From d650ed37715ae335cf017505b5c10dfd5f36e9fb Mon Sep 17 00:00:00 2001 From: Ryan Goodfellow Date: Tue, 17 Oct 2023 11:32:21 -0700 Subject: [PATCH] blast radius management --- nexus/src/app/mod.rs | 10 ---------- nexus/src/app/rack.rs | 1 + nexus/src/lib.rs | 12 +++++++++--- nexus/test-utils/src/lib.rs | 2 +- nexus/tests/integration_tests/address_lots.rs | 10 +++++----- schema/crdb/8.0.0/up4.sql | 1 + schema/rss-sled-plan.json | 6 +++++- smf/sled-agent/gimlet-standalone/config-rss.toml | 1 + smf/sled-agent/non-gimlet/config-rss.toml | 1 + wicket/src/rack_setup/config_template.toml | 1 + wicket/src/rack_setup/config_toml.rs | 3 ++- 11 files changed, 27 insertions(+), 21 deletions(-) create mode 100644 schema/crdb/8.0.0/up4.sql diff --git a/nexus/src/app/mod.rs b/nexus/src/app/mod.rs index 1aa9e148a3..ee13a7deae 100644 --- a/nexus/src/app/mod.rs +++ b/nexus/src/app/mod.rs @@ -392,12 +392,6 @@ impl Nexus { authn::Context::internal_saga_recovery(), Arc::clone(&db_datastore), ); - let opctx_for_bootstore_sync = OpContext::for_background( - log.new(o!("component" => "BootstoreSync")), - Arc::clone(&authz), - authn::Context::internal_saga_recovery(), - Arc::clone(&db_datastore), - ); let saga_logger = nexus.log.new(o!("saga_type" => "recovery")); let recovery_task = db::recover( opctx, @@ -437,10 +431,6 @@ impl Nexus { } } }); - nexus - .initial_bootstore_sync(&opctx_for_bootstore_sync) - .await - .map_err(|e| e.to_string())?; Ok(nexus) } diff --git a/nexus/src/app/rack.rs b/nexus/src/app/rack.rs index bd74183eae..16535416fb 100644 --- a/nexus/src/app/rack.rs +++ b/nexus/src/app/rack.rs @@ -530,6 +530,7 @@ impl super::Nexus { } // TODO - https://github.com/oxidecomputer/omicron/issues/3277 // record port speed }; + self.initial_bootstore_sync(&opctx).await?; Ok(()) } diff --git a/nexus/src/lib.rs b/nexus/src/lib.rs index 586c828683..f4e3e07950 100644 --- a/nexus/src/lib.rs +++ b/nexus/src/lib.rs @@ -31,12 +31,12 @@ use internal_api::http_entrypoints::internal_api; use nexus_types::internal_api::params::ServiceKind; use omicron_common::address::IpRange; use omicron_common::api::internal::shared::{ - ExternalPortDiscovery, SwitchLocation, + ExternalPortDiscovery, RackNetworkConfig, SwitchLocation, }; use omicron_common::FileKv; use slog::Logger; use std::collections::HashMap; -use std::net::{SocketAddr, SocketAddrV6}; +use std::net::{Ipv4Addr, SocketAddr, SocketAddrV6}; use std::sync::Arc; use uuid::Uuid; @@ -252,7 +252,13 @@ impl nexus_test_interface::NexusServer for Server { vec!["qsfp0".parse().unwrap()], )]), ), - rack_network_config: None, + rack_network_config: Some(RackNetworkConfig { + rack_subnet: "fd00:1122:3344:01::/56".parse().unwrap(), + infra_ip_first: Ipv4Addr::UNSPECIFIED, + infra_ip_last: Ipv4Addr::UNSPECIFIED, + ports: Vec::new(), + bgp: Vec::new(), + }), }, ) .await diff --git a/nexus/test-utils/src/lib.rs b/nexus/test-utils/src/lib.rs index 45d1211024..701a6e8ba9 100644 --- a/nexus/test-utils/src/lib.rs +++ b/nexus/test-utils/src/lib.rs @@ -58,7 +58,7 @@ pub const RACK_UUID: &str = "c19a698f-c6f9-4a17-ae30-20d711b8f7dc"; pub const SWITCH_UUID: &str = "dae4e1f1-410e-4314-bff1-fec0504be07e"; pub const OXIMETER_UUID: &str = "39e6175b-4df2-4730-b11d-cbc1e60a2e78"; pub const PRODUCER_UUID: &str = "a6458b7d-87c3-4483-be96-854d814c20de"; -pub const RACK_SUBNET: &str = "fd00:1122:3344:01/56"; +pub const RACK_SUBNET: &str = "fd00:1122:3344:01::/56"; /// The reported amount of hardware threads for an emulated sled agent. pub const TEST_HARDWARE_THREADS: u32 = 16; diff --git a/nexus/tests/integration_tests/address_lots.rs b/nexus/tests/integration_tests/address_lots.rs index b4659daa62..40c8865929 100644 --- a/nexus/tests/integration_tests/address_lots.rs +++ b/nexus/tests/integration_tests/address_lots.rs @@ -27,8 +27,8 @@ type ControlPlaneTestContext = async fn test_address_lot_basic_crud(ctx: &ControlPlaneTestContext) { let client = &ctx.external_client; - // Verify there are no lots - let lots = NexusRequest::iter_collection_authn::( + // Verify there is only one system lot + let lots = NexusRequest::iter_collection_authn::( client, "/v1/system/networking/address-lot", "", @@ -37,7 +37,7 @@ async fn test_address_lot_basic_crud(ctx: &ControlPlaneTestContext) { .await .expect("Failed to list address lots") .all_items; - assert_eq!(lots.len(), 0, "Expected no lots"); + assert_eq!(lots.len(), 1, "Expected one lot"); // Create a lot let params = AddressLotCreate { @@ -111,8 +111,8 @@ async fn test_address_lot_basic_crud(ctx: &ControlPlaneTestContext) { .expect("Failed to list address lots") .all_items; - assert_eq!(lots.len(), 1, "Expected 1 lot"); - assert_eq!(lots[0], address_lot); + assert_eq!(lots.len(), 2, "Expected 2 lots"); + assert_eq!(lots[1], address_lot); // Verify there are lot blocks let blist = NexusRequest::iter_collection_authn::( diff --git a/schema/crdb/8.0.0/up4.sql b/schema/crdb/8.0.0/up4.sql new file mode 100644 index 0000000000..44bfd90b8c --- /dev/null +++ b/schema/crdb/8.0.0/up4.sql @@ -0,0 +1 @@ +ALTER TABLE omicron.public.rack ADD COLUMN IF NOT EXISTS rack_subnet INET; diff --git a/schema/rss-sled-plan.json b/schema/rss-sled-plan.json index d91f2080c1..0cd8f76749 100644 --- a/schema/rss-sled-plan.json +++ b/schema/rss-sled-plan.json @@ -510,7 +510,8 @@ "bgp", "infra_ip_first", "infra_ip_last", - "ports" + "ports", + "rack_subnet" ], "properties": { "bgp": { @@ -536,6 +537,9 @@ "items": { "$ref": "#/definitions/PortConfigV1" } + }, + "rack_subnet": { + "$ref": "#/definitions/Ipv6Network" } } }, diff --git a/smf/sled-agent/gimlet-standalone/config-rss.toml b/smf/sled-agent/gimlet-standalone/config-rss.toml index 636e846b7a..29a7a79eba 100644 --- a/smf/sled-agent/gimlet-standalone/config-rss.toml +++ b/smf/sled-agent/gimlet-standalone/config-rss.toml @@ -88,6 +88,7 @@ last = "192.168.1.29" # Configuration to bring up Boundary Services and make Nexus reachable from the # outside. See docs/how-to-run.adoc for more on what to put here. [rack_network_config] +rack_subnet = "fd00:1122:3344:01::/56" # A range of IP addresses used by Boundary Services on the external network. In # a real system, these would be addresses of the uplink ports on the Sidecar. # With softnpu, only one address is used. diff --git a/smf/sled-agent/non-gimlet/config-rss.toml b/smf/sled-agent/non-gimlet/config-rss.toml index bbc42b3375..fea3cfa5d8 100644 --- a/smf/sled-agent/non-gimlet/config-rss.toml +++ b/smf/sled-agent/non-gimlet/config-rss.toml @@ -88,6 +88,7 @@ last = "192.168.1.29" # Configuration to bring up Boundary Services and make Nexus reachable from the # outside. See docs/how-to-run.adoc for more on what to put here. [rack_network_config] +rack_subnet = "fd00:1122:3344:01::/56" # A range of IP addresses used by Boundary Services on the external network. In # a real system, these would be addresses of the uplink ports on the Sidecar. # With softnpu, only one address is used. diff --git a/wicket/src/rack_setup/config_template.toml b/wicket/src/rack_setup/config_template.toml index dd371c7628..216daacaa0 100644 --- a/wicket/src/rack_setup/config_template.toml +++ b/wicket/src/rack_setup/config_template.toml @@ -40,6 +40,7 @@ bootstrap_sleds = [] # TODO: docs on network config [rack_network_config] +rack_subnet = "" infra_ip_first = "" infra_ip_last = "" diff --git a/wicket/src/rack_setup/config_toml.rs b/wicket/src/rack_setup/config_toml.rs index e63623ad77..0d5bc9c948 100644 --- a/wicket/src/rack_setup/config_toml.rs +++ b/wicket/src/rack_setup/config_toml.rs @@ -195,6 +195,7 @@ fn populate_network_table( }; for (property, value) in [ + ("rack_subnet", config.rack_subnet.to_string()), ("infra_ip_first", config.infra_ip_first.to_string()), ("infra_ip_last", config.infra_ip_last.to_string()), ] { @@ -472,7 +473,7 @@ mod tests { external_dns_ips: vec!["10.0.0.1".parse().unwrap()], ntp_servers: vec!["ntp1.com".into(), "ntp2.com".into()], rack_network_config: Some(RackNetworkConfig { - rack_subnet: "fd00:1122:3344:01/56".parse().unwrap(), + rack_subnet: "fd00:1122:3344:01::/56".parse().unwrap(), infra_ip_first: "172.30.0.1".parse().unwrap(), infra_ip_last: "172.30.0.10".parse().unwrap(), ports: vec![PortConfigV1 {