nexus quiesce needs to deal with saga recovery and re-assignment (#8794)

Author: davepacheco

Cargo.lock

@@ -88,7 +88,7 @@ progenitor::generate_api!(
     }
 );
 
-impl IdOrdItem for types::RunningSagaInfo {
+impl IdOrdItem for types::PendingSagaInfo {
     type Key<'a> = Uuid;
 
     fn key(&self) -> Self::Key<'_> {

clients/nexus-client/src/lib.rs

@@ -117,12 +117,12 @@ async fn quiesce_show(
         }
     }
 
-    println!("sagas running: {}", quiesce.sagas_running.len());
-    for saga in &quiesce.sagas_running {
+    println!("sagas running: {}", quiesce.sagas_pending.len());
+    for saga in &quiesce.sagas_pending {
         println!(
-            "    saga {} started at {} ({})",
+            "    saga {} pending since {} ({})",
             saga.saga_id,
-            humantime::format_rfc3339_millis(saga.time_started.into()),
+            humantime::format_rfc3339_millis(saga.time_pending.into()),
             saga.saga_name
         );
     }

dev-tools/omdb/src/bin/omdb/nexus/quiesce.rs

@@ -21,6 +21,7 @@ use nexus_reconfigurator_execution::{RequiredRealizeArgs, realize_blueprint};
 use nexus_types::deployment::Blueprint;
 use nexus_types::deployment::PendingMgsUpdates;
 use nexus_types::deployment::SledFilter;
+use nexus_types::quiesce::SagaQuiesceHandle;
 use omicron_common::api::external::DataPageParams;
 use omicron_uuid_kinds::GenericUuid;
 use omicron_uuid_kinds::OmicronZoneUuid;
@@ -248,6 +249,7 @@ impl ReconfiguratorExec {
                 // closed.  Clone this sender so that it doesn't get shut down
                 // right away.
                 mgs_updates: mgs_updates.clone(),
+                saga_quiesce: SagaQuiesceHandle::new(opctx.log.clone()),
             }
             .into(),
         )

dev-tools/reconfigurator-exec-unsafe/src/main.rs

@@ -21,6 +21,7 @@ use nexus_types::deployment::execution::{
     Overridables, ReconfiguratorExecutionSpec, SharedStepHandle, Sled,
     StepHandle, StepResult, UpdateEngine,
 };
+use nexus_types::quiesce::SagaQuiesceHandle;
 use omicron_uuid_kinds::OmicronZoneUuid;
 use slog::info;
 use slog_error_chain::InlineErrorChain;
@@ -56,6 +57,7 @@ pub struct RealizeArgs<'a> {
     pub sender: mpsc::Sender<Event>,
     pub overrides: Option<&'a Overridables>,
     pub mgs_updates: watch::Sender<PendingMgsUpdates>,
+    pub saga_quiesce: SagaQuiesceHandle,
 }
 
 impl<'a> RealizeArgs<'a> {
@@ -103,6 +105,7 @@ pub struct RequiredRealizeArgs<'a> {
     pub blueprint: &'a Blueprint,
     pub sender: mpsc::Sender<Event>,
     pub mgs_updates: watch::Sender<PendingMgsUpdates>,
+    pub saga_quiesce: SagaQuiesceHandle,
 }
 
 impl<'a> From<RequiredRealizeArgs<'a>> for RealizeArgs<'a> {
@@ -117,6 +120,7 @@ impl<'a> From<RequiredRealizeArgs<'a>> for RealizeArgs<'a> {
             sender: value.sender,
             overrides: None,
             mgs_updates: value.mgs_updates,
+            saga_quiesce: value.saga_quiesce,
         }
     }
 }
@@ -162,6 +166,7 @@ pub async fn realize_blueprint(
         sender,
         overrides,
         mgs_updates,
+        saga_quiesce,
     } = exec_ctx;
 
     let opctx = opctx.child(BTreeMap::from([(
@@ -262,6 +267,7 @@ pub async fn realize_blueprint(
         datastore,
         blueprint,
         nexus_id,
+        saga_quiesce,
     );
 
     register_cockroachdb_settings_step(
@@ -593,6 +599,7 @@ fn register_reassign_sagas_step<'a>(
     datastore: &'a DataStore,
     blueprint: &'a Blueprint,
     nexus_id: Option<OmicronZoneUuid>,
+    saga_quiesce: SagaQuiesceHandle,
 ) -> StepHandle<bool> {
     registrar
         .new_step(
@@ -604,22 +611,49 @@ fn register_reassign_sagas_step<'a>(
                         .into();
                 };
 
-                // For any expunged Nexus zones, re-assign in-progress sagas to
-                // some other Nexus.  If this fails for some reason, it doesn't
-                // affect anything else.
-                let sec_id = nexus_db_model::SecId::from(nexus_id);
-                let reassigned = sagas::reassign_sagas_from_expunged(
-                    opctx, datastore, blueprint, sec_id,
-                )
-                .await
-                .context("failed to re-assign sagas");
-                match reassigned {
-                    Ok(needs_saga_recovery) => {
-                        Ok(StepSuccess::new(needs_saga_recovery).build())
-                    }
-                    Err(error) => {
-                        Ok(StepWarning::new(false, error.to_string()).build())
+                // Re-assign sagas, but only if we're allowed to.  If Nexus is
+                // quiescing, we don't want to assign any new sagas to
+                // ourselves.
+                let result = saga_quiesce.reassign_if_possible(async || {
+                    // For any expunged Nexus zones, re-assign in-progress sagas
+                    // to some other Nexus.  If this fails for some reason, it
+                    // doesn't affect anything else.
+                    let sec_id = nexus_db_model::SecId::from(nexus_id);
+                    let reassigned = sagas::reassign_sagas_from_expunged(
+                        opctx, datastore, blueprint, sec_id,
+                    )
+                    .await
+                    .context("failed to re-assign sagas");
+                    match reassigned {
+                        Ok(needs_saga_recovery) => (
+                            StepSuccess::new(needs_saga_recovery).build(),
+                            needs_saga_recovery,
+                        ),
+                        Err(error) => {
+                            // It's possible that we failed after having
+                            // re-assigned sagas in the database.
+                            let maybe_reassigned = true;
+                            (
+                                StepWarning::new(false, error.to_string())
+                                    .build(),
+                                maybe_reassigned,
+                            )
+                        }
                     }
+                });
+
+                match result.await {
+                    // Re-assignment is allowed, and we did try.  It may or may
+                    // not have succeeded.  Either way, that's reflected in
+                    // `step_result`.
+                    Ok(step_result) => Ok(step_result),
+                    // Re-assignment is disallowed.  Report this step skipped
+                    // with an explanation of why.
+                    Err(error) => StepSkipped::new(
+                        false,
+                        InlineErrorChain::new(&error).to_string(),
+                    )
+                    .into(),
                 }
             },
         )

nexus/reconfigurator/execution/src/lib.rs

@@ -8,9 +8,12 @@ use std::net::Ipv6Addr;
 
 use internal_dns_resolver::Resolver;
 use nexus_db_queries::{context::OpContext, db::DataStore};
-use nexus_types::deployment::{
-    Blueprint, PendingMgsUpdates,
-    execution::{EventBuffer, Overridables},
+use nexus_types::{
+    deployment::{
+        Blueprint, PendingMgsUpdates,
+        execution::{EventBuffer, Overridables},
+    },
+    quiesce::SagaQuiesceHandle,
 };
 use omicron_uuid_kinds::OmicronZoneUuid;
 use update_engine::TerminalKind;
@@ -37,6 +40,8 @@ pub(crate) async fn realize_blueprint_and_expect(
 
     // This helper function does not support MGS-managed updates.
     let (mgs_updates, _rx) = watch::channel(PendingMgsUpdates::new());
+    // This helper function does not mess with quiescing.
+    let saga_quiesce = SagaQuiesceHandle::new(opctx.log.clone());
     let nexus_id = OmicronZoneUuid::new_v4();
     let output = crate::realize_blueprint(
         RequiredRealizeArgs {
@@ -47,6 +52,7 @@ pub(crate) async fn realize_blueprint_and_expect(
             blueprint,
             sender,
             mgs_updates,
+            saga_quiesce,
         }
         .with_overrides(overrides)
         .as_nexus(OmicronZoneUuid::new_v4()),

nexus/reconfigurator/execution/src/test_utils.rs

@@ -438,6 +438,7 @@ impl BackgroundTasksInitializer {
             nexus_id,
             task_saga_recovery.clone(),
             args.mgs_updates_tx,
+            args.saga_recovery.quiesce.clone(),
         );
         let rx_blueprint_exec = blueprint_executor.watcher();
         driver.register(TaskDefinition {

nexus/src/app/background/init.rs

@@ -13,8 +13,11 @@ use nexus_db_queries::db::DataStore;
 use nexus_reconfigurator_execution::{
     RealizeBlueprintOutput, RequiredRealizeArgs,
 };
-use nexus_types::deployment::{
-    Blueprint, BlueprintTarget, PendingMgsUpdates, execution::EventBuffer,
+use nexus_types::{
+    deployment::{
+        Blueprint, BlueprintTarget, PendingMgsUpdates, execution::EventBuffer,
+    },
+    quiesce::SagaQuiesceHandle,
 };
 use omicron_uuid_kinds::OmicronZoneUuid;
 use serde_json::json;
@@ -32,6 +35,7 @@ pub struct BlueprintExecutor {
     tx: watch::Sender<usize>,
     saga_recovery: Activator,
     mgs_update_tx: watch::Sender<PendingMgsUpdates>,
+    saga_quiesce: SagaQuiesceHandle,
 }
 
 impl BlueprintExecutor {
@@ -44,6 +48,7 @@ impl BlueprintExecutor {
         nexus_id: OmicronZoneUuid,
         saga_recovery: Activator,
         mgs_update_tx: watch::Sender<PendingMgsUpdates>,
+        saga_quiesce: SagaQuiesceHandle,
     ) -> BlueprintExecutor {
         let (tx, _) = watch::channel(0);
         BlueprintExecutor {
@@ -54,6 +59,7 @@ impl BlueprintExecutor {
             tx,
             saga_recovery,
             mgs_update_tx,
+            saga_quiesce,
         }
     }
 
@@ -113,6 +119,7 @@ impl BlueprintExecutor {
                 blueprint,
                 sender,
                 mgs_updates: self.mgs_update_tx.clone(),
+                saga_quiesce: self.saga_quiesce.clone(),
             }
             .as_nexus(self.nexus_id),
         )
@@ -200,6 +207,7 @@ mod test {
         blueprint_zone_type,
     };
     use nexus_types::external_api::views::SledState;
+    use nexus_types::quiesce::SagaQuiesceHandle;
     use omicron_common::api::external;
     use omicron_common::api::external::Generation;
     use omicron_common::zpool_name::ZpoolName;
@@ -380,6 +388,7 @@ mod test {
             OmicronZoneUuid::new_v4(),
             Activator::new(),
             dummy_tx,
+            SagaQuiesceHandle::new(opctx.log.clone()),
         );
 
         // Now we're ready.

nexus/src/app/background/tasks/blueprint_execution.rs

@@ -272,9 +272,12 @@ mod test {
     use crate::app::background::tasks::inventory_collection::InventoryCollector;
     use nexus_inventory::now_db_precision;
     use nexus_test_utils_macros::nexus_test;
-    use nexus_types::deployment::{
-        PendingMgsUpdates, PlannerChickenSwitches,
-        ReconfiguratorChickenSwitches,
+    use nexus_types::{
+        deployment::{
+            PendingMgsUpdates, PlannerChickenSwitches,
+            ReconfiguratorChickenSwitches,
+        },
+        quiesce::SagaQuiesceHandle,
     };
     use omicron_uuid_kinds::OmicronZoneUuid;
 
@@ -411,6 +414,7 @@ mod test {
             OmicronZoneUuid::new_v4(),
             Activator::new(),
             dummy_tx,
+            SagaQuiesceHandle::new(opctx.log.clone()),
         );
         let value = executor.activate(&opctx).await;
         let value = value.as_object().expect("response is not a JSON object");