[bootstrap-agent] Expose HTTP server for component version querying

Cargo.toml

@@ -141,6 +141,7 @@ dns-service-client = { path = "dns-service-client" }
 dropshot = { git = "https://github.com/oxidecomputer/dropshot", branch = "main", features = [ "usdt-probes" ] }
 expectorate = "1.0.6"
 fatfs = "0.3.6"
+flate2 = "1.0.25"
 fs-err = "2.9.0"
 futures = "0.3.27"
 gateway-client = { path = "gateway-client" }

sled-agent/Cargo.toml

@@ -21,6 +21,7 @@ ddm-admin-client.workspace = true
 dns-server.workspace = true
 dns-service-client.workspace = true
 dropshot.workspace = true
+flate2.workspace = true
 futures.workspace = true
 illumos-utils.workspace = true
 internal-dns-names.workspace = true
@@ -40,6 +41,7 @@ propolis-client.workspace = true
 rand = { workspace = true, features = ["getrandom"] }
 reqwest = { workspace = true, features = ["rustls-tls", "stream"] }
 schemars = { workspace = true, features = [ "chrono", "uuid1" ] }
+semver.workspace = true
 serde.workspace = true
 serde_json.workspace = true
 serde_with.workspace = true
@@ -51,6 +53,7 @@ smf.workspace = true
 sp-sim.workspace = true
 sprockets-common.workspace = true
 sprockets-host.workspace = true
+tar.workspace = true
 tempfile.workspace = true
 thiserror.workspace = true
 tofino.workspace = true

sled-agent/src/bin/sled-agent.rs

@@ -99,6 +99,7 @@ async fn do_run() -> Result<(), CmdError> {
                 id: Uuid::new_v4(),
                 link,
                 log: config.log.clone(),
+                updates: config.updates.clone(),
                 rss_config,
                 sp_config,
             };

sled-agent/src/bootstrap/agent.rs

@@ -5,7 +5,9 @@
 //! Bootstrap-related APIs.
 
 use super::client::Client as BootstrapAgentClient;
-use super::config::{Config, BOOTSTRAP_AGENT_PORT};
+use super::config::{
+    Config, BOOTSTRAP_AGENT_HTTP_PORT, BOOTSTRAP_AGENT_SPROCKETS_PORT,
+};
 use super::ddm_admin_client::{DdmAdminClient, DdmError};
 use super::hardware::HardwareMonitor;
 use super::params::SledAgentRequest;
@@ -20,6 +22,7 @@ use crate::config::Config as SledConfig;
 use crate::server::Server as SledServer;
 use crate::services::ServiceManager;
 use crate::sp::SpHandle;
+use crate::updates::UpdateManager;
 use futures::stream::{self, StreamExt, TryStreamExt};
 use illumos_utils::dladm::{self, Dladm, GetMacError, PhysicalLink};
 use illumos_utils::zfs::{
@@ -99,6 +102,9 @@ pub enum BootstrapError {
 
     #[error("Error managing guest networking: {0}")]
     Opte(#[from] illumos_utils::opte::Error),
+
+    #[error("Error accessing version information: {0}")]
+    Version(#[from] crate::updates::Error),
 }
 
 impl From<BootstrapError> for ExternalError {
@@ -126,7 +132,9 @@ pub(crate) struct Agent {
     /// Store the parent log - without "component = BootstrapAgent" - so
     /// other launched components can set their own value.
     parent_log: Logger,
-    address: SocketAddrV6,
+
+    /// Bootstrap network address.
+    ip: Ipv6Addr,
 
     /// Our share of the rack secret, if we have one.
     share: Mutex<Option<ShareDistribution>>,
@@ -159,6 +167,8 @@ fn mac_to_bootstrap_ip(mac: MacAddr, interface_id: u64) -> Ipv6Addr {
     )
 }
 
+// TODO(https://github.com/oxidecomputer/omicron/issues/945): This address
+// could be randomly generated when it no longer needs to be durable.
 fn bootstrap_ip(
     link: PhysicalLink,
     interface_id: u64,
@@ -167,17 +177,6 @@ fn bootstrap_ip(
     Ok(mac_to_bootstrap_ip(mac, interface_id))
 }
 
-// TODO(https://github.com/oxidecomputer/omicron/issues/945): This address
-// could be randomly generated when it no longer needs to be durable.
-fn bootstrap_address(
-    link: PhysicalLink,
-    interface_id: u64,
-    port: u16,
-) -> Result<SocketAddrV6, dladm::GetMacError> {
-    let ip = bootstrap_ip(link, interface_id)?;
-    Ok(SocketAddrV6::new(ip, port, 0, 0))
-}
-
 // Deletes all state which may be left-over from a previous execution of the
 // Sled Agent.
 //
@@ -244,7 +243,7 @@ impl Agent {
             "component" => "BootstrapAgent",
         ));
 
-        let address = bootstrap_address(link.clone(), 1, BOOTSTRAP_AGENT_PORT)?;
+        let ip = bootstrap_ip(link.clone(), 1)?;
 
         // The only zone with a bootstrap ip address besides the global zone,
         // is the switch zone. We allocate this address here since we have
@@ -294,15 +293,15 @@ impl Agent {
 
         Zones::ensure_has_global_zone_v6_address(
             bootstrap_etherstub_vnic.clone(),
-            *address.ip(),
+            ip,
             "bootstrap6",
         )
         .map_err(|err| BootstrapError::BootstrapAddress { err })?;
 
         // Start trying to notify ddmd of our bootstrap address so it can
         // advertise it to other sleds.
         let ddmd_client = DdmAdminClient::new(log.clone())?;
-        ddmd_client.advertise_prefix(Ipv6Subnet::new(*address.ip()));
+        ddmd_client.advertise_prefix(Ipv6Subnet::new(ip));
 
         // Before we start creating zones, we need to ensure that the
         // necessary ZFS and Zone resources are ready.
@@ -360,7 +359,7 @@ impl Agent {
         let agent = Agent {
             log: ba_log,
             parent_log: log,
-            address,
+            ip,
             share: Mutex::new(None),
             rss: Mutex::new(None),
             sled_state: Mutex::new(SledAgentState::Before(Some(
@@ -633,7 +632,7 @@ impl Agent {
                     .map(|addr| {
                         let addr = SocketAddrV6::new(
                             addr,
-                            BOOTSTRAP_AGENT_PORT,
+                            BOOTSTRAP_AGENT_SPROCKETS_PORT,
                             0,
                             0,
                         );
@@ -714,7 +713,7 @@ impl Agent {
             let rss = RssHandle::start_rss(
                 &self.parent_log,
                 rss_config.clone(),
-                *self.address.ip(),
+                self.ip,
                 self.sp.clone(),
                 // TODO-cleanup: Remove this arg once RSS can discover the trust
                 // quorum members over the management network.
@@ -729,9 +728,22 @@ impl Agent {
         Ok(())
     }
 
-    /// Return the global zone address that the bootstrap agent binds to.
-    pub fn address(&self) -> SocketAddrV6 {
-        self.address
+    pub async fn components_get(
+        &self,
+    ) -> Result<Vec<crate::updates::Component>, BootstrapError> {
+        let updates = UpdateManager::new(self.sled_config.updates.clone());
+        let components = updates.components_get().await?;
+        Ok(components)
+    }
+
+    /// The GZ address used by the bootstrap agent for Sprockets.
+    pub fn sprockets_address(&self) -> SocketAddrV6 {
+        SocketAddrV6::new(self.ip, BOOTSTRAP_AGENT_SPROCKETS_PORT, 0, 0)
+    }
+
+    /// The address used by the bootstrap agent to serve a dropshot interface.
+    pub fn http_address(&self) -> SocketAddrV6 {
+        SocketAddrV6::new(self.ip, BOOTSTRAP_AGENT_HTTP_PORT, 0, 0)
     }
 }
 

sled-agent/src/bootstrap/config.rs

@@ -5,20 +5,23 @@
 //! Interfaces for working with bootstrap agent configuration
 
 use crate::sp::SimSpConfig;
+use crate::updates::ConfigUpdates;
 use dropshot::ConfigLogging;
 use illumos_utils::dladm::PhysicalLink;
 use serde::Deserialize;
 use serde::Serialize;
 use uuid::Uuid;
 
-pub const BOOTSTRAP_AGENT_PORT: u16 = 12346;
+pub const BOOTSTRAP_AGENT_HTTP_PORT: u16 = 80;
+pub const BOOTSTRAP_AGENT_SPROCKETS_PORT: u16 = 12346;
 
 /// Configuration for a bootstrap agent
 #[derive(Clone, Debug, Deserialize, Serialize, PartialEq)]
 pub struct Config {
     pub id: Uuid,
     pub link: PhysicalLink,
     pub log: ConfigLogging,
+    pub updates: ConfigUpdates,
     pub rss_config: Option<crate::rack_setup::config::SetupServiceConfig>,
     pub sp_config: Option<SimSpConfig>,
 }

sled-agent/src/bootstrap/http_entrypoints.rs

@@ -0,0 +1,50 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+//! HTTP entrypoint functions for the bootstrap agent's API.
+//!
+//! Note that the bootstrap agent also communicates over Sprockets,
+//! and has a separate interface for establishing the trust quorum.
+
+use crate::bootstrap::agent::Agent;
+use crate::updates::Component;
+use dropshot::{
+    endpoint, ApiDescription, HttpError, HttpResponseOk, RequestContext,
+};
+use omicron_common::api::external::Error;
+use std::sync::Arc;
+
+type BootstrapApiDescription = ApiDescription<Arc<Agent>>;
+
+/// Returns a description of the bootstrap agent API
+pub(crate) fn api() -> BootstrapApiDescription {
+    fn register_endpoints(
+        api: &mut BootstrapApiDescription,
+    ) -> Result<(), String> {
+        api.register(components_get)?;
+        Ok(())
+    }
+
+    let mut api = BootstrapApiDescription::new();
+    if let Err(err) = register_endpoints(&mut api) {
+        panic!("failed to register entrypoints: {}", err);
+    }
+    api
+}
+
+/// Provides a list of components known to the bootstrap agent.
+///
+/// This API is intended to allow early boot services (such as Wicket)
+/// to query the underlying component versions installed on a sled.
+#[endpoint {
+    method = GET,
+    path = "/components",
+}]
+async fn components_get(
+    rqctx: RequestContext<Arc<Agent>>,
+) -> Result<HttpResponseOk<Vec<Component>>, HttpError> {
+    let ba = rqctx.context();
+    let components = ba.components_get().await.map_err(|e| Error::from(e))?;
+    Ok(HttpResponseOk(components))
+}

sled-agent/src/bootstrap/mod.rs

@@ -9,6 +9,7 @@ pub mod client;
 pub mod config;
 pub mod ddm_admin_client;
 mod hardware;
+mod http_entrypoints;
 mod maghemite;
 pub(crate) mod params;
 pub(crate) mod rss_handle;