[7/n] [installinator] write out zone hashes to mupdate-override.json

Cargo.toml

@@ -473,7 +473,7 @@ hyper = "1.6.0"
 hyper-util = "0.1.11"
 hyper-rustls = "0.26.0"
 hyper-staticfile = "0.10.1"
-iddqd = { version = "0.3.0", features = ["daft", "serde"] }
+iddqd = { version = "0.3.1", features = ["daft", "serde"] }
 id-map = { path = "id-map" }
 illumos-utils = { path = "illumos-utils" }
 iana-time-zone = "0.1.63"

common/Cargo.toml

@@ -25,6 +25,7 @@ dropshot.workspace = true
 futures.workspace = true
 hex.workspace = true
 http.workspace = true
+iddqd.workspace = true
 id-map.workspace = true
 ipnetwork.workspace = true
 lldp_protocol.workspace = true

common/src/update/mupdate_override.rs

@@ -6,9 +6,10 @@
 
 use std::collections::BTreeSet;
 
+use iddqd::{IdOrdItem, IdOrdMap, id_upcast};
 use omicron_uuid_kinds::MupdateOverrideUuid;
 use serde::{Deserialize, Serialize};
-use tufaceous_artifact::ArtifactHashId;
+use tufaceous_artifact::{ArtifactHash, ArtifactHashId};
 
 /// MUPdate override information, typically serialized as JSON (RFD 556).
 ///
@@ -20,10 +21,45 @@ pub struct MupdateOverrideInfo {
     pub mupdate_uuid: MupdateOverrideUuid,
 
     /// Artifact hashes written out to the install dataset.
+    ///
+    /// Currently includes the host phase 2 and composite control plane
+    /// artifacts. Information about individual zones is included in
+    /// [`Self::zones`].
     pub hash_ids: BTreeSet<ArtifactHashId>,
+
+    /// Control plane zone file names and hashes.
+    pub zones: IdOrdMap<MupdateOverrideZone>,
 }
 
 impl MupdateOverrideInfo {
     /// The name of the file on the install dataset.
     pub const FILE_NAME: &'static str = "mupdate-override.json";
 }
+
+/// Control plane zone information written out to the install dataset.
+///
+/// Part of [`MupdateOverrideInfo`].
+#[derive(
+    Clone, Debug, Eq, Ord, PartialEq, PartialOrd, Deserialize, Serialize,
+)]
+pub struct MupdateOverrideZone {
+    /// The file name.
+    pub file_name: String,
+
+    /// The file size.
+    pub file_size: u64,
+
+    /// The hash of the file.
+    pub hash: ArtifactHash,
+}
+
+impl IdOrdItem for MupdateOverrideZone {
+    type Key<'a> = &'a str;
+
+    #[inline]
+    fn key(&self) -> Self::Key<'_> {
+        &self.file_name
+    }
+
+    id_upcast!();
+}

installinator/Cargo.toml

@@ -21,6 +21,7 @@ display-error-chain.workspace = true
 futures.workspace = true
 hex.workspace = true
 http.workspace = true
+iddqd.workspace = true
 illumos-utils.workspace = true
 installinator-client.workspace = true
 installinator-common.workspace = true

installinator/src/write.rs

@@ -12,21 +12,26 @@ use std::{
 use anyhow::{Context, Result, anyhow, ensure};
 use async_trait::async_trait;
 use buf_list::BufList;
-use bytes::Buf;
+use bytes::{Buf, Bytes};
 use camino::{Utf8Path, Utf8PathBuf};
+use iddqd::IdOrdMap;
 use illumos_utils::zpool::{Zpool, ZpoolName};
 use installinator_common::{
     ControlPlaneZonesSpec, ControlPlaneZonesStepId, RawDiskWriter, StepContext,
     StepProgress, StepResult, StepSuccess, UpdateEngine, WriteComponent,
     WriteError, WriteOutput, WriteSpec, WriteStepId,
 };
-use omicron_common::{disk::M2Slot, update::MupdateOverrideInfo};
+use omicron_common::{
+    disk::M2Slot,
+    update::{MupdateOverrideInfo, MupdateOverrideZone},
+};
 use omicron_uuid_kinds::MupdateOverrideUuid;
 use sha2::{Digest, Sha256};
 use slog::{Logger, info, warn};
 use tokio::{
     fs::File,
     io::{AsyncWrite, AsyncWriteExt},
+    task::JoinSet,
 };
 use tufaceous_artifact::{ArtifactHash, ArtifactHashId};
 use tufaceous_lib::ControlPlaneZoneImages;
@@ -678,7 +683,7 @@ impl ControlPlaneZoneWriteContext<'_> {
                 async move |cx| {
                     let transport = transport.into_value(cx.token()).await;
                     let mupdate_json =
-                        self.mupdate_override_artifact(mupdate_uuid);
+                        self.mupdate_override_artifact(mupdate_uuid).await;
 
                     let out_path = self
                         .output_directory
@@ -759,23 +764,63 @@ impl ControlPlaneZoneWriteContext<'_> {
             .register();
     }
 
-    fn mupdate_override_artifact(
+    async fn mupdate_override_artifact(
         &self,
         mupdate_uuid: MupdateOverrideUuid,
     ) -> BufList {
-        // Might be worth writing out individual hash IDs for each zone in the
-        // future.
         let hash_ids =
             [self.host_phase_2_id.clone(), self.control_plane_id.clone()]
                 .into_iter()
                 .collect();
-        let mupdate_override = MupdateOverrideInfo { mupdate_uuid, hash_ids };
+        let zones = compute_zone_hashes(&self.zones).await;
+
+        let mupdate_override =
+            MupdateOverrideInfo { mupdate_uuid, hash_ids, zones };
         let json_bytes = serde_json::to_vec(&mupdate_override)
             .expect("this serialization is infallible");
         BufList::from(json_bytes)
     }
 }
 
+/// Computes the zone hash IDs.
+///
+/// Hash computation is done in parallel on blocking tasks.
+///
+/// # Panics
+///
+/// Panics if the runtime shuts down causing a task abort, or a task panics.
+async fn compute_zone_hashes(
+    images: &ControlPlaneZoneImages,
+) -> IdOrdMap<MupdateOverrideZone> {
+    let mut tasks = JoinSet::new();
+    for (file_name, data) in &images.zones {
+        let file_name = file_name.clone();
+        // data is a Bytes so is cheap to clone.
+        let data: Bytes = data.clone();
+        // Compute hashes in parallel.
+        tasks.spawn_blocking(move || {
+            let mut hasher = Sha256::new();
+            hasher.update(&data);
+            let hash = hasher.finalize();
+            MupdateOverrideZone {
+                file_name,
+                file_size: u64::try_from(data.len()).unwrap(),
+                hash: ArtifactHash(hash.into()),
+            }
+        });
+    }
+
+    let mut output = IdOrdMap::new();
+    while let Some(res) = tasks.join_next().await {
+        // Propagate panics across tasks—this is the standard pattern we follow
+        // in installinator.
+        output
+            .insert_unique(res.expect("task panicked"))
+            .expect("filenames are unique");
+    }
+    output
+}
+
 fn remove_contents_of(path: &Utf8Path) -> io::Result<()> {
     use std::fs;
 

sled-agent/zone-images/Cargo.toml

@@ -10,6 +10,7 @@ workspace = true
 [dependencies]
 anyhow.workspace = true
 camino.workspace = true
+iddqd.workspace = true
 id-map.workspace = true
 illumos-utils.workspace = true
 nexus-sled-agent-shared.workspace = true

sled-agent/zone-images/src/mupdate_override.rs

@@ -483,6 +483,7 @@ mod tests {
     use dropshot::ConfigLogging;
     use dropshot::ConfigLoggingLevel;
     use dropshot::test_util::LogContext;
+    use iddqd::IdOrdMap;
     use omicron_uuid_kinds::MupdateOverrideUuid;
     use omicron_uuid_kinds::ZpoolUuid;
     use pretty_assertions::assert_eq;
@@ -951,13 +952,15 @@ mod tests {
         MupdateOverrideInfo {
             mupdate_uuid: OVERRIDE_UUID,
             hash_ids: BTreeSet::new(),
+            zones: IdOrdMap::new(),
         }
     }
 
     fn override_info_2() -> MupdateOverrideInfo {
         MupdateOverrideInfo {
             mupdate_uuid: OVERRIDE_2_UUID,
             hash_ids: BTreeSet::new(),
+            zones: IdOrdMap::new(),
         }
     }
 

wicketd/tests/integration_tests/updates.rs

@@ -447,6 +447,18 @@ async fn test_installinator_fetch() {
         "mupdate override info matches across A and B drives",
     );
 
+    // Check that the zone1 and zone2 images are present in the zone set. (The
+    // names come from fake-non-semver.toml, under
+    // [artifact.control-plane.source]).
+    assert!(
+        a_override_info.zones.contains_key("zone1.tar.gz"),
+        "zone1 is present in the zone set"
+    );
+    assert!(
+        a_override_info.zones.contains_key("zone2.tar.gz"),
+        "zone2 is present in the zone set"
+    );
+
     recv_handle.await.expect("recv_handle succeeded");
 
     wicketd_testctx.teardown().await;