Specify external DNS IPs in PlanningInput instead of deriving them from the parent blueprint
#9291
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is part of #9238: we'd like to pull `BlueprintResourceAllocator`'s weird construction out of `BlueprintBuilder`, and this removes _one_ use of it. When adding an internal DNS zone, the caller must now specify the `DnsSubet` instead of `BlueprintBuilder` choosing internally. To assist with this, adds `BlueprintBuilder::available_internal_dns_subnets()`, which returns an iterator of available subnets. I'm not sure this is the right interface; will leave a comment inline with some other ideas.
plotnick
reviewed
Oct 27, 2025
| // This can't be `#[cfg(test)]` because it's used by the `ExampleSystem` | ||
| // helper (which itself is used by reconfigurator-cli and friends). We give | ||
| // it a scary name instead. | ||
| pub(crate) fn inject_untracked_external_dns_ip( |
bnaecker
reviewed
Oct 27, 2025
nexus/db-queries/src/db/datastore/deployment/external_networking.rs
Outdated
Show resolved
Hide resolved
nexus/db-queries/src/db/datastore/deployment/external_networking.rs
Outdated
Show resolved
Hide resolved
davepacheco
reviewed
Nov 4, 2025
| &self, | ||
| opctx: &OpContext, | ||
| ) -> Result<BTreeSet<IpAddr>, Error> { | ||
| // We can _implicitly_ determine the set of external DNS IPs provied |
There was a problem hiding this comment.
Suggested change
| // We can _implicitly_ determine the set of external DNS IPs provied | |
| // We can _implicitly_ determine the set of external DNS IPs provided |
| loaded collections: f45ba181-4b56-42cc-a762-874d90184a43, eb0796d5-ab8a-4f7b-a884-b4aeacb8ab51, 61f451b3-2121-4ed6-91c7-a550054f6c21 | ||
| loaded blueprints: 184f10b3-61cb-41ef-9b93-3489b2bac559, dbcbd3d6-41ff-48ae-ac0b-1becc9b2fd21, 8da82a8e-bf97-4fbd-8ddd-9f6462732cf1, 58d5e830-0884-47d8-a7cd-b2b3751adeb4 | ||
| loaded service IP pool ranges: [V4(Ipv4Range { first: 192.0.2.2, last: 192.0.2.20 })] | ||
| loaded external IP policy: ExternalIpPolicy { service_pool_ipv4_ranges: [Ipv4Range { first: 192.0.2.2, last: 192.0.2.20 }, Ipv4Range { first: 198.51.100.1, last: 198.51.100.30 }], service_pool_ipv6_ranges: [], external_dns_ips: {198.51.100.1, 198.51.100.2, 198.51.100.3} } |
There was a problem hiding this comment.
Where did this extra IPv4 range come from?
There was a problem hiding this comment.
Our ExampleSystemBuilder uses them for the external DNS external IPs. On main they're added as "untracked" (i.e., not present in a service pool):
omicron/nexus/reconfigurator/planning/src/example.rs
Lines 532 to 548 in 3ca8ec6
This PR gets rid of inject_untracked_external_dns_ip(), so I had to add a range to the service pool that covered them.
davepacheco
approved these changes
Nov 5, 2025
Base automatically changed from
john/prune-blueprint-resource-allocator-1
to
main
November 5, 2025 15:05
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is built on top of #9250, and is related to both #9238 and #8949:
BlueprintResourceAllocatorinternalsExternalIpPolicytype; today it holds a couple of IP pools and a set of external DNS IPs, but it gives us a cleaner place to integrate all the IP pool work that @bnaecker is doing with ReconfiguratorSince we don't actually have external DNS IPs in a policy anywhere, this adds
DataStore::external_dns_external_ips_specified_by_rack_setup()(which is implemented as "load the current target blueprint and scan it for external DNS zones"; i.e., exactly what the builder was doing before). We should eventually delete this method once it's possible for an operator to reconfigure the external DNS IPs, but this lets the planning input build up the policy as though we already had this information available, more or less. Other than that new method, almost all the changes in this PR are to tests; the non-test changes are pretty minimal.