Add measurement manifest to reconfigurator-cli (#9733)

labbott · web-flow · commit 4e5796226cf6 · 2026-02-01T13:22:57.000-05:00
diff --git a/dev-tools/reconfigurator-cli/src/lib.rs b/dev-tools/reconfigurator-cli/src/lib.rs
@@ -2085,9 +2085,15 @@ fn cmd_sled_update_install_dataset(
     let mut state = sim.current_state().to_mut();
     let system = state.system_mut();
     let sled_id = args.sled_id.to_sled_id(system.description())?;
-    system
-        .description_mut()
-        .sled_set_zone_manifest(sled_id, description.to_boot_inventory())?;
+    system.description_mut().sled_set_zone_manifest(
+        sled_id,
+        description.to_zone_boot_inventory(),
+    )?;
+
+    system.description_mut().sled_set_measurement_manifest(
+        sled_id,
+        description.to_measurement_boot_inventory(),
+    )?;
 
     sim.commit_and_bump(
         format!(
@@ -3463,6 +3469,9 @@ fn mupdate_source_to_description(
         let description = extract_tuf_repo_description(&sim.log, repo_path)?;
         let mut sim_source = SimTufRepoSource::new(
             description,
+            // We might consider having these be different for testing purposes
+            // but for now having them be the same is fine
+            manifest_source,
             manifest_source,
             format!("from repo at {repo_path}"),
         )?;
@@ -3486,6 +3495,7 @@ fn mupdate_source_to_description(
                 let mut sim_source = SimTufRepoSource::new(
                     desc.clone(),
                     manifest_source,
+                    manifest_source,
                     "to target release".to_owned(),
                 )?;
                 sim_source.simulate_zone_errors(&source.with_zone_error)?;
diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout
@@ -432,8 +432,9 @@ LEDGERED SLED CONFIG
         measurement manifest:
             path on boot disk: /fake/path/install/zones.json
             boot disk inventory:
-                manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000)
-                no artifacts in install dataset (this should only be seen in simulated systems)
+                manifest generated by sled-agent
+                artifacts in install dataset:
+                  - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok
             no non-boot disks
         mupdate override:
             path on boot disk: /fake/path/install/mupdate_override.json
diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-nexus-generation-autobump-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-nexus-generation-autobump-stdout
@@ -706,8 +706,9 @@ LEDGERED SLED CONFIG
         measurement manifest:
             path on boot disk: /fake/path/install/zones.json
             boot disk inventory:
-                manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000)
-                no artifacts in install dataset (this should only be seen in simulated systems)
+                manifest generated by sled-agent
+                artifacts in install dataset:
+                  - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok
             no non-boot disks
         mupdate override:
             path on boot disk: /fake/path/install/mupdate_override.json
@@ -893,8 +894,9 @@ LEDGERED SLED CONFIG
         measurement manifest:
             path on boot disk: /fake/path/install/zones.json
             boot disk inventory:
-                manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000)
-                no artifacts in install dataset (this should only be seen in simulated systems)
+                manifest generated by sled-agent
+                artifacts in install dataset:
+                  - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok
             no non-boot disks
         mupdate override:
             path on boot disk: /fake/path/install/mupdate_override.json
@@ -1080,8 +1082,9 @@ LEDGERED SLED CONFIG
         measurement manifest:
             path on boot disk: /fake/path/install/zones.json
             boot disk inventory:
-                manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000)
-                no artifacts in install dataset (this should only be seen in simulated systems)
+                manifest generated by sled-agent
+                artifacts in install dataset:
+                  - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok
             no non-boot disks
         mupdate override:
             path on boot disk: /fake/path/install/mupdate_override.json
diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout
@@ -693,8 +693,9 @@ LEDGERED SLED CONFIG
         measurement manifest:
             path on boot disk: /fake/path/install/zones.json
             boot disk inventory:
-                manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000)
-                no artifacts in install dataset (this should only be seen in simulated systems)
+                manifest generated by sled-agent
+                artifacts in install dataset:
+                  - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok
             no non-boot disks
         mupdate override:
             path on boot disk: /fake/path/install/mupdate_override.json
@@ -880,8 +881,9 @@ LEDGERED SLED CONFIG
         measurement manifest:
             path on boot disk: /fake/path/install/zones.json
             boot disk inventory:
-                manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000)
-                no artifacts in install dataset (this should only be seen in simulated systems)
+                manifest generated by sled-agent
+                artifacts in install dataset:
+                  - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok
             no non-boot disks
         mupdate override:
             path on boot disk: /fake/path/install/mupdate_override.json
@@ -1067,8 +1069,9 @@ LEDGERED SLED CONFIG
         measurement manifest:
             path on boot disk: /fake/path/install/zones.json
             boot disk inventory:
-                manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000)
-                no artifacts in install dataset (this should only be seen in simulated systems)
+                manifest generated by sled-agent
+                artifacts in install dataset:
+                  - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok
             no non-boot disks
         mupdate override:
             path on boot disk: /fake/path/install/mupdate_override.json
diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-unsafe-zone-mgs-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-unsafe-zone-mgs-stdout
@@ -677,8 +677,9 @@ LEDGERED SLED CONFIG
         measurement manifest:
             path on boot disk: /fake/path/install/zones.json
             boot disk inventory:
-                manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000)
-                no artifacts in install dataset (this should only be seen in simulated systems)
+                manifest generated by sled-agent
+                artifacts in install dataset:
+                  - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok
             no non-boot disks
         mupdate override:
             path on boot disk: /fake/path/install/mupdate_override.json
@@ -864,8 +865,9 @@ LEDGERED SLED CONFIG
         measurement manifest:
             path on boot disk: /fake/path/install/zones.json
             boot disk inventory:
-                manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000)
-                no artifacts in install dataset (this should only be seen in simulated systems)
+                manifest generated by sled-agent
+                artifacts in install dataset:
+                  - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok
             no non-boot disks
         mupdate override:
             path on boot disk: /fake/path/install/mupdate_override.json
@@ -1051,8 +1053,9 @@ LEDGERED SLED CONFIG
         measurement manifest:
             path on boot disk: /fake/path/install/zones.json
             boot disk inventory:
-                manifest generated by installinator (mupdate ID: 00000000-0000-0000-0000-000000000000)
-                no artifacts in install dataset (this should only be seen in simulated systems)
+                manifest generated by sled-agent
+                artifacts in install dataset:
+                  - fake-corpus (expected 1048576 bytes with hash 8a0e23157bae655fceec7376926c9758efee6511c7b7ff8355bbb49545a2257f): ok
             no non-boot disks
         mupdate override:
             path on boot disk: /fake/path/install/mupdate_override.json
diff --git a/nexus/reconfigurator/planning/src/system.rs b/nexus/reconfigurator/planning/src/system.rs
@@ -683,6 +683,17 @@ impl SystemDescription {
         Ok(self)
     }
 
+    /// Set the measurement manifest for a sled from a provided `TufRepoDescription`.
+    pub fn sled_set_measurement_manifest(
+        &mut self,
+        sled_id: SledUuid,
+        boot_inventory: Result<ManifestBootInventory, String>,
+    ) -> anyhow::Result<&mut Self> {
+        let sled = self.get_sled_mut(sled_id)?;
+        sled.set_measurement_manifest(boot_inventory);
+        Ok(self)
+    }
+
     pub fn sled_sp_active_version(
         &self,
         sled_id: SledUuid,
@@ -1757,6 +1768,16 @@ impl Sled {
             .boot_inventory = boot_inventory;
     }
 
+    fn set_measurement_manifest(
+        &mut self,
+        boot_inventory: Result<ManifestBootInventory, String>,
+    ) {
+        self.inventory_sled_agent
+            .file_source_resolver
+            .measurement_manifest
+            .boot_inventory = boot_inventory;
+    }
+
     /// Update the reported RoT bootloader versions
     ///
     /// If either field is `None`, that field is _unchanged_.
diff --git a/nexus/reconfigurator/simulation/src/zone_images.rs b/nexus/reconfigurator/simulation/src/zone_images.rs
@@ -43,10 +43,24 @@ impl SimTufRepoDescription {
         Self { source: Err(message.clone()), message }
     }
 
-    /// Generates a simulated [`ManifestBootInventory`] or an error.
-    pub fn to_boot_inventory(&self) -> Result<ManifestBootInventory, String> {
+    /// Generates a simulated [`ManifestBootInventory`] for zones or an error.
+    pub fn to_zone_boot_inventory(
+        &self,
+    ) -> Result<ManifestBootInventory, String> {
         match &self.source {
-            Ok(source) => Ok(source.to_boot_inventory()),
+            Ok(source) => Ok(source.to_zone_boot_inventory()),
+            Err(error) => {
+                Err(format!("reconfigurator-sim simulated error: {error}"))
+            }
+        }
+    }
+
+    /// Generates a simulated [`ManifestBootInventory`] for measurements or an error.
+    pub fn to_measurement_boot_inventory(
+        &self,
+    ) -> Result<ManifestBootInventory, String> {
+        match &self.source {
+            Ok(source) => Ok(source.to_measurement_boot_inventory()),
             Err(error) => {
                 Err(format!("reconfigurator-sim simulated error: {error}"))
             }
@@ -59,7 +73,8 @@ impl SimTufRepoDescription {
 #[derive(Clone, Debug)]
 pub struct SimTufRepoSource {
     description: TufRepoDescription,
-    manifest_source: OmicronInstallManifestSource,
+    zone_manifest_source: OmicronInstallManifestSource,
+    measurement_manifest_source: OmicronInstallManifestSource,
     message: String,
     known_artifact_id_names: BTreeSet<String>,
     error_artifact_id_names: BTreeSet<String>,
@@ -71,7 +86,8 @@ impl SimTufRepoSource {
     /// The message should be of the form "from repo at ..." or "to target release".
     pub fn new(
         description: TufRepoDescription,
-        manifest_source: OmicronInstallManifestSource,
+        zone_manifest_source: OmicronInstallManifestSource,
+        measurement_manifest_source: OmicronInstallManifestSource,
         message: String,
     ) -> anyhow::Result<Self> {
         let mut unknown = BTreeSet::new();
@@ -106,7 +122,8 @@ impl SimTufRepoSource {
         }
         Ok(Self {
             description,
-            manifest_source,
+            zone_manifest_source,
+            measurement_manifest_source,
             message,
             known_artifact_id_names: known,
             error_artifact_id_names: BTreeSet::new(),
@@ -141,8 +158,47 @@ impl SimTufRepoSource {
         Ok(())
     }
 
-    /// Generates a simulated [`ManifestBootInventory`].
-    pub fn to_boot_inventory(&self) -> ManifestBootInventory {
+    /// Generates a simulated [`ManifestBootInventory`] from the measurement manifest.
+    pub fn to_measurement_boot_inventory(&self) -> ManifestBootInventory {
+        let artifacts = self
+            .description
+            .artifacts
+            .iter()
+            .filter_map(|artifact| {
+                if artifact.id.kind.to_known()
+                    != Some(KnownArtifactKind::MeasurementCorpus)
+                {
+                    return None;
+                }
+
+                let file_name = artifact.id.name.to_string();
+                let path = Utf8Path::new("/fake/path/install").join(&file_name);
+                let status =
+                    if self.error_artifact_id_names.contains(&artifact.id.name)
+                    {
+                        Err("reconfigurator-sim: simulated error \
+                             validating zone image"
+                            .to_owned())
+                    } else {
+                        Ok(())
+                    };
+                Some(ZoneArtifactInventory {
+                    file_name,
+                    path,
+                    expected_size: artifact.size,
+                    expected_hash: artifact.hash,
+                    status,
+                })
+            })
+            .collect();
+        ManifestBootInventory {
+            source: self.measurement_manifest_source,
+            artifacts,
+        }
+    }
+
+    /// Generates a simulated [`ManifestBootInventory`] from the zone manifest.
+    pub fn to_zone_boot_inventory(&self) -> ManifestBootInventory {
         let artifacts = self
             .description
             .artifacts
@@ -178,7 +234,7 @@ impl SimTufRepoSource {
                 })
             })
             .collect();
-        ManifestBootInventory { source: self.manifest_source, artifacts }
+        ManifestBootInventory { source: self.zone_manifest_source, artifacts }
     }
 
     /// Returns a message including the system version and the number of zone
