Replace bootstrap-agent dropshot server with sprockets session

Removes sprockets proxies, fixing #1161.
oxidecomputer · Jun 8, 2022 · deba63e · deba63e
1 parent 3d0f731
commit deba63e
Show file tree

Hide file tree

Showing 16 changed files with 463 additions and 609 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/openapi/bootstrap-agent.json b/openapi/bootstrap-agent.json
diff --git a/sled-agent/Cargo.toml b/sled-agent/Cargo.toml
@@ -30,14 +30,14 @@ reqwest = { version = "0.11.8", default-features = false, features = ["rustls-tl
 schemars = { version = "0.8.10", features = [ "chrono", "uuid1" ] }
 serde = { version = "1.0", features = [ "derive" ] }
 serde_json = "1.0"
+serde_repr = "0.1"
 sled-agent-client = { path = "../sled-agent-client" }
 slog = { version = "2.5", features = [ "max_level_trace", "release_max_level_debug" ] }
 slog-dtrace = "0.2"
 smf = "0.2"
 spdm = { git = "https://github.com/oxidecomputer/spdm", rev = "9742f6e" }
 sp-sim = { path = "../sp-sim" }
 sprockets-host = { git = "http://github.com/oxidecomputer/sprockets", rev = "0361fd13ff19cda6696242fe40f1325fca30d3d1" }
-sprockets-proxy = { git = "http://github.com/oxidecomputer/sprockets", rev = "0361fd13ff19cda6696242fe40f1325fca30d3d1" }
 socket2 = { version = "0.4", features = [ "all" ] }
 structopt = "0.3"
 tar = "0.4"

diff --git a/sled-agent/src/bin/sled-agent.rs b/sled-agent/src/bin/sled-agent.rs
@@ -4,8 +4,6 @@
 
 //! Executable program to run the sled agent
 
-use dropshot::ConfigDropshot;
-use omicron_common::api::external::Error;
 use omicron_common::cmd::fatal;
 use omicron_common::cmd::CmdError;
 use omicron_sled_agent::bootstrap::{
@@ -15,42 +13,17 @@ use omicron_sled_agent::bootstrap::{
 use omicron_sled_agent::rack_setup::config::SetupServiceConfig as RssConfig;
 use omicron_sled_agent::{config::Config as SledConfig, server as sled_server};
 use sp_sim::config::GimletConfig;
-use std::net::SocketAddr;
 use std::path::PathBuf;
 use structopt::StructOpt;
 
-#[derive(Debug)]
-enum ApiRequest {
-    Bootstrap,
-    Sled,
-}
-
-impl std::str::FromStr for ApiRequest {
-    type Err = Error;
-    fn from_str(s: &str) -> Result<Self, Self::Err> {
-        match s {
-            "bootstrap" => Ok(ApiRequest::Bootstrap),
-            "sled" => Ok(ApiRequest::Sled),
-            _ => Err(Error::InvalidValue {
-                label: s.to_string(),
-                message: "Invalid value: try one of {bootstrap, sled}"
-                    .to_string(),
-            }),
-        }
-    }
-}
-
 #[derive(Debug, StructOpt)]
 #[structopt(
     name = "sled_agent",
     about = "See README.adoc for more information"
 )]
 enum Args {
     /// Generates the OpenAPI specification.
-    Openapi {
-        #[structopt(name = "api_type", parse(try_from_str))]
-        api_requested: ApiRequest,
-    },
+    Openapi,
     /// Runs the Sled Agent server.
     Run {
         #[structopt(name = "CONFIG_FILE_PATH", parse(from_os_str))]
@@ -71,14 +44,7 @@ async fn do_run() -> Result<(), CmdError> {
     })?;
 
     match args {
-        Args::Openapi { api_requested } => match api_requested {
-            ApiRequest::Bootstrap => {
-                bootstrap_server::run_openapi().map_err(CmdError::Failure)
-            }
-            ApiRequest::Sled => {
-                sled_server::run_openapi().map_err(CmdError::Failure)
-            }
-        },
+        Args::Openapi => sled_server::run_openapi().map_err(CmdError::Failure),
         Args::Run { config_path } => {
             let config = SledConfig::from_file(&config_path)
                 .map_err(|e| CmdError::Failure(e.to_string()))?;
@@ -131,46 +97,12 @@ async fn do_run() -> Result<(), CmdError> {
             let bootstrap_address = bootstrap_address(link)
                 .map_err(|e| CmdError::Failure(e.to_string()))?;
 
-            // Are we going to simulate a local SP? If so:
-            //
-            // 1. The bootstrap dropshot server listens on localhost
-            // 2. A sprockets proxy listens on `bootstrap_address` (and relays
-            //    incoming connections to the localhost dropshot server)
-            //
-            // If we're not simulating a local SP, we can't establish sprockets
-            // sessions, so we'll have the bootstrap dropshot server listen on
-            // `bootstrap_address` (and no sprockets proxy).
-            //
-            // TODO-security: With this configuration, dropshot itself is
-            // running plain HTTP and blindly trusting all connections from
-            // localhost. We have a similar sprockets proxy on the client side,
-            // where the proxy blindly trusts all connections from localhost
-            // (although the client-side proxy only runs while is being made,
-            // while our dropshot server is always listening). Can we secure
-            // these connections sufficiently? Other options include expanding
-            // dropshot/progenitor to allow a custom connection layer (supported
-            // by hyper, but not reqwest), keeping the sprockets proxy but using
-            // something other than TCP that we can lock down, or abandoning
-            // dropshot and using a bespoke protocol over a raw
-            // sprockets-encrypted TCP connection.
-            let (bootstrap_dropshot_addr, sprockets_proxy_bind_addr) =
-                if sp_config.is_some() {
-                    ("[::1]:0".parse().unwrap(), Some(bootstrap_address))
-                } else {
-                    (SocketAddr::V6(bootstrap_address), None)
-                };
-
             // Configure and run the Bootstrap server.
             let bootstrap_config = BootstrapConfig {
                 id: config.id,
-                dropshot: ConfigDropshot {
-                    bind_address: bootstrap_dropshot_addr,
-                    request_body_max_bytes: 1024 * 1024,
-                    ..Default::default()
-                },
+                bind_address: bootstrap_address,
                 log: config.log.clone(),
                 rss_config,
-                sprockets_proxy_bind_addr,
                 sp_config,
             };
 

diff --git a/sled-agent/src/bootstrap/agent.rs b/sled-agent/src/bootstrap/agent.rs
@@ -210,13 +210,14 @@ impl Agent {
                 )?,
             )
             .map_err(|err| BootstrapError::Toml { path: request_path, err })?;
-            agent.request_agent(sled_request).await?;
+            agent.request_agent(&sled_request).await?;
         }
 
         Ok(agent)
     }
 
     /// Implements the "request share" API.
+    #[allow(dead_code)] // Currently uncalled; will be used soon!
     pub async fn request_share(
         &self,
         identity: Vec<u8>,
@@ -234,7 +235,7 @@ impl Agent {
     /// been initialized.
     pub async fn request_agent(
         &self,
-        request: SledAgentRequest,
+        request: &SledAgentRequest,
     ) -> Result<SledAgentResponse, BootstrapError> {
         info!(&self.log, "Loading Sled Agent: {:?}", request);