Merge branch 'main' into dap/nexus-inventory-2

oxidecomputer · Oct 30, 2023 · 376a37b · 376a37b
2 parents eac3319 + 561f545
commit 376a37b
Show file tree

Hide file tree

Showing 219 changed files with 14,964 additions and 4,364 deletions.
diff --git a/.envrc b/.envrc
@@ -4,3 +4,4 @@
 PATH_add out/cockroachdb/bin
 PATH_add out/clickhouse
 PATH_add out/dendrite-stub/bin
+PATH_add out/mgd/root/opt/oxide/mgd/bin
diff --git a/.github/buildomat/build-and-test.sh b/.github/buildomat/build-and-test.sh
@@ -69,7 +69,7 @@ ptime -m timeout 1h cargo test --doc --locked --verbose --no-fail-fast
 # We expect the seed CRDB to be placed here, so we explicitly remove it so the
 # rmdir check below doesn't get triggered. Nextest doesn't have support for
 # teardown scripts so this is the best we've got.
-rm -rf "$TEST_TMPDIR/crdb-base"
+rm -rf "$TEST_TMPDIR/crdb-base"*
 
 #
 # Make sure that we have left nothing around in $TEST_TMPDIR.  The easiest way

diff --git a/.github/buildomat/jobs/build-and-test-linux.sh b/.github/buildomat/jobs/build-and-test-linux.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 #:
-#: name = "build-and-test (ubuntu-20.04)"
+#: name = "build-and-test (ubuntu-22.04)"
 #: variety = "basic"
-#: target = "ubuntu-20.04"
+#: target = "ubuntu-22.04"
 #: rust_toolchain = "1.72.1"
 #: output_rules = [
 #:	"/var/tmp/omicron_tmp/*",

diff --git a/.github/buildomat/jobs/clippy.sh b/.github/buildomat/jobs/clippy.sh
@@ -29,3 +29,4 @@ ptime -m bash ./tools/install_builder_prerequisites.sh -y
 
 banner clippy
 ptime -m cargo xtask clippy
+ptime -m cargo doc
diff --git a/.github/buildomat/jobs/deploy.sh b/.github/buildomat/jobs/deploy.sh
@@ -2,7 +2,7 @@
 #:
 #: name = "helios / deploy"
 #: variety = "basic"
-#: target = "lab-2.0-opte-0.23"
+#: target = "lab-2.0-opte-0.25"
 #: output_rules = [
 #:  "%/var/svc/log/oxide-sled-agent:default.log*",
 #:  "%/pool/ext/*/crypt/zone/oxz_*/root/var/svc/log/oxide-*.log*",
@@ -232,11 +232,11 @@ infra_ip_first = \"$UPLINK_IP\"
 		/^infra_ip_last/c\\
 infra_ip_last = \"$UPLINK_IP\"
 	}
-	/^\\[\\[rack_network_config.uplinks/,/^\$/ {
-		/^gateway_ip/c\\
-gateway_ip = \"$GATEWAY_IP\"
-		/^uplink_cidr/c\\
-uplink_cidr = \"$UPLINK_IP/32\"
+	/^\\[\\[rack_network_config.ports/,/^\$/ {
+		/^routes/c\\
+routes = \\[{nexthop = \"$GATEWAY_IP\", destination = \"0.0.0.0/0\"}\\]
+		/^addresses/c\\
+addresses = \\[\"$UPLINK_IP/32\"\\]
 	}
 " pkg/config-rss.toml
 diff -u pkg/config-rss.toml{~,} || true

diff --git a/.github/buildomat/jobs/host-image.sh b/.github/buildomat/jobs/host-image.sh
@@ -1,11 +1,12 @@
 #!/bin/bash
 #:
-#: name = "helios / build OS image"
+#: name = "helios / build OS images"
 #: variety = "basic"
 #: target = "helios-2.0"
 #: rust_toolchain = "1.72.1"
 #: output_rules = [
-#:	"=/work/helios/image/output/os.tar.gz",
+#:	"=/work/helios/upload/os-host.tar.gz",
+#:	"=/work/helios/upload/os-trampoline.tar.gz",
 #: ]
 #: access_repos = [
 #:	"oxidecomputer/amd-apcb",
@@ -44,14 +45,49 @@ TOP=$PWD
 
 source "$TOP/tools/include/force-git-over-https.sh"
 
-# Checkout helios at a pinned commit into /work/helios
-git clone https://github.com/oxidecomputer/helios.git /work/helios
-cd /work/helios
+# Check out helios into /work/helios
+HELIOSDIR=/work/helios
+git clone https://github.com/oxidecomputer/helios.git "$HELIOSDIR"
+cd "$HELIOSDIR"
+# Record the branch and commit in the output
+git status --branch --porcelain=2
+# Setting BUILD_OS to no makes setup skip repositories we don't need for
+# building the OS itself (we are just building an image from already built OS).
+BUILD_OS=no gmake setup
+
+# Commands that "helios-build" would ask us to run (either explicitly or
+# implicitly, to avoid an error).
+rc=0
+pfexec pkg install -q /system/zones/brand/omicron1/tools || rc=$?
+case $rc in
+    # `man pkg` notes that exit code 4 means no changes were made because
+    # there is nothing to do; that's fine. Any other exit code is an error.
+    0 | 4) ;;
+    *) exit $rc ;;
+esac
+
+pfexec zfs create -p "rpool/images/$USER"
+
 
 # TODO: Consider importing zones here too?
 
 cd "$TOP"
+OUTPUTDIR="$HELIOSDIR/upload"
+mkdir "$OUTPUTDIR"
+
+banner OS
 ./tools/build-host-image.sh -B \
     -S /input/package/work/zones/switch-asic.tar.gz \
-    /work/helios \
+    "$HELIOSDIR" \
     /input/package/work/global-zone-packages.tar.gz
+
+mv "$HELIOSDIR/image/output/os.tar.gz" "$OUTPUTDIR/os-host.tar.gz"
+
+banner Trampoline
+
+./tools/build-host-image.sh -R \
+    "$HELIOSDIR" \
+    /input/package/work/trampoline-global-zone-packages.tar.gz
+
+mv "$HELIOSDIR/image/output/os.tar.gz" "$OUTPUTDIR/os-trampoline.tar.gz"
+
diff --git a/.github/buildomat/jobs/package.sh b/.github/buildomat/jobs/package.sh
@@ -37,7 +37,7 @@ rustc --version
 # trampoline global zone images.
 #
 COMMIT=$(git rev-parse HEAD)
-VERSION="1.0.2-0.ci+git${COMMIT:0:11}"
+VERSION="1.0.3-0.ci+git${COMMIT:0:11}"
 echo "$VERSION" >/work/version.txt
 
 ptime -m ./tools/install_builder_prerequisites.sh -yp
@@ -71,7 +71,7 @@ tarball_src_dir="$(pwd)/out/versioned"
 stamp_packages() {
 	for package in "$@"; do
 		# TODO: remove once https://github.com/oxidecomputer/omicron-package/pull/54 lands
-		if [[ $package == maghemite ]]; then
+		if [[ $package == mg-ddm-gz ]]; then
 			echo "0.0.0" > VERSION
 			tar rvf "out/$package.tar" VERSION
 			rm VERSION
@@ -90,7 +90,7 @@ ptime -m cargo run --locked --release --bin omicron-package -- \
   -t host target create -i standard -m gimlet -s asic -r multi-sled
 ptime -m cargo run --locked --release --bin omicron-package -- \
   -t host package
-stamp_packages omicron-sled-agent maghemite propolis-server overlay
+stamp_packages omicron-sled-agent mg-ddm-gz propolis-server overlay
 
 # Create global zone package @ /work/global-zone-packages.tar.gz
 ptime -m ./tools/build-global-zone-packages.sh "$tarball_src_dir" /work
@@ -135,7 +135,7 @@ ptime -m cargo run --locked --release --bin omicron-package -- \
   -t recovery target create -i trampoline
 ptime -m cargo run --locked --release --bin omicron-package -- \
   -t recovery package
-stamp_packages installinator maghemite
+stamp_packages installinator mg-ddm-gz
 
 # Create trampoline global zone package @ /work/trampoline-global-zone-packages.tar.gz
 ptime -m ./tools/build-trampoline-global-zone-packages.sh "$tarball_src_dir" /work
diff --git a/.github/buildomat/jobs/trampoline-image.sh b/.github/buildomat/jobs/trampoline-image.sh
diff --git a/.github/buildomat/jobs/tuf-repo.sh b/.github/buildomat/jobs/tuf-repo.sh
@@ -19,10 +19,22 @@
 #: job = "helios / package"
 #:
 #: [dependencies.host]
-#: job = "helios / build OS image"
+#: job = "helios / build OS images"
 #:
-#: [dependencies.trampoline]
-#: job = "helios / build trampoline OS image"
+#: [[publish]]
+#: series = "rot-all"
+#: name = "repo.zip.parta"
+#: from_output = "/work/repo-rot-all.zip.parta"
+#:
+#: [[publish]]
+#: series = "rot-all"
+#: name = "repo.zip.partb"
+#: from_output = "/work/repo-rot-all.zip.partb"
+#:
+#: [[publish]]
+#: series = "rot-all"
+#: name = "repo.zip.sha256.txt"
+#: from_output = "/work/repo-rot-all.zip.sha256.txt"
 #:
 #: [[publish]]
 #: series = "rot-prod-rel"
@@ -124,7 +136,7 @@ name = "$kind"
 version = "$VERSION"
 [artifact.$kind.source]
 kind = "file"
-path = "/input/$kind/work/helios/image/output/os.tar.gz"
+path = "/input/host/work/helios/upload/os-$kind.tar.gz"
 EOF
 done
 
@@ -168,6 +180,38 @@ caboose_util_rot() {
 }
 
 SERIES_LIST=()
+
+# Create an initial `manifest-rot-all.toml` containing the SP images for all
+# boards. While we still need to build multiple TUF repos,
+# `add_hubris_artifacts` below will append RoT images to this manifest (in
+# addition to the single-RoT manifest it creates).
+prep_rot_all_series() {
+    series="rot-all"
+
+    SERIES_LIST+=("$series")
+
+    manifest=/work/manifest-$series.toml
+    cp /work/manifest.toml "$manifest"
+
+    for board_rev in "${ALL_BOARDS[@]}"; do
+        board=${board_rev%-?}
+        tufaceous_board=${board//sidecar/switch}
+        sp_image="/work/hubris/${board_rev}.zip"
+        sp_caboose_version=$(/work/caboose-util read-version "$sp_image")
+        sp_caboose_board=$(/work/caboose-util read-board "$sp_image")
+
+        cat >>"$manifest" <<EOF
+[[artifact.${tufaceous_board}_sp]]
+name = "$sp_caboose_board"
+version = "$sp_caboose_version"
+[artifact.${tufaceous_board}_sp.source]
+kind = "file"
+path = "$sp_image"
+EOF
+    done
+}
+prep_rot_all_series
+
 add_hubris_artifacts() {
     series="$1"
     rot_dir="$2"
@@ -177,6 +221,7 @@ add_hubris_artifacts() {
     SERIES_LIST+=("$series")
 
     manifest=/work/manifest-$series.toml
+    manifest_rot_all=/work/manifest-rot-all.toml
     cp /work/manifest.toml "$manifest"
 
     for board in gimlet psc sidecar; do
@@ -198,6 +243,20 @@ path = "$rot_image_a"
 [artifact.${tufaceous_board}_rot.source.archive_b]
 kind = "file"
 path = "$rot_image_b"
+EOF
+
+        cat >>"$manifest_rot_all" <<EOF
+[[artifact.${tufaceous_board}_rot]]
+name = "$rot_caboose_board-${rot_dir//\//-}"
+version = "$rot_caboose_version"
+[artifact.${tufaceous_board}_rot.source]
+kind = "composite-rot"
+[artifact.${tufaceous_board}_rot.source.archive_a]
+kind = "file"
+path = "$rot_image_a"
+[artifact.${tufaceous_board}_rot.source.archive_b]
+kind = "file"
+path = "$rot_image_b"
 EOF
     done
 
@@ -220,7 +279,7 @@ EOF
 }
 # usage:              SERIES           ROT_DIR      ROT_VERSION              BOARDS...
 add_hubris_artifacts  rot-staging-dev  staging/dev  cert-staging-dev-v1.0.2  "${ALL_BOARDS[@]}"
-add_hubris_artifacts  rot-prod-rel     prod/rel     cert-prod-rel-v1.0.0     "${ALL_BOARDS[@]}"
+add_hubris_artifacts  rot-prod-rel     prod/rel     cert-prod-rel-v1.0.2     "${ALL_BOARDS[@]}"
 
 for series in "${SERIES_LIST[@]}"; do
     /work/tufaceous assemble --no-generate-key /work/manifest-"$series".toml /work/repo-"$series".zip

diff --git a/.github/renovate.json b/.github/renovate.json
@@ -4,6 +4,6 @@
     "local>oxidecomputer/renovate-config",
     "local>oxidecomputer/renovate-config//rust/autocreate",
     "local>oxidecomputer/renovate-config:post-upgrade",
-    "helpers:pinGitHubActionDigests"
+    "local>oxidecomputer/renovate-config//actions/pin"
   ]
 }
diff --git a/.github/workflows/check-opte-ver.yml b/.github/workflows/check-opte-ver.yml
@@ -9,7 +9,7 @@ jobs:
   check-opte-ver:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: Install jq
         run: sudo apt-get install -y jq
       - name: Install toml-cli

diff --git a/.github/workflows/check-workspace-deps.yml b/.github/workflows/check-workspace-deps.yml
@@ -10,6 +10,6 @@ jobs:
   check-workspace-deps:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: Check Workspace Dependencies
         run: cargo xtask check-workspace-deps
diff --git a/.github/workflows/hakari.yml b/.github/workflows/hakari.yml
@@ -17,12 +17,12 @@ jobs:
     env:
       RUSTFLAGS: -D warnings
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
       - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1
         with:
           toolchain: stable
       - name: Install cargo-hakari
-        uses: taiki-e/install-action@e659bf85ee986e37e35cc1c53bfeebe044d8133e # v2
+        uses: taiki-e/install-action@f860c89ccbfa08ae7bc92502c27ab631f48b8f9d # v2
         with:
           tool: cargo-hakari
       - name: Check workspace-hack Cargo.toml is up-to-date
Original file line number	Diff line number	Diff line change
Expand Up		@@ -29,3 +29,4 @@ ptime -m bash ./tools/install_builder_prerequisites.sh -y

		banner clippy
		ptime -m cargo xtask clippy
		ptime -m cargo doc