-
Notifications
You must be signed in to change notification settings - Fork 91
ls-apis needs to detect cycles in dependency unit graph #9707
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
dfb34d4
172dfef
d133557
5e04994
d714b7d
0e08578
c74b429
c2e885a
b7ac647
9103432
591a205
66a2c18
58e20d3
6d11b14
af29995
b742226
5916ad6
a25117a
d4dae9c
42cfff2
6fca775
9ff04d2
3c13a2e
21716da
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -181,10 +181,18 @@ versioned_how_reason = "depends on itself (i.e., instances call each other)" | |
| client_package_name = "bootstrap-agent-lockstep-client" | ||
| label = "Bootstrap Agent Lockstep API" | ||
| server_package_name = "bootstrap-agent-lockstep-api" | ||
| versioned_how = "server" | ||
| versioned_how = "client" | ||
| versioned_how_reason = "wicketd can wind up calling into sled agent on different sleds" | ||
| notes = """ | ||
| Lockstep API for rack initialization. Only used by wicketd, which is in the \ | ||
| same deployment unit (Host OS) as the sled-agent that exposes this API. | ||
| Lockstep API for rack initialization. Only used by wicketd. Generally | ||
| speaking, Wicketd only talks to the sled agent on the same sled, which is in the | ||
| same deployment unit as Wicketd itself (host OS). However, it may pick a | ||
| different one if for some reason the local baseboard information is not | ||
| available. | ||
|
|
||
| Either way, none of this matters for API versioning or software update because | ||
| we expect that during rack initialization, all components are running the same | ||
| system release. | ||
| """ | ||
|
|
||
| [[apis]] | ||
|
|
@@ -612,3 +620,230 @@ note = """ | |
| Sled Agent uses the Crucible Agent client types only, and only in the simulated | ||
| sled agent. | ||
| """ | ||
|
|
||
| ################################################################################ | ||
| # Intra-deployment-unit-only edges | ||
| # | ||
| # These edges are excluded from the deployment unit dependency graph because | ||
| # they represent communication that only happens locally within a *single | ||
| # instance* of a single deployment unit, not across deployment unit boundaries. | ||
| # A single deployment unit is updated atomically, so there's no risk of version | ||
| # skew with intra_deployment_unit-only edges. | ||
| # | ||
| # Note that things do not belong here when they cross different instances of the | ||
| # same deployment unit. For example, Sled Agent and MGS are in the same | ||
| # deployment unit (the host OS), but Sled Agent's use of MGS crosses different | ||
| # instances of the deployment unit (i.e., different sleds). Those don't belong | ||
| # in this category. | ||
| ################################################################################ | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "ddmd" | ||
| client = "dpd-client" | ||
| note = """ | ||
| ddmd runs in both the global zone and the switch zone. The switch zone is | ||
| configured with dpd_host=[::1] (services.rs:3127). The global zone configures | ||
| "dendrite" to false, meaning it does not expose a dendrite server | ||
| (ddm/manifest.xml:25). | ||
| """ | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/services.rs#L3127", | ||
| "https://github.com/oxidecomputer/maghemite/blob/396bb3c/smf/ddm/manifest.xml#L25", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "dpd" | ||
| client = "gateway-client" | ||
|
Collaborator
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Looking at the referenced source: it looks like someone could override this by providing a CLI argument to (I'd do this as a follow up and just mention it in the Edit: maybe a simpler solution would be to remove these from the SMF start script, if that's possible? I noticed that the mgd -> dendrite dependency looks similar (can be overridden by a CLI argument), but the method script doesn't ever set the |
||
| note = """ | ||
| dpd defaults to [::1]:MGS_PORT (switch_identifiers.rs:60), and the SMF start | ||
| script doesn't pass in --mgs-address. The comment also explains that it | ||
| explicitly wants the local MGS and this can only be overridden for testing. | ||
| """ | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/dendrite/blob/606c0be/dpd/src/switch_identifiers.rs#L60", | ||
| "https://github.com/oxidecomputer/dendrite/blob/606c0be/dpd/misc/dpd.xml", | ||
| "https://github.com/oxidecomputer/dendrite/blob/606c0be/tools/svc-dpd", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "lldpd" | ||
| client = "dpd-client" | ||
| note = """ | ||
| lldpd defaults to localhost for dpd (dendrite.rs:194), and the SMF start | ||
| script doesn't pass in --host. | ||
| """ | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/lldp/blob/61479b6/lldpd/src/dendrite.rs#L194", | ||
| "https://github.com/oxidecomputer/lldp/blob/61479b6/lldpd/misc/lldpd.xml", | ||
| "https://github.com/oxidecomputer/lldp/blob/61479b6/lldpd/misc/svc-lldpd", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "lldpd" | ||
| client = "gateway-client" | ||
| note = """ | ||
| lldpd defaults to localhost for gateway (main.rs:194), and the SMF start | ||
| script doesn't override it. | ||
| """ | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/lldp/blob/d22509dfdb051321b859e924948605115691b93c/lldpd/src/main.rs#L148-L154", | ||
| "https://github.com/oxidecomputer/lldp/blob/d22509dfdb051321b859e924948605115691b93c/lldpd/misc/svc-lldpd", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "mgd" | ||
| client = "ddm-admin-client" | ||
| note = "mg-lower hardcodes localhost:8000." | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/maghemite/blob/396bb3c/mg-lower/src/ddm.rs#L110", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "mgd" | ||
| client = "dpd-client" | ||
| note = "mg-lower hardcodes localhost." | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/maghemite/blob/396bb3c/mg-lower/src/dendrite.rs#L491", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "mgd" | ||
| client = "gateway-client" | ||
| note = """ | ||
| mgd defaults to [::1]:12225 (mgd main.rs:93), and the SMF start script | ||
| doesn't set --mgs-addr. | ||
| """ | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/maghemite/blob/396bb3c/mgd/src/main.rs#L93", | ||
| "https://github.com/oxidecomputer/maghemite/blob/396bb3c/smf/mgd/manifest.xml", | ||
| "https://github.com/oxidecomputer/maghemite/blob/396bb3c/smf/mgd_method_script.sh", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "omicron-sled-agent" | ||
| client = "ddm-admin-client" | ||
| note = "Sled Agent uses Client::localhost() to connect to ddm." | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/ddm_reconciler.rs#L56", | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/bootstrap/bootstore_setup.rs#L92", | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/rack_setup/service.rs#L1086", | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/sled_agent.rs#L1378", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "omicron-sled-agent" | ||
| client = "mg-admin-client" | ||
| note = """ | ||
| Sled Agent only queries the switch zone on the same sled, | ||
| which is within the same deployment unit as the global | ||
| zone. | ||
| """ | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/bootstrap/early_networking.rs#L483", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "omicron-sled-agent" | ||
| client = "propolis-client" | ||
| note = """ | ||
| Only queries the Propolis server on the same sled, so Propolis is in the | ||
| same deployment unit. | ||
| """ | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/instance.rs#L2283", | ||
| ] | ||
|
|
||
| # NOTE: The following sled-agent edges are bugs: they cross deployment units. | ||
| # They are kept here to avoid breaking the build, but need to be fixed, either | ||
| # through client-side versioning or by some other means. | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "omicron-sled-agent" | ||
| client = "gateway-client" | ||
| note = """ | ||
| BUG: Sled Agent creates two MGS clients. One of them | ||
| (early_networking.rs:376) queries the switch zone on | ||
| the same sled, which is within the same deployment unit | ||
| as the global zone, so this is okay. | ||
|
|
||
| The other one (early_networking.rs:277) queries both | ||
| switch zones, so it crosses deployment units. This needs | ||
| to be fixed. | ||
|
|
||
| Reference: https://github.com/oxidecomputer/omicron/issues/9708 | ||
| """ | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/bootstrap/early_networking.rs#L376", | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/bootstrap/early_networking.rs#L277-L280", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "omicron-sled-agent" | ||
| client = "dpd-client" | ||
| note = """ | ||
| BUG: Sled Agent creates two DPD clients. One of them (early_networking.rs:419) | ||
| is always to the switch zone on the same sled, which is in the same deployment | ||
| unit. | ||
|
|
||
| The other one (services.rs:1090) queries both switch zones, so it crosses | ||
| deployment units. This needs to be fixed. | ||
|
|
||
| Reference: https://github.com/oxidecomputer/omicron/issues/9708 | ||
| """ | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/bootstrap/early_networking.rs#L419", | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/services.rs#L1090", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "tfportd" | ||
| client = "dpd-client" | ||
| note = """ | ||
| The tfportd service has the dpd_host SMF property (tfport.xml:52) set to [::1] | ||
| (services.rs:2852). tfportd has a --dpd-host option (main.rs:81) but the SMF | ||
| start script (svc-tfportd:12) does not use it. | ||
| """ | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/services.rs#L2852", | ||
| "https://github.com/oxidecomputer/dendrite/blob/606c0be/tfportd/misc/tfport.xml#L52-L53", | ||
| "https://github.com/oxidecomputer/dendrite/blob/cf31be9/tfportd/src/main.rs#L81-L83", | ||
| "https://github.com/oxidecomputer/dendrite/blob/606c0be/tools/svc-tfportd#L12", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "tfportd" | ||
| client = "lldpd-client" | ||
| note = "tfportd hardcodes localhost for its lldpd-client (tfport.rs:88)." | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/dendrite/blob/606c0be/tfportd/src/tfport.rs#L88", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "wicketd" | ||
| client = "ddm-admin-client" | ||
| note = "wicketd uses DdmAdminClient::localhost() (bootstrap_addrs.rs:162)." | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/wicketd/src/bootstrap_addrs.rs#L162", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "wicketd" | ||
| client = "dpd-client" | ||
| note = "wicketd hardcodes [::1] (uplink.rs:83)." | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/wicketd/src/preflight_check/uplink.rs#L83", | ||
| ] | ||
|
|
||
| [[intra_deployment_unit_only_edges]] | ||
| server = "wicketd" | ||
| client = "gateway-client" | ||
| note = """ | ||
| wicketd's mgs-address config (wicketd.rs:35) is always set to [::1] | ||
| (services.rs:2586). This config is passed into wicketd at startup | ||
| (manifest.xml:20). | ||
| """ | ||
| permalinks = [ | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/sled-agent/src/services.rs#L2685-L2689", | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/wicketd/src/bin/wicketd.rs#L35", | ||
| "https://github.com/oxidecomputer/omicron/blob/6cef874/smf/wicketd/manifest.xml#L20", | ||
| ] | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@internet-diglett or @rcgoodfellow: when you get a minute, can you confirm our understanding here? it looks like ddmd in the GZ never talks to dpd and ddmd in the switch zone only ever talks to its own localhost. Does that sound right? We're just trying to understand these relationships to understand the upgrade impact when these APIs change.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's correct.
If this is referring to dpd specifically then yes. However, ddmd in the switch zone will talk to other global zone ddmd instances on other sleds.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @rcgoodfellow:
definitely sounds like something I missed. Where do those calls happen?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, we were just talking about ddmd talking to dpd via OpenAPI. @rcgoodfellow I think you're talking about a non-OpenAPI interface, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah. The ddm to ddm comms are a bit odd. Ddm instances communicate over IPv6 link-local addresses which means we cannot use progenitor clients. At least the last time I looked progenitor was using a set of libraries that depend on the
urlcrate, and that crate has decided that scoped IPv6 link local communication is out of its scope. So while ddm does have a dropshot-based API for these comms, we use a hyper-based client.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rcgoodfellow could you link to the code which does that when you have a chance? Also, do we pass in an
api-versionheader today? I ranrg -i api-versionin dendrite and didn't see any results.Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. Here is some hyper client code. Here are the corresponding dropshot server handlers.
Versions are determined via discovery packets that are exchanged over link-local multicast.
There is not currently an api-version header. The versions are explicitly in the path.