From 6bc5372db5ae50f54344f21f3c3b35c4508e589c Mon Sep 17 00:00:00 2001 From: Ryan Goodfellow Date: Tue, 8 Aug 2023 22:43:06 -0700 Subject: [PATCH] updates for tunnel routing --- .github/buildomat/jobs/deploy.sh | 9 ++++ Cargo.lock | 54 +++++++++++++++----- Cargo.toml | 4 +- clients/ddm-admin-client/src/lib.rs | 18 ++++++- illumos-utils/src/opte/mod.rs | 20 -------- illumos-utils/src/opte/port_manager.rs | 3 -- package-manifest.toml | 12 ++--- sled-agent/src/bootstrap/early_networking.rs | 11 ++++ tools/ci_check_opte_ver.sh | 5 ++ tools/install_opte.sh | 10 ++++ tools/maghemite_ddm_openapi_version | 4 +- tools/maghemite_mg_openapi_version | 2 +- tools/maghemite_mgd_checksums | 4 +- tools/opte_version | 2 +- tools/opte_version_override | 5 ++ 15 files changed, 111 insertions(+), 52 deletions(-) create mode 100644 tools/opte_version_override diff --git a/.github/buildomat/jobs/deploy.sh b/.github/buildomat/jobs/deploy.sh index f4f1e0a9997..7c0cde7d51b 100755 --- a/.github/buildomat/jobs/deploy.sh +++ b/.github/buildomat/jobs/deploy.sh @@ -97,6 +97,15 @@ z_swadm () { pfexec zlogin oxz_switch /opt/oxide/dendrite/bin/swadm $@ } +# XXX remove. This is just to test against a development branch of OPTE in CI. +set +x +OPTE_COMMIT="82ea7ca153442194657cd575693d2a8fcdd68a96" +curl -sSfOL https://buildomat.eng.oxide.computer/public/file/oxidecomputer/opte/module/$OPTE_COMMIT/xde +pfexec rem_drv xde || true +pfexec mv xde /kernel/drv/amd64/xde +pfexec add_drv xde || true +set -x + # # XXX work around 14537 (UFS should not allow directories to be unlinked) which # is probably not yet fixed in xde branch? Once the xde branch merges from diff --git a/Cargo.lock b/Cargo.lock index 85e42458d4a..fef80f25ebc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2781,6 +2781,15 @@ dependencies = [ "byteorder", ] +[[package]] +name = "hash32" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47d60b12902ba28e2730cd37e95b8c9223af2808df9e902d4df49588d1470606" +dependencies = [ + "byteorder", +] + [[package]] name = "hashbrown" version = "0.12.3" @@ -2833,12 +2842,22 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "db04bc24a18b9ea980628ecf00e6c0264f3c1426dac36c00cb49b6fbad8b0743" dependencies = [ "atomic-polyfill", - "hash32", + "hash32 0.2.1", "rustc_version 0.4.0", "spin 0.9.8", "stable_deref_trait", ] +[[package]] +name = "heapless" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bfb9eb618601c89945a70e254898da93b13be0388091d42117462b265bb3fad" +dependencies = [ + "hash32 0.3.1", + "stable_deref_trait", +] + [[package]] name = "heck" version = "0.3.3" @@ -3190,7 +3209,7 @@ dependencies = [ [[package]] name = "illumos-sys-hdrs" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/opte?rev=4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4#4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4" +source = "git+https://github.com/oxidecomputer/opte?rev=82ea7ca153442194657cd575693d2a8fcdd68a96#82ea7ca153442194657cd575693d2a8fcdd68a96" [[package]] name = "illumos-utils" @@ -3597,7 +3616,7 @@ dependencies = [ [[package]] name = "kstat-macro" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/opte?rev=4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4#4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4" +source = "git+https://github.com/oxidecomputer/opte?rev=82ea7ca153442194657cd575693d2a8fcdd68a96#82ea7ca153442194657cd575693d2a8fcdd68a96" dependencies = [ "quote", "syn 2.0.32", @@ -5299,7 +5318,7 @@ dependencies = [ [[package]] name = "opte" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/opte?rev=4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4#4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4" +source = "git+https://github.com/oxidecomputer/opte?rev=82ea7ca153442194657cd575693d2a8fcdd68a96#82ea7ca153442194657cd575693d2a8fcdd68a96" dependencies = [ "cfg-if", "dyn-clone", @@ -5308,26 +5327,26 @@ dependencies = [ "opte-api", "postcard", "serde", - "smoltcp 0.10.0", + "smoltcp 0.11.0", "version_check", ] [[package]] name = "opte-api" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/opte?rev=4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4#4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4" +source = "git+https://github.com/oxidecomputer/opte?rev=82ea7ca153442194657cd575693d2a8fcdd68a96#82ea7ca153442194657cd575693d2a8fcdd68a96" dependencies = [ "illumos-sys-hdrs", "ipnetwork", "postcard", "serde", - "smoltcp 0.10.0", + "smoltcp 0.11.0", ] [[package]] name = "opte-ioctl" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/opte?rev=4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4#4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4" +source = "git+https://github.com/oxidecomputer/opte?rev=82ea7ca153442194657cd575693d2a8fcdd68a96#82ea7ca153442194657cd575693d2a8fcdd68a96" dependencies = [ "libc", "libnet", @@ -5401,12 +5420,14 @@ dependencies = [ [[package]] name = "oxide-vpc" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/opte?rev=4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4#4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4" +source = "git+https://github.com/oxidecomputer/opte?rev=82ea7ca153442194657cd575693d2a8fcdd68a96#82ea7ca153442194657cd575693d2a8fcdd68a96" dependencies = [ + "cfg-if", "illumos-sys-hdrs", "opte", + "poptrie", "serde", - "smoltcp 0.10.0", + "smoltcp 0.11.0", "zerocopy 0.7.31", ] @@ -6023,6 +6044,11 @@ dependencies = [ "universal-hash", ] +[[package]] +name = "poptrie" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/poptrie#11c9ce88bfb950bdac1b5016e37c6aedc5ffd05b" + [[package]] name = "portable-atomic" version = "1.4.3" @@ -7949,21 +7975,21 @@ dependencies = [ "bitflags 1.3.2", "byteorder", "cfg-if", - "heapless", + "heapless 0.7.16", "managed", ] [[package]] name = "smoltcp" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d2e3a36ac8fea7b94e666dfa3871063d6e0a5c9d5d4fec9a1a6b7b6760f0229" +checksum = "5a1a996951e50b5971a2c8c0fa05a381480d70a933064245c4a223ddc87ccc97" dependencies = [ "bitflags 1.3.2", "byteorder", "cfg-if", "defmt", - "heapless", + "heapless 0.8.0", "managed", ] diff --git a/Cargo.toml b/Cargo.toml index f7256ce8b42..8f000cf01a2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -260,7 +260,7 @@ omicron-sled-agent = { path = "sled-agent" } omicron-test-utils = { path = "test-utils" } omicron-zone-package = "0.9.1" oxide-client = { path = "clients/oxide-client" } -oxide-vpc = { git = "https://github.com/oxidecomputer/opte", rev = "4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4", features = [ "api", "std" ] } +oxide-vpc = { git = "https://github.com/oxidecomputer/opte", rev = "82ea7ca153442194657cd575693d2a8fcdd68a96", features = [ "api", "std" ] } once_cell = "1.19.0" openapi-lint = { git = "https://github.com/oxidecomputer/openapi-lint", branch = "main" } openapiv3 = "2.0.0" @@ -268,7 +268,7 @@ openapiv3 = "2.0.0" openssl = "0.10" openssl-sys = "0.9" openssl-probe = "0.1.5" -opte-ioctl = { git = "https://github.com/oxidecomputer/opte", rev = "4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4" } +opte-ioctl = { git = "https://github.com/oxidecomputer/opte", rev = "82ea7ca153442194657cd575693d2a8fcdd68a96" } oso = "0.27" owo-colors = "3.5.0" oximeter = { path = "oximeter/oximeter" } diff --git a/clients/ddm-admin-client/src/lib.rs b/clients/ddm-admin-client/src/lib.rs index 93248c73a15..c32345d1dce 100644 --- a/clients/ddm-admin-client/src/lib.rs +++ b/clients/ddm-admin-client/src/lib.rs @@ -20,7 +20,7 @@ pub use inner::types; pub use inner::Error; use either::Either; -use inner::types::Ipv6Prefix; +use inner::types::{Ipv6Prefix, TunnelOrigin}; use inner::Client as InnerClient; use omicron_common::address::Ipv6Subnet; use omicron_common::address::SLED_PREFIX; @@ -108,6 +108,22 @@ impl Client { }); } + pub fn advertise_tunnel_endpoint(&self, endpoint: TunnelOrigin) { + let me = self.clone(); + tokio::spawn(async move { + retry_notify(retry_policy_internal_service_aggressive(), || async { + me.inner.advertise_tunnel_endpoints(&vec![endpoint.clone()]).await?; + Ok(()) + }, |err, duration| { + info!( + me.log, + "Failed to notify ddmd of tunnel endpoint (retry in {duration:?}"; + "err" => %err, + ); + }).await.unwrap(); + }); + } + /// Returns the addresses of connected sleds. /// /// Note: These sleds have not yet been verified. diff --git a/illumos-utils/src/opte/mod.rs b/illumos-utils/src/opte/mod.rs index 710e7831811..d06b6b26e53 100644 --- a/illumos-utils/src/opte/mod.rs +++ b/illumos-utils/src/opte/mod.rs @@ -29,26 +29,6 @@ pub use oxide_vpc::api::DhcpCfg; pub use oxide_vpc::api::Vni; use std::net::IpAddr; -fn default_boundary_services() -> BoundaryServices { - use oxide_vpc::api::Ipv6Addr; - use oxide_vpc::api::MacAddr; - // TODO-completeness: Don't hardcode any of these values. - // - // Boundary Services will be started on several Sidecars during rack - // setup, and those addresses and VNIs will need to be propagated here. - // See https://github.com/oxidecomputer/omicron/issues/1382 - let ip = Ipv6Addr::from([0xfd00, 0x99, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01]); - - // This MAC address is entirely irrelevant to the functionality of OPTE and - // the Oxide VPC. It's never used to actually forward packets. It only - // represents the "logical" destination of Boundary Services as a - // destination that OPTE as a virtual gateway forwards packets to as its - // next hop. - let mac = MacAddr::from_const([0xa8, 0x40, 0x25, 0xf9, 0x99, 0x99]); - let vni = Vni::new(99_u32).unwrap(); - BoundaryServices { ip, mac, vni } -} - /// Information about the gateway for an OPTE port #[derive(Debug, Clone, Copy)] #[allow(dead_code)] diff --git a/illumos-utils/src/opte/port_manager.rs b/illumos-utils/src/opte/port_manager.rs index 3558ef1c781..c4729965987 100644 --- a/illumos-utils/src/opte/port_manager.rs +++ b/illumos-utils/src/opte/port_manager.rs @@ -4,7 +4,6 @@ //! Manager for all OPTE ports on a Helios system -use crate::opte::default_boundary_services; use crate::opte::opte_firewall_rules; use crate::opte::params::DeleteVirtualNetworkInterfaceHost; use crate::opte::params::SetVirtualNetworkInterfaceHost; @@ -110,7 +109,6 @@ impl PortManager { let subnet = IpNetwork::from(nic.subnet); let vpc_subnet = IpCidr::from(subnet); let gateway = Gateway::from_subnet(&subnet); - let boundary_services = default_boundary_services(); // Describe the external IP addresses for this port. macro_rules! ip_cfg { @@ -219,7 +217,6 @@ impl PortManager { gateway_mac: MacAddr::from(gateway.mac.into_array()), vni, phys_ip: self.inner.underlay_ip.into(), - boundary_services, }; // Create the xde device. diff --git a/package-manifest.toml b/package-manifest.toml index 6bd40c320d7..bcdae8f061f 100644 --- a/package-manifest.toml +++ b/package-manifest.toml @@ -437,10 +437,10 @@ source.repo = "maghemite" # `tools/maghemite_openapi_version`. Failing to do so will cause a failure when # building `ddm-admin-client` (which will instruct you to update # `tools/maghemite_openapi_version`). -source.commit = "2fd39b75df696961e5ea190c7d74dd91f4849cd3" +source.commit = "8f52bcb2086a350e0b68d78a3d2ddf543725c434" # The SHA256 digest is automatically posted to: # https://buildomat.eng.oxide.computer/public/file/oxidecomputer/maghemite/image//maghemite.sha256.txt -source.sha256 = "38851c79c85d53e997db748520fb27c82299ce7e58a550e35646a548498f1271" +source.sha256 = "ddf6221f3c52d1e004252f20ee6b7ddebb336ef4366507a5c04df15ba374abd3" output.type = "tarball" [package.mg-ddm] @@ -453,10 +453,10 @@ source.repo = "maghemite" # `tools/maghemite_openapi_version`. Failing to do so will cause a failure when # building `ddm-admin-client` (which will instruct you to update # `tools/maghemite_openapi_version`). -source.commit = "2fd39b75df696961e5ea190c7d74dd91f4849cd3" +source.commit = "8f52bcb2086a350e0b68d78a3d2ddf543725c434" # The SHA256 digest is automatically posted to: # https://buildomat.eng.oxide.computer/public/file/oxidecomputer/maghemite/image//mg-ddm.sha256.txt -source.sha256 = "8cd94e9a6f6175081ce78f0281085a08a5306cde453d8e21deb28050945b1d88" +source.sha256 = "60dd991acfa9652fb53008a403e37556f1ade92954c4870ea037f15da2c9a655" output.type = "zone" output.intermediate_only = true @@ -468,10 +468,10 @@ source.repo = "maghemite" # `tools/maghemite_openapi_version`. Failing to do so will cause a failure when # building `ddm-admin-client` (which will instruct you to update # `tools/maghemite_openapi_version`). -source.commit = "2fd39b75df696961e5ea190c7d74dd91f4849cd3" +source.commit = "8f52bcb2086a350e0b68d78a3d2ddf543725c434" # The SHA256 digest is automatically posted to: # https://buildomat.eng.oxide.computer/public/file/oxidecomputer/maghemite/image//mg-ddm.sha256.txt -source.sha256 = "802636775fa77dc6eec193e65fde87e403f6a11531745d47ef5e7ff13b242890" +source.sha256 = "289217a149336ec6807566f0726f95e29609d0537710bf769d5277c26483117f" output.type = "zone" output.intermediate_only = true diff --git a/sled-agent/src/bootstrap/early_networking.rs b/sled-agent/src/bootstrap/early_networking.rs index 75958a2f379..44c904950d3 100644 --- a/sled-agent/src/bootstrap/early_networking.rs +++ b/sled-agent/src/bootstrap/early_networking.rs @@ -6,6 +6,7 @@ use anyhow::{anyhow, Context}; use bootstore::schemes::v0 as bootstore; +use ddm_admin_client::types::{IpPrefix, Ipv4Prefix, TunnelOrigin}; use ddm_admin_client::{Client as DdmAdminClient, DdmError}; use dpd_client::types::{Ipv6Entry, RouteSettingsV6}; use dpd_client::types::{ @@ -459,7 +460,17 @@ impl<'a> EarlyNetworkSetup<'a> { let ddmd_addr = SocketAddrV6::new(switch_zone_underlay_ip, DDMD_PORT, 0, 0); let ddmd_client = DdmAdminClient::new(&self.log, ddmd_addr)?; + ddmd_client.advertise_prefix(Ipv6Subnet::new(ipv6_entry.addr)); + + ddmd_client.advertise_tunnel_endpoint(TunnelOrigin { + overlay_prefix: IpPrefix::V4(Ipv4Prefix { + addr: Ipv4Addr::UNSPECIFIED, + len: 0, + }), + boundary_addr: ipv6_entry.addr, + vni: 99, + }); } let mgd = MgdClient::new( diff --git a/tools/ci_check_opte_ver.sh b/tools/ci_check_opte_ver.sh index 26382690e1a..7f05ec1f363 100755 --- a/tools/ci_check_opte_ver.sh +++ b/tools/ci_check_opte_ver.sh @@ -1,6 +1,11 @@ #!/bin/bash set -euo pipefail +source tools/opte_version_override +if [[ "x$OPTE_COMMIT" != "x" ]]; then + exit 0 +fi + # Grab all the oxidecomputer/opte dependencies' revisions readarray -t opte_deps_revs < <(toml get Cargo.toml workspace.dependencies | jq -r 'to_entries | .[] | select(.value.git? | contains("oxidecomputer/opte")?) | .value.rev') OPTE_REV="${opte_deps_revs[0]}" diff --git a/tools/install_opte.sh b/tools/install_opte.sh index 20a33b05a5b..b572c305a73 100755 --- a/tools/install_opte.sh +++ b/tools/install_opte.sh @@ -97,3 +97,13 @@ if [[ "$RC" -ne 0 ]]; then echo "The \`opteadm\` administration tool is not on your path." echo "You may add \"/opt/oxide/opte/bin\" to your path to access it." fi + +source $OMICRON_TOP/tools/opte_version_override + +if [[ "x$OPTE_COMMIT" != "x" ]]; then + set +x + curl -fOL https://buildomat.eng.oxide.computer/public/file/oxidecomputer/opte/module/$OPTE_COMMIT/xde + pfexec rem_drv xde || true + pfexec mv xde /kernel/drv/amd64/xde + pfexec add_drv xde || true +fi diff --git a/tools/maghemite_ddm_openapi_version b/tools/maghemite_ddm_openapi_version index 37c099d7f5e..e2d7e4852b8 100644 --- a/tools/maghemite_ddm_openapi_version +++ b/tools/maghemite_ddm_openapi_version @@ -1,2 +1,2 @@ -COMMIT="2fd39b75df696961e5ea190c7d74dd91f4849cd3" -SHA2="9737906555a60911636532f00f1dc2866dc7cd6553beb106e9e57beabad41cdf" +COMMIT="8f52bcb2086a350e0b68d78a3d2ddf543725c434" +SHA2="0b0dbc2f8bbc5d2d9be92d64c4865f8f9335355aae62f7de9f67f81dfb3f1803" diff --git a/tools/maghemite_mg_openapi_version b/tools/maghemite_mg_openapi_version index 329c05fc424..82c7394c4ea 100644 --- a/tools/maghemite_mg_openapi_version +++ b/tools/maghemite_mg_openapi_version @@ -1,2 +1,2 @@ -COMMIT="2fd39b75df696961e5ea190c7d74dd91f4849cd3" +COMMIT="8f52bcb2086a350e0b68d78a3d2ddf543725c434" SHA2="931efa310d972b1f8afba2308751fc6a2035afbaebba77b3a40a8358c123ba3c" diff --git a/tools/maghemite_mgd_checksums b/tools/maghemite_mgd_checksums index 1d3cf98f94b..19971a0da7f 100644 --- a/tools/maghemite_mgd_checksums +++ b/tools/maghemite_mgd_checksums @@ -1,2 +1,2 @@ -CIDL_SHA256="802636775fa77dc6eec193e65fde87e403f6a11531745d47ef5e7ff13b242890" -MGD_LINUX_SHA256="1bcadfd700902e3640843e0bb53d3defdbcd8d86c3279efa0953ae8d6437e2b0" \ No newline at end of file +CIDL_SHA256="289217a149336ec6807566f0726f95e29609d0537710bf769d5277c26483117f" +MGD_LINUX_SHA256="4a9bcaa1eb8d84627bf18c653448ad9a84aab098a27288b56a1fcab04d891754" \ No newline at end of file diff --git a/tools/opte_version b/tools/opte_version index 619a109b350..c3182755542 100644 --- a/tools/opte_version +++ b/tools/opte_version @@ -1 +1 @@ -0.27.202 +0.28.211 diff --git a/tools/opte_version_override b/tools/opte_version_override new file mode 100644 index 00000000000..1af94a3c6a0 --- /dev/null +++ b/tools/opte_version_override @@ -0,0 +1,5 @@ +#!/bin/bash + +# only set this if you want to override the version of opte/xde installed by the +# install_opte.sh script +OPTE_COMMIT="fe70f180be97553d5e41e3f5272c74ff252a5190"