Skip to content

Commit

Permalink
updates for tunnel routing
Browse files Browse the repository at this point in the history
  • Loading branch information
rcgoodfellow committed Jan 9, 2024
1 parent 688167a commit ad77df0
Show file tree
Hide file tree
Showing 15 changed files with 112 additions and 51 deletions.
9 changes: 9 additions & 0 deletions .github/buildomat/jobs/deploy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,15 @@ z_swadm () {
pfexec zlogin oxz_switch /opt/oxide/dendrite/bin/swadm $@
}

# XXX remove. This is just to test against a development branch of OPTE in CI.
set +x
OPTE_COMMIT="82ea7ca153442194657cd575693d2a8fcdd68a96"
curl -sSfOL https://buildomat.eng.oxide.computer/public/file/oxidecomputer/opte/module/$OPTE_COMMIT/xde
pfexec rem_drv xde || true
pfexec mv xde /kernel/drv/amd64/xde
pfexec add_drv xde || true
set -x

#
# XXX work around 14537 (UFS should not allow directories to be unlinked) which
# is probably not yet fixed in xde branch? Once the xde branch merges from
Expand Down
54 changes: 40 additions & 14 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -261,15 +261,15 @@ omicron-sled-agent = { path = "sled-agent" }
omicron-test-utils = { path = "test-utils" }
omicron-zone-package = "0.9.1"
oxide-client = { path = "clients/oxide-client" }
oxide-vpc = { git = "https://github.com/oxidecomputer/opte", rev = "4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4", features = [ "api", "std" ] }
oxide-vpc = { git = "https://github.com/oxidecomputer/opte", rev = "760aaeec54c86897d37168ff4bd73fb7d343f9f4", features = [ "api", "std" ] }
once_cell = "1.19.0"
openapi-lint = { git = "https://github.com/oxidecomputer/openapi-lint", branch = "main" }
openapiv3 = "2.0.0"
# must match samael's crate!
openssl = "0.10"
openssl-sys = "0.9"
openssl-probe = "0.1.5"
opte-ioctl = { git = "https://github.com/oxidecomputer/opte", rev = "4e6e6ab6379fa4bc40f5d0c7340b9f35c45ad6e4" }
opte-ioctl = { git = "https://github.com/oxidecomputer/opte", rev = "760aaeec54c86897d37168ff4bd73fb7d343f9f4" }
oso = "0.27"
owo-colors = "3.5.0"
oximeter = { path = "oximeter/oximeter" }
Expand Down
18 changes: 17 additions & 1 deletion clients/ddm-admin-client/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ pub use inner::types;
pub use inner::Error;

use either::Either;
use inner::types::Ipv6Prefix;
use inner::types::{Ipv6Prefix, TunnelOrigin};
use inner::Client as InnerClient;
use omicron_common::address::Ipv6Subnet;
use omicron_common::address::SLED_PREFIX;
Expand Down Expand Up @@ -108,6 +108,22 @@ impl Client {
});
}

pub fn advertise_tunnel_endpoint(&self, endpoint: TunnelOrigin) {
let me = self.clone();
tokio::spawn(async move {
retry_notify(retry_policy_internal_service_aggressive(), || async {
me.inner.advertise_tunnel_endpoints(&vec![endpoint.clone()]).await?;
Ok(())
}, |err, duration| {
info!(
me.log,
"Failed to notify ddmd of tunnel endpoint (retry in {duration:?}";
"err" => %err,
);
}).await.unwrap();
});
}

/// Returns the addresses of connected sleds.
///
/// Note: These sleds have not yet been verified.
Expand Down
20 changes: 0 additions & 20 deletions illumos-utils/src/opte/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,26 +29,6 @@ pub use oxide_vpc::api::DhcpCfg;
pub use oxide_vpc::api::Vni;
use std::net::IpAddr;

fn default_boundary_services() -> BoundaryServices {
use oxide_vpc::api::Ipv6Addr;
use oxide_vpc::api::MacAddr;
// TODO-completeness: Don't hardcode any of these values.
//
// Boundary Services will be started on several Sidecars during rack
// setup, and those addresses and VNIs will need to be propagated here.
// See https://github.com/oxidecomputer/omicron/issues/1382
let ip = Ipv6Addr::from([0xfd00, 0x99, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01]);

// This MAC address is entirely irrelevant to the functionality of OPTE and
// the Oxide VPC. It's never used to actually forward packets. It only
// represents the "logical" destination of Boundary Services as a
// destination that OPTE as a virtual gateway forwards packets to as its
// next hop.
let mac = MacAddr::from_const([0xa8, 0x40, 0x25, 0xf9, 0x99, 0x99]);
let vni = Vni::new(99_u32).unwrap();
BoundaryServices { ip, mac, vni }
}

/// Information about the gateway for an OPTE port
#[derive(Debug, Clone, Copy)]
#[allow(dead_code)]
Expand Down
3 changes: 0 additions & 3 deletions illumos-utils/src/opte/port_manager.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@

//! Manager for all OPTE ports on a Helios system
use crate::opte::default_boundary_services;
use crate::opte::opte_firewall_rules;
use crate::opte::params::DeleteVirtualNetworkInterfaceHost;
use crate::opte::params::SetVirtualNetworkInterfaceHost;
Expand Down Expand Up @@ -110,7 +109,6 @@ impl PortManager {
let subnet = IpNetwork::from(nic.subnet);
let vpc_subnet = IpCidr::from(subnet);
let gateway = Gateway::from_subnet(&subnet);
let boundary_services = default_boundary_services();

// Describe the external IP addresses for this port.
macro_rules! ip_cfg {
Expand Down Expand Up @@ -219,7 +217,6 @@ impl PortManager {
gateway_mac: MacAddr::from(gateway.mac.into_array()),
vni,
phys_ip: self.inner.underlay_ip.into(),
boundary_services,
};

// Create the xde device.
Expand Down
12 changes: 6 additions & 6 deletions package-manifest.toml
Original file line number Diff line number Diff line change
Expand Up @@ -437,10 +437,10 @@ source.repo = "maghemite"
# `tools/maghemite_openapi_version`. Failing to do so will cause a failure when
# building `ddm-admin-client` (which will instruct you to update
# `tools/maghemite_openapi_version`).
source.commit = "2fd39b75df696961e5ea190c7d74dd91f4849cd3"
source.commit = "17a81abad29bc75b499422e6227fb6044da6b467"
# The SHA256 digest is automatically posted to:
# https://buildomat.eng.oxide.computer/public/file/oxidecomputer/maghemite/image/<commit>/maghemite.sha256.txt
source.sha256 = "38851c79c85d53e997db748520fb27c82299ce7e58a550e35646a548498f1271"
source.sha256 = "200f951a155a0603b3ade8c6f00495e407d88d0648f6dc6747dcf340d38dbf07"
output.type = "tarball"

[package.mg-ddm]
Expand All @@ -453,10 +453,10 @@ source.repo = "maghemite"
# `tools/maghemite_openapi_version`. Failing to do so will cause a failure when
# building `ddm-admin-client` (which will instruct you to update
# `tools/maghemite_openapi_version`).
source.commit = "2fd39b75df696961e5ea190c7d74dd91f4849cd3"
source.commit = "17a81abad29bc75b499422e6227fb6044da6b467"
# The SHA256 digest is automatically posted to:
# https://buildomat.eng.oxide.computer/public/file/oxidecomputer/maghemite/image/<commit>/mg-ddm.sha256.txt
source.sha256 = "8cd94e9a6f6175081ce78f0281085a08a5306cde453d8e21deb28050945b1d88"
source.sha256 = "989ccd4a14b63fbfc651c3df5c80201af800905dda18aa21159fa3d88ce4b39b"
output.type = "zone"
output.intermediate_only = true

Expand All @@ -468,10 +468,10 @@ source.repo = "maghemite"
# `tools/maghemite_openapi_version`. Failing to do so will cause a failure when
# building `ddm-admin-client` (which will instruct you to update
# `tools/maghemite_openapi_version`).
source.commit = "2fd39b75df696961e5ea190c7d74dd91f4849cd3"
source.commit = "17a81abad29bc75b499422e6227fb6044da6b467"
# The SHA256 digest is automatically posted to:
# https://buildomat.eng.oxide.computer/public/file/oxidecomputer/maghemite/image/<commit>/mg-ddm.sha256.txt
source.sha256 = "802636775fa77dc6eec193e65fde87e403f6a11531745d47ef5e7ff13b242890"
source.sha256 = "696ffe650544ab878ab8126a00ae7addfd98c7cf764b2f60043bf6e0271deabc"
output.type = "zone"
output.intermediate_only = true

Expand Down
11 changes: 11 additions & 0 deletions sled-agent/src/bootstrap/early_networking.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
use anyhow::{anyhow, Context};
use bootstore::schemes::v0 as bootstore;
use ddm_admin_client::types::{IpPrefix, Ipv4Prefix, TunnelOrigin};
use ddm_admin_client::{Client as DdmAdminClient, DdmError};
use dpd_client::types::{Ipv6Entry, RouteSettingsV6};
use dpd_client::types::{
Expand Down Expand Up @@ -459,7 +460,17 @@ impl<'a> EarlyNetworkSetup<'a> {
let ddmd_addr =
SocketAddrV6::new(switch_zone_underlay_ip, DDMD_PORT, 0, 0);
let ddmd_client = DdmAdminClient::new(&self.log, ddmd_addr)?;

ddmd_client.advertise_prefix(Ipv6Subnet::new(ipv6_entry.addr));

ddmd_client.advertise_tunnel_endpoint(TunnelOrigin {
overlay_prefix: IpPrefix::V4(Ipv4Prefix {
addr: Ipv4Addr::UNSPECIFIED,
len: 0,
}),
boundary_addr: ipv6_entry.addr,
vni: 99,
});
}

let mgd = MgdClient::new(
Expand Down
2 changes: 2 additions & 0 deletions test-utils/src/dev/maghemite.rs
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ impl MgdInstance {
"--no-bgp-dispatcher".into(),
"--data-dir".into(),
temp_dir.path().display().to_string(),
"--tep".into(),
"fd00:99::1".into(),
];

let child = tokio::process::Command::new("mgd")
Expand Down
5 changes: 5 additions & 0 deletions tools/ci_check_opte_ver.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
#!/bin/bash
set -euo pipefail

source tools/opte_version_override
if [[ "x$OPTE_COMMIT" != "x" ]]; then
exit 0
fi

# Grab all the oxidecomputer/opte dependencies' revisions
readarray -t opte_deps_revs < <(toml get Cargo.toml workspace.dependencies | jq -r 'to_entries | .[] | select(.value.git? | contains("oxidecomputer/opte")?) | .value.rev')
OPTE_REV="${opte_deps_revs[0]}"
Expand Down
10 changes: 10 additions & 0 deletions tools/install_opte.sh
Original file line number Diff line number Diff line change
Expand Up @@ -97,3 +97,13 @@ if [[ "$RC" -ne 0 ]]; then
echo "The \`opteadm\` administration tool is not on your path."
echo "You may add \"/opt/oxide/opte/bin\" to your path to access it."
fi

source $OMICRON_TOP/tools/opte_version_override

if [[ "x$OPTE_COMMIT" != "x" ]]; then
set +x
curl -fOL https://buildomat.eng.oxide.computer/public/file/oxidecomputer/opte/module/$OPTE_COMMIT/xde
pfexec rem_drv xde || true
pfexec mv xde /kernel/drv/amd64/xde
pfexec add_drv xde || true
fi
4 changes: 2 additions & 2 deletions tools/maghemite_ddm_openapi_version
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
COMMIT="2fd39b75df696961e5ea190c7d74dd91f4849cd3"
SHA2="9737906555a60911636532f00f1dc2866dc7cd6553beb106e9e57beabad41cdf"
COMMIT="17a81abad29bc75b499422e6227fb6044da6b467"
SHA2="0b0dbc2f8bbc5d2d9be92d64c4865f8f9335355aae62f7de9f67f81dfb3f1803"
2 changes: 1 addition & 1 deletion tools/maghemite_mg_openapi_version
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
COMMIT="2fd39b75df696961e5ea190c7d74dd91f4849cd3"
COMMIT="17a81abad29bc75b499422e6227fb6044da6b467"
SHA2="931efa310d972b1f8afba2308751fc6a2035afbaebba77b3a40a8358c123ba3c"
4 changes: 2 additions & 2 deletions tools/maghemite_mgd_checksums
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
CIDL_SHA256="802636775fa77dc6eec193e65fde87e403f6a11531745d47ef5e7ff13b242890"
MGD_LINUX_SHA256="1bcadfd700902e3640843e0bb53d3defdbcd8d86c3279efa0953ae8d6437e2b0"
CIDL_SHA256="696ffe650544ab878ab8126a00ae7addfd98c7cf764b2f60043bf6e0271deabc"
MGD_LINUX_SHA256="11a0482d77caaebfaaeadb9bbccf0481fa07827ab73417a292758c060bfe5b7a"
5 changes: 5 additions & 0 deletions tools/opte_version_override
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/bin/bash

# only set this if you want to override the version of opte/xde installed by the
# install_opte.sh script
OPTE_COMMIT="760aaeec54c86897d37168ff4bd73fb7d343f9f4"

0 comments on commit ad77df0

Please sign in to comment.