reconfigurator execution to populate/destroy records

Author: smklein

nexus/db-queries/src/db/datastore/db_metadata.rs

@@ -5,10 +5,14 @@
 //! [`DataStore`] methods on Database Metadata.
 
 use super::{DataStore, DbConnection, IdentityCheckPolicy};
+use crate::authz;
+use crate::context::OpContext;
+
 use anyhow::{Context, bail, ensure};
 use async_bb8_diesel::{AsyncRunQueryDsl, AsyncSimpleConnection};
 use chrono::Utc;
 use diesel::prelude::*;
+use futures::FutureExt;
 use nexus_db_errors::ErrorHandler;
 use nexus_db_errors::OptionalError;
 use nexus_db_errors::public_error_from_diesel;
@@ -19,7 +23,9 @@ use nexus_db_model::DbMetadataNexusState;
 use nexus_db_model::EARLIEST_SUPPORTED_VERSION;
 use nexus_db_model::SchemaUpgradeStep;
 use nexus_db_model::SchemaVersion;
+use nexus_types::deployment::BlueprintZoneDisposition;
 use omicron_common::api::external::Error;
+use omicron_uuid_kinds::GenericUuid;
 use omicron_uuid_kinds::OmicronZoneUuid;
 use semver::Version;
 use slog::{Logger, error, info, o};
@@ -701,6 +707,80 @@ impl DataStore {
         Ok(exists)
     }
 
+    /// Deletes the "db_metadata_nexus" record for a Nexus ID, if it exists.
+    pub async fn database_nexus_access_delete(
+        &self,
+        opctx: &OpContext,
+        nexus_id: OmicronZoneUuid,
+    ) -> Result<(), Error> {
+        use nexus_db_schema::schema::db_metadata_nexus::dsl;
+
+        opctx.authorize(authz::Action::Modify, &authz::FLEET).await?;
+        let conn = &*self.pool_connection_authorized(&opctx).await?;
+
+        diesel::delete(
+            dsl::db_metadata_nexus
+                .filter(dsl::nexus_id.eq(nexus_id.into_untyped_uuid())),
+        )
+        .execute_async(&*conn)
+        .await
+        .map_err(|e| public_error_from_diesel(e, ErrorHandler::Server))?;
+
+        Ok(())
+    }
+
+    /// Propagate the nexus records to the database if and only if
+    /// the blueprint is the current target.
+    ///
+    /// If any of these records already exist, they are unmodified.
+    pub async fn database_nexus_access_create(
+        &self,
+        opctx: &OpContext,
+        blueprint: &nexus_types::deployment::Blueprint,
+    ) -> Result<(), Error> {
+        opctx.authorize(authz::Action::Modify, &authz::FLEET).await?;
+
+        // TODO: Without https://github.com/oxidecomputer/omicron/pull/8863, we
+        // treat all Nexuses as active. Some will become "not_yet", depending on
+        // the Nexus Generation, once it exists.
+        let active_nexus_zones = blueprint
+            .all_omicron_zones(BlueprintZoneDisposition::is_in_service)
+            .filter_map(|(_sled, zone_cfg)| {
+                if zone_cfg.zone_type.is_nexus() {
+                    Some(zone_cfg)
+                } else {
+                    None
+                }
+            });
+        let new_nexuses = active_nexus_zones
+            .map(|z| DbMetadataNexus::new(z.id, DbMetadataNexusState::Active))
+            .collect::<Vec<_>>();
+
+        let conn = &*self.pool_connection_authorized(&opctx).await?;
+        self.transaction_if_current_blueprint_is(
+            &conn,
+            "database_nexus_access_create",
+            opctx,
+            blueprint.id,
+            |conn| {
+                let new_nexuses = new_nexuses.clone();
+                async move {
+                    use nexus_db_schema::schema::db_metadata_nexus::dsl;
+
+                    diesel::insert_into(dsl::db_metadata_nexus)
+                        .values(new_nexuses)
+                        .on_conflict(dsl::nexus_id)
+                        .do_nothing()
+                        .execute_async(&*conn)
+                        .await?;
+                    Ok(())
+                }
+                .boxed()
+            },
+        )
+        .await
+    }
+
     // Registers a Nexus instance as having active access to the database
     #[cfg(test)]
     async fn database_nexus_access_insert(

nexus/reconfigurator/execution/src/database.rs

@@ -0,0 +1,24 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+//! Manages deployment of records into the database.
+
+use anyhow::anyhow;
+use nexus_db_queries::context::OpContext;
+use nexus_db_queries::db::DataStore;
+use nexus_types::deployment::Blueprint;
+
+/// Idempotently ensure that the Nexus records for the zones are populated
+/// in the database.
+pub(crate) async fn deploy_db_metadata_nexus_records(
+    opctx: &OpContext,
+    datastore: &DataStore,
+    blueprint: &Blueprint,
+) -> Result<(), anyhow::Error> {
+    datastore
+        .database_nexus_access_create(opctx, blueprint)
+        .await
+        .map_err(|err| anyhow!(err))?;
+    Ok(())
+}

nexus/reconfigurator/execution/src/lib.rs

@@ -32,8 +32,10 @@ use tokio::sync::watch;
 use update_engine::StepSuccess;
 use update_engine::StepWarning;
 use update_engine::merge_anyhow_list;
+
 mod clickhouse;
 mod cockroachdb;
+mod database;
 mod dns;
 mod omicron_physical_disks;
 mod omicron_sled_config;
@@ -196,6 +198,13 @@ pub async fn realize_blueprint(
     )
     .into_shared();
 
+    register_deploy_db_metadata_nexus_records_step(
+        &engine.for_component(ExecutionComponent::SledList),
+        &opctx,
+        datastore,
+        blueprint,
+    );
+
     register_deploy_sled_configs_step(
         &engine.for_component(ExecutionComponent::SledAgent),
         &opctx,
@@ -390,6 +399,28 @@ fn register_sled_list_step<'a>(
         .register()
 }
 
+fn register_deploy_db_metadata_nexus_records_step<'a>(
+    registrar: &ComponentRegistrar<'_, 'a>,
+    opctx: &'a OpContext,
+    datastore: &'a DataStore,
+    blueprint: &'a Blueprint,
+) {
+    registrar
+        .new_step(
+            ExecutionStepId::Ensure,
+            "Ensure db_metadata_nexus_state records exist",
+            async move |_cx| {
+                database::deploy_db_metadata_nexus_records(
+                    opctx, &datastore, &blueprint,
+                )
+                .await
+                .context("ensuring db_metadata_nexus_state")?;
+                StepSuccess::new(()).into()
+            },
+        )
+        .register();
+}
+
 fn register_deploy_sled_configs_step<'a>(
     registrar: &ComponentRegistrar<'_, 'a>,
     opctx: &'a OpContext,

nexus/reconfigurator/execution/src/omicron_zones.rs

@@ -72,10 +72,13 @@ async fn clean_up_expunged_zones_impl<R: CleanupResolver>(
             ));
 
             let result = match &config.zone_type {
-                // Zones which need no cleanup work after expungement.
-                BlueprintZoneType::Nexus(_) => None,
-
                 // Zones which need cleanup after expungement.
+                BlueprintZoneType::Nexus(_) => Some(
+                    datastore
+                        .database_nexus_access_delete(&opctx, config.id)
+                        .await
+                        .map_err(|err| anyhow::anyhow!(err)),
+                ),
                 BlueprintZoneType::CockroachDb(_) => {
                     if decommission_cockroach {
                         Some(