wicket won't accept recovery password from the toml file

[leftwo]

The following lines are used in a4x2 systems during RSS to set the recovery silo user and password:

[recovery_silo]
silo_name = "recovery"
user_name = "recovery"
user_password_hash = "$argon2id$v=19$m=98304,t=13,p=1$RUlWc0ZxaHo0WFdrN0N6ZQ$S8p52j85GPvMhR/ek3GL0el/oProgTwWpHJZ8lsQQoY"

On a rack, I can add that to my toml file and upload it without complaint.
However, wicket does not show it as being set after upload:

Recovery password set: No       

And, when I try to run RSS, it fails:

 │            ╭─────────────────────────────────────────────────────────────────────────────────────────────────────╮             │ 
 │            │ Start Rack Setup Failed                                                                             │             │ 
 │            ├─────────────────────────────────────────────────────────────────────────────────────────────────────┤             │ 
 │            │ Message: Error Response: status: 400 Bad Request; headers: {"content-type": "application/json",     │             │ 
 │            │ "x-request-id": "90e3e0cd-8aa6-403a-9d0d-fc06d15f5d44", "content-length": "104", "date": "Sun, 28   │             │ 
 │            │ Dec 1986 01:12:16 GMT"}; value: Error { error_code: None, message: "recovery password not yet set", │             │ 
 │            │ request_id: "90e3e0cd-8aa6-403a-9d0d-fc06d15f5d44" }                                                │             │ 
 │            │                                                                                                     │             │ 
 │            │                                                                                     ╭─────────────╮ │             │ 
 │            │                                                                                     │ Close <Esc> │ │             │ 
 │            │                                                                                     ╰─────────────╯ │             │ 
 │            ╰─────────────────────────────────────────────────────────────────────────────────────────────────────╯             │ 

Is the [recovery_silo] field only for non-rack systems?

[jgallagher]

wicket won't accept recovery password from the toml file

This is definitely intentional, and I think correct? On a real system, we want to hash the recovery password ourselves (so we don't want to accept an already-hashed user_password_hash), and the only way wicket accepts this password is via the CLI, which does the normal thing of suppressing echos and requiring the user to input it twice.

On a rack, I can add that to my toml file and upload it without complaint.

This is the default serde behavior, but maybe we should change it and deny unknown fields? I'm not sure how that affects all the networking config, but we could try.

Is the [recovery_silo] field only for non-rack systems?

Depends on how you mean! RSS requires this section as part of the RackInitializeRequest, so in that sense it's always required to start RSS. But when going through wicket, wicketd fills in this section itself using hard-coded silo and user names and the hashed password provided via ssh wicket setup set-password:

omicron/wicketd/src/rss_config.rs

Lines 307 to 311 in 5342337

	recovery_silo: RecoverySiloConfig {
	silo_name: Name::try_from(RECOVERY_SILO_NAME).unwrap(),
	user_name: UserId::try_from(RECOVERY_SILO_USERNAME).unwrap(),
	user_password_hash,
	},

[leftwo]

This came from https://github.com/oxidecomputer/meta/pull/610
But, it sounds like when we have an actual rack with real hardware, the [recovery_silo] is ignored, which
to me says that the config.toml file example should not have it.

For a4x2, which does not use wicket, Are these values are required as a way to set the recovery password?
Or, maybe in a4x2 the silo password is populated another way?

[leftwo]

but maybe we should change it and deny unknown fields?

I wonder about this also. If someone is uploading a config and fields are ignored, then it should at least warn?
Otherwise I think I'm setting something that I'm not.