TQ: Async Nodes and P2P connections (#9258)

Builds on #9232

This is the first step in wrapping the `trust_quorum::Node` so that it
can be used in an async context and integrated with sled-agent. Only the
sprockets networking has been fully integrated so far such that each
`NodeTask` has a `ConnMgr` that sets up a full mesh of sprockets
connections. A test for this connectivity behavior has been written but
the code is not wired into the production code yet.

Messages can be sent between `NodeTasks` over sprockets connections.
Each connection exists in it's own task managed by an `EstablishedConn`.
The main `NodeTask` task sends messages to and receives messages from
this task to interact with the outside world via sprockets. Currently
only `Ping` messages are sent over the wire as a means to keep the
connections alive and detect disconnects.

A `NodeHandle` allows one to interact with the `NodeTask`. Currently
only three operations are implemented with messages defined in
`NodeApiRequest`. The user can instruct the node who it's peers are on
the bootstrap network to establish connectivity, can poll for
connectivity status, and can shutdown the node. All of this
functionality is used in the accompanying test.

It's important to re-iterate that this code only implements connectivity
between trust quorum nodes and no actual trust quorum messages are sent.
They can't be as a handle can not yet initiate a reconfiguration or LRTQ
upgrade. That behavior will come in a follow up. This PR is large
enough.

A lot of this code is similar to the LRTQ connection management code,
except that it operates over sprockets rather than TCP channels. This
introduces some complexity, but it is mostly abstracted away into the
`SprocketsConfig`.

Author: andrewjstone

Cargo.lock

@@ -143,6 +143,7 @@ members = [
     "test-utils",
     "trust-quorum",
     "trust-quorum/gfss",
+    "trust-quorum/protocol",
     "trust-quorum/test-utils",
     "trust-quorum/tqdb",
     "typed-rng",
@@ -304,6 +305,7 @@ default-members = [
     "sp-sim",
     "trust-quorum",
     "trust-quorum/gfss",
+    "trust-quorum/protocol",
     "trust-quorum/test-utils",
     "trust-quorum/tqdb",
     "test-utils",
@@ -370,6 +372,7 @@ assert_matches = "1.5.0"
 assert_cmd = "2.0.17"
 async-bb8-diesel = "0.2"
 async-trait = "0.1.89"
+attest-mock = { git = "https://github.com/oxidecomputer/dice-util", rev = "10952e8d9599b735b85d480af3560a11700e5b64" }
 atomicwrites = "0.4.4"
 authz-macros = { path = "nexus/authz-macros" }
 backoff = { version = "0.4.0", features = [ "tokio" ] }
@@ -471,6 +474,7 @@ gateway-types = { path = "gateway-types" }
 gethostname = "0.5.0"
 gfss = { path = "trust-quorum/gfss" }
 trust-quorum = { path = "trust-quorum" }
+trust-quorum-protocol = { path = "trust-quorum/protocol" }
 trust-quorum-test-utils = { path = "trust-quorum/test-utils" }
 glob = "0.3.2"
 guppy = "0.17.20"
@@ -724,7 +728,8 @@ slog-term = "2.9.1"
 smf = "0.2"
 socket2 = { version = "0.5", features = ["all"] }
 sp-sim = { path = "sp-sim" }
-sprockets-tls = { git = "https://github.com/oxidecomputer/sprockets.git", rev = "7da1f0b5dcd3d631da18b43ba78a84b1a2b425ee" }
+sprockets-tls = { git = "https://github.com/oxidecomputer/sprockets.git", rev = "dea3bbfac7d9d3c45f088898fcd05ee5d2ec2210" }
+sprockets-tls-test-utils = { git = "https://github.com/oxidecomputer/sprockets.git", rev = "dea3bbfac7d9d3c45f088898fcd05ee5d2ec2210" }
 sqlformat = "0.3.5"
 sqlparser = { version = "0.45.0", features = [ "visitor" ] }
 static_assertions = "1.1.0"

Cargo.toml

@@ -7,3 +7,4 @@
 pub const BOOTSTRAP_AGENT_HTTP_PORT: u16 = 80;
 pub const BOOTSTRAP_AGENT_RACK_INIT_PORT: u16 = 12346;
 pub const BOOTSTORE_PORT: u16 = 12347;
+pub const TRUST_QUORUM_PORT: u16 = 12349;

sled-agent/src/bootstrap/config.rs

@@ -3,18 +3,21 @@ name = "trust-quorum"
 version = "0.1.0"
 edition = "2021"
 license = "MPL-2.0"
+description = "trust quorum library for use by bootstrap agent"
 
 [lints]
 workspace = true
 
 [dependencies]
 anyhow.workspace = true
-bcs.workspace = true
 bootstore.workspace = true
+bytes.workspace = true
 camino.workspace = true
 chacha20poly1305.workspace = true
+ciborium.workspace = true
 daft.workspace = true
 derive_more.workspace = true
+futures.workspace = true
 gfss.workspace = true
 hex.workspace = true
 hkdf.workspace = true
@@ -28,29 +31,23 @@ sha3.workspace = true
 sled-agent-types.workspace = true
 slog.workspace = true
 slog-error-chain.workspace = true
+sprockets-tls.workspace = true
 static_assertions.workspace = true
 subtle.workspace = true
 thiserror.workspace = true
 tokio.workspace = true
+trust-quorum-protocol.workspace = true
 uuid.workspace = true
 zeroize.workspace = true
 omicron-workspace-hack.workspace = true
 
 [dev-dependencies]
 assert_matches.workspace = true
+attest-mock.workspace = true
 dropshot.workspace = true
 omicron-test-utils.workspace = true
 proptest.workspace = true
 serde_json.workspace = true
 test-strategy.workspace = true
 trust-quorum-test-utils.workspace = true
-
-[features]
-# Impl `PartialEq` and `Eq` for types implementing `subtle::ConstantTimeEq` when
-# this feature is enabled.
-# 
-# This is of unknown risk. The rust compiler may obviate the security of using
-# subtle when we do this. On the other hand its very useful for testing and
-# debugging outside of production.
-danger_partial_eq_ct_wrapper = ["gfss/danger_partial_eq_ct_wrapper"]
-testing = []
+sprockets-tls-test-utils.workspace = true

trust-quorum/Cargo.toml

@@ -0,0 +1,57 @@
+[package]
+name = "trust-quorum-protocol"
+version = "0.1.0"
+edition = "2021"
+license = "MPL-2.0"
+description = "sans-io trust quorum protocol implementation"
+
+[lints]
+workspace = true
+
+[dependencies]
+bootstore.workspace = true
+bytes.workspace = true
+camino.workspace = true
+chacha20poly1305.workspace = true
+ciborium.workspace = true
+daft.workspace = true
+derive_more.workspace = true
+gfss.workspace = true
+hex.workspace = true
+hkdf.workspace = true
+iddqd.workspace = true
+omicron-uuid-kinds.workspace = true
+rand = { workspace = true, features = ["os_rng"] }
+secrecy.workspace = true
+serde.workspace = true
+serde_with.workspace = true
+sha3.workspace = true
+sled-agent-types.workspace = true
+slog.workspace = true
+slog-error-chain.workspace = true
+static_assertions.workspace = true
+subtle.workspace = true
+thiserror.workspace = true
+uuid.workspace = true
+zeroize.workspace = true
+omicron-workspace-hack.workspace = true
+
+[dev-dependencies]
+assert_matches.workspace = true
+attest-mock.workspace = true
+dropshot.workspace = true
+omicron-test-utils.workspace = true
+proptest.workspace = true
+serde_json.workspace = true
+test-strategy.workspace = true
+trust-quorum-test-utils.workspace = true
+
+[features]
+# Impl `PartialEq` and `Eq` for types implementing `subtle::ConstantTimeEq` when
+# this feature is enabled.
+# 
+# This is of unknown risk. The rust compiler may obviate the security of using
+# subtle when we do this. On the other hand its very useful for testing and
+# debugging outside of production.
+danger_partial_eq_ct_wrapper = ["gfss/danger_partial_eq_ct_wrapper"]
+testing = []