diff --git a/dev-tools/reconfigurator-cli/src/lib.rs b/dev-tools/reconfigurator-cli/src/lib.rs index a2578586dc4..a00c805bf5e 100644 --- a/dev-tools/reconfigurator-cli/src/lib.rs +++ b/dev-tools/reconfigurator-cli/src/lib.rs @@ -2085,9 +2085,15 @@ fn cmd_sled_update_install_dataset( let mut state = sim.current_state().to_mut(); let system = state.system_mut(); let sled_id = args.sled_id.to_sled_id(system.description())?; - system - .description_mut() - .sled_set_zone_manifest(sled_id, description.to_boot_inventory())?; + system.description_mut().sled_set_zone_manifest( + sled_id, + description.to_zone_boot_inventory(), + )?; + + system.description_mut().sled_set_measurement_manifest( + sled_id, + description.to_measurement_boot_inventory(), + )?; sim.commit_and_bump( format!( @@ -3463,6 +3469,9 @@ fn mupdate_source_to_description( let description = extract_tuf_repo_description(&sim.log, repo_path)?; let mut sim_source = SimTufRepoSource::new( description, + // We might consider having these be different for testing purposes + // but for now having them be the same is fine + manifest_source, manifest_source, format!("from repo at {repo_path}"), )?; @@ -3486,6 +3495,7 @@ fn mupdate_source_to_description( let mut sim_source = SimTufRepoSource::new( desc.clone(), manifest_source, + manifest_source, "to target release".to_owned(), )?; sim_source.simulate_zone_errors(&source.with_zone_error)?; diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout index 50a4e57efb8..0d766b8b50c 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout @@ -432,8 +432,9 @@ LEDGERED SLED CONFIG measurement manifest: path on boot disk: /fake/path/install/zones.json boot disk inventory: - manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) - no artifacts in install dataset (this should only be seen in simulated systems) + manifest generated by sled-agent + artifacts in install dataset: + - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-nexus-generation-autobump-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-nexus-generation-autobump-stdout index ec8785ca93d..5fc8aa1f538 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-nexus-generation-autobump-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-nexus-generation-autobump-stdout @@ -706,8 +706,9 @@ LEDGERED SLED CONFIG measurement manifest: path on boot disk: /fake/path/install/zones.json boot disk inventory: - manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) - no artifacts in install dataset (this should only be seen in simulated systems) + manifest generated by sled-agent + artifacts in install dataset: + - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json @@ -893,8 +894,9 @@ LEDGERED SLED CONFIG measurement manifest: path on boot disk: /fake/path/install/zones.json boot disk inventory: - manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) - no artifacts in install dataset (this should only be seen in simulated systems) + manifest generated by sled-agent + artifacts in install dataset: + - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json @@ -1080,8 +1082,9 @@ LEDGERED SLED CONFIG measurement manifest: path on boot disk: /fake/path/install/zones.json boot disk inventory: - manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) - no artifacts in install dataset (this should only be seen in simulated systems) + manifest generated by sled-agent + artifacts in install dataset: + - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout index f8daf973aa8..6d3bb40b041 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout @@ -693,8 +693,9 @@ LEDGERED SLED CONFIG measurement manifest: path on boot disk: /fake/path/install/zones.json boot disk inventory: - manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) - no artifacts in install dataset (this should only be seen in simulated systems) + manifest generated by sled-agent + artifacts in install dataset: + - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json @@ -880,8 +881,9 @@ LEDGERED SLED CONFIG measurement manifest: path on boot disk: /fake/path/install/zones.json boot disk inventory: - manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) - no artifacts in install dataset (this should only be seen in simulated systems) + manifest generated by sled-agent + artifacts in install dataset: + - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json @@ -1067,8 +1069,9 @@ LEDGERED SLED CONFIG measurement manifest: path on boot disk: /fake/path/install/zones.json boot disk inventory: - manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) - no artifacts in install dataset (this should only be seen in simulated systems) + manifest generated by sled-agent + artifacts in install dataset: + - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-unsafe-zone-mgs-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-unsafe-zone-mgs-stdout index 0b0e0d93f1e..91ebec8ae2b 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-unsafe-zone-mgs-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-unsafe-zone-mgs-stdout @@ -677,8 +677,9 @@ LEDGERED SLED CONFIG measurement manifest: path on boot disk: /fake/path/install/zones.json boot disk inventory: - manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) - no artifacts in install dataset (this should only be seen in simulated systems) + manifest generated by sled-agent + artifacts in install dataset: + - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json @@ -864,8 +865,9 @@ LEDGERED SLED CONFIG measurement manifest: path on boot disk: /fake/path/install/zones.json boot disk inventory: - manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) - no artifacts in install dataset (this should only be seen in simulated systems) + manifest generated by sled-agent + artifacts in install dataset: + - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json @@ -1051,8 +1053,9 @@ LEDGERED SLED CONFIG measurement manifest: path on boot disk: /fake/path/install/zones.json boot disk inventory: - manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000) - no artifacts in install dataset (this should only be seen in simulated systems) + manifest generated by sled-agent + artifacts in install dataset: + - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok no non-boot disks mupdate override: path on boot disk: /fake/path/install/mupdate_override.json diff --git a/nexus/reconfigurator/planning/src/system.rs b/nexus/reconfigurator/planning/src/system.rs index af35339dede..25abff214d3 100644 --- a/nexus/reconfigurator/planning/src/system.rs +++ b/nexus/reconfigurator/planning/src/system.rs @@ -683,6 +683,17 @@ impl SystemDescription { Ok(self) } + /// Set the measurement manifest for a sled from a provided `TufRepoDescription`. + pub fn sled_set_measurement_manifest( + &mut self, + sled_id: SledUuid, + boot_inventory: Result, + ) -> anyhow::Result<&mut Self> { + let sled = self.get_sled_mut(sled_id)?; + sled.set_measurement_manifest(boot_inventory); + Ok(self) + } + pub fn sled_sp_active_version( &self, sled_id: SledUuid, @@ -1757,6 +1768,16 @@ impl Sled { .boot_inventory = boot_inventory; } + fn set_measurement_manifest( + &mut self, + boot_inventory: Result, + ) { + self.inventory_sled_agent + .file_source_resolver + .measurement_manifest + .boot_inventory = boot_inventory; + } + /// Update the reported RoT bootloader versions /// /// If either field is `None`, that field is _unchanged_. diff --git a/nexus/reconfigurator/simulation/src/zone_images.rs b/nexus/reconfigurator/simulation/src/zone_images.rs index 69e5d4b99c2..6eebd719433 100644 --- a/nexus/reconfigurator/simulation/src/zone_images.rs +++ b/nexus/reconfigurator/simulation/src/zone_images.rs @@ -43,10 +43,24 @@ impl SimTufRepoDescription { Self { source: Err(message.clone()), message } } - /// Generates a simulated [`ManifestBootInventory`] or an error. - pub fn to_boot_inventory(&self) -> Result { + /// Generates a simulated [`ManifestBootInventory`] for zones or an error. + pub fn to_zone_boot_inventory( + &self, + ) -> Result { match &self.source { - Ok(source) => Ok(source.to_boot_inventory()), + Ok(source) => Ok(source.to_zone_boot_inventory()), + Err(error) => { + Err(format!("reconfigurator-sim simulated error: {error}")) + } + } + } + + /// Generates a simulated [`ManifestBootInventory`] for measurements or an error. + pub fn to_measurement_boot_inventory( + &self, + ) -> Result { + match &self.source { + Ok(source) => Ok(source.to_measurement_boot_inventory()), Err(error) => { Err(format!("reconfigurator-sim simulated error: {error}")) } @@ -59,7 +73,8 @@ impl SimTufRepoDescription { #[derive(Clone, Debug)] pub struct SimTufRepoSource { description: TufRepoDescription, - manifest_source: OmicronInstallManifestSource, + zone_manifest_source: OmicronInstallManifestSource, + measurement_manifest_source: OmicronInstallManifestSource, message: String, known_artifact_id_names: BTreeSet, error_artifact_id_names: BTreeSet, @@ -71,7 +86,8 @@ impl SimTufRepoSource { /// The message should be of the form "from repo at ..." or "to target release". pub fn new( description: TufRepoDescription, - manifest_source: OmicronInstallManifestSource, + zone_manifest_source: OmicronInstallManifestSource, + measurement_manifest_source: OmicronInstallManifestSource, message: String, ) -> anyhow::Result { let mut unknown = BTreeSet::new(); @@ -106,7 +122,8 @@ impl SimTufRepoSource { } Ok(Self { description, - manifest_source, + zone_manifest_source, + measurement_manifest_source, message, known_artifact_id_names: known, error_artifact_id_names: BTreeSet::new(), @@ -141,8 +158,47 @@ impl SimTufRepoSource { Ok(()) } - /// Generates a simulated [`ManifestBootInventory`]. - pub fn to_boot_inventory(&self) -> ManifestBootInventory { + /// Generates a simulated [`ManifestBootInventory`] from the measurement manifest. + pub fn to_measurement_boot_inventory(&self) -> ManifestBootInventory { + let artifacts = self + .description + .artifacts + .iter() + .filter_map(|artifact| { + if artifact.id.kind.to_known() + != Some(KnownArtifactKind::MeasurementCorpus) + { + return None; + } + + let file_name = artifact.id.name.to_string(); + let path = Utf8Path::new("/fake/path/install").join(&file_name); + let status = + if self.error_artifact_id_names.contains(&artifact.id.name) + { + Err("reconfigurator-sim: simulated error \ + validating zone image" + .to_owned()) + } else { + Ok(()) + }; + Some(ZoneArtifactInventory { + file_name, + path, + expected_size: artifact.size, + expected_hash: artifact.hash, + status, + }) + }) + .collect(); + ManifestBootInventory { + source: self.measurement_manifest_source, + artifacts, + } + } + + /// Generates a simulated [`ManifestBootInventory`] from the zone manifest. + pub fn to_zone_boot_inventory(&self) -> ManifestBootInventory { let artifacts = self .description .artifacts @@ -178,7 +234,7 @@ impl SimTufRepoSource { }) }) .collect(); - ManifestBootInventory { source: self.manifest_source, artifacts } + ManifestBootInventory { source: self.zone_manifest_source, artifacts } } /// Returns a message including the system version and the number of zone