[𝘀𝗽𝗿] initial version

Created using spr 1.3.6-beta.1

Cargo.toml

@@ -77,6 +77,7 @@ members = [
     "passwords",
     "rpaths",
     "sled-agent",
+    "sled-agent/api",
     "sled-agent/bootstrap-agent-api",
     "sled-agent/types",
     "sled-hardware",
@@ -180,6 +181,7 @@ default-members = [
     "passwords",
     "rpaths",
     "sled-agent",
+    "sled-agent/api",
     "sled-agent/bootstrap-agent-api",
     "sled-agent/types",
     "sled-hardware",
@@ -488,6 +490,7 @@ similar-asserts = "1.5.0"
 # are still doing mupdate a change to the on-disk format will break existing DNS
 # server zones.
 sled = "=0.34.7"
+sled-agent-api = { path = "sled-agent/api" }
 sled-agent-client = { path = "clients/sled-agent-client" }
 sled-agent-types = { path = "sled-agent/types" }
 sled-hardware = { path = "sled-hardware" }

clients/installinator-client/Cargo.toml

@@ -9,6 +9,7 @@ workspace = true
 
 [dependencies]
 installinator-common.workspace = true
+omicron-common.workspace = true
 progenitor.workspace = true
 regress.workspace = true
 reqwest = { workspace = true, features = ["rustls-tls", "stream"] }

clients/installinator-client/src/lib.rs

@@ -21,7 +21,7 @@ progenitor::generate_api!(
     replace = {
         Duration = std::time::Duration,
         EventReportForInstallinatorSpec = installinator_common::EventReport,
-        M2Slot = installinator_common::M2Slot,
+        M2Slot = omicron_common::disk::M2Slot,
         ProgressEventForGenericSpec = installinator_common::ProgressEvent<update_engine::NestedSpec>,
         ProgressEventForInstallinatorSpec = installinator_common::ProgressEvent,
         StepEventForGenericSpec = installinator_common::StepEvent<update_engine::NestedSpec>,

common/src/api/internal/shared.rs

@@ -19,6 +19,8 @@ use std::{
 };
 use uuid::Uuid;
 
+use super::nexus::HostIdentifier;
+
 /// The type of network interface
 #[derive(
     Clone,
@@ -635,6 +637,53 @@ pub struct ResolvedVpcRoute {
     pub target: RouterTarget,
 }
 
+/// VPC firewall rule after object name resolution has been performed by Nexus
+#[derive(Clone, Debug, Serialize, Deserialize, JsonSchema)]
+pub struct ResolvedVpcFirewallRule {
+    pub status: external::VpcFirewallRuleStatus,
+    pub direction: external::VpcFirewallRuleDirection,
+    pub targets: Vec<NetworkInterface>,
+    pub filter_hosts: Option<Vec<HostIdentifier>>,
+    pub filter_ports: Option<Vec<external::L4PortRange>>,
+    pub filter_protocols: Option<Vec<external::VpcFirewallRuleProtocol>>,
+    pub action: external::VpcFirewallRuleAction,
+    pub priority: external::VpcFirewallRulePriority,
+}
+
+/// A mapping from a virtual NIC to a physical host
+#[derive(
+    Clone, Debug, Serialize, Deserialize, JsonSchema, PartialEq, Eq, Hash,
+)]
+pub struct VirtualNetworkInterfaceHost {
+    pub virtual_ip: IpAddr,
+    pub virtual_mac: external::MacAddr,
+    pub physical_host_ip: Ipv6Addr,
+    pub vni: external::Vni,
+}
+
+/// DHCP configuration for a port
+///
+/// Not present here: Hostname (DHCPv4 option 12; used in DHCPv6 option 39); we
+/// use `InstanceRuntimeState::hostname` for this value.
+#[derive(Clone, Debug, Serialize, Deserialize, JsonSchema)]
+pub struct DhcpConfig {
+    /// DNS servers to send to the instance
+    ///
+    /// (DHCPv4 option 6; DHCPv6 option 23)
+    pub dns_servers: Vec<IpAddr>,
+
+    /// DNS zone this instance's hostname belongs to (e.g. the `project.example`
+    /// part of `instance1.project.example`)
+    ///
+    /// (DHCPv4 option 15; used in DHCPv6 option 39)
+    pub host_domain: Option<String>,
+
+    /// DNS search domains
+    ///
+    /// (DHCPv4 option 119; DHCPv6 option 24)
+    pub search_domains: Vec<String>,
+}
+
 /// The target for a given router entry.
 #[derive(
     Clone, Debug, Deserialize, Serialize, JsonSchema, PartialEq, Eq, Hash,

common/src/disk.rs

@@ -4,6 +4,9 @@
 
 //! Disk related types shared among crates
 
+use std::fmt;
+
+use anyhow::bail;
 use omicron_uuid_kinds::ZpoolUuid;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -114,3 +117,45 @@ impl From<ZpoolKind> for DiskVariant {
         }
     }
 }
+
+/// Describes an M.2 slot, often in the context of writing a system image to
+/// it.
+#[derive(
+    Debug,
+    Clone,
+    Copy,
+    PartialEq,
+    Eq,
+    PartialOrd,
+    Ord,
+    Deserialize,
+    Serialize,
+    JsonSchema,
+)]
+pub enum M2Slot {
+    A,
+    B,
+}
+
+impl fmt::Display for M2Slot {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            Self::A => f.write_str("A"),
+            Self::B => f.write_str("B"),
+        }
+    }
+}
+
+impl TryFrom<i64> for M2Slot {
+    type Error = anyhow::Error;
+
+    fn try_from(value: i64) -> Result<Self, Self::Error> {
+        match value {
+            // Gimlet should have 2 M.2 drives: drive A is assigned slot 17, and
+            // drive B is assigned slot 18.
+            17 => Ok(Self::A),
+            18 => Ok(Self::B),
+            _ => bail!("unexpected M.2 slot {value}"),
+        }
+    }
+}

dev-tools/openapi-manager/Cargo.toml

@@ -26,6 +26,7 @@ openapi-lint.workspace = true
 owo-colors.workspace = true
 oximeter-api.workspace = true
 serde_json.workspace = true
+sled-agent-api.workspace = true
 similar.workspace = true
 supports-color.workspace = true
 wicketd-api.workspace = true

dev-tools/openapi-manager/src/spec.rs

@@ -76,6 +76,16 @@ pub fn all_apis() -> Vec<ApiSpec> {
             filename: "oximeter.json",
             extra_validation: None,
         },
+        ApiSpec {
+            title: "Oxide Sled Agent API",
+            version: "0.0.1",
+            description: "API for interacting with individual sleds",
+            boundary: ApiBoundary::Internal,
+            api_description:
+                sled_agent_api::sled_agent_api_mod::stub_api_description,
+            filename: "sled-agent.json",
+            extra_validation: None,
+        },
         ApiSpec {
             title: "Oxide Technician Port Control Service",
             version: "0.0.1",

illumos-utils/src/opte/firewall_rules.rs

@@ -5,14 +5,14 @@
 //! Convert Omicron VPC firewall rules to OPTE firewall rules.
 
 use super::net_to_cidr;
-use crate::opte::params::VpcFirewallRule;
 use crate::opte::Vni;
 use macaddr::MacAddr6;
 use omicron_common::api::external::VpcFirewallRuleAction;
 use omicron_common::api::external::VpcFirewallRuleDirection;
 use omicron_common::api::external::VpcFirewallRuleProtocol;
 use omicron_common::api::external::VpcFirewallRuleStatus;
 use omicron_common::api::internal::nexus::HostIdentifier;
+use omicron_common::api::internal::shared::ResolvedVpcFirewallRule;
 use oxide_vpc::api::Address;
 use oxide_vpc::api::Direction;
 use oxide_vpc::api::Filters;
@@ -34,7 +34,7 @@ trait FromVpcFirewallRule {
     fn protos(&self) -> Vec<ProtoFilter>;
 }
 
-impl FromVpcFirewallRule for VpcFirewallRule {
+impl FromVpcFirewallRule for ResolvedVpcFirewallRule {
     fn action(&self) -> FirewallAction {
         match self.action {
             VpcFirewallRuleAction::Allow => FirewallAction::Allow,
@@ -118,7 +118,7 @@ impl FromVpcFirewallRule for VpcFirewallRule {
 /// a single host address and protocol, so we must unroll rules with multiple
 /// hosts/protocols.
 pub fn opte_firewall_rules(
-    rules: &[VpcFirewallRule],
+    rules: &[ResolvedVpcFirewallRule],
     vni: &Vni,
     mac: &MacAddr6,
 ) -> Vec<FirewallRule> {

illumos-utils/src/opte/mod.rs

@@ -13,7 +13,6 @@ cfg_if::cfg_if! {
 }
 
 mod firewall_rules;
-pub mod params;
 mod port;
 mod port_manager;