From dfca7ceffdd8493b3b21d48c8e3c504b153dab1c Mon Sep 17 00:00:00 2001 From: karencfv Date: Mon, 19 Feb 2024 15:25:02 +1300 Subject: [PATCH] Use zone-network CLI to set up OPTE interface and package everything --- package-manifest.toml | 53 +++++++++++++++++--- sled-agent/src/services.rs | 78 ++++++++++++----------------- smf/external-dns/manifest.xml | 10 ++-- smf/external-dns/method_script.sh | 27 ++-------- smf/zone-network-setup/manifest.xml | 2 +- 5 files changed, 89 insertions(+), 81 deletions(-) diff --git a/package-manifest.toml b/package-manifest.toml index 3456bf6f9f..fbd3ddbb21 100644 --- a/package-manifest.toml +++ b/package-manifest.toml @@ -120,7 +120,7 @@ setup_hint = """ service_name = "oximeter" only_for_targets.image = "standard" source.type = "composite" -source.packages = [ "oximeter-collector.tar.gz", "zone-network-setup.tar.gz" ] +source.packages = [ "oximeter-collector.tar.gz", "zone-network-setup.tar.gz", "zone-network-install.tar.gz" ] output.type = "zone" [package.oximeter-collector] @@ -140,7 +140,12 @@ output.intermediate_only = true service_name = "clickhouse" only_for_targets.image = "standard" source.type = "composite" -source.packages = [ "clickhouse_svc.tar.gz", "internal-dns-cli.tar.gz", "zone-network-setup.tar.gz" ] +source.packages = [ + "clickhouse_svc.tar.gz", + "internal-dns-cli.tar.gz", + "zone-network-setup.tar.gz", + "zone-network-install.tar.gz" +] output.type = "zone" [package.clickhouse_svc] @@ -161,7 +166,12 @@ setup_hint = "Run `./tools/ci_download_clickhouse` to download the necessary bin service_name = "clickhouse_keeper" only_for_targets.image = "standard" source.type = "composite" -source.packages = [ "clickhouse_keeper_svc.tar.gz", "internal-dns-cli.tar.gz", "zone-network-setup.tar.gz" ] +source.packages = [ + "clickhouse_keeper_svc.tar.gz", + "internal-dns-cli.tar.gz", + "zone-network-setup.tar.gz", + "zone-network-install.tar.gz" +] output.type = "zone" [package.clickhouse_keeper_svc] @@ -182,7 +192,12 @@ setup_hint = "Run `./tools/ci_download_clickhouse` to download the necessary bin service_name = "cockroachdb" only_for_targets.image = "standard" source.type = "composite" -source.packages = [ "cockroachdb-service.tar.gz", "internal-dns-cli.tar.gz", "zone-network-setup.tar.gz" ] +source.packages = [ + "cockroachdb-service.tar.gz", + "internal-dns-cli.tar.gz", + "zone-network-setup.tar.gz", + "zone-network-install.tar.gz" +] output.type = "zone" [package.cockroachdb-service] @@ -220,7 +235,13 @@ output.type = "zone" service_name = "external_dns" only_for_targets.image = "standard" source.type = "composite" -source.packages = [ "dns-server.tar.gz", "external-dns-customizations.tar.gz", "zone-network-setup.tar.gz" ] +source.packages = [ + "dns-server.tar.gz", + "external-dns-customizations.tar.gz", + "zone-network-setup.tar.gz", + "zone-network-install.tar.gz", + "opte-interface-setup.tar.gz" +] output.type = "zone" [package.dns-server] @@ -247,7 +268,6 @@ only_for_targets.image = "standard" source.type = "local" source.paths = [ { from = "smf/external-dns", to = "/var/svc/manifest/site/external_dns" }, - # TODO: Removeme as we'll have a separate service for setting up OPTE interfaces { from = "smf/external-dns/method_script.sh", to = "/opt/oxide/lib/svc/manifest/external_dns.sh" }, ] output.intermediate_only = true @@ -630,14 +650,31 @@ source.packages = [ ] output.type = "zone" -[package.zone-network-setup] +[package.zone-network-install] service_name = "zone-network-setup" only_for_targets.image = "standard" source.type = "local" +source.paths = [ + { from = "smf/zone-network-setup/manifest.xml", to = "/var/svc/manifest/site/zone-network-setup/manifest.xml" }, +] +output.type = "zone" +output.intermediate_only = true + +[package.zone-network-setup] +service_name = "zone-network-cli" +only_for_targets.image = "standard" +source.type = "local" source.rust.binary_names = ["zone-networking"] source.rust.release = true +output.type = "zone" +output.intermediate_only = true + +[package.opte-interface-setup] +service_name = "opte-interface-setup" +only_for_targets.image = "standard" +source.type = "local" source.paths = [ - { from = "smf/zone-network-setup/manifest.xml", to = "/var/svc/manifest/site/zone-network-setup/manifest.xml" }, + { from = "smf/opte-interface-setup/manifest.xml", to = "/var/svc/manifest/site/opte-interface-setup/manifest.xml" }, ] output.type = "zone" output.intermediate_only = true diff --git a/sled-agent/src/services.rs b/sled-agent/src/services.rs index 42a1852ca2..ece3f04552 100644 --- a/sled-agent/src/services.rs +++ b/sled-agent/src/services.rs @@ -1447,6 +1447,30 @@ impl ServiceManager { .add_instance(ServiceInstanceBuilder::new("default"))) } + fn opte_interface_set_up_install( + zone: &InstalledZone, + ) -> Result { + let port_idx = 0; + let port = zone.opte_ports().nth(port_idx).ok_or_else(|| { + Error::ZoneEnsureAddress(EnsureAddressError::MissingOptePort { + zone: String::from(zone.name()), + port_idx, + }) + })?; + + let opte_interface = port.vnic_name(); + let opte_gateway = &port.gateway().ip().to_string(); + + let mut config_builder = PropertyGroupBuilder::new("config"); + config_builder = config_builder + .add_property("interface", "astring", opte_interface) + .add_property("gateway", "astring", opte_gateway); + + Ok(ServiceBuilder::new("oxide/opte-interface-setup") + .add_property_group(config_builder) + .add_instance(ServiceInstanceBuilder::new("default"))) + } + async fn initialize_zone( &self, request: ZoneArgs<'_>, @@ -1851,45 +1875,6 @@ impl ServiceManager { return Err(Error::SledAgentNotReady); }; - // Like Nexus, we need to be reachable externally via - // `dns_address` but we don't listen on that address - // directly but instead on a VPC private IP. OPTE will - // en/decapsulate as appropriate. - let port_idx = 0; - let port = installed_zone - .opte_ports() - .nth(port_idx) - .ok_or_else(|| { - Error::ZoneEnsureAddress( - EnsureAddressError::MissingOptePort { - zone: String::from(installed_zone.name()), - port_idx, - }, - ) - })?; - - // TODO: These should be set up as part of the networking service perhaps? - // Nexus will likely need this as well - // - // OPTE_INTERFACE="$(svcprop -c -p config/opte_interface "${SMF_FMRI}")" - // OPTE_GATEWAY="$(svcprop -c -p config/opte_gateway "${SMF_FMRI}")" - // - // # Set up OPTE interface - // if [[ "$OPTE_GATEWAY" =~ .*:.* ]]; then - // # IPv6 gateway - // echo "IPv6 OPTE gateways are not yet supported" - // exit 1 - // else - // # IPv4 gateway - // ipadm show-addr "$OPTE_INTERFACE/public" || ipadm create-addr -t -T dhcp "$OPTE_INTERFACE/public" - // OPTE_IP=$(ipadm show-addr -p -o ADDR "$OPTE_INTERFACE/public" | cut -d'/' -f 1) - // route get -host "$OPTE_GATEWAY" "$OPTE_IP" -interface -ifp "$OPTE_INTERFACE" || route add -host "$OPTE_GATEWAY" "$OPTE_IP" -interface -ifp "$OPTE_INTERFACE" - // route get -inet default "$OPTE_GATEWAY" || route add -inet default "$OPTE_GATEWAY" - // fi - // - let opte_interface = port.vnic_name(); - let opte_gateway = &port.gateway().ip().to_string(); - let static_addr = underlay_address.to_string(); let nw_setup_service = Self::zone_network_setup_install( @@ -1898,16 +1883,18 @@ impl ServiceManager { &static_addr.clone(), )?; + // Like Nexus, we need to be reachable externally via + // `dns_address` but we don't listen on that address + // directly but instead on a VPC private IP. OPTE will + // en/decapsulate as appropriate. + let opte_interface_setup = Self::opte_interface_set_up_install(&installed_zone)?; + let http_addr = format!("[{}]:{}", static_addr, DNS_HTTP_PORT); - let dns_addr = format!("{}", DNS_PORT); + let dns_port = format!("{}", DNS_PORT); let external_dns_config = PropertyGroupBuilder::new("config") - // TODO: Removeme and move to new opte interface service - .add_property("opte_gateway", "astring", opte_gateway) - .add_property("opte_interface", "astring", opte_interface) - // TODO: Keep these two .add_property("http_address", "astring", &http_addr) - .add_property("dns_address", "astring", &dns_addr); + .add_property("dns_port", "astring", &dns_port); let external_dns_service = ServiceBuilder::new("oxide/external_dns").add_instance( ServiceInstanceBuilder::new("default") @@ -1916,6 +1903,7 @@ impl ServiceManager { let profile = ProfileBuilder::new("omicron") .add_service(nw_setup_service) + .add_service(opte_interface_setup) .add_service(disabled_ssh_service) .add_service(external_dns_service); profile diff --git a/smf/external-dns/manifest.xml b/smf/external-dns/manifest.xml index 6eb3eeb545..453562b6a2 100644 --- a/smf/external-dns/manifest.xml +++ b/smf/external-dns/manifest.xml @@ -16,6 +16,11 @@ + + + + @@ -23,10 +28,7 @@ - - - - + diff --git a/smf/external-dns/method_script.sh b/smf/external-dns/method_script.sh index b6b8e91801..a55cd37d20 100755 --- a/smf/external-dns/method_script.sh +++ b/smf/external-dns/method_script.sh @@ -6,34 +6,15 @@ set -o pipefail . /lib/svc/share/smf_include.sh -# TODO: OPTE variables to be moved to opte-nw-service -OPTE_INTERFACE="$(svcprop -c -p config/opte_interface "${SMF_FMRI}")" -OPTE_GATEWAY="$(svcprop -c -p config/opte_gateway "${SMF_FMRI}")" - HTTP_ADDR="$(svcprop -c -p config/http_address "${SMF_FMRI}")" -# TODO: Rename DNS_ADDR to DNS_PORT if I don't find a way to retrieve OPTE_IP from the installed zone somehow -DNS_ADDR="$(svcprop -c -p config/dns_address "${SMF_FMRI}")" - -# TODO: This should be its own service -# Set up OPTE interface -if [[ "$OPTE_GATEWAY" =~ .*:.* ]]; then - # IPv6 gateway - echo "IPv6 OPTE gateways are not yet supported" - exit 1 -else - # IPv4 gateway - ipadm show-addr "$OPTE_INTERFACE/public" || ipadm create-addr -t -T dhcp "$OPTE_INTERFACE/public" - # TODO: Perhaps only keep this line to retrieve the IP which will be used by --dns-address? - OPTE_IP=$(ipadm show-addr -p -o ADDR "$OPTE_INTERFACE/public" | cut -d'/' -f 1) - route get -host "$OPTE_GATEWAY" "$OPTE_IP" -interface -ifp "$OPTE_INTERFACE" || route add -host "$OPTE_GATEWAY" "$OPTE_IP" -interface -ifp "$OPTE_INTERFACE" - route get -inet default "$OPTE_GATEWAY" || route add -inet default "$OPTE_GATEWAY" -fi +DNS_PORT="$(svcprop -c -p config/dns_port "${SMF_FMRI}")" +# TODO: Replace for zonw nw CLI command? +OPTE_IP=$(ipadm show-addr -p -o ADDR "$OPTE_INTERFACE/public" | cut -d'/' -f 1) -# TODO: This command and args will be moved back to the start method on the manifest.xml file args=( "--config-file" "/var/svc/manifest/site/external_dns/config.toml" "--http-address" "$HTTP_ADDR" - "--dns-address" "$OPTE_IP:$DNS_ADDR" + "--dns-address" "$OPTE_IP:$DNS_PORT" ) exec /opt/oxide/dns-server/bin/dns-server "${args[@]}" & \ No newline at end of file diff --git a/smf/zone-network-setup/manifest.xml b/smf/zone-network-setup/manifest.xml index 8c282bba27..a20ff949a4 100644 --- a/smf/zone-network-setup/manifest.xml +++ b/smf/zone-network-setup/manifest.xml @@ -18,7 +18,7 @@