPV6_SUBNET: Lazy<Ipv6Net> = Lazy::new(|| {
+    Ipv6Net(
         Ipv6Network::new(
             Ipv6Addr::new(0xfd77, 0xe9d2, 0x9cd9, 2, 0, 0, 0, 0),
             Ipv6Net::VPC_SUBNET_IPV6_PREFIX_LENGTH,
-        ).unwrap(),
-    );
-
-    /// The IPv4 subnet for Boundary NTP OPTE ports.
-    pub static ref NTP_OPTE_IPV4_SUBNET: Ipv4Net =
-        Ipv4Net(Ipv4Network::new(Ipv4Addr::new(172, 30, 3, 0), 24).unwrap());
-
-    /// The IPv6 subnet for Boundary NTP OPTE ports.
-    pub static ref NTP_OPTE_IPV6_SUBNET: Ipv6Net = Ipv6Net(
+        )
+        .unwrap(),
+    )
+});
+
+/// The IPv4 subnet for Boundary NTP OPTE ports.
+pub static NTP_OPTE_IPV4_SUBNET: Lazy<Ipv4Net> = Lazy::new(|| {
+    Ipv4Net(Ipv4Network::new(Ipv4Addr::new(172, 30, 3, 0), 24).unwrap())
+});
+
+/// The IPv6 subnet for Boundary NTP OPTE ports.
+pub static NTP_OPTE_IPV6_SUBNET: Lazy<Ipv6Net> = Lazy::new(|| {
+    Ipv6Net(
         Ipv6Network::new(
             Ipv6Addr::new(0xfd77, 0xe9d2, 0x9cd9, 3, 0, 0, 0, 0),
             Ipv6Net::VPC_SUBNET_IPV6_PREFIX_LENGTH,
-        ).unwrap(),
-    );
-}
+        )
+        .unwrap(),
+    )
+});
 
 // Anycast is a mechanism in which a single IP address is shared by multiple
 // devices, and the destination is located based on routing distance.

common/src/api/external/mod.rs

@@ -316,7 +316,7 @@ impl JsonSchema for Name {
                         r#"^"#,
                         // Cannot match a UUID
                         r#"(?![0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$)"#,
-                        r#"^[a-z][a-z0-9-]*[a-zA-Z0-9]*"#,
+                        r#"^[a-z]([a-zA-Z0-9-]*[a-zA-Z0-9]+)?"#,
                         r#"$"#,
                     )
                     .to_string(),

common/tests/output/pagination-schema.txt

@@ -139,7 +139,7 @@ schema for pagination parameters: page selector, scan by name only
       "type": "string",
       "maxLength": 63,
       "minLength": 1,
-      "pattern": "^(?![0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$)^[a-z][a-z0-9-]*[a-zA-Z0-9]*$"
+      "pattern": "^(?![0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$)^[a-z]([a-zA-Z0-9-]*[a-zA-Z0-9]+)?$"
     },
     "NameSortMode": {
       "description": "Supported set of sort modes for scanning by name only\n\nCurrently, we only support scanning in ascending order.",
@@ -228,7 +228,7 @@ schema for pagination parameters: page selector, scan by name or id
       "type": "string",
       "maxLength": 63,
       "minLength": 1,
-      "pattern": "^(?![0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$)^[a-z][a-z0-9-]*[a-zA-Z0-9]*$"
+      "pattern": "^(?![0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$)^[a-z]([a-zA-Z0-9-]*[a-zA-Z0-9]+)?$"
     },
     "NameOrId": {
       "oneOf": [

gateway/Cargo.toml

@@ -7,6 +7,7 @@ license = "MPL-2.0"
 [dependencies]
 anyhow.workspace = true
 base64.workspace = true
+camino.workspace = true
 clap.workspace = true
 dropshot.workspace = true
 futures.workspace = true
@@ -25,6 +26,7 @@ signal-hook.workspace = true
 signal-hook-tokio.workspace = true
 slog.workspace = true
 slog-dtrace.workspace = true
+slog-error-chain.workspace = true
 thiserror.workspace = true
 tokio = { workspace = true, features = ["full"] }
 tokio-stream.workspace = true

gateway/src/bin/mgs.rs

@@ -5,14 +5,14 @@
 //! Executable program to run gateway, the management gateway service
 
 use anyhow::{anyhow, Context};
+use camino::Utf8PathBuf;
 use clap::Parser;
 use futures::StreamExt;
 use omicron_common::cmd::{fatal, CmdError};
 use omicron_gateway::{run_openapi, start_server, Config, MgsArguments};
 use signal_hook::consts::signal;
 use signal_hook_tokio::Signals;
 use std::net::SocketAddrV6;
-use std::path::PathBuf;
 use uuid::Uuid;
 
 #[derive(Debug, Parser)]
@@ -24,7 +24,7 @@ enum Args {
     /// Start an MGS server
     Run {
         #[clap(name = "CONFIG_FILE_PATH", action)]
-        config_file_path: PathBuf,
+        config_file_path: Utf8PathBuf,
 
         /// Read server ID and address(es) for dropshot server from our SMF
         /// properties (only valid when running as a service on illumos)
@@ -81,9 +81,7 @@ async fn do_run() -> Result<(), CmdError> {
             address,
         } => {
             let config = Config::from_file(&config_file_path)
-                .with_context(|| {
-                    format!("failed to parse {}", config_file_path.display())
-                })
+                .map_err(anyhow::Error::new)
                 .map_err(CmdError::Failure)?;
 
             let mut signals = Signals::new([signal::SIGUSR1])