Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zone-setup service could be more helpful in the switch zone #6157

Open
bnaecker opened this issue Jul 25, 2024 · 1 comment · May be fixed by #7260
Open

zone-setup service could be more helpful in the switch zone #6157

bnaecker opened this issue Jul 25, 2024 · 1 comment · May be fixed by #7260
Assignees
@karencfv
Labels
Sled Agent Related to the Per-Sled Configuration and Management

Comments

@bnaecker
Copy link
Collaborator

As part of #6149 and the fix in #6152, I spent a lot of time looking at the zone-setup binary and the related zone-network-setup SMF service. This code, specifically the zone-setup common-networking subcommand, runs in all the zones at startup, and does a few things:

  • Creates an IP interface on its data link (the link is a VNIC over the underlay etherstub)
  • Sets the MTU for both IPv4 and IPv6 on the interface
  • If the tool is provided with a non-localhost IPv6 address, i.e., an address on the underlay, it creates the necessary IP addresses (link-local and static IPv6)
  • Creates a default route to the provided gateway (the sled-agent's underlay IP address)
  • Populates /etc/hosts with a few convenience addresses

This works for most zones because we know all their networking information when they start. For example, for CockroachDB zones, the sled-agent does not launch the zone until we already have the static underlay address that it's server needs to listen on.

The switch zone is different. It's required for bootstrapping the rest of the control plane. In this case, the zone-setup service is provided with only the static address ::1, and so cannot create the underlay IP address inside the zone. In fact, it currently requires that the sled-agent zlogin to the zone later to add that underlay IP address in order to complete -- the route add command will retry until that's done, because it will fail since the sled-agent's underlay IP isn't on a directly-connected network (i.e., the same sled `/64).

So in the case of the switch zone, there's an inherent overlap in the responsibilities of the zone-network-setup service and the sled-agent. It would be nice to sort these out a bit more, and in the spirit of the big thread of work to make the zones self-assembling, completely remove the need for the sled-agent to zlogin into the zone to create the underlay address.

I'm sure there are many ways to do this. One approach would be to have a different zone-setup subcommand that runs in the switch zone, which is (more) persistent rather than one-shot. For example, instead of logging into the zone, the sled-agent could add the underlay address to the SMF properties and then refresh the service. The zone-setup binary could watch for this refresh, reread its SMF properties, and ensure that whatever new values it gets are applied. Note that the sled agent currently adds the same default route as the zone-setup binary -- this would be removed in this proposal, since the zone-setup binary's attempt to add a default route cannot work until it has that address anyway.
@bnaecker bnaecker added the Sled Agent Related to the Per-Sled Configuration and Management label Jul 25, 2024
@karencfv
Copy link
Contributor

Yes, definitely! I think we can get away with ensuring the static addresses are up in that service as well

omicron/sled-agent/src/services.rs

Lines 3935 to 3952 in 836d3a2

for addr in &request.addresses {
if *addr == Ipv6Addr::LOCALHOST {
continue;
}
info!(
self.inner.log,
"Ensuring address {} exists",
addr.to_string()
);
let addr_request =
AddressRequest::new_static(IpAddr::V6(*addr), None);
zone.ensure_address(addr_request).await?;
info!(
self.inner.log,
"Ensuring address {} exists - OK",
addr.to_string()
);
}

I'm thinking it's very possible to use that same zone-setup command (tweaked slightly) as the refresh method. Will look into it :)

@karencfv karencfv self-assigned this Jul 26, 2024
@karencfv karencfv linked a pull request Dec 17, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@karencfv karencfv

Labels
Sled Agent Related to the Per-Sled Configuration and Management
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[sled-agent] Use zone-network-setup service after underlay is up karencfv/omicron
2 participants
@bnaecker @karencfv