[sled-agent] Separate CockroachDB "start" from CockroachDB "init" #2954
Conversation
…zones, zone_name -> zone_type, config -> ledger
smklein
changed the title
smklein
added
Sled Agent
## Before this PR Running on rack2 and calling `omicron-package uninstall` would involve a fatal termination of the connection, as it would delete the `cxgbe0/ll` and `cxgbe1/ll` IP addresses necessary for contacting the sled. ## After this PR Those addresses are left alone. This is pretty useful for development, as it allows us to run `uninstall` to cleanly wipe a Gimlet, preparing it for future "clean installs".
|
I've taken on this PR. The biggest change I've made so far here is that previously, when provisioning a CockroachDB zone, Sled Agent would look up the Cockroach service in DNS, take the addresses it found, and write those into SMF properties. Then the start method would pull those out and use those as the "join" addresses so that Cockroach can find the other nodes in its cluster. The problem with this is that there's nothing to keep those addresses in sync with what's in DNS (which is the source of truth about who's in the cluster). Instead, I've added some code to configure DNS in the CockroachDB zones (using the dns/install SMF service provided by illumos, which I didn't previously know about!) and then use that in the start method to locate the CockroachDB nodes. It's worth mentioning explicitly that we've designed internal DNS to be able to start without any external runtime dependencies, including CockroachDB (see RFD 248), which means that using DNS here should not cause a problem for cold boot. As I write this, though, I realize that using There's another bit of this I'm a little worried about, which is exposing an API in sled agent to initialize the CockroachDB cluster. That seems a little dangerous and also overkill since we only ever intend to do this once, and only before the control plane is initialized. I considered changing this to instead have RSS pass configuration to an SMF service which would do this. The problem is that there's not a great way to propagate success/failure information back to RSS so that it can decide whether to proceed (or, I guess, burn down the world and try again). I'm going to defer fixing this for now because we really need to start playing with multi-node CockroachDB. |
I originally thought it made sense to put this into "internal-dns" since it's a straightforward CLI that goes with the library exposed by "internal-dns". But it doesn't work due to a few surprising behaviors: - To ship "dnswait", we'd need to build its parent Rust package as an Omicron package. omicron-package requires that the Omicron package name be "internal-dns" if it's going to come from building the "internal-dns" Rust package. - "omicron-package" does some Cargo operation based on packages in Cargo.lock. - Omicron actually has _two_ different "internal-dns" packages in Cargo.lock: one from the local workspace, and one from the copy of Propolis that pulls in the latest Omicron "main". As a result, we cannot package up "dnswait" (or any other Rust binary) if it's in a package in the workspace that's also depended-on by something else external to Omicron (like Propolis) in the workspace.
sled-agent/src/services.rs
Outdated
| // Note that when we configure the dns/install service, we're | ||
| // supplying values for an existing property group on the SMF | ||
| // *service*. We're not creating a new property group, nor are | ||
| // we configuring a property group on the instance.t by default. |
There was a problem hiding this comment.
| // we configuring a property group on the instance.t by default. | |
| // we configuring a property group on the instance by default. |
| JOIN_ADDRS="$(/opt/oxide/internal-dns-cli/bin/dnswait cockroach \ | ||
| | head -n 5 \ | ||
| | tr '\n' ,)" |
There was a problem hiding this comment.
Nice, I like this solution. Thanks for fitting everything into the "self-assembling zone" approach -- it's neat that we can now refresh all our service info by simply restarting the CRDB service.
| /// Initializes a CockroachDB cluster | ||
| #[endpoint { | ||
| method = POST, | ||
| path = "/cockroachdb", | ||
| }] | ||
| async fn cockroachdb_init( | ||
| rqctx: RequestContext<SledAgent>, | ||
| ) -> Result<HttpResponseUpdatedNoContent, HttpError> { | ||
| let sa = rqctx.context(); | ||
| sa.cockroachdb_initialize().await?; | ||
| Ok(HttpResponseUpdatedNoContent()) | ||
| } | ||
|
|
There was a problem hiding this comment.
Agreed with your comment that "this is sketchy, and it would be cool to not have it".
It seems like it could also be possible to have the method script auto-initialize the DB if it's empty, but that seems like it could raise other problems.
All that said, this approach is probably good enough to last a while.
| @@ -1074,6 +1085,40 @@ impl ServiceManager { | |||
| let Some(info) = self.inner.sled_info.get() else { | |||
| return Err(Error::SledAgentNotReady); | |||
| }; | |||
|
|
|||
| // We want to configure the dns/install SMF service inside the | |||
There was a problem hiding this comment.
Should we pull this out into a separate method? I'd be shocked if this was the only service for which we wanted to populate /etc/resolv.conf.
(I mean, arguably, shouldn't we populate basically all our services with /etc/resolv.conf?)
There was a problem hiding this comment.
I do think we should do this, but it's more complicated to use it:
#2122 (comment)
so I'd like to defer it for now.
| @@ -0,0 +1,98 @@ | |||
| // This Source Code Form is subject to the terms of the Mozilla Public | |||
There was a problem hiding this comment.
Just to make sure I'm clear - the main reason for using this instead of dig +short <name> is the timeout?
There was a problem hiding this comment.
Yeah, I had dig at first, but I realized it will only try a handful of times and only wait a few seconds, and you can't tell from its exit status that it's failed. I needed something that's going to retry an arbitrary number of times, waits until it finds some results, too, and if it's going to fail, fails clearly.
There was a problem hiding this comment.
Not for this PR, but maybe it makes sense to move this utility into the omicron-brand zone alongside some of the other network setup that might be more general? Seems a bit like a pain-in-the-butt to manually package it into each zone that could need it
|
I've gone ahead and enabled auto-merge: however one accounts this, @smklein both worked on this and both reviewed it. |
This is a necessary part of #727
History
sqlusingdbinit.sqlomicron/sled-agent/src/storage_manager.rs
Lines 372 to 394 in 9f31e37
StorageManager#2946 this was changed to just "unconditionally format during zone initialization", which is wrong, but was a holdover for...This PR
POST /cockroachdb_initendpoint exposed by the sled agent.