fixes from madrid testing

oxidecomputer · Oct 6, 2023 · c661f97 · c661f97
1 parent 835b6da
commit c661f97
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 38 deletions.
diff --git a/common/src/address.rs b/common/src/address.rs
@@ -8,13 +8,10 @@
 //! and Nexus, who need to agree upon addressing schemes.
 
 use crate::api::external::{self, Error, Ipv4Net, Ipv6Net};
-use ipnetwork::{IpNetworkError, Ipv4Network, Ipv6Network};
+use ipnetwork::{Ipv4Network, Ipv6Network};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
-use std::{
-    net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddrV6},
-    str::FromStr,
-};
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddrV6};
 
 pub const AZ_PREFIX: u8 = 48;
 pub const RACK_PREFIX: u8 = 56;
@@ -169,27 +166,6 @@ impl<const N: u8> Ipv6Subnet<N> {
     }
 }
 
-impl<const N: u8> FromStr for Ipv6Subnet<N> {
-    type Err = Ipv6SubnetParseError;
-
-    fn from_str(s: &str) -> Result<Self, Self::Err> {
-        let net = Ipv6Net(s.parse()?);
-        if net.prefix() == N {
-            Ok(Self { net })
-        } else {
-            Err(Ipv6SubnetParseError::InvalidPrefix { expected: N, net })
-        }
-    }
-}
-
-#[derive(Debug, thiserror::Error)]
-pub enum Ipv6SubnetParseError {
-    #[error(transparent)]
-    IpNetworkError(#[from] IpNetworkError),
-    #[error("expected prefix {expected} but found {}: {net}", net.prefix())]
-    InvalidPrefix { expected: u8, net: Ipv6Net },
-}
-
 // We need a custom Deserialize to ensure that the subnet is what we expect.
 impl<'de, const N: u8> Deserialize<'de> for Ipv6Subnet<N> {
     fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>

diff --git a/sled-agent/src/services.rs b/sled-agent/src/services.rs
@@ -1698,9 +1698,14 @@ impl ServiceManager {
                         "config/mgs-address",
                         &format!("[::1]:{MGS_PORT}"),
                     )?;
+
+                    // We intentionally bind `nexus-proxy-address` to `::` so
+                    // wicketd will serve this on all interfaces, particularly
+                    // the tech port interfaces, allowing external clients to
+                    // connect to this Nexus proxy.
                     smfh.setprop(
                         "config/nexus-proxy-address",
-                        &format!("[::1]:{WICKETD_NEXUS_PROXY_PORT}"),
+                        &format!("[::]:{WICKETD_NEXUS_PROXY_PORT}"),
                     )?;
                     if let Some(underlay_address) = self
                         .inner
@@ -2725,9 +2730,8 @@ impl ServiceManager {
                 );
                 *request = new_request;
 
-                let address = request
-                    .addresses
-                    .get(0)
+                let first_address = request.addresses.get(0);
+                let address = first_address
                     .map(|addr| addr.to_string())
                     .unwrap_or_else(|| "".to_string());
 
@@ -2833,6 +2837,29 @@ impl ServiceManager {
                             }
                             smfh.refresh()?;
                         }
+                        ServiceType::Wicketd { .. } => {
+                            if let Some(&address) = first_address {
+                                let rack_subnet =
+                                    Ipv6Subnet::<AZ_PREFIX>::new(address);
+
+                                info!(
+                                    self.inner.log, "configuring wicketd";
+                                    "rack_subnet" => %rack_subnet.net().ip(),
+                                );
+
+                                smfh.setprop(
+                                    "config/rack-subnet",
+                                    &rack_subnet.net().ip().to_string(),
+                                )?;
+
+                                smfh.refresh()?;
+                            } else {
+                                error!(
+                                    self.inner.log,
+                                    "underlay address unexpectedly missing",
+                                );
+                            }
+                        }
                         ServiceType::Tfport { .. } => {
                             // Since tfport and dpd communicate using localhost,
                             // the tfport service shouldn't need to be restarted.

diff --git a/smf/wicketd/manifest.xml b/smf/wicketd/manifest.xml
@@ -28,7 +28,7 @@
     listens on a `::1` (IPv6 localhost) address without TLS.
   -->
   <exec_method type='method' name='refresh'
-      exec='curl -X POST http://${config/address}/reload-config'
+      exec='curl -X POST http://%{config/address}/reload-config'
       timeout_seconds='0' />
 
   <property_group name='startd' type='framework'>

diff --git a/wicketd/src/bin/wicketd.rs b/wicketd/src/bin/wicketd.rs
@@ -6,11 +6,11 @@
 
 use clap::Parser;
 use omicron_common::{
-    address::{Ipv6Subnet, AZ_PREFIX},
+    address::Ipv6Subnet,
     cmd::{fatal, CmdError},
 };
 use sled_hardware::Baseboard;
-use std::net::SocketAddrV6;
+use std::net::{Ipv6Addr, SocketAddrV6};
 use std::path::PathBuf;
 use wicketd::{self, run_openapi, Config, Server, SmfConfigValues};
 
@@ -54,7 +54,7 @@ enum Args {
         /// The subnet for the rack; typically read directly from our SMF config
         /// via `--read-smf-config` or an SMF refresh
         #[clap(long, action, conflicts_with("read_smf_config"))]
-        rack_subnet: Option<Ipv6Subnet<AZ_PREFIX>>,
+        rack_subnet: Option<Ipv6Addr>,
     },
 }
 
@@ -109,7 +109,7 @@ async fn do_run() -> Result<(), CmdError> {
             })?;
 
             let rack_subnet = match rack_subnet {
-                Some(addr) => Some(addr),
+                Some(addr) => Some(Ipv6Subnet::new(addr)),
                 None if read_smf_config => {
                     let smf_values = SmfConfigValues::read_current()
                         .map_err(|e| CmdError::Failure(e.to_string()))?

diff --git a/wicketd/src/lib.rs b/wicketd/src/lib.rs
@@ -88,10 +88,10 @@ impl SmfConfigValues {
             let addr = rack_subnet.parse().with_context(|| {
                 format!(
                     "failed to parse {CONFIG_PG}/{PROP_RACK_SUBNET} \
-                     value {rack_subnet:?} as a rack subnet"
+                     value {rack_subnet:?} as an IP address"
                 )
             })?;
-            Some(addr)
+            Some(Ipv6Subnet::new(addr))
         };
 
         Ok(Some(Self { rack_subnet }))

diff --git a/wicketd/src/nexus_proxy.rs b/wicketd/src/nexus_proxy.rs
@@ -104,7 +104,7 @@ impl Inner {
             info!(
                 log,
                 "closing connection; no internal DNS resolver available \
-                 (rack subnet unknown?"
+                 (rack subnet unknown?)"
             );
             return;
         };
-Original file line number
+Diff line change
@@ Expand Up / @@ -104,7 +104,7 @@ impl Inner { @@
                 info!(
                     log,
                     "closing connection; no internal DNS resolver available \
-                     (rack subnet unknown?"
+                     (rack subnet unknown?)"
                 );
                 return;
             };
@@ Expand Down @@