ipv6 all the things

Author: rcgoodfellow

Cargo.lock

@@ -462,7 +462,7 @@ digest = "0.10.7"
 dns-server = { path = "dns-server" }
 dns-server-api = { path = "dns-server-api" }
 dns-service-client = { path = "clients/dns-service-client" }
-dpd-client = { git = "https://github.com/oxidecomputer/dendrite", rev = "ab30fa91227fd478bfe0e023310ca83dec0bc22b" }
+dpd-client = { git = "https://github.com/oxidecomputer/dendrite", rev = "21fbf39f63b25567b25aeadf0d9a73a01c842512" }
 dropshot = { version = "0.16.6", features = [ "usdt-probes" ] }
 dropshot-api-manager = "0.2.4"
 dropshot-api-manager-types = "0.2.4"
@@ -566,8 +566,8 @@ ntp-admin-api = { path = "ntp-admin/api" }
 ntp-admin-client = { path = "clients/ntp-admin-client" }
 ntp-admin-types = { path = "ntp-admin/types" }
 ntp-admin-types-versions = { path = "ntp-admin/types/versions" }
-mg-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "205b3ccf75b527ac7a565285fdcc0c78f4fcee95" }
-ddm-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "205b3ccf75b527ac7a565285fdcc0c78f4fcee95" }
+mg-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "3877aa0467fe275806f07ff4f7e92efa43e6fa6d" }
+ddm-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "3877aa0467fe275806f07ff4f7e92efa43e6fa6d" }
 multimap = "0.10.1"
 nexus-auth = { path = "nexus/auth" }
 nexus-background-task-interface = { path = "nexus/background-task-interface" }
@@ -626,7 +626,7 @@ omicron-workspace-hack = "0.1.0"
 omicron-zone-package = "0.12.2"
 oxide-client = { path = "clients/oxide-client" }
 oxide-tokio-rt = "0.1.2"
-oxide-vpc = { git = "https://github.com/oxidecomputer/opte", rev = "795a1e0aeefb7a2c6fe4139779fdf66930d09b80", features = [ "api", "std" ] }
+oxide-vpc = { git = "https://github.com/oxidecomputer/opte", rev = "a1ed0960673b6ca2e6b68835537f53cc86110a77", features = [ "api", "std" ] }
 oxlog = { path = "dev-tools/oxlog" }
 oxnet = "0.1.3"
 once_cell = "1.21.3"
@@ -635,7 +635,7 @@ openapiv3 = "2.2.0"
 # must match samael's crate!
 openssl = "0.10"
 openssl-sys = "0.9"
-opte-ioctl = { git = "https://github.com/oxidecomputer/opte", rev = "795a1e0aeefb7a2c6fe4139779fdf66930d09b80" }
+opte-ioctl = { git = "https://github.com/oxidecomputer/opte", rev = "a1ed0960673b6ca2e6b68835537f53cc86110a77" }
 oso = "0.27"
 owo-colors = "4.2.2"
 oximeter = { path = "oximeter/oximeter" }
@@ -697,7 +697,7 @@ rats-corim = { git = "https://github.com/oxidecomputer/rats-corim.git", rev = "f
 raw-cpuid = { git = "https://github.com/oxidecomputer/rust-cpuid.git", rev = "a4cf01df76f35430ff5d39dc2fe470bcb953503b" }
 rayon = "1.10"
 rcgen = "0.12.1"
-rdb-types = { git = "https://github.com/oxidecomputer/maghemite", rev = "205b3ccf75b527ac7a565285fdcc0c78f4fcee95" }
+rdb-types = { git = "https://github.com/oxidecomputer/maghemite", rev = "3877aa0467fe275806f07ff4f7e92efa43e6fa6d" }
 reconfigurator-cli = { path = "dev-tools/reconfigurator-cli" }
 reedline = "0.40.0"
 ref-cast = "1.0"

Cargo.toml

@@ -353,30 +353,30 @@ impl RunningZone {
         Ok(network)
     }
 
-    // TODO-completeness: Handle dual-stack OPTE ports here. This works for
-    // either IPv4 or IPv6 addresses, but not both.
-    // See https://github.com/oxidecomputer/omicron/issues/9247.
     pub async fn ensure_address_for_port(
         &self,
         name: &str,
         port_idx: usize,
-    ) -> Result<IpNetwork, EnsureAddressError> {
+    ) -> Result<(), EnsureAddressError> {
         info!(self.inner.log, "Ensuring address for OPTE port");
+
         let port = self.opte_ports().nth(port_idx).ok_or_else(|| {
             EnsureAddressError::MissingOptePort {
                 zone: self.inner.name.clone(),
                 port_idx,
             }
         })?;
-        let addrobj = AddrObject::new(port.name(), name).map_err(|err| {
-            EnsureAddressError::AddrObject {
-                request: AddressRequest::Dhcp,
-                zone: self.inner.name.clone(),
-                err,
-            }
-        })?;
         let zone = Some(self.inner.name.as_ref());
         if let Some(gateway) = port.gateway().ipv4_addr() {
+            let v4_name = format!("{}4", name);
+            let addrobj =
+                AddrObject::new(port.name(), &v4_name).map_err(|err| {
+                    EnsureAddressError::AddrObject {
+                        request: AddressRequest::Dhcp,
+                        zone: self.inner.name.clone(),
+                        err,
+                    }
+                })?;
             let addr =
                 Zones::ensure_address(zone, &addrobj, AddressRequest::Dhcp)
                     .await?;
@@ -403,8 +403,17 @@ impl RunningZone {
                 "default",
                 &gateway_ip,
             ])?;
-            Ok(addr)
-        } else {
+        }
+        if port.gateway().ipv6_addr().is_some() {
+            let v6_name = format!("{}6", name);
+            let addrobj =
+                AddrObject::new(port.name(), &v6_name).map_err(|err| {
+                    EnsureAddressError::AddrObject {
+                        request: AddressRequest::Dhcp,
+                        zone: self.inner.name.clone(),
+                        err,
+                    }
+                })?;
             // If the port is using IPv6 addressing we still want it to use
             // DHCP(v6) which requires first creating a link-local address.
             Zones::ensure_has_link_local_v6_address(zone, &addrobj)
@@ -430,15 +439,13 @@ impl RunningZone {
                             )
                         })?;
 
-                    // Ipv6Addr::is_unicast_link_local is sadly not stable
-                    let is_ll =
-                        |ip: Ipv6Addr| (ip.segments()[0] & 0xffc0) == 0xfe80;
-
                     // Look for a non link-local addr
                     addrs
                         .into_iter()
                         .find(|addr| match addr {
-                            IpNetwork::V6(ip) => !is_ll(ip.ip()),
+                            IpNetwork::V6(ip) => {
+                                !ip.ip().is_unicast_link_local()
+                            }
                             _ => false,
                         })
                         .ok_or_else(|| {
@@ -458,8 +465,9 @@ impl RunningZone {
                     );
                 },
             )
-            .await
+            .await?;
         }
+        Ok(())
     }
 
     pub fn add_default_route(

illumos-utils/src/running_zone.rs

@@ -95,38 +95,22 @@ impl DataStore {
                 let found_blocks: Vec<AddressLotBlock> =
                     block_dsl::address_lot_block
                         .filter(block_dsl::address_lot_id.eq(db_lot.id()))
-                        .filter(
-                            block_dsl::first_address.eq_any(
-                                desired_blocks
-                                    .iter()
-                                    .map(|b| b.first_address)
-                                    .collect::<Vec<_>>(),
-                            ),
-                        )
-                        .filter(
-                            block_dsl::last_address.eq_any(
-                                desired_blocks
-                                    .iter()
-                                    .map(|b| b.last_address)
-                                    .collect::<Vec<_>>(),
-                            ),
-                        )
                         .get_results_async(&conn)
                         .await?;
 
                 let mut blocks = vec![];
 
                 // If the block is found in the database, use the found block.
                 // If the block is not found in the database, insert it.
-                for desired_block in desired_blocks {
+                for desired_block in &desired_blocks {
                     let block = match found_blocks.iter().find(|db_b| {
                         db_b.first_address == desired_block.first_address
                             && db_b.last_address == desired_block.last_address
                     }) {
                         Some(block) => block.clone(),
                         None => {
                             diesel::insert_into(block_dsl::address_lot_block)
-                                .values(desired_block)
+                                .values(desired_block.clone())
                                 .returning(AddressLotBlock::as_returning())
                                 .get_results_async(&conn)
                                 .await?[0]
@@ -136,6 +120,21 @@ impl DataStore {
                     blocks.push(block);
                 }
 
+                // If the block is found in the database, but not desired,
+                // remove it.
+                for found_block in &found_blocks {
+                    if !desired_blocks.iter().any(|x| {
+                        x.first_address == found_block.first_address
+                            && x.last_address == found_block.last_address
+                    }) {
+                        diesel::delete(block_dsl::address_lot_block)
+                            .filter(block_dsl::address_lot_id.eq(db_lot.id()))
+                            .filter(block_dsl::id.eq(found_block.id))
+                            .execute_async(&conn)
+                            .await?;
+                    }
+                }
+
                 Ok(AddressLotCreateResult { lot: db_lot, blocks })
             })
             .await

nexus/db-queries/src/db/datastore/address_lot.rs

@@ -1696,7 +1696,7 @@ pub trait NexusExternalApi {
 
     /// Create instance
     #[endpoint {
-        operation_id = "disk_create",
+        operation_id = "instance_create",
         method = POST,
         path = "/v1/instances",
         tags = ["instances"],