Merge remote-tracking branch 'origin/main' into iliana/6260

.config/nextest.toml

@@ -3,7 +3,7 @@
 #
 # The required version should be bumped up if we need new features, performance
 # improvements or bugfixes that are present in newer versions of nextest.
-nextest-version = { required = "0.9.64", recommended = "0.9.70" }
+nextest-version = { required = "0.9.77", recommended = "0.9.77" }
 
 experimental = ["setup-scripts"]
 
@@ -35,14 +35,13 @@ clickhouse-cluster = { max-threads = 1 }
 # behaviors that conflict with each other.  They need to be run serially.
 live-tests = { max-threads = 1 }
 
+[profile.default]
+default-filter = 'all() - package(omicron-live-tests) - package(end-to-end-tests)'
+
 [[profile.default.overrides]]
 filter = 'package(oximeter-db) and test(replicated)'
 test-group = 'clickhouse-cluster'
 
-[[profile.default.overrides]]
-filter = 'package(omicron-live-tests)'
-test-group = 'live-tests'
-
 [[profile.default.overrides]]
 # These tests can time out under heavy contention.
 filter = 'binary_id(omicron-nexus::test_all) and test(::schema::)'
@@ -53,3 +52,10 @@ filter = 'binary_id(omicron-nexus::test_all)'
 # As of 2023-01-08, the slowest test in test_all takes 196s on a Ryzen 7950X.
 # 900s is a good upper limit that adds a comfortable buffer.
 slow-timeout = { period = '60s', terminate-after = 15 }
+
+[profile.live-tests]
+default-filter = 'package(omicron-live-tests)'
+
+[[profile.live-tests.overrides]]
+filter = 'package(omicron-live-tests)'
+test-group = 'live-tests'

.github/buildomat/build-and-test.sh

@@ -9,7 +9,7 @@ target_os=$1
 # NOTE: This version should be in sync with the recommended version in
 # .config/nextest.toml. (Maybe build an automated way to pull the recommended
 # version in the future.)
-NEXTEST_VERSION='0.9.70'
+NEXTEST_VERSION='0.9.77'
 
 cargo --version
 rustc --version

.github/workflows/hakari.yml

@@ -24,7 +24,7 @@ jobs:
         with:
           toolchain: stable
       - name: Install cargo-hakari
-        uses: taiki-e/install-action@0b73cec6bfb20724b64cae80024f8fa52195c902 # v2
+        uses: taiki-e/install-action@11053896c3ed8d313b47efa789def6474abd1e6b # v2
         with:
           tool: cargo-hakari
       - name: Check workspace-hack Cargo.toml is up-to-date

Cargo.toml

@@ -159,8 +159,7 @@ default-members = [
     # See omicron#4392.
     "dns-server",
     "dns-server-api",
-    # Do not include end-to-end-tests in the list of default members, as its
-    # tests only work on a deployed control plane.
+    "end-to-end-tests",
     "gateway",
     "gateway-api",
     "gateway-cli",
@@ -174,8 +173,7 @@ default-members = [
     "internal-dns",
     "ipcc",
     "key-manager",
-    # Do not include live-tests in the list of default members because its tests
-    # only work in a deployed system.  The macros can be here, though.
+    "live-tests",
     "live-tests/macros",
     "nexus",
     "nexus-config",
@@ -332,7 +330,7 @@ crucible-common = { git = "https://github.com/oxidecomputer/crucible", rev = "e5
 csv = "1.3.0"
 curve25519-dalek = "4"
 datatest-stable = "0.2.9"
-display-error-chain = "0.2.0"
+display-error-chain = "0.2.1"
 omicron-ddm-admin-client = { path = "clients/ddm-admin-client" }
 db-macros = { path = "nexus/db-macros" }
 debug-ignore = "1.0.5"
@@ -409,6 +407,7 @@ ispf = { git = "https://github.com/oxidecomputer/ispf" }
 key-manager = { path = "key-manager" }
 kstat-rs = "0.2.4"
 libc = "0.2.158"
+libipcc = { git = "https://github.com/oxidecomputer/libipcc", rev = "fdffa212373a8f92473ea5f411088912bf458d5f" }
 libfalcon = { git = "https://github.com/oxidecomputer/falcon", rev = "e69694a1f7cc9fe31fab27f321017280531fb5f7" }
 libnvme = { git = "https://github.com/oxidecomputer/libnvme", rev = "dd5bb221d327a1bc9287961718c3c10d6bd37da0" }
 linear-map = "1.2.0"

common/src/address.rs

@@ -8,7 +8,7 @@
 //! and Nexus, who need to agree upon addressing schemes.
 
 use crate::api::external::{self, Error};
-use crate::policy::{DNS_REDUNDANCY, MAX_DNS_REDUNDANCY};
+use crate::policy::{INTERNAL_DNS_REDUNDANCY, MAX_INTERNAL_DNS_REDUNDANCY};
 use ipnetwork::Ipv6Network;
 use once_cell::sync::Lazy;
 use oxnet::{Ipv4Net, Ipv6Net};
@@ -175,7 +175,18 @@ pub const CP_SERVICES_RESERVED_ADDRESSES: u16 = 0xFFFF;
 pub const SLED_RESERVED_ADDRESSES: u16 = 32;
 
 /// Wraps an [`Ipv6Net`] with a compile-time prefix length.
-#[derive(Debug, Clone, Copy, JsonSchema, Serialize, Hash, PartialEq, Eq)]
+#[derive(
+    Debug,
+    Clone,
+    Copy,
+    JsonSchema,
+    Serialize,
+    Hash,
+    PartialEq,
+    Eq,
+    PartialOrd,
+    Ord,
+)]
 #[schemars(rename = "Ipv6Subnet")]
 pub struct Ipv6Subnet<const N: u8> {
     net: Ipv6Net,
@@ -229,12 +240,33 @@ impl<'de, const N: u8> Deserialize<'de> for Ipv6Subnet<N> {
 }
 
 /// Represents a subnet which may be used for contacting DNS services.
-#[derive(Clone, Debug, Deserialize, Serialize, PartialEq)]
+#[derive(
+    Clone, Copy, Debug, Deserialize, Serialize, PartialEq, Eq, PartialOrd, Ord,
+)]
 pub struct DnsSubnet {
     subnet: Ipv6Subnet<SLED_PREFIX>,
 }
 
 impl DnsSubnet {
+    pub fn new(subnet: Ipv6Subnet<SLED_PREFIX>) -> Self {
+        Self { subnet }
+    }
+
+    /// Makes a new DNS subnet from the high-order bits of an address.
+    pub fn from_addr(addr: Ipv6Addr) -> Self {
+        Self::new(Ipv6Subnet::new(addr))
+    }
+
+    /// Returns the DNS subnet.
+    pub fn subnet(&self) -> Ipv6Subnet<SLED_PREFIX> {
+        self.subnet
+    }
+
+    /// Returns the reserved rack subnet that contains this DNS subnet.
+    pub fn rack_subnet(&self) -> ReservedRackSubnet {
+        ReservedRackSubnet::from_subnet(self.subnet)
+    }
+
     /// Returns the DNS server address within the subnet.
     ///
     /// This is the first address within the subnet.
@@ -253,7 +285,7 @@ impl DnsSubnet {
 
 /// A wrapper around an IPv6 network, indicating it is a "reserved" rack
 /// subnet which can be used for AZ-wide services.
-#[derive(Debug, Clone)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
 pub struct ReservedRackSubnet(pub Ipv6Subnet<RACK_PREFIX>);
 
 impl ReservedRackSubnet {
@@ -262,17 +294,23 @@ impl ReservedRackSubnet {
         ReservedRackSubnet(Ipv6Subnet::<RACK_PREFIX>::new(subnet.net().addr()))
     }
 
+    /// Infer the reserved rack subnet from a sled/AZ/DNS subnet.
+    pub fn from_subnet<const N: u8>(subnet: Ipv6Subnet<N>) -> Self {
+        Self::new(Ipv6Subnet::<AZ_PREFIX>::new(subnet.net().addr()))
+    }
+
+    /// Returns the `index`th DNS subnet from this reserved rack subnet.
+    pub fn get_dns_subnet(&self, index: u8) -> DnsSubnet {
+        DnsSubnet::new(get_64_subnet(self.0, index))
+    }
+
     /// Returns the DNS addresses from this reserved rack subnet.
     ///
-    /// These addresses will come from the first [`MAX_DNS_REDUNDANCY`] `/64s` of the
-    /// [`RACK_PREFIX`] subnet.
+    /// These addresses will come from the first [`MAX_INTERNAL_DNS_REDUNDANCY`]
+    /// `/64s` of the [`RACK_PREFIX`] subnet.
     pub fn get_dns_subnets(&self) -> Vec<DnsSubnet> {
-        (0..MAX_DNS_REDUNDANCY)
-            .map(|idx| {
-                let subnet =
-                    get_64_subnet(self.0, u8::try_from(idx + 1).unwrap());
-                DnsSubnet { subnet }
-            })
+        (0..MAX_INTERNAL_DNS_REDUNDANCY)
+            .map(|idx| self.get_dns_subnet(u8::try_from(idx + 1).unwrap()))
             .collect()
     }
 }
@@ -283,7 +321,7 @@ pub fn get_internal_dns_server_addresses(addr: Ipv6Addr) -> Vec<IpAddr> {
     let az_subnet = Ipv6Subnet::<AZ_PREFIX>::new(addr);
     let reserved_rack_subnet = ReservedRackSubnet::new(az_subnet);
     let dns_subnets =
-        &reserved_rack_subnet.get_dns_subnets()[0..DNS_REDUNDANCY];
+        &reserved_rack_subnet.get_dns_subnets()[0..INTERNAL_DNS_REDUNDANCY];
     dns_subnets
         .iter()
         .map(|dns_subnet| IpAddr::from(dns_subnet.dns_address()))
@@ -664,7 +702,7 @@ mod test {
 
         // Observe the first DNS subnet within this reserved rack subnet.
         let dns_subnets = rack_subnet.get_dns_subnets();
-        assert_eq!(MAX_DNS_REDUNDANCY, dns_subnets.len());
+        assert_eq!(MAX_INTERNAL_DNS_REDUNDANCY, dns_subnets.len());
 
         // The DNS address and GZ address should be only differing by one.
         assert_eq!(

common/src/policy.rs

@@ -21,13 +21,13 @@ pub const COCKROACHDB_REDUNDANCY: usize = 5;
 
 /// The amount of redundancy for internal DNS servers.
 ///
-/// Must be less than or equal to MAX_DNS_REDUNDANCY.
-pub const DNS_REDUNDANCY: usize = 3;
+/// Must be less than or equal to MAX_INTERNAL_DNS_REDUNDANCY.
+pub const INTERNAL_DNS_REDUNDANCY: usize = 3;
 
-/// The maximum amount of redundancy for DNS servers.
+/// The maximum amount of redundancy for internal DNS servers.
 ///
-/// This determines the number of addresses which are reserved for DNS servers.
-pub const MAX_DNS_REDUNDANCY: usize = 5;
+/// This determines the number of addresses which are reserved for internal DNS servers.
+pub const MAX_INTERNAL_DNS_REDUNDANCY: usize = 5;
 
 /// The amount of redundancy for clickhouse servers
 ///