cap number of repo depot backends (#9176)

Author: davepacheco

dev-tools/reconfigurator-cli/tests/output/cmds-noop-image-source-stdout

@@ -510,7 +510,7 @@ to:   blueprint af934083-59b5-4bf6-8966-6fb5292c29e1
 
 internal DNS:
   DNS zone: "control-plane.oxide.internal" (unchanged)
-    unchanged names: 53 (records: 76)
+    unchanged names: 53 (records: 75)
 
 external DNS:
   DNS zone: "oxide.example" (unchanged)

dev-tools/reconfigurator-cli/tests/output/cmds-set-remove-mupdate-override-stdout

@@ -666,7 +666,7 @@ internal DNS:
 -       AAAA fd00:1122:3344:107::22
 -   name: c800ba17-240e-4b72-8ae6-afc30b6baa96.host          (records: 1)
 -       AAAA fd00:1122:3344:107::21
-    unchanged names: 52 (records: 70)
+    unchanged names: 52 (records: 69)
 
 external DNS:
   DNS zone: "oxide.example" (unchanged)
@@ -1015,7 +1015,7 @@ to:   blueprint ce365dff-2cdb-4f35-a186-b15e20e1e700
 
 internal DNS:
   DNS zone: "control-plane.oxide.internal" (unchanged)
-    unchanged names: 53 (records: 76)
+    unchanged names: 53 (records: 75)
 
 external DNS:
   DNS zone: "oxide.example" (unchanged)

dev-tools/reconfigurator-cli/tests/output/cmds-unsafe-zone-mgs-stdout

@@ -92,6 +92,9 @@ target release (generation 2): 0.0.1 (system-update-v0.0.1.zip)
     artifact: 7776db817d1f1b1a2f578050742e33bd4e805a4c76f36bce84dcb509b900249c switch_rot_image_b (fake-switch-rot version 0.0.1)
     artifact: 0686443d50db2247077dc70b6543cea9a90a9792de00e06c06cff4c91fa5a4a8 switch_rot_bootloader (fake-switch-rot-bootloader version 0.0.1)
     artifact: 657aaebc9c2f451446af0411a67a4bd057f39fa1b8a7fdc429ca4a2facd9344c installinator_document (installinator_document version 0.0.1)
+active nexus zone generation: 1
+active nexus zones: inferred from generation
+not-yet nexus zones: inferred from generation
 planner config:
     add zones with mupdate override:   false
 

nexus/types/src/deployment/execution/dns.rs

@@ -171,18 +171,29 @@ pub fn blueprint_internal_dns_config(
     // replicated synchronously or atomically to all instances.  That is: a
     // consumer should be careful when fetching an artifact about whether they
     // really can just pick any backend of this service or not.
+    //
+    // We currently limit the repo depot backends to keep us under current DNS
+    // limits.  See oxidecomputer/omicron#6342.  This number is chosen somewhat
+    // arbitrarily: it's small enough to fit under the DNS limit, but enough
+    // to give some redundancy.  We're implicitly assuming iteration over
+    // `sleds_by_id` will be stable so that we're not thrashing on the DNS
+    // names.
+    let mut nrepo_depots = 6;
     for sled in sleds_by_id {
         if !sled.policy().matches(SledFilter::TufArtifactReplication) {
             continue;
         }
 
         let dns_sled = dns_builder
             .host_sled(sled.id(), *sled.sled_agent_address().ip())?;
-        dns_builder.service_backend_sled(
-            ServiceName::RepoDepot,
-            &dns_sled,
-            sled.repo_depot_address().port(),
-        )?;
+        if nrepo_depots > 0 {
+            dns_builder.service_backend_sled(
+                ServiceName::RepoDepot,
+                &dns_sled,
+                sled.repo_depot_address().port(),
+            )?;
+            nrepo_depots -= 1;
+        }
     }
 
     Ok(dns_builder.build_zone())