diff --git a/Cargo.lock b/Cargo.lock index 28170fc14cc..745b3c1ca50 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -15095,6 +15095,7 @@ dependencies = [ "serde_json", "serde_with", "sha3", + "sled-agent-config-reconciler", "sled-agent-types", "sled-hardware-types", "slog", diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-example-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-example-stdout index 83aa46e3d5c..81793feba30 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-example-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-example-stdout @@ -1564,6 +1564,7 @@ LEDGERED SLED CONFIG b61b7c3c-d665-44b3-9312-794aa81c59de crucible install-dataset b957d6cf-f7b2-4bee-9928-c5fde8c59e04 crucible install-dataset e246f5e3-0650-4afc-860f-ee7114d309c5 crucible install-dataset + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -1571,6 +1572,12 @@ LEDGERED SLED CONFIG manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) no artifacts in install dataset (this should only be seen in simulated systems) no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -1590,6 +1597,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) sled 32d8d836-4d8a-4e54-8fa9-f31d79c42646 (role = Gimlet, serial serial2) @@ -1691,6 +1700,7 @@ LEDGERED SLED CONFIG 6c2a57b0-2de0-4409-a6b9-c9aa5614eefa crucible install-dataset 99a750b2-724d-4828-ae5f-0df1aad90166 crucible install-dataset e668d83e-a28c-42dc-b574-467e57403cc1 crucible install-dataset + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -1698,6 +1708,12 @@ LEDGERED SLED CONFIG manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) no artifacts in install dataset (this should only be seen in simulated systems) no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -1717,6 +1733,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) sled 89d02b1b-478c-401a-8e28-7a26f74fa41b (role = Gimlet, serial serial0) @@ -1911,6 +1929,7 @@ LEDGERED SLED CONFIG dc2666e6-4c3e-4b8e-99bc-bcdb5f8986e1 crucible_pantry install-dataset f4dc5b5d-6eb6-40a9-a079-971eca862285 crucible install-dataset ffbf02f0-261d-4723-b613-eb861245acbd internal_dns install-dataset + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -1918,6 +1937,12 @@ LEDGERED SLED CONFIG manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) no artifacts in install dataset (this should only be seen in simulated systems) no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -1937,6 +1962,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) KEEPER MEMBERSHIP diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout index 25242992fcd..12615e2ca71 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout @@ -286,6 +286,7 @@ LEDGERED SLED CONFIG 99e2f30b-3174-40bf-a78a-90da8abba8ca internal_dns install-dataset ad6a3a03-8d0f-4504-99a4-cbf73d69b973 crucible_pantry install-dataset bd354eef-d8a6-4165-9124-283fb5e46d77 crucible install-dataset + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -293,6 +294,12 @@ LEDGERED SLED CONFIG manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) no artifacts in install dataset (this should only be seen in simulated systems) no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json error obtaining override on boot disk: reconfigurator-cli simulated mupdate-override error @@ -312,6 +319,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) sled 98e6b7c2-2efa-41ca-b20a-0a4d61102fe6 (role = Gimlet, serial serial0) @@ -393,6 +402,7 @@ LEDGERED SLED CONFIG 6444f8a5-6465-4f0b-a549-1993c113569c internal_ntp install-dataset 803bfb63-c246-41db-b0da-d3b87ddfc63d external_dns install-dataset ba4994a8-23f9-4b1a-a84f-a08d74591389 crucible_pantry install-dataset + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -411,6 +421,12 @@ LEDGERED SLED CONFIG - ntp.tar.gz (expected 1681 bytes with hash 67593d686ed04a1709f93972b71f4ebc148a9362120f65d239943e814a9a7439): ok - oximeter.tar.gz (expected 1682 bytes with hash 048d8fe8cdef5b175aad714d0f148aa80ce36c9114ac15ce9d02ed3d37877a77): ok no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json override on boot disk: 6123eac1-ec5b-42ba-b73f-9845105a9971 @@ -430,6 +446,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) sled d81c6a84-79b8-4958-ae41-ea46c9b19763 (role = Gimlet, serial serial2) @@ -511,6 +529,7 @@ LEDGERED SLED CONFIG f10a4fb9-759f-4a65-b25e-5794ad2d07d8 internal_ntp install-dataset f55647d4-5500-4ad3-893a-df45bd50d622 crucible install-dataset f6ec9c67-946a-4da3-98d5-581f72ce8bf0 external_dns install-dataset + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -518,6 +537,12 @@ LEDGERED SLED CONFIG manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) no artifacts in install dataset (this should only be seen in simulated systems) no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json override on boot disk: 203fa72c-85c1-466a-8ed3-338ee029530d @@ -537,6 +562,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) KEEPER MEMBERSHIP diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-nexus-generation-autobump-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-nexus-generation-autobump-stdout index 28743676866..ba737e66e13 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-nexus-generation-autobump-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-nexus-generation-autobump-stdout @@ -663,6 +663,7 @@ LEDGERED SLED CONFIG ad6a3a03-8d0f-4504-99a4-cbf73d69b973 crucible_pantry artifact: 21f0ada306859c23917361f2e0b9235806c32607ec689c7e8cf16bb898bc5a02 bd354eef-d8a6-4165-9124-283fb5e46d77 crucible artifact: 6f17cf65fb5a5bec5542dd07c03cd0acc01e59130f02c532c8d848ecae810047 e2fdefe7-95b2-4fd2-ae37-56929a06d58c crucible artifact: 6f17cf65fb5a5bec5542dd07c03cd0acc01e59130f02c532c8d848ecae810047 + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -681,6 +682,12 @@ LEDGERED SLED CONFIG - ntp.tar.gz (expected 1681 bytes with hash 67593d686ed04a1709f93972b71f4ebc148a9362120f65d239943e814a9a7439): ok - oximeter.tar.gz (expected 1682 bytes with hash 048d8fe8cdef5b175aad714d0f148aa80ce36c9114ac15ce9d02ed3d37877a77): ok no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -700,6 +707,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) sled 98e6b7c2-2efa-41ca-b20a-0a4d61102fe6 (role = Gimlet, serial serial0) @@ -829,6 +838,7 @@ LEDGERED SLED CONFIG 803bfb63-c246-41db-b0da-d3b87ddfc63d external_dns artifact: ccca13ed19b8731f9adaf0d6203b02ea3b9ede4fa426b9fac0a07ce95440046d ba4994a8-23f9-4b1a-a84f-a08d74591389 crucible_pantry artifact: 21f0ada306859c23917361f2e0b9235806c32607ec689c7e8cf16bb898bc5a02 dfac80b4-a887-430a-ae87-a4e065dba787 crucible artifact: 6f17cf65fb5a5bec5542dd07c03cd0acc01e59130f02c532c8d848ecae810047 + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -847,6 +857,12 @@ LEDGERED SLED CONFIG - ntp.tar.gz (expected 1681 bytes with hash 67593d686ed04a1709f93972b71f4ebc148a9362120f65d239943e814a9a7439): ok - oximeter.tar.gz (expected 1682 bytes with hash 048d8fe8cdef5b175aad714d0f148aa80ce36c9114ac15ce9d02ed3d37877a77): ok no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -866,6 +882,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) sled d81c6a84-79b8-4958-ae41-ea46c9b19763 (role = Gimlet, serial serial2) @@ -995,6 +1013,7 @@ LEDGERED SLED CONFIG f10a4fb9-759f-4a65-b25e-5794ad2d07d8 internal_ntp artifact: 67593d686ed04a1709f93972b71f4ebc148a9362120f65d239943e814a9a7439 f55647d4-5500-4ad3-893a-df45bd50d622 crucible artifact: 6f17cf65fb5a5bec5542dd07c03cd0acc01e59130f02c532c8d848ecae810047 f6ec9c67-946a-4da3-98d5-581f72ce8bf0 external_dns artifact: ccca13ed19b8731f9adaf0d6203b02ea3b9ede4fa426b9fac0a07ce95440046d + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -1013,6 +1032,12 @@ LEDGERED SLED CONFIG - ntp.tar.gz (expected 1681 bytes with hash 67593d686ed04a1709f93972b71f4ebc148a9362120f65d239943e814a9a7439): ok - oximeter.tar.gz (expected 1682 bytes with hash 048d8fe8cdef5b175aad714d0f148aa80ce36c9114ac15ce9d02ed3d37877a77): ok no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -1032,6 +1057,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) KEEPER MEMBERSHIP diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout index 952056fb802..ba83dda1927 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout @@ -650,6 +650,7 @@ LEDGERED SLED CONFIG ad6a3a03-8d0f-4504-99a4-cbf73d69b973 crucible_pantry artifact: 6055871bfa626d582162302bf027102d90a03a42866867df2582f8eba231fc6d bd354eef-d8a6-4165-9124-283fb5e46d77 crucible artifact: f3694b20fa1de79fb1f7c3a9f89f9f9eb5ebaaefc3caba7e1991e7e2b3191ed4 e2fdefe7-95b2-4fd2-ae37-56929a06d58c crucible artifact: f3694b20fa1de79fb1f7c3a9f89f9f9eb5ebaaefc3caba7e1991e7e2b3191ed4 + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -668,6 +669,12 @@ LEDGERED SLED CONFIG - ntp.tar.gz (expected 1682 bytes with hash b661b5d1370f5ac593b4c15b5fcd22c904991cf33b6db32f886374bc022a3531): ok - oximeter.tar.gz (expected 1683 bytes with hash 7ea25be50cd4e98e2ba20916cb98fe8ea457372f5973eb6ac691b5bc90dbddc0): ok no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -687,6 +694,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) sled 98e6b7c2-2efa-41ca-b20a-0a4d61102fe6 (role = Gimlet, serial serial0) @@ -816,6 +825,7 @@ LEDGERED SLED CONFIG 803bfb63-c246-41db-b0da-d3b87ddfc63d external_dns artifact: 584217eae459e4c2bd00621cf1910d06edb8258948a4832ab0329cf42067c0c7 ba4994a8-23f9-4b1a-a84f-a08d74591389 crucible_pantry artifact: 6055871bfa626d582162302bf027102d90a03a42866867df2582f8eba231fc6d dfac80b4-a887-430a-ae87-a4e065dba787 crucible artifact: f3694b20fa1de79fb1f7c3a9f89f9f9eb5ebaaefc3caba7e1991e7e2b3191ed4 + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -834,6 +844,12 @@ LEDGERED SLED CONFIG - ntp.tar.gz (expected 1682 bytes with hash b661b5d1370f5ac593b4c15b5fcd22c904991cf33b6db32f886374bc022a3531): ok - oximeter.tar.gz (expected 1683 bytes with hash 7ea25be50cd4e98e2ba20916cb98fe8ea457372f5973eb6ac691b5bc90dbddc0): ok no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -853,6 +869,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) sled d81c6a84-79b8-4958-ae41-ea46c9b19763 (role = Gimlet, serial serial2) @@ -982,6 +1000,7 @@ LEDGERED SLED CONFIG f10a4fb9-759f-4a65-b25e-5794ad2d07d8 internal_ntp artifact: b661b5d1370f5ac593b4c15b5fcd22c904991cf33b6db32f886374bc022a3531 f55647d4-5500-4ad3-893a-df45bd50d622 crucible artifact: f3694b20fa1de79fb1f7c3a9f89f9f9eb5ebaaefc3caba7e1991e7e2b3191ed4 f6ec9c67-946a-4da3-98d5-581f72ce8bf0 external_dns artifact: 584217eae459e4c2bd00621cf1910d06edb8258948a4832ab0329cf42067c0c7 + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -1000,6 +1019,12 @@ LEDGERED SLED CONFIG - ntp.tar.gz (expected 1682 bytes with hash b661b5d1370f5ac593b4c15b5fcd22c904991cf33b6db32f886374bc022a3531): ok - oximeter.tar.gz (expected 1683 bytes with hash 7ea25be50cd4e98e2ba20916cb98fe8ea457372f5973eb6ac691b5bc90dbddc0): ok no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -1019,6 +1044,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) KEEPER MEMBERSHIP diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-unsafe-zone-mgs-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-unsafe-zone-mgs-stdout index 82562dc16a7..ac08e90bc1c 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-unsafe-zone-mgs-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-unsafe-zone-mgs-stdout @@ -634,6 +634,7 @@ LEDGERED SLED CONFIG ad6a3a03-8d0f-4504-99a4-cbf73d69b973 crucible_pantry artifact: 6055871bfa626d582162302bf027102d90a03a42866867df2582f8eba231fc6d bd354eef-d8a6-4165-9124-283fb5e46d77 crucible artifact: f3694b20fa1de79fb1f7c3a9f89f9f9eb5ebaaefc3caba7e1991e7e2b3191ed4 e2fdefe7-95b2-4fd2-ae37-56929a06d58c crucible artifact: f3694b20fa1de79fb1f7c3a9f89f9f9eb5ebaaefc3caba7e1991e7e2b3191ed4 + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -652,6 +653,12 @@ LEDGERED SLED CONFIG - ntp.tar.gz (expected 1682 bytes with hash b661b5d1370f5ac593b4c15b5fcd22c904991cf33b6db32f886374bc022a3531): ok - oximeter.tar.gz (expected 1683 bytes with hash 7ea25be50cd4e98e2ba20916cb98fe8ea457372f5973eb6ac691b5bc90dbddc0): ok no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -671,6 +678,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) sled 98e6b7c2-2efa-41ca-b20a-0a4d61102fe6 (role = Gimlet, serial serial0) @@ -800,6 +809,7 @@ LEDGERED SLED CONFIG 803bfb63-c246-41db-b0da-d3b87ddfc63d external_dns artifact: 584217eae459e4c2bd00621cf1910d06edb8258948a4832ab0329cf42067c0c7 ba4994a8-23f9-4b1a-a84f-a08d74591389 crucible_pantry artifact: 6055871bfa626d582162302bf027102d90a03a42866867df2582f8eba231fc6d dfac80b4-a887-430a-ae87-a4e065dba787 crucible artifact: f3694b20fa1de79fb1f7c3a9f89f9f9eb5ebaaefc3caba7e1991e7e2b3191ed4 + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -818,6 +828,12 @@ LEDGERED SLED CONFIG - ntp.tar.gz (expected 1682 bytes with hash b661b5d1370f5ac593b4c15b5fcd22c904991cf33b6db32f886374bc022a3531): ok - oximeter.tar.gz (expected 1683 bytes with hash 7ea25be50cd4e98e2ba20916cb98fe8ea457372f5973eb6ac691b5bc90dbddc0): ok no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -837,6 +853,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) sled d81c6a84-79b8-4958-ae41-ea46c9b19763 (role = Gimlet, serial serial2) @@ -966,6 +984,7 @@ LEDGERED SLED CONFIG f10a4fb9-759f-4a65-b25e-5794ad2d07d8 internal_ntp artifact: b661b5d1370f5ac593b4c15b5fcd22c904991cf33b6db32f886374bc022a3531 f55647d4-5500-4ad3-893a-df45bd50d622 crucible artifact: f3694b20fa1de79fb1f7c3a9f89f9f9eb5ebaaefc3caba7e1991e7e2b3191ed4 f6ec9c67-946a-4da3-98d5-581f72ce8bf0 external_dns artifact: 584217eae459e4c2bd00621cf1910d06edb8258948a4832ab0329cf42067c0c7 + measurement empty zone image resolver status: zone manifest: path on boot disk: /fake/path/install/zones.json @@ -984,6 +1003,12 @@ LEDGERED SLED CONFIG - ntp.tar.gz (expected 1682 bytes with hash b661b5d1370f5ac593b4c15b5fcd22c904991cf33b6db32f886374bc022a3531): ok - oximeter.tar.gz (expected 1683 bytes with hash 7ea25be50cd4e98e2ba20916cb98fe8ea457372f5973eb6ac691b5bc90dbddc0): ok no non-boot disks + measurement manifest: + path on boot disk: /fake/path/install/zones.json + boot disk inventory: + manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) + no artifacts in install dataset (this should only be seen in simulated systems) + no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json no override on boot disk @@ -1003,6 +1028,8 @@ LEDGERED SLED CONFIG all disks reconciled successfully all datasets reconciled successfully all zones reconciled successfully + reference measurements: + (measurement set is empty) reconciler task status: idle (finished at after running for s) KEEPER MEMBERSHIP diff --git a/nexus/db-model/src/inventory.rs b/nexus/db-model/src/inventory.rs index 8caf04aadcf..c4ee081dcd4 100644 --- a/nexus/db-model/src/inventory.rs +++ b/nexus/db-model/src/inventory.rs @@ -35,15 +35,17 @@ use nexus_db_schema::schema::{ inv_cockroachdb_status, inv_collection, inv_collection_error, inv_dataset, inv_host_phase_1_active_slot, inv_host_phase_1_flash_hash, inv_internal_dns, inv_last_reconciliation_dataset_result, - inv_last_reconciliation_disk_result, + inv_last_reconciliation_disk_result, inv_last_reconciliation_measurements, inv_last_reconciliation_orphaned_dataset, - inv_last_reconciliation_zone_result, inv_mupdate_override_non_boot, - inv_ntp_timesync, inv_nvme_disk_firmware, inv_omicron_sled_config, - inv_omicron_sled_config_dataset, inv_omicron_sled_config_disk, - inv_omicron_sled_config_zone, inv_omicron_sled_config_zone_nic, - inv_physical_disk, inv_root_of_trust, inv_root_of_trust_page, - inv_service_processor, inv_sled_agent, inv_sled_boot_partition, - inv_sled_config_reconciler, inv_zpool, sw_caboose, sw_root_of_trust_page, + inv_last_reconciliation_zone_result, inv_measurement_manifest_non_boot, + inv_mupdate_override_non_boot, inv_ntp_timesync, inv_nvme_disk_firmware, + inv_omicron_sled_config, inv_omicron_sled_config_dataset, + inv_omicron_sled_config_disk, inv_omicron_sled_config_zone, + inv_omicron_sled_config_zone_nic, inv_physical_disk, inv_root_of_trust, + inv_root_of_trust_page, inv_service_processor, inv_sled_agent, + inv_sled_boot_partition, inv_sled_config_reconciler, + inv_zone_manifest_measurement, inv_zpool, sw_caboose, + sw_root_of_trust_page, }; use nexus_types::inventory::HostPhase1ActiveSlot; use nexus_types::inventory::{ @@ -84,7 +86,9 @@ use sled_agent_types::inventory::ManifestNonBootInventory; use sled_agent_types::inventory::MupdateOverrideBootInventory; use sled_agent_types::inventory::MupdateOverrideInventory; use sled_agent_types::inventory::MupdateOverrideNonBootInventory; +use sled_agent_types::inventory::OmicronSingleMeasurement; use sled_agent_types::inventory::OrphanedDataset; +use sled_agent_types::inventory::ReconciledSingleMeasurement; use sled_agent_types::inventory::RemoveMupdateOverrideBootSuccessInventory; use sled_agent_types::inventory::RemoveMupdateOverrideInventory; use sled_agent_types::inventory::ZoneArtifactInventory; @@ -1371,6 +1375,66 @@ impl From for ConfigReconcilerInventoryResult { } } +#[derive(Queryable, Clone, Debug, Selectable, Insertable)] +#[diesel(table_name = inv_last_reconciliation_measurements)] +pub struct InvLastReconciliationMeasurements { + pub inv_collection_id: DbTypedUuid, + pub sled_id: DbTypedUuid, + + pub file_name: String, + pub path: String, + pub error_message: Option, +} + +impl InvLastReconciliationMeasurements { + pub fn new( + inv_collection_id: CollectionUuid, + sled_id: SledUuid, + file_name: String, + path: String, + result: ConfigReconcilerInventoryResult, + ) -> Self { + let error_message = match result { + ConfigReconcilerInventoryResult::Ok => None, + ConfigReconcilerInventoryResult::Err { message } => Some(message), + }; + Self { + inv_collection_id: inv_collection_id.into(), + sled_id: sled_id.into(), + + path, + file_name, + error_message, + } + } +} + +impl From for ReconciledSingleMeasurement { + fn from(row: InvLastReconciliationMeasurements) -> Self { + Self { + file_name: row.file_name, + path: row.path.into(), + result: match row.error_message { + None => ConfigReconcilerInventoryResult::Ok, + Some(message) => { + ConfigReconcilerInventoryResult::Err { message } + } + }, + } + } +} + +impl From + for ConfigReconcilerInventoryResult +{ + fn from(result: InvLastReconciliationMeasurements) -> Self { + match result.error_message { + None => Self::Ok, + Some(message) => Self::Err { message }, + } + } +} + #[derive(Queryable, Clone, Debug, Selectable, Insertable)] #[diesel(table_name = inv_last_reconciliation_dataset_result)] pub struct InvLastReconciliationDatasetResult { @@ -1535,6 +1599,11 @@ pub struct InvZoneImageResolver { pub zone_manifest_mupdate_id: Option>, pub zone_manifest_boot_disk_error: Option, + pub measurement_manifest_boot_disk_path: String, + pub measurement_manifest_source: Option, + pub measurement_manifest_mupdate_id: Option>, + pub measurement_manifest_boot_disk_error: Option, + pub mupdate_override_boot_disk_path: String, pub mupdate_override_id: Option>, pub mupdate_override_boot_disk_error: Option, @@ -1563,6 +1632,26 @@ impl InvZoneImageResolver { Err(error) => (None, None, Some(error.to_string())), }; + let measurement_manifest_boot_disk_path = + inv.measurement_manifest.boot_disk_path.clone().into(); + let ( + measurement_manifest_source, + measurement_manifest_mupdate_id, + measurement_manifest_boot_disk_error, + ) = match &inv.measurement_manifest.boot_inventory { + Ok(manifest) => match manifest.source { + OmicronInstallManifestSource::Installinator { mupdate_id } => ( + Some(InvZoneManifestSourceEnum::Installinator), + Some(mupdate_id.into()), + None, + ), + OmicronInstallManifestSource::SledAgent => { + (Some(InvZoneManifestSourceEnum::SledAgent), None, None) + } + }, + Err(error) => (None, None, Some(error.to_string())), + }; + let mupdate_override_boot_disk_path = inv.mupdate_override.boot_disk_path.clone().into(); let mupdate_override_id = inv @@ -1581,6 +1670,10 @@ impl InvZoneImageResolver { zone_manifest_source, zone_manifest_mupdate_id, zone_manifest_boot_disk_error, + measurement_manifest_boot_disk_path, + measurement_manifest_source, + measurement_manifest_mupdate_id, + measurement_manifest_boot_disk_error, mupdate_override_boot_disk_path, mupdate_override_id, mupdate_override_boot_disk_error, @@ -1591,7 +1684,11 @@ impl InvZoneImageResolver { pub fn into_inventory( self, artifacts: Option>, + measurement_artifacts: Option>, zone_manifest_non_boot: Option>, + measurement_manifest_non_boot: Option< + IdOrdMap, + >, mupdate_override_non_boot: Option< IdOrdMap, >, @@ -1645,6 +1742,55 @@ impl InvZoneImageResolver { } }; + let measurement_manifest = { + let boot_inventory = if let Some(error) = + self.measurement_manifest_boot_disk_error + { + Err(error) + } else { + let source = match self.measurement_manifest_source { + Some(InvZoneManifestSourceEnum::Installinator) => { + OmicronInstallManifestSource::Installinator { + mupdate_id: self + .measurement_manifest_mupdate_id + .context( + "illegal database state (CHECK constraint broken?!): \ + if the source is Installinator, then the \ + db schema guarantees that mupdate_id is Some", + )? + .into(), + } + } + Some(InvZoneManifestSourceEnum::SledAgent) => { + OmicronInstallManifestSource::SledAgent + } + None => { + bail!( + "illegal database state (CHECK constraint broken?!): \ + if the source is None, then the db schema guarantees \ + that there was an error", + ) + } + }; + + Ok(ManifestBootInventory { + source, + // Artifacts might really be None in case no zones were found. + // (This is unusual but permitted by the data model, so any + // checks around this should happen at a higher level.) + artifacts: measurement_artifacts.unwrap_or_default(), + }) + }; + + ManifestInventory { + boot_disk_path: self.measurement_manifest_boot_disk_path.into(), + boot_inventory, + // This might be None if no non-boot disks were found. + non_boot_status: measurement_manifest_non_boot + .unwrap_or_default(), + } + }; + // Build up the mupdate override struct. let boot_override = if let Some(error) = self.mupdate_override_boot_disk_error @@ -1664,7 +1810,57 @@ impl InvZoneImageResolver { non_boot_status: mupdate_override_non_boot.unwrap_or_default(), }; - Ok(ZoneImageResolverInventory { zone_manifest, mupdate_override }) + Ok(ZoneImageResolverInventory { + zone_manifest, + measurement_manifest, + mupdate_override, + }) + } +} + +/// Represents a measurement file entry from the measurement manifest on a sled. +#[derive(Queryable, Clone, Debug, Selectable, Insertable)] +#[diesel(table_name = inv_zone_manifest_measurement)] +pub struct InvZoneManifestMeasurement { + pub inv_collection_id: DbTypedUuid, + pub sled_id: DbTypedUuid, + pub measurement_file_name: String, + pub path: String, + pub expected_size: i64, + pub expected_sha256: ArtifactHash, + pub error: Option, +} + +impl InvZoneManifestMeasurement { + pub fn new( + collection_id: CollectionUuid, + sled_id: SledUuid, + artifact: &ZoneArtifactInventory, + ) -> Self { + Self { + inv_collection_id: collection_id.into(), + sled_id: sled_id.into(), + measurement_file_name: artifact.file_name.clone(), + path: artifact.path.clone().into(), + expected_size: artifact.expected_size.try_into().unwrap(), + expected_sha256: artifact.expected_hash.into(), + error: artifact.status.as_ref().err().cloned(), + } + } +} + +impl From for ZoneArtifactInventory { + fn from(row: InvZoneManifestMeasurement) -> Self { + Self { + file_name: row.measurement_file_name, + path: row.path.into(), + expected_size: row.expected_size.try_into().unwrap(), + expected_hash: row.expected_sha256.into(), + status: match row.error { + None => Ok(()), + Some(error) => Err(error), + }, + } } } @@ -1716,6 +1912,46 @@ impl TryFrom for ZoneArtifactInventory { } } +/// Represents a non-boot zpool entry from the zone manifest on a sled. +#[derive(Queryable, Clone, Debug, Selectable, Insertable)] +#[diesel(table_name = inv_measurement_manifest_non_boot)] +pub struct InvMeasurementManifestNonBoot { + pub inv_collection_id: DbTypedUuid, + pub sled_id: DbTypedUuid, + pub non_boot_zpool_id: DbTypedUuid, + pub path: String, + pub is_valid: bool, + pub message: String, +} + +impl InvMeasurementManifestNonBoot { + pub fn new( + collection_id: CollectionUuid, + sled_id: SledUuid, + non_boot: &ManifestNonBootInventory, + ) -> Self { + Self { + inv_collection_id: collection_id.into(), + sled_id: sled_id.into(), + non_boot_zpool_id: non_boot.zpool_id.into(), + path: non_boot.path.clone().into(), + is_valid: non_boot.is_valid, + message: non_boot.message.clone(), + } + } +} + +impl From for ManifestNonBootInventory { + fn from(row: InvMeasurementManifestNonBoot) -> Self { + Self { + zpool_id: row.non_boot_zpool_id.into(), + path: row.path.into(), + is_valid: row.is_valid, + message: row.message, + } + } +} + /// Represents a non-boot zpool entry from the zone manifest on a sled. #[derive(Queryable, Clone, Debug, Selectable, Insertable)] #[diesel(table_name = inv_zone_manifest_non_boot)] @@ -2126,6 +2362,8 @@ pub struct InvOmicronSledConfig { #[diesel(embed)] pub host_phase_2: DbHostPhase2DesiredSlots, + #[diesel(embed)] + pub measurements: DbOmicronMeasurements, } impl InvOmicronSledConfig { @@ -2135,6 +2373,7 @@ impl InvOmicronSledConfig { generation: external::Generation, remove_mupdate_override: Option, host_phase_2: HostPhase2DesiredSlots, + measurements: Vec, ) -> Self { Self { inv_collection_id: inv_collection_id.into(), @@ -2142,6 +2381,33 @@ impl InvOmicronSledConfig { generation: Generation(generation), remove_mupdate_override: remove_mupdate_override.map(From::from), host_phase_2: host_phase_2.into(), + measurements: measurements.into(), + } + } +} + +#[derive(Queryable, Clone, Debug, Selectable, Insertable)] +#[diesel(table_name = inv_omicron_sled_config)] +pub struct DbOmicronMeasurements { + pub measurements: Option>, +} + +impl From> for DbOmicronMeasurements { + fn from(value: Vec) -> Self { + let remapped = + value.into_iter().map(|x| ArtifactHash(x.hash)).collect(); + Self { measurements: Some(remapped) } + } +} + +impl From for Vec { + fn from(value: DbOmicronMeasurements) -> Self { + match value.measurements { + None => Vec::new(), + Some(s) => s + .into_iter() + .map(|ArtifactHash(hash)| OmicronSingleMeasurement { hash }) + .collect(), } } } diff --git a/nexus/db-model/src/schema_versions.rs b/nexus/db-model/src/schema_versions.rs index 293b6086c6b..f4c0f1a9c92 100644 --- a/nexus/db-model/src/schema_versions.rs +++ b/nexus/db-model/src/schema_versions.rs @@ -16,7 +16,7 @@ use std::{collections::BTreeMap, sync::LazyLock}; /// /// This must be updated when you change the database schema. Refer to /// schema/crdb/README.adoc in the root of this repository for details. -pub const SCHEMA_VERSION: Version = Version::new(217, 0, 0); +pub const SCHEMA_VERSION: Version = Version::new(218, 0, 0); /// List of all past database schema versions, in *reverse* order /// @@ -28,6 +28,7 @@ static KNOWN_VERSIONS: LazyLock> = LazyLock::new(|| { // | leaving the first copy as an example for the next person. // v // KnownVersion::new(next_int, "unique-dirname-with-the-sql-files"), + KnownVersion::new(218, "measurements"), KnownVersion::new(217, "multiple-default-ip-pools-per-silo"), KnownVersion::new(216, "add-trust-quorum"), KnownVersion::new(215, "support-up-to-12-disks"), diff --git a/nexus/db-queries/src/db/datastore/inventory.rs b/nexus/db-queries/src/db/datastore/inventory.rs index ccf453c5cd7..959c91938e9 100644 --- a/nexus/db-queries/src/db/datastore/inventory.rs +++ b/nexus/db-queries/src/db/datastore/inventory.rs @@ -44,8 +44,10 @@ use nexus_db_model::InvHostPhase1FlashHash; use nexus_db_model::InvInternalDns; use nexus_db_model::InvLastReconciliationDatasetResult; use nexus_db_model::InvLastReconciliationDiskResult; +use nexus_db_model::InvLastReconciliationMeasurements; use nexus_db_model::InvLastReconciliationOrphanedDataset; use nexus_db_model::InvLastReconciliationZoneResult; +use nexus_db_model::InvMeasurementManifestNonBoot; use nexus_db_model::InvNtpTimesync; use nexus_db_model::InvNvmeDiskFirmware; use nexus_db_model::InvOmicronSledConfig; @@ -70,7 +72,8 @@ use nexus_db_model::SwCaboose; use nexus_db_model::SwRotPage; use nexus_db_model::to_db_typed_uuid; use nexus_db_model::{ - HwBaseboardId, InvZoneImageResolver, InvZoneManifestZone, + HwBaseboardId, InvZoneImageResolver, InvZoneManifestMeasurement, + InvZoneManifestZone, }; use nexus_db_model::{HwPowerState, InvZoneManifestNonBoot}; use nexus_db_model::{HwRotSlot, InvMupdateOverrideNonBoot}; @@ -114,6 +117,7 @@ use sled_agent_types::inventory::ManifestNonBootInventory; use sled_agent_types::inventory::MupdateOverrideNonBootInventory; use sled_agent_types::inventory::OmicronSledConfig; use sled_agent_types::inventory::OrphanedDataset; +use sled_agent_types::inventory::ReconciledSingleMeasurement; use sled_agent_types::inventory::ZoneArtifactInventory; use sled_hardware_types::BaseboardId; use slog_error_chain::InlineErrorChain; @@ -266,6 +270,30 @@ impl DataStore { } } + // Pull zone manifest measurements out of all sled agents. + let zone_manifest_measurements: Vec<_> = collection + .sled_agents + .iter() + .filter_map(|sled_agent| { + sled_agent + .zone_image_resolver + .measurement_manifest + .boot_inventory + .as_ref() + .ok() + .map(|artifacts| { + artifacts.artifacts.iter().map(|artifact| { + InvZoneManifestMeasurement::new( + collection_id, + sled_agent.sled_id, + artifact, + ) + }) + }) + }) + .flatten() + .collect(); + // Pull zone manifest non-boot info out of all sled agents. let zone_manifest_non_boot: Vec<_> = collection .sled_agents @@ -286,6 +314,26 @@ impl DataStore { }) .collect(); + // Pull zone manifest non-boot info out of all sled agents. + let measurement_manifest_non_boot: Vec<_> = collection + .sled_agents + .iter() + .flat_map(|sled_agent| { + sled_agent + .zone_image_resolver + .measurement_manifest + .non_boot_status + .iter() + .map(|non_boot| { + InvMeasurementManifestNonBoot::new( + collection_id, + sled_agent.sled_id, + non_boot, + ) + }) + }) + .collect(); + // Pull mupdate override non-boot info out of all sled agents. let mupdate_override_non_boot: Vec<_> = collection .sled_agents @@ -338,6 +386,7 @@ impl DataStore { zone_results: reconciler_zone_results, boot_partitions: reconciler_boot_partitions, mut config_reconciler_fields_by_sled, + measurements: reconciler_measurement_results, } = ConfigReconcilerRows::new(collection_id, collection) .map_err(|e| Error::internal_error(&format!("{e:#}")))?; @@ -1260,6 +1309,27 @@ impl DataStore { } } + // Insert rows for all the sled config reconciler measurements + { + use nexus_db_schema::schema::inv_last_reconciliation_measurements::dsl; + + let batch_size = SQL_BATCH_SIZE.get().try_into().unwrap(); + let mut measurement_results = reconciler_measurement_results.into_iter(); + loop { + let some_measurement_results = + measurement_results.by_ref().take(batch_size).collect::>(); + if some_measurement_results.is_empty() { + break; + } + let _ = diesel::insert_into(dsl::inv_last_reconciliation_measurements) + .values(some_measurement_results) + .execute_async(&conn) + .await?; + } + } + + + // Insert rows for all the sled config reconciler disk results { use nexus_db_schema::schema::inv_last_reconciliation_disk_result::dsl; @@ -1336,6 +1406,28 @@ impl DataStore { } } + // Insert rows for all the zones found in the zone manifest on the + // boot disk. + { + use nexus_db_schema::schema::inv_zone_manifest_measurement::dsl; + + let batch_size = SQL_BATCH_SIZE.get().try_into().unwrap(); + let mut measurements = zone_manifest_measurements.into_iter(); + loop { + let some_measurements = + measurements.by_ref().take(batch_size).collect::>(); + if some_measurements.is_empty() { + break; + } + let _ = diesel::insert_into(dsl::inv_zone_manifest_measurement) + .values(some_measurements) + .execute_async(&conn) + .await?; + } + } + + + // Insert rows for all the zones found in the zone manifest on the // boot disk. { @@ -1375,6 +1467,26 @@ impl DataStore { } } + // Insert rows for non-boot measurement manifests. + { + use nexus_db_schema::schema::inv_measurement_manifest_non_boot::dsl; + + let batch_size = SQL_BATCH_SIZE.get().try_into().unwrap(); + let mut non_boot = measurement_manifest_non_boot.into_iter(); + loop { + let some_non_boot = + non_boot.by_ref().take(batch_size).collect::>(); + if some_non_boot.is_empty() { + break; + } + let _ = diesel::insert_into(dsl::inv_measurement_manifest_non_boot) + .values(some_non_boot) + .execute_async(&conn) + .await?; + } + } + + // Insert rows for non-boot mupdate overrides. { use nexus_db_schema::schema::inv_mupdate_override_non_boot::dsl; @@ -1469,6 +1581,14 @@ impl DataStore { .into_sql::>(), zone_image_resolver.zone_manifest_boot_disk_error .into_sql::>(), + zone_image_resolver.measurement_manifest_boot_disk_path + .into_sql::(), + zone_image_resolver.measurement_manifest_source + .into_sql::>(), + zone_image_resolver.measurement_manifest_mupdate_id + .into_sql::>(), + zone_image_resolver.measurement_manifest_boot_disk_error + .into_sql::>(), zone_image_resolver.mupdate_override_boot_disk_path .into_sql::(), zone_image_resolver.mupdate_override_id @@ -1510,6 +1630,10 @@ impl DataStore { sa_dsl::zone_manifest_source, sa_dsl::zone_manifest_mupdate_id, sa_dsl::zone_manifest_boot_disk_error, + sa_dsl::measurement_manifest_boot_disk_path, + sa_dsl::measurement_manifest_source, + sa_dsl::measurement_manifest_mupdate_id, + sa_dsl::measurement_manifest_boot_disk_error, sa_dsl::mupdate_override_boot_disk_path, sa_dsl::mupdate_override_id, sa_dsl::mupdate_override_boot_disk_error, @@ -1542,6 +1666,10 @@ impl DataStore { _zone_manifest_source, _zone_manifest_mupdate_id, _zone_manifest_boot_disk_error, + _measurement_manifest_boot_disk_path, + _measurement_manifest_source, + _measurement_manifest_mupdate_id, + _measurement_manifest_boot_disk_error, _mupdate_override_boot_disk_path, _mupdate_override_boot_disk_id, _mupdate_override_boot_disk_error, @@ -1873,8 +2001,11 @@ impl DataStore { nlast_reconciliation_dataset_results: usize, nlast_reconciliation_orphaned_datasets: usize, nlast_reconciliation_zone_results: usize, + nlast_reconciliation_measurements: usize, nzone_manifest_zones: usize, + nzone_manifest_measurements: usize, nzone_manifest_non_boot: usize, + nmeasurement_manifest_non_boot: usize, nmupdate_override_non_boot: usize, nconfig_reconcilers: usize, nboot_partitions: usize, @@ -1907,8 +2038,11 @@ impl DataStore { nlast_reconciliation_dataset_results, nlast_reconciliation_orphaned_datasets, nlast_reconciliation_zone_results, + nlast_reconciliation_measurements, nzone_manifest_zones, + nzone_manifest_measurements, nzone_manifest_non_boot, + nmeasurement_manifest_non_boot, nmupdate_override_non_boot, nconfig_reconcilers, nboot_partitions, @@ -2038,7 +2172,7 @@ impl DataStore { }; // Remove rows associated with the last reconciliation - // result (disks, datasets, and zones). + // result (disks, datasets, measurements, and zones). let nlast_reconciliation_disk_results = { use nexus_db_schema::schema::inv_last_reconciliation_disk_result::dsl; diesel::delete(dsl::inv_last_reconciliation_disk_result.filter( @@ -2071,6 +2205,15 @@ impl DataStore { .execute_async(&conn) .await? }; + let nlast_reconciliation_measurements = { + use nexus_db_schema::schema::inv_last_reconciliation_measurements::dsl; + diesel::delete(dsl::inv_last_reconciliation_measurements.filter( + dsl::inv_collection_id.eq(db_collection_id), + )) + .execute_async(&conn) + .await? + }; + // Remove rows associated with zone resolver inventory. let nzone_manifest_zones = { @@ -2081,6 +2224,14 @@ impl DataStore { .execute_async(&conn) .await? }; + let nzone_manifest_measurements = { + use nexus_db_schema::schema::inv_zone_manifest_measurement::dsl; + diesel::delete(dsl::inv_zone_manifest_measurement.filter( + dsl::inv_collection_id.eq(db_collection_id), + )) + .execute_async(&conn) + .await? + }; let nzone_manifest_non_boot = { use nexus_db_schema::schema::inv_zone_manifest_non_boot::dsl; diesel::delete(dsl::inv_zone_manifest_non_boot.filter( @@ -2089,6 +2240,15 @@ impl DataStore { .execute_async(&conn) .await? }; + let nmeasurement_manifest_non_boot = { + use nexus_db_schema::schema::inv_measurement_manifest_non_boot::dsl; + diesel::delete(dsl::inv_measurement_manifest_non_boot.filter( + dsl::inv_collection_id.eq(db_collection_id), + )) + .execute_async(&conn) + .await? + }; + let nmupdate_override_non_boot = { use nexus_db_schema::schema::inv_mupdate_override_non_boot::dsl; diesel::delete(dsl::inv_mupdate_override_non_boot.filter( @@ -2239,8 +2399,11 @@ impl DataStore { nlast_reconciliation_dataset_results, nlast_reconciliation_orphaned_datasets, nlast_reconciliation_zone_results, + nlast_reconciliation_measurements, nzone_manifest_zones, + nzone_manifest_measurements, nzone_manifest_non_boot, + nmeasurement_manifest_non_boot, nmupdate_override_non_boot, nconfig_reconcilers, nboot_partitions, @@ -2283,8 +2446,12 @@ impl DataStore { nlast_reconciliation_orphaned_datasets, "nlast_reconciliation_zone_results" => nlast_reconciliation_zone_results, + "nlast_reconciliation_measurements" => + nlast_reconciliation_measurements, "nzone_manifest_zones" => nzone_manifest_zones, + "nzone_manifest_measurements" => nzone_manifest_measurements, "nzone_manifest_non_boot" => nzone_manifest_non_boot, + "nmeasurement_manifest_non_boot" => nmeasurement_manifest_non_boot, "nmupdate_override_non_boot" => nmupdate_override_non_boot, "nconfig_reconcilers" => nconfig_reconcilers, "nboot_partitions" => nboot_partitions, @@ -3153,6 +3320,7 @@ impl DataStore { datasets: IdOrdMap::default(), zones: IdOrdMap::default(), host_phase_2: sled_config.host_phase_2.into(), + measurements: sled_config.measurements.into(), }, }) .map_err(|e| { @@ -3558,6 +3726,49 @@ impl DataStore { orphaned }; + let mut last_reconciliation_measurements = { + use nexus_db_schema::schema::inv_last_reconciliation_measurements::dsl; + + let mut measurements: BTreeMap< + SledUuid, + IdOrdMap, + > = BTreeMap::new(); + + // TODO-performance This ought to be paginated like the other + // queries in this method, but + // + // (a) this table's primary key is 3 columns, and we don't have + // `paginated` support that wide + // (b) we expect a very small number of reconciled measurements + // + // so we just do the lazy thing and load all the rows at once. + let rows = dsl::inv_last_reconciliation_measurements + .filter(dsl::inv_collection_id.eq(db_id)) + .select(InvLastReconciliationMeasurements::as_select()) + .load_async(&*conn) + .await + .map_err(|e| { + public_error_from_diesel(e, ErrorHandler::Server) + })?; + + for row in rows { + measurements + .entry(row.sled_id.into()) + .or_default() + .insert_unique(row.into()) + .map_err(|err| { + // We should never get duplicates: the table's primary + // key is the dataset name (same as the IdOrdMap) + Error::internal_error(&format!( + "unexpected duplicate orphaned dataset: {}", + InlineErrorChain::new(&err) + )) + })?; + } + + measurements + }; + // Load all the config reconciler zone results; build a map of maps // keyed by sled ID. let mut last_reconciliation_zone_results = { @@ -3597,6 +3808,48 @@ impl DataStore { results }; + // Load zone_manifest_measurement rows. + let mut measurement_manifest_artifacts_by_sled_id = { + use nexus_db_schema::schema::inv_zone_manifest_measurement::dsl; + + let mut by_sled_id: BTreeMap< + SledUuid, + IdOrdMap, + > = BTreeMap::new(); + + let mut paginator = Paginator::new( + batch_size, + dropshot::PaginationOrder::Ascending, + ); + while let Some(p) = paginator.next() { + let batch = paginated_multicolumn( + dsl::inv_zone_manifest_measurement, + (dsl::sled_id, dsl::measurement_file_name), + &p.current_pagparams(), + ) + .filter(dsl::inv_collection_id.eq(db_id)) + .select(InvZoneManifestMeasurement::as_select()) + .load_async(&*conn) + .await + .map_err(|e| { + public_error_from_diesel(e, ErrorHandler::Server) + })?; + paginator = p.found_batch(&batch, &|row| { + (row.sled_id, row.measurement_file_name.clone()) + }); + + for row in batch { + by_sled_id + .entry(row.sled_id.into()) + .or_default() + .insert_unique(row.into()) + .expect("database ensures the row is unique"); + } + } + + by_sled_id + }; + // Load zone_manifest_zone rows. let mut zone_manifest_artifacts_by_sled_id = { use nexus_db_schema::schema::inv_zone_manifest_zone::dsl; @@ -3685,6 +3938,47 @@ impl DataStore { by_sled_id }; + let mut measurement_manifest_non_boot_by_sled_id = { + use nexus_db_schema::schema::inv_measurement_manifest_non_boot::dsl; + + let mut by_sled_id: BTreeMap< + SledUuid, + IdOrdMap, + > = BTreeMap::new(); + + let mut paginator = Paginator::new( + batch_size, + dropshot::PaginationOrder::Ascending, + ); + while let Some(p) = paginator.next() { + let batch = paginated_multicolumn( + dsl::inv_measurement_manifest_non_boot, + (dsl::sled_id, dsl::non_boot_zpool_id), + &p.current_pagparams(), + ) + .filter(dsl::inv_collection_id.eq(db_id)) + .select(InvMeasurementManifestNonBoot::as_select()) + .load_async(&*conn) + .await + .map_err(|e| { + public_error_from_diesel(e, ErrorHandler::Server) + })?; + paginator = p.found_batch(&batch, &|row| { + (row.sled_id, row.non_boot_zpool_id) + }); + + for row in batch { + by_sled_id + .entry(row.sled_id.into()) + .or_default() + .insert_unique(row.into()) + .expect("database ensures the row is unique"); + } + } + + by_sled_id + }; + // Load mupdate-override non-boot rows. let mut mupdate_override_non_boot_by_sled_id = { use nexus_db_schema::schema::inv_mupdate_override_non_boot::dsl; @@ -3945,6 +4239,10 @@ impl DataStore { zones: last_reconciliation_zone_results .remove(&sled_id) .unwrap_or_default(), + measurements: last_reconciliation_measurements + .remove(&sled_id) + .unwrap_or_default(), + boot_partitions, remove_mupdate_override, }) @@ -3955,7 +4253,9 @@ impl DataStore { .zone_image_resolver .into_inventory( zone_manifest_artifacts_by_sled_id.remove(&sled_id), + measurement_manifest_artifacts_by_sled_id.remove(&sled_id), zone_manifest_non_boot_by_sled_id.remove(&sled_id), + measurement_manifest_non_boot_by_sled_id.remove(&sled_id), mupdate_override_non_boot_by_sled_id.remove(&sled_id), ) .map_err(|e| { @@ -4153,6 +4453,7 @@ struct ConfigReconcilerRows { boot_partitions: Vec, config_reconciler_fields_by_sled: BTreeMap, + measurements: Vec, } impl ConfigReconcilerRows { @@ -4222,6 +4523,17 @@ impl ConfigReconcilerRows { remove_mupdate_override, )); + self.measurements.extend( + last_reconciliation.measurements.iter().map(|measurement| { + InvLastReconciliationMeasurements::new( + collection_id, + sled_id, + measurement.file_name.clone(), + measurement.path.to_string(), + measurement.result.clone(), + ) + }), + ); // Boot partition _errors_ are kept in `InvSledConfigReconciler` // above, but non-errors get their own rows; handle those here. // @@ -4373,6 +4685,7 @@ impl ConfigReconcilerRows { config.generation, config.remove_mupdate_override, config.host_phase_2.clone(), + config.measurements.clone(), )); self.disks.extend(config.disks.iter().map(|disk| { InvOmicronSledConfigDisk::new( @@ -4462,6 +4775,7 @@ mod test { use async_bb8_diesel::AsyncConnection; use async_bb8_diesel::AsyncRunQueryDsl; use async_bb8_diesel::AsyncSimpleConnection; + use camino::Utf8PathBuf; use diesel::QueryDsl; use nexus_db_schema::schema; use nexus_inventory::examples::Representative; @@ -4485,6 +4799,7 @@ mod test { use sled_agent_types::inventory::BootPartitionContents; use sled_agent_types::inventory::BootPartitionDetails; use sled_agent_types::inventory::OrphanedDataset; + use sled_agent_types::inventory::ReconciledSingleMeasurement; use sled_agent_types::inventory::{ BootImageHeader, RemoveMupdateOverrideBootSuccessInventory, RemoveMupdateOverrideInventory, @@ -5320,6 +5635,15 @@ mod test { (OmicronZoneUuid::new_v4(), make_result("zone", i)) }) .collect(), + measurements: (0..5) + .map(|i| { + ReconciledSingleMeasurement { + file_name: format!("file-{}", i), + path: Utf8PathBuf::from(format!("path/to/{}", i)), + result: make_result("measurement", i), + } + }) + .collect(), boot_partitions: BootPartitionContents { boot_disk: Ok(M2Slot::B), slot_a: Err("some error".to_string()), diff --git a/nexus/db-schema/src/schema.rs b/nexus/db-schema/src/schema.rs index de626e5c64f..5d63d8c53f2 100644 --- a/nexus/db-schema/src/schema.rs +++ b/nexus/db-schema/src/schema.rs @@ -1691,6 +1691,11 @@ table! { zone_manifest_mupdate_id -> Nullable, zone_manifest_boot_disk_error -> Nullable, + measurement_manifest_boot_disk_path -> Text, + measurement_manifest_source -> Nullable, + measurement_manifest_mupdate_id -> Nullable, + measurement_manifest_boot_disk_error -> Nullable, + mupdate_override_boot_disk_path -> Text, mupdate_override_id -> Nullable, mupdate_override_boot_disk_error -> Nullable, @@ -1756,6 +1761,19 @@ table! { } } +table! { + inv_last_reconciliation_measurements + (inv_collection_id, sled_id, file_name) + { + inv_collection_id -> Uuid, + sled_id -> Uuid, + + file_name -> Text, + path -> Text, + error_message -> Nullable + } +} + table! { inv_last_reconciliation_orphaned_dataset (inv_collection_id, sled_id, pool_id, kind, zone_name) @@ -1783,6 +1801,18 @@ table! { } } +table! { + inv_zone_manifest_measurement (inv_collection_id, sled_id, measurement_file_name) { + inv_collection_id -> Uuid, + sled_id -> Uuid, + measurement_file_name -> Text, + path -> Text, + expected_size -> Int8, + expected_sha256 -> Text, + error -> Nullable, + } +} + table! { inv_zone_manifest_zone (inv_collection_id, sled_id, zone_file_name) { inv_collection_id -> Uuid, @@ -1806,6 +1836,17 @@ table! { } } +table! { + inv_measurement_manifest_non_boot (inv_collection_id, sled_id, non_boot_zpool_id) { + inv_collection_id -> Uuid, + sled_id -> Uuid, + non_boot_zpool_id -> Uuid, + path -> Text, + is_valid -> Bool, + message -> Text, + } +} + table! { inv_mupdate_override_non_boot (inv_collection_id, sled_id, non_boot_zpool_id) { inv_collection_id -> Uuid, @@ -1882,6 +1923,7 @@ table! { remove_mupdate_override -> Nullable, host_phase_2_desired_slot_a -> Nullable, host_phase_2_desired_slot_b -> Nullable, + measurements -> Nullable>, } } diff --git a/nexus/inventory/src/collector.rs b/nexus/inventory/src/collector.rs index 560f9021c58..f6ae1d26e67 100644 --- a/nexus/inventory/src/collector.rs +++ b/nexus/inventory/src/collector.rs @@ -753,6 +753,7 @@ mod test { zones, remove_mupdate_override, host_phase_2, + measurements, } = config; swriteln!(s, " generation: {generation}"); @@ -791,6 +792,14 @@ mod test { zone.zone_type.kind().report_str(), ); } + + swriteln!(s, " measurements:"); + for h in measurements { + swriteln!(s, " artifact: {}", h.hash); + } + if measurements.is_empty() { + swriteln!(s, " (empty)"); + } } fn dump_collection(collection: &Collection) -> String { @@ -1004,6 +1013,7 @@ mod test { }, remove_mupdate_override: None, host_phase_2: HostPhase2DesiredSlots::current_contents(), + measurements: Vec::new(), }) .await .expect("failed to write initial zone version to fake sled agent"); diff --git a/nexus/inventory/src/examples.rs b/nexus/inventory/src/examples.rs index 06ccdf83571..a5d3f4ce3f6 100644 --- a/nexus/inventory/src/examples.rs +++ b/nexus/inventory/src/examples.rs @@ -7,6 +7,7 @@ use crate::CollectionBuilder; use crate::now_db_precision; use camino::Utf8Path; +use camino::Utf8PathBuf; use clickhouse_admin_types::keeper::ClickhouseKeeperClusterMembership; use clickhouse_admin_types::keeper::KeeperId; use gateway_client::types::PowerState; @@ -39,6 +40,7 @@ use sled_agent_types::inventory::Baseboard; use sled_agent_types::inventory::BootImageHeader; use sled_agent_types::inventory::BootPartitionDetails; use sled_agent_types::inventory::ConfigReconcilerInventory; +use sled_agent_types::inventory::ConfigReconcilerInventoryResult; use sled_agent_types::inventory::ConfigReconcilerInventoryStatus; use sled_agent_types::inventory::HealthMonitorInventory; use sled_agent_types::inventory::HostPhase2DesiredSlots; @@ -49,6 +51,7 @@ use sled_agent_types::inventory::InventoryZpool; use sled_agent_types::inventory::OmicronSledConfig; use sled_agent_types::inventory::OmicronZonesConfig; use sled_agent_types::inventory::OrphanedDataset; +use sled_agent_types::inventory::ReconciledSingleMeasurement; use sled_agent_types::inventory::SledCpuFamily; use sled_agent_types::inventory::SledRole; use sled_agent_types::inventory::ZoneImageResolverInventory; @@ -403,6 +406,7 @@ pub fn representative() -> Representative { zones: sled14.zones.into_iter().collect(), remove_mupdate_override: None, host_phase_2: HostPhase2DesiredSlots::current_contents(), + measurements: Default::default(), }; let sled16 = OmicronSledConfig { generation: sled16.generation, @@ -411,6 +415,7 @@ pub fn representative() -> Representative { zones: sled16.zones.into_iter().collect(), remove_mupdate_override: None, host_phase_2: HostPhase2DesiredSlots::current_contents(), + measurements: Default::default(), }; let sled17 = OmicronSledConfig { generation: sled17.generation, @@ -419,6 +424,7 @@ pub fn representative() -> Representative { zones: sled17.zones.into_iter().collect(), remove_mupdate_override: None, host_phase_2: HostPhase2DesiredSlots::current_contents(), + measurements: Default::default(), }; // Create iterator producing fixed IDs. @@ -796,52 +802,70 @@ pub fn zone_image_resolver( // Determine the zone manifest and mupdate override results for the boot // disk. - let (boot_zm_result, boot_override_result) = match kind { - ZoneImageResolverExampleKind::Success { - deserialized_zone_manifest, - has_mupdate_override, - } => { - if !deserialized_zone_manifest { - cx.write_zone_manifest_to_disk(false); + let (measurement_m_result, boot_zm_result, boot_override_result) = + match kind { + ZoneImageResolverExampleKind::Success { + deserialized_zone_manifest, + has_mupdate_override, + } => { + if !deserialized_zone_manifest { + cx.write_zone_manifest_to_disk(false); + } + let zm_result = Ok(cx.expected_result( + &dir_path.join(&BOOT_PATHS.install_dataset), + )); + let measurement_m_result = Ok(cx.expected_result( + &dir_path.join(&BOOT_PATHS.install_dataset), + )); + let override_result = + Ok(has_mupdate_override.then(|| cx.override_info())); + (measurement_m_result, zm_result, override_result) } - let zm_result = Ok( - cx.expected_result(&dir_path.join(&BOOT_PATHS.install_dataset)) - ); - let override_result = - Ok(has_mupdate_override.then(|| cx.override_info())); - (zm_result, override_result) - } - ZoneImageResolverExampleKind::Mismatch { has_mupdate_override } => { - // In this case, the zone manifest result is generated using the - // invalid (mismatched) context. - let zm_result = Ok(invalid_cx - .expected_result(&dir_path.join(&BOOT_PATHS.install_dataset))); - let override_result = - Ok(has_mupdate_override.then(|| cx.override_info())); - (zm_result, override_result) - } - ZoneImageResolverExampleKind::Error => { - // Use the invalid context to generate an error. - let zm_result = Err(ZoneManifestReadError::InstallMetadata( - dataset_missing_error( + ZoneImageResolverExampleKind::Mismatch { has_mupdate_override } => { + // In this case, the zone manifest result is generated using the + // invalid (mismatched) context. + let zm_result = Ok(invalid_cx.expected_result( &dir_path.join(&BOOT_PATHS.install_dataset), - ), - )); - let override_result = - Err(MupdateOverrideReadError::InstallMetadata( + )); + + let measurement_m_result = Ok(invalid_cx.expected_result( + &dir_path.join(&BOOT_PATHS.install_dataset), + )); + + let override_result = + Ok(has_mupdate_override.then(|| cx.override_info())); + (measurement_m_result, zm_result, override_result) + } + ZoneImageResolverExampleKind::Error => { + // Use the invalid context to generate an error. + let zm_result = Err(ZoneManifestReadError::InstallMetadata( dataset_missing_error( &dir_path.join(&BOOT_PATHS.install_dataset), ), )); - (zm_result, override_result) - } - }; + // Use the invalid context to generate an error. + let measurement_m_result = + Err(ZoneManifestReadError::InstallMetadata( + dataset_missing_error( + &dir_path.join(&BOOT_PATHS.install_dataset), + ), + )); + + let override_result = + Err(MupdateOverrideReadError::InstallMetadata( + dataset_missing_error( + &dir_path.join(&BOOT_PATHS.install_dataset), + ), + )); + (measurement_m_result, zm_result, override_result) + } + }; // Generate a status struct first. let status = ResolverStatus { measurement_manifest: MeasurementManifestStatus { boot_disk_path: dir_path.join(&BOOT_PATHS.measurements_json), - boot_disk_result: boot_zm_result.clone(), + boot_disk_result: measurement_m_result, non_boot_disk_metadata: id_ord_map! { // Non-boot disk metadata that matches. ZoneManifestNonBootInfo { @@ -858,7 +882,7 @@ pub fn zone_image_resolver( ) ), }, - // Non-boot disk mismatch (measurements different + errors). + // Non-boot disk mismatch (zones different + errors). ZoneManifestNonBootInfo { zpool_id: NON_BOOT_2_UUID, dataset_dir: dir_path.join(&NON_BOOT_2_PATHS.install_dataset), @@ -871,7 +895,7 @@ pub fn zone_image_resolver( }, ), }, - // Non-boot disk mismatch (error reading measurement manifest). + // Non-boot disk mismatch (error reading zone manifest). ZoneManifestNonBootInfo { zpool_id: NON_BOOT_3_UUID, dataset_dir: dir_path.join(&NON_BOOT_3_PATHS.install_dataset), @@ -884,6 +908,7 @@ pub fn zone_image_resolver( }, }, }, + zone_manifest: ZoneManifestStatus { boot_disk_path: dir_path.join(&BOOT_PATHS.zones_json), boot_disk_result: boot_zm_result, @@ -1013,6 +1038,17 @@ pub fn sled_agent( artifact_size: 10_000 + 4096, }); + inv.measurements.insert_overwrite(ReconciledSingleMeasurement { + file_name: "file1".to_string(), + path: Utf8PathBuf::from("/this/path"), + result: ConfigReconcilerInventoryResult::Ok, + }); + inv.measurements.insert_overwrite(ReconciledSingleMeasurement { + file_name: "file2".to_string(), + path: Utf8PathBuf::from("/this/path2"), + result: ConfigReconcilerInventoryResult::Ok, + }); + inv }); diff --git a/nexus/inventory/tests/output/collector_basic.txt b/nexus/inventory/tests/output/collector_basic.txt index 1d9f9830ab6..7e26367d21b 100644 --- a/nexus/inventory/tests/output/collector_basic.txt +++ b/nexus/inventory/tests/output/collector_basic.txt @@ -91,12 +91,16 @@ sled agents found: host_phase_2.slot_a: CurrentContents host_phase_2.slot_b: CurrentContents zone 8b88a56f-3eb6-4d80-ba42-75d867bc427d type oximeter + measurements: + (empty) last reconciled config: generation: 3 remove_mupdate_override: None host_phase_2.slot_a: CurrentContents host_phase_2.slot_b: CurrentContents zone 8b88a56f-3eb6-4d80-ba42-75d867bc427d type oximeter + measurements: + (empty) result for zone 8b88a56f-3eb6-4d80-ba42-75d867bc427d: Ok reconciler task idle sled 9cb9b78f-5614-440c-b66d-e8e81fab69b0 (Scrimlet) @@ -107,12 +111,16 @@ sled agents found: host_phase_2.slot_a: CurrentContents host_phase_2.slot_b: CurrentContents zone 5125277f-0988-490b-ac01-3bba20cc8f07 type oximeter + measurements: + (empty) last reconciled config: generation: 3 remove_mupdate_override: None host_phase_2.slot_a: CurrentContents host_phase_2.slot_b: CurrentContents zone 5125277f-0988-490b-ac01-3bba20cc8f07 type oximeter + measurements: + (empty) result for zone 5125277f-0988-490b-ac01-3bba20cc8f07: Ok reconciler task idle diff --git a/nexus/inventory/tests/output/collector_sled_agent_errors.txt b/nexus/inventory/tests/output/collector_sled_agent_errors.txt index c3772599c7e..9a92692a6f4 100644 --- a/nexus/inventory/tests/output/collector_sled_agent_errors.txt +++ b/nexus/inventory/tests/output/collector_sled_agent_errors.txt @@ -90,12 +90,16 @@ sled agents found: host_phase_2.slot_a: CurrentContents host_phase_2.slot_b: CurrentContents zone 5125277f-0988-490b-ac01-3bba20cc8f07 type oximeter + measurements: + (empty) last reconciled config: generation: 3 remove_mupdate_override: None host_phase_2.slot_a: CurrentContents host_phase_2.slot_b: CurrentContents zone 5125277f-0988-490b-ac01-3bba20cc8f07 type oximeter + measurements: + (empty) result for zone 5125277f-0988-490b-ac01-3bba20cc8f07: Ok reconciler task idle diff --git a/nexus/mgs-updates/src/test_util/host_phase_2_test_state.rs b/nexus/mgs-updates/src/test_util/host_phase_2_test_state.rs index a0b94eaabf5..b9dd71b2c00 100644 --- a/nexus/mgs-updates/src/test_util/host_phase_2_test_state.rs +++ b/nexus/mgs-updates/src/test_util/host_phase_2_test_state.rs @@ -177,6 +177,7 @@ impl HostPhase2SledAgentContext { struct HostPhase2SledAgentImpl; mod api_impl { + use super::HostPhase2SledAgentContext; use super::HostPhase2SledAgentImpl; use camino::Utf8PathBuf; @@ -340,6 +341,7 @@ mod api_impl { slot_a: HostPhase2DesiredContents::CurrentContents, slot_b: HostPhase2DesiredContents::CurrentContents, }, + measurements: Vec::new(), }; Ok(HttpResponseOk(Inventory { @@ -365,6 +367,7 @@ mod api_impl { datasets: BTreeMap::new(), orphaned_datasets: IdOrdMap::new(), zones: BTreeMap::new(), + measurements: IdOrdMap::new(), remove_mupdate_override: None, boot_partitions, }), @@ -377,6 +380,14 @@ mod api_impl { ), non_boot_status: IdOrdMap::new(), }, + measurement_manifest: ManifestInventory { + boot_disk_path: Utf8PathBuf::new(), + boot_inventory: Err( + "not implemented by HostPhase2SledAgentImpl" + .to_string(), + ), + non_boot_status: IdOrdMap::new(), + }, mupdate_override: MupdateOverrideInventory { boot_disk_path: Utf8PathBuf::new(), boot_override: Err( diff --git a/nexus/reconfigurator/planning/src/mgs_updates/test_helpers.rs b/nexus/reconfigurator/planning/src/mgs_updates/test_helpers.rs index 957350ee1ee..a4745b48e45 100644 --- a/nexus/reconfigurator/planning/src/mgs_updates/test_helpers.rs +++ b/nexus/reconfigurator/planning/src/mgs_updates/test_helpers.rs @@ -1302,6 +1302,7 @@ impl<'a> TestBoardCollectionBuilder<'a> { zones: IdOrdMap::new(), remove_mupdate_override: None, host_phase_2: HostPhase2DesiredSlots::current_contents(), + measurements: Vec::new(), }; // The only sled-agent fields that matter for the purposes of @@ -1351,6 +1352,7 @@ impl<'a> TestBoardCollectionBuilder<'a> { datasets: BTreeMap::new(), orphaned_datasets: IdOrdMap::new(), zones: BTreeMap::new(), + measurements: IdOrdMap::new(), boot_partitions, remove_mupdate_override: None, }, diff --git a/nexus/test-utils/src/starter.rs b/nexus/test-utils/src/starter.rs index d045fe79671..2505affcf4a 100644 --- a/nexus/test-utils/src/starter.rs +++ b/nexus/test-utils/src/starter.rs @@ -977,6 +977,7 @@ impl<'a, N: NexusServer> ControlPlaneStarter<'a, N> { zones, remove_mupdate_override: None, host_phase_2: HostPhase2DesiredSlots::current_contents(), + measurements: Vec::new(), }) .await .expect("Failed to configure sled agent {sled_id} with zones"); diff --git a/nexus/types/src/deployment.rs b/nexus/types/src/deployment.rs index 4216d5696cb..315496c6905 100644 --- a/nexus/types/src/deployment.rs +++ b/nexus/types/src/deployment.rs @@ -1117,6 +1117,7 @@ impl BlueprintSledConfig { .collect(), remove_mupdate_override: self.remove_mupdate_override, host_phase_2: self.host_phase_2.into(), + measurements: Vec::new(), } } diff --git a/nexus/types/src/inventory/display.rs b/nexus/types/src/inventory/display.rs index 163f8744c79..ecabdbf9716 100644 --- a/nexus/types/src/inventory/display.rs +++ b/nexus/types/src/inventory/display.rs @@ -736,6 +736,7 @@ fn display_sleds( zones, boot_partitions, remove_mupdate_override, + measurements, } = last_reconciliation; display_boot_partition_contents(boot_partitions, &mut indented)?; @@ -856,6 +857,16 @@ fn display_sleds( } } } + + writeln!(indented, "reference measurements:")?; + let mut indent2 = IndentWriter::new(" ", &mut indented); + if measurements.is_empty() { + writeln!(indent2, "(measurement set is empty)")?; + } else { + for m in measurements { + writeln!(indent2, "{}", m.display())?; + } + } } write!(indented, "reconciler task status: ")?; @@ -1134,6 +1145,7 @@ fn display_sled_config( zones, remove_mupdate_override, host_phase_2, + measurements, } = config; writeln!(f, "\n{label} SLED CONFIG")?; @@ -1256,6 +1268,26 @@ fn display_sled_config( writeln!(indented, "{table}")?; } + if measurements.is_empty() { + writeln!(indented, "measurement empty")?; + } else { + #[derive(Tabled)] + #[tabled(rename_all = "SCREAMING_SNAKE_CASE")] + struct MeasurementRow { + hash: String, + } + + let rows = measurements + .iter() + .map(|m| MeasurementRow { hash: format!("artifact {}", m.hash) }); + let table = tabled::Table::new(rows) + .with(tabled::settings::Style::empty()) + .with(tabled::settings::Padding::new(2, 1, 0, 0)) + .to_string(); + writeln!(indented, "MEASUREMENTS: {}", zones.len())?; + writeln!(indented, "{table}")?; + } + Ok(()) } diff --git a/openapi/sled-agent/sled-agent-14.0.0-973211.json b/openapi/sled-agent/sled-agent-14.0.0-973211.json new file mode 100644 index 00000000000..8cf53b085f6 --- /dev/null +++ b/openapi/sled-agent/sled-agent-14.0.0-973211.json @@ -0,0 +1,10197 @@ +{ + "openapi": "3.0.3", + "info": { + "title": "Oxide Sled Agent API", + "description": "API for interacting with individual sleds", + "contact": { + "url": "https://oxide.computer", + "email": "api@oxide.computer" + }, + "version": "14.0.0" + }, + "paths": { + "/artifacts": { + "get": { + "operationId": "artifact_list", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArtifactListResponse" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/artifacts/{sha256}": { + "put": { + "operationId": "artifact_put", + "parameters": [ + { + "in": "path", + "name": "sha256", + "required": true, + "schema": { + "type": "string", + "format": "hex string (32 bytes)" + } + }, + { + "in": "query", + "name": "generation", + "required": true, + "schema": { + "$ref": "#/components/schemas/Generation" + } + } + ], + "requestBody": { + "content": { + "application/octet-stream": { + "schema": { + "type": "string", + "format": "binary" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArtifactPutResponse" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/artifacts/{sha256}/copy-from-depot": { + "post": { + "operationId": "artifact_copy_from_depot", + "parameters": [ + { + "in": "path", + "name": "sha256", + "required": true, + "schema": { + "type": "string", + "format": "hex string (32 bytes)" + } + }, + { + "in": "query", + "name": "generation", + "required": true, + "schema": { + "$ref": "#/components/schemas/Generation" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArtifactCopyFromDepotBody" + } + } + }, + "required": true + }, + "responses": { + "202": { + "description": "successfully enqueued operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArtifactCopyFromDepotResponse" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/artifacts-config": { + "get": { + "operationId": "artifact_config_get", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArtifactConfig" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "put": { + "operationId": "artifact_config_put", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ArtifactConfig" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/bootstore/status": { + "get": { + "summary": "Get the internal state of the local bootstore node", + "operationId": "bootstore_status", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/BootstoreStatus" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/debug/switch-zone-policy": { + "get": { + "summary": "A debugging endpoint only used by `omdb` that allows us to test", + "description": "restarting the switch zone without restarting sled-agent. See for context.", + "operationId": "debug_operator_switch_zone_policy_get", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OperatorSwitchZonePolicy" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "put": { + "summary": "A debugging endpoint only used by `omdb` that allows us to test", + "description": "restarting the switch zone without restarting sled-agent. See for context.\n\nSetting the switch zone policy is asynchronous and inherently racy with the standard process of starting the switch zone. If the switch zone is in the process of being started or stopped when this policy is changed, the new policy may not take effect until that transition completes.", + "operationId": "debug_operator_switch_zone_policy_put", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OperatorSwitchZonePolicy" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/disks/{disk_id}": { + "put": { + "operationId": "disk_put", + "parameters": [ + { + "in": "path", + "name": "disk_id", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DiskEnsureBody" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DiskRuntimeState" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/eip-gateways": { + "put": { + "summary": "Update per-NIC IP address <-> internet gateway mappings.", + "operationId": "set_eip_gateways", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExternalIpGatewayMap" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/inventory": { + "get": { + "summary": "Fetch basic information about this sled", + "operationId": "inventory", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Inventory" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/local-storage/{zpool_id}/{dataset_id}": { + "post": { + "summary": "Create a local storage dataset", + "operationId": "local_storage_dataset_ensure", + "parameters": [ + { + "in": "path", + "name": "dataset_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/ExternalZpoolUuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/LocalStorageDatasetEnsureRequest" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "delete": { + "summary": "Delete a local storage dataset", + "operationId": "local_storage_dataset_delete", + "parameters": [ + { + "in": "path", + "name": "dataset_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/ExternalZpoolUuid" + } + } + ], + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/network-bootstore-config": { + "get": { + "summary": "This API endpoint is only reading the local sled agent's view of the", + "description": "bootstore. The boostore is a distributed data store that is eventually consistent. Reads from individual nodes may not represent the latest state.", + "operationId": "read_network_bootstore_config_cache", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/EarlyNetworkConfig" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "put": { + "operationId": "write_network_bootstore_config", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/EarlyNetworkConfig" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/omicron-config": { + "put": { + "operationId": "omicron_config_put", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OmicronSledConfig" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/probes": { + "put": { + "summary": "Update the entire set of probe zones on this sled.", + "description": "Probe zones are used to debug networking configuration. They look similar to instances, in that they have an OPTE port on a VPC subnet and external addresses, but no actual VM.", + "operationId": "probes_put", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ProbeSet" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/sled-identifiers": { + "get": { + "summary": "Fetch sled identifiers", + "operationId": "sled_identifiers", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SledIdentifiers" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/sleds": { + "put": { + "summary": "Add a sled to a rack that was already initialized via RSS", + "operationId": "sled_add", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AddSledRequest" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support/dladm-info": { + "get": { + "operationId": "support_dladm_info", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_SledDiagnosticsQueryOutput", + "type": "array", + "items": { + "$ref": "#/components/schemas/SledDiagnosticsQueryOutput" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support/health-check": { + "get": { + "operationId": "support_health_check", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_SledDiagnosticsQueryOutput", + "type": "array", + "items": { + "$ref": "#/components/schemas/SledDiagnosticsQueryOutput" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support/ipadm-info": { + "get": { + "operationId": "support_ipadm_info", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_SledDiagnosticsQueryOutput", + "type": "array", + "items": { + "$ref": "#/components/schemas/SledDiagnosticsQueryOutput" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support/logs/download/{zone}": { + "get": { + "summary": "This endpoint returns a zip file of a zone's logs organized by service.", + "operationId": "support_logs_download", + "parameters": [ + { + "in": "path", + "name": "zone", + "description": "The zone for which one would like to collect logs for", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "max_rotated", + "description": "The max number of rotated logs to include in the final support bundle", + "required": true, + "schema": { + "type": "integer", + "format": "uint", + "minimum": 0 + } + } + ], + "responses": { + "default": { + "description": "", + "content": { + "*/*": { + "schema": {} + } + } + } + } + } + }, + "/support/logs/zones": { + "get": { + "summary": "This endpoint returns a list of known zones on a sled that have service", + "description": "logs that can be collected into a support bundle.", + "operationId": "support_logs", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_String", + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support/nvmeadm-info": { + "get": { + "operationId": "support_nvmeadm_info", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SledDiagnosticsQueryOutput" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support/pargs-info": { + "get": { + "operationId": "support_pargs_info", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_SledDiagnosticsQueryOutput", + "type": "array", + "items": { + "$ref": "#/components/schemas/SledDiagnosticsQueryOutput" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support/pfiles-info": { + "get": { + "operationId": "support_pfiles_info", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_SledDiagnosticsQueryOutput", + "type": "array", + "items": { + "$ref": "#/components/schemas/SledDiagnosticsQueryOutput" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support/pstack-info": { + "get": { + "operationId": "support_pstack_info", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_SledDiagnosticsQueryOutput", + "type": "array", + "items": { + "$ref": "#/components/schemas/SledDiagnosticsQueryOutput" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support/zfs-info": { + "get": { + "operationId": "support_zfs_info", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SledDiagnosticsQueryOutput" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support/zoneadm-info": { + "get": { + "operationId": "support_zoneadm_info", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SledDiagnosticsQueryOutput" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support/zpool-info": { + "get": { + "operationId": "support_zpool_info", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SledDiagnosticsQueryOutput" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support-bundles/{zpool_id}/{dataset_id}": { + "get": { + "summary": "List all support bundles within a particular dataset", + "operationId": "support_bundle_list", + "parameters": [ + { + "in": "path", + "name": "dataset_id", + "description": "The dataset on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "description": "The zpool on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/ZpoolUuid" + } + } + ], + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_SupportBundleMetadata", + "type": "array", + "items": { + "$ref": "#/components/schemas/SupportBundleMetadata" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support-bundles/{zpool_id}/{dataset_id}/{support_bundle_id}": { + "post": { + "summary": "Starts creation of a support bundle within a particular dataset", + "description": "Callers should transfer chunks of the bundle with \"support_bundle_transfer\", and then call \"support_bundle_finalize\" once the bundle has finished transferring.\n\nIf a support bundle was previously created without being finalized successfully, this endpoint will reset the state.\n\nIf a support bundle was previously created and finalized successfully, this endpoint will return metadata indicating that it already exists.", + "operationId": "support_bundle_start_creation", + "parameters": [ + { + "in": "path", + "name": "dataset_id", + "description": "The dataset on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "support_bundle_id", + "description": "The ID of the support bundle itself", + "required": true, + "schema": { + "$ref": "#/components/schemas/SupportBundleUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "description": "The zpool on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/ZpoolUuid" + } + } + ], + "responses": { + "201": { + "description": "successful creation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SupportBundleMetadata" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "delete": { + "summary": "Delete a support bundle from a particular dataset", + "operationId": "support_bundle_delete", + "parameters": [ + { + "in": "path", + "name": "dataset_id", + "description": "The dataset on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "support_bundle_id", + "description": "The ID of the support bundle itself", + "required": true, + "schema": { + "$ref": "#/components/schemas/SupportBundleUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "description": "The zpool on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/ZpoolUuid" + } + } + ], + "responses": { + "204": { + "description": "successful deletion" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support-bundles/{zpool_id}/{dataset_id}/{support_bundle_id}/download": { + "get": { + "summary": "Fetch a support bundle from a particular dataset", + "operationId": "support_bundle_download", + "parameters": [ + { + "in": "header", + "name": "range", + "description": "A request to access a portion of the resource, such as `bytes=0-499`\n\nSee: ", + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "dataset_id", + "description": "The dataset on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "support_bundle_id", + "description": "The ID of the support bundle itself", + "required": true, + "schema": { + "$ref": "#/components/schemas/SupportBundleUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "description": "The zpool on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/ZpoolUuid" + } + } + ], + "responses": { + "default": { + "description": "", + "content": { + "*/*": { + "schema": {} + } + } + } + } + }, + "head": { + "summary": "Fetch metadata about a support bundle from a particular dataset", + "operationId": "support_bundle_head", + "parameters": [ + { + "in": "header", + "name": "range", + "description": "A request to access a portion of the resource, such as `bytes=0-499`\n\nSee: ", + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "dataset_id", + "description": "The dataset on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "support_bundle_id", + "description": "The ID of the support bundle itself", + "required": true, + "schema": { + "$ref": "#/components/schemas/SupportBundleUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "description": "The zpool on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/ZpoolUuid" + } + } + ], + "responses": { + "default": { + "description": "", + "content": { + "*/*": { + "schema": {} + } + } + } + } + } + }, + "/support-bundles/{zpool_id}/{dataset_id}/{support_bundle_id}/download/{file}": { + "get": { + "summary": "Fetch a file within a support bundle from a particular dataset", + "operationId": "support_bundle_download_file", + "parameters": [ + { + "in": "header", + "name": "range", + "description": "A request to access a portion of the resource, such as `bytes=0-499`\n\nSee: ", + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "dataset_id", + "description": "The dataset on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "file", + "description": "The path of the file within the support bundle to query", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "support_bundle_id", + "description": "The ID of the support bundle itself", + "required": true, + "schema": { + "$ref": "#/components/schemas/SupportBundleUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "description": "The zpool on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/ZpoolUuid" + } + } + ], + "responses": { + "default": { + "description": "", + "content": { + "*/*": { + "schema": {} + } + } + } + } + }, + "head": { + "summary": "Fetch metadata about a file within a support bundle from a particular dataset", + "operationId": "support_bundle_head_file", + "parameters": [ + { + "in": "header", + "name": "range", + "description": "A request to access a portion of the resource, such as `bytes=0-499`\n\nSee: ", + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "dataset_id", + "description": "The dataset on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "file", + "description": "The path of the file within the support bundle to query", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "support_bundle_id", + "description": "The ID of the support bundle itself", + "required": true, + "schema": { + "$ref": "#/components/schemas/SupportBundleUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "description": "The zpool on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/ZpoolUuid" + } + } + ], + "responses": { + "default": { + "description": "", + "content": { + "*/*": { + "schema": {} + } + } + } + } + } + }, + "/support-bundles/{zpool_id}/{dataset_id}/{support_bundle_id}/finalize": { + "post": { + "summary": "Finalizes the creation of a support bundle", + "description": "If the requested hash matched the bundle, the bundle is created. Otherwise, an error is returned.", + "operationId": "support_bundle_finalize", + "parameters": [ + { + "in": "path", + "name": "dataset_id", + "description": "The dataset on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "support_bundle_id", + "description": "The ID of the support bundle itself", + "required": true, + "schema": { + "$ref": "#/components/schemas/SupportBundleUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "description": "The zpool on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/ZpoolUuid" + } + }, + { + "in": "query", + "name": "hash", + "required": true, + "schema": { + "type": "string", + "format": "hex string (32 bytes)" + } + } + ], + "responses": { + "201": { + "description": "successful creation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SupportBundleMetadata" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/support-bundles/{zpool_id}/{dataset_id}/{support_bundle_id}/index": { + "get": { + "summary": "Fetch the index (list of files within a support bundle)", + "operationId": "support_bundle_index", + "parameters": [ + { + "in": "header", + "name": "range", + "description": "A request to access a portion of the resource, such as `bytes=0-499`\n\nSee: ", + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "dataset_id", + "description": "The dataset on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "support_bundle_id", + "description": "The ID of the support bundle itself", + "required": true, + "schema": { + "$ref": "#/components/schemas/SupportBundleUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "description": "The zpool on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/ZpoolUuid" + } + } + ], + "responses": { + "default": { + "description": "", + "content": { + "*/*": { + "schema": {} + } + } + } + } + }, + "head": { + "summary": "Fetch metadata about the list of files within a support bundle", + "operationId": "support_bundle_head_index", + "parameters": [ + { + "in": "header", + "name": "range", + "description": "A request to access a portion of the resource, such as `bytes=0-499`\n\nSee: ", + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "dataset_id", + "description": "The dataset on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "support_bundle_id", + "description": "The ID of the support bundle itself", + "required": true, + "schema": { + "$ref": "#/components/schemas/SupportBundleUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "description": "The zpool on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/ZpoolUuid" + } + } + ], + "responses": { + "default": { + "description": "", + "content": { + "*/*": { + "schema": {} + } + } + } + } + } + }, + "/support-bundles/{zpool_id}/{dataset_id}/{support_bundle_id}/transfer": { + "put": { + "summary": "Transfers a chunk of a support bundle within a particular dataset", + "operationId": "support_bundle_transfer", + "parameters": [ + { + "in": "path", + "name": "dataset_id", + "description": "The dataset on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/DatasetUuid" + } + }, + { + "in": "path", + "name": "support_bundle_id", + "description": "The ID of the support bundle itself", + "required": true, + "schema": { + "$ref": "#/components/schemas/SupportBundleUuid" + } + }, + { + "in": "path", + "name": "zpool_id", + "description": "The zpool on which this support bundle was provisioned", + "required": true, + "schema": { + "$ref": "#/components/schemas/ZpoolUuid" + } + }, + { + "in": "query", + "name": "offset", + "required": true, + "schema": { + "type": "integer", + "format": "uint64", + "minimum": 0 + } + } + ], + "requestBody": { + "content": { + "application/octet-stream": { + "schema": { + "type": "string", + "format": "binary" + } + } + }, + "required": true + }, + "responses": { + "201": { + "description": "successful creation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SupportBundleMetadata" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/switch-ports": { + "post": { + "operationId": "uplink_ensure", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SwitchPorts" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/trust-quorum/commit": { + "put": { + "summary": "Commit a trust quorum configuration", + "operationId": "trust_quorum_commit", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CommitRequest" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/trust-quorum/configuration": { + "post": { + "summary": "Initiate a trust quorum reconfiguration", + "operationId": "trust_quorum_reconfigure", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ReconfigureMsg" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/trust-quorum/coordinator-status": { + "get": { + "summary": "Get the coordinator status if this node is coordinating a reconfiguration", + "operationId": "trust_quorum_coordinator_status", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CoordinatorStatus" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/trust-quorum/prepare-and-commit": { + "put": { + "summary": "Attempt to prepare and commit a trust quorum configuration", + "operationId": "trust_quorum_prepare_and_commit", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PrepareAndCommitRequest" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CommitStatus" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/trust-quorum/proxy/commit": { + "put": { + "summary": "Proxy a commit operation to another trust quorum node", + "operationId": "trust_quorum_proxy_commit", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ProxyCommitRequest" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/trust-quorum/proxy/prepare-and-commit": { + "put": { + "summary": "Proxy a prepare-and-commit operation to another trust quorum node", + "operationId": "trust_quorum_proxy_prepare_and_commit", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ProxyPrepareAndCommitRequest" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CommitStatus" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/trust-quorum/proxy/status": { + "get": { + "summary": "Proxy a status request to another trust quorum node", + "operationId": "trust_quorum_proxy_status", + "parameters": [ + { + "in": "query", + "name": "part_number", + "description": "Oxide Part Number", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "serial_number", + "description": "Serial number (unique for a given part number)", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NodeStatus" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/trust-quorum/upgrade": { + "post": { + "summary": "Initiate an upgrade from LRTQ", + "operationId": "trust_quorum_upgrade_from_lrtq", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/LrtqUpgradeMsg" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/v2p": { + "get": { + "summary": "List v2p mappings present on sled", + "operationId": "list_v2p", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_VirtualNetworkInterfaceHost", + "type": "array", + "items": { + "$ref": "#/components/schemas/VirtualNetworkInterfaceHost" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "put": { + "summary": "Create a mapping from a virtual NIC to a physical host", + "operationId": "set_v2p", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VirtualNetworkInterfaceHost" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "delete": { + "summary": "Delete a mapping from a virtual NIC to a physical host", + "operationId": "del_v2p", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VirtualNetworkInterfaceHost" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/vmms/{propolis_id}": { + "put": { + "operationId": "vmm_register", + "parameters": [ + { + "in": "path", + "name": "propolis_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/PropolisUuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InstanceEnsureBody" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SledVmmState" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "delete": { + "operationId": "vmm_unregister", + "parameters": [ + { + "in": "path", + "name": "propolis_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/PropolisUuid" + } + } + ], + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VmmUnregisterResponse" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/vmms/{propolis_id}/disks/{disk_id}/snapshot": { + "post": { + "summary": "Take a snapshot of a disk that is attached to an instance", + "operationId": "vmm_issue_disk_snapshot_request", + "parameters": [ + { + "in": "path", + "name": "disk_id", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + }, + { + "in": "path", + "name": "propolis_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/PropolisUuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VmmIssueDiskSnapshotRequestBody" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VmmIssueDiskSnapshotRequestResponse" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/vmms/{propolis_id}/external-ip": { + "put": { + "operationId": "vmm_put_external_ip", + "parameters": [ + { + "in": "path", + "name": "propolis_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/PropolisUuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InstanceExternalIpBody" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "delete": { + "operationId": "vmm_delete_external_ip", + "parameters": [ + { + "in": "path", + "name": "propolis_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/PropolisUuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InstanceExternalIpBody" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/vmms/{propolis_id}/multicast-group": { + "put": { + "operationId": "vmm_join_multicast_group", + "parameters": [ + { + "in": "path", + "name": "propolis_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/PropolisUuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InstanceMulticastBody" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "delete": { + "operationId": "vmm_leave_multicast_group", + "parameters": [ + { + "in": "path", + "name": "propolis_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/PropolisUuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InstanceMulticastBody" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/vmms/{propolis_id}/state": { + "get": { + "operationId": "vmm_get_state", + "parameters": [ + { + "in": "path", + "name": "propolis_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/PropolisUuid" + } + } + ], + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SledVmmState" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "put": { + "operationId": "vmm_put_state", + "parameters": [ + { + "in": "path", + "name": "propolis_id", + "required": true, + "schema": { + "$ref": "#/components/schemas/PropolisUuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VmmPutStateBody" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VmmPutStateResponse" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/vpc/{vpc_id}/firewall/rules": { + "put": { + "operationId": "vpc_firewall_rules_put", + "parameters": [ + { + "in": "path", + "name": "vpc_id", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VpcFirewallRulesEnsureBody" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/vpc-routes": { + "get": { + "summary": "Get the current versions of VPC routing rules.", + "operationId": "list_vpc_routes", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_ResolvedVpcRouteState", + "type": "array", + "items": { + "$ref": "#/components/schemas/ResolvedVpcRouteState" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "put": { + "summary": "Update VPC routing rules.", + "operationId": "set_vpc_routes", + "requestBody": { + "content": { + "application/json": { + "schema": { + "title": "Array_of_ResolvedVpcRouteSet", + "type": "array", + "items": { + "$ref": "#/components/schemas/ResolvedVpcRouteSet" + } + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/zones": { + "get": { + "summary": "List the zones that are currently managed by the sled agent.", + "operationId": "zones_list", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_String", + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/zones/bundle-cleanup": { + "post": { + "summary": "Trigger a zone bundle cleanup.", + "operationId": "zone_bundle_cleanup", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Map_of_CleanupCount", + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/CleanupCount" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/zones/bundle-cleanup/context": { + "get": { + "summary": "Return context used by the zone-bundle cleanup task.", + "operationId": "zone_bundle_cleanup_context", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CleanupContext" + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "put": { + "summary": "Update context used by the zone-bundle cleanup task.", + "operationId": "zone_bundle_cleanup_context_update", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CleanupContextUpdate" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "resource updated" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/zones/bundle-cleanup/utilization": { + "get": { + "summary": "Return utilization information about all zone bundles.", + "operationId": "zone_bundle_utilization", + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Map_of_BundleUtilization", + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/BundleUtilization" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/zones/bundles": { + "get": { + "summary": "List all zone bundles that exist, even for now-deleted zones.", + "operationId": "zone_bundle_list_all", + "parameters": [ + { + "in": "query", + "name": "filter", + "description": "An optional substring used to filter zone bundles.", + "schema": { + "nullable": true, + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_ZoneBundleMetadata", + "type": "array", + "items": { + "$ref": "#/components/schemas/ZoneBundleMetadata" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/zones/bundles/{zone_name}": { + "get": { + "summary": "List the zone bundles that are available for a running zone.", + "operationId": "zone_bundle_list", + "parameters": [ + { + "in": "path", + "name": "zone_name", + "description": "The name of the zone.", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json": { + "schema": { + "title": "Array_of_ZoneBundleMetadata", + "type": "array", + "items": { + "$ref": "#/components/schemas/ZoneBundleMetadata" + } + } + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + }, + "/zones/bundles/{zone_name}/{bundle_id}": { + "get": { + "summary": "Fetch the binary content of a single zone bundle.", + "operationId": "zone_bundle_get", + "parameters": [ + { + "in": "path", + "name": "bundle_id", + "description": "The ID for this bundle itself.", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + }, + { + "in": "path", + "name": "zone_name", + "description": "The name of the zone this bundle is derived from.", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "", + "content": { + "*/*": { + "schema": {} + } + } + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + }, + "delete": { + "summary": "Delete a zone bundle.", + "operationId": "zone_bundle_delete", + "parameters": [ + { + "in": "path", + "name": "bundle_id", + "description": "The ID for this bundle itself.", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + }, + { + "in": "path", + "name": "zone_name", + "description": "The name of the zone this bundle is derived from.", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "successful deletion" + }, + "4XX": { + "$ref": "#/components/responses/Error" + }, + "5XX": { + "$ref": "#/components/responses/Error" + } + } + } + } + }, + "components": { + "schemas": { + "AddSledRequest": { + "description": "A request to Add a given sled after rack initialization has occurred", + "type": "object", + "properties": { + "sled_id": { + "$ref": "#/components/schemas/BaseboardId" + }, + "start_request": { + "$ref": "#/components/schemas/StartSledAgentRequest" + } + }, + "required": [ + "sled_id", + "start_request" + ] + }, + "Alarm": { + "description": "An alarm indicating a protocol invariant violation.", + "oneOf": [ + { + "description": "Different configurations found for the same epoch.\n\nReason: Nexus creates configurations and stores them in CRDB before sending them to a coordinator of its choosing. Nexus will not send the same reconfiguration request to different coordinators. If it does those coordinators will generate different key shares. However, since Nexus will not tell different nodes to coordinate the same configuration, this state should be impossible to reach.", + "type": "object", + "properties": { + "mismatched_configurations": { + "type": "object", + "properties": { + "config1": { + "$ref": "#/components/schemas/Configuration" + }, + "config2": { + "$ref": "#/components/schemas/Configuration" + }, + "from": { + "description": "Either a stringified `BaseboardId` or \"Nexus\".", + "type": "string" + } + }, + "required": [ + "config1", + "config2", + "from" + ] + } + }, + "required": [ + "mismatched_configurations" + ], + "additionalProperties": false + }, + { + "description": "The `keyShareComputer` could not compute this node's share.\n\nReason: A threshold of valid key shares were received based on the the share digests in the Configuration. However, computation of the share still failed. This should be impossible.", + "type": "object", + "properties": { + "share_computation_failed": { + "type": "object", + "properties": { + "epoch": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "err": { + "$ref": "#/components/schemas/CombineError" + } + }, + "required": [ + "epoch", + "err" + ] + } + }, + "required": [ + "share_computation_failed" + ], + "additionalProperties": false + }, + { + "description": "We started collecting shares for a committed configuration, but we no longer have that configuration in our persistent state.", + "type": "object", + "properties": { + "committed_configuration_lost": { + "type": "object", + "properties": { + "collecting_epoch": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "latest_committed_epoch": { + "type": "integer", + "format": "uint64", + "minimum": 0 + } + }, + "required": [ + "collecting_epoch", + "latest_committed_epoch" + ] + } + }, + "required": [ + "committed_configuration_lost" + ], + "additionalProperties": false + }, + { + "description": "Decrypting the encrypted rack secrets failed when presented with a `valid` RackSecret.\n\n`Configuration` membership contains the hashes of each valid share. All shares utilized to reconstruct the rack secret were validated against these hashes, and the rack secret was reconstructed. However, using the rack secret to derive encryption keys and decrypt the secrets from old configurations still failed. This should never be possible, and therefore we raise an alarm.", + "type": "object", + "properties": { + "rack_secret_decryption_failed": { + "type": "object", + "properties": { + "epoch": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "err": { + "$ref": "#/components/schemas/DecryptionError" + } + }, + "required": [ + "epoch", + "err" + ] + } + }, + "required": [ + "rack_secret_decryption_failed" + ], + "additionalProperties": false + }, + { + "description": "Reconstructing the rack secret failed when presented with `valid` shares.\n\n`Configuration` membership contains the hashes of each valid share. All shares utilized to reconstruct the rack secret were validated against these hashes, and yet, the reconstruction still failed. This indicates either a bit flip in a share after validation, or, more likely, an invalid hash.", + "type": "object", + "properties": { + "rack_secret_reconstruction_failed": { + "type": "object", + "properties": { + "epoch": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "err": { + "$ref": "#/components/schemas/RackSecretReconstructError" + } + }, + "required": [ + "epoch", + "err" + ] + } + }, + "required": [ + "rack_secret_reconstruction_failed" + ], + "additionalProperties": false + } + ] + }, + "ArtifactConfig": { + "description": "Artifact configuration.\n\nThis type is used in both GET (response) and PUT (request) operations.", + "type": "object", + "properties": { + "artifacts": { + "type": "array", + "items": { + "type": "string", + "format": "hex string (32 bytes)" + }, + "uniqueItems": true + }, + "generation": { + "$ref": "#/components/schemas/Generation" + } + }, + "required": [ + "artifacts", + "generation" + ] + }, + "ArtifactCopyFromDepotBody": { + "description": "Request body for copying artifacts from a depot.", + "type": "object", + "properties": { + "depot_base_url": { + "type": "string" + } + }, + "required": [ + "depot_base_url" + ] + }, + "ArtifactCopyFromDepotResponse": { + "description": "Response for copying artifacts from a depot.", + "type": "object" + }, + "ArtifactListResponse": { + "description": "Response for listing artifacts.", + "type": "object", + "properties": { + "generation": { + "$ref": "#/components/schemas/Generation" + }, + "list": { + "type": "object", + "additionalProperties": { + "type": "integer", + "format": "uint", + "minimum": 0 + } + } + }, + "required": [ + "generation", + "list" + ] + }, + "ArtifactPutResponse": { + "description": "Response for putting an artifact.", + "type": "object", + "properties": { + "datasets": { + "description": "The number of valid M.2 artifact datasets we found on the sled. There is typically one of these datasets for each functional M.2.", + "type": "integer", + "format": "uint", + "minimum": 0 + }, + "successful_writes": { + "description": "The number of valid writes to the M.2 artifact datasets. This should be less than or equal to the number of artifact datasets.", + "type": "integer", + "format": "uint", + "minimum": 0 + } + }, + "required": [ + "datasets", + "successful_writes" + ] + }, + "Baseboard": { + "description": "Describes properties that should uniquely identify a Gimlet.", + "oneOf": [ + { + "type": "object", + "properties": { + "identifier": { + "type": "string" + }, + "model": { + "type": "string" + }, + "revision": { + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "type": { + "type": "string", + "enum": [ + "gimlet" + ] + } + }, + "required": [ + "identifier", + "model", + "revision", + "type" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "unknown" + ] + } + }, + "required": [ + "type" + ] + }, + { + "type": "object", + "properties": { + "identifier": { + "type": "string" + }, + "model": { + "type": "string" + }, + "type": { + "type": "string", + "enum": [ + "pc" + ] + } + }, + "required": [ + "identifier", + "model", + "type" + ] + } + ] + }, + "BaseboardId": { + "description": "A representation of a Baseboard ID as used in the inventory subsystem.\n\nThis type is essentially the same as a `Baseboard` except it doesn't have a revision or HW type (Gimlet, PC, Unknown).", + "type": "object", + "properties": { + "part_number": { + "description": "Oxide Part Number", + "type": "string" + }, + "serial_number": { + "description": "Serial number (unique for a given part number)", + "type": "string" + } + }, + "required": [ + "part_number", + "serial_number" + ] + }, + "BfdMode": { + "description": "BFD connection mode.", + "type": "string", + "enum": [ + "single_hop", + "multi_hop" + ] + }, + "BfdPeerConfig": { + "type": "object", + "properties": { + "detection_threshold": { + "type": "integer", + "format": "uint8", + "minimum": 0 + }, + "local": { + "nullable": true, + "type": "string", + "format": "ip" + }, + "mode": { + "$ref": "#/components/schemas/BfdMode" + }, + "remote": { + "type": "string", + "format": "ip" + }, + "required_rx": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "switch": { + "$ref": "#/components/schemas/SwitchLocation" + } + }, + "required": [ + "detection_threshold", + "mode", + "remote", + "required_rx", + "switch" + ] + }, + "BgpConfig": { + "type": "object", + "properties": { + "asn": { + "description": "The autonomous system number for the BGP configuration.", + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "checker": { + "nullable": true, + "description": "Checker to apply to incoming messages.", + "default": null, + "type": "string" + }, + "originate": { + "description": "The set of prefixes for the BGP router to originate.", + "type": "array", + "items": { + "$ref": "#/components/schemas/Ipv4Net" + } + }, + "shaper": { + "nullable": true, + "description": "Shaper to apply to outgoing messages.", + "default": null, + "type": "string" + } + }, + "required": [ + "asn", + "originate" + ] + }, + "BgpPeerConfig": { + "type": "object", + "properties": { + "addr": { + "description": "Address of the peer.", + "type": "string", + "format": "ipv4" + }, + "allowed_export": { + "description": "Define export policy for a peer.", + "default": { + "type": "no_filtering" + }, + "allOf": [ + { + "$ref": "#/components/schemas/ImportExportPolicy" + } + ] + }, + "allowed_import": { + "description": "Define import policy for a peer.", + "default": { + "type": "no_filtering" + }, + "allOf": [ + { + "$ref": "#/components/schemas/ImportExportPolicy" + } + ] + }, + "asn": { + "description": "The autonomous system number of the router the peer belongs to.", + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "communities": { + "description": "Include the provided communities in updates sent to the peer.", + "default": [], + "type": "array", + "items": { + "type": "integer", + "format": "uint32", + "minimum": 0 + } + }, + "connect_retry": { + "nullable": true, + "description": "The interval in seconds between peer connection retry attempts.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "delay_open": { + "nullable": true, + "description": "How long to delay sending open messages to a peer. In seconds.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "enforce_first_as": { + "description": "Enforce that the first AS in paths received from this peer is the peer's AS.", + "default": false, + "type": "boolean" + }, + "hold_time": { + "nullable": true, + "description": "How long to keep a session alive without a keepalive in seconds. Defaults to 6.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "idle_hold_time": { + "nullable": true, + "description": "How long to keep a peer in idle after a state machine reset in seconds.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "keepalive": { + "nullable": true, + "description": "The interval to send keepalive messages at.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "local_pref": { + "nullable": true, + "description": "Apply a local preference to routes received from this peer.", + "default": null, + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "md5_auth_key": { + "nullable": true, + "description": "Use the given key for TCP-MD5 authentication with the peer.", + "default": null, + "type": "string" + }, + "min_ttl": { + "nullable": true, + "description": "Require messages from a peer have a minimum IP time to live field.", + "default": null, + "type": "integer", + "format": "uint8", + "minimum": 0 + }, + "multi_exit_discriminator": { + "nullable": true, + "description": "Apply the provided multi-exit discriminator (MED) updates sent to the peer.", + "default": null, + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "port": { + "description": "Switch port the peer is reachable on.", + "type": "string" + }, + "remote_asn": { + "nullable": true, + "description": "Require that a peer has a specified ASN.", + "default": null, + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "vlan_id": { + "nullable": true, + "description": "Associate a VLAN ID with a BGP peer session.", + "default": null, + "type": "integer", + "format": "uint16", + "minimum": 0 + } + }, + "required": [ + "addr", + "asn", + "port" + ] + }, + "BlobStorageBackend": { + "description": "A storage backend for a disk whose initial contents are given explicitly by the specification.", + "type": "object", + "properties": { + "base64": { + "description": "The disk's initial contents, encoded as a base64 string.", + "type": "string" + }, + "readonly": { + "description": "Indicates whether the storage is read-only.", + "type": "boolean" + } + }, + "required": [ + "base64", + "readonly" + ], + "additionalProperties": false + }, + "Board": { + "description": "A VM's mainboard.", + "type": "object", + "properties": { + "chipset": { + "description": "The chipset to expose to guest software.", + "allOf": [ + { + "$ref": "#/components/schemas/Chipset" + } + ] + }, + "cpuid": { + "nullable": true, + "description": "The CPUID values to expose to the guest. If `None`, bhyve will derive default values from the host's CPUID values.", + "allOf": [ + { + "$ref": "#/components/schemas/Cpuid" + } + ] + }, + "cpus": { + "description": "The number of virtual logical processors attached to this VM.", + "type": "integer", + "format": "uint8", + "minimum": 0 + }, + "guest_hv_interface": { + "description": "The hypervisor platform to expose to the guest. The default is a bhyve-compatible interface with no additional features.\n\nFor compatibility with older versions of Propolis, this field is only serialized if it specifies a non-default interface.", + "allOf": [ + { + "$ref": "#/components/schemas/GuestHypervisorInterface" + } + ] + }, + "memory_mb": { + "description": "The amount of guest RAM attached to this VM.", + "type": "integer", + "format": "uint64", + "minimum": 0 + } + }, + "required": [ + "chipset", + "cpus", + "memory_mb" + ], + "additionalProperties": false + }, + "BootImageHeader": { + "type": "object", + "properties": { + "data_size": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "flags": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "image_name": { + "type": "string" + }, + "image_size": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "sha256": { + "type": "array", + "items": { + "type": "integer", + "format": "uint8", + "minimum": 0 + }, + "minItems": 32, + "maxItems": 32 + }, + "target_size": { + "type": "integer", + "format": "uint64", + "minimum": 0 + } + }, + "required": [ + "data_size", + "flags", + "image_name", + "image_size", + "sha256", + "target_size" + ] + }, + "BootOrderEntry": { + "description": "An entry in the boot order stored in a [`BootSettings`] component.", + "type": "object", + "properties": { + "id": { + "description": "The ID of another component in the spec that Propolis should try to boot from.\n\nCurrently, only disk device components are supported.", + "allOf": [ + { + "$ref": "#/components/schemas/SpecKey" + } + ] + } + }, + "required": [ + "id" + ] + }, + "BootPartitionContents": { + "type": "object", + "properties": { + "boot_disk": { + "x-rust-type": { + "crate": "std", + "parameters": [ + { + "$ref": "#/components/schemas/M2Slot" + }, + { + "type": "string" + } + ], + "path": "::std::result::Result", + "version": "*" + }, + "oneOf": [ + { + "type": "object", + "properties": { + "ok": { + "$ref": "#/components/schemas/M2Slot" + } + }, + "required": [ + "ok" + ] + }, + { + "type": "object", + "properties": { + "err": { + "type": "string" + } + }, + "required": [ + "err" + ] + } + ] + }, + "slot_a": { + "x-rust-type": { + "crate": "std", + "parameters": [ + { + "$ref": "#/components/schemas/BootPartitionDetails" + }, + { + "type": "string" + } + ], + "path": "::std::result::Result", + "version": "*" + }, + "oneOf": [ + { + "type": "object", + "properties": { + "ok": { + "$ref": "#/components/schemas/BootPartitionDetails" + } + }, + "required": [ + "ok" + ] + }, + { + "type": "object", + "properties": { + "err": { + "type": "string" + } + }, + "required": [ + "err" + ] + } + ] + }, + "slot_b": { + "x-rust-type": { + "crate": "std", + "parameters": [ + { + "$ref": "#/components/schemas/BootPartitionDetails" + }, + { + "type": "string" + } + ], + "path": "::std::result::Result", + "version": "*" + }, + "oneOf": [ + { + "type": "object", + "properties": { + "ok": { + "$ref": "#/components/schemas/BootPartitionDetails" + } + }, + "required": [ + "ok" + ] + }, + { + "type": "object", + "properties": { + "err": { + "type": "string" + } + }, + "required": [ + "err" + ] + } + ] + } + }, + "required": [ + "boot_disk", + "slot_a", + "slot_b" + ] + }, + "BootPartitionDetails": { + "type": "object", + "properties": { + "artifact_hash": { + "type": "string", + "format": "hex string (32 bytes)" + }, + "artifact_size": { + "type": "integer", + "format": "uint", + "minimum": 0 + }, + "header": { + "$ref": "#/components/schemas/BootImageHeader" + } + }, + "required": [ + "artifact_hash", + "artifact_size", + "header" + ] + }, + "BootSettings": { + "description": "Settings supplied to the guest's firmware image that specify the order in which it should consider its options when selecting a device to try to boot from.", + "type": "object", + "properties": { + "order": { + "description": "An ordered list of components to attempt to boot from.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BootOrderEntry" + } + } + }, + "required": [ + "order" + ], + "additionalProperties": false + }, + "BootstoreStatus": { + "description": "Status of the local bootstore node.", + "type": "object", + "properties": { + "accepted_connections": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true + }, + "established_connections": { + "type": "array", + "items": { + "$ref": "#/components/schemas/EstablishedConnection" + } + }, + "fsm_ledger_generation": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "fsm_state": { + "type": "string" + }, + "negotiating_connections": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true + }, + "network_config_ledger_generation": { + "nullable": true, + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "peers": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true + } + }, + "required": [ + "accepted_connections", + "established_connections", + "fsm_ledger_generation", + "fsm_state", + "negotiating_connections", + "peers" + ] + }, + "BundleUtilization": { + "description": "The portion of a debug dataset used for zone bundles.", + "type": "object", + "properties": { + "bytes_available": { + "description": "The total number of bytes available for zone bundles.\n\nThis is `dataset_quota` multiplied by the context's storage limit.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "bytes_used": { + "description": "Total bundle usage, in bytes.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "dataset_quota": { + "description": "The total dataset quota, in bytes.", + "type": "integer", + "format": "uint64", + "minimum": 0 + } + }, + "required": [ + "bytes_available", + "bytes_used", + "dataset_quota" + ] + }, + "ByteCount": { + "description": "Byte count to express memory or storage capacity.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "Chipset": { + "description": "A kind of virtual chipset.", + "oneOf": [ + { + "description": "An Intel 440FX-compatible chipset.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "i440_fx" + ] + }, + "value": { + "$ref": "#/components/schemas/I440Fx" + } + }, + "required": [ + "type", + "value" + ], + "additionalProperties": false + } + ] + }, + "CleanupContext": { + "description": "Context provided for the zone bundle cleanup task.", + "type": "object", + "properties": { + "period": { + "description": "The period on which automatic checks and cleanup is performed.", + "allOf": [ + { + "$ref": "#/components/schemas/CleanupPeriod" + } + ] + }, + "priority": { + "description": "The priority ordering for keeping old bundles.", + "allOf": [ + { + "$ref": "#/components/schemas/PriorityOrder" + } + ] + }, + "storage_limit": { + "description": "The limit on the dataset quota available for zone bundles.", + "allOf": [ + { + "$ref": "#/components/schemas/StorageLimit" + } + ] + } + }, + "required": [ + "period", + "priority", + "storage_limit" + ] + }, + "CleanupContextUpdate": { + "description": "Parameters used to update the zone bundle cleanup context.", + "type": "object", + "properties": { + "period": { + "nullable": true, + "description": "The new period on which automatic cleanups are run.", + "allOf": [ + { + "$ref": "#/components/schemas/Duration" + } + ] + }, + "priority": { + "nullable": true, + "description": "The priority ordering for preserving old zone bundles.", + "allOf": [ + { + "$ref": "#/components/schemas/PriorityOrder" + } + ] + }, + "storage_limit": { + "nullable": true, + "description": "The new limit on the underlying dataset quota allowed for bundles.", + "type": "integer", + "format": "uint8", + "minimum": 0 + } + } + }, + "CleanupCount": { + "description": "The count of bundles / bytes removed during a cleanup operation.", + "type": "object", + "properties": { + "bundles": { + "description": "The number of bundles removed.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "bytes": { + "description": "The number of bytes removed.", + "type": "integer", + "format": "uint64", + "minimum": 0 + } + }, + "required": [ + "bundles", + "bytes" + ] + }, + "CleanupPeriod": { + "description": "A period on which bundles are automatically cleaned up.", + "allOf": [ + { + "$ref": "#/components/schemas/Duration" + } + ] + }, + "CombineError": { + "type": "string", + "enum": [ + "too_few_shares", + "duplicate_x_coordinates", + "invalid_share_lengths", + "invalid_share_id" + ] + }, + "CommitRequest": { + "description": "Request to commit a trust quorum configuration at a given epoch.", + "type": "object", + "properties": { + "epoch": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "rack_id": { + "$ref": "#/components/schemas/RackUuid" + } + }, + "required": [ + "epoch", + "rack_id" + ] + }, + "CommitStatus": { + "description": "Whether or not a configuration has been committed or is still underway.", + "type": "string", + "enum": [ + "committed", + "pending" + ] + }, + "ComponentV0": { + "oneOf": [ + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/VirtioDisk" + }, + "type": { + "type": "string", + "enum": [ + "virtio_disk" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/NvmeDisk" + }, + "type": { + "type": "string", + "enum": [ + "nvme_disk" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/VirtioNic" + }, + "type": { + "type": "string", + "enum": [ + "virtio_nic" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/SerialPort" + }, + "type": { + "type": "string", + "enum": [ + "serial_port" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/PciPciBridge" + }, + "type": { + "type": "string", + "enum": [ + "pci_pci_bridge" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/QemuPvpanic" + }, + "type": { + "type": "string", + "enum": [ + "qemu_pvpanic" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/BootSettings" + }, + "type": { + "type": "string", + "enum": [ + "boot_settings" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/SoftNpuPciPort" + }, + "type": { + "type": "string", + "enum": [ + "soft_npu_pci_port" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/SoftNpuPort" + }, + "type": { + "type": "string", + "enum": [ + "soft_npu_port" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/SoftNpuP9" + }, + "type": { + "type": "string", + "enum": [ + "soft_npu_p9" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/P9fs" + }, + "type": { + "type": "string", + "enum": [ + "p9fs" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/MigrationFailureInjector" + }, + "type": { + "type": "string", + "enum": [ + "migration_failure_injector" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/CrucibleStorageBackend" + }, + "type": { + "type": "string", + "enum": [ + "crucible_storage_backend" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/FileStorageBackend" + }, + "type": { + "type": "string", + "enum": [ + "file_storage_backend" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/BlobStorageBackend" + }, + "type": { + "type": "string", + "enum": [ + "blob_storage_backend" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/VirtioNetworkBackend" + }, + "type": { + "type": "string", + "enum": [ + "virtio_network_backend" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "component": { + "$ref": "#/components/schemas/DlpiNetworkBackend" + }, + "type": { + "type": "string", + "enum": [ + "dlpi_network_backend" + ] + } + }, + "required": [ + "component", + "type" + ], + "additionalProperties": false + } + ] + }, + "CompressionAlgorithm": { + "oneOf": [ + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "on" + ] + } + }, + "required": [ + "type" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "off" + ] + } + }, + "required": [ + "type" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "gzip" + ] + } + }, + "required": [ + "type" + ] + }, + { + "type": "object", + "properties": { + "level": { + "$ref": "#/components/schemas/GzipLevel" + }, + "type": { + "type": "string", + "enum": [ + "gzip_n" + ] + } + }, + "required": [ + "level", + "type" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "lz4" + ] + } + }, + "required": [ + "type" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "lzjb" + ] + } + }, + "required": [ + "type" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "zle" + ] + } + }, + "required": [ + "type" + ] + } + ] + }, + "ConfigReconcilerInventory": { + "description": "Describes the last attempt made by the sled-agent-config-reconciler to reconcile the current sled config against the actual state of the sled.", + "type": "object", + "properties": { + "boot_partitions": { + "$ref": "#/components/schemas/BootPartitionContents" + }, + "datasets": { + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/ConfigReconcilerInventoryResult" + } + }, + "external_disks": { + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/ConfigReconcilerInventoryResult" + } + }, + "last_reconciled_config": { + "$ref": "#/components/schemas/OmicronSledConfig" + }, + "measurements": { + "title": "IdOrdMap", + "x-rust-type": { + "crate": "iddqd", + "parameters": [ + { + "$ref": "#/components/schemas/ReconciledSingleMeasurement" + } + ], + "path": "iddqd::IdOrdMap", + "version": "*" + }, + "type": "array", + "items": { + "$ref": "#/components/schemas/ReconciledSingleMeasurement" + }, + "uniqueItems": true + }, + "orphaned_datasets": { + "title": "IdOrdMap", + "x-rust-type": { + "crate": "iddqd", + "parameters": [ + { + "$ref": "#/components/schemas/OrphanedDataset" + } + ], + "path": "iddqd::IdOrdMap", + "version": "*" + }, + "type": "array", + "items": { + "$ref": "#/components/schemas/OrphanedDataset" + }, + "uniqueItems": true + }, + "remove_mupdate_override": { + "nullable": true, + "description": "The result of removing the mupdate override file on disk.\n\n`None` if `remove_mupdate_override` was not provided in the sled config.", + "allOf": [ + { + "$ref": "#/components/schemas/RemoveMupdateOverrideInventory" + } + ] + }, + "zones": { + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/ConfigReconcilerInventoryResult" + } + } + }, + "required": [ + "boot_partitions", + "datasets", + "external_disks", + "last_reconciled_config", + "measurements", + "orphaned_datasets", + "zones" + ] + }, + "ConfigReconcilerInventoryResult": { + "oneOf": [ + { + "type": "object", + "properties": { + "result": { + "type": "string", + "enum": [ + "ok" + ] + } + }, + "required": [ + "result" + ] + }, + { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "result": { + "type": "string", + "enum": [ + "err" + ] + } + }, + "required": [ + "message", + "result" + ] + } + ] + }, + "ConfigReconcilerInventoryStatus": { + "description": "Status of the sled-agent-config-reconciler task.", + "oneOf": [ + { + "description": "The reconciler task has not yet run for the first time since sled-agent started.", + "type": "object", + "properties": { + "status": { + "type": "string", + "enum": [ + "not_yet_run" + ] + } + }, + "required": [ + "status" + ] + }, + { + "description": "The reconciler task is actively running.", + "type": "object", + "properties": { + "config": { + "$ref": "#/components/schemas/OmicronSledConfig" + }, + "running_for": { + "$ref": "#/components/schemas/Duration" + }, + "started_at": { + "type": "string", + "format": "date-time" + }, + "status": { + "type": "string", + "enum": [ + "running" + ] + } + }, + "required": [ + "config", + "running_for", + "started_at", + "status" + ] + }, + { + "description": "The reconciler task is currently idle, but previously did complete a reconciliation attempt.\n\nThis variant does not include the `OmicronSledConfig` used in the last attempt, because that's always available via [`ConfigReconcilerInventory::last_reconciled_config`].", + "type": "object", + "properties": { + "completed_at": { + "type": "string", + "format": "date-time" + }, + "ran_for": { + "$ref": "#/components/schemas/Duration" + }, + "status": { + "type": "string", + "enum": [ + "idle" + ] + } + }, + "required": [ + "completed_at", + "ran_for", + "status" + ] + } + ] + }, + "Configuration": { + "description": "The configuration for a given epoch.\n\nOnly valid for non-lrtq configurations.", + "type": "object", + "properties": { + "coordinator": { + "description": "Who was the coordinator of this reconfiguration?", + "allOf": [ + { + "$ref": "#/components/schemas/BaseboardId" + } + ] + }, + "encrypted_rack_secrets": { + "nullable": true, + "description": "There are no encrypted rack secrets for the initial configuration.", + "allOf": [ + { + "$ref": "#/components/schemas/EncryptedRackSecrets" + } + ] + }, + "epoch": { + "description": "Unique, monotonically increasing identifier for a configuration.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "members": { + "description": "All members of the current configuration and the hash of their key shares.", + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigurationMember" + } + }, + "rack_id": { + "description": "Unique Id of the rack.", + "allOf": [ + { + "$ref": "#/components/schemas/RackUuid" + } + ] + }, + "threshold": { + "description": "The number of sleds required to reconstruct the rack secret.", + "type": "integer", + "format": "uint8", + "minimum": 0 + } + }, + "required": [ + "coordinator", + "epoch", + "members", + "rack_id", + "threshold" + ] + }, + "ConfigurationMember": { + "description": "A member entry in a trust quorum configuration.\n\nThis type is used for OpenAPI schema generation since OpenAPI v3.0.x doesn't support tuple arrays.", + "type": "object", + "properties": { + "id": { + "description": "The baseboard ID of the member.", + "allOf": [ + { + "$ref": "#/components/schemas/BaseboardId" + } + ] + }, + "share_digest": { + "description": "The SHA3-256 hash of the member's key share.", + "type": "string", + "format": "hex string (32 bytes)" + } + }, + "required": [ + "id", + "share_digest" + ] + }, + "CoordinatorStatus": { + "description": "Status of the node coordinating the reconfiguration or LRTQ upgrade.", + "type": "object", + "properties": { + "acked_prepares": { + "type": "array", + "items": { + "$ref": "#/components/schemas/BaseboardId" + }, + "uniqueItems": true + }, + "config": { + "$ref": "#/components/schemas/Configuration" + } + }, + "required": [ + "acked_prepares", + "config" + ] + }, + "Cpuid": { + "description": "A set of CPUID values to expose to a guest.", + "type": "object", + "properties": { + "entries": { + "description": "A list of CPUID leaves/subleaves and their associated values.\n\nPropolis servers require that each entry's `leaf` be unique and that it falls in either the \"standard\" (0 to 0xFFFF) or \"extended\" (0x8000_0000 to 0x8000_FFFF) function ranges, since these are the only valid input ranges currently defined by Intel and AMD. See the Intel 64 and IA-32 Architectures Software Developer's Manual (June 2024) Table 3-17 and the AMD64 Architecture Programmer's Manual (March 2024) Volume 3's documentation of the CPUID instruction.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CpuidEntry" + } + }, + "vendor": { + "description": "The CPU vendor to emulate.\n\nCPUID leaves in the extended range (0x8000_0000 to 0x8000_FFFF) have vendor-defined semantics. Propolis uses this value to determine these semantics when deciding whether it needs to specialize the supplied template values for these leaves.", + "allOf": [ + { + "$ref": "#/components/schemas/CpuidVendor" + } + ] + } + }, + "required": [ + "entries", + "vendor" + ], + "additionalProperties": false + }, + "CpuidEntry": { + "description": "A full description of a CPUID leaf/subleaf and the values it produces.", + "type": "object", + "properties": { + "eax": { + "description": "The value to return in eax.", + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "ebx": { + "description": "The value to return in ebx.", + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "ecx": { + "description": "The value to return in ecx.", + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "edx": { + "description": "The value to return in edx.", + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "leaf": { + "description": "The leaf (function) number for this entry.", + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "subleaf": { + "nullable": true, + "description": "The subleaf (index) number for this entry, if it uses subleaves.", + "type": "integer", + "format": "uint32", + "minimum": 0 + } + }, + "required": [ + "eax", + "ebx", + "ecx", + "edx", + "leaf" + ], + "additionalProperties": false + }, + "CpuidVendor": { + "description": "A CPU vendor to use when interpreting the meanings of CPUID leaves in the extended ID range (0x80000000 to 0x8000FFFF).", + "type": "string", + "enum": [ + "amd", + "intel" + ] + }, + "CrucibleStorageBackend": { + "description": "A Crucible storage backend.", + "type": "object", + "properties": { + "readonly": { + "description": "Indicates whether the storage is read-only.", + "type": "boolean" + }, + "request_json": { + "description": "A serialized `[crucible_client_types::VolumeConstructionRequest]`. This is stored in serialized form so that breaking changes to the definition of a `VolumeConstructionRequest` do not inadvertently break instance spec deserialization.\n\nWhen using a spec to initialize a new instance, the spec author must ensure this request is well-formed and can be deserialized by the version of `crucible_client_types` used by the target Propolis.", + "type": "string" + } + }, + "required": [ + "readonly", + "request_json" + ], + "additionalProperties": false + }, + "DatasetConfig": { + "description": "Configuration information necessary to request a single dataset.\n\nThese datasets are tracked directly by Nexus.", + "type": "object", + "properties": { + "compression": { + "description": "The compression mode to be used by the dataset", + "allOf": [ + { + "$ref": "#/components/schemas/CompressionAlgorithm" + } + ] + }, + "id": { + "description": "The UUID of the dataset being requested", + "allOf": [ + { + "$ref": "#/components/schemas/DatasetUuid" + } + ] + }, + "name": { + "description": "The dataset's name", + "allOf": [ + { + "$ref": "#/components/schemas/DatasetName" + } + ] + }, + "quota": { + "nullable": true, + "description": "The upper bound on the amount of storage used by this dataset", + "allOf": [ + { + "$ref": "#/components/schemas/ByteCount" + } + ] + }, + "reservation": { + "nullable": true, + "description": "The lower bound on the amount of storage usable by this dataset", + "allOf": [ + { + "$ref": "#/components/schemas/ByteCount" + } + ] + } + }, + "required": [ + "compression", + "id", + "name" + ] + }, + "DatasetKind": { + "description": "The kind of dataset. See the `DatasetKind` enum in omicron-common for possible values.", + "type": "string" + }, + "DatasetName": { + "type": "object", + "properties": { + "kind": { + "$ref": "#/components/schemas/DatasetKind" + }, + "pool_name": { + "$ref": "#/components/schemas/ZpoolName" + } + }, + "required": [ + "kind", + "pool_name" + ] + }, + "DatasetUuid": { + "x-rust-type": { + "crate": "omicron-uuid-kinds", + "path": "omicron_uuid_kinds::DatasetUuid", + "version": "*" + }, + "type": "string", + "format": "uuid" + }, + "DecryptionError": { + "description": "Error decrypting rack secrets.", + "oneOf": [ + { + "description": "An opaque error indicating decryption failed.", + "type": "string", + "enum": [ + "aead" + ] + }, + { + "description": "The length of the plaintext is not the correct size and cannot be decoded.", + "type": "string", + "enum": [ + "invalid_length" + ] + } + ] + }, + "DelegatedZvol": { + "description": "Delegate a ZFS volume to a zone", + "oneOf": [ + { + "description": "Delegate a slice of the local storage dataset present on this pool into the zone.", + "type": "object", + "properties": { + "dataset_id": { + "$ref": "#/components/schemas/DatasetUuid" + }, + "type": { + "type": "string", + "enum": [ + "local_storage" + ] + }, + "zpool_id": { + "$ref": "#/components/schemas/ExternalZpoolUuid" + } + }, + "required": [ + "dataset_id", + "type", + "zpool_id" + ] + } + ] + }, + "DhcpConfig": { + "description": "DHCP configuration for a port\n\nNot present here: Hostname (DHCPv4 option 12; used in DHCPv6 option 39); we use `InstanceRuntimeState::hostname` for this value.", + "type": "object", + "properties": { + "dns_servers": { + "description": "DNS servers to send to the instance\n\n(DHCPv4 option 6; DHCPv6 option 23)", + "type": "array", + "items": { + "type": "string", + "format": "ip" + } + }, + "host_domain": { + "nullable": true, + "description": "DNS zone this instance's hostname belongs to (e.g. the `project.example` part of `instance1.project.example`)\n\n(DHCPv4 option 15; used in DHCPv6 option 39)", + "type": "string" + }, + "search_domains": { + "description": "DNS search domains\n\n(DHCPv4 option 119; DHCPv6 option 24)", + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": [ + "dns_servers", + "search_domains" + ] + }, + "DiskEnsureBody": { + "description": "Sent from to a sled agent to establish the runtime state of a Disk", + "type": "object", + "properties": { + "initial_runtime": { + "description": "Last runtime state of the Disk known to Nexus (used if the agent has never seen this Disk before).", + "allOf": [ + { + "$ref": "#/components/schemas/DiskRuntimeState" + } + ] + }, + "target": { + "description": "requested runtime state of the Disk", + "allOf": [ + { + "$ref": "#/components/schemas/DiskStateRequested" + } + ] + } + }, + "required": [ + "initial_runtime", + "target" + ] + }, + "DiskIdentity": { + "description": "Uniquely identifies a disk.", + "type": "object", + "properties": { + "model": { + "type": "string" + }, + "serial": { + "type": "string" + }, + "vendor": { + "type": "string" + } + }, + "required": [ + "model", + "serial", + "vendor" + ] + }, + "DiskRuntimeState": { + "description": "Runtime state of the Disk, which includes its attach state and some minimal metadata", + "type": "object", + "properties": { + "disk_state": { + "description": "runtime state of the Disk", + "allOf": [ + { + "$ref": "#/components/schemas/DiskState" + } + ] + }, + "gen": { + "description": "generation number for this state", + "allOf": [ + { + "$ref": "#/components/schemas/Generation" + } + ] + }, + "time_updated": { + "description": "timestamp for this information", + "type": "string", + "format": "date-time" + } + }, + "required": [ + "disk_state", + "gen", + "time_updated" + ] + }, + "DiskState": { + "description": "State of a Disk", + "oneOf": [ + { + "description": "Disk is being initialized", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "creating" + ] + } + }, + "required": [ + "state" + ] + }, + { + "description": "Disk is ready but detached from any Instance", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "detached" + ] + } + }, + "required": [ + "state" + ] + }, + { + "description": "Disk is ready to receive blocks from an external source", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "import_ready" + ] + } + }, + "required": [ + "state" + ] + }, + { + "description": "Disk is importing blocks from a URL", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "importing_from_url" + ] + } + }, + "required": [ + "state" + ] + }, + { + "description": "Disk is importing blocks from bulk writes", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "importing_from_bulk_writes" + ] + } + }, + "required": [ + "state" + ] + }, + { + "description": "Disk is being finalized to state Detached", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "finalizing" + ] + } + }, + "required": [ + "state" + ] + }, + { + "description": "Disk is undergoing maintenance", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "maintenance" + ] + } + }, + "required": [ + "state" + ] + }, + { + "description": "Disk is being attached to the given Instance", + "type": "object", + "properties": { + "instance": { + "type": "string", + "format": "uuid" + }, + "state": { + "type": "string", + "enum": [ + "attaching" + ] + } + }, + "required": [ + "instance", + "state" + ] + }, + { + "description": "Disk is attached to the given Instance", + "type": "object", + "properties": { + "instance": { + "type": "string", + "format": "uuid" + }, + "state": { + "type": "string", + "enum": [ + "attached" + ] + } + }, + "required": [ + "instance", + "state" + ] + }, + { + "description": "Disk is being detached from the given Instance", + "type": "object", + "properties": { + "instance": { + "type": "string", + "format": "uuid" + }, + "state": { + "type": "string", + "enum": [ + "detaching" + ] + } + }, + "required": [ + "instance", + "state" + ] + }, + { + "description": "Disk has been destroyed", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "destroyed" + ] + } + }, + "required": [ + "state" + ] + }, + { + "description": "Disk is unavailable", + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "faulted" + ] + } + }, + "required": [ + "state" + ] + } + ] + }, + "DiskStateRequested": { + "description": "Used to request a Disk state change", + "oneOf": [ + { + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "detached" + ] + } + }, + "required": [ + "state" + ] + }, + { + "type": "object", + "properties": { + "instance": { + "type": "string", + "format": "uuid" + }, + "state": { + "type": "string", + "enum": [ + "attached" + ] + } + }, + "required": [ + "instance", + "state" + ] + }, + { + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "destroyed" + ] + } + }, + "required": [ + "state" + ] + }, + { + "type": "object", + "properties": { + "state": { + "type": "string", + "enum": [ + "faulted" + ] + } + }, + "required": [ + "state" + ] + } + ] + }, + "DiskVariant": { + "type": "string", + "enum": [ + "U2", + "M2" + ] + }, + "DlpiNetworkBackend": { + "description": "A network backend associated with a DLPI VNIC on the host.", + "type": "object", + "properties": { + "vnic_name": { + "description": "The name of the VNIC to use as a backend.", + "type": "string" + } + }, + "required": [ + "vnic_name" + ], + "additionalProperties": false + }, + "Duration": { + "type": "object", + "properties": { + "nanos": { + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "secs": { + "type": "integer", + "format": "uint64", + "minimum": 0 + } + }, + "required": [ + "nanos", + "secs" + ] + }, + "EarlyNetworkConfig": { + "description": "Network configuration required to bring up the control plane\n\nThe fields in this structure are those from `RackInitializeRequest` necessary for use beyond RSS. This is just for the initial rack configuration and cold boot purposes. Updates come from Nexus.", + "type": "object", + "properties": { + "body": { + "$ref": "#/components/schemas/EarlyNetworkConfigBody" + }, + "generation": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "schema_version": { + "type": "integer", + "format": "uint32", + "minimum": 0 + } + }, + "required": [ + "body", + "generation", + "schema_version" + ] + }, + "EarlyNetworkConfigBody": { + "description": "This is the actual configuration of EarlyNetworking.\n\nWe nest it below the \"header\" of `generation` and `schema_version` so that we can perform partial deserialization of `EarlyNetworkConfig` to only read the header and defer deserialization of the body once we know the schema version. This is possible via the use of [`serde_json::value::RawValue`] in future (post-v1) deserialization paths.", + "type": "object", + "properties": { + "ntp_servers": { + "description": "The external NTP server addresses.", + "type": "array", + "items": { + "type": "string" + } + }, + "rack_network_config": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RackNetworkConfigV2" + } + ] + } + }, + "required": [ + "ntp_servers" + ] + }, + "EncryptedRackSecrets": { + "description": "All possibly relevant __encrypted__ rack secrets for _prior_ committed configurations.", + "type": "object", + "properties": { + "data": { + "description": "Encrypted data.", + "type": "string", + "format": "hex string" + }, + "salt": { + "description": "A random value used to derive the key to encrypt the rack secrets for prior committed epochs.", + "type": "string", + "format": "hex string (32 bytes)" + } + }, + "required": [ + "data", + "salt" + ] + }, + "Error": { + "description": "Error information from a response.", + "type": "object", + "properties": { + "error_code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "request_id": { + "type": "string" + } + }, + "required": [ + "message", + "request_id" + ] + }, + "EstablishedConnection": { + "description": "An established connection to a bootstore peer.", + "type": "object", + "properties": { + "addr": { + "type": "string" + }, + "baseboard": { + "$ref": "#/components/schemas/Baseboard" + } + }, + "required": [ + "addr", + "baseboard" + ] + }, + "ExpungedMetadata": { + "description": "Metadata about a node being expunged from the trust quorum.", + "type": "object", + "properties": { + "epoch": { + "description": "The committed epoch, later than its current configuration at which the node learned that it had been expunged.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "from": { + "description": "Which node this commit information was learned from.", + "allOf": [ + { + "$ref": "#/components/schemas/BaseboardId" + } + ] + } + }, + "required": [ + "epoch", + "from" + ] + }, + "ExternalIp": { + "description": "An external IP address used by a probe.", + "type": "object", + "properties": { + "first_port": { + "description": "The first port used by the address.", + "type": "integer", + "format": "uint16", + "minimum": 0 + }, + "ip": { + "description": "The external IP address.", + "type": "string", + "format": "ip" + }, + "kind": { + "description": "The kind of address this is.", + "allOf": [ + { + "$ref": "#/components/schemas/IpKind" + } + ] + }, + "last_port": { + "description": "The last port used by the address.", + "type": "integer", + "format": "uint16", + "minimum": 0 + } + }, + "required": [ + "first_port", + "ip", + "kind", + "last_port" + ] + }, + "ExternalIpConfig": { + "description": "A single- or dual-stack external IP configuration.", + "oneOf": [ + { + "description": "Single-stack IPv4 external IP configuration.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "v4" + ] + }, + "value": { + "$ref": "#/components/schemas/ExternalIpv4Config" + } + }, + "required": [ + "type", + "value" + ] + }, + { + "description": "Single-stack IPv6 external IP configuration.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "v6" + ] + }, + "value": { + "$ref": "#/components/schemas/ExternalIpv6Config" + } + }, + "required": [ + "type", + "value" + ] + }, + { + "description": "Both IPv4 and IPv6 external IP configuration.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "dual_stack" + ] + }, + "value": { + "type": "object", + "properties": { + "v4": { + "$ref": "#/components/schemas/ExternalIpv4Config" + }, + "v6": { + "$ref": "#/components/schemas/ExternalIpv6Config" + } + }, + "required": [ + "v4", + "v6" + ] + } + }, + "required": [ + "type", + "value" + ] + } + ] + }, + "ExternalIpGatewayMap": { + "description": "Per-NIC mappings from external IP addresses to the Internet Gateways which can choose them as a source.", + "type": "object", + "properties": { + "mappings": { + "type": "object", + "additionalProperties": { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "format": "uuid" + }, + "uniqueItems": true + } + } + } + }, + "required": [ + "mappings" + ] + }, + "ExternalIpv4Config": { + "description": "External IP address configuration.\n\nThis encapsulates all the external addresses of a single IP version, including source NAT, Ephemeral, and Floating IPs. Note that not all of these need to be specified, but this type can only be constructed if _at least one_ of them is.", + "type": "object", + "properties": { + "ephemeral_ip": { + "nullable": true, + "description": "An Ephemeral address for in- and outbound connectivity.", + "type": "string", + "format": "ipv4" + }, + "floating_ips": { + "description": "Additional Floating IPs for in- and outbound connectivity.", + "type": "array", + "items": { + "type": "string", + "format": "ipv4" + } + }, + "source_nat": { + "nullable": true, + "description": "Source NAT configuration, for outbound-only connectivity.", + "allOf": [ + { + "$ref": "#/components/schemas/SourceNatConfigV4" + } + ] + } + }, + "required": [ + "floating_ips" + ] + }, + "ExternalIpv6Config": { + "description": "External IP address configuration.\n\nThis encapsulates all the external addresses of a single IP version, including source NAT, Ephemeral, and Floating IPs. Note that not all of these need to be specified, but this type can only be constructed if _at least one_ of them is.", + "type": "object", + "properties": { + "ephemeral_ip": { + "nullable": true, + "description": "An Ephemeral address for in- and outbound connectivity.", + "type": "string", + "format": "ipv6" + }, + "floating_ips": { + "description": "Additional Floating IPs for in- and outbound connectivity.", + "type": "array", + "items": { + "type": "string", + "format": "ipv6" + } + }, + "source_nat": { + "nullable": true, + "description": "Source NAT configuration, for outbound-only connectivity.", + "allOf": [ + { + "$ref": "#/components/schemas/SourceNatConfigV6" + } + ] + } + }, + "required": [ + "floating_ips" + ] + }, + "ExternalZpoolUuid": { + "x-rust-type": { + "crate": "omicron-uuid-kinds", + "path": "omicron_uuid_kinds::ExternalZpoolUuid", + "version": "*" + }, + "type": "string", + "format": "uuid" + }, + "FileStorageBackend": { + "description": "A storage backend backed by a file in the host system's file system.", + "type": "object", + "properties": { + "block_size": { + "description": "Block size of the backend", + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "path": { + "description": "A path to a file that backs a disk.", + "type": "string" + }, + "readonly": { + "description": "Indicates whether the storage is read-only.", + "type": "boolean" + }, + "workers": { + "nullable": true, + "description": "Optional worker threads for the file backend, exposed for testing only.", + "type": "integer", + "format": "uint", + "minimum": 1 + } + }, + "required": [ + "block_size", + "path", + "readonly" + ], + "additionalProperties": false + }, + "Generation": { + "description": "Generation numbers stored in the database, used for optimistic concurrency control", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "GuestHypervisorInterface": { + "description": "A hypervisor interface to expose to the guest.", + "oneOf": [ + { + "description": "Expose a bhyve-like interface (\"bhyve bhyve \" as the hypervisor ID in leaf 0x4000_0000 and no additional leaves or features).", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "bhyve" + ] + } + }, + "required": [ + "type" + ], + "additionalProperties": false + }, + { + "description": "Expose a Hyper-V-compatible hypervisor interface with the supplied features enabled.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "hyper_v" + ] + }, + "value": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "$ref": "#/components/schemas/HyperVFeatureFlag" + }, + "uniqueItems": true + } + }, + "required": [ + "features" + ], + "additionalProperties": false + } + }, + "required": [ + "type", + "value" + ], + "additionalProperties": false + } + ] + }, + "GzipLevel": { + "type": "integer", + "format": "uint8", + "minimum": 0 + }, + "HealthMonitorInventory": { + "description": "Fields of sled-agent inventory reported by the health monitor subsystem.", + "type": "object", + "properties": { + "smf_services_in_maintenance": { + "x-rust-type": { + "crate": "std", + "parameters": [ + { + "$ref": "#/components/schemas/SvcsInMaintenanceResult" + }, + { + "type": "string" + } + ], + "path": "::std::result::Result", + "version": "*" + }, + "oneOf": [ + { + "type": "object", + "properties": { + "ok": { + "$ref": "#/components/schemas/SvcsInMaintenanceResult" + } + }, + "required": [ + "ok" + ] + }, + { + "type": "object", + "properties": { + "err": { + "type": "string" + } + }, + "required": [ + "err" + ] + } + ] + } + }, + "required": [ + "smf_services_in_maintenance" + ] + }, + "HostIdentifier": { + "description": "A `HostIdentifier` represents either an IP host or network (v4 or v6), or an entire VPC (identified by its VNI). It is used in firewall rule host filters.", + "oneOf": [ + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ip" + ] + }, + "value": { + "$ref": "#/components/schemas/IpNet" + } + }, + "required": [ + "type", + "value" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "vpc" + ] + }, + "value": { + "$ref": "#/components/schemas/Vni" + } + }, + "required": [ + "type", + "value" + ] + } + ] + }, + "HostPhase2DesiredContents": { + "description": "Describes the desired contents of a host phase 2 slot (i.e., the boot partition on one of the internal M.2 drives).", + "oneOf": [ + { + "description": "Do not change the current contents.\n\nWe use this value when we've detected a sled has been mupdated (and we don't want to overwrite phase 2 images until we understand how to recover from that mupdate) and as the default value when reading an [`OmicronSledConfig`] that was ledgered before this concept existed.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "current_contents" + ] + } + }, + "required": [ + "type" + ] + }, + { + "description": "Set the phase 2 slot to the given artifact.\n\nThe artifact will come from an unpacked and distributed TUF repo.", + "type": "object", + "properties": { + "hash": { + "type": "string", + "format": "hex string (32 bytes)" + }, + "type": { + "type": "string", + "enum": [ + "artifact" + ] + } + }, + "required": [ + "hash", + "type" + ] + } + ] + }, + "HostPhase2DesiredSlots": { + "description": "Describes the desired contents for both host phase 2 slots.", + "type": "object", + "properties": { + "slot_a": { + "$ref": "#/components/schemas/HostPhase2DesiredContents" + }, + "slot_b": { + "$ref": "#/components/schemas/HostPhase2DesiredContents" + } + }, + "required": [ + "slot_a", + "slot_b" + ] + }, + "HostPortConfig": { + "type": "object", + "properties": { + "addrs": { + "description": "IP Address and prefix (e.g., `192.168.0.1/16`) to apply to switchport (must be in infra_ip pool). May also include an optional VLAN ID.", + "type": "array", + "items": { + "$ref": "#/components/schemas/UplinkAddressConfig" + } + }, + "lldp": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/LldpPortConfig" + } + ] + }, + "port": { + "description": "Switchport to use for external connectivity", + "type": "string" + }, + "tx_eq": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/TxEqConfig" + } + ] + } + }, + "required": [ + "addrs", + "port" + ] + }, + "Hostname": { + "title": "An RFC-1035-compliant hostname", + "description": "A hostname identifies a host on a network, and is usually a dot-delimited sequence of labels, where each label contains only letters, digits, or the hyphen. See RFCs 1035 and 952 for more details.", + "type": "string", + "pattern": "^([a-zA-Z0-9]+[a-zA-Z0-9\\-]*(? for background.", + "oneOf": [ + { + "description": "Start the switch zone if a switch is present.\n\nThis is the default policy.", + "type": "object", + "properties": { + "policy": { + "type": "string", + "enum": [ + "start_if_switch_present" + ] + } + }, + "required": [ + "policy" + ] + }, + { + "description": "Even if a switch zone is present, stop the switch zone.", + "type": "object", + "properties": { + "policy": { + "type": "string", + "enum": [ + "stop_despite_switch_presence" + ] + } + }, + "required": [ + "policy" + ] + } + ] + }, + "OrphanedDataset": { + "type": "object", + "properties": { + "available": { + "$ref": "#/components/schemas/ByteCount" + }, + "id": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/DatasetUuid" + } + ] + }, + "mounted": { + "type": "boolean" + }, + "name": { + "$ref": "#/components/schemas/DatasetName" + }, + "reason": { + "type": "string" + }, + "used": { + "$ref": "#/components/schemas/ByteCount" + } + }, + "required": [ + "available", + "mounted", + "name", + "reason", + "used" + ] + }, + "P9fs": { + "description": "Describes a filesystem to expose through a P9 device.\n\nThis is only supported by Propolis servers compiled with the `falcon` feature.", + "type": "object", + "properties": { + "chunk_size": { + "description": "The chunk size to use in the 9P protocol. Vanilla Helios images should use 8192. Falcon Helios base images and Linux can use up to 65536.", + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "pci_path": { + "description": "The PCI path at which to attach the guest to this P9 filesystem.", + "allOf": [ + { + "$ref": "#/components/schemas/PciPath" + } + ] + }, + "source": { + "description": "The host source path to mount into the guest.", + "type": "string" + }, + "target": { + "description": "The 9P target filesystem tag.", + "type": "string" + } + }, + "required": [ + "chunk_size", + "pci_path", + "source", + "target" + ], + "additionalProperties": false + }, + "PciPath": { + "description": "A PCI bus/device/function tuple.", + "type": "object", + "properties": { + "bus": { + "type": "integer", + "format": "uint8", + "minimum": 0 + }, + "device": { + "type": "integer", + "format": "uint8", + "minimum": 0 + }, + "function": { + "type": "integer", + "format": "uint8", + "minimum": 0 + } + }, + "required": [ + "bus", + "device", + "function" + ] + }, + "PciPciBridge": { + "description": "A PCI-PCI bridge.", + "type": "object", + "properties": { + "downstream_bus": { + "description": "The logical bus number of this bridge's downstream bus. Other devices may use this bus number in their PCI paths to indicate they should be attached to this bridge's bus.", + "type": "integer", + "format": "uint8", + "minimum": 0 + }, + "pci_path": { + "description": "The PCI path at which to attach this bridge.", + "allOf": [ + { + "$ref": "#/components/schemas/PciPath" + } + ] + } + }, + "required": [ + "downstream_bus", + "pci_path" + ], + "additionalProperties": false + }, + "PhysicalDiskUuid": { + "x-rust-type": { + "crate": "omicron-uuid-kinds", + "path": "omicron_uuid_kinds::PhysicalDiskUuid", + "version": "*" + }, + "type": "string", + "format": "uuid" + }, + "PortConfigV2": { + "type": "object", + "properties": { + "addresses": { + "description": "This port's addresses and optional vlan IDs", + "type": "array", + "items": { + "$ref": "#/components/schemas/UplinkAddressConfig" + } + }, + "autoneg": { + "description": "Whether or not to set autonegotiation", + "default": false, + "type": "boolean" + }, + "bgp_peers": { + "description": "BGP peers on this port", + "type": "array", + "items": { + "$ref": "#/components/schemas/BgpPeerConfig" + } + }, + "lldp": { + "nullable": true, + "description": "LLDP configuration for this port", + "allOf": [ + { + "$ref": "#/components/schemas/LldpPortConfig" + } + ] + }, + "port": { + "description": "Nmae of the port this config applies to.", + "type": "string" + }, + "routes": { + "description": "The set of routes associated with this port.", + "type": "array", + "items": { + "$ref": "#/components/schemas/RouteConfig" + } + }, + "switch": { + "description": "Switch the port belongs to.", + "allOf": [ + { + "$ref": "#/components/schemas/SwitchLocation" + } + ] + }, + "tx_eq": { + "nullable": true, + "description": "TX-EQ configuration for this port", + "allOf": [ + { + "$ref": "#/components/schemas/TxEqConfig" + } + ] + }, + "uplink_port_fec": { + "nullable": true, + "description": "Port forward error correction type.", + "allOf": [ + { + "$ref": "#/components/schemas/PortFec" + } + ] + }, + "uplink_port_speed": { + "description": "Port speed.", + "allOf": [ + { + "$ref": "#/components/schemas/PortSpeed" + } + ] + } + }, + "required": [ + "addresses", + "bgp_peers", + "port", + "routes", + "switch", + "uplink_port_speed" + ] + }, + "PortFec": { + "description": "Switchport FEC options", + "type": "string", + "enum": [ + "firecode", + "none", + "rs" + ] + }, + "PortSpeed": { + "description": "Switchport Speed options", + "type": "string", + "enum": [ + "speed0_g", + "speed1_g", + "speed10_g", + "speed25_g", + "speed40_g", + "speed50_g", + "speed100_g", + "speed200_g", + "speed400_g" + ] + }, + "PrepareAndCommitRequest": { + "description": "Request to prepare and commit a trust quorum configuration.\n\nThis is the `Configuration` sent to a node that missed the `Prepare` phase.", + "type": "object", + "properties": { + "config": { + "$ref": "#/components/schemas/Configuration" + } + }, + "required": [ + "config" + ] + }, + "PriorityDimension": { + "description": "A dimension along with bundles can be sorted, to determine priority.", + "oneOf": [ + { + "description": "Sorting by time, with older bundles with lower priority.", + "type": "string", + "enum": [ + "time" + ] + }, + { + "description": "Sorting by the cause for creating the bundle.", + "type": "string", + "enum": [ + "cause" + ] + } + ] + }, + "PriorityOrder": { + "description": "The priority order for bundles during cleanup.\n\nBundles are sorted along the dimensions in [`PriorityDimension`], with each dimension appearing exactly once. During cleanup, lesser-priority bundles are pruned first, to maintain the dataset quota. Note that bundles are sorted by each dimension in the order in which they appear, with each dimension having higher priority than the next.\n\nTODO: The serde deserializer does not currently verify uniqueness of dimensions.", + "type": "array", + "items": { + "$ref": "#/components/schemas/PriorityDimension" + }, + "minItems": 2, + "maxItems": 2 + }, + "PrivateIpConfig": { + "description": "VPC-private IP address configuration for a network interface.", + "oneOf": [ + { + "description": "The interface has only an IPv4 configuration.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "v4" + ] + }, + "value": { + "$ref": "#/components/schemas/PrivateIpv4Config" + } + }, + "required": [ + "type", + "value" + ] + }, + { + "description": "The interface has only an IPv6 configuration.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "v6" + ] + }, + "value": { + "$ref": "#/components/schemas/PrivateIpv6Config" + } + }, + "required": [ + "type", + "value" + ] + }, + { + "description": "The interface is dual-stack.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "dual_stack" + ] + }, + "value": { + "type": "object", + "properties": { + "v4": { + "description": "The interface's IPv4 configuration.", + "allOf": [ + { + "$ref": "#/components/schemas/PrivateIpv4Config" + } + ] + }, + "v6": { + "description": "The interface's IPv6 configuration.", + "allOf": [ + { + "$ref": "#/components/schemas/PrivateIpv6Config" + } + ] + } + }, + "required": [ + "v4", + "v6" + ] + } + }, + "required": [ + "type", + "value" + ] + } + ] + }, + "PrivateIpv4Config": { + "description": "VPC-private IPv4 configuration for a network interface.", + "type": "object", + "properties": { + "ip": { + "description": "VPC-private IP address.", + "type": "string", + "format": "ipv4" + }, + "subnet": { + "description": "The IP subnet.", + "allOf": [ + { + "$ref": "#/components/schemas/Ipv4Net" + } + ] + }, + "transit_ips": { + "description": "Additional networks on which the interface can send / receive traffic.", + "default": [], + "type": "array", + "items": { + "$ref": "#/components/schemas/Ipv4Net" + } + } + }, + "required": [ + "ip", + "subnet" + ] + }, + "PrivateIpv6Config": { + "description": "VPC-private IPv6 configuration for a network interface.", + "type": "object", + "properties": { + "ip": { + "description": "VPC-private IP address.", + "type": "string", + "format": "ipv6" + }, + "subnet": { + "description": "The IP subnet.", + "allOf": [ + { + "$ref": "#/components/schemas/Ipv6Net" + } + ] + }, + "transit_ips": { + "description": "Additional networks on which the interface can send / receive traffic.", + "type": "array", + "items": { + "$ref": "#/components/schemas/Ipv6Net" + } + } + }, + "required": [ + "ip", + "subnet", + "transit_ips" + ] + }, + "ProbeCreate": { + "description": "Parameters used to create a probe.", + "type": "object", + "properties": { + "external_ips": { + "description": "The external IP addresses assigned to the probe.", + "type": "array", + "items": { + "$ref": "#/components/schemas/ExternalIp" + } + }, + "id": { + "description": "The ID for the probe.", + "allOf": [ + { + "$ref": "#/components/schemas/ProbeUuid" + } + ] + }, + "interface": { + "description": "The probe's networking interface.", + "allOf": [ + { + "$ref": "#/components/schemas/NetworkInterface" + } + ] + } + }, + "required": [ + "external_ips", + "id", + "interface" + ] + }, + "ProbeSet": { + "description": "A set of probes that the target sled should run.", + "type": "object", + "properties": { + "probes": { + "title": "IdHashMap", + "description": "The exact set of probes to run.", + "x-rust-type": { + "crate": "iddqd", + "parameters": [ + { + "$ref": "#/components/schemas/ProbeCreate" + } + ], + "path": "iddqd::IdHashMap", + "version": "*" + }, + "type": "array", + "items": { + "$ref": "#/components/schemas/ProbeCreate" + }, + "uniqueItems": true + } + }, + "required": [ + "probes" + ] + }, + "ProbeUuid": { + "x-rust-type": { + "crate": "omicron-uuid-kinds", + "path": "omicron_uuid_kinds::ProbeUuid", + "version": "*" + }, + "type": "string", + "format": "uuid" + }, + "ProxyCommitRequest": { + "description": "Request to proxy a commit operation to another trust quorum node.", + "type": "object", + "properties": { + "destination": { + "description": "The target node to proxy the request to.", + "allOf": [ + { + "$ref": "#/components/schemas/BaseboardId" + } + ] + }, + "request": { + "description": "The commit request to proxy.", + "allOf": [ + { + "$ref": "#/components/schemas/CommitRequest" + } + ] + } + }, + "required": [ + "destination", + "request" + ] + }, + "ProxyPrepareAndCommitRequest": { + "description": "Request to proxy a prepare-and-commit operation to another trust quorum node.", + "type": "object", + "properties": { + "destination": { + "description": "The target node to proxy the request to.", + "allOf": [ + { + "$ref": "#/components/schemas/BaseboardId" + } + ] + }, + "request": { + "description": "The prepare-and-commit request to proxy.", + "allOf": [ + { + "$ref": "#/components/schemas/PrepareAndCommitRequest" + } + ] + } + }, + "required": [ + "destination", + "request" + ] + }, + "QemuPvpanic": { + "type": "object", + "properties": { + "enable_isa": { + "description": "Enable the QEMU PVPANIC ISA bus device (I/O port 0x505).", + "type": "boolean" + } + }, + "required": [ + "enable_isa" + ], + "additionalProperties": false + }, + "RackNetworkConfigV2": { + "description": "Initial network configuration", + "type": "object", + "properties": { + "bfd": { + "description": "BFD configuration for connecting the rack to external networks", + "default": [], + "type": "array", + "items": { + "$ref": "#/components/schemas/BfdPeerConfig" + } + }, + "bgp": { + "description": "BGP configurations for connecting the rack to external networks", + "type": "array", + "items": { + "$ref": "#/components/schemas/BgpConfig" + } + }, + "infra_ip_first": { + "description": "First ip address to be used for configuring network infrastructure", + "type": "string", + "format": "ipv4" + }, + "infra_ip_last": { + "description": "Last ip address to be used for configuring network infrastructure", + "type": "string", + "format": "ipv4" + }, + "ports": { + "description": "Uplinks for connecting the rack to external networks", + "type": "array", + "items": { + "$ref": "#/components/schemas/PortConfigV2" + } + }, + "rack_subnet": { + "$ref": "#/components/schemas/Ipv6Net" + } + }, + "required": [ + "bgp", + "infra_ip_first", + "infra_ip_last", + "ports", + "rack_subnet" + ] + }, + "RackSecretReconstructError": { + "description": "Error reconstructing a rack secret from shares.", + "oneOf": [ + { + "type": "object", + "properties": { + "combine": { + "$ref": "#/components/schemas/CombineError" + } + }, + "required": [ + "combine" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "size": { + "$ref": "#/components/schemas/InvalidRackSecretSizeError" + } + }, + "required": [ + "size" + ], + "additionalProperties": false + } + ] + }, + "RackUuid": { + "x-rust-type": { + "crate": "omicron-uuid-kinds", + "path": "omicron_uuid_kinds::RackUuid", + "version": "*" + }, + "type": "string", + "format": "uuid" + }, + "ReconciledSingleMeasurement": { + "description": "An attempt at resolving a single measurement file to a valid path", + "type": "object", + "properties": { + "file_name": { + "type": "string" + }, + "path": { + "type": "string", + "format": "Utf8PathBuf" + }, + "result": { + "$ref": "#/components/schemas/ConfigReconcilerInventoryResult" + } + }, + "required": [ + "file_name", + "path", + "result" + ] + }, + "ReconfigureMsg": { + "description": "A request from Nexus informing a node to start coordinating a reconfiguration.", + "type": "object", + "properties": { + "epoch": { + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "last_committed_epoch": { + "nullable": true, + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "members": { + "type": "array", + "items": { + "$ref": "#/components/schemas/BaseboardId" + }, + "uniqueItems": true + }, + "rack_id": { + "$ref": "#/components/schemas/RackUuid" + }, + "threshold": { + "type": "integer", + "format": "uint8", + "minimum": 0 + } + }, + "required": [ + "epoch", + "members", + "rack_id", + "threshold" + ] + }, + "RemoveMupdateOverrideBootSuccessInventory": { + "description": "Status of removing the mupdate override on the boot disk.", + "oneOf": [ + { + "description": "The mupdate override was successfully removed.", + "type": "string", + "enum": [ + "removed" + ] + }, + { + "description": "No mupdate override was found.\n\nThis is considered a success for idempotency reasons.", + "type": "string", + "enum": [ + "no_override" + ] + } + ] + }, + "RemoveMupdateOverrideInventory": { + "description": "Status of removing the mupdate override in the inventory.", + "type": "object", + "properties": { + "boot_disk_result": { + "description": "The result of removing the mupdate override on the boot disk.", + "x-rust-type": { + "crate": "std", + "parameters": [ + { + "$ref": "#/components/schemas/RemoveMupdateOverrideBootSuccessInventory" + }, + { + "type": "string" + } + ], + "path": "::std::result::Result", + "version": "*" + }, + "oneOf": [ + { + "type": "object", + "properties": { + "ok": { + "$ref": "#/components/schemas/RemoveMupdateOverrideBootSuccessInventory" + } + }, + "required": [ + "ok" + ] + }, + { + "type": "object", + "properties": { + "err": { + "type": "string" + } + }, + "required": [ + "err" + ] + } + ] + }, + "non_boot_message": { + "description": "What happened on non-boot disks.\n\nWe aren't modeling this out in more detail, because we plan to not try and keep ledgered data in sync across both disks in the future.", + "type": "string" + } + }, + "required": [ + "boot_disk_result", + "non_boot_message" + ] + }, + "ResolvedVpcFirewallRule": { + "description": "VPC firewall rule after object name resolution has been performed by Nexus", + "type": "object", + "properties": { + "action": { + "$ref": "#/components/schemas/VpcFirewallRuleAction" + }, + "direction": { + "$ref": "#/components/schemas/VpcFirewallRuleDirection" + }, + "filter_hosts": { + "nullable": true, + "type": "array", + "items": { + "$ref": "#/components/schemas/HostIdentifier" + }, + "uniqueItems": true + }, + "filter_ports": { + "nullable": true, + "type": "array", + "items": { + "$ref": "#/components/schemas/L4PortRange" + } + }, + "filter_protocols": { + "nullable": true, + "type": "array", + "items": { + "$ref": "#/components/schemas/VpcFirewallRuleProtocol" + } + }, + "priority": { + "type": "integer", + "format": "uint16", + "minimum": 0 + }, + "status": { + "$ref": "#/components/schemas/VpcFirewallRuleStatus" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NetworkInterface" + } + } + }, + "required": [ + "action", + "direction", + "priority", + "status", + "targets" + ] + }, + "ResolvedVpcRoute": { + "description": "A VPC route resolved into a concrete target.", + "type": "object", + "properties": { + "dest": { + "$ref": "#/components/schemas/IpNet" + }, + "target": { + "$ref": "#/components/schemas/RouterTarget" + } + }, + "required": [ + "dest", + "target" + ] + }, + "ResolvedVpcRouteSet": { + "description": "An updated set of routes for a given VPC and/or subnet.", + "type": "object", + "properties": { + "id": { + "$ref": "#/components/schemas/RouterId" + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ResolvedVpcRoute" + }, + "uniqueItems": true + }, + "version": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RouterVersion" + } + ] + } + }, + "required": [ + "id", + "routes" + ] + }, + "ResolvedVpcRouteState": { + "description": "Version information for routes on a given VPC subnet.", + "type": "object", + "properties": { + "id": { + "$ref": "#/components/schemas/RouterId" + }, + "version": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/RouterVersion" + } + ] + } + }, + "required": [ + "id" + ] + }, + "RouteConfig": { + "type": "object", + "properties": { + "destination": { + "description": "The destination of the route.", + "allOf": [ + { + "$ref": "#/components/schemas/IpNet" + } + ] + }, + "nexthop": { + "description": "The nexthop/gateway address.", + "type": "string", + "format": "ip" + }, + "rib_priority": { + "nullable": true, + "description": "The RIB priority (i.e. Admin Distance) associated with this route.", + "default": null, + "type": "integer", + "format": "uint8", + "minimum": 0 + }, + "vlan_id": { + "nullable": true, + "description": "The VLAN id associated with this route.", + "default": null, + "type": "integer", + "format": "uint16", + "minimum": 0 + } + }, + "required": [ + "destination", + "nexthop" + ] + }, + "RouterId": { + "description": "Identifier for a VPC and/or subnet.", + "type": "object", + "properties": { + "kind": { + "$ref": "#/components/schemas/RouterKind" + }, + "vni": { + "$ref": "#/components/schemas/Vni" + } + }, + "required": [ + "kind", + "vni" + ] + }, + "RouterKind": { + "description": "The scope of a set of VPC router rules.", + "oneOf": [ + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "system" + ] + } + }, + "required": [ + "type" + ] + }, + { + "type": "object", + "properties": { + "subnet": { + "$ref": "#/components/schemas/IpNet" + }, + "type": { + "type": "string", + "enum": [ + "custom" + ] + } + }, + "required": [ + "subnet", + "type" + ] + } + ] + }, + "RouterTarget": { + "description": "The target for a given router entry.", + "oneOf": [ + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "drop" + ] + } + }, + "required": [ + "type" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "internet_gateway" + ] + }, + "value": { + "$ref": "#/components/schemas/InternetGatewayRouterTarget" + } + }, + "required": [ + "type", + "value" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ip" + ] + }, + "value": { + "type": "string", + "format": "ip" + } + }, + "required": [ + "type", + "value" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "vpc_subnet" + ] + }, + "value": { + "$ref": "#/components/schemas/IpNet" + } + }, + "required": [ + "type", + "value" + ] + } + ] + }, + "RouterVersion": { + "description": "Information on the current parent router (and version) of a route set according to the control plane.", + "type": "object", + "properties": { + "router_id": { + "type": "string", + "format": "uuid" + }, + "version": { + "type": "integer", + "format": "uint64", + "minimum": 0 + } + }, + "required": [ + "router_id", + "version" + ] + }, + "SerialPort": { + "description": "A serial port device.", + "type": "object", + "properties": { + "num": { + "description": "The serial port number for this port.", + "allOf": [ + { + "$ref": "#/components/schemas/SerialPortNumber" + } + ] + } + }, + "required": [ + "num" + ], + "additionalProperties": false + }, + "SerialPortNumber": { + "description": "A serial port identifier, which determines what I/O ports a guest can use to access a port.", + "type": "string", + "enum": [ + "com1", + "com2", + "com3", + "com4" + ] + }, + "SledCpuFamily": { + "description": "Identifies the kind of CPU present on a sled, determined by reading CPUID.\n\nThis is intended to broadly support the control plane answering the question \"can I run this instance on that sled?\" given an instance with either no or some CPU platform requirement. It is not enough information for more precise placement questions - for example, is a CPU a high-frequency part or many-core part? We don't include Genoa here, but in that CPU family there are high frequency parts, many-core parts, and large-cache parts. To support those questions (or satisfactorily answer #8730) we would need to collect additional information and send it along.", + "oneOf": [ + { + "description": "The CPU vendor or its family number don't correspond to any of the known family variants.", + "type": "string", + "enum": [ + "unknown" + ] + }, + { + "description": "AMD Milan processors (or very close). Could be an actual Milan in a Gimlet, a close-to-Milan client Zen 3 part, or Zen 4 (for which Milan is the greatest common denominator).", + "type": "string", + "enum": [ + "amd_milan" + ] + }, + { + "description": "AMD Turin processors (or very close). Could be an actual Turin in a Cosmo, or a close-to-Turin client Zen 5 part.", + "type": "string", + "enum": [ + "amd_turin" + ] + }, + { + "description": "AMD Turin Dense processors. There are no \"Turin Dense-like\" CPUs unlike other cases, so this means a bona fide Zen 5c Turin Dense part.", + "type": "string", + "enum": [ + "amd_turin_dense" + ] + } + ] + }, + "SledDiagnosticsQueryOutput": { + "oneOf": [ + { + "type": "object", + "properties": { + "success": { + "type": "object", + "properties": { + "command": { + "description": "The command and its arguments.", + "type": "string" + }, + "exit_code": { + "nullable": true, + "description": "The exit code if one was present when the command exited.", + "type": "integer", + "format": "int32" + }, + "exit_status": { + "description": "The exit status of the command. This will be the exit code (if any) and exit reason such as from a signal.", + "type": "string" + }, + "stdio": { + "description": "Any stdout/stderr produced by the command.", + "type": "string" + } + }, + "required": [ + "command", + "exit_status", + "stdio" + ] + } + }, + "required": [ + "success" + ], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "failure": { + "type": "object", + "properties": { + "error": { + "description": "The reason the command failed to execute.", + "type": "string" + } + }, + "required": [ + "error" + ] + } + }, + "required": [ + "failure" + ], + "additionalProperties": false + } + ] + }, + "SledIdentifiers": { + "description": "Identifiers for a single sled.\n\nThis is intended primarily to be used in timeseries, to identify sled from which metric data originates.", + "type": "object", + "properties": { + "model": { + "description": "Model name of the sled", + "type": "string" + }, + "rack_id": { + "description": "Control plane ID of the rack this sled is a member of", + "type": "string", + "format": "uuid" + }, + "revision": { + "description": "Revision number of the sled", + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "serial": { + "description": "Serial number of the sled", + "type": "string" + }, + "sled_id": { + "description": "Control plane ID for the sled itself", + "type": "string", + "format": "uuid" + } + }, + "required": [ + "model", + "rack_id", + "revision", + "serial", + "sled_id" + ] + }, + "SledRole": { + "description": "Describes the role of the sled within the rack.\n\nNote that this may change if the sled is physically moved within the rack.", + "oneOf": [ + { + "description": "The sled is a general compute sled.", + "type": "string", + "enum": [ + "gimlet" + ] + }, + { + "description": "The sled is attached to the network switch, and has additional responsibilities.", + "type": "string", + "enum": [ + "scrimlet" + ] + } + ] + }, + "SledUuid": { + "x-rust-type": { + "crate": "omicron-uuid-kinds", + "path": "omicron_uuid_kinds::SledUuid", + "version": "*" + }, + "type": "string", + "format": "uuid" + }, + "SledVmmState": { + "description": "A wrapper type containing a sled's total knowledge of the state of a VMM.", + "type": "object", + "properties": { + "migration_in": { + "nullable": true, + "description": "The current state of any inbound migration to this VMM.", + "allOf": [ + { + "$ref": "#/components/schemas/MigrationRuntimeState" + } + ] + }, + "migration_out": { + "nullable": true, + "description": "The state of any outbound migration from this VMM.", + "allOf": [ + { + "$ref": "#/components/schemas/MigrationRuntimeState" + } + ] + }, + "vmm_state": { + "description": "The most recent state of the sled's VMM process.", + "allOf": [ + { + "$ref": "#/components/schemas/VmmRuntimeState" + } + ] + } + }, + "required": [ + "vmm_state" + ] + }, + "SoftNpuP9": { + "description": "Describes a PCI device that shares host files with the guest using the P9 protocol.\n\nThis is only supported by Propolis servers compiled with the `falcon` feature.", + "type": "object", + "properties": { + "pci_path": { + "description": "The PCI path at which to attach the guest to this port.", + "allOf": [ + { + "$ref": "#/components/schemas/PciPath" + } + ] + } + }, + "required": [ + "pci_path" + ], + "additionalProperties": false + }, + "SoftNpuPciPort": { + "description": "Describes a SoftNPU PCI device.\n\nThis is only supported by Propolis servers compiled with the `falcon` feature.", + "type": "object", + "properties": { + "pci_path": { + "description": "The PCI path at which to attach the guest to this port.", + "allOf": [ + { + "$ref": "#/components/schemas/PciPath" + } + ] + } + }, + "required": [ + "pci_path" + ], + "additionalProperties": false + }, + "SoftNpuPort": { + "description": "Describes a port in a SoftNPU emulated ASIC.\n\nThis is only supported by Propolis servers compiled with the `falcon` feature.", + "type": "object", + "properties": { + "backend_id": { + "description": "The name of the port's associated DLPI backend.", + "allOf": [ + { + "$ref": "#/components/schemas/SpecKey" + } + ] + }, + "link_name": { + "description": "The data link name for this port.", + "type": "string" + } + }, + "required": [ + "backend_id", + "link_name" + ], + "additionalProperties": false + }, + "SourceNatConfigGeneric": { + "description": "An IP address and port range used for source NAT, i.e., making outbound network connections from guests or services.", + "type": "object", + "properties": { + "first_port": { + "description": "The first port used for source NAT, inclusive.", + "type": "integer", + "format": "uint16", + "minimum": 0 + }, + "ip": { + "description": "The external address provided to the instance or service.", + "type": "string", + "format": "ip" + }, + "last_port": { + "description": "The last port used for source NAT, also inclusive.", + "type": "integer", + "format": "uint16", + "minimum": 0 + } + }, + "required": [ + "first_port", + "ip", + "last_port" + ] + }, + "SourceNatConfigV4": { + "description": "An IP address and port range used for source NAT, i.e., making outbound network connections from guests or services.", + "type": "object", + "properties": { + "first_port": { + "description": "The first port used for source NAT, inclusive.", + "type": "integer", + "format": "uint16", + "minimum": 0 + }, + "ip": { + "description": "The external address provided to the instance or service.", + "type": "string", + "format": "ipv4" + }, + "last_port": { + "description": "The last port used for source NAT, also inclusive.", + "type": "integer", + "format": "uint16", + "minimum": 0 + } + }, + "required": [ + "first_port", + "ip", + "last_port" + ] + }, + "SourceNatConfigV6": { + "description": "An IP address and port range used for source NAT, i.e., making outbound network connections from guests or services.", + "type": "object", + "properties": { + "first_port": { + "description": "The first port used for source NAT, inclusive.", + "type": "integer", + "format": "uint16", + "minimum": 0 + }, + "ip": { + "description": "The external address provided to the instance or service.", + "type": "string", + "format": "ipv6" + }, + "last_port": { + "description": "The last port used for source NAT, also inclusive.", + "type": "integer", + "format": "uint16", + "minimum": 0 + } + }, + "required": [ + "first_port", + "ip", + "last_port" + ] + }, + "SpecKey": { + "description": "A key identifying a component in an instance spec.", + "oneOf": [ + { + "title": "uuid", + "allOf": [ + { + "type": "string", + "format": "uuid" + } + ] + }, + { + "title": "name", + "allOf": [ + { + "type": "string" + } + ] + } + ] + }, + "StartSledAgentRequest": { + "description": "Configuration information for launching a Sled Agent.", + "type": "object", + "properties": { + "body": { + "$ref": "#/components/schemas/StartSledAgentRequestBody" + }, + "generation": { + "description": "The current generation number of data as stored in CRDB.\n\nThe initial generation is set during RSS time and then only mutated by Nexus. For now, we don't actually anticipate mutating this data, but we leave open the possiblity.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "schema_version": { + "type": "integer", + "format": "uint32", + "minimum": 0 + } + }, + "required": [ + "body", + "generation", + "schema_version" + ] + }, + "StartSledAgentRequestBody": { + "description": "This is the actual app level data of `StartSledAgentRequest`\n\nWe nest it below the \"header\" of `generation` and `schema_version` so that we can perform partial deserialization of `EarlyNetworkConfig` to only read the header and defer deserialization of the body once we know the schema version. This is possible via the use of [`serde_json::value::RawValue`] in future (post-v1) deserialization paths.", + "type": "object", + "properties": { + "id": { + "description": "Uuid of the Sled Agent to be created.", + "allOf": [ + { + "$ref": "#/components/schemas/SledUuid" + } + ] + }, + "is_lrtq_learner": { + "description": "Is this node an LRTQ learner node?\n\nWe only put the node into learner mode if `use_trust_quorum` is also true.", + "type": "boolean" + }, + "rack_id": { + "description": "Uuid of the rack to which this sled agent belongs.", + "type": "string", + "format": "uuid" + }, + "subnet": { + "description": "Portion of the IP space to be managed by the Sled Agent.", + "allOf": [ + { + "$ref": "#/components/schemas/Ipv6Subnet" + } + ] + }, + "use_trust_quorum": { + "description": "Use trust quorum for key generation", + "type": "boolean" + } + }, + "required": [ + "id", + "is_lrtq_learner", + "rack_id", + "subnet", + "use_trust_quorum" + ] + }, + "StorageLimit": { + "description": "The limit on space allowed for zone bundles, as a percentage of the overall dataset's quota.", + "type": "integer", + "format": "uint8", + "minimum": 0 + }, + "SupportBundleMetadata": { + "description": "Metadata about a support bundle.", + "type": "object", + "properties": { + "state": { + "$ref": "#/components/schemas/SupportBundleState" + }, + "support_bundle_id": { + "$ref": "#/components/schemas/SupportBundleUuid" + } + }, + "required": [ + "state", + "support_bundle_id" + ] + }, + "SupportBundleState": { + "description": "State of a support bundle.", + "type": "string", + "enum": [ + "complete", + "incomplete" + ] + }, + "SupportBundleUuid": { + "x-rust-type": { + "crate": "omicron-uuid-kinds", + "path": "omicron_uuid_kinds::SupportBundleUuid", + "version": "*" + }, + "type": "string", + "format": "uuid" + }, + "SvcInMaintenance": { + "description": "Information about an SMF service that is enabled but not running", + "type": "object", + "properties": { + "fmri": { + "type": "string" + }, + "zone": { + "type": "string" + } + }, + "required": [ + "fmri", + "zone" + ] + }, + "SvcsInMaintenanceResult": { + "description": "Lists services in maintenance status if any, and the time the health check for SMF services ran", + "type": "object", + "properties": { + "errors": { + "type": "array", + "items": { + "type": "string" + } + }, + "services": { + "type": "array", + "items": { + "$ref": "#/components/schemas/SvcInMaintenance" + } + }, + "time_of_status": { + "nullable": true, + "type": "string", + "format": "date-time" + } + }, + "required": [ + "errors", + "services" + ] + }, + "SwitchLocation": { + "description": "Identifies switch physical location", + "oneOf": [ + { + "description": "Switch in upper slot", + "type": "string", + "enum": [ + "switch0" + ] + }, + { + "description": "Switch in lower slot", + "type": "string", + "enum": [ + "switch1" + ] + } + ] + }, + "SwitchPorts": { + "description": "A set of switch uplinks.", + "type": "object", + "properties": { + "uplinks": { + "type": "array", + "items": { + "$ref": "#/components/schemas/HostPortConfig" + } + } + }, + "required": [ + "uplinks" + ] + }, + "TxEqConfig": { + "description": "Per-port tx-eq overrides. This can be used to fine-tune the transceiver equalization settings to improve signal integrity.", + "type": "object", + "properties": { + "main": { + "nullable": true, + "description": "Main tap", + "type": "integer", + "format": "int32" + }, + "post1": { + "nullable": true, + "description": "Post-cursor tap1", + "type": "integer", + "format": "int32" + }, + "post2": { + "nullable": true, + "description": "Post-cursor tap2", + "type": "integer", + "format": "int32" + }, + "pre1": { + "nullable": true, + "description": "Pre-cursor tap1", + "type": "integer", + "format": "int32" + }, + "pre2": { + "nullable": true, + "description": "Pre-cursor tap2", + "type": "integer", + "format": "int32" + } + } + }, + "UplinkAddressConfig": { + "type": "object", + "properties": { + "address": { + "$ref": "#/components/schemas/IpNet" + }, + "vlan_id": { + "nullable": true, + "description": "The VLAN id (if any) associated with this address.", + "default": null, + "type": "integer", + "format": "uint16", + "minimum": 0 + } + }, + "required": [ + "address" + ] + }, + "VirtioDisk": { + "description": "A disk that presents a virtio-block interface to the guest.", + "type": "object", + "properties": { + "backend_id": { + "description": "The name of the disk's backend component.", + "allOf": [ + { + "$ref": "#/components/schemas/SpecKey" + } + ] + }, + "pci_path": { + "description": "The PCI bus/device/function at which this disk should be attached.", + "allOf": [ + { + "$ref": "#/components/schemas/PciPath" + } + ] + } + }, + "required": [ + "backend_id", + "pci_path" + ], + "additionalProperties": false + }, + "VirtioNetworkBackend": { + "description": "A network backend associated with a virtio-net (viona) VNIC on the host.", + "type": "object", + "properties": { + "vnic_name": { + "description": "The name of the viona VNIC to use as a backend.", + "type": "string" + } + }, + "required": [ + "vnic_name" + ], + "additionalProperties": false + }, + "VirtioNic": { + "description": "A network card that presents a virtio-net interface to the guest.", + "type": "object", + "properties": { + "backend_id": { + "description": "The name of the device's backend.", + "allOf": [ + { + "$ref": "#/components/schemas/SpecKey" + } + ] + }, + "interface_id": { + "description": "A caller-defined correlation identifier for this interface. If Propolis is configured to collect network interface kstats in its Oximeter metrics, the metric series for this interface will be associated with this identifier.", + "type": "string", + "format": "uuid" + }, + "pci_path": { + "description": "The PCI path at which to attach this device.", + "allOf": [ + { + "$ref": "#/components/schemas/PciPath" + } + ] + } + }, + "required": [ + "backend_id", + "interface_id", + "pci_path" + ], + "additionalProperties": false + }, + "VirtualNetworkInterfaceHost": { + "description": "A mapping from a virtual NIC to a physical host", + "type": "object", + "properties": { + "physical_host_ip": { + "type": "string", + "format": "ipv6" + }, + "virtual_ip": { + "type": "string", + "format": "ip" + }, + "virtual_mac": { + "$ref": "#/components/schemas/MacAddr" + }, + "vni": { + "$ref": "#/components/schemas/Vni" + } + }, + "required": [ + "physical_host_ip", + "virtual_ip", + "virtual_mac", + "vni" + ] + }, + "VmmIssueDiskSnapshotRequestBody": { + "description": "Request body for VMM disk snapshot requests.", + "type": "object", + "properties": { + "snapshot_id": { + "type": "string", + "format": "uuid" + } + }, + "required": [ + "snapshot_id" + ] + }, + "VmmIssueDiskSnapshotRequestResponse": { + "description": "Response for VMM disk snapshot requests.", + "type": "object", + "properties": { + "snapshot_id": { + "type": "string", + "format": "uuid" + } + }, + "required": [ + "snapshot_id" + ] + }, + "VmmPutStateBody": { + "description": "The body of a request to move a previously-ensured instance into a specific runtime state.", + "type": "object", + "properties": { + "state": { + "description": "The state into which the instance should be driven.", + "allOf": [ + { + "$ref": "#/components/schemas/VmmStateRequested" + } + ] + } + }, + "required": [ + "state" + ] + }, + "VmmPutStateResponse": { + "description": "The response sent from a request to move an instance into a specific runtime state.", + "type": "object", + "properties": { + "updated_runtime": { + "nullable": true, + "description": "The current runtime state of the instance after handling the request to change its state. If the instance's state did not change, this field is `None`.", + "allOf": [ + { + "$ref": "#/components/schemas/SledVmmState" + } + ] + } + } + }, + "VmmRuntimeState": { + "description": "The dynamic runtime properties of an individual VMM process.", + "type": "object", + "properties": { + "gen": { + "description": "The generation number for this VMM's state.", + "allOf": [ + { + "$ref": "#/components/schemas/Generation" + } + ] + }, + "state": { + "description": "The last state reported by this VMM.", + "allOf": [ + { + "$ref": "#/components/schemas/VmmState" + } + ] + }, + "time_updated": { + "description": "Timestamp for the VMM's state.", + "type": "string", + "format": "date-time" + } + }, + "required": [ + "gen", + "state", + "time_updated" + ] + }, + "VmmSpec": { + "description": "Specifies the virtual hardware configuration of a new Propolis VMM in the form of a Propolis instance specification.", + "allOf": [ + { + "$ref": "#/components/schemas/InstanceSpecV0" + } + ] + }, + "VmmState": { + "description": "One of the states that a VMM can be in.", + "oneOf": [ + { + "description": "The VMM is initializing and has not started running guest CPUs yet.", + "type": "string", + "enum": [ + "starting" + ] + }, + { + "description": "The VMM has finished initializing and may be running guest CPUs.", + "type": "string", + "enum": [ + "running" + ] + }, + { + "description": "The VMM is shutting down.", + "type": "string", + "enum": [ + "stopping" + ] + }, + { + "description": "The VMM's guest has stopped, and the guest will not run again, but the VMM process may not have released all of its resources yet.", + "type": "string", + "enum": [ + "stopped" + ] + }, + { + "description": "The VMM is being restarted or its guest OS is rebooting.", + "type": "string", + "enum": [ + "rebooting" + ] + }, + { + "description": "The VMM is part of a live migration.", + "type": "string", + "enum": [ + "migrating" + ] + }, + { + "description": "The VMM process reported an internal failure.", + "type": "string", + "enum": [ + "failed" + ] + }, + { + "description": "The VMM process has been destroyed and its resources have been released.", + "type": "string", + "enum": [ + "destroyed" + ] + } + ] + }, + "VmmStateRequested": { + "description": "Requestable running state of an Instance.\n\nA subset of [`omicron_common::api::external::InstanceState`].", + "oneOf": [ + { + "description": "Run this instance by migrating in from a previous running incarnation of the instance.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "migration_target" + ] + }, + "value": { + "$ref": "#/components/schemas/InstanceMigrationTargetParams" + } + }, + "required": [ + "type", + "value" + ] + }, + { + "description": "Start the instance if it is not already running.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "running" + ] + } + }, + "required": [ + "type" + ] + }, + { + "description": "Stop the instance.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "stopped" + ] + } + }, + "required": [ + "type" + ] + }, + { + "description": "Immediately reset the instance, as though it had stopped and immediately began to run again.", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "reboot" + ] + } + }, + "required": [ + "type" + ] + } + ] + }, + "VmmUnregisterResponse": { + "description": "The response sent from a request to unregister an instance.", + "type": "object", + "properties": { + "updated_runtime": { + "nullable": true, + "description": "The current state of the instance after handling the request to unregister it. If the instance's state did not change, this field is `None`.", + "allOf": [ + { + "$ref": "#/components/schemas/SledVmmState" + } + ] + } + } + }, + "Vni": { + "description": "A Geneve Virtual Network Identifier", + "type": "integer", + "format": "uint32", + "minimum": 0 + }, + "VpcFirewallIcmpFilter": { + "type": "object", + "properties": { + "code": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/IcmpParamRange" + } + ] + }, + "icmp_type": { + "type": "integer", + "format": "uint8", + "minimum": 0 + } + }, + "required": [ + "icmp_type" + ] + }, + "VpcFirewallRuleAction": { + "type": "string", + "enum": [ + "allow", + "deny" + ] + }, + "VpcFirewallRuleDirection": { + "type": "string", + "enum": [ + "inbound", + "outbound" + ] + }, + "VpcFirewallRuleProtocol": { + "description": "The protocols that may be specified in a firewall rule's filter", + "oneOf": [ + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "tcp" + ] + } + }, + "required": [ + "type" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "udp" + ] + } + }, + "required": [ + "type" + ] + }, + { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "icmp" + ] + }, + "value": { + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/VpcFirewallIcmpFilter" + } + ] + } + }, + "required": [ + "type", + "value" + ] + } + ] + }, + "VpcFirewallRuleStatus": { + "type": "string", + "enum": [ + "disabled", + "enabled" + ] + }, + "VpcFirewallRulesEnsureBody": { + "description": "Update firewall rules for a VPC", + "type": "object", + "properties": { + "rules": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ResolvedVpcFirewallRule" + } + }, + "vni": { + "$ref": "#/components/schemas/Vni" + } + }, + "required": [ + "rules", + "vni" + ] + }, + "ZoneArtifactInventory": { + "description": "Inventory representation of a single zone artifact on a boot disk.\n\nPart of [`ManifestBootInventory`].", + "type": "object", + "properties": { + "expected_hash": { + "description": "The expected digest of the file's contents.", + "type": "string", + "format": "hex string (32 bytes)" + }, + "expected_size": { + "description": "The expected size of the file, in bytes.", + "type": "integer", + "format": "uint64", + "minimum": 0 + }, + "file_name": { + "description": "The name of the zone file on disk, for example `nexus.tar.gz`. Zone files are always \".tar.gz\".", + "type": "string" + }, + "path": { + "description": "The full path to the zone file.", + "type": "string", + "format": "Utf8PathBuf" + }, + "status": { + "description": "The status of the artifact.\n\nThis is `Ok(())` if the artifact is present and matches the expected size and digest, or an error message if it is missing or does not match.", + "x-rust-type": { + "crate": "std", + "parameters": [ + { + "type": "null" + }, + { + "type": "string" + } + ], + "path": "::std::result::Result", + "version": "*" + }, + "oneOf": [ + { + "type": "object", + "properties": { + "ok": { + "type": "string", + "enum": [ + null + ] + } + }, + "required": [ + "ok" + ] + }, + { + "type": "object", + "properties": { + "err": { + "type": "string" + } + }, + "required": [ + "err" + ] + } + ] + } + }, + "required": [ + "expected_hash", + "expected_size", + "file_name", + "path", + "status" + ] + }, + "ZoneBundleCause": { + "description": "The reason or cause for a zone bundle, i.e., why it was created.", + "oneOf": [ + { + "description": "Some other, unspecified reason.", + "type": "string", + "enum": [ + "other" + ] + }, + { + "description": "A zone bundle taken when a sled agent finds a zone that it does not expect to be running.", + "type": "string", + "enum": [ + "unexpected_zone" + ] + }, + { + "description": "An instance zone was terminated.", + "type": "string", + "enum": [ + "terminated_instance" + ] + } + ] + }, + "ZoneBundleId": { + "description": "An identifier for a zone bundle.", + "type": "object", + "properties": { + "bundle_id": { + "description": "The ID for this bundle itself.", + "type": "string", + "format": "uuid" + }, + "zone_name": { + "description": "The name of the zone this bundle is derived from.", + "type": "string" + } + }, + "required": [ + "bundle_id", + "zone_name" + ] + }, + "ZoneBundleMetadata": { + "description": "Metadata about a zone bundle.", + "type": "object", + "properties": { + "cause": { + "description": "The reason or cause a bundle was created.", + "allOf": [ + { + "$ref": "#/components/schemas/ZoneBundleCause" + } + ] + }, + "id": { + "description": "Identifier for this zone bundle", + "allOf": [ + { + "$ref": "#/components/schemas/ZoneBundleId" + } + ] + }, + "time_created": { + "description": "The time at which this zone bundle was created.", + "type": "string", + "format": "date-time" + }, + "version": { + "description": "A version number for this zone bundle.", + "type": "integer", + "format": "uint8", + "minimum": 0 + } + }, + "required": [ + "cause", + "id", + "time_created", + "version" + ] + }, + "ZoneImageResolverInventory": { + "description": "Inventory representation of zone image resolver status and health.", + "type": "object", + "properties": { + "measurement_manifest": { + "description": "The zone manifest status.", + "allOf": [ + { + "$ref": "#/components/schemas/ManifestInventory" + } + ] + }, + "mupdate_override": { + "$ref": "#/components/schemas/MupdateOverrideInventory" + }, + "zone_manifest": { + "description": "The zone manifest status.", + "allOf": [ + { + "$ref": "#/components/schemas/ManifestInventory" + } + ] + } + }, + "required": [ + "measurement_manifest", + "mupdate_override", + "zone_manifest" + ] + }, + "ZpoolName": { + "title": "The name of a Zpool", + "description": "Zpool names are of the format ox{i,p}_. They are either Internal or External, and should be unique", + "type": "string", + "pattern": "^ox[ip]_[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$" + }, + "ZpoolUuid": { + "x-rust-type": { + "crate": "omicron-uuid-kinds", + "path": "omicron_uuid_kinds::ZpoolUuid", + "version": "*" + }, + "type": "string", + "format": "uuid" + }, + "PropolisUuid": { + "x-rust-type": { + "crate": "omicron-uuid-kinds", + "path": "omicron_uuid_kinds::PropolisUuid", + "version": "*" + }, + "type": "string", + "format": "uuid" + } + }, + "responses": { + "Error": { + "description": "Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } +} diff --git a/openapi/sled-agent/sled-agent-latest.json b/openapi/sled-agent/sled-agent-latest.json index b45ee7839bf..5e2d25c4a35 120000 --- a/openapi/sled-agent/sled-agent-latest.json +++ b/openapi/sled-agent/sled-agent-latest.json @@ -1 +1 @@ -sled-agent-13.0.0-c4af95.json \ No newline at end of file +sled-agent-14.0.0-973211.json \ No newline at end of file diff --git a/schema/crdb/dbinit.sql b/schema/crdb/dbinit.sql index 29efbfcfb3b..3166a5d7850 100644 --- a/schema/crdb/dbinit.sql +++ b/schema/crdb/dbinit.sql @@ -3940,6 +3940,7 @@ CREATE TABLE IF NOT EXISTS omicron.public.inv_sled_agent ( -- -- The path to the boot disk image file. zone_manifest_boot_disk_path TEXT NOT NULL, + -- The source of the zone manifest on the boot disk: from installinator or -- sled-agent (synthetic). NULL means there is an error reading the zone manifest. zone_manifest_source omicron.public.inv_zone_manifest_source, @@ -3969,6 +3970,24 @@ CREATE TABLE IF NOT EXISTS omicron.public.inv_sled_agent ( -- similar to `usable_hardware_threads` and friends above. cpu_family omicron.public.sled_cpu_family NOT NULL, + -- Columns making up the resolver's measurement manifest description + -- + -- The path to the boot disk file + measurement_manifest_boot_disk_path TEXT NOT NULL, + -- The source of the measurement manifest on the boot disk: from installinator or + -- sled-agent (synthetic). NULL means there is an error reading the measurement manifest. + measurement_manifest_source omicron.public.inv_zone_manifest_source, + -- The mupdate ID that created the measurement manifest if this is from installinator. If + -- this is NULL, then either the measurement manifest is synthetic or there was an + -- error reading the measurement manifest. + measurement_manifest_mupdate_id UUID, + -- Message describing the status of the measurement manifest on the boot disk. If + -- this is NULL, then the measurement manifest was successfully read, and the + -- inv_zone_manifest_measurement table has entries corresponding to the zone + -- manifest. + measurement_manifest_boot_disk_error TEXT, + + CONSTRAINT reconciler_status_sled_config_present_if_running CHECK ( (reconciler_status_kind = 'running' AND reconciler_status_sled_config IS NOT NULL) @@ -4006,6 +4025,26 @@ CREATE TABLE IF NOT EXISTS omicron.public.inv_sled_agent ( ) ), + -- For the measurement manifest, there are three valid states: + -- 1. Successfully read from installinator (has mupdate_id, no error) + -- 2. Synthetic from sled-agent (no mupdate_id, no error) + -- 3. Error reading (no mupdate_id, has error) + -- + -- This is equivalent to Result. + CONSTRAINT measurement_manifest_consistency CHECK ( + (measurement_manifest_source = 'installinator' + AND measurement_manifest_mupdate_id IS NOT NULL + AND measurement_manifest_boot_disk_error IS NULL) + OR (measurement_manifest_source = 'sled-agent' + AND measurement_manifest_mupdate_id IS NULL + AND measurement_manifest_boot_disk_error IS NULL) + OR ( + measurement_manifest_source IS NULL + AND measurement_manifest_mupdate_id IS NULL + AND measurement_manifest_boot_disk_error IS NOT NULL + ) + ), + -- For the mupdate override, three states are valid: -- 1. No override, no error -- 2. Override, no error @@ -4253,10 +4292,35 @@ CREATE TABLE IF NOT EXISTS omicron.public.inv_omicron_sled_config ( -- NULL is translated to `HostPhase2DesiredContents::CurrentContents` host_phase_2_desired_slot_a STRING(64), host_phase_2_desired_slot_b STRING(64), + + -- the set of artifact hashes used with trust quorum, can be empty + measurements STRING(64)[], PRIMARY KEY (inv_collection_id, id) ); +CREATE TABLE IF NOT EXISTS omicron.public.inv_last_reconciliation_measurements ( + -- where this observation came from + -- (foreign key into `inv_collection` table) + inv_collection_id UUID NOT NULL, + + -- unique id for this sled (should be foreign keys into `sled` table, though + -- it's conceivable a sled will report an id that we don't know about) + sled_id UUID NOT NULL, + + -- file name of the measurement file + file_name TEXT NOT NULL, + + -- full path to the measurement file + path TEXT NOT NULL, + + -- error message; if NULL, an "ok" result + error_message TEXT, + + PRIMARY KEY (inv_collection_id, sled_id, file_name) +); + + CREATE TABLE IF NOT EXISTS omicron.public.inv_last_reconciliation_disk_result ( -- where this observation came from -- (foreign key into `inv_collection` table) @@ -4349,6 +4413,37 @@ CREATE TABLE IF NOT EXISTS omicron.public.inv_last_reconciliation_zone_result ( PRIMARY KEY (inv_collection_id, sled_id, zone_id) ); +-- A table describing a single measurement file within a measurement manifest +-- collected by inventory +CREATE TABLE IF NOT EXISTS omicron.public.inv_zone_manifest_measurement ( + -- where this observation came from + -- (foreign key into `inv_collection` table) + inv_collection_id UUID NOT NULL, + + -- unique id for this sled (should be foreign keys into `sled` table, though + -- it's conceivable a sled will report an id that we don't know about) + sled_id UUID NOT NULL, + + -- measurement file name, part of the primary key within this table. + measurement_file_name TEXT NOT NULL, + + -- The full path to the file. + path TEXT NOT NULL, + + -- The expected file size. + expected_size INT8 NOT NULL, + + -- The expected hash. + expected_sha256 STRING(64) NOT NULL, + + -- The error while reading the zone or matching it to the manifest, if any. + -- NULL indicates success. + error TEXT , + + PRIMARY KEY (inv_collection_id, sled_id, measurement_file_name) +); + + -- A table describing a single zone within a zone manifest collected by inventory. CREATE TABLE IF NOT EXISTS omicron.public.inv_zone_manifest_zone ( -- where this observation came from @@ -4404,6 +4499,32 @@ CREATE TABLE IF NOT EXISTS omicron.public.inv_zone_manifest_non_boot ( PRIMARY KEY (inv_collection_id, sled_id, non_boot_zpool_id) ); +-- A table describing status for a single measurement manifest on a non-boot disk +-- collected by inventory. +CREATE TABLE IF NOT EXISTS omicron.public.inv_measurement_manifest_non_boot ( + -- where this observation came from + -- (foreign key into `inv_collection` table) + inv_collection_id UUID NOT NULL, + + -- unique id for this sled (should be foreign keys into `sled` table, though + -- it's conceivable a sled will report an id that we don't know about) + sled_id UUID NOT NULL, + + -- unique ID for this non-boot disk + non_boot_zpool_id UUID NOT NULL, + + -- The full path to the measurement manifest. + path TEXT NOT NULL, + + -- Whether the non-boot disk is in a valid state. + is_valid BOOLEAN NOT NULL, + + -- A message attached to this disk. + message TEXT NOT NULL, + + PRIMARY KEY (inv_collection_id, sled_id, non_boot_zpool_id) +); + -- A table describing status for a single mupdate override on a non-boot disk -- collected by inventory. CREATE TABLE IF NOT EXISTS omicron.public.inv_mupdate_override_non_boot ( @@ -7655,7 +7776,7 @@ INSERT INTO omicron.public.db_metadata ( version, target_version ) VALUES - (TRUE, NOW(), NOW(), '217.0.0', NULL) + (TRUE, NOW(), NOW(), '218.0.0', NULL) ON CONFLICT DO NOTHING; COMMIT; diff --git a/schema/crdb/measurements/up01.sql b/schema/crdb/measurements/up01.sql new file mode 100644 index 00000000000..e12891d765e --- /dev/null +++ b/schema/crdb/measurements/up01.sql @@ -0,0 +1,18 @@ +-- Add measurement image resolver columns to the sled inventory table. +ALTER TABLE omicron.public.inv_sled_agent + -- The path to the boot disk file + ADD COLUMN IF NOT EXISTS measurement_manifest_boot_disk_path TEXT NOT NULL DEFAULT 'old-collection-data-missing', + -- The source of the measurement manifest on the boot disk: from installinator or + -- sled-agent (synthetic). NULL means there is an error reading the measurement manifest. + ADD COLUMN IF NOT EXISTS measurement_manifest_source inv_zone_manifest_source, + -- The mupdate ID that created the measurement manifest if this is from installinator. If + -- this is NULL, then either the measurement manifest is synthetic or there was an + -- error reading the measurement manifest. + ADD COLUMN IF NOT EXISTS measurement_manifest_mupdate_id UUID, + -- Message describing the status of the measurement manifest on the boot disk. If + -- this is NULL, then the measurement manifest was successfully read, and the + -- inv_zone_manifest_measurement table has entries corresponding to the zone + -- manifest. + ADD COLUMN IF NOT EXISTS measurement_manifest_boot_disk_error TEXT DEFAULT 'old collection, data missing'; + + diff --git a/schema/crdb/measurements/up02.sql b/schema/crdb/measurements/up02.sql new file mode 100644 index 00000000000..54a1206e36f --- /dev/null +++ b/schema/crdb/measurements/up02.sql @@ -0,0 +1,19 @@ +-- Create table for measurement manifest non-boot disk inventory. +CREATE TABLE IF NOT EXISTS omicron.public.inv_measurement_manifest_non_boot ( + -- where this observation came from + -- (foreign key into `inv_collection` table) + inv_collection_id UUID NOT NULL, + -- unique id for this sled (should be foreign keys into `sled` table, though + -- it's conceivable a sled will report an id that we don't know about) + sled_id UUID NOT NULL, + -- unique ID for this non-boot disk + non_boot_zpool_id UUID NOT NULL, + -- The full path to the zone manifest. + path TEXT NOT NULL, + -- Whether the non-boot disk is in a valid state. + is_valid BOOLEAN NOT NULL, + -- A message attached to this disk. + message TEXT NOT NULL, + + PRIMARY KEY (inv_collection_id, sled_id, non_boot_zpool_id) +); diff --git a/schema/crdb/measurements/up03.sql b/schema/crdb/measurements/up03.sql new file mode 100644 index 00000000000..fbd496d6877 --- /dev/null +++ b/schema/crdb/measurements/up03.sql @@ -0,0 +1,4 @@ +ALTER TABLE omicron.public.inv_omicron_sled_config + -- the set of artifact hashes used with trust quorum, can be empty + ADD COLUMN IF NOT EXISTS measurements STRING(64)[]; + diff --git a/schema/crdb/measurements/up04.sql b/schema/crdb/measurements/up04.sql new file mode 100644 index 00000000000..681e8575d27 --- /dev/null +++ b/schema/crdb/measurements/up04.sql @@ -0,0 +1,20 @@ +CREATE TABLE IF NOT EXISTS omicron.public.inv_last_reconciliation_measurements ( + -- where this observation came from + -- (foreign key into `inv_collection` table) + inv_collection_id UUID NOT NULL, + + -- unique id for this sled (should be foreign keys into `sled` table, though + -- it's conceivable a sled will report an id that we don't know about) + sled_id UUID NOT NULL, + + -- file name of the measurement file + file_name TEXT NOT NULL, + + -- full path to the measurement file + path TEXT NOT NULL, + + -- error message; if NULL, an "ok" result + error_message TEXT, + PRIMARY KEY (inv_collection_id, sled_id, file_name) +); + diff --git a/schema/crdb/measurements/up05.sql b/schema/crdb/measurements/up05.sql new file mode 100644 index 00000000000..65d454ddb4f --- /dev/null +++ b/schema/crdb/measurements/up05.sql @@ -0,0 +1,29 @@ +-- A table describing a single measurement file within a measurement manifest +-- collected by inventory +CREATE TABLE IF NOT EXISTS omicron.public.inv_zone_manifest_measurement ( + -- where this observation came from + -- (foreign key into `inv_collection` table) + inv_collection_id UUID NOT NULL, + + -- where this observation came from + -- (foreign key into `inv_collection` table) + sled_id UUID NOT NULL, + + -- measurement file name, part of the primary key within this table. + measurement_file_name TEXT NOT NULL, + + -- measurement file name, part of the primary key within this table. + path TEXT NOT NULL, + + -- The expected file size. + expected_size INT8 NOT NULL, + + -- The expected hash. + expected_sha256 STRING(64) NOT NULL, + + -- The error while reading the zone or matching it to the manifest, if any. + -- NULL indicates success. + error TEXT, + PRIMARY KEY (inv_collection_id, sled_id, measurement_file_name) +); + diff --git a/schema/crdb/measurements/up06.sql b/schema/crdb/measurements/up06.sql new file mode 100644 index 00000000000..f3cd2035c1a --- /dev/null +++ b/schema/crdb/measurements/up06.sql @@ -0,0 +1,15 @@ +-- Add constraints for measurement columns. +ALTER TABLE omicron.public.inv_sled_agent + ADD CONSTRAINT IF NOT EXISTS measurement_manifest_consistency CHECK ( + (measurement_manifest_source = 'installinator' + AND measurement_manifest_mupdate_id IS NOT NULL + AND measurement_manifest_boot_disk_error IS NULL) + OR (measurement_manifest_source = 'sled-agent' + AND measurement_manifest_mupdate_id IS NULL + AND measurement_manifest_boot_disk_error IS NULL) + OR ( + measurement_manifest_source IS NULL + AND measurement_manifest_mupdate_id IS NULL + AND measurement_manifest_boot_disk_error IS NOT NULL + ) + ); diff --git a/schema/crdb/measurements/up07.sql b/schema/crdb/measurements/up07.sql new file mode 100644 index 00000000000..d7e7e3f22e3 --- /dev/null +++ b/schema/crdb/measurements/up07.sql @@ -0,0 +1,6 @@ +-- Add zone image resolver columns to the sled inventory table. +ALTER TABLE omicron.public.inv_sled_agent + ALTER COLUMN measurement_manifest_boot_disk_path DROP default, + ALTER COLUMN measurement_manifest_source DROP default, + ALTER COLUMN measurement_manifest_mupdate_id DROP default, + ALTER COLUMN measurement_manifest_boot_disk_error DROP default; diff --git a/sled-agent/api/src/lib.rs b/sled-agent/api/src/lib.rs index 9f60a4439ab..b74f94d7716 100644 --- a/sled-agent/api/src/lib.rs +++ b/sled-agent/api/src/lib.rs @@ -19,7 +19,7 @@ use omicron_common::api::internal::{ SledIdentifiers, SwitchPorts, VirtualNetworkInterfaceHost, }, }; -use sled_agent_types_versions::{latest, v1, v4, v6, v7, v9, v10, v11}; +use sled_agent_types_versions::{latest, v1, v4, v6, v7, v9, v10, v11, v12}; use sled_diagnostics::SledDiagnosticsQueryOutput; api_versions!([ @@ -34,6 +34,7 @@ api_versions!([ // | example for the next person. // v // (next_int, IDENT), + (14, MEASUREMENTS), (13, ADD_TRUST_QUORUM), (12, ADD_SMF_SERVICES_HEALTH_CHECK), (11, ADD_DUAL_STACK_EXTERNAL_IP_CONFIG), @@ -333,7 +334,7 @@ pub trait SledAgentApi { #[endpoint { method = PUT, path = "/omicron-config", - versions = VERSION_ADD_DUAL_STACK_EXTERNAL_IP_CONFIG.. + versions = VERSION_MEASUREMENTS.., }] async fn omicron_config_put( rqctx: RequestContext, @@ -345,17 +346,32 @@ pub trait SledAgentApi { method = PUT, path = "/omicron-config", versions = - VERSION_ADD_DUAL_STACK_SHARED_NETWORK_INTERFACES..VERSION_ADD_DUAL_STACK_EXTERNAL_IP_CONFIG, + VERSION_ADD_DUAL_STACK_EXTERNAL_IP_CONFIG..VERSION_MEASUREMENTS, }] - async fn omicron_config_put_v10( + async fn omicron_config_put_v11( rqctx: RequestContext, - body: TypedBody, + body: TypedBody, ) -> Result { let body = body.try_map(latest::inventory::OmicronSledConfig::try_from)?; Self::omicron_config_put(rqctx, body).await } + #[endpoint { + operation_id = "omicron_config_put", + method = PUT, + path = "/omicron-config", + versions = + VERSION_ADD_DUAL_STACK_SHARED_NETWORK_INTERFACES..VERSION_ADD_DUAL_STACK_EXTERNAL_IP_CONFIG, + }] + async fn omicron_config_put_v10( + rqctx: RequestContext, + body: TypedBody, + ) -> Result { + let body = body.try_map(v11::inventory::OmicronSledConfig::try_from)?; + Self::omicron_config_put_v11(rqctx, body).await + } + #[endpoint { operation_id = "omicron_config_put", method = PUT, @@ -725,7 +741,7 @@ pub trait SledAgentApi { #[endpoint { method = GET, path = "/inventory", - versions = VERSION_ADD_SMF_SERVICES_HEALTH_CHECK.., + versions = VERSION_MEASUREMENTS.., }] async fn inventory( rqctx: RequestContext, @@ -736,13 +752,26 @@ pub trait SledAgentApi { operation_id = "inventory", method = GET, path = "/inventory", - versions = - VERSION_ADD_DUAL_STACK_EXTERNAL_IP_CONFIG..VERSION_ADD_SMF_SERVICES_HEALTH_CHECK, + versions = VERSION_ADD_SMF_SERVICES_HEALTH_CHECK..VERSION_MEASUREMENTS, + }] + async fn inventory_v12( + rqctx: RequestContext, + ) -> Result, HttpError> { + let HttpResponseOk(inventory) = Self::inventory(rqctx).await?; + inventory.try_into().map_err(HttpError::from).map(HttpResponseOk) + } + + /// Fetch basic information about this sled + #[endpoint { + operation_id = "inventory", + method = GET, + path = "/inventory", + versions = VERSION_ADD_DUAL_STACK_EXTERNAL_IP_CONFIG..VERSION_ADD_SMF_SERVICES_HEALTH_CHECK, }] async fn inventory_v11( rqctx: RequestContext, ) -> Result, HttpError> { - Self::inventory(rqctx).await.map(|HttpResponseOk(inv)| { + Self::inventory_v12(rqctx).await.map(|HttpResponseOk(inv)| { HttpResponseOk(v11::inventory::Inventory::from(inv)) }) } diff --git a/sled-agent/config-reconciler/src/handle.rs b/sled-agent/config-reconciler/src/handle.rs index 86c275a81ff..d73da2150d8 100644 --- a/sled-agent/config-reconciler/src/handle.rs +++ b/sled-agent/config-reconciler/src/handle.rs @@ -12,6 +12,7 @@ use sled_agent_types::inventory::ConfigReconcilerInventoryStatus; use sled_agent_types::inventory::InventoryDataset; use sled_agent_types::inventory::InventoryDisk; use sled_agent_types::inventory::InventoryZpool; +use sled_agent_types::inventory::OmicronSingleMeasurement; use sled_agent_types::inventory::OmicronSledConfig; use sled_storage::config::MountConfig; use sled_storage::disk::Disk; @@ -63,10 +64,15 @@ use crate::reconciler_task::CurrentlyManagedZpools; use crate::reconciler_task::CurrentlyManagedZpoolsReceiver; use crate::reconciler_task::ReconcilerResult; +use crate::InternalDisks; +use sled_agent_types::zone_images::ResolverStatus; + #[derive(Debug, thiserror::Error)] pub enum InventoryError { #[error("ledger contents not yet available")] LedgerContentsNotAvailable, + #[error("waiting for ledger task to run")] + WaitingOnLedger, #[error("could not contact dataset task")] DatasetTaskError(#[from] DatasetTaskError), #[error("could not list dataset properties")] @@ -92,6 +98,7 @@ pub struct ConfigReconcilerSpawnToken { raw_disks_rx: RawDisksReceiver, ledger_task_log: Logger, reconciler_task_log: Logger, + ledger_rx: Option>, } #[derive(Debug)] @@ -180,11 +187,16 @@ impl ConfigReconcilerHandle { .new(slog::o!("component" => "SledConfigLedgerTask")), reconciler_task_log: base_log .new(slog::o!("component" => "ConfigReconcilerTask")), + ledger_rx: None, }, ) } - /// Spawn the primary config reconciliation task. + /// Pre-spawn the ledger task + /// + /// This is the first half of spawning the reconciliation task. We need to + /// spawn the ledger task early to allow for access to the ledger for + /// early measurement reconcilaition /// /// This method can effectively only be called once, because the caller must /// supply the `token` returned by `new()` when this handle was created. @@ -193,15 +205,11 @@ impl ConfigReconcilerHandle { /// /// Panics if called multiple times, which is statically impossible outside /// shenanigans to get a second [`ConfigReconcilerSpawnToken`]. - pub fn spawn_reconciliation_task< - T: SledAgentFacilities, - U: SledAgentArtifactStore + Clone, - >( + pub fn pre_spawn_reconciliation_task( &self, - sled_agent_facilities: T, sled_agent_artifact_store: U, token: ConfigReconcilerSpawnToken, - ) { + ) -> ConfigReconcilerSpawnToken { let ConfigReconcilerSpawnToken { key_requester, time_sync_config, @@ -212,6 +220,7 @@ impl ConfigReconcilerHandle { raw_disks_rx, ledger_task_log, reconciler_task_log, + ledger_rx: _, } = token; // Spawn the task that manages our config ledger. @@ -219,7 +228,7 @@ impl ConfigReconcilerHandle { LedgerTaskHandle::spawn_ledger_task( self.internal_disks_rx.clone(), sled_agent_artifact_store.clone(), - ledger_task_log, + ledger_task_log.clone(), ); match self.ledger_task.set(ledger_task) { Ok(()) => (), @@ -233,12 +242,58 @@ impl ConfigReconcilerHandle { } } + ConfigReconcilerSpawnToken { + key_requester, + time_sync_config, + reconciler_result_tx, + currently_managed_zpools_tx, + external_disks_tx, + former_zone_root_archiver, + raw_disks_rx, + ledger_task_log, + reconciler_task_log, + ledger_rx: Some(current_config_rx), + } + } + + /// Spawn the primary config reconciliation task. + /// + /// This method can effectively only be called once, because the caller must + /// supply the `token` returned by `new()` when this handle was created. + /// + /// # Panics + /// + /// Panics if called multiple times or if we haven't called the ledger setup + pub fn spawn_reconciliation_task< + T: SledAgentFacilities, + U: SledAgentArtifactStore + Clone, + >( + &self, + sled_agent_facilities: T, + sled_agent_artifact_store: U, + token: ConfigReconcilerSpawnToken, + ) { + let ConfigReconcilerSpawnToken { + key_requester, + time_sync_config, + reconciler_result_tx, + currently_managed_zpools_tx, + external_disks_tx, + former_zone_root_archiver, + raw_disks_rx, + ledger_task_log: _, + reconciler_task_log, + ledger_rx, + } = token; + + let ledger_rx = ledger_rx.expect("Failed to call pre_spawn"); + reconciler_task::spawn( Arc::clone(self.internal_disks_rx.mount_config()), self.dataset_task.clone(), key_requester, time_sync_config, - current_config_rx, + ledger_rx, reconciler_result_tx, currently_managed_zpools_tx, self.internal_disks_rx.clone(), @@ -351,6 +406,34 @@ impl ConfigReconcilerHandle { .await } + /// Run a first reconciliation of reference measurements on cold boot + pub async fn bootstrap_measurement_reconciler( + &self, + resolver_status: &ResolverStatus, + internal_disks: &InternalDisks, + desired: &Vec, + log: &Logger, + ) -> Vec { + let resolved = crate::measurements::reconcile_measurements( + resolver_status, + internal_disks, + desired, + log, + ) + .await; + resolved.iter().filter_map(|entry| match &entry.result { + sled_agent_types::inventory::ConfigReconcilerInventoryResult::Ok => Some(entry.path.clone()), + sled_agent_types::inventory::ConfigReconcilerInventoryResult::Err { .. } => None, + }).collect() + } + /// Watch for changes to measurements + pub async fn measurement_corpus_rx( + &self, + pre_boot: Vec, + ) -> MeasurementsReceiver { + MeasurementsReceiver::new(self.reconciler_result_rx.clone(), pre_boot) + } + /// Return the currently-ledgered [`OmicronSledConfig`]. /// /// # Errors @@ -370,8 +453,9 @@ impl ConfigReconcilerHandle { // This shouldn't happen in practice: sled-agent should both wait // for the boot disk and spawn the reconciler task before starting // the dropshot server that allows Nexus to collect inventory. - None | Some(CurrentSledConfig::WaitingForInternalDisks) => { - Err(InventoryError::LedgerContentsNotAvailable) + None => Err(InventoryError::LedgerContentsNotAvailable), + Some(CurrentSledConfig::WaitingForInternalDisks) => { + Err(InventoryError::WaitingOnLedger) } Some(CurrentSledConfig::WaitingForInitialConfig) => Ok(None), Some(CurrentSledConfig::Ledgered(config)) => Ok(Some(*config)), @@ -544,3 +628,40 @@ enum AvailableDatasetsReceiverInner { #[cfg(feature = "testing")] FakeStatic(Vec<(ZpoolName, Utf8PathBuf)>), } + +#[derive(Debug, Clone)] +enum MeasurementsReceiverInner { + Real { rx: watch::Receiver, pre_boot: Vec }, + Fake(Vec), +} + +#[derive(Debug, Clone)] +pub struct MeasurementsReceiver { + inner: MeasurementsReceiverInner, +} + +impl MeasurementsReceiver { + pub fn new( + rx: watch::Receiver, + pre_boot: Vec, + ) -> Self { + MeasurementsReceiver { + inner: MeasurementsReceiverInner::Real { rx, pre_boot }, + } + } + + pub fn new_fake(paths: Vec) -> Self { + MeasurementsReceiver { inner: MeasurementsReceiverInner::Fake(paths) } + } + pub fn latest_measurements(&self) -> Vec { + match &self.inner { + MeasurementsReceiverInner::Real { rx, pre_boot } => { + match rx.borrow().all_current_measurements() { + either::Either::Left(_) => pre_boot.clone(), + either::Either::Right(s) => s.collect(), + } + } + MeasurementsReceiverInner::Fake(paths) => paths.clone(), + } + } +} diff --git a/sled-agent/config-reconciler/src/ledger.rs b/sled-agent/config-reconciler/src/ledger.rs index f47e7d01081..df418234765 100644 --- a/sled-agent/config-reconciler/src/ledger.rs +++ b/sled-agent/config-reconciler/src/ledger.rs @@ -923,6 +923,7 @@ mod tests { zones: IdOrdMap::default(), remove_mupdate_override: None, host_phase_2: HostPhase2DesiredSlots::current_contents(), + measurements: Vec::new(), } } @@ -1125,6 +1126,7 @@ mod tests { .collect(), remove_mupdate_override: None, host_phase_2: HostPhase2DesiredSlots::current_contents(), + measurements: Vec::new(), }; // The ledger task should reject this config due to a missing artifact. diff --git a/sled-agent/config-reconciler/src/ledger/legacy_configs.rs b/sled-agent/config-reconciler/src/ledger/legacy_configs.rs index e6f348e6f02..0bdefcbe218 100644 --- a/sled-agent/config-reconciler/src/ledger/legacy_configs.rs +++ b/sled-agent/config-reconciler/src/ledger/legacy_configs.rs @@ -17,6 +17,7 @@ use sled_agent_types::inventory::OmicronSledConfig; use sled_agent_types_versions::v4::inventory::OmicronSledConfig as OmicronSledConfigV4; use sled_agent_types_versions::v4::inventory::OmicronZoneConfig as OmicronZoneConfigV4; use sled_agent_types_versions::v10::inventory::OmicronSledConfig as OmicronSledConfigV10; +use sled_agent_types_versions::v11::inventory::OmicronSledConfig as OmicronSledConfigV11; use slog::Logger; use slog::error; use slog::warn; @@ -51,9 +52,13 @@ pub(super) async fn try_convert_v4_sled_config( "Failed to convert OmicronSledConfigV4 to OmicronSledConfigV10: {e}" ) }); + let new_config: OmicronSledConfigV11 = + new_config.try_into().unwrap_or_else(|e| { + panic!("Failed to convert OmicronSledConfigV10 to V11: {e}") + }); let new_config = new_config.try_into().unwrap_or_else(|e| { panic!( - "Failed to convert OmicronSledConfigV10 to the current version: {e}" + "Failed to convert OmicronSledConfigV11 to the current version: {e}" ) }); write_converted_ledger( @@ -148,9 +153,14 @@ pub(super) async fn convert_legacy_ledgers( .unwrap_or_else(|e| panic!( "Failed to convert OmicronSledConfigV4 to OmicronSledConfigV10: {e}" )); + let sled_config : OmicronSledConfigV11 = OmicronSledConfigV11::try_from(sled_config) + .unwrap_or_else(|e| panic!( + "Failed to convert OmicronSledConfigV10 to OmicronSledConfigV11: {e}" + )); + let sled_config = OmicronSledConfig::try_from(sled_config) .unwrap_or_else(|e| panic!( - "Failed to convert OmicronSledConfigV10 to the current version: {e}" + "Failed to convert OmicronSledConfigV11 to the current version: {e}" )); // Write the newly-merged config to disk. @@ -300,6 +310,8 @@ fn merge_old_configs( remove_mupdate_override: None, // Old configs are pre-host-phase-2 knowledge. host_phase_2: HostPhase2DesiredSlots::current_contents(), + // Old configs are pre-measurement knowledge + //measurements: OmicronMeasurements::measurements_defaults(), } } @@ -407,7 +419,9 @@ pub(super) mod tests { .expect("successfully converted config"); let new_as_v10 = OmicronSledConfigV10::try_from(new_as_v4) .expect("successfully converted v4 config to v10"); - let new = OmicronSledConfig::try_from(new_as_v10) + let new_as_v11 = OmicronSledConfigV11::try_from(new_as_v10) + .expect("successfully converted v10 config to v11"); + let new = OmicronSledConfig::try_from(new_as_v11) .expect("successfully converted v10 config to current"); assert_eq!(new, converted); logctx.cleanup_successful(); diff --git a/sled-agent/config-reconciler/src/lib.rs b/sled-agent/config-reconciler/src/lib.rs index b63028f6d5e..0005211b887 100644 --- a/sled-agent/config-reconciler/src/lib.rs +++ b/sled-agent/config-reconciler/src/lib.rs @@ -52,6 +52,7 @@ mod handle; mod host_phase_2; mod internal_disks; mod ledger; +mod measurements; mod mupdate_override; mod raw_disks; mod reconciler_task; @@ -66,6 +67,7 @@ pub use handle::AvailableDatasetsReceiver; pub use handle::ConfigReconcilerHandle; pub use handle::ConfigReconcilerSpawnToken; pub use handle::InventoryError; +pub use handle::MeasurementsReceiver; pub use handle::ReconcilerInventory; pub use handle::TimeSyncConfig; pub use host_phase_2::HostPhase2PreparedContents; diff --git a/sled-agent/config-reconciler/src/measurements.rs b/sled-agent/config-reconciler/src/measurements.rs new file mode 100644 index 00000000000..71a6ca549f8 --- /dev/null +++ b/sled-agent/config-reconciler/src/measurements.rs @@ -0,0 +1,76 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +//! Measurements +use crate::InternalDisks; +use crate::mupdate_override::ResolverStatusExt; +use camino::Utf8PathBuf; +use iddqd::IdOrdMap; +use sled_agent_types::inventory::ConfigReconcilerInventoryResult; +use sled_agent_types::inventory::OmicronSingleMeasurement; +use sled_agent_types::inventory::ReconciledSingleMeasurement; +use sled_agent_types::zone_images::OmicronZoneFileSource; +use sled_agent_types::zone_images::ResolverStatus; +use slog::Logger; + +pub struct PreparedOmicronMeasurements { + pub sources: Vec, +} + +impl PreparedOmicronMeasurements { + pub fn new(sources: Vec) -> Self { + Self { sources } + } + + pub fn file_sources(&self) -> &Vec { + &self.sources + } +} + +pub(crate) async fn reconcile_measurements( + resolver_status: &ResolverStatus, + internal_disks: &InternalDisks, + desired: &Vec, + log: &Logger, +) -> IdOrdMap { + let set = + resolver_status.prepare_all_measurements(log, desired, internal_disks); + + let mut unique = IdOrdMap::new(); + + for entry in set.sources { + let mut found = false; + for path in entry.file_source.search_paths { + let full_path = path.join(entry.file_source.file_name.clone()); + if let Ok(exists) = tokio::fs::try_exists(&full_path).await { + if exists { + unique + .insert_unique(ReconciledSingleMeasurement { + file_name: entry.file_source.file_name.clone(), + path: full_path, + result: ConfigReconcilerInventoryResult::Ok, + }) + .expect("file names should be unique"); + found = true; + break; + } + } + } + if !found { + unique + .insert_unique(ReconciledSingleMeasurement { + file_name: entry.file_source.file_name.clone(), + path: Utf8PathBuf::new(), + result: ConfigReconcilerInventoryResult::Err { + message: + "The measurement file does not exist in any path" + .to_string(), + }, + }) + .expect("file names should be unique"); + } + } + + unique +} diff --git a/sled-agent/config-reconciler/src/mupdate_override.rs b/sled-agent/config-reconciler/src/mupdate_override.rs index 633e9332b9a..9b197dafcb1 100644 --- a/sled-agent/config-reconciler/src/mupdate_override.rs +++ b/sled-agent/config-reconciler/src/mupdate_override.rs @@ -6,9 +6,11 @@ use crate::InternalDisks; use crate::host_phase_2::HostPhase2PreparedContents; +use crate::measurements::PreparedOmicronMeasurements; use camino::Utf8PathBuf; use omicron_common::zone_images::ZoneImageFileSource; use sled_agent_types::inventory::HostPhase2DesiredContents; +use sled_agent_types::inventory::OmicronSingleMeasurement; use sled_agent_types::inventory::OmicronZoneConfig; use sled_agent_types::inventory::OmicronZoneImageSource; use sled_agent_types::inventory::ZoneKind; @@ -17,6 +19,8 @@ use sled_agent_types::zone_images::OmicronZoneImageLocation; use sled_agent_types::zone_images::PreparedOmicronZone; use sled_agent_types::zone_images::RAMDISK_IMAGE_PATH; use sled_agent_types::zone_images::ResolverStatus; +use sled_agent_types::zone_images::TESTING_MEASUREMENTS_FILE; +use sled_agent_types::zone_images::TESTING_MEASUREMENTS_PATH; use sled_agent_types::zone_images::ZoneImageLocationError; use slog::error; use slog::info; @@ -58,6 +62,13 @@ pub trait ResolverStatusExt { log: &slog::Logger, desired: &'a HostPhase2DesiredContents, ) -> HostPhase2PreparedContents<'a>; + + fn prepare_all_measurements( + &self, + log: &slog::Logger, + desired: &Vec, + internal_disks: &InternalDisks, + ) -> PreparedOmicronMeasurements; } impl ResolverStatusExt for ResolverStatus { @@ -284,6 +295,93 @@ impl ResolverStatusExt for ResolverStatus { } } } + + fn prepare_all_measurements( + &self, + log: &slog::Logger, + _desired: &Vec, + internal_disks: &InternalDisks, + ) -> PreparedOmicronMeasurements { + // For now we only support measurements from the install dataset + // regardless of mupdate override status + + // There's always at least one image path (the RAM disk below). + let mut file_sources = Vec::with_capacity(1); + + // install dataset images are not stored on the RAM disk in + // production, just in development or test workflows. + file_sources.push(OmicronZoneFileSource { + location: OmicronZoneImageLocation::InstallDataset { + // XXX hmmm we don't have the hash? + hash: Err(ZoneImageLocationError::BootDiskMissing), + }, + file_source: ZoneImageFileSource { + file_name: TESTING_MEASUREMENTS_FILE.to_string(), + search_paths: vec![Utf8PathBuf::from( + TESTING_MEASUREMENTS_PATH, + )], + }, + }); + + all_install_measurements( + log, + self, + internal_disks, + |path, file_name, hash| { + file_sources.push(OmicronZoneFileSource { + location: OmicronZoneImageLocation::InstallDataset { hash }, + file_source: ZoneImageFileSource { + file_name, + // XXX we're not super consistent about where we join + search_paths: vec![path.join("measurements")], + }, + }) + }, + ); + + PreparedOmicronMeasurements { sources: file_sources } + } +} + +fn all_install_measurements( + log: &slog::Logger, + resolver_status: &ResolverStatus, + internal_disks: &InternalDisks, + mut search_paths_cb: F, +) where + F: FnMut(Utf8PathBuf, String, Result), +{ + if let Some(path) = internal_disks.boot_disk_install_dataset() { + match resolver_status.measurement_manifest.all_measurements() { + Ok(entries) => { + for e in entries { + match e { + Ok((file_name, hash)) => { + search_paths_cb(path.clone(), file_name, Ok(hash)) + } + Err(e) => error!( + log, + "measurement entry error"; + "error" => InlineErrorChain::new(&e), + ), + } + } + } + Err(e) => { + error!( + log, + "measurement error"; + "error" => InlineErrorChain::new(&e), + ); + } + } + } else { + error!( + log, + "boot disk install dataset not available, \ + not returning it as a source"; + ); + } } fn install_dataset_hash( diff --git a/sled-agent/config-reconciler/src/reconciler_task.rs b/sled-agent/config-reconciler/src/reconciler_task.rs index b0260465f87..8a4b6fe48c7 100644 --- a/sled-agent/config-reconciler/src/reconciler_task.rs +++ b/sled-agent/config-reconciler/src/reconciler_task.rs @@ -4,6 +4,7 @@ //! The primary task for sled config reconciliation. +use camino::Utf8PathBuf; use chrono::DateTime; use chrono::Utc; use either::Either; @@ -22,6 +23,7 @@ use sled_agent_types::inventory::ConfigReconcilerInventoryResult; use sled_agent_types::inventory::ConfigReconcilerInventoryStatus; use sled_agent_types::inventory::OmicronSledConfig; use sled_agent_types::inventory::OrphanedDataset; +use sled_agent_types::inventory::ReconciledSingleMeasurement; use sled_agent_types::inventory::RemoveMupdateOverrideInventory; use sled_storage::config::MountConfig; use sled_storage::dataset::LOCAL_STORAGE_DATASET; @@ -51,6 +53,7 @@ use crate::sled_agent_facilities::SledAgentFacilities; mod datasets; mod external_disks; mod zones; +//mod measurements; use self::datasets::OmicronDatasets; use self::external_disks::ExternalDisks; @@ -107,7 +110,7 @@ pub(crate) fn spawn( } #[derive(Debug)] -pub(crate) struct ReconcilerResult { +pub struct ReconcilerResult { mount_config: Arc, status: ReconcilerTaskStatus, latest_result: Option, @@ -153,6 +156,18 @@ impl ReconcilerResult { self.all_mounted_datasets_of_kind(DatasetKind::TransientZoneRoot) } + pub(crate) fn all_current_measurements( + &self, + ) -> Either< + impl Iterator + '_, + impl Iterator + '_, + > { + let Some(latest_result) = &self.latest_result else { + return Either::Left(std::iter::empty()); + }; + Either::Right(latest_result.all_measurements()) + } + pub(crate) fn to_inventory( &self, ) -> (ConfigReconcilerInventoryStatus, Option) @@ -224,6 +239,7 @@ struct LatestReconciliationResult { timesync_status: TimeSyncStatus, boot_partitions: BootPartitionContentsInventory, remove_mupdate_override: Option, + measurements: IdOrdMap, } impl LatestReconciliationResult { @@ -236,9 +252,19 @@ impl LatestReconciliationResult { zones: self.zones_inventory.clone(), boot_partitions: self.boot_partitions.clone(), remove_mupdate_override: self.remove_mupdate_override.clone(), + measurements: self.measurements.clone(), } } + fn all_measurements<'a>( + &'a self, + ) -> impl Iterator + 'a { + self.measurements.iter().filter_map(|entry| match &entry.result { + ConfigReconcilerInventoryResult::Ok => Some(entry.path.clone()), + ConfigReconcilerInventoryResult::Err { .. } => None, + }) + } + fn all_mounted_datasets<'a>( &'a self, mount_config: &'a MountConfig, @@ -485,6 +511,15 @@ impl ReconcilerTask { ) .await; + // Reconcile our measurements + let measurements = crate::measurements::reconcile_measurements( + &resolver_status, + &internal_disks, + &sled_config.measurements, + &self.log, + ) + .await; + // --- // We go through the removal process first: shut down zones, then stop // managing disks, then remove any orphaned datasets. @@ -612,6 +647,7 @@ impl ReconcilerTask { boot_partitions: boot_partitions.into_inventory(), remove_mupdate_override: remove_mupdate_override .map(|v| v.to_inventory()), + measurements: measurements.clone(), }; self.reconciler_result_tx.send_modify(|r| { r.status = ReconcilerTaskStatus::Idle { diff --git a/sled-agent/config-reconciler/src/reconciler_task/zones.rs b/sled-agent/config-reconciler/src/reconciler_task/zones.rs index e8a693fba34..e72ee864699 100644 --- a/sled-agent/config-reconciler/src/reconciler_task/zones.rs +++ b/sled-agent/config-reconciler/src/reconciler_task/zones.rs @@ -1497,13 +1497,14 @@ mod tests { impl Default for FakeSledAgentFacilitiesInner { fn default() -> Self { let boot_disk_path = Utf8PathBuf::from(BOOT_DISK_PATH); + let measurement_boot_disk_path = Utf8PathBuf::from(BOOT_DISK_PATH); Self { start_responses: Default::default(), removed_ddm_prefixes: Default::default(), // successful status containing no artifacts resolver_status: ResolverStatus { measurement_manifest: MeasurementManifestStatus { - boot_disk_path: boot_disk_path.clone(), + boot_disk_path: measurement_boot_disk_path.clone(), boot_disk_result: Ok(ZoneManifestArtifactsResult { manifest: OmicronInstallManifest { source: OmicronInstallManifestSource::SledAgent, diff --git a/sled-agent/src/artifact_store.rs b/sled-agent/src/artifact_store.rs index b82a1ed6e70..c0393af570d 100644 --- a/sled-agent/src/artifact_store.rs +++ b/sled-agent/src/artifact_store.rs @@ -39,6 +39,7 @@ use repo_depot_api::*; use sha2::{Digest, Sha256}; use sled_agent_config_reconciler::ConfigReconcilerHandle; use sled_agent_config_reconciler::InternalDisksReceiver; +use sled_agent_config_reconciler::SledAgentArtifactStore; use sled_agent_types::artifact::ArtifactConfig; use sled_agent_types::artifact::{ArtifactListResponse, ArtifactPutResponse}; use slog::{Logger, error, info}; @@ -54,6 +55,22 @@ use tufaceous_artifact::ArtifactHash; const LEDGER_PATH: &str = "artifact-config.json"; const TEMP_SUBDIR: &str = "tmp"; +// Workaround wrapper for orphan rules. +#[derive(Clone)] +pub(crate) struct SledAgentArtifactStoreWrapper( + pub Arc>, +); + +impl SledAgentArtifactStore for SledAgentArtifactStoreWrapper { + async fn get_artifact( + &self, + artifact: ArtifactHash, + ) -> anyhow::Result { + let file = self.0.get(artifact).await?; + Ok(file) + } +} + /// Content-addressable local storage for software artifacts. /// /// If you need to read a file managed by the artifact store from somewhere else diff --git a/sled-agent/src/bootstrap/client.rs b/sled-agent/src/bootstrap/client.rs index 396506bebfc..a723c5288e9 100644 --- a/sled-agent/src/bootstrap/client.rs +++ b/sled-agent/src/bootstrap/client.rs @@ -10,6 +10,7 @@ use super::params::version; use super::views::SledAgentResponse; use crate::bootstrap::views::Response; use crate::bootstrap::views::ResponseEnvelope; +use sled_agent_config_reconciler::MeasurementsReceiver; use sled_agent_types::sled::StartSledAgentRequest; use slog::Logger; use slog_error_chain::SlogInlineError; @@ -77,15 +78,17 @@ pub(crate) struct Client { addr: SocketAddrV6, log: Logger, sprockets_conf: SprocketsConfig, + measurements_rx: MeasurementsReceiver, } impl Client { pub(crate) fn new( addr: SocketAddrV6, sprockets_conf: SprocketsConfig, + measurements_rx: MeasurementsReceiver, log: Logger, ) -> Self { - Self { addr, sprockets_conf, log } + Self { addr, sprockets_conf, log, measurements_rx } } /// Start sled agent by sending an initialization request determined from @@ -117,8 +120,14 @@ impl Client { // Establish connection and sprockets connection (if possible). // The sprockets client loads the associated root certificates at this point. // - // TODO: Use a real corpus - let corpus = vec![]; + let corpus = self.measurements_rx.latest_measurements(); + if corpus.is_empty() { + error!(self.log, "The measurement log shouldn't be empty"); + } + for c in &corpus { + info!(self.log, "Using file {c} in corpus"); + } + let stream = SprocketsClient::connect( self.sprockets_conf.clone(), self.addr, diff --git a/sled-agent/src/bootstrap/http_entrypoints.rs b/sled-agent/src/bootstrap/http_entrypoints.rs index 5e6f41b0737..a987e3ba4bf 100644 --- a/sled-agent/src/bootstrap/http_entrypoints.rs +++ b/sled-agent/src/bootstrap/http_entrypoints.rs @@ -24,6 +24,7 @@ use omicron_common::api::external::Error; use omicron_uuid_kinds::RackInitUuid; use omicron_uuid_kinds::RackResetUuid; use sled_agent_config_reconciler::InternalDisksReceiver; +use sled_agent_config_reconciler::MeasurementsReceiver; use sled_agent_types::rack_init::{ RackInitializeRequest, RackInitializeRequestParams, }; @@ -48,6 +49,7 @@ pub(crate) struct BootstrapServerContext { mpsc::Sender>>, pub(crate) sprockets: SprocketsConfig, pub(crate) trust_quorum_handle: trust_quorum::NodeTaskHandle, + pub(crate) measurements_rx: MeasurementsReceiver, } impl BootstrapServerContext { @@ -60,6 +62,7 @@ impl BootstrapServerContext { self.sprockets.clone(), self.global_zone_bootstrap_ip, &self.internal_disks_rx, + &self.measurements_rx, &self.bootstore_node_handle, &self.trust_quorum_handle, request, @@ -132,6 +135,7 @@ impl BootstrapAgentApi for BootstrapAgentImpl { .start_reset( &ctx.base_log, ctx.sprockets.clone(), + ctx.measurements_rx.clone(), ctx.global_zone_bootstrap_ip, ) .map_err(|err| HttpError::for_bad_request(None, err.to_string()))?; diff --git a/sled-agent/src/bootstrap/pre_server.rs b/sled-agent/src/bootstrap/pre_server.rs index bd689156f88..17605c75e66 100644 --- a/sled-agent/src/bootstrap/pre_server.rs +++ b/sled-agent/src/bootstrap/pre_server.rs @@ -17,7 +17,7 @@ use crate::config::Config; use crate::config::SidecarRevision; use crate::ddm_reconciler::DdmReconciler; use crate::long_running_tasks::{ - LongRunningTaskHandles, spawn_all_longrunning_tasks, + LongRunningTaskHandles, LongRunningTaskResult, spawn_all_longrunning_tasks, }; use crate::services::ServiceManager; use crate::sled_agent::SledAgent; @@ -55,6 +55,7 @@ pub(super) struct BootstrapAgentStartup { pub(super) long_running_task_handles: LongRunningTaskHandles, pub(super) sled_agent_started_tx: oneshot::Sender, pub(super) config_reconciler_spawn_token: ConfigReconcilerSpawnToken, + pub(super) cold_boot_measurements: Vec, } impl BootstrapAgentStartup { @@ -120,12 +121,13 @@ impl BootstrapAgentStartup { // Spawn all important long running tasks that live for the lifetime of // the process and are used by both the bootstrap agent and sled agent - let ( + let LongRunningTaskResult { long_running_task_handles, config_reconciler_spawn_token, sled_agent_started_tx, service_manager_ready_tx, - ) = spawn_all_longrunning_tasks( + cold_boot_measurements, + } = spawn_all_longrunning_tasks( &base_log, sled_mode, startup_networking.global_zone_bootstrap_ip, @@ -162,6 +164,7 @@ impl BootstrapAgentStartup { long_running_task_handles, sled_agent_started_tx, config_reconciler_spawn_token, + cold_boot_measurements, }) } } diff --git a/sled-agent/src/bootstrap/rack_ops.rs b/sled-agent/src/bootstrap/rack_ops.rs index b90acb5faa0..8744b42052c 100644 --- a/sled-agent/src/bootstrap/rack_ops.rs +++ b/sled-agent/src/bootstrap/rack_ops.rs @@ -10,6 +10,7 @@ use bootstore::schemes::v0 as bootstore; use omicron_uuid_kinds::RackInitUuid; use omicron_uuid_kinds::RackResetUuid; use sled_agent_config_reconciler::InternalDisksReceiver; +use sled_agent_config_reconciler::MeasurementsReceiver; use sled_agent_types::rack_init::RackInitializeRequestParams; use sled_agent_types::rack_ops::{RackOperationStatus, RssStep}; use slog::Logger; @@ -149,6 +150,7 @@ impl RssAccess { sprockets: SprocketsConfig, global_zone_bootstrap_ip: Ipv6Addr, internal_disks_rx: &InternalDisksReceiver, + measurements_rx: &MeasurementsReceiver, bootstore_node_handle: &bootstore::NodeHandle, trust_quorum_handle: &trust_quorum::NodeTaskHandle, request: RackInitializeRequestParams, @@ -188,6 +190,7 @@ impl RssAccess { mem::drop(status); let parent_log = parent_log.clone(); let internal_disks_rx = internal_disks_rx.clone(); + let measurements_rx = measurements_rx.clone(); let bootstore_node_handle = bootstore_node_handle.clone(); let status = Arc::clone(&self.status); let trust_quorum_handle = trust_quorum_handle.clone(); @@ -197,6 +200,7 @@ impl RssAccess { sprockets, global_zone_bootstrap_ip, internal_disks_rx, + measurements_rx, bootstore_node_handle, trust_quorum_handle, request, @@ -224,6 +228,7 @@ impl RssAccess { &self, parent_log: &Logger, sprockets: SprocketsConfig, + measurements_rx: MeasurementsReceiver, global_zone_bootstrap_ip: Ipv6Addr, ) -> Result { let mut status = self.status.lock().unwrap(); @@ -264,6 +269,7 @@ impl RssAccess { let result = rack_reset( &parent_log, sprockets, + measurements_rx, global_zone_bootstrap_ip, ) .await; @@ -339,6 +345,7 @@ async fn rack_initialize( sprockets: SprocketsConfig, global_zone_bootstrap_ip: Ipv6Addr, internal_disks_rx: InternalDisksReceiver, + measurements_rx: MeasurementsReceiver, bootstore_node_handle: bootstore::NodeHandle, trust_quorum_handle: trust_quorum::NodeTaskHandle, request: RackInitializeRequestParams, @@ -350,6 +357,7 @@ async fn rack_initialize( request, global_zone_bootstrap_ip, internal_disks_rx, + measurements_rx, bootstore_node_handle, trust_quorum_handle, step_tx, @@ -360,8 +368,14 @@ async fn rack_initialize( async fn rack_reset( parent_log: &Logger, sprockets: SprocketsConfig, + measurements_rx: MeasurementsReceiver, global_zone_bootstrap_ip: Ipv6Addr, ) -> Result<(), SetupServiceError> { - RssHandle::run_rss_reset(parent_log, global_zone_bootstrap_ip, sprockets) - .await + RssHandle::run_rss_reset( + parent_log, + global_zone_bootstrap_ip, + sprockets, + measurements_rx, + ) + .await } diff --git a/sled-agent/src/bootstrap/rss_handle.rs b/sled-agent/src/bootstrap/rss_handle.rs index 023c81ebaa3..c143a5c23b0 100644 --- a/sled-agent/src/bootstrap/rss_handle.rs +++ b/sled-agent/src/bootstrap/rss_handle.rs @@ -15,6 +15,7 @@ use omicron_common::backoff::BackoffError; use omicron_common::backoff::retry_notify; use omicron_common::backoff::retry_policy_local; use sled_agent_config_reconciler::InternalDisksReceiver; +use sled_agent_config_reconciler::MeasurementsReceiver; use sled_agent_types::rack_init::RackInitializeRequestParams; use sled_agent_types::rack_ops::RssStep; use sled_agent_types::sled::StartSledAgentRequest; @@ -52,11 +53,16 @@ impl RssHandle { config: RackInitializeRequestParams, our_bootstrap_address: Ipv6Addr, internal_disks_rx: InternalDisksReceiver, + measurements_rx: MeasurementsReceiver, bootstore: bootstore::NodeHandle, trust_quorum: trust_quorum::NodeTaskHandle, step_tx: watch::Sender, ) -> Result<(), SetupServiceError> { - let (tx, rx) = rss_channel(our_bootstrap_address, sprockets); + let (tx, rx) = rss_channel( + our_bootstrap_address, + sprockets, + measurements_rx.clone(), + ); let rss = RackSetupService::new( log.new(o!("component" => "RSS")), @@ -77,8 +83,13 @@ impl RssHandle { log: &Logger, our_bootstrap_address: Ipv6Addr, sprockets: SprocketsConfig, + measurements_rx: MeasurementsReceiver, ) -> Result<(), SetupServiceError> { - let (tx, rx) = rss_channel(our_bootstrap_address, sprockets); + let (tx, rx) = rss_channel( + our_bootstrap_address, + sprockets, + measurements_rx.clone(), + ); let rss = RackSetupService::new_reset_rack( log.new(o!("component" => "RSS")), @@ -95,11 +106,13 @@ async fn initialize_sled_agent( log: &Logger, bootstrap_addr: SocketAddrV6, sprockets: SprocketsConfig, + measurements_rx: MeasurementsReceiver, request: &StartSledAgentRequest, ) -> Result<(), bootstrap_agent_client::Error> { let client = bootstrap_agent_client::Client::new( bootstrap_addr, sprockets, + measurements_rx, log.new(o!("BootstrapAgentClient" => bootstrap_addr.to_string())), ); @@ -131,11 +144,12 @@ async fn initialize_sled_agent( fn rss_channel( our_bootstrap_address: Ipv6Addr, sprockets: SprocketsConfig, + measurements_rx: MeasurementsReceiver, ) -> (BootstrapAgentHandle, BootstrapAgentHandleReceiver) { let (tx, rx) = mpsc::channel(32); ( BootstrapAgentHandle { inner: tx, our_bootstrap_address }, - BootstrapAgentHandleReceiver { inner: rx, sprockets }, + BootstrapAgentHandleReceiver { inner: rx, sprockets, measurements_rx }, ) } @@ -207,6 +221,7 @@ impl BootstrapAgentHandle { struct BootstrapAgentHandleReceiver { inner: mpsc::Receiver, sprockets: SprocketsConfig, + measurements_rx: MeasurementsReceiver, } impl BootstrapAgentHandleReceiver { @@ -227,10 +242,12 @@ impl BootstrapAgentHandleReceiver { // of the initialization requests, allowing them to run concurrently. let s = self.sprockets.clone(); + let mx = self.measurements_rx.clone(); let mut futs = requests .into_iter() .map(|(bootstrap_addr, request)| { let value = s.clone(); + let measurements_rx = mx.clone(); async move { info!( log, "Received initialization request from RSS"; @@ -242,6 +259,7 @@ impl BootstrapAgentHandleReceiver { log, bootstrap_addr, value, + measurements_rx, &request, ) .await diff --git a/sled-agent/src/bootstrap/server.rs b/sled-agent/src/bootstrap/server.rs index be4cd24bf0e..e5fcca4a674 100644 --- a/sled-agent/src/bootstrap/server.rs +++ b/sled-agent/src/bootstrap/server.rs @@ -182,6 +182,7 @@ impl Server { long_running_task_handles, sled_agent_started_tx, config_reconciler_spawn_token, + cold_boot_measurements, } = BootstrapAgentStartup::run(config).await?; // Do we have a StartSledAgentRequest stored in the ledger? @@ -216,6 +217,11 @@ impl Server { sled_reset_tx, sprockets: config.sprockets.clone(), trust_quorum_handle: long_running_task_handles.trust_quorum.clone(), + measurements_rx: long_running_task_handles + .config_reconciler + .measurement_corpus_rx(cold_boot_measurements.clone()) + .await + .clone(), }; let bootstrap_http_server = start_dropshot_server(bootstrap_context)?; @@ -223,6 +229,12 @@ impl Server { // in the sprockets server to our bootstrap agent `Inner` task. let (sled_init_tx, sled_init_rx) = mpsc::channel(1); + let measurements = long_running_task_handles + .config_reconciler + .measurement_corpus_rx(cold_boot_measurements) + .await + .clone(); + // We don't bother to wrap this bind in a // `wait_while_handling_hardware_updates()` because (a) binding should // be fast and (b) can succeed regardless of any pending hardware @@ -235,6 +247,7 @@ impl Server { 0, ), sled_init_tx, + measurements, config.sprockets.clone(), &base_log, ) diff --git a/sled-agent/src/bootstrap/sprockets_server.rs b/sled-agent/src/bootstrap/sprockets_server.rs index f4794b8067f..dc80e9fb08a 100644 --- a/sled-agent/src/bootstrap/sprockets_server.rs +++ b/sled-agent/src/bootstrap/sprockets_server.rs @@ -10,6 +10,7 @@ use crate::bootstrap::params::version; use crate::bootstrap::views::Response; use crate::bootstrap::views::ResponseEnvelope; use crate::bootstrap::views::SledAgentResponse; +use sled_agent_config_reconciler::MeasurementsReceiver; use sled_agent_types::sled::StartSledAgentRequest; use slog::Logger; use sprockets_tls::Stream; @@ -33,12 +34,14 @@ pub(super) struct SprocketsServer { listener: Server, tx_requests: TxRequestsChannel, log: Logger, + measurements: MeasurementsReceiver, } impl SprocketsServer { pub(super) async fn bind( bind_addr: SocketAddrV6, tx_requests: TxRequestsChannel, + measurements: MeasurementsReceiver, sprockets_conf: SprocketsConfig, base_log: &Logger, ) -> io::Result { @@ -49,7 +52,7 @@ impl SprocketsServer { let listener = Server::new(sprockets_conf, bind_addr, log.clone()).await.unwrap(); info!(log, "Started listening"; "local_addr" => %bind_addr); - Ok(Self { listener, tx_requests, log }) + Ok(Self { listener, tx_requests, log, measurements }) } /// Run the sprockets server. @@ -64,7 +67,13 @@ impl SprocketsServer { // Sprockets actually _uses_ the key here! // TODO: Once we have a corpus, use it. // Will we ever have one at RSS time? - let corpus = vec![]; + let corpus = self.measurements.latest_measurements(); + if corpus.is_empty() { + error!(self.log, "The measurement log shouldn't be empty"); + } + for c in &corpus { + info!(self.log, "Using file {c} in corpus"); + } let acceptor = match self.listener.accept(corpus).await { Ok(acceptor) => acceptor, Err(err) => { diff --git a/sled-agent/src/http_entrypoints.rs b/sled-agent/src/http_entrypoints.rs index 249a2fc1b51..72da8728220 100644 --- a/sled-agent/src/http_entrypoints.rs +++ b/sled-agent/src/http_entrypoints.rs @@ -844,6 +844,7 @@ impl SledAgentApi for SledAgentImpl { crate::sled_agent::sled_add( sa.logger().clone(), sa.sprockets().clone(), + sa.measurements_rx().await.clone(), request.sled_id, request.start_request, ) diff --git a/sled-agent/src/long_running_tasks.rs b/sled-agent/src/long_running_tasks.rs index 700d4a08f4b..c998e4c06f3 100644 --- a/sled-agent/src/long_running_tasks.rs +++ b/sled-agent/src/long_running_tasks.rs @@ -12,6 +12,7 @@ //! these tasks are supposed to run forever, and they can shutdown if their //! handles are dropped. +use crate::artifact_store::{ArtifactStore, SledAgentArtifactStoreWrapper}; use crate::bootstrap::bootstore_setup::{ new_bootstore_config, poll_ddmd_for_bootstore_and_tq_peer_update, }; @@ -23,10 +24,11 @@ use crate::services::ServiceManager; use crate::sled_agent::SledAgent; use crate::zone_bundle::ZoneBundler; use bootstore::schemes::v0 as bootstore; +use camino::Utf8PathBuf; use key_manager::{KeyManager, StorageKeyRequester}; use sled_agent_config_reconciler::{ - ConfigReconcilerHandle, ConfigReconcilerSpawnToken, RawDisksSender, - TimeSyncConfig, + ConfigReconcilerHandle, ConfigReconcilerSpawnToken, InternalDisksReceiver, + RawDisksSender, TimeSyncConfig, }; use sled_agent_health_monitor::HealthMonitorHandle; use sled_agent_types::zone_bundle::CleanupContext; @@ -34,7 +36,7 @@ use sled_agent_zone_images::ZoneImageSourceResolver; use sled_hardware::{HardwareManager, SledMode, UnparsedDisk}; use sled_storage::config::MountConfig; use sled_storage::disk::RawSyntheticDisk; -use slog::{Logger, info}; +use slog::{Logger, error, info}; use sprockets_tls::keys::SprocketsConfig; use std::net::Ipv6Addr; use std::sync::Arc; @@ -74,6 +76,25 @@ pub struct LongRunningTaskHandles { /// A handle for interacting with the trust quorum pub trust_quorum: trust_quorum::NodeTaskHandle, + /// Handle to the artifact store + pub artifact_store: Arc>, +} + +pub struct LongRunningTaskResult { + /// Handles to the long running tasks + pub long_running_task_handles: LongRunningTaskHandles, + + /// Token spawning the config reconciler + pub config_reconciler_spawn_token: ConfigReconcilerSpawnToken, + + /// sled agent started channel + pub sled_agent_started_tx: oneshot::Sender, + + /// service manager ready channel + pub service_manager_ready_tx: oneshot::Sender, + + /// measurements needed for early bootup + pub cold_boot_measurements: Vec, } /// Spawn all long running tasks @@ -82,12 +103,7 @@ pub async fn spawn_all_longrunning_tasks( sled_mode: SledMode, global_zone_bootstrap_ip: Ipv6Addr, config: &Config, -) -> ( - LongRunningTaskHandles, - ConfigReconcilerSpawnToken, - oneshot::Sender, - oneshot::Sender, -) { +) -> LongRunningTaskResult { let storage_key_requester = spawn_key_manager(log); let time_sync_config = if let Some(true) = config.skip_timesync { @@ -122,12 +138,41 @@ pub async fn spawn_all_longrunning_tasks( let internal_disks = config_reconciler.wait_for_boot_disk().await; info!(log, "Found boot disk {:?}", internal_disks.boot_disk_id()); + let zone_bundler = spawn_zone_bundler_tasks(log, &config_reconciler).await; + let zone_image_resolver = ZoneImageSourceResolver::new(log, internal_disks); + + let config_reconciler = Arc::new(config_reconciler); + + let artifact_store = Arc::new( + ArtifactStore::new( + &log, + config_reconciler.internal_disks_rx().clone(), + Some(Arc::clone(&config_reconciler)), + ) + .await, + ); + + let config_reconciler_spawn_token = config_reconciler + .pre_spawn_reconciliation_task( + SledAgentArtifactStoreWrapper(Arc::clone(&artifact_store)), + config_reconciler_spawn_token, + ); + + // This must come after we've spawned the ledger task + let cold_boot_measurements = get_cold_boot_measurements( + log, + &config_reconciler, + &zone_image_resolver, + ) + .await; + let trust_quorum = spawn_trust_quorum_task( log, &config_reconciler, &hardware_manager, global_zone_bootstrap_ip, config.sprockets.clone(), + cold_boot_measurements.clone(), ) .await; @@ -140,13 +185,11 @@ pub async fn spawn_all_longrunning_tasks( ) .await; - let zone_bundler = spawn_zone_bundler_tasks(log, &config_reconciler).await; - let zone_image_resolver = ZoneImageSourceResolver::new(log, internal_disks); let health_monitor = spawn_health_monitor_tasks(log).await; - ( - LongRunningTaskHandles { - config_reconciler: Arc::new(config_reconciler), + LongRunningTaskResult { + long_running_task_handles: LongRunningTaskHandles { + config_reconciler, hardware_manager, hardware_monitor, bootstore, @@ -154,11 +197,13 @@ pub async fn spawn_all_longrunning_tasks( zone_image_resolver, health_monitor, trust_quorum, + artifact_store, }, config_reconciler_spawn_token, sled_agent_started_tx, service_manager_ready_tx, - ) + cold_boot_measurements, + } } fn spawn_key_manager(log: &Logger) -> StorageKeyRequester { @@ -207,17 +252,82 @@ fn spawn_hardware_monitor( (monitor, sled_agent_started_tx, service_manager_ready_tx) } +/// on sled-agent cold boot we need a set of measurements before the +/// config reconciler actually runs +async fn get_cold_boot_measurements( + log: &Logger, + config_reconciler: &ConfigReconcilerHandle, + zone_image_resolver: &ZoneImageSourceResolver, +) -> Vec { + while let Err( + sled_agent_config_reconciler::InventoryError::WaitingOnLedger, + ) = config_reconciler.ledgered_sled_config() + { + // waiting for our ledger task to run. This could arguably loop + // forever but if the ledger task isn't running we can't do + // anything anyway + } + + // Get our pre-boot measurements, first we check the ledger + match config_reconciler.ledgered_sled_config() { + Err(e) => { + // Not much we can do! + error!(log, "Error reading sled config from ledger: {e}"); + vec![] + } + // We haven't run RSS, we'll take what we get from the measurement manifest + Ok(None) => match zone_image_resolver + .status() + .to_inventory() + .measurement_manifest + .boot_inventory + { + Err(e) => { + // Not much we can do! + error!(log, "Error reading boot inventory manifest: {e}"); + vec![] + } + Ok(s) => s + .artifacts + .iter() + .filter_map(|entry| match entry.status { + Ok(_) => Some(entry.path.clone()), + Err(_) => None, + }) + .collect(), + }, + // Do an early resolution + Ok(Some(s)) => { + config_reconciler + .bootstrap_measurement_reconciler( + &zone_image_resolver.status(), + &config_reconciler.internal_disks_rx().current(), + &s.measurements, + &log, + ) + .await + } + } +} + async fn spawn_trust_quorum_task( log: &Logger, config_reconciler: &ConfigReconcilerHandle, hardware_manager: &HardwareManager, global_zone_bootstrap_ip: Ipv6Addr, sprockets_config: SprocketsConfig, + cold_boot_measurements: Vec, ) -> trust_quorum::NodeTaskHandle { info!( log, "Using sprockets config for trust-quorum: {sprockets_config:#?}" ); + + let measurements_rx = config_reconciler + .measurement_corpus_rx(cold_boot_measurements) + .await + .clone(); + let cluster_dataset_paths = config_reconciler .internal_disks_rx() .current() @@ -235,7 +345,8 @@ async fn spawn_trust_quorum_task( info!(log, "Starting trust quorum node task"); - let (mut node, handle) = trust_quorum::NodeTask::new(config, log).await; + let (mut node, handle) = + trust_quorum::NodeTask::new(config, log, measurements_rx).await; tokio::spawn(async move { node.run().await }); handle } diff --git a/sled-agent/src/rack_setup/service.rs b/sled-agent/src/rack_setup/service.rs index 2619dc4d4a1..ef611490e5f 100644 --- a/sled-agent/src/rack_setup/service.rs +++ b/sled-agent/src/rack_setup/service.rs @@ -601,6 +601,7 @@ impl ServiceInner { zones: zones_config.zones.into_iter().collect(), remove_mupdate_override: None, host_phase_2: HostPhase2DesiredSlots::current_contents(), + measurements: Default::default(), }; self.set_config_on_sled(*sled_address, sled_config).await?; diff --git a/sled-agent/src/sim/sled_agent.rs b/sled-agent/src/sim/sled_agent.rs index 075dc655a0f..fcba8a3acad 100644 --- a/sled-agent/src/sim/sled_agent.rs +++ b/sled-agent/src/sim/sled_agent.rs @@ -820,6 +820,7 @@ impl SledAgent { zones: zones_config.zones.into_iter().collect(), remove_mupdate_override: None, host_phase_2: HostPhase2DesiredSlots::current_contents(), + measurements: Default::default(), }; Ok(Inventory { diff --git a/sled-agent/src/sled_agent.rs b/sled-agent/src/sled_agent.rs index 45de65083c2..e4db8459e86 100644 --- a/sled-agent/src/sled_agent.rs +++ b/sled-agent/src/sled_agent.rs @@ -4,7 +4,7 @@ //! Sled agent implementation -use crate::artifact_store::ArtifactStore; +use crate::artifact_store::{ArtifactStore, SledAgentArtifactStoreWrapper}; use crate::bootstrap::config::BOOTSTRAP_AGENT_RACK_INIT_PORT; use crate::bootstrap::early_networking::EarlyNetworkSetupError; use crate::config::Config; @@ -63,7 +63,7 @@ use omicron_uuid_kinds::{ use sled_agent_config_reconciler::{ ConfigReconcilerHandle, ConfigReconcilerSpawnToken, InternalDisks, InternalDisksReceiver, LedgerNewConfigError, LedgerTaskError, - ReconcilerInventory, SledAgentArtifactStore, SledAgentFacilities, + MeasurementsReceiver, ReconcilerInventory, SledAgentFacilities, }; use sled_agent_health_monitor::handle::HealthMonitorHandle; use sled_agent_types::dataset::LocalStorageDatasetEnsureRequest; @@ -95,7 +95,6 @@ use sprockets_tls::keys::SprocketsConfig; use std::collections::BTreeMap; use std::net::{Ipv6Addr, SocketAddrV6}; use std::sync::Arc; -use tufaceous_artifact::ArtifactHash; use uuid::Uuid; use illumos_utils::dladm::{Dladm, EtherstubVnic}; @@ -610,15 +609,6 @@ impl SledAgent { network config from bootstore", ); - let artifact_store = Arc::new( - ArtifactStore::new( - &log, - config_reconciler.internal_disks_rx().clone(), - Some(Arc::clone(&config_reconciler)), - ) - .await, - ); - // Start reconciling against our ledgered sled config. config_reconciler.spawn_reconciliation_task( ReconcilerFacilities { @@ -626,7 +616,9 @@ impl SledAgent { service_manager: services.clone(), metrics_queue: metrics_manager.request_queue(), }, - SledAgentArtifactStoreWrapper(Arc::clone(&artifact_store)), + SledAgentArtifactStoreWrapper(Arc::clone( + &long_running_task_handles.artifact_store, + )), config_reconciler_spawn_token, ); @@ -641,8 +633,10 @@ impl SledAgent { ) .await?; - let repo_depot = - artifact_store.start(sled_address, &config.dropshot).await?; + let repo_depot = long_running_task_handles + .artifact_store + .start(sled_address, &config.dropshot) + .await?; // Spawn a background task for managing notifications to nexus // about this sled-agent. @@ -1104,6 +1098,10 @@ impl SledAgent { Ok(()) } + pub(crate) async fn measurements_rx(&self) -> MeasurementsReceiver { + self.inner.config_reconciler.measurement_corpus_rx(vec![]).await + } + /// Return identifiers for this sled. /// /// This is mostly used to identify timeseries data with the originating @@ -1371,6 +1369,7 @@ pub enum AddSledError { pub async fn sled_add( log: Logger, sprockets_config: SprocketsConfig, + measurements_rx: MeasurementsReceiver, sled_id: BaseboardId, request: StartSledAgentRequest, ) -> Result<(), AddSledError> { @@ -1431,6 +1430,7 @@ pub async fn sled_add( let client = crate::bootstrap::client::Client::new( bootstrap_addr, sprockets_config, + measurements_rx, log.new(o!("BootstrapAgentClient" => bootstrap_addr.to_string())), ); @@ -1511,17 +1511,3 @@ impl SledAgentFacilities for ReconcilerFacilities { .remove_internal_dns_subnet(prefix); } } - -// Workaround wrapper for orphan rules. -#[derive(Clone)] -struct SledAgentArtifactStoreWrapper(Arc>); - -impl SledAgentArtifactStore for SledAgentArtifactStoreWrapper { - async fn get_artifact( - &self, - artifact: ArtifactHash, - ) -> anyhow::Result { - let file = self.0.get(artifact).await?; - Ok(file) - } -} diff --git a/sled-agent/types/src/zone_images.rs b/sled-agent/types/src/zone_images.rs index 896bcbf5a46..c969e7c8a0b 100644 --- a/sled-agent/types/src/zone_images.rs +++ b/sled-agent/types/src/zone_images.rs @@ -63,8 +63,8 @@ impl ResolverStatus { pub fn to_inventory(&self) -> ZoneImageResolverInventory { ZoneImageResolverInventory { zone_manifest: self.zone_manifest.to_inventory(), + measurement_manifest: self.measurement_manifest.to_inventory(), mupdate_override: self.mupdate_override.to_inventory(), - // Adding the measurement to inventory will come later } } } diff --git a/sled-agent/types/versions/src/add_health_monitor/inventory.rs b/sled-agent/types/versions/src/add_health_monitor/inventory.rs index f527542b387..cd364c7752a 100644 --- a/sled-agent/types/versions/src/add_health_monitor/inventory.rs +++ b/sled-agent/types/versions/src/add_health_monitor/inventory.rs @@ -18,9 +18,9 @@ use crate::v1::inventory::InventoryZpool; use crate::v1::inventory::SledRole; use crate::v1::inventory::ZoneImageResolverInventory; use crate::v11; -use crate::v11::inventory::ConfigReconcilerInventory; -use crate::v11::inventory::ConfigReconcilerInventoryStatus; -use crate::v11::inventory::OmicronSledConfig; +pub use crate::v11::inventory::ConfigReconcilerInventory; +pub use crate::v11::inventory::ConfigReconcilerInventoryStatus; +pub use crate::v11::inventory::OmicronSledConfig; /// Identity and basic status information about this sled agent #[derive(Clone, Debug, Deserialize, JsonSchema, Serialize)] diff --git a/sled-agent/types/versions/src/impls/inventory.rs b/sled-agent/types/versions/src/impls/inventory.rs index b5a767e09b4..e3bdd09a0a4 100644 --- a/sled-agent/types/versions/src/impls/inventory.rs +++ b/sled-agent/types/versions/src/impls/inventory.rs @@ -418,6 +418,7 @@ impl ConfigReconcilerInventory { zones: BTreeMap::new(), remove_mupdate_override: None, boot_partitions: BootPartitionContents::debug_assume_success(), + measurements: IdOrdMap::new(), }; ret.debug_update_assume_success(config); ret @@ -537,6 +538,7 @@ impl ZoneImageResolverInventory { pub fn new_fake() -> ZoneImageResolverInventory { ZoneImageResolverInventory { zone_manifest: ManifestInventory::new_fake(), + measurement_manifest: ManifestInventory::new_fake(), mupdate_override: MupdateOverrideInventory::new_fake(), } } @@ -588,12 +590,19 @@ pub struct ZoneImageResolverInventoryDisplay<'a> { impl fmt::Display for ZoneImageResolverInventoryDisplay<'_> { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - let ZoneImageResolverInventory { zone_manifest, mupdate_override } = - self.inner; + let ZoneImageResolverInventory { + zone_manifest, + measurement_manifest, + mupdate_override, + } = self.inner; writeln!(f, "zone manifest:")?; let mut indented = IndentWriter::new(" ", f); write!(indented, "{}", zone_manifest.display())?; let f = indented.into_inner(); + writeln!(f, "measurement manifest:")?; + let mut indented = IndentWriter::new(" ", f); + write!(indented, "{}", measurement_manifest.display())?; + let f = indented.into_inner(); writeln!(f, "mupdate override:")?; let mut indented = IndentWriter::new(" ", f); write!(indented, "{}", mupdate_override.display())?; @@ -865,6 +874,7 @@ impl Default for OmicronSledConfig { zones: IdOrdMap::default(), remove_mupdate_override: None, host_phase_2: HostPhase2DesiredSlots::current_contents(), + measurements: Vec::new(), } } } diff --git a/sled-agent/types/versions/src/latest.rs b/sled-agent/types/versions/src/latest.rs index 78b1897e2b7..9fe3a2566b1 100644 --- a/sled-agent/types/versions/src/latest.rs +++ b/sled-agent/types/versions/src/latest.rs @@ -102,18 +102,21 @@ pub mod inventory { pub use crate::v1::inventory::SledCpuFamily; pub use crate::v1::inventory::SledRole; pub use crate::v1::inventory::ZoneArtifactInventory; - pub use crate::v1::inventory::ZoneImageResolverInventory; pub use crate::v1::inventory::ZoneKind; - pub use crate::v11::inventory::ConfigReconcilerInventory; - pub use crate::v11::inventory::ConfigReconcilerInventoryStatus; - pub use crate::v11::inventory::OmicronSledConfig; pub use crate::v11::inventory::OmicronZoneConfig; pub use crate::v11::inventory::OmicronZoneType; pub use crate::v11::inventory::OmicronZonesConfig; pub use crate::v12::inventory::HealthMonitorInventory; - pub use crate::v12::inventory::Inventory; + + pub use crate::v14::inventory::ConfigReconcilerInventory; + pub use crate::v14::inventory::ConfigReconcilerInventoryStatus; + pub use crate::v14::inventory::Inventory; + pub use crate::v14::inventory::OmicronSingleMeasurement; + pub use crate::v14::inventory::OmicronSledConfig; + pub use crate::v14::inventory::ReconciledSingleMeasurement; + pub use crate::v14::inventory::ZoneImageResolverInventory; pub use crate::impls::inventory::ManifestBootInventoryDisplay; pub use crate::impls::inventory::ManifestInventoryDisplay; diff --git a/sled-agent/types/versions/src/lib.rs b/sled-agent/types/versions/src/lib.rs index 9e534c776a4..a77ff316ab8 100644 --- a/sled-agent/types/versions/src/lib.rs +++ b/sled-agent/types/versions/src/lib.rs @@ -43,6 +43,8 @@ pub mod v11; pub mod v12; #[path = "add_trust_quorum/mod.rs"] pub mod v13; +#[path = "measurements/mod.rs"] +pub mod v14; #[path = "add_switch_zone_operator_policy/mod.rs"] pub mod v3; #[path = "add_nexus_lockstep_port_to_inventory/mod.rs"] diff --git a/sled-agent/types/versions/src/measurements/inventory.rs b/sled-agent/types/versions/src/measurements/inventory.rs new file mode 100644 index 00000000000..7df28cee02f --- /dev/null +++ b/sled-agent/types/versions/src/measurements/inventory.rs @@ -0,0 +1,335 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +use std::collections::BTreeMap; +use std::net::SocketAddrV6; + +use chrono::{DateTime, Utc}; +use iddqd::IdOrdItem; +use iddqd::IdOrdMap; +use iddqd::id_upcast; +use omicron_common::api::external; +use omicron_common::{ + api::external::{ByteCount, Generation}, + disk::{DatasetConfig, OmicronPhysicalDiskConfig}, +}; +use omicron_uuid_kinds::SledUuid; +use omicron_uuid_kinds::{DatasetUuid, OmicronZoneUuid}; +use omicron_uuid_kinds::{MupdateOverrideUuid, PhysicalDiskUuid}; +use schemars::JsonSchema; +use serde::{Deserialize, Serialize}; +use sled_hardware_types::{Baseboard, SledCpuFamily}; +use std::time::Duration; + +use crate::v1; +use crate::v1::inventory::{ + BootPartitionContents, ConfigReconcilerInventoryResult, + HostPhase2DesiredSlots, InventoryDataset, InventoryDisk, InventoryZpool, + ManifestInventory, MupdateOverrideInventory, OrphanedDataset, + RemoveMupdateOverrideInventory, SledRole, +}; +use crate::v11::inventory::OmicronZoneConfig; +use crate::v12; +use crate::v12::inventory::HealthMonitorInventory; +use camino::Utf8PathBuf; +use schemars::SchemaGenerator; +use schemars::schema::{Schema, SchemaObject}; +use std::fmt; +use tufaceous_artifact::ArtifactHash; + +/// Identity and basic status information about this sled agent +#[derive(Clone, Debug, Deserialize, JsonSchema, Serialize)] +pub struct Inventory { + pub sled_id: SledUuid, + pub sled_agent_address: SocketAddrV6, + pub sled_role: SledRole, + pub baseboard: Baseboard, + pub usable_hardware_threads: u32, + pub usable_physical_ram: ByteCount, + pub cpu_family: SledCpuFamily, + pub reservoir_size: ByteCount, + pub disks: Vec, + pub zpools: Vec, + pub datasets: Vec, + pub ledgered_sled_config: Option, + pub reconciler_status: ConfigReconcilerInventoryStatus, + pub last_reconciliation: Option, + pub zone_image_resolver: ZoneImageResolverInventory, + pub health_monitor: HealthMonitorInventory, +} + +impl TryFrom for v12::inventory::Inventory { + type Error = external::Error; + + fn try_from(value: Inventory) -> Result { + let ledgered_sled_config = + value.ledgered_sled_config.map(TryInto::try_into).transpose()?; + let last_reconciliation = + value.last_reconciliation.map(TryInto::try_into).transpose()?; + let zone_image_resolver = value.zone_image_resolver.try_into()?; + let reconciler_status = value.reconciler_status.try_into()?; + Ok(Self { + sled_id: value.sled_id, + sled_agent_address: value.sled_agent_address, + sled_role: value.sled_role, + baseboard: value.baseboard, + usable_hardware_threads: value.usable_hardware_threads, + usable_physical_ram: value.usable_physical_ram, + cpu_family: value.cpu_family, + reservoir_size: value.reservoir_size, + disks: value.disks, + zpools: value.zpools, + datasets: value.datasets, + ledgered_sled_config, + reconciler_status, + last_reconciliation, + zone_image_resolver, + health_monitor: value.health_monitor, + }) + } +} + +/// Inventory representation of zone image resolver status and health. +#[derive(Clone, Debug, PartialEq, Eq, Deserialize, JsonSchema, Serialize)] +pub struct ZoneImageResolverInventory { + /// The zone manifest status. + pub zone_manifest: ManifestInventory, + + /// The zone manifest status. + pub measurement_manifest: ManifestInventory, + + pub mupdate_override: MupdateOverrideInventory, +} + +impl TryFrom + for v1::inventory::ZoneImageResolverInventory +{ + type Error = external::Error; + + fn try_from( + value: ZoneImageResolverInventory, + ) -> Result { + Ok(Self { + zone_manifest: value.zone_manifest, + mupdate_override: value.mupdate_override, + }) + } +} + +/// Describes the last attempt made by the sled-agent-config-reconciler to +/// reconcile the current sled config against the actual state of the sled. +#[derive(Clone, Debug, PartialEq, Eq, Deserialize, JsonSchema, Serialize)] +#[serde(rename_all = "snake_case")] +pub struct ConfigReconcilerInventory { + pub last_reconciled_config: OmicronSledConfig, + pub external_disks: + BTreeMap, + pub datasets: BTreeMap, + pub orphaned_datasets: IdOrdMap, + pub zones: BTreeMap, + pub boot_partitions: BootPartitionContents, + pub measurements: IdOrdMap, + /// The result of removing the mupdate override file on disk. + /// + /// `None` if `remove_mupdate_override` was not provided in the sled config. + pub remove_mupdate_override: Option, +} + +impl TryFrom + for v12::inventory::ConfigReconcilerInventory +{ + type Error = external::Error; + + fn try_from(value: ConfigReconcilerInventory) -> Result { + let last_reconciled_config = value.last_reconciled_config.try_into()?; + Ok(Self { + last_reconciled_config, + external_disks: value.external_disks, + datasets: value.datasets, + orphaned_datasets: value.orphaned_datasets, + zones: value.zones, + boot_partitions: value.boot_partitions, + remove_mupdate_override: value.remove_mupdate_override, + }) + } +} + +/// Status of the sled-agent-config-reconciler task. +#[derive(Clone, Debug, PartialEq, Eq, Deserialize, JsonSchema, Serialize)] +#[serde(tag = "status", rename_all = "snake_case")] +pub enum ConfigReconcilerInventoryStatus { + /// The reconciler task has not yet run for the first time since sled-agent + /// started. + NotYetRun, + /// The reconciler task is actively running. + Running { + config: Box, + started_at: DateTime, + running_for: Duration, + }, + /// The reconciler task is currently idle, but previously did complete a + /// reconciliation attempt. + /// + /// This variant does not include the `OmicronSledConfig` used in the last + /// attempt, because that's always available via + /// [`ConfigReconcilerInventory::last_reconciled_config`]. + Idle { completed_at: DateTime, ran_for: Duration }, +} + +impl TryFrom + for v12::inventory::ConfigReconcilerInventoryStatus +{ + type Error = external::Error; + + fn try_from( + value: ConfigReconcilerInventoryStatus, + ) -> Result { + match value { + ConfigReconcilerInventoryStatus::NotYetRun => { + Ok(v12::inventory::ConfigReconcilerInventoryStatus::NotYetRun) + } + ConfigReconcilerInventoryStatus::Running { + config, + started_at, + running_for, + } => Ok(v12::inventory::ConfigReconcilerInventoryStatus::Running { + config: Box::new((*config).try_into()?), + started_at, + running_for, + }), + ConfigReconcilerInventoryStatus::Idle { completed_at, ran_for } => { + Ok(v12::inventory::ConfigReconcilerInventoryStatus::Idle { + completed_at, + ran_for, + }) + } + } + } +} + +/// Describes the set of Reconfigurator-managed configuration elements of a sled +#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema, PartialEq, Eq)] +pub struct OmicronSledConfig { + pub generation: Generation, + // Serialize and deserialize disks, datasets, and zones as maps for + // backwards compatibility. Newer IdOrdMaps should not use IdOrdMapAsMap. + #[serde( + with = "iddqd::id_ord_map::IdOrdMapAsMap::" + )] + pub disks: IdOrdMap, + #[serde(with = "iddqd::id_ord_map::IdOrdMapAsMap::")] + pub datasets: IdOrdMap, + #[serde(with = "iddqd::id_ord_map::IdOrdMapAsMap::")] + pub zones: IdOrdMap, + pub remove_mupdate_override: Option, + #[serde(default = "HostPhase2DesiredSlots::current_contents")] + pub host_phase_2: HostPhase2DesiredSlots, + #[serde(default)] + pub measurements: Vec, +} + +impl TryFrom for v12::inventory::OmicronSledConfig { + type Error = external::Error; + + fn try_from(value: OmicronSledConfig) -> Result { + Ok(Self { + generation: value.generation, + disks: value.disks, + datasets: value.datasets, + zones: value.zones, + remove_mupdate_override: value.remove_mupdate_override, + host_phase_2: value.host_phase_2, + }) + } +} + +impl TryFrom for OmicronSledConfig { + type Error = external::Error; + + fn try_from( + value: v12::inventory::OmicronSledConfig, + ) -> Result { + Ok(Self { + generation: value.generation, + disks: value.disks, + datasets: value.datasets, + zones: value.zones, + remove_mupdate_override: value.remove_mupdate_override, + host_phase_2: value.host_phase_2, + measurements: Vec::new(), + }) + } +} + +/// Represents a single measurement artfact from the TUF artifact +/// store (aka "TUF repo depot"). The fully resolved measurement +/// set is used with trust quorum. +/// +/// Measurements may also come from outside the TUF repo depot +/// via the install dataset from MUPdate but are not represented here +#[derive( + Clone, Debug, Deserialize, Serialize, JsonSchema, PartialEq, Eq, Hash, +)] +pub struct OmicronSingleMeasurement { + /// Measurements are the artifacts matching the hashes from the TUF + /// artifact store (aka "TUF repo depot") + /// + /// Measurements may also come from outside the TUF repo depot + /// via the install dataset from MUPdate but are not explicitly + /// tracked here + pub hash: ArtifactHash, +} + +/// An attempt at resolving a single measurement file to a valid path +#[derive(Clone, Debug, PartialEq, Eq, Deserialize, JsonSchema, Serialize)] +pub struct ReconciledSingleMeasurement { + pub file_name: String, + + #[schemars(schema_with = "path_schema")] + pub path: Utf8PathBuf, + pub result: ConfigReconcilerInventoryResult, +} + +impl IdOrdItem for ReconciledSingleMeasurement { + type Key<'a> = &'a str; + fn key(&self) -> Self::Key<'_> { + &self.file_name + } + id_upcast!(); +} + +impl ReconciledSingleMeasurement { + pub fn display(&self) -> ReconciledSingleMeasurementDisplay<'_> { + ReconciledSingleMeasurementDisplay { inner: self } + } +} + +/// a displayer for [`ReconciledSingleMeasurement`] +pub struct ReconciledSingleMeasurementDisplay<'a> { + inner: &'a ReconciledSingleMeasurement, +} + +impl fmt::Display for ReconciledSingleMeasurementDisplay<'_> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + let ReconciledSingleMeasurement { file_name, path, result } = + self.inner; + + write!(f, "{file_name} with path {path}: ")?; + match result { + ConfigReconcilerInventoryResult::Ok => writeln!(f, "ok")?, + ConfigReconcilerInventoryResult::Err { message } => { + writeln!(f, "error : {message}")? + } + } + Ok(()) + } +} + +// Used for schemars to be able to be used with camino: +// See https://github.com/camino-rs/camino/issues/91#issuecomment-2027908513 +fn path_schema(generator: &mut SchemaGenerator) -> Schema { + let mut schema: SchemaObject = ::json_schema(generator).into(); + schema.format = Some("Utf8PathBuf".to_owned()); + schema.into() +} diff --git a/sled-agent/types/versions/src/measurements/mod.rs b/sled-agent/types/versions/src/measurements/mod.rs new file mode 100644 index 00000000000..bab1c776806 --- /dev/null +++ b/sled-agent/types/versions/src/measurements/mod.rs @@ -0,0 +1,10 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +//! Version `MEASUREMENTS` of the Sled Agent API. +//! +//! This version adds support for reference measurements for use with +//! sprockets/TrustQuorum + +pub mod inventory; diff --git a/sled-agent/zone-images-examples/src/lib.rs b/sled-agent/zone-images-examples/src/lib.rs index c5c23533a19..f964ebf6752 100644 --- a/sled-agent/zone-images-examples/src/lib.rs +++ b/sled-agent/zone-images-examples/src/lib.rs @@ -82,6 +82,7 @@ pub static NON_BOOT_3_PATHS: LazyLock = #[derive(Clone, Debug)] pub struct WriteInstallDatasetContext { pub zones: IdOrdMap, + pub measurements: IdOrdMap, pub mupdate_id: MupdateUuid, pub mupdate_override_uuid: MupdateOverrideUuid, pub write_zone_manifest_to_disk: bool, @@ -102,6 +103,8 @@ impl WriteInstallDatasetContext { ] .into_iter() .collect(), + // XXX we need real fake measurements here + measurements: [].into_iter().collect(), mupdate_id: MupdateUuid::new_v4(), mupdate_override_uuid: MupdateOverrideUuid::new_v4(), write_zone_manifest_to_disk: true, @@ -217,6 +220,34 @@ impl WriteInstallDatasetContext { } } + // XXX UGGGH + pub fn measurement_manifest(&self) -> OmicronInstallManifest { + let source = if self.write_zone_manifest_to_disk { + OmicronInstallManifestSource::Installinator { + mupdate_id: self.mupdate_id, + } + } else { + OmicronInstallManifestSource::SledAgent + }; + OmicronInstallManifest { + source, + files: self + .measurements + .iter() + .filter_map(|zone| { + zone.include_in_json.then(|| OmicronInstallMetadata { + file_name: zone + .zone_kind + .artifact_in_install_dataset() + .to_owned(), + file_size: zone.json_size, + hash: zone.json_hash, + }) + }) + .collect(), + } + } + /// Returns the expected result of writing the zone manifest, taking into /// account mismatches, etc. pub fn expected_result( @@ -235,6 +266,7 @@ impl WriteInstallDatasetContext { zone.include_in_json.then(|| zone.expected_result(dir)) }) .collect(); + ZoneManifestArtifactsResult { manifest, data } } diff --git a/trust-quorum/Cargo.toml b/trust-quorum/Cargo.toml index b1fb035b9c3..c9f137db5b4 100644 --- a/trust-quorum/Cargo.toml +++ b/trust-quorum/Cargo.toml @@ -32,6 +32,7 @@ serde_with.workspace = true sha3.workspace = true sled-agent-types.workspace = true sled-hardware-types.workspace = true +sled-agent-config-reconciler.workspace = true slog.workspace = true slog-error-chain.workspace = true sprockets-tls.workspace = true diff --git a/trust-quorum/src/task.rs b/trust-quorum/src/task.rs index 6456332ef2d..ec422f24f15 100644 --- a/trust-quorum/src/task.rs +++ b/trust-quorum/src/task.rs @@ -13,6 +13,7 @@ use crate::ledgers::PersistentStateLedger; use crate::proxy; use camino::Utf8PathBuf; use omicron_uuid_kinds::RackUuid; +use sled_agent_config_reconciler::MeasurementsReceiver; use sled_hardware_types::BaseboardId; use slog::{Logger, debug, error, info, o, warn}; use slog_error_chain::SlogInlineError; @@ -379,12 +380,16 @@ pub struct NodeTask { /// A tracker for API requests proxied to other nodes proxy_tracker: proxy::Tracker, + + /// Measurements RX + measurements_rx: MeasurementsReceiver, } impl NodeTask { pub async fn new( config: Config, log: &Logger, + measurements_rx: MeasurementsReceiver, ) -> (NodeTask, NodeTaskHandle) { let log = log.new(o!( "component" => "trust-quorum", @@ -441,6 +446,7 @@ impl NodeTask { rx, network_config, proxy_tracker: proxy::Tracker::new(), + measurements_rx, }, NodeTaskHandle { baseboard_id, tx, listen_addr }, ) @@ -451,8 +457,7 @@ impl NodeTask { /// This should be spawned into its own tokio task pub async fn run(&mut self) { while !self.shutdown { - // TODO: Real corpus - let corpus = vec![]; + let corpus = self.measurements_rx.latest_measurements(); tokio::select! { Some(request) = self.rx.recv() => { self.on_api_request(request).await; @@ -598,8 +603,7 @@ impl NodeTask { match request { NodeApiRequest::BootstrapAddresses(addrs) => { info!(self.log, "Updated Peer Addresses: {addrs:?}"); - // TODO: real corpus - let corpus = vec![]; + let corpus = self.measurements_rx.latest_measurements(); let disconnected = self .conn_mgr .update_bootstrap_connections(addrs, corpus) @@ -972,8 +976,11 @@ mod tests { let mut node_handles = vec![]; let mut join_handles = vec![]; for config in configs.clone() { + let measurement_receiver = + MeasurementsReceiver::new_fake(vec![]); let (mut task, handle) = - NodeTask::new(config, &logctx.log).await; + NodeTask::new(config, &logctx.log, measurement_receiver) + .await; node_handles.push(handle); join_handles .push(tokio::spawn(async move { task.run().await })); @@ -1033,8 +1040,11 @@ mod tests { for (config, share_pkg) in configs.clone().into_iter().zip(share_pkgs) { + let measurement_receiver = + MeasurementsReceiver::new_fake(vec![]); let (mut task, handle) = - NodeTask::new(config, &logctx.log).await; + NodeTask::new(config, &logctx.log, measurement_receiver) + .await; task.ctx.update_persistent_state(|ps| { ps.lrtq = Some(share_pkg); // We are modifying the persistent state, but not in a way @@ -1070,9 +1080,11 @@ mod tests { } pub async fn simulate_restart_of_last_node(&mut self) { + let measurement_receiver = MeasurementsReceiver::new_fake(vec![]); let (mut task, handle) = NodeTask::new( self.configs.last().unwrap().clone(), &self.logctx.log, + measurement_receiver, ) .await; let listen_addr = handle.listen_addr(); @@ -1230,10 +1242,12 @@ mod tests { debug!(logctx.log, "AFTER poll for conns with node down"); + let measurement_receiver = MeasurementsReceiver::new_fake(vec![]); // Now let's bring back up the old node and ensure full connectivity again let (mut task, handle) = NodeTask::new( setup.configs.last().unwrap().clone(), &setup.logctx.log, + measurement_receiver, ) .await; setup.node_handles.push(handle.clone()); diff --git a/uuid-kinds/src/lib.rs b/uuid-kinds/src/lib.rs index abc8690806e..2eb483166e9 100644 --- a/uuid-kinds/src/lib.rs +++ b/uuid-kinds/src/lib.rs @@ -60,6 +60,7 @@ impl_typed_uuid_kinds! { InternalZpool = {}, LoopbackAddress = {}, MulticastGroup = {}, + Measurement = {}, Mupdate = {}, MupdateOverride = {}, // `OmicronSledConfig`s do not themselves contain IDs, but we generate IDs