[sled-agent] NTP zone config set up via zone-setup CLI (#5440)

## Overview

This PR repurposes the zone-network CLI into a zone-setup CLI, in order
to remove as many zone start-up scripts as possible. This is also in
preparation to use this zone-setup CLI with the self assembling switch
zone.

Related: #1898

---------

Co-authored-by: Andy Fiddaman <[email protected]>

Author: karencfv

Cargo.lock

@@ -79,7 +79,7 @@ members = [
     "wicket",
     "wicketd",
     "workspace-hack",
-    "zone-network-setup",
+    "zone-setup",
 ]
 
 default-members = [
@@ -158,7 +158,7 @@ default-members = [
     "wicket-dbg",
     "wicket",
     "wicketd",
-    "zone-network-setup",
+    "zone-setup",
 ]
 resolver = "2"
 
@@ -442,6 +442,7 @@ update-common = { path = "update-common" }
 update-engine = { path = "update-engine" }
 usdt = "0.5.0"
 uuid = { version = "1.8.0", features = ["serde", "v4"] }
+uzers = "0.11"
 walkdir = "2.5"
 whoami = "1.5"
 wicket = { path = "wicket" }

Cargo.toml

@@ -24,6 +24,7 @@ pub mod route;
 pub mod running_zone;
 pub mod scf;
 pub mod svc;
+pub mod svcadm;
 pub mod vmm_reservoir;
 pub mod zfs;
 pub mod zone;

illumos-utils/src/lib.rs

@@ -0,0 +1,21 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+//! Utilities for manipulating SMF services.
+
+use crate::zone::SVCADM;
+use crate::{execute, ExecutionError, PFEXEC};
+
+/// Wraps commands for interacting with svcadm.
+pub struct Svcadm {}
+
+#[cfg_attr(any(test, feature = "testing"), mockall::automock)]
+impl Svcadm {
+    pub fn refresh_logadm_upgrade() -> Result<(), ExecutionError> {
+        let mut cmd = std::process::Command::new(PFEXEC);
+        let cmd = cmd.args(&[SVCADM, "refresh", "logadm-upgrade"]);
+        execute(cmd)?;
+        Ok(())
+    }
+}

illumos-utils/src/svcadm.rs

@@ -100,7 +100,7 @@ only_for_targets.image = "standard"
 source.type = "composite"
 source.packages = [
   "omicron-nexus.tar.gz",
-  "zone-network-setup.tar.gz",
+  "zone-setup.tar.gz",
   "zone-network-install.tar.gz",
   "opte-interface-setup.tar.gz",
 ]
@@ -130,11 +130,7 @@ output.intermediate_only = true
 service_name = "oximeter"
 only_for_targets.image = "standard"
 source.type = "composite"
-source.packages = [
-  "oximeter-collector.tar.gz",
-  "zone-network-setup.tar.gz",
-  "zone-network-install.tar.gz",
-]
+source.packages = [ "oximeter-collector.tar.gz", "zone-setup.tar.gz", "zone-network-install.tar.gz" ]
 output.type = "zone"
 
 [package.oximeter-collector]
@@ -157,8 +153,8 @@ source.type = "composite"
 source.packages = [
   "clickhouse_svc.tar.gz",
   "internal-dns-cli.tar.gz",
-  "zone-network-setup.tar.gz",
-  "zone-network-install.tar.gz",
+  "zone-setup.tar.gz",
+  "zone-network-install.tar.gz"
 ]
 output.type = "zone"
 
@@ -183,8 +179,8 @@ source.type = "composite"
 source.packages = [
   "clickhouse_keeper_svc.tar.gz",
   "internal-dns-cli.tar.gz",
-  "zone-network-setup.tar.gz",
-  "zone-network-install.tar.gz",
+  "zone-setup.tar.gz",
+  "zone-network-install.tar.gz"
 ]
 output.type = "zone"
 
@@ -209,8 +205,8 @@ source.type = "composite"
 source.packages = [
   "cockroachdb-service.tar.gz",
   "internal-dns-cli.tar.gz",
-  "zone-network-setup.tar.gz",
-  "zone-network-install.tar.gz",
+  "zone-setup.tar.gz",
+  "zone-network-install.tar.gz"
 ]
 output.type = "zone"
 
@@ -245,8 +241,8 @@ source.type = "composite"
 source.packages = [
   "dns-server.tar.gz",
   "internal-dns-customizations.tar.gz",
-  "zone-network-setup.tar.gz",
-  "zone-network-install.tar.gz",
+  "zone-setup.tar.gz",
+  "zone-network-install.tar.gz"
 ]
 output.type = "zone"
 
@@ -257,7 +253,7 @@ source.type = "composite"
 source.packages = [
   "dns-server.tar.gz",
   "external-dns-customizations.tar.gz",
-  "zone-network-setup.tar.gz",
+  "zone-setup.tar.gz",
   "zone-network-install.tar.gz",
   "opte-interface-setup.tar.gz",
 ]
@@ -298,10 +294,11 @@ service_name = "ntp"
 only_for_targets.image = "standard"
 source.type = "composite"
 source.packages = [
+  "chrony-setup.tar.gz",
   "ntp-svc.tar.gz",
   "opte-interface-setup.tar.gz",
-  "zone-network-setup.tar.gz",
-  "zone-network-install.tar.gz",
+  "zone-setup.tar.gz",
+  "zone-network-install.tar.gz"
 ]
 output.type = "zone"
 
@@ -311,8 +308,17 @@ only_for_targets.image = "standard"
 source.type = "local"
 source.paths = [
   { from = "smf/ntp/manifest", to = "/var/svc/manifest/site/ntp" },
-  { from = "smf/ntp/method", to = "/var/svc/method" },
-  { from = "smf/ntp/etc", to = "/etc" },
+]
+output.intermediate_only = true
+output.type = "zone"
+
+[package.chrony-setup]
+service_name = "chrony-setup"
+only_for_targets.image = "standard"
+source.type = "local"
+source.paths = [
+  { from = "smf/chrony-setup/manifest.xml", to = "/var/svc/manifest/site/chrony-setup/manifest.xml" },
+  { from = "smf/chrony-setup/etc", to = "/etc" },
 ]
 output.intermediate_only = true
 output.type = "zone"
@@ -457,23 +463,15 @@ output.intermediate_only = true
 service_name = "crucible"
 only_for_targets.image = "standard"
 source.type = "composite"
-source.packages = [
-  "crucible.tar.gz",
-  "zone-network-setup.tar.gz",
-  "zone-network-install.tar.gz",
-]
+source.packages = [ "crucible.tar.gz", "zone-setup.tar.gz", "zone-network-install.tar.gz" ]
 output.type = "zone"
 
 
 [package.crucible-pantry-zone]
 service_name = "crucible_pantry"
 only_for_targets.image = "standard"
 source.type = "composite"
-source.packages = [
-  "crucible-pantry.tar.gz",
-  "zone-network-setup.tar.gz",
-  "zone-network-install.tar.gz",
-]
+source.packages = [ "crucible-pantry.tar.gz", "zone-setup.tar.gz", "zone-network-install.tar.gz" ]
 output.type = "zone"
 
 # Packages not built within Omicron, but which must be imported.
@@ -746,11 +744,11 @@ source.paths = [
 output.type = "zone"
 output.intermediate_only = true
 
-[package.zone-network-setup]
-service_name = "zone-network-cli"
+[package.zone-setup]
+service_name = "zone-setup-cli"
 only_for_targets.image = "standard"
 source.type = "local"
-source.rust.binary_names = ["zone-networking"]
+source.rust.binary_names = ["zone-setup"]
 source.rust.release = true
 output.type = "zone"
 output.intermediate_only = true

package-manifest.toml

@@ -2006,7 +2006,7 @@ impl ServiceManager {
                     Self::dns_install(info, Some(dns_servers.to_vec()), domain)
                         .await?;
 
-                let mut ntp_config = PropertyGroupBuilder::new("config")
+                let mut chrony_config = PropertyGroupBuilder::new("config")
                     .add_property("allow", "astring", &rack_net)
                     .add_property(
                         "boundary",
@@ -2015,7 +2015,7 @@ impl ServiceManager {
                     );
 
                 for s in ntp_servers {
-                    ntp_config = ntp_config.add_property(
+                    chrony_config = chrony_config.add_property(
                         "server",
                         "astring",
                         &s.to_string(),
@@ -2030,13 +2030,17 @@ impl ServiceManager {
                 }
 
                 let ntp_service = ServiceBuilder::new("oxide/ntp")
-                    .add_instance(
+                    .add_instance(ServiceInstanceBuilder::new("default"));
+
+                let chrony_setup_service =
+                    ServiceBuilder::new("oxide/chrony-setup").add_instance(
                         ServiceInstanceBuilder::new("default")
-                            .add_property_group(ntp_config),
+                            .add_property_group(chrony_config),
                     );
 
                 let mut profile = ProfileBuilder::new("omicron")
                     .add_service(nw_setup_service)
+                    .add_service(chrony_setup_service)
                     .add_service(disabled_ssh_service)
                     .add_service(dns_install_service)
                     .add_service(dns_client_service)

sled-agent/src/services.rs

@@ -0,0 +1,46 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+
+<service_bundle type='manifest' name='chrony-setup'>
+
+<service name='oxide/chrony-setup' type='service' version='1'>
+  <create_default_instance enabled='true' />
+
+  <dependency name='multi_user' grouping='require_all' restart_on='none'
+    type='service'>
+  <service_fmri value='svc:/milestone/multi-user:default' />
+  </dependency>
+
+  <exec_method type='method' name='start'
+    exec='/opt/oxide/zone-setup-cli/bin/zone-setup chrony-setup -b %{config/boundary} -s %{config/server} -a %{config/allow}'
+    timeout_seconds='0'>
+  <method_context security_flags="aslr">
+  <method_credential user="root" group="root"
+    privileges="basic,file_chown" />
+  </method_context>
+  </exec_method>
+
+  
+  <property_group name='startd' type='framework'>
+    <propval name='duration' type='astring' value='transient' />
+  </property_group>
+
+  <property_group name="config" type="application">
+    <propval name="boundary" type="boolean" value="false" />
+    <propval name="server" type="astring" value="" />
+    <propval name="allow" type="astring" value="" />
+  </property_group>
+
+  <stability value='Unstable' />
+
+  <template>
+    <common_name>
+      <loctext xml:lang='C'>Oxide Chrony Setup</loctext>
+    </common_name>
+    <description>
+      <loctext xml:lang='C'>Configures chronyd for the NTP zone</loctext>
+    </description>
+  </template>
+</service>
+
+</service_bundle>