Skip to content

reconfigurator-cli should support setting target release #8283

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 68 commits into from
Jun 13, 2025
Merged

reconfigurator-cli should support setting target release #8283

merged 68 commits into from
Jun 13, 2025

Conversation

davepacheco
Copy link
Collaborator

@davepacheco davepacheco commented Jun 5, 2025
edited
Loading

To be able to use reconfigurator-cli to exercise upgrade-related planning, it needs metadata about TUF artifacts available to it. This change adds set target-release /path/to/tuf_repo.zip, which reads a TUF repo zip file, unpacks it into a temporary directory, and extracts the metadata. (This is a little overkill but it's easy to do.) You can also see the metadata with show.

〉load-example
loaded example system with:
- collection: dec1c323-d3c8-4445-a27f-1cc27f2cfc71
- blueprint: bb63513b-0570-454c-be42-9ef320ce0c4d
〉set target-release /home/dap/tuf-repos/fake2/archive-dap.zip
INFO extracting uploaded archive to /dangerzone/omicron_tmp/.tmpjF1seJ
INFO created directory to store extracted artifacts, path: /dangerzone/omicron_tmp/update-artifacts.UDIKDU
INFO added artifact, name: SimGimletSp, kind: gimlet_sp, version: 1.0.0, hash: 7e6667e646ad001b54c8365a3d309c03f89c59102723d38d01697ee8079fe670, length: 747
INFO added artifact, name: fake-gimlet-rot, kind: gimlet_rot_image_a, version: 1.0.0, hash: 04e4a7fdb84acca92c8fd3235e26d64ea61bef8a5f98202589fd346989c5720a, length: 735
INFO added artifact, name: fake-gimlet-rot, kind: gimlet_rot_image_b, version: 1.0.0, hash: 04e4a7fdb84acca92c8fd3235e26d64ea61bef8a5f98202589fd346989c5720a, length: 735
INFO added artifact, name: fake-gimlet-rot-bootloader, kind: gimlet_rot_bootloader, version: 1.0.0, hash: 005ea358f1cd316df42465b1e3a0334ea22cc0c0442cf9ddf9b42fbf49780236, length: 750
INFO added artifact, name: fake-host, kind: host_phase_1, version: 1.0.0, hash: 2053f8594971bbf0a7326c833e2ffc12b065b9d823b9c0b967d275fa595e4e89, length: 524288
INFO added artifact, name: fake-host, kind: host_phase_2, version: 1.0.0, hash: f3dd0c7a1bd4500ea0d8bcf67581f576d47752b2f1998a4cb0f0c3155c483008, length: 1048576
INFO added artifact, name: fake-trampoline, kind: trampoline_phase_1, version: 1.0.0, hash: 9b7575cad720f017e936fe5994fc4e21fe040acaaf83c2edd86132aa3d667c7b, length: 524288
INFO added artifact, name: fake-trampoline, kind: trampoline_phase_2, version: 1.0.0, hash: f355fb8429a7e0f0716dad035f9a06c799168d6c0ffcde85b1a96fef21d4b53e, length: 1048576
INFO added artifact, name: zone1, kind: zone, version: 1.0.0, hash: 584bcfabf852d22ca322ca92076836cc8c9aa0489bc4132fef345271f2a00daf, length: 6612
INFO added artifact, name: zone2, kind: zone, version: 1.0.0, hash: 4063276e4ce47896848da87c83a9e28949c104d92581d62e50bea7ff7a8cfe1c, length: 6613
INFO added artifact, name: fake-psc-sp, kind: psc_sp, version: 1.0.0, hash: f896cf5b19ca85864d470ad8587f980218bff3954e7f52bbd999699cd0f9635b, length: 744
INFO added artifact, name: fake-psc-rot, kind: psc_rot_image_a, version: 1.0.0, hash: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b, length: 750
INFO added artifact, name: fake-psc-rot, kind: psc_rot_image_b, version: 1.0.0, hash: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b, length: 750
INFO added artifact, name: fake-psc-rot-bootloader, kind: psc_rot_bootloader, version: 1.0.0, hash: 005ea358f1cd316df42465b1e3a0334ea22cc0c0442cf9ddf9b42fbf49780236, length: 750
INFO added artifact, name: fake-switch-sp, kind: switch_sp, version: 1.0.0, hash: ab32ec86e942e1a16c8d43ea143cd80dd05a9639529d3569b1c24dfa2587ee74, length: 740
INFO added artifact, name: fake-switch-rot, kind: switch_rot_image_a, version: 1.0.0, hash: 04e4a7fdb84acca92c8fd3235e26d64ea61bef8a5f98202589fd346989c5720a, length: 735
INFO added artifact, name: fake-switch-rot, kind: switch_rot_image_b, version: 1.0.0, hash: 04e4a7fdb84acca92c8fd3235e26d64ea61bef8a5f98202589fd346989c5720a, length: 735
INFO added artifact, name: fake-switch-rot-bootloader, kind: switch_rot_bootloader, version: 1.0.0, hash: 005ea358f1cd316df42465b1e3a0334ea22cc0c0442cf9ddf9b42fbf49780236, length: 750
set target release based on /home/dap/tuf-repos/fake2/archive-dap.zip
〉show
configured external DNS zone name: oxide.example
configured silo names: example-silo
internal DNS generations: 1
external DNS generations: 1
target number of Nexus instances: default
target release: 1.0.0 (system-update-v1.0.0.zip)
    artifact: 7e6667e646ad001b54c8365a3d309c03f89c59102723d38d01697ee8079fe670 gimlet_sp (SimGimletSp version 1.0.0)
    artifact: 04e4a7fdb84acca92c8fd3235e26d64ea61bef8a5f98202589fd346989c5720a gimlet_rot_image_a (fake-gimlet-rot version 1.0.0)
    artifact: 04e4a7fdb84acca92c8fd3235e26d64ea61bef8a5f98202589fd346989c5720a gimlet_rot_image_b (fake-gimlet-rot version 1.0.0)
    artifact: 005ea358f1cd316df42465b1e3a0334ea22cc0c0442cf9ddf9b42fbf49780236 gimlet_rot_bootloader (fake-gimlet-rot-bootloader version 1.0.0)
    artifact: 2053f8594971bbf0a7326c833e2ffc12b065b9d823b9c0b967d275fa595e4e89 host_phase_1 (fake-host version 1.0.0)
    artifact: f3dd0c7a1bd4500ea0d8bcf67581f576d47752b2f1998a4cb0f0c3155c483008 host_phase_2 (fake-host version 1.0.0)
    artifact: 9b7575cad720f017e936fe5994fc4e21fe040acaaf83c2edd86132aa3d667c7b trampoline_phase_1 (fake-trampoline version 1.0.0)
    artifact: f355fb8429a7e0f0716dad035f9a06c799168d6c0ffcde85b1a96fef21d4b53e trampoline_phase_2 (fake-trampoline version 1.0.0)
    artifact: 584bcfabf852d22ca322ca92076836cc8c9aa0489bc4132fef345271f2a00daf zone (zone1 version 1.0.0)
    artifact: 4063276e4ce47896848da87c83a9e28949c104d92581d62e50bea7ff7a8cfe1c zone (zone2 version 1.0.0)
    artifact: f896cf5b19ca85864d470ad8587f980218bff3954e7f52bbd999699cd0f9635b psc_sp (fake-psc-sp version 1.0.0)
    artifact: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b psc_rot_image_a (fake-psc-rot version 1.0.0)
    artifact: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b psc_rot_image_b (fake-psc-rot version 1.0.0)
    artifact: 005ea358f1cd316df42465b1e3a0334ea22cc0c0442cf9ddf9b42fbf49780236 psc_rot_bootloader (fake-psc-rot-bootloader version 1.0.0)
    artifact: ab32ec86e942e1a16c8d43ea143cd80dd05a9639529d3569b1c24dfa2587ee74 switch_sp (fake-switch-sp version 1.0.0)
    artifact: 04e4a7fdb84acca92c8fd3235e26d64ea61bef8a5f98202589fd346989c5720a switch_rot_image_a (fake-switch-rot version 1.0.0)
    artifact: 04e4a7fdb84acca92c8fd3235e26d64ea61bef8a5f98202589fd346989c5720a switch_rot_image_b (fake-switch-rot version 1.0.0)
    artifact: 005ea358f1cd316df42465b1e3a0334ea22cc0c0442cf9ddf9b42fbf49780236 switch_rot_bootloader (fake-switch-rot-bootloader version 1.0.0)

Depends on #8273.

Note that the vast, vast majority of the change here is in one test's expected stdout file.

plotnick and others added 30 commits April 29, 2025 11:59
@plotnick
Fix docstring for BlueprintZoneImageSource
17d9ae4
@plotnick
Plumb target release TUF repo through planner
a87f755
@plotnick
Plan zone updates from TUF repo
851128a
@plotnick
Plan according to RFD 565 §9
85e94bb
@plotnick
Don't update an already up-to-date zone
194a8a3
@plotnick
Don't trust inventory zones' image_source
50c1169
@plotnick
Fix failing tests
ad7103e
@plotnick
Rename datastore methods: update_tuf_* → tuf_*
55b8e0e
@plotnick
Fix typed UUID
a7c1e17
@plotnick
Rename ControlPlaneZone → NonNexusOmicronZone
57f7154
@plotnick
Simplify OrderedComponent logic
77b2156
@plotnick
Simplify out-of-date zone collection
e31fc60
@plotnick
Make planning error an error
7f1f522
@plotnick
Explicitly list which zone kinds get in-place updates
050933e
@plotnick
Uncomment test assertion
2daabf5
@plotnick
Type-safe fake-zone names
88733d2
@plotnick
Merge branch 'main' into plan-target-release
2e0ee41
@plotnick
Fix doc bug from renamed method
3ae171e
@plotnick
Merge branch 'main' into plan-target-release
499106a
@plotnick
Merge branch 'main' into plan-target-release
959e1e4
@plotnick
Refactor zone update readiness check
3611b42
@plotnick
Merge branch 'main' into plan-target-release
b2f09a3
@plotnick
Check zone image source in inventory
70edce7 
Also remove now-superfluous `OrderedComponent` enum.
@davepacheco
initial draft: planning SP, some pieces missing
29d2093
@davepacheco
add docs
38dc53a
@davepacheco
fix openapi
f28b929
@davepacheco
update comments based on review feedback
bd7bcd6
@davepacheco
review feedback
bf2ab7c
@davepacheco
Merge branch 'dap/sp-planning' into dap/sp-planning-real
a862939
@davepacheco
Merge remote-tracking branch 'origin/plan-target-release' into dap/sp…
7acf01d 
…-planning-real
@davepacheco
Merge remote-tracking branch 'origin/dap/reconfigurator-cli-set-sp-ve…
a43f561 
…rsions' into dap/reconfigurator-cli-tuf-repo
@davepacheco davepacheco marked this pull request as ready for review June 5, 2025 19:47
sunshowers
sunshowers reviewed Jun 6, 2025
View reviewed changes
dev-tools/reconfigurator-cli/tests/test-custom.rs
Comment on lines +18 to +21
// This test is special-cased because it requires custom setup (creating a TUF
// repo).
#[tokio::test]
async fn test_target_release() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW I'd consider changing the script function in test-scripts.rs to do this behavior if the path ends with target-release.txt.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I considered that at first and I do think it'd work. But it felt pretty ad hoc: "if this test has this name, then we know it needs this extra functionality, so go do it". It seemed clearer to me to be explicit, having a separate test that, from the top level, does the setup it needs and then invokes the common code. I could see this being uglier if we expect to have more tests like this. But if we go down that path, I still think it'd be clearer to use separate test functions that do separate things. e.g., I'd have separate test binaries for tests that need different behaviors. Each would have its own datatest harness that grabs the tests it covers. That seems more explicit than keying off the test filename from inside the test... but it's probably about the same either way.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, could go a few ways on this:

  • same datatest-stable invocation, different logic by file name
  • regular tests in another binary
  • different datatest-stable invocations

I don't have very strong opinions here so happy to defer to you and/or revise this later if we notice patterns.

sunshowers
sunshowers reviewed Jun 6, 2025
View reviewed changes
dev-tools/reconfigurator-cli/tests/input/target-release.txt
@@ -0,0 +1,68 @@
# Load example system
load-example --nsleds 3 --ndisks-per-sled 3
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since you're not testing any of the zone stuff, I believe, you may be able to make this diff much smaller by passing in --no-zones.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's true but I don't view the size of this file as a major problem. I'd rather minimize divergence from an ordinary system. I do think we should really make blueprint-diff skip over stuff that hasn't changed though.

davepacheco added 11 commits June 11, 2025 09:47
sunshowers
sunshowers approved these changes Jun 13, 2025
View reviewed changes
Copy link
Contributor

@sunshowers sunshowers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

dev-tools/reconfigurator-cli/tests/common/mod.rs
Comment on lines +28 to +29
// Turn the path into an absolute one, because we're going to set a custom
// cwd for the subprocess.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good idea!

dev-tools/reconfigurator-cli/tests/test-custom.rs
Comment on lines +18 to +21
// This test is special-cased because it requires custom setup (creating a TUF
// repo).
#[tokio::test]
async fn test_target_release() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, could go a few ways on this:

  • same datatest-stable invocation, different logic by file name
  • regular tests in another binary
  • different datatest-stable invocations

I don't have very strong opinions here so happy to defer to you and/or revise this later if we notice patterns.

Base automatically changed from dap/reconfigurator-cli-set-sp-versions to main June 13, 2025 20:50
@davepacheco davepacheco force-pushed the dap/reconfigurator-cli-tuf-repo branch from 58ac962 to 93c32ac Compare June 13, 2025 21:18
@davepacheco davepacheco enabled auto-merge (squash) June 13, 2025 22:32
@davepacheco davepacheco merged commit 77342f5 into main Jun 13, 2025
17 checks passed
@davepacheco davepacheco deleted the dap/reconfigurator-cli-tuf-repo branch June 13, 2025 23:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sunshowers sunshowers sunshowers approved these changes

@plotnick plotnick Awaiting requested review from plotnick

@jgallagher jgallagher Awaiting requested review from jgallagher

Assignees

@davepacheco davepacheco

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@davepacheco @sunshowers @plotnick