NTP self assembling zone #5168
NTP self assembling zone #5168
Conversation
|
For the DNS configuration, definitely take a look at https://github.com/oxidecomputer/omicron/blob/main/sled-agent/src/services.rs#L1396-L1429 which does this via the existing |
|
Thanks @citrus-it! I'll take a look |
|
I've tested manually on a Helios box and all services are up and running. $ tail -n 1000000 $(svcs -L sled-agent) | grep "Profile for oxz_ntp" | looker
04:16:09.669Z INFO SledAgent (ServiceManager): Profile for oxz_ntp_a6d6b18d-aff0-47db-8bb6-9dac0b6e66a4:
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="omicron">
<service version="1" type="service" name="oxide/zone-network-setup">
<property_group type="application" name="config">
<propval type="astring" name="datalink" value="oxControlService4"/>
<propval type="astring" name="gateway" value="fd00:1122:3344:101::1"/>
<propval type="astring" name="static_addr" value="fd00:1122:3344:101::1b"/>
</property_group>
<instance enabled="true" name="default">
</instance>
</service>
<service version="1" type="service" name="network/ssh">
<instance enabled="false" name="default">
</instance>
</service>
<service version="1" type="service" name="network/dns/install">
<property_group type="application" name="install_props">
<property type="net_address" name="nameserver">
<net_address_list>
<value_node value="1.1.1.1" />
<value_node value="9.9.9.9" />
</net_address_list>
</property>
</property_group>
<instance enabled="true" name="default">
</instance>
</service>
<service version="1" type="service" name="network/dns/client">
<instance enabled="true" name="default">
</instance>
</service>
<service version="1" type="service" name="oxide/ntp">
<instance enabled="true" name="default">
<property_group type="application" name="config">
<propval type="astring" name="allow" value="fd00:1122:3344:100::/56"/>
<propval type="boolean" name="boundary" value="true"/>
<propval type="astring" name="server" value="0.pool.ntp.org"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="oxide/opte-interface-setup">
<property_group type="application" name="config">
<propval type="astring" name="interface" value="vopte0"/>
<propval type="astring" name="gateway" value="172.30.3.1"/>
<propval type="astring" name="ip" value="172.30.3.5"/>
</property_group>
<instance enabled="true" name="default">
</instance>
</service>
</service_bundle>
file = sled-agent/src/profile.rs:34root@oxz_ntp_a6d6b18d:~# svcs -a | grep dns
disabled 4:16:11 svc:/network/dns/multicast:default
disabled 4:16:14 svc:/network/dns/install:default
online 4:16:14 svc:/network/dns/client:default
root@oxz_ntp_a6d6b18d:~# svcs -a | grep oxide
online 4:16:15 svc:/oxide/zone-network-setup:default
online 4:16:15 svc:/oxide/ntp:default
online 4:16:21 svc:/oxide/opte-interface-setup:default
root@oxz_ntp_a6d6b18d:~# cat /etc/resolv.conf
nameserver 1.1.1.1
nameserver 9.9.9.9That said, I can only deploy single sled packages, which means I have not been able to manually test Internal NTP zones. @smklein Should this be tested directly on dogfood or is testing somewhere like madrid enough? I'm not sure about the availability of madrid :/ I've still got the unit tests to get sorted, but figured I'd set this as ready to review for now |
There was a problem hiding this comment.
This ended up being a lot less invasive than I expected, which is a good indication that the framework is right.
I had a small number of comments. Some of these are on pre-existing bits which you are just moving around, but it's a good opportunity to firm some things up.
|
Thanks @citrus-it ! I think I've addressed your comments and here are the updated self assembling zones: root@oxz_cockroachdb_dedb2b05:~# svcs -a | grep dns
disabled 3:28:53 svc:/network/dns/multicast:default
disabled 3:28:57 svc:/network/dns/install:default
online 3:28:56 svc:/network/dns/client:default
root@oxz_crucible_0f35b386:~# svcs -a | grep dns
disabled 3:29:53 svc:/network/dns/install:default
disabled 3:29:54 svc:/network/dns/multicast:default
disabled 3:30:08 svc:/network/dns/client:default
root@oxz_oximeter_7a6f2330:~# svcs -a | grep dns
disabled 3:29:54 svc:/network/dns/install:default
disabled 3:29:56 svc:/network/dns/multicast:default
disabled 3:30:08 svc:/network/dns/client:default
root@oxz_crucible_pantry_271b260d:~# svcs -a | grep dns
disabled 3:30:01 svc:/network/dns/install:default
disabled 3:30:03 svc:/network/dns/multicast:default
disabled 3:30:12 svc:/network/dns/client:default
root@oxz_external_dns_5d69e2a7:~# svcs -a | grep dns
disabled 3:30:02 svc:/network/dns/install:default
disabled 3:30:02 svc:/network/dns/multicast:default
disabled 3:30:13 svc:/network/dns/client:default
online 3:30:19 svc:/oxide/external_dns:default
root@oxz_ntp_9c8cb92e:~# svcs -a | grep dns
disabled 3:28:18 svc:/network/dns/multicast:default
disabled 3:28:21 svc:/network/dns/install:default
online 3:28:21 svc:/network/dns/client:default
root@oxz_clickhouse_405b48f6:~# svcs -a | grep dns
disabled 3:30:10 svc:/network/dns/multicast:default
disabled 3:30:29 svc:/network/dns/install:default
online 3:30:29 svc:/network/dns/client:default
Yeah! I was very pleasantly surprised. I'll probably extract the svc-site-ntp script into zone-network cli commands in a follow up PR though. I want to remove as many scripts as possible :) |
|
Gargh, now the job is failing with |
|
Hmmm... Looks like the tests are creating a temp directory, and |
|
This should work 🤞 |
Related #1898