nexus: split out control plane zones as separate artifacts #7452
Conversation
|
Note to self: this doesn't set the artifact name correctly (it uses |
sled-agent/src/updates.rs
Outdated
|
|
||
| #[derive(thiserror::Error, Debug)] | ||
| pub enum Error { | ||
| #[error("I/O Error: {message}: {err}")] | ||
| #[error("I/O Error: while accessing {path}: {err}")] |
There was a problem hiding this comment.
Nit - we shouldn't be including the #[source] error in the string (https://github.com/oxidecomputer/slog-error-chain?tab=readme-ov-file#aside-embedding-source-error-strings). I realize this was here before, but since we're patching up the message, can we drop the : {err} here and in ZoneVersion?
There was a problem hiding this comment.
Maybe not right now -- the one place we use this error we're just running err.to_string() on it, and apparently thiserror's Display implementation doesn't support including the error chain with the alternate format like anyhow does.
There was a problem hiding this comment.
Can we replace that with InlineErrorChain::new(&err).to_string()?
| @@ -70,8 +70,10 @@ async fn test_updates() { | |||
| .into_inner(); | |||
|
|
|||
| // We should have an artifact for every known artifact kind... | |||
There was a problem hiding this comment.
Maybe add (except Zone) like the other comments? I'm not sure how valuable that really is, but it does seem like the comment as written is now incorrect.
| cp_builder | ||
| .append_zone( | ||
| name, | ||
| CompositeEntry { data, mtime_source: MtimeSource::Now }, |
There was a problem hiding this comment.
The unit test failure seems legit - does data need to be a tarball containing an oxide.json?
The primary change here is adding a control knob to
ArtifactsWithPlan::from_streamthat either splits out the artifacts or combines all the zones into a single tarball.ControlPlaneZonesMode::Compositeis the current behavior and is used in Wicket and existing unit tests. For the moment this doesn't support handling repositories with artifacts already split out, but the semantics of this setting are that if/when we do that, it will combine them into a single artifact for Wicket.ControlPlaneZonesMode::Splitenables the new behavior and is used in Nexus. This makes the individual zone images available in the TUF Repo Depot and therefore immediately usable by Sled Agent when creating zones.Additionally, we add a check to assembling a TUF repo to ensure that no individual zone images have the same hash; since the fake zones created during tests had the same hashes, we learned such a repo would not be accepted by Nexus due to this check:
omicron/update-common/src/artifacts/update_plan.rs
Lines 875 to 882 in e5bf48f
Closes #4411. (If we want to split out the control plane zones in actual repos we can open a new issue for that.)