Create a new NTP-admin service

Cargo.toml

@@ -16,6 +16,7 @@ members = [
     "clients/gateway-client",
     "clients/installinator-client",
     "clients/nexus-client",
+    "clients/ntp-admin-client",
     "clients/oxide-client",
     "clients/oximeter-client",
     "clients/repo-depot-client",
@@ -104,6 +105,9 @@ members = [
     "nexus/test-utils-macros",
     "nexus/test-utils",
     "nexus/types",
+    "ntp-admin",
+    "ntp-admin/api",
+    "ntp-admin/types",
     "oximeter/api",
     "oximeter/collector",
     "oximeter/db",
@@ -168,6 +172,7 @@ default-members = [
     "clients/gateway-client",
     "clients/installinator-client",
     "clients/nexus-client",
+    "clients/ntp-admin-client",
     "clients/oxide-client",
     "clients/oximeter-client",
     "clients/repo-depot-client",
@@ -258,6 +263,9 @@ default-members = [
     "nexus/test-utils-macros",
     "nexus/test-utils",
     "nexus/types",
+    "ntp-admin",
+    "ntp-admin/api",
+    "ntp-admin/types",
     "oximeter/api",
     "oximeter/collector",
     "oximeter/db",
@@ -511,6 +519,9 @@ lldp_protocol = { git = "https://github.com/oxidecomputer/lldp", package = "prot
 macaddr = { version = "1.0.1", features = ["serde_std"] }
 maplit = "1.0.2"
 newtype_derive = "0.1.6"
+ntp-admin-api = { path = "ntp-admin/api" }
+ntp-admin-client = { path = "clients/ntp-admin-client" }
+ntp-admin-types = { path = "ntp-admin/types" }
 mg-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "fa5f15cdcd5864161a929e2ec01534f70dfba216" }
 ddm-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "fa5f15cdcd5864161a929e2ec01534f70dfba216" }
 multimap = "0.10.1"
@@ -556,6 +567,7 @@ omicron-common = { path = "common" }
 omicron-dev-lib = { path = "dev-tools/omicron-dev-lib" }
 omicron-gateway = { path = "gateway" }
 omicron-nexus = { path = "nexus" }
+omicron-ntp-admin = { path = "ntp-admin" }
 omicron-omdb = { path = "dev-tools/omdb" }
 omicron-package = { path = "package" }
 omicron-passwords = { path = "passwords" }

clients/ntp-admin-client/Cargo.toml

@@ -0,0 +1,17 @@
+[package]
+name = "ntp-admin-client"
+version = "0.1.0"
+edition = "2021"
+license = "MPL-2.0"
+
+[lints]
+workspace = true
+
+[dependencies]
+chrono.workspace = true
+progenitor.workspace = true
+reqwest = { workspace = true, features = [ "json", "rustls-tls", "stream" ] }
+schemars.workspace = true
+serde.workspace = true
+slog.workspace = true
+omicron-workspace-hack.workspace = true

clients/ntp-admin-client/src/lib.rs

@@ -0,0 +1,22 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+//! Interface for making API requests to an Omicron NTP admin server
+
+progenitor::generate_api!(
+    spec = "../../openapi/ntp-admin.json",
+    interface = Positional,
+    inner_type = slog::Logger,
+    pre_hook = (|log: &slog::Logger, request: &reqwest::Request| {
+        slog::debug!(log, "client request";
+            "method" => %request.method(),
+            "uri" => %request.url(),
+            "body" => ?&request.body(),
+        );
+    }),
+    post_hook = (|log: &slog::Logger, result: &Result<_, _>| {
+        slog::debug!(log, "client response"; "result" => ?result);
+    }),
+    derives = [schemars::JsonSchema],
+);

common/src/address.rs

@@ -64,8 +64,12 @@ pub const NEXUS_TECHPORT_EXTERNAL_PORT: u16 = 12228;
 /// interface(s).
 pub const WICKETD_NEXUS_PROXY_PORT: u16 = 12229;
 
+/// The port on which NTP runs
 pub const NTP_PORT: u16 = 123;
 
+/// The port on which the NTP admin service exposes an HTTP interface
+pub const NTP_ADMIN_PORT: u16 = 10123;
+
 /// The length for all VPC IPv6 prefixes
 pub const VPC_IPV6_PREFIX_LENGTH: u8 = 48;
 

dev-tools/ls-apis/api-manifest.toml

@@ -114,6 +114,10 @@ packages = [ "dns-server" ]
 label = "Nexus"
 packages = [ "omicron-nexus" ]
 
+[[deployment_units]]
+label = "NTP"
+packages = [ "omicron-ntp-admin" ]
+
 [[deployment_units]]
 label = "Oximeter"
 packages = [ "oximeter-collector" ]
@@ -212,6 +216,17 @@ This is the server running inside CockroachDB zones that performs \
 configuration and monitoring that requires the `cockroach` CLI.
 """
 
+[[apis]]
+client_package_name = "ntp-admin-client"
+label = "NTP Admin"
+server_package_name = "ntp-admin-api"
+versioned_how = "server"
+notes = """
+This is the server running inside NTP zones that performs \
+monitoring on 'chrony'.
+"""
+
+
 [[apis]]
 client_package_name = "crucible-agent-client"
 label = "Crucible Agent"

dev-tools/ls-apis/tests/api_dependencies.out

@@ -70,6 +70,8 @@ Nexus Internal API (client: nexus-client)
     consumed by: oximeter-collector (omicron/oximeter/collector) via 1 path
     consumed by: propolis-server (propolis/bin/propolis-server) via 3 paths
 
+NTP Admin (client: ntp-admin-client)
+
 External API (client: oxide-client)
 
 Oximeter (client: oximeter-client)

dev-tools/openapi-manager/Cargo.toml

@@ -27,6 +27,7 @@ itertools.workspace = true
 nexus-external-api.workspace = true
 nexus-internal-api.workspace = true
 newtype_derive.workspace = true
+ntp-admin-api.workspace = true
 omicron-workspace-hack.workspace = true
 openapi-lint.workspace = true
 openapi-manager-types.workspace = true

dev-tools/openapi-manager/src/omicron.rs

@@ -13,6 +13,7 @@ use gateway_api::gateway_api_mod;
 use installinator_api::installinator_api_mod;
 use nexus_external_api::nexus_external_api_mod;
 use nexus_internal_api::nexus_internal_api_mod;
+use ntp_admin_api::ntp_admin_api_mod;
 use oximeter_api::oximeter_api_mod;
 use repo_depot_api::repo_depot_api_mod;
 use sled_agent_api::sled_agent_api_mod;
@@ -127,6 +128,15 @@ pub fn all_apis() -> Vec<ManagedApiConfig> {
             ident: "nexus-internal",
             extra_validation: None,
         },
+        ManagedApiConfig {
+            title: "NTP Admin API",
+            versions: Versions::new_lockstep(semver::Version::new(0, 0, 1)),
+            description: "API for interacting with NTP",
+            boundary: ApiBoundary::Internal,
+            api_description: ntp_admin_api_mod::stub_api_description,
+            ident: "ntp-admin",
+            extra_validation: None,
+        },
         ManagedApiConfig {
             title: "Oxide Oximeter API",
             versions: Versions::new_lockstep(semver::Version::new(0, 0, 1)),

nexus/inventory/src/collector.rs

@@ -76,6 +76,12 @@ impl<'a> Collector<'a> {
         self.collect_all_keepers().await;
         self.collect_all_cockroach().await;
 
+        // TODO(https://github.com/oxidecomputer/omicron/issues/8546): Collect
+        // NTP timesync statuses
+
+        // TODO(https://github.com/oxidecomputer/omicron/issues/8544): Collect
+        // DNS generations
+
         debug!(&self.log, "finished collection");
 
         Ok(self.in_progress.build())

ntp-admin/Cargo.toml

@@ -0,0 +1,51 @@
+[package]
+name = "omicron-ntp-admin"
+version = "0.1.0"
+edition = "2021"
+license = "MPL-2.0"
+
+[build-dependencies]
+omicron-rpaths.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+camino.workspace = true
+chrono.workspace = true
+clap.workspace = true
+dropshot.workspace = true
+http.workspace = true
+ntp-admin-api.workspace = true
+ntp-admin-types.workspace = true
+omicron-common.workspace = true
+omicron-uuid-kinds.workspace = true
+oxide-tokio-rt.workspace = true
+# See omicron-rpaths for more about the "pq-sys" dependency.
+pq-sys = "*"
+reqwest.workspace = true
+schemars.workspace = true
+slog.workspace = true
+slog-async.workspace = true
+slog-dtrace.workspace = true
+slog-error-chain.workspace = true
+serde.workspace = true
+thiserror.workspace = true
+tokio.workspace = true
+tokio-postgres.workspace = true
+toml.workspace = true
+
+omicron-workspace-hack.workspace = true
+
+[dev-dependencies]
+expectorate.workspace = true
+nexus-test-utils.workspace = true
+omicron-test-utils.workspace = true
+openapi-lint.workspace = true
+openapiv3.workspace = true
+proptest.workspace = true
+serde_json.workspace = true
+subprocess.workspace = true
+test-strategy.workspace = true
+url.workspace = true
+
+[lints]
+workspace = true

ntp-admin/api/Cargo.toml

@@ -0,0 +1,18 @@
+[package]
+name = "ntp-admin-api"
+version = "0.1.0"
+edition = "2021"
+license = "MPL-2.0"
+
+[lints]
+workspace = true
+
+[dependencies]
+dropshot.workspace = true
+http.workspace = true
+ntp-admin-types.workspace = true
+omicron-common.workspace = true
+omicron-uuid-kinds.workspace = true
+omicron-workspace-hack.workspace = true
+schemars.workspace = true
+serde.workspace = true

ntp-admin/api/src/lib.rs

@@ -0,0 +1,19 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+use dropshot::{HttpError, HttpResponseOk, RequestContext};
+
+#[dropshot::api_description]
+pub trait NtpAdminApi {
+    type Context;
+
+    /// Query for the state of time synchronization
+    #[endpoint {
+        method = GET,
+        path = "/timesync",
+    }]
+    async fn timesync(
+        rqctx: RequestContext<Self::Context>,
+    ) -> Result<HttpResponseOk<ntp_admin_types::TimeSync>, HttpError>;
+}

ntp-admin/build.rs

@@ -0,0 +1,10 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+// See omicron-rpaths for documentation.
+// NOTE: This file MUST be kept in sync with the other build.rs files in this
+// repository.
+fn main() {
+    omicron_rpaths::configure_default_omicron_rpaths();
+}