Merge branch 'master' into eero/upgrade-setupos

dfinity · Sep 18, 2024 · ce70a3c · ce70a3c
2 parents 45a4159 + e880042
commit ce70a3c
Show file tree

Hide file tree

Showing 119 changed files with 3,700 additions and 1,249 deletions.
diff --git a/.github/workflows-source/schedule-daily.yml b/.github/workflows-source/schedule-daily.yml
@@ -121,14 +121,29 @@ jobs:
         run: |
           echo "$ZH2_DLL01_CSV_SECRETS" > file1
           echo "$ZH2_FILE_SHARE_KEY" > file2 && chmod 400 file2
+
+          # Run bare metal installation test
           # shellcheck disable=SC2046,SC2086
           bazel ${BAZEL_STARTUP_ARGS} run ${BAZEL_CI_CONFIG} \
             //ic-os/setupos/envs/dev:launch_bare_metal -- \
               --config_path "$(realpath  ./ic-os/dev-tools/bare_metal_deployment/zh2-dll01.yaml)" \
               --csv_filename "$(realpath file1)" \
               --file_share_ssh_key "$(realpath file2)" \
+              --inject_image_pub_key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3gjE/2K5nxIBbk3ohgs8J5LW+XiObwA+kGtSaF5+4c" \
               --file_share_username ci_interim \
               --ci_mode
+
+          # Run bare metal node performance benchmarks
+          # shellcheck disable=SC2046,SC2086
+          bazel ${BAZEL_STARTUP_ARGS} run ${BAZEL_CI_CONFIG} \
+            //ic-os/setupos/envs/dev:launch_bare_metal -- \
+              --config_path "$(realpath  ./ic-os/dev-tools/bare_metal_deployment/zh2-dll01.yaml)" \
+              --csv_filename "$(realpath file1)" \
+              --file_share_ssh_key "$(realpath file2)" \
+              --inject_image_pub_key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3gjE/2K5nxIBbk3ohgs8J5LW+XiObwA+kGtSaF5+4c" \
+              --file_share_username ci_interim \
+              --ci_mode \
+              --benchmark
           bazel clean
         env:
           BAZEL_STARTUP_ARGS: "--output_base=/var/tmp/bazel-output/"

diff --git a/.github/workflows/schedule-daily.yml b/.github/workflows/schedule-daily.yml
@@ -97,14 +97,29 @@ jobs:
         run: |
           echo "$ZH2_DLL01_CSV_SECRETS" > file1
           echo "$ZH2_FILE_SHARE_KEY" > file2 && chmod 400 file2
+
+          # Run bare metal installation test
           # shellcheck disable=SC2046,SC2086
           bazel ${BAZEL_STARTUP_ARGS} run ${BAZEL_CI_CONFIG} \
             //ic-os/setupos/envs/dev:launch_bare_metal -- \
               --config_path "$(realpath  ./ic-os/dev-tools/bare_metal_deployment/zh2-dll01.yaml)" \
               --csv_filename "$(realpath file1)" \
               --file_share_ssh_key "$(realpath file2)" \
+              --inject_image_pub_key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3gjE/2K5nxIBbk3ohgs8J5LW+XiObwA+kGtSaF5+4c" \
               --file_share_username ci_interim \
               --ci_mode
+
+          # Run bare metal node performance benchmarks
+          # shellcheck disable=SC2046,SC2086
+          bazel ${BAZEL_STARTUP_ARGS} run ${BAZEL_CI_CONFIG} \
+            //ic-os/setupos/envs/dev:launch_bare_metal -- \
+              --config_path "$(realpath  ./ic-os/dev-tools/bare_metal_deployment/zh2-dll01.yaml)" \
+              --csv_filename "$(realpath file1)" \
+              --file_share_ssh_key "$(realpath file2)" \
+              --inject_image_pub_key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3gjE/2K5nxIBbk3ohgs8J5LW+XiObwA+kGtSaF5+4c" \
+              --file_share_username ci_interim \
+              --ci_mode \
+              --benchmark
           bazel clean
         env:
           BAZEL_STARTUP_ARGS: "--output_base=/var/tmp/bazel-output/"

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -168,6 +168,7 @@ members = [
     "rs/nervous_system/common/test_canister",
     "rs/nervous_system/common/test_keys",
     "rs/nervous_system/common/test_utils",
+    "rs/nervous_system/common/validation",
     "rs/nervous_system/humanize",
     "rs/nervous_system/integration_tests",
     "rs/nervous_system/lock",

diff --git a/ic-os/components/BUILD.bazel b/ic-os/components/BUILD.bazel
@@ -40,6 +40,7 @@ REPO_COMPONENTS = glob(
 
 # files used for testing and development that aren't "used" by any ic-os variant
 ignored_repo_components = [
+    "hostos-scripts/generate-guestos-config/dev-generate-guestos-config.sh",
     "networking/dev-certs/canister_http_test_ca.key",
     "networking/dev-certs/root_cert_gen.sh",
 ]

diff --git a/ic-os/components/hostos-scripts/generate-guestos-config/dev-generate-guestos-config.sh b/ic-os/components/hostos-scripts/generate-guestos-config/dev-generate-guestos-config.sh
@@ -0,0 +1,162 @@
+#!/bin/bash
+
+set -e
+
+# Generate the GuestOS configuration.
+
+# Source the functions required for writing metrics
+source /opt/ic/bin/metrics.sh
+
+SCRIPT="$(basename $0)[$$]"
+
+# Get keyword arguments
+for argument in "${@}"; do
+    case ${argument} in
+        -c=* | --config=*)
+            CONFIG="${argument#*=}"
+            shift
+            ;;
+        -d=* | --deployment=*)
+            DEPLOYMENT="${argument#*=}"
+            shift
+            ;;
+        -h | --help)
+            echo 'Usage:
+Generate GuestOS Configuration
+
+Arguments:
+  -c=, --config=        specify the config.ini configuration file (Default: /boot/config/config.ini)
+  -d=, --deployment=    specify the deployment.json configuration file (Default: /boot/config/deployment.json)
+  -h, --help            show this help message and exit
+  -i=, --input=         specify the input template file (Default: /opt/ic/share/guestos.xml.template)
+  -m=, --media=         specify the config media image file (Default: /run/ic-node/config.img)
+  -o=, --output=        specify the output configuration file (Default: /var/lib/libvirt/guestos.xml)
+'
+            exit 1
+            ;;
+        -i=* | --input=*)
+            INPUT="${argument#*=}"
+            shift
+            ;;
+        -m=* | --media=*)
+            MEDIA="${argument#*=}"
+            shift
+            ;;
+        -o=* | --output=*)
+            OUTPUT="${argument#*=}"
+            shift
+            ;;
+        *)
+            echo "Error: Argument is not supported."
+            exit 1
+            ;;
+    esac
+done
+
+function validate_arguments() {
+    if [ "${CONFIG}" == "" -o "${DEPLOYMENT}" == "" -o "${INPUT}" == "" -o "${OUTPUT}" == "" ]; then
+        $0 --help
+    fi
+}
+
+# Set arguments if undefined
+CONFIG="${CONFIG:=/boot/config/config.ini}"
+DEPLOYMENT="${DEPLOYMENT:=/boot/config/deployment.json}"
+INPUT="${INPUT:=/opt/ic/share/guestos.xml.template}"
+MEDIA="${MEDIA:=/run/ic-node/config.img}"
+OUTPUT="${OUTPUT:=/var/lib/libvirt/guestos.xml}"
+
+write_log() {
+    local message=$1
+
+    if [ -t 1 ]; then
+        echo "${SCRIPT} ${message}" >/dev/stdout
+    fi
+
+    logger -t ${SCRIPT} "${message}"
+}
+
+function read_variables() {
+    # Read limited set of keys. Be extra-careful quoting values as it could
+    # otherwise lead to executing arbitrary shell code!
+    while IFS="=" read -r key value; do
+        case "$key" in
+            "ipv6_prefix") ipv6_prefix="${value}" ;;
+            "ipv6_gateway") ipv6_gateway="${value}" ;;
+            "ipv4_address") ipv4_address="${value}" ;;
+            "ipv4_prefix_length") ipv4_prefix_length="${value}" ;;
+            "ipv4_gateway") ipv4_gateway="${value}" ;;
+            "domain") domain="${value}" ;;
+        esac
+    done <"${CONFIG}"
+}
+
+function assemble_config_media() {
+    cmd=(/opt/ic/bin/build-bootstrap-config-image.sh ${MEDIA})
+    cmd+=(--nns_public_key "/boot/config/nns_public_key.pem")
+    cmd+=(--elasticsearch_hosts "$(/opt/ic/bin/fetch-property.sh --key=.logging.hosts --metric=hostos_logging_hosts --config=${DEPLOYMENT})")
+    cmd+=(--ipv6_address "$(/opt/ic/bin/hostos_tool generate-ipv6-address --node-type GuestOS)")
+    cmd+=(--ipv6_gateway "${ipv6_gateway}")
+    if [[ -n "$ipv4_address" && -n "$ipv4_prefix_length" && -n "$ipv4_gateway" && -n "$domain" ]]; then
+        cmd+=(--ipv4_address "${ipv4_address}/${ipv4_prefix_length}")
+        cmd+=(--ipv4_gateway "${ipv4_gateway}")
+        cmd+=(--domain "${domain}")
+    fi
+    cmd+=(--hostname "guest-$(/opt/ic/bin/fetch-mgmt-mac.sh | sed 's/://g')")
+    cmd+=(--nns_url "$(/opt/ic/bin/fetch-property.sh --key=.nns.url --metric=hostos_nns_url --config=${DEPLOYMENT})")
+    if [ -f "/boot/config/node_operator_private_key.pem" ]; then
+        cmd+=(--node_operator_private_key "/boot/config/node_operator_private_key.pem")
+    fi
+
+    cmd+=(--accounts_ssh_authorized_keys "/boot/config/ssh_authorized_keys")
+
+    # Run the above command
+    "${cmd[@]}"
+    write_log "Assembling config media for GuestOS: ${MEDIA}"
+}
+
+function generate_guestos_config() {
+    RESOURCES_MEMORY=$(/opt/ic/bin/fetch-property.sh --key=.resources.memory --metric=hostos_resources_memory --config=${DEPLOYMENT})
+    MAC_ADDRESS=$(/opt/ic/bin/hostos_tool generate-mac-address --node-type GuestOS)
+    # NOTE: `fetch-property` will error if the target is not found. Here we
+    # only want to act when the field is set.
+    CPU_MODE=$(jq -r ".resources.cpu" ${DEPLOYMENT})
+
+    CPU_DOMAIN="kvm"
+    CPU_SPEC="/opt/ic/share/kvm-cpu.xml"
+    if [ "${CPU_MODE}" == "qemu" ]; then
+        CPU_DOMAIN="qemu"
+        CPU_SPEC="/opt/ic/share/qemu-cpu.xml"
+    fi
+
+    if [ ! -f "${OUTPUT}" ]; then
+        mkdir -p "$(dirname "$OUTPUT")"
+        sed -e "s@{{ resources_memory }}@${RESOURCES_MEMORY}@" \
+            -e "s@{{ mac_address }}@${MAC_ADDRESS}@" \
+            -e "s@{{ cpu_domain }}@${CPU_DOMAIN}@" \
+            -e "/{{ cpu_spec }}/{r ${CPU_SPEC}" -e "d" -e "}" \
+            "${INPUT}" >"${OUTPUT}"
+        restorecon -R "$(dirname "$OUTPUT")"
+        write_log "Generating GuestOS configuration file: ${OUTPUT}"
+        write_metric "hostos_generate_guestos_config" \
+            "1" \
+            "HostOS generate GuestOS config" \
+            "gauge"
+    else
+        write_log "GuestOS configuration file already exists: ${OUTPUT}"
+        write_metric "hostos_generate_guestos_config" \
+            "0" \
+            "HostOS generate GuestOS config" \
+            "gauge"
+    fi
+}
+
+function main() {
+    # Establish run order
+    validate_arguments
+    read_variables
+    assemble_config_media
+    generate_guestos_config
+}
+
+main
diff --git a/ic-os/components/init/bootstrap-ic-node/guestos/bootstrap-ic-node.sh b/ic-os/components/init/bootstrap-ic-node/guestos/bootstrap-ic-node.sh
@@ -135,6 +135,10 @@ write_metric_attr "guestos_boot_action" \
     "GuestOS boot action" \
     "gauge"
 
+# /boot/config/CONFIGURED serves as a tag to indicate that the one-time bootstrap configuration has been completed.
+# If the `/boot/config/CONFIGURED` file is not present, the boot sequence will
+# search for a virtual USB stick (the bootstrap config image)
+# containing the injected configuration files, and create the file.
 if [ -f /boot/config/CONFIGURED ]; then
     echo "Bootstrap completed already"
 fi

diff --git a/ic-os/dev-tools/bare_metal_deployment/BUILD.bazel b/ic-os/dev-tools/bare_metal_deployment/BUILD.bazel
@@ -1,11 +1,7 @@
 package(default_visibility = ["//rs:ic-os-pkg"])
 
-exports_files(["deploy.py"])
-
-# Necessary to find the directory where the scripts are stored.
-genrule(
-    name = "find_idrac_package_path",
-    outs = ["idrac_package_path.txt"],
-    cmd = "echo $(location @python_deps_idracredfishsupport//:IdracRedfishSupport-0.0.8.data/scripts/VirtualDiskExpansionREDFISH.py) | xargs dirname > $@",
-    tools = ["@python_deps_idracredfishsupport//:IdracRedfishSupport-0.0.8.data/scripts/VirtualDiskExpansionREDFISH.py"],
-)
+exports_files([
+    "deploy.py",
+    "benchmark_runner.sh",
+    "benchmark_driver.sh",
+])