Skip to content

Commit

Permalink
Connect over the bootstrap network using sprockets_tls
Browse files Browse the repository at this point in the history
This uses the certificates/keys in the RoT as the basis for
TLS sessions
  • Loading branch information
labbott committed Sep 17, 2024
1 parent 2f8c17b commit a4ce8b1
Show file tree
Hide file tree
Showing 23 changed files with 804 additions and 53 deletions.
139 changes: 130 additions & 9 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -570,6 +570,7 @@ slog-term = "2.9.1"
smf = "0.2"
socket2 = { version = "0.5", features = ["all"] }
sp-sim = { path = "sp-sim" }
sprockets-tls = { git = "https://github.com/oxidecomputer/sprockets.git", rev = "cc13773832df1e38257cdc511adfaad72954bbe1" }
sqlformat = "0.2.4"
sqlparser = { version = "0.45.0", features = [ "visitor" ] }
static_assertions = "1.1.0"
Expand Down
1 change: 1 addition & 0 deletions sled-agent/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ slog-async.workspace = true
slog-dtrace.workspace = true
slog-term.workspace = true
smf.workspace = true
sprockets-tls.workspace = true
strum.workspace = true
tar.workspace = true
thiserror.workspace = true
Expand Down
26 changes: 19 additions & 7 deletions sled-agent/src/bootstrap/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,14 @@ use crate::bootstrap::views::Response;
use crate::bootstrap::views::ResponseEnvelope;
use sled_agent_types::sled::StartSledAgentRequest;
use slog::Logger;
use sprockets_tls::client::Client as SprocketsClient;
use sprockets_tls::keys::SprocketsConfig;
use std::borrow::Cow;
use std::io;
use std::net::SocketAddrV6;
use thiserror::Error;
use tokio::io::AsyncReadExt;
use tokio::io::AsyncWriteExt;
use tokio::net::TcpStream;

#[derive(Debug, Error)]
pub enum Error {
Expand Down Expand Up @@ -67,12 +68,17 @@ pub enum Error {
/// bootstrap agent.
pub(crate) struct Client {
addr: SocketAddrV6,
_log: Logger,
log: Logger,
sprockets_conf: SprocketsConfig,
}

impl Client {
pub(crate) fn new(addr: SocketAddrV6, _log: Logger) -> Self {
Self { addr, _log }
pub(crate) fn new(
addr: SocketAddrV6,
sprockets_conf: SprocketsConfig,
log: Logger,
) -> Self {
Self { addr, sprockets_conf, log }
}

/// Start sled agent by sending an initialization request determined from
Expand Down Expand Up @@ -100,10 +106,16 @@ impl Client {
// far larger than we ever expect to see.
const MAX_RESPONSE_LEN: u32 = 16 << 20;

let log = self.log.new(o!("component" => "SledAgentSprocketsClient"));
// Establish connection and sprockets connection (if possible).
let stream = TcpStream::connect(self.addr)
.await
.map_err(|err| Error::Connect { addr: self.addr, err })?;
// The sprockets client loads the associated root certificates at this point.
let stream = SprocketsClient::connect(
self.sprockets_conf.clone(),
self.addr,
log.clone(),
)
.await
.unwrap();

let mut stream = Box::new(tokio::io::BufStream::new(stream));

Expand Down
9 changes: 8 additions & 1 deletion sled-agent/src/bootstrap/http_entrypoints.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ use sled_agent_types::rack_ops::RackOperationStatus;
use sled_hardware_types::Baseboard;
use sled_storage::manager::StorageHandle;
use slog::Logger;
use sprockets_tls::keys::SprocketsConfig;
use std::net::Ipv6Addr;
use tokio::sync::mpsc::error::TrySendError;
use tokio::sync::{mpsc, oneshot};
Expand All @@ -43,6 +44,7 @@ pub(crate) struct BootstrapServerContext {
pub(crate) updates: ConfigUpdates,
pub(crate) sled_reset_tx:
mpsc::Sender<oneshot::Sender<Result<(), BootstrapError>>>,
pub(crate) sprockets: SprocketsConfig,
}

impl BootstrapServerContext {
Expand All @@ -52,6 +54,7 @@ impl BootstrapServerContext {
) -> Result<RackInitUuid, RssAccessError> {
self.rss_access.start_initializing(
&self.base_log,
self.sprockets.clone(),
self.global_zone_bootstrap_ip,
&self.storage_manager,
&self.bootstore_node_handle,
Expand Down Expand Up @@ -116,7 +119,11 @@ impl BootstrapAgentApi for BootstrapAgentImpl {
let ctx = rqctx.context();
let id = ctx
.rss_access
.start_reset(&ctx.base_log, ctx.global_zone_bootstrap_ip)
.start_reset(
&ctx.base_log,
ctx.sprockets.clone(),
ctx.global_zone_bootstrap_ip,
)
.map_err(|err| HttpError::for_bad_request(None, err.to_string()))?;
Ok(HttpResponseOk(id))
}
Expand Down
Loading

0 comments on commit a4ce8b1

Please sign in to comment.