Merge remote-tracking branch 'NVIDIA/main' into feature-nvos-health

Author: mkoci

Cargo.lock

@@ -20,6 +20,7 @@ use std::net::IpAddr;
 use std::str::FromStr;
 
 use carbide_network::ip::{IdentifyAddressFamily, IpAddressFamily};
+use carbide_utils::redfish::BmcAccessInfo;
 use carbide_uuid::domain::DomainId;
 use carbide_uuid::machine::{MachineId, MachineInterfaceId};
 use carbide_uuid::network::{NetworkPrefixId, NetworkSegmentId};
@@ -295,6 +296,25 @@ pub async fn lookup_bmc_ip_by_mac_address(
         .map_err(|e| DatabaseError::query(query, e))
 }
 
+pub async fn lookup_bmc_access_info(
+    db: impl DbReader<'_>,
+    ip: IpAddr,
+    port: Option<u16>,
+) -> DatabaseResult<BmcAccessInfo> {
+    let mac_address = find_by_ip(db, ip)
+        .await?
+        .ok_or_else(|| DatabaseError::NotFoundError {
+            kind: "Machine Interface",
+            id: ip.to_string(),
+        })?
+        .mac_address;
+    Ok(BmcAccessInfo {
+        host: ip.to_string(),
+        port,
+        mac_address,
+    })
+}
+
 pub async fn find_by_ip(
     txn: impl DbReader<'_>,
     ip: IpAddr,

crates/api-db/src/machine_interface.rs

@@ -65,14 +65,16 @@ pub(crate) async fn trigger_machine_attestation(
             }));
         }
     };
+    let bmc_ip_addr = bmc_info.ip_addr().map_err(|e| CarbideError::Internal {
+        message: format!("{}", e),
+    })?;
 
-    let redfish_client_future = api.redfish_pool.create_client_for_ingested_host(
-        bmc_info.ip_addr().map_err(|e| CarbideError::Internal {
-            message: format!("{}", e),
-        })?,
-        bmc_info.port,
-        &api.database_connection,
-    );
+    let bmc_access_info =
+        db::machine_interface::lookup_bmc_access_info(&mut db_reader, bmc_ip_addr, bmc_info.port)
+            .await?;
+    drop(db_reader);
+
+    let redfish_client_future = api.redfish_pool.client_by_info(&bmc_access_info);
 
     let redfish_client = match tt::timeout(redfish_timeout_duration, redfish_client_future).await {
         Ok(redfish_result) => redfish_result.map_err(|e| CarbideError::RedfishClientCreation {

crates/api/src/handlers/attestation.rs

@@ -80,12 +80,20 @@ pub(crate) async fn clear_host_uefi_password(
         id: machine_id.to_string(),
     })?;
 
+    let addr = snapshot.host_snapshot.bmc_addr().ok_or_else(|| {
+        CarbideError::InvalidArgument("Specified machine does not have BMC address".into())
+    })?;
+
+    let bmc_access_info =
+        db::machine_interface::lookup_bmc_access_info(&mut txn, addr.ip(), Some(addr.port()))
+            .await?;
+
     // Don't hold the transaction across an await point
     txn.commit().await?;
 
     let redfish_client = api
         .redfish_pool
-        .create_client_from_machine(&snapshot.host_snapshot, &api.database_connection)
+        .client_by_info(&bmc_access_info)
         .await
         .map_err(|e| {
             tracing::error!("unable to create redfish client: {}", e);
@@ -165,12 +173,21 @@ pub(crate) async fn set_host_uefi_password(
         kind: "machine",
         id: machine_id.to_string(),
     })?;
+
+    let addr = snapshot.host_snapshot.bmc_addr().ok_or_else(|| {
+        CarbideError::InvalidArgument("Specified machine does not have BMC address".into())
+    })?;
+
+    let bmc_access_info =
+        db::machine_interface::lookup_bmc_access_info(&mut txn, addr.ip(), Some(addr.port()))
+            .await?;
+
     // Let txn drop so we don't hold it across a redfish request
     txn.commit().await?;
 
     let redfish_client = api
         .redfish_pool
-        .create_client_from_machine(&snapshot.host_snapshot, &api.database_connection)
+        .client_by_info(&bmc_access_info)
         .await
         .map_err(|e| {
             tracing::error!("unable to create redfish client: {}", e);

crates/api/src/handlers/uefi.rs

@@ -59,7 +59,6 @@ mod network_segment;
 mod run;
 mod scout_stream;
 mod setup;
-mod state_controller;
 mod storage;
 #[cfg(test)]
 mod tests;

crates/api/src/lib.rs

@@ -107,7 +107,6 @@ use crate::machine_update_manager::MachineUpdateManager;
 use crate::measured_boot::metrics_collector::MeasuredBootMetricsCollector;
 use crate::mqtt_state_change_hook::hook::MqttStateChangeHook;
 use crate::scout_stream::ConnectionRegistry;
-use crate::state_controller::common_services::CommonStateHandlerServices;
 use crate::{attestation, db_init, ethernet_virtualization, listener};
 
 /// The resolved set of network declarations passed from `start_api` into
@@ -1023,34 +1022,22 @@ pub async fn initialize_and_start_controllers<'a>(
         emitter_builder.build()
     };
 
-    let handler_services = Arc::new(CommonStateHandlerServices {
-        db_pool: db_pool.clone(),
-        db_reader: db_pool.clone().into(),
-        redfish_client_pool: shared_redfish_pool.clone(),
-        ib_fabric_manager: ib_fabric_manager.clone(),
-        ib_pools: common_pools.infiniband.clone(),
-        ipmi_tool: ipmi_tool.clone(),
-        site_config: carbide_config.clone(),
-        dpa_info,
-        rms_client: rms_client.clone(),
-        switch_system_image_rms_client: carbide_config
-            .rms
-            .api_url
-            .as_deref()
-            .filter(|url| !url.is_empty())
-            .map(|url| {
-                let rms_client_config = librms::client_config::RmsClientConfig::new(
-                    carbide_config.rms.root_ca_path.clone(),
-                    carbide_config.rms.client_cert.clone(),
-                    carbide_config.rms.client_key.clone(),
-                    carbide_config.rms.enforce_tls,
-                );
-                let rms_api_config = librms::client::RmsApiConfig::new(url, &rms_client_config);
-                Arc::new(librms::RackManagerApi::new(&rms_api_config))
-                    as Arc<dyn carbide_rack::rms_client::SwitchSystemImageRmsClient>
-            }),
-        credential_manager: credential_manager.clone(),
-    });
+    let switch_system_image_rms_client = carbide_config
+        .rms
+        .api_url
+        .as_deref()
+        .filter(|url| !url.is_empty())
+        .map(|url| {
+            let rms_client_config = librms::client_config::RmsClientConfig::new(
+                carbide_config.rms.root_ca_path.clone(),
+                carbide_config.rms.client_cert.clone(),
+                carbide_config.rms.client_key.clone(),
+                carbide_config.rms.enforce_tls,
+            );
+            let rms_api_config = librms::client::RmsApiConfig::new(url, &rms_client_config);
+            Arc::new(librms::RackManagerApi::new(&rms_api_config))
+                as Arc<dyn carbide_rack::rms_client::SwitchSystemImageRmsClient>
+        });
 
     // Use the hostname as cluster-wide state controller ID
     // The expectation here is that either the host only runs a single
@@ -1069,14 +1056,11 @@ pub async fn initialize_and_start_controllers<'a>(
         .processor_id(state_controller_id.clone())
         .services(
             MachineStateHandlerServices {
-                db_pool: handler_services.db_pool.clone(),
-                db_reader: handler_services.db_reader.clone(),
-                redfish_client_pool: handler_services.redfish_client_pool.clone(),
-                ipmi_tool: handler_services.ipmi_tool.clone(),
-                site_config: handler_services
-                    .site_config
-                    .machine_state_handler_site_config()
-                    .into(),
+                db_pool: db_pool.clone(),
+                db_reader: db_pool.clone().into(),
+                redfish_client_pool: shared_redfish_pool.clone(),
+                ipmi_tool: ipmi_tool.clone(),
+                site_config: carbide_config.machine_state_handler_site_config().into(),
             }
             .into(),
         )
@@ -1151,7 +1135,7 @@ pub async fn initialize_and_start_controllers<'a>(
         .processor_id(state_controller_id.clone())
         .services(
             NetworkSegmentStateHandlerServices {
-                db_pool: handler_services.db_pool.clone(),
+                db_pool: db_pool.clone(),
             }
             .into(),
         );
@@ -1175,10 +1159,10 @@ pub async fn initialize_and_start_controllers<'a>(
             .processor_id(state_controller_id.clone())
             .services(
                 DpaInterfaceStateHandlerServices {
-                    db_pool: handler_services.db_pool.clone(),
-                    db_reader: handler_services.db_reader.clone(),
-                    dpa_info: handler_services.dpa_info.clone(),
-                    hb_interval: handler_services.site_config.get_hb_interval(),
+                    db_pool: db_pool.clone(),
+                    db_reader: db_pool.clone().into(),
+                    dpa_info,
+                    hb_interval: carbide_config.get_hb_interval(),
                 }
                 .into(),
             )
@@ -1203,8 +1187,8 @@ pub async fn initialize_and_start_controllers<'a>(
             .processor_id(state_controller_id.clone())
             .services(
                 SpdmStateHandlerServices {
-                    db_pool: handler_services.db_pool.clone(),
-                    redfish_client_pool: handler_services.redfish_client_pool.clone(),
+                    db_pool: db_pool.clone(),
+                    redfish_client_pool: shared_redfish_pool.clone(),
                 }
                 .into(),
             )
@@ -1223,9 +1207,9 @@ pub async fn initialize_and_start_controllers<'a>(
         .processor_id(state_controller_id.clone())
         .services(
             IBPartitionStateHandlerServices {
-                db_pool: handler_services.db_pool.clone(),
-                ib_fabric_manager: handler_services.ib_fabric_manager.clone(),
-                ib_pools: handler_services.ib_pools.clone(),
+                db_pool: db_pool.clone(),
+                ib_fabric_manager: ib_fabric_manager.clone(),
+                ib_pools: common_pools.infiniband.clone(),
             }
             .into(),
         )
@@ -1240,9 +1224,9 @@ pub async fn initialize_and_start_controllers<'a>(
         .processor_id(state_controller_id.clone())
         .services(
             PowerShelfStateHandlerServices {
-                db_pool: handler_services.db_pool.clone(),
-                rms_client: handler_services.rms_client.clone(),
-                credential_manager: handler_services.credential_manager.clone(),
+                db_pool: db_pool.clone(),
+                rms_client: rms_client.clone(),
+                credential_manager: credential_manager.clone(),
             }
             .into(),
         )
@@ -1257,21 +1241,16 @@ pub async fn initialize_and_start_controllers<'a>(
         .processor_id(state_controller_id.clone())
         .services(
             RackStateHandlerServices {
-                db_pool: handler_services.db_pool.clone(),
-                rms_client: handler_services.rms_client.clone(),
+                db_pool: db_pool.clone(),
+                rms_client: rms_client.clone(),
                 site_config: RackConfig {
-                    rms: handler_services.site_config.rms.clone(),
-                    rack_validation_config: handler_services
-                        .site_config
-                        .rack_validation_config
-                        .clone(),
-                    rack_profiles: handler_services.site_config.rack_profiles.clone(),
+                    rms: carbide_config.rms.clone(),
+                    rack_validation_config: carbide_config.rack_validation_config.clone(),
+                    rack_profiles: carbide_config.rack_profiles.clone(),
                 }
                 .into(),
-                switch_system_image_rms_client: handler_services
-                    .switch_system_image_rms_client
-                    .clone(),
-                credential_manager: handler_services.credential_manager.clone(),
+                switch_system_image_rms_client,
+                credential_manager: credential_manager.clone(),
             }
             .into(),
         )
@@ -1285,9 +1264,9 @@ pub async fn initialize_and_start_controllers<'a>(
         .processor_id(state_controller_id.clone())
         .services(
             SwitchStateHandlerServices {
-                db_pool: handler_services.db_pool.clone(),
-                rms_client: handler_services.rms_client.clone(),
-                credential_manager: handler_services.credential_manager.clone(),
+                db_pool: db_pool.clone(),
+                rms_client: rms_client.clone(),
+                credential_manager: credential_manager.clone(),
             }
             .into(),
         )