Add omdb support-bundle collect subcommand

Wires a new subcommand on omdb that calls into the
`support-bundle-collection` crate to gather a bundle locally. Unlike
the Nexus background task, this path does not register a row in the
`support_bundle` table, does not transfer the bundle to a sled
agent, and does not require Nexus to be up — it only needs CRDB,
internal DNS, MGS, and sled-agents reachable on the underlay.

This is intended for incident response: when Nexus is down (the most
important time to gather a bundle), an operator can still produce one
locally.

Author: smklein

Cargo.lock

@@ -19,6 +19,7 @@ base64.workspace = true
 bootstrap-agent-lockstep-client.workspace = true
 bytes.workspace = true
 camino.workspace = true
+camino-tempfile.workspace = true
 chrono.workspace = true
 clap.workspace = true
 clickhouse-admin-single-client.workspace = true
@@ -54,6 +55,7 @@ nexus-db-queries.workspace = true
 nexus-db-schema.workspace = true
 nexus-inventory.workspace = true
 nexus-lockstep-client.workspace = true
+nexus-networking.workspace = true
 nexus-reconfigurator-preparation.workspace = true
 nexus-saga-recovery.workspace = true
 nexus-types.workspace = true
@@ -83,6 +85,7 @@ slog.workspace = true
 slog-error-chain.workspace = true
 steno.workspace = true
 strum.workspace = true
+support-bundle-collection.workspace = true
 support-bundle-viewer.workspace = true
 supports-color.workspace = true
 tabled.workspace = true

dev-tools/omdb/Cargo.toml

@@ -58,6 +58,7 @@ mod oxql;
 mod reconfigurator;
 mod sled_agent;
 mod support_bundle;
+mod support_bundle_collect;
 
 fn main() -> Result<(), anyhow::Error> {
     sigpipe::reset();
@@ -83,6 +84,7 @@ async fn main_impl() -> Result<(), anyhow::Error> {
             reconfig.run_cmd(&args, &log).await
         }
         OmdbCommands::SledAgent(sled) => sled.run_cmd(&args, &log).await,
+        OmdbCommands::SupportBundle(sb) => sb.run_cmd(&args, &log).await,
         OmdbCommands::CrucibleAgent(crucible) => crucible.run_cmd(&args).await,
         OmdbCommands::CruciblePantry(crucible) => crucible.run_cmd(&args).await,
         OmdbCommands::ClickhouseAdmin(ch) => ch.run_cmd(&args, &log).await,
@@ -297,6 +299,8 @@ enum OmdbCommands {
     Reconfigurator(reconfigurator::ReconfiguratorArgs),
     /// Debug a specific Sled
     SledAgent(sled_agent::SledAgentArgs),
+    /// Collect or inspect a support bundle
+    SupportBundle(support_bundle_collect::SupportBundleArgs),
 }
 
 fn parse_dropshot_log_level(

dev-tools/omdb/src/bin/omdb/main.rs

@@ -0,0 +1,171 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+//! `omdb support-bundle collect` — collect a support bundle locally,
+//! without going through Nexus.
+//!
+//! Unlike the Nexus background task, this path:
+//!
+//! - Does not register a row in the `support_bundle` table.
+//! - Does not transfer the resulting bundle to a sled-agent for durable
+//!   storage. The zip is written to a local file path.
+//! - Does not require Nexus to be up. It only needs CRDB, internal
+//!   DNS, MGS, and the rack's sled-agents reachable on the underlay.
+//!
+//! This is intended for incident response, where the operator may need
+//! to collect a bundle precisely because Nexus is unhealthy.
+
+use crate::Omdb;
+use crate::db::DbUrlOptions;
+use anyhow::Context;
+use camino::Utf8PathBuf;
+use camino_tempfile::tempdir_in;
+use clap::Args;
+use clap::Subcommand;
+use nexus_db_queries::context::OpContext;
+use nexus_db_queries::db::DataStore;
+use nexus_types::support_bundle::BundleDataSelection;
+use omicron_uuid_kinds::SupportBundleUuid;
+use std::io::Seek;
+use std::io::SeekFrom;
+use std::sync::Arc;
+use support_bundle_collection::BundleCollection;
+use support_bundle_collection::BundleInfo;
+use support_bundle_collection::zip::bundle_to_zipfile;
+
+/// Arguments to the "omdb support-bundle" subcommand
+#[derive(Debug, Args)]
+pub struct SupportBundleArgs {
+    #[command(subcommand)]
+    command: SupportBundleCommands,
+}
+
+#[derive(Debug, Subcommand)]
+enum SupportBundleCommands {
+    /// Collect a support bundle without involving Nexus.
+    ///
+    /// Connects directly to CockroachDB, internal DNS, MGS, and the
+    /// rack's sled-agents — none of which depend on Nexus being up.
+    /// The bundle is written to a local zip file. No row is created
+    /// in the `support_bundle` table.
+    Collect(CollectArgs),
+}
+
+#[derive(Debug, Args)]
+struct CollectArgs {
+    #[command(flatten)]
+    db_url_opts: DbUrlOptions,
+
+    /// Path where the resulting bundle zip will be written.
+    #[clap(long, short = 'o')]
+    output: Utf8PathBuf,
+
+    /// Reason recorded inside the bundle's metadata.
+    #[clap(long, default_value = "collected via omdb")]
+    reason: String,
+
+    /// Directory to use for staging the bundle contents before zipping.
+    #[clap(long, default_value = "/var/tmp")]
+    tempdir: Utf8PathBuf,
+}
+
+impl SupportBundleArgs {
+    pub async fn run_cmd(
+        &self,
+        omdb: &Omdb,
+        log: &slog::Logger,
+    ) -> anyhow::Result<()> {
+        match &self.command {
+            SupportBundleCommands::Collect(args) => args.run(omdb, log).await,
+        }
+    }
+}
+
+impl CollectArgs {
+    async fn run(&self, omdb: &Omdb, log: &slog::Logger) -> anyhow::Result<()> {
+        self.db_url_opts
+            .with_datastore(omdb, log, async |opctx, datastore| {
+                self.collect(omdb, log, opctx, datastore).await
+            })
+            .await
+    }
+
+    async fn collect(
+        &self,
+        omdb: &Omdb,
+        log: &slog::Logger,
+        opctx: OpContext,
+        datastore: Arc<DataStore>,
+    ) -> anyhow::Result<()> {
+        let resolver = omdb.dns_resolver(log.clone()).await?;
+
+        let bundle = BundleInfo {
+            id: SupportBundleUuid::new_v4(),
+            reason_for_creation: self.reason.clone(),
+        };
+        let bundle_log = log.new(slog::o!("bundle" => bundle.id.to_string()));
+        eprintln!("Collecting support bundle {}", bundle.id);
+
+        let collection = Arc::new(BundleCollection::new(
+            datastore,
+            resolver,
+            bundle_log,
+            opctx,
+            BundleDataSelection::all(),
+            bundle,
+        ));
+
+        // Wire Ctrl-C to cancel the in-flight collection.
+        let cancel_handle = tokio::spawn({
+            let token = collection.cancellation_token().clone();
+            async move {
+                let _ = tokio::signal::ctrl_c().await;
+                eprintln!("\nCtrl-C received — cancelling bundle collection.");
+                token.cancel();
+            }
+        });
+
+        let dir = tempdir_in(&self.tempdir).with_context(|| {
+            format!("creating temp dir under {}", self.tempdir)
+        })?;
+        let collect_result = collection.collect_bundle_locally(&dir).await;
+        cancel_handle.abort();
+        let _ = cancel_handle.await;
+        let report = collect_result?;
+
+        let zip_tempdir = self.tempdir.clone();
+        let output = self.output.clone();
+        tokio::task::spawn_blocking(move || -> anyhow::Result<()> {
+            let mut tempfile = bundle_to_zipfile(&dir, &zip_tempdir)?;
+            tempfile.seek(SeekFrom::Start(0))?;
+            let mut out = std::fs::File::create(&output)
+                .with_context(|| format!("creating {output}"))?;
+            std::io::copy(&mut tempfile, &mut out)?;
+            Ok(())
+        })
+        .await
+        .context("zip task panicked")??;
+
+        eprintln!("Wrote bundle to {}", self.output);
+        eprintln!("{} steps executed:", report.steps.len());
+        for step in &report.steps {
+            let dur = step.end - step.start;
+            eprintln!(
+                "  {:>9}ms  {:?}  {}",
+                dur.num_milliseconds(),
+                step.status,
+                step.name,
+            );
+        }
+        if let Some(ereports) = &report.ereports {
+            eprintln!(
+                "ereports: {} found, {} collected, {} errors",
+                ereports.n_found,
+                ereports.n_collected,
+                ereports.errors.len(),
+            );
+        }
+        Ok(())
+    }
+}

dev-tools/omdb/src/bin/omdb/support_bundle_collect.rs

@@ -19,6 +19,7 @@ Commands:
   oxql              Enter the Oximeter Query Language shell for interactive querying
   reconfigurator    Interact with the Reconfigurator system
   sled-agent        Debug a specific Sled
+  support-bundle    Collect or inspect a support bundle
   help              Print this message or the help of the given subcommand(s)
 
 Options:
@@ -54,6 +55,7 @@ Commands:
   oxql              Enter the Oximeter Query Language shell for interactive querying
   reconfigurator    Interact with the Reconfigurator system
   sled-agent        Debug a specific Sled
+  support-bundle    Collect or inspect a support bundle
   help              Print this message or the help of the given subcommand(s)
 
 Options:

dev-tools/omdb/tests/usage_errors.out

@@ -408,8 +408,7 @@ impl SupportBundleCollector {
         // to drain in-flight work and return.
         let cancel_task = tokio::spawn({
             let datastore = self.datastore.clone();
-            let cancel_opctx =
-                opctx.child(std::collections::BTreeMap::new());
+            let cancel_opctx = opctx.child(std::collections::BTreeMap::new());
             let token = collection.cancellation_token().clone();
             let log = bundle_log.clone();
             let bundle_id = bundle.id;
@@ -495,13 +494,9 @@ impl SupportBundleCollector {
             .datastore
             .zpool_get_sled_if_in_service(opctx, bundle.zpool_id.into())
             .await?;
-        let sled_client = nexus_networking::sled_client(
-            &self.datastore,
-            opctx,
-            sled_id,
-            log,
-        )
-        .await?;
+        let sled_client =
+            nexus_networking::sled_client(&self.datastore, opctx, sled_id, log)
+                .await?;
 
         let zpool = ZpoolUuid::from(bundle.zpool_id);
         let dataset = DatasetUuid::from(bundle.dataset_id);
@@ -610,8 +605,7 @@ async fn check_for_cancellation(
 
         match datastore.support_bundle_get(&opctx, bundle_id).await {
             Ok(SupportBundle {
-                state: SupportBundleState::Collecting,
-                ..
+                state: SupportBundleState::Collecting, ..
             }) => {
                 // Bundle still collecting; continue...
                 continue;
@@ -700,7 +694,6 @@ impl BackgroundTask for SupportBundleCollector {
 mod test {
     use super::*;
 
-    use support_bundle_collection::perfetto;
     use crate::app::support_bundles::SupportBundleQueryType;
     use http_body_util::BodyExt;
     use nexus_db_model::PhysicalDisk;
@@ -731,6 +724,7 @@ mod test {
     };
     use sled_agent_types::inventory::ZpoolHealth;
     use std::num::NonZeroU64;
+    use support_bundle_collection::perfetto;
     use uuid::Uuid;
 
     type ControlPlaneTestContext =

nexus/src/app/background/tasks/support_bundle_collector.rs

@@ -76,10 +76,8 @@ async fn save_ereports(
     dir: Utf8PathBuf,
     status: &mut SupportBundleEreportStatus,
 ) -> anyhow::Result<()> {
-    let mut paginator = Paginator::new(
-        datastore::SQL_BATCH_SIZE,
-        PaginationOrder::Ascending,
-    );
+    let mut paginator =
+        Paginator::new(datastore::SQL_BATCH_SIZE, PaginationOrder::Ascending);
     while let Some(p) = paginator.next() {
         let pagparams = p.current_pagparams();
         let ereports = tokio::select! {

support-bundle-collection/src/steps/ereports.rs

@@ -8,13 +8,13 @@
 //! the directory of collected data — both Nexus (for storing on a sled
 //! agent) and omdb (for writing to local storage).
 
+use ::zip::ZipWriter;
+use ::zip::write::FullFileOptions;
 use anyhow::Result;
 use camino::Utf8DirEntry;
 use camino::Utf8Path;
 use camino_tempfile::Utf8TempDir;
 use camino_tempfile::tempfile_in;
-use ::zip::ZipWriter;
-use ::zip::write::FullFileOptions;
 
 /// Takes the contents of `dir`, and zips them into a single zipfile
 /// stored as a tempfile under `tempdir`.