Fixes improves OPTE installation and improves errors

[bnaecker]

• Fixes mismerge in tools/install_opte.sh that prevented installing
  OPTE package on a system that didn't previously have it
• Improves error messages when either xde driver fails or the expected
  virtual networking devices don't exist

[bnaecker]

Should resolve #1049

If we try to run the sled agent without the expected xde driver config file at /kernel/drv/xde.conf, we get errors like:

May 10 03:02:16.766 WARN failed to start sled agent, error: Error Response, component: RSS, server: fb0f7546-4d46-40ca-9d56-cbb810684ca7, component: BootstrapAgent
May 10 03:02:18.027note: configured to log to "/var/oxide/sled-agent.log"
 INFO Loading Sled Agent: SledAgentRequest { subnet: Ipv6Subnet { net: Ipv6Net(Ipv6Network { addr: fd00:1122:3344:101::, prefix: 64 }) } }, server: fb0f7546-4d46-40ca-9d56-cbb810684ca7, component: BootstrapAgent
May 10 03:02:18.064 INFO request completed, error_message_external: Internal Server Error, error_message_internal: Error starting sled agent: Could not start sled agent server: Error managing guest networking: No xde driver configuration file exists at '/kernel/drv/xde.conf', response_code: 500, uri: /start_sled, method: PUT, req_id: 7cd69b26-002c-4ff2-8bc9-16224f39a543, remote_addr: [fdb0:b42e:99fe:859::1]:50098, local_addr: [fdb0:b42e:99fe:859::1]:12346, component: dropshot

If we've not run ./tools/create_virtual_hardware.sh, and in particular, we don't have exactly two VNICs named net{0,1}, we get errors like this:

 INFO Loading Sled Agent: SledAgentRequest { subnet: Ipv6Subnet { net: Ipv6Net(Ipv6Network { addr: fd00:1122:3344:101::, prefix: 64 }) } }, server: fb0f7546-4d46-40ca-9d56-cbb810684ca7, component: BootstrapAgent
May 10 03:04:29.038 INFO request completed, error_message_external: Internal Server Error, error_message_internal: Error starting sled agent: Could not start sled agent server: Error managing guest networking: Failure interacting with the OPTE ioctl(2) interface: invalid argument There must be at least two underlay NICs for the xde driver to operate. These are currently created by `./tools/create_virtual_hadware.sh`. Please ensure that script has been run, and that two VNICs named `net{0,1}` exist on the system., response_code: 500, uri: /start_sled, method: PUT, req_id: 94c7a01b-2df0-4ebd-baaf-b4269d1a2340, remote_addr: [fdb0:b42e:99fe:859::1]:58929, local_addr: [fdb0:b42e:99fe:859::1]:12346, component: dropshot
May 10 03:04:29.039 WARN failed to start sled agent, error: Error Response, component: RSS, server: fb0f7546-4d46-40ca-9d56-cbb810684ca7, component: BootstrapAgent

[smklein]

Looks great, thanks for the quick fixes!

[bnaecker]

Something actually occurred to me after posting this. This expands the set of VNICs returned by Dladm::get_vnics() to include the underlay devices net{0,1} and any VNICs for guests over xde devices. The sled agent currently deletes those with the ox prefix here, but this feels a bit dangerous. Without that .filter() call, we'd delete the guest VNICs and the underlay VNICs. Any thoughts on whether we should make that more safe? Maybe split things into a Dladm::guest_vnics() and Dladm::system_vnics() call? Or provide the prefix as an argument to Dladm::get_vnics()?

Any thoughts here @smklein?

[smklein]

Something actually occurred to me after posting this. This expands the set of VNICs returned by Dladm::get_vnics() to include the underlay devices net{0,1} and any VNICs for guests over xde devices. The sled agent currently deletes those with the ox prefix here, but this feels a bit dangerous. Without that .filter() call, we'd delete the guest VNICs and the underlay VNICs. Any thoughts on whether we should make that more safe? Maybe split things into a Dladm::guest_vnics() and Dladm::system_vnics() call? Or provide the prefix as an argument to Dladm::get_vnics()?

Any thoughts here @smklein?

Fortunately, that's the only spot where we actually query for all sled-agent managed VNICs, so this change should be easy.

The implementation (on main) is a little redundant - get_vnics() filters by prefix...

omicron/sled-agent/src/illumos/dladm.rs

Lines 167 to 179 in c52656d

	/// Returns all VNICs that may be managed by the Sled Agent.
	pub fn get_vnics() -> Result<Vec<String>, GetVnicError> {
	let mut command = std::process::Command::new(PFEXEC);
	let cmd = command.args(&[DLADM, "show-vnic", "-p", "-o", "LINK"]);
	let output = execute(cmd).map_err(|err| GetVnicError { err })?;
	let vnics = String::from_utf8_lossy(&output.stdout)
	.lines()
	.filter(|vnic| vnic.starts_with(VNIC_PREFIX))
	.map(|s| s.to_owned())
	.collect();
	Ok(vnics)
	}

... but then we filter again in sled_agent.rs, after making that call:

omicron/sled-agent/src/sled_agent.rs

Lines 168 to 175 in c52656d

	let vnics = Dladm::get_vnics()?;
	for vnic in vnics
	.iter()
	.filter(|vnic| vnic.starts_with(crate::illumos::dladm::VNIC_PREFIX))
	{
	warn!(log, "Deleting VNIC: {}", vnic);
	Dladm::delete_vnic(&vnic)?;
	}

Before OPTE integration, "get_vnics" was fairly unambiguous - we only managed guest vnics. Now that we have more complex categories, you're right, it's probably worthwhile disambiguating.

I'd be fine with either making a Dladm::underlay_vnics function, or with passing an enum specifying the flavor of VNIC to return - as long as it's strongly typed (lets avoid boolean arguments), those seem equivalent to me.

[bnaecker]

Cool, will add shortly. Thanks!

[bnaecker]

@smklein This could use another once-over, if you don't mind. I've added an enum to represent the kind of each VNIC, and use that explicitly when clearing out either Oxide control VNICs or guest VNICs when the sled agent starts up. I'm also clearing out the OPTE ports / xde devices at startup, which should resolve #1048 as well.

[bnaecker]

Ok, a few more straggler changes required. I opted to return an Option when trying to get the VnicKind for a VNIC that the sled agent should not be managing, e.g., net0. This means we have to also return a Result from things like Vnic::wrap_existing, since that just takes a name as a &str at this point. Hopefully this resolves the above @smklein.

As a sidenote, here's a snippet from the sled agent logs, when restarting and cleaning up the old state:

{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.921022577Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"OxideControl","name":"oxControlStorage0"}
{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.926981394Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"OxideControl","name":"oxControlStorage1"}
{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.93262576Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"OxideControl","name":"oxControlStorage2"}
{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.937900856Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"OxideControl","name":"oxControlStorage3"}
{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.943852525Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"OxideControl","name":"oxControlService0"}
{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.948241326Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"OxideControl","name":"oxControlStorage4"}
{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.952736083Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"OxideControl","name":"oxControlService1"}
{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.958774583Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"OxideControl","name":"oxControlService2"}
{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.9637238Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"OxideControl","name":"oxControlInstance0"}
{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.968212689Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"OxideControl","name":"oxControlInstance1"}
{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.973246358Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"Guest","name":"vopte0"}
{"msg":"Deleting existing VNIC","v":0,"name":"sled-agent","level":40,"time":"2022-05-10T20:53:13.97776523Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","kind":"Guest","name":"vopte1"}
{"msg":"deleting existing OPTE port and xde device","v":0,"name":"sled-agent","level":30,"time":"2022-05-10T20:53:13.982193032Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","name":"opte0"}
{"msg":"deleting existing OPTE port and xde device","v":0,"name":"sled-agent","level":30,"time":"2022-05-10T20:53:13.982635276Z","hostname":"feldspar","pid":834,"sled_id":"fb0f7546-4d46-40ca-9d56-cbb810684ca7","component":"SledAgent","name":"opte1”}

[smklein]

Mod my last (nit) comment, this still LGTM!