Max level shown: TRCE DEBG INFO WARN ERRO FATA

1			[ Nov 8 06:58:38 Disabled. ]
2			[ Nov 8 06:58:38 Rereading configuration. ]
3			[ Nov 8 06:58:56 Rereading configuration. ]
4			[ Nov 8 06:59:24 Enabled. ]
5			[ Nov 8 06:59:24 Executing start method ("ctrun -l child -o noorphan,regent /opt/oxide/nexus/bin/nexus /var/svc/manifest/site/nexus/config.toml &"). ]
6			[ Nov 8 06:59:24 Method "start" exited with status 0. ]
7			note: configured to log to "/dev/stdout"
8	2023-11-08T06:59:24.557Z	DEBG	nexus: registered DTrace probes
9	2023-11-08T06:59:24.559Z	INFO	nexus: setting up nexus server file = nexus/src/lib.rs:88
10	2023-11-08T06:59:24.570Z	INFO	nexus (ServerContext): registering Oso class class = Action file = nexus/db-queries/src/authz/oso_generic.rs:68
11	2023-11-08T06:59:24.570Z	INFO	nexus (ServerContext): registering Oso class class = AnyActor file = nexus/db-queries/src/authz/oso_generic.rs:68
12	2023-11-08T06:59:24.570Z	INFO	nexus (ServerContext): registering Oso class class = AuthenticatedActor file = nexus/db-queries/src/authz/oso_generic.rs:68
13	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = Database file = nexus/db-queries/src/authz/oso_generic.rs:68
14	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = DnsConfig file = nexus/db-queries/src/authz/oso_generic.rs:68
15	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = Fleet file = nexus/db-queries/src/authz/oso_generic.rs:68
16	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = Inventory file = nexus/db-queries/src/authz/oso_generic.rs:68
17	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = IpPoolList file = nexus/db-queries/src/authz/oso_generic.rs:68
18	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = ConsoleSessionList file = nexus/db-queries/src/authz/oso_generic.rs:68
19	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = DeviceAuthRequestList file = nexus/db-queries/src/authz/oso_generic.rs:68
20	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = SiloCertificateList file = nexus/db-queries/src/authz/oso_generic.rs:68
21	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = SiloIdentityProviderList file = nexus/db-queries/src/authz/oso_generic.rs:68
22	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = SiloUserList file = nexus/db-queries/src/authz/oso_generic.rs:68
23	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = Project file = nexus/db-queries/src/authz/oso_generic.rs:68
24	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = Disk file = nexus/db-queries/src/authz/oso_generic.rs:68
25	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = Snapshot file = nexus/db-queries/src/authz/oso_generic.rs:68
26	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = ProjectImage file = nexus/db-queries/src/authz/oso_generic.rs:68
27	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = Instance file = nexus/db-queries/src/authz/oso_generic.rs:68
28	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = IpPool file = nexus/db-queries/src/authz/oso_generic.rs:68
29	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = InstanceNetworkInterface file = nexus/db-queries/src/authz/oso_generic.rs:68
30	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = Vpc file = nexus/db-queries/src/authz/oso_generic.rs:68
31	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = VpcRouter file = nexus/db-queries/src/authz/oso_generic.rs:68
32	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = RouterRoute file = nexus/db-queries/src/authz/oso_generic.rs:68
33	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = VpcSubnet file = nexus/db-queries/src/authz/oso_generic.rs:68
34	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = Image file = nexus/db-queries/src/authz/oso_generic.rs:68
35	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = SiloImage file = nexus/db-queries/src/authz/oso_generic.rs:68
36	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = AddressLot file = nexus/db-queries/src/authz/oso_generic.rs:68
37	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = LoopbackAddress file = nexus/db-queries/src/authz/oso_generic.rs:68
38	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = Certificate file = nexus/db-queries/src/authz/oso_generic.rs:68
39	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = ConsoleSession file = nexus/db-queries/src/authz/oso_generic.rs:68
40	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = DeviceAuthRequest file = nexus/db-queries/src/authz/oso_generic.rs:68
41	2023-11-08T06:59:24.571Z	INFO	nexus (ServerContext): registering Oso class class = DeviceAccessToken file = nexus/db-queries/src/authz/oso_generic.rs:68
42	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = PhysicalDisk file = nexus/db-queries/src/authz/oso_generic.rs:68
43	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = Rack file = nexus/db-queries/src/authz/oso_generic.rs:68
44	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = RoleBuiltin file = nexus/db-queries/src/authz/oso_generic.rs:68
45	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = SshKey file = nexus/db-queries/src/authz/oso_generic.rs:68
46	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = Silo file = nexus/db-queries/src/authz/oso_generic.rs:68
47	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = SiloUser file = nexus/db-queries/src/authz/oso_generic.rs:68
48	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = SiloGroup file = nexus/db-queries/src/authz/oso_generic.rs:68
49	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = IdentityProvider file = nexus/db-queries/src/authz/oso_generic.rs:68
50	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = SamlIdentityProvider file = nexus/db-queries/src/authz/oso_generic.rs:68
51	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = Sled file = nexus/db-queries/src/authz/oso_generic.rs:68
52	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = Zpool file = nexus/db-queries/src/authz/oso_generic.rs:68
53	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = Service file = nexus/db-queries/src/authz/oso_generic.rs:68
54	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = UpdateArtifact file = nexus/db-queries/src/authz/oso_generic.rs:68
55	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = UserBuiltin file = nexus/db-queries/src/authz/oso_generic.rs:68
56	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = SystemUpdate file = nexus/db-queries/src/authz/oso_generic.rs:68
57	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): registering Oso class class = UpdateDeployment file = nexus/db-queries/src/authz/oso_generic.rs:68
58	2023-11-08T06:59:24.572Z	INFO	nexus (ServerContext): full Oso configuration config = #\n# Oso configuration for Omicron\n# This file is augmented by generated snippets.\n#\n\n#\n# ACTOR TYPES AND BASIC RULES\n#\n\n# `AnyActor` includes both authenticated and unauthenticated users.\nactor AnyActor {}\n\n# An `AuthenticatedActor` has an identity in the system. All of our operations\n# today require that an actor be authenticated.\nactor AuthenticatedActor {}\n\n# For any resource, `actor` can perform action `action` on it if they're\n# authenticated and their role(s) give them the corresponding permission on that\n# resource.\nallow(actor: AnyActor, action: Action, resource) if\n actor.authenticated and\n has_permission(actor.authn_actor.unwrap(), action.to_perm(), resource);\n\n# Define role relationships\nhas_role(actor: AuthenticatedActor, role: String, resource: Resource)\n\tif resource.has_role(actor, role);\n\n#\n# ROLES AND PERMISSIONS IN THE FLEET/SILO/PROJECT HIERARCHY\n#\n# We define the following permissions for most resources in the system:\n#\n# - "create_child": required to create child resources (of any type)\n#\n# - "list_children": required to list child resources (of all types) of a\n# resource\n#\n# - "modify": required to modify or delete a resource\n#\n# - "read": required to read a resource\n#\n# We define the following predefined roles for only a few high-level resources:\n# the Fleet (see below), Silo, Organization, and Project. The specific roles\n# are oriented around intended use-cases:\n#\n# - "admin": has all permissions on the resource\n#\n# - "collaborator": has "read", "list_children", and "create_child", plus\n# the "admin" role for child resources. The idea is that if you're an\n# Organization Collaborator, you have full control over the Projects within\n# the Organization, but you cannot modify or delete the Organization itself.\n#\n# - "viewer": has "read" and "list_children" on a resource\n#\n# Below the Project level, permissions are granted via roles at the Project\n# level. For example, for someone to be able to create, modify, or delete any\n# Instances, they must be granted project.collaborator, which means they can\n# create, modify, or delete _all_ resources in the Project.\n#\n# The complete set of predefined roles:\n#\n# - fleet.admin (superuser for the whole system)\n# - fleet.collaborator (can manage Silos)\n# - fleet.viewer (can read most non-siloed resources in the system)\n# - silo.admin (superuser for the silo)\n# - silo.collaborator (can create and own Organizations)\n# - silo.viewer (can read most resources within the Silo)\n# - organization.admin (complete control over an organization)\n# - organization.collaborator (can manage Projects)\n# - organization.viewer (can read most resources within the Organization)\n# - project.admin (complete control over a Project)\n# - project.collaborator (can manage all resources within the Project)\n# - project.viewer (can read most resources within the Project)\n#\n# Outside the Silo/Organization/Project hierarchy, we (currently) treat most\n# resources as nested under Fleet or else a synthetic resource (see below). We\n# do not yet support role assignments on anything other than Fleet, Silo,\n# Organization, or Project.\n#\n\n# "Fleet" is a global singleton representing the whole system. The name comes\n# from the idea described in RFD 24, but it's not quite right. This probably\n# should be more like "Region" or "AvailabilityZone". The precise boundaries\n# have not yet been figured out.\nresource Fleet {\n\tpermissions = [\n\t "list_children",\n\t "modify",\n\t "read",\n\t "create_child",\n\t];\n\n\troles = [\n\t # Roles that can be attached by users\n\t "admin",\n\t "collaborator",\n\t "viewer",\n\n\t # Internal-only roles\n\t "external-authenticator"\n\t];\n\n\t# Roles implied by other roles on this resource\n\t"viewer" if "collaborator";\n\t"collaborator" if "admin";\n\n\t# Permissions granted directly by roles on this resource\n\t"list_children" if "viewer";\n\t"read" if "viewer";\n\t"create_child" if "collaborator";\n\t"modify" if "admin";\n}\n\n# For fleets specifically, roles can be conferred by roles on the user's Silo.\nhas_role(actor: AuthenticatedActor, role: String, _: Fleet) if\n\tsilo_role in actor.confers_fleet_role(role) and\n\thas_role(actor, silo_role, actor.silo.unwrap());\n\nresource Silo {\n\tpermissions = [\n\t "list_children",\n\t "modify",\n\t "read",\n\t "create_child",\n\t];\n\troles = [ "admin", "collaborator", "viewer" ];\n\n\t# Roles implied by other roles on this resource\n\t"viewer" if "collaborator";\n\t"collaborator" if "admin";\n\n\t# Permissions granted directly by roles on this resource\n\t"list_children" if "viewer";\n\t"read" if "viewer";\n\n\t"create_child" if "collaborator";\n\t"modify" if "admin";\n\n\t# Permissions implied by roles on this resource's parent (Fleet). Fleet\n\t# privileges allow a user to see and potentially administer the Silo,\n\t# but they do not give anyone permission to look at anything inside the\n\t# Silo. To achieve this, we use permission rules here. (If we granted\n\t# Fleet administrators _roles_ on the Silo, then those would cascade\n\t# into the Silo as well.)\n\trelations = { parent_fleet: Fleet };\n\t"read" if "viewer" on "parent_fleet";\n\t"modify" if "collaborator" on "parent_fleet";\n\n\t# external authenticator has to create silo users\n\t"list_children" if "external-authenticator" on "parent_fleet";\n\t"create_child" if "external-authenticator" on "parent_fleet";\n}\n\nhas_relation(fleet: Fleet, "parent_fleet", silo: Silo)\n\tif silo.fleet = fleet;\n\n# As a special case, all authenticated users can read their own Silo. That's\n# not quite the same as having the "viewer" role. For example, they cannot list\n# Organizations in the Silo.\n#\n# One reason this is necessary is because if an unprivileged user tries to\n# create an Organization using "POST /organizations", they should get back a 403\n# (which implies they're able to see /organizations, which is essentially seeing\n# the Silo itself) rather than a 404. This behavior isn't a hard constraint\n# (i.e., you could reasonably get a 404 for an API you're not allowed to call).\n# Nor is the implementation (i.e., we could special-case this endpoint somehow).\n# But granting this permission is the simplest way to keep this endpoint's\n# behavior consistent with the rest of the API.\n#\n# This rule is also used to determine if a user can list the identity providers\n# in the Silo (which they should be able to), since that's predicated on being\n# able to read the Silo.\n#\n# It's unclear what else would break if users couldn't see their own Silo.\nhas_permission(actor: AuthenticatedActor, "read", silo: Silo)\n\tif silo in actor.silo;\n\nresource Project {\n\tpermissions = [\n\t "list_children",\n\t "modify",\n\t "read",\n\t "create_child",\n\t];\n\troles = [ "admin", "collaborator", "viewer" ];\n\n\t# Roles implied by other roles on this resource\n\t"viewer" if "collaborator";\n\t"collaborator" if "admin";\n\n\t# Permissions granted directly by roles on this resource\n\t"list_children" if "viewer";\n\t"read" if "viewer";\n\t"create_child" if "collaborator";\n\t"modify" if "admin";\n\n\t# Roles implied by roles on this resource's parent (Silo)\n\trelations = { parent_silo: Silo };\n\t"admin" if "collaborator" on "parent_silo";\n\t"viewer" if "viewer" on "parent_silo";\n}\nhas_relation(silo: Silo, "parent_silo", project: Project)\n\tif project.silo = silo;\n\n#\n# GENERAL RESOURCES OUTSIDE THE SILO/PROJECT HIERARCHY\n#\n# Many resources use snippets of Polar generated by the `authz_resource!` Rust\n# macro. Some resources require custom Polar code. Those appear here.\n#\n\nresource Certificate {\n\tpermissions = [ "read", "modify" ];\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Fleet-level and silo-level roles both grant privileges on certificates.\n\t"read" if "admin" on "parent_silo";\n\t"modify" if "admin" on "parent_silo";\n\t"read" if "admin" on "parent_fleet";\n\t"modify" if "admin" on "parent_fleet";\n}\nhas_relation(silo: Silo, "parent_silo", certificate: Certificate)\n\tif certificate.silo = silo;\nhas_relation(fleet: Fleet, "parent_fleet", certificate: Certificate)\n\tif certificate.silo.fleet = fleet;\n\nresource SiloUser {\n\tpermissions = [\n\t "list_children",\n\t "modify",\n\t "read",\n\t "create_child",\n\t];\n\n\t# Fleet and Silo administrators can manage a Silo's users. This is one\n\t# of the only areas of Silo configuration that Fleet Administrators have\n\t# permissions on.\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\t"list_children" if "read" on "parent_silo";\n\t"read" if "read" on "parent_silo";\n\t"modify" if "admin" on "parent_silo";\n\t"create_child" if "admin" on "parent_silo";\n\t"list_children" if "read" on "parent_fleet";\n\t"read" if "read" on "parent_fleet";\n\t"modify" if "admin" on "parent_fleet";\n\t"create_child" if "admin" on "parent_fleet";\n}\nhas_relation(silo: Silo, "parent_silo", user: SiloUser)\n\tif user.silo = silo;\nhas_relation(fleet: Fleet, "parent_fleet", user: SiloUser)\n\tif user.silo.fleet = fleet;\n\n# authenticated actors have all permissions on themselves\nhas_permission(actor: AuthenticatedActor, _perm: String, silo_user: SiloUser)\n if actor.equals_silo_user(silo_user);\n\nhas_permission(actor: AuthenticatedActor, "read", silo_user: SiloUser)\n if silo_user.silo in actor.silo;\n\nresource SiloGroup {\n\tpermissions = [\n\t "list_children",\n\t "modify",\n\t "read",\n\t "create_child",\n\t];\n\n\trelations = { parent_silo: Silo };\n\t"list_children" if "read" on "parent_silo";\n\t"read" if "read" on "parent_silo";\n\t"modify" if "admin" on "parent_silo";\n\t"create_child" if "admin" on "parent_silo";\n}\nhas_relation(silo: Silo, "parent_silo", group: SiloGroup)\n\tif group.silo = silo;\n\nresource SshKey {\n\tpermissions = [ "read", "modify" ];\n\trelations = { silo_user: SiloUser };\n\n\t"read" if "read" on "silo_user";\n\t"modify" if "modify" on "silo_user";\n}\nhas_relation(user: SiloUser, "silo_user", ssh_key: SshKey)\n\tif ssh_key.silo_user = user;\n\nresource IdentityProvider {\n\tpermissions = [\n\t "read",\n\t "modify",\n\t "create_child",\n\t "list_children",\n\t];\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Silo-level roles grant privileges on identity providers.\n\t"read" if "viewer" on "parent_silo";\n\t"list_children" if "viewer" on "parent_silo";\n\t"modify" if "admin" on "parent_silo";\n\t"create_child" if "admin" on "parent_silo";\n\n\t# Fleet-level roles also grant privileges on identity providers.\n\t"read" if "viewer" on "parent_fleet";\n\t"list_children" if "viewer" on "parent_fleet";\n\t"modify" if "admin" on "parent_fleet";\n\t"create_child" if "admin" on "parent_fleet";\n}\nhas_relation(silo: Silo, "parent_silo", identity_provider: IdentityProvider)\n\tif identity_provider.silo = silo;\nhas_relation(fleet: Fleet, "parent_fleet", collection: IdentityProvider)\n\tif collection.silo.fleet = fleet;\n\nresource SamlIdentityProvider {\n\tpermissions = [\n\t "read",\n\t "modify",\n\t "create_child",\n\t "list_children",\n\t];\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Silo-level roles grant privileges on identity providers.\n\t"read" if "viewer" on "parent_silo";\n\t"list_children" if "viewer" on "parent_silo";\n\t"modify" if "admin" on "parent_silo";\n\t"create_child" if "admin" on "parent_silo";\n\n\t# Fleet-level roles also grant privileges on identity providers.\n\t"read" if "viewer" on "parent_fleet";\n\t"list_children" if "viewer" on "parent_fleet";\n\t"modify" if "admin" on "parent_fleet";\n\t"create_child" if "admin" on "parent_fleet";\n}\nhas_relation(silo: Silo, "parent_silo", saml_identity_provider: SamlIdentityProvider)\n\tif saml_identity_provider.silo = silo;\nhas_relation(fleet: Fleet, "parent_fleet", collection: SamlIdentityProvider)\n\tif collection.silo.fleet = fleet;\n\n#\n# SYNTHETIC RESOURCES OUTSIDE THE SILO HIERARCHY\n#\n# The resources here do not correspond to anything that appears explicitly in\n# the API or is stored in the database. These are used either at the top level\n# of the API path (e.g., "/v1/system/ip-pools") or as an implementation detail of the system\n# (in the case of console sessions and "Database"). The policies are\n# either statically-defined in this file or driven by role assignments on the\n# Fleet. None of these resources defines their own roles.\n#\n\n# Describes the policy for reading and modifying DNS configuration\n# (both internal and external)\nresource DnsConfig {\n\tpermissions = [ "read", "modify" ];\n\trelations = { parent_fleet: Fleet };\n\t# "external-authenticator" requires these permissions because that's the\n\t# context that Nexus uses when creating and deleting Silos. These\n\t# operations necessarily need to read and modify DNS configuration.\n\t"read" if "external-authenticator" on "parent_fleet";\n\t"modify" if "external-authenticator" on "parent_fleet";\n\t# "admin" on the parent fleet also gets these permissions, primarily for\n\t# the test suite.\n\t"read" if "admin" on "parent_fleet";\n\t"modify" if "admin" on "parent_fleet";\n}\nhas_relation(fleet: Fleet, "parent_fleet", dns_config: DnsConfig)\n\tif dns_config.fleet = fleet;\n\n# Describes the policy for reading and modifying low-level inventory\nresource Inventory {\n\tpermissions = [ "read", "modify" ];\n\trelations = { parent_fleet: Fleet };\n\t"read" if "viewer" on "parent_fleet";\n\t"modify" if "admin" on "parent_fleet";\n}\nhas_relation(fleet: Fleet, "parent_fleet", inventory: Inventory)\n\tif inventory.fleet = fleet;\n\n# Describes the policy for accessing "/v1/system/ip-pools" in the API\nresource IpPoolList {\n\tpermissions = [\n\t "list_children",\n\t "modify",\n\t "create_child",\n\t];\n\n\t# Fleet Administrators can create or modify the IP Pools list.\n\trelations = { parent_fleet: Fleet };\n\t"modify" if "admin" on "parent_fleet";\n\t"create_child" if "admin" on "parent_fleet";\n\n\t# Fleet Viewers can list IP Pools\n\t"list_children" if "viewer" on "parent_fleet";\n}\nhas_relation(fleet: Fleet, "parent_fleet", ip_pool_list: IpPoolList)\n\tif ip_pool_list.fleet = fleet;\n\n# Any authenticated user can create a child of a provided IP Pool.\n# This is necessary to use the pools when provisioning instances.\nhas_permission(actor: AuthenticatedActor, "create_child", ip_pool: IpPool)\n\tif silo in actor.silo and silo.fleet = ip_pool.fleet;\n\n# Describes the policy for creating and managing web console sessions.\nresource ConsoleSessionList {\n\tpermissions = [ "create_child" ];\n\trelations = { parent_fleet: Fleet };\n\t"create_child" if "external-authenticator" on "parent_fleet";\n}\nhas_relation(fleet: Fleet, "parent_fleet", collection: ConsoleSessionList)\n\tif collection.fleet = fleet;\n\n# Describes the policy for creating and managing device authorization requests.\nresource DeviceAuthRequestList {\n\tpermissions = [ "create_child" ];\n\trelations = { parent_fleet: Fleet };\n\t"create_child" if "external-authenticator" on "parent_fleet";\n}\nhas_relation(fleet: Fleet, "parent_fleet", collection: DeviceAuthRequestList)\n\tif collection.fleet = fleet;\n\n# Describes the policy for creating and managing Silo certificates\nresource SiloCertificateList {\n\tpermissions = [ "list_children", "create_child" ];\n\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Both Fleet and Silo administrators can see and modify the Silo's\n\t# certificates.\n\t"list_children" if "admin" on "parent_silo";\n\t"list_children" if "admin" on "parent_fleet";\n\t"create_child" if "admin" on "parent_silo";\n\t"create_child" if "admin" on "parent_fleet";\n}\nhas_relation(silo: Silo, "parent_silo", collection: SiloCertificateList)\n\tif collection.silo = silo;\nhas_relation(fleet: Fleet, "parent_fleet", collection: SiloCertificateList)\n\tif collection.silo.fleet = fleet;\n\n# Describes the policy for creating and managing Silo identity providers\nresource SiloIdentityProviderList {\n\tpermissions = [ "list_children", "create_child" ];\n\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Everyone who can read the Silo (which includes all the users in the\n\t# Silo) can see the identity providers in it.\n\t"list_children" if "read" on "parent_silo";\n\n\t# Fleet and Silo administrators can manage the Silo's identity provider\n\t# configuration. This is one of the only areas of Silo configuration\n\t# that Fleet Administrators have permissions on. This is also one of\n\t# the only cases where we need to look two levels up the hierarchy to\n\t# see if somebody has the right permission. For most other things,\n\t# permissions cascade down the hierarchy so we only need to look at the\n\t# parent.\n\t"create_child" if "admin" on "parent_silo";\n\t"create_child" if "admin" on "parent_fleet";\n}\nhas_relation(silo: Silo, "parent_silo", collection: SiloIdentityProviderList)\n\tif collection.silo = silo;\nhas_relation(fleet: Fleet, "parent_fleet", collection: SiloIdentityProviderList)\n\tif collection.silo.fleet = fleet;\n\n# Describes the policy for creating and managing Silo users (mostly intended for\n# API-managed users)\nresource SiloUserList {\n\tpermissions = [ "list_children", "create_child" ];\n\n\trelations = { parent_silo: Silo, parent_fleet: Fleet };\n\n\t# Everyone who can read the Silo (which includes all the users in the\n\t# Silo) can see the users in it.\n\t"list_children" if "read" on "parent_silo";\n\n\t# Fleet and Silo administrators can manage the Silo's users. This is\n\t# one of the only areas of Silo configuration that Fleet Administrators\n\t# have permissions on. This is also one of the few cases (so far) where\n\t# we need to look two levels up the hierarchy to see if somebody has the\n\t# right permission. For most other things, permissions cascade down the\n\t# hierarchy so we only need to look at the parent.\n\t"create_child" if "admin" on "parent_silo";\n\t"list_children" if "admin" on "parent_fleet";\n\t"create_child" if "admin" on "parent_fleet";\n}\nhas_relation(silo: Silo, "parent_silo", collection: SiloUserList)\n\tif collection.silo = silo;\nhas_relation(fleet: Fleet, "parent_fleet", collection: SiloUserList)\n\tif collection.silo.fleet = fleet;\n\n# These rules grants the external authenticator role the permissions it needs to\n# read silo users and modify their sessions. This is necessary for login to\n# work.\nhas_permission(actor: AuthenticatedActor, "read", silo: Silo)\n\tif has_role(actor, "external-authenticator", silo.fleet);\nhas_permission(actor: AuthenticatedActor, "read", user: SiloUser)\n\tif has_role(actor, "external-authenticator", user.silo.fleet);\nhas_permission(actor: AuthenticatedActor, "modify", user: SiloUser)\n\tif has_role(actor, "external-authenticator", user.silo.fleet);\nhas_permission(actor: AuthenticatedActor, "read", group: SiloGroup)\n\tif has_role(actor, "external-authenticator", group.silo.fleet);\nhas_permission(actor: AuthenticatedActor, "modify", group: SiloGroup)\n\tif has_role(actor, "external-authenticator", group.silo.fleet);\n\nhas_permission(actor: AuthenticatedActor, "read", session: ConsoleSession)\n\tif has_role(actor, "external-authenticator", session.fleet);\nhas_permission(actor: AuthenticatedActor, "modify", session: ConsoleSession)\n\tif has_role(actor, "external-authenticator", session.fleet);\n\n# All authenticated users can read and delete device authn requests because\n# by necessity these operations happen before we've figured out what user (or\n# even Silo) the device auth is associated with. Any user can claim a device\n# auth request with the right user code (that's how it works) -- it's the user\n# code and associated logic that prevents unauthorized access here.\nhas_permission(_actor: AuthenticatedActor, "read", _device_auth: DeviceAuthRequest);\nhas_permission(_actor: AuthenticatedActor, "modify", _device_auth: DeviceAuthRequest);\n\nhas_permission(actor: AuthenticatedActor, "read", device_token: DeviceAccessToken)\n\tif has_role(actor, "external-authenticator", device_token.fleet);\n\nhas_permission(actor: AuthenticatedActor, "read", identity_provider: IdentityProvider)\n\tif has_role(actor, "external-authenticator", identity_provider.silo.fleet);\n\nhas_permission(actor: AuthenticatedActor, "read", saml_identity_provider: SamlIdentityProvider)\n\tif has_role(actor, "external-authenticator", saml_identity_provider.silo.fleet);\n\n# Describes the policy for who can access the internal database.\nresource Database {\n\tpermissions = [\n\t # "query" is required to perform any query against the database,\n\t # whether a read or write query. This is checked when an operation\n\t # checks out a database connection from the connection pool.\n\t #\n\t # Any authenticated user gets this permission. There's generally\n\t # some other authz check involved in the database query. For\n\t # example, if you're querying the database to "read" a "Project", we\n\t # should also be checking that. So why do we do this at all? It's\n\t # a belt-and-suspenders measure so that if we somehow introduced an\n\t # unauthenticated code path that hits the database, it cannot be\n\t # used to DoS the database because we won't allow the operation to\n\t # make the query. (As long as the code path _is_ authenticated, we\n\t # can use throttling mechanisms to prevent DoS.)\n\t "query",\n\n\t # "modify" is required to populate database data that's delivered\n\t # with the system. It should also be required for schema changes,\n\t # when we support those. This is separate from "query" so that we\n\t # cannot accidentally invoke these code paths from API calls and\n\t # other general functions.\n\t "modify"\n\t];\n}\n\n# All authenticated users have the "query" permission on the database.\nhas_permission(_actor: AuthenticatedActor, "query", _resource: Database);\n\n# The "db-init" user is the only one with the "modify" permission.\nhas_permission(USER_DB_INIT: AuthenticatedActor, "modify", _resource: Database);\nhas_permission(USER_DB_INIT: AuthenticatedActor, "create_child", _resource: IpPoolList);\n# It also has "admin" on the internal silo to populate it with built-in resources.\n# TODO-completeness: actually limit to just internal silo and not all silos\nhas_role(USER_DB_INIT: AuthenticatedActor, "admin", _silo: Silo);\n\n# Allow the internal API admin permissions on all silos.\nhas_role(USER_INTERNAL_API: AuthenticatedActor, "admin", _silo: Silo);\n\n\n\n resource Disk {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n\n relations = { containing_project: Project };\n "list_children" if "viewer" on "containing_project";\n "read" if "viewer" on "containing_project";\n "modify" if "collaborator" on "containing_project";\n "create_child" if "collaborator" on "containing_project";\n }\n\n has_relation(parent: Project, "containing_project", child: Disk)\n if child.project = parent;\n \n\n resource Snapshot {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n\n relations = { containing_project: Project };\n "list_children" if "viewer" on "containing_project";\n "read" if "viewer" on "containing_project";\n "modify" if "collaborator" on "containing_project";\n "create_child" if "collaborator" on "containing_project";\n }\n\n has_relation(parent: Project, "containing_project", child: Snapshot)\n if child.project = parent;\n \n\n resource ProjectImage {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n\n relations = { containing_project: Project };\n "list_children" if "viewer" on "containing_project";\n "read" if "viewer" on "containing_project";\n "modify" if "collaborator" on "containing_project";\n "create_child" if "collaborator" on "containing_project";\n }\n\n has_relation(parent: Project, "containing_project", child: ProjectImage)\n if child.project = parent;\n \n\n resource Instance {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n\n relations = { containing_project: Project };\n "list_children" if "viewer" on "containing_project";\n "read" if "viewer" on "containing_project";\n "modify" if "collaborator" on "containing_project";\n "create_child" if "collaborator" on "containing_project";\n }\n\n has_relation(parent: Project, "containing_project", child: Instance)\n if child.project = parent;\n \n\n resource IpPool {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: IpPool)\n if child.fleet = fleet;\n \n\n resource InstanceNetworkInterface {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n\n relations = {\n containing_project: Project,\n parent: Instance\n };\n "list_children" if "viewer" on "containing_project";\n "read" if "viewer" on "containing_project";\n "modify" if "collaborator" on "containing_project";\n "create_child" if "collaborator" on "containing_project";\n }\n\n has_relation(project: Project, "containing_project", child: InstanceNetworkInterface)\n if has_relation(project, "containing_project", child.instance);\n\n has_relation(parent: Instance, "parent", child: InstanceNetworkInterface)\n if child.instance = parent;\n \n\n resource Vpc {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n\n relations = { containing_project: Project };\n "list_children" if "viewer" on "containing_project";\n "read" if "viewer" on "containing_project";\n "modify" if "collaborator" on "containing_project";\n "create_child" if "collaborator" on "containing_project";\n }\n\n has_relation(parent: Project, "containing_project", child: Vpc)\n if child.project = parent;\n \n\n resource VpcRouter {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n\n relations = {\n containing_project: Project,\n parent: Vpc\n };\n "list_children" if "viewer" on "containing_project";\n "read" if "viewer" on "containing_project";\n "modify" if "collaborator" on "containing_project";\n "create_child" if "collaborator" on "containing_project";\n }\n\n has_relation(project: Project, "containing_project", child: VpcRouter)\n if has_relation(project, "containing_project", child.vpc);\n\n has_relation(parent: Vpc, "parent", child: VpcRouter)\n if child.vpc = parent;\n \n\n resource RouterRoute {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n\n relations = {\n containing_project: Project,\n parent: VpcRouter\n };\n "list_children" if "viewer" on "containing_project";\n "read" if "viewer" on "containing_project";\n "modify" if "collaborator" on "containing_project";\n "create_child" if "collaborator" on "containing_project";\n }\n\n has_relation(project: Project, "containing_project", child: RouterRoute)\n if has_relation(project, "containing_project", child.vpc_router);\n\n has_relation(parent: VpcRouter, "parent", child: RouterRoute)\n if child.vpc_router = parent;\n \n\n resource VpcSubnet {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n\n relations = {\n containing_project: Project,\n parent: Vpc\n };\n "list_children" if "viewer" on "containing_project";\n "read" if "viewer" on "containing_project";\n "modify" if "collaborator" on "containing_project";\n "create_child" if "collaborator" on "containing_project";\n }\n\n has_relation(project: Project, "containing_project", child: VpcSubnet)\n if has_relation(project, "containing_project", child.vpc);\n\n has_relation(parent: Vpc, "parent", child: VpcSubnet)\n if child.vpc = parent;\n \n\n resource Image {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n\n relations = { containing_silo: Silo };\n "list_children" if "viewer" on "containing_silo";\n "read" if "viewer" on "containing_silo";\n "modify" if "collaborator" on "containing_silo";\n "create_child" if "collaborator" on "containing_silo";\n }\n\n has_relation(parent: Silo, "containing_silo", child: Image)\n if child.silo = parent;\n \n\n resource SiloImage {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n\n relations = { containing_silo: Silo };\n "list_children" if "viewer" on "containing_silo";\n "read" if "viewer" on "containing_silo";\n "modify" if "collaborator" on "containing_silo";\n "create_child" if "collaborator" on "containing_silo";\n }\n\n has_relation(parent: Silo, "containing_silo", child: SiloImage)\n if child.silo = parent;\n \n\n resource AddressLot {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: AddressLot)\n if child.fleet = fleet;\n \n\n resource LoopbackAddress {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: LoopbackAddress)\n if child.fleet = fleet;\n \n\n\n resource ConsoleSession {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: ConsoleSession)\n if child.fleet = fleet;\n \n\n resource DeviceAuthRequest {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: DeviceAuthRequest)\n if child.fleet = fleet;\n \n\n resource DeviceAccessToken {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: DeviceAccessToken)\n if child.fleet = fleet;\n \n\n resource PhysicalDisk {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: PhysicalDisk)\n if child.fleet = fleet;\n \n\n resource Rack {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: Rack)\n if child.fleet = fleet;\n \n\n resource RoleBuiltin {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: RoleBuiltin)\n if child.fleet = fleet;\n \n\n\n\n\n\n\n\n resource Sled {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: Sled)\n if child.fleet = fleet;\n \n\n resource Zpool {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: Zpool)\n if child.fleet = fleet;\n \n\n resource Service {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: Service)\n if child.fleet = fleet;\n \n\n resource UpdateArtifact {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: UpdateArtifact)\n if child.fleet = fleet;\n \n\n resource UserBuiltin {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: UserBuiltin)\n if child.fleet = fleet;\n \n\n resource SystemUpdate {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: SystemUpdate)\n if child.fleet = fleet;\n \n\n resource UpdateDeployment {\n permissions = [\n "list_children",\n "modify",\n "read",\n "create_child",\n ];\n \n relations = { parent_fleet: Fleet };\n "list_children" if "viewer" on "parent_fleet";\n "read" if "viewer" on "parent_fleet";\n "modify" if "admin" on "parent_fleet";\n "create_child" if "admin" on "parent_fleet";\n }\n has_relation(fleet: Fleet, "parent_fleet", child: UpdateDeployment)\n if child.fleet = fleet;\n file = nexus/db-queries/src/authz/oso_generic.rs:89
59	2023-11-08T06:59:24.586Z	INFO	nexus (ServerContext): Setting up resolver using DNS servers for subnet: Ipv6Subnet { net: Ipv6Net(Ipv6Network { addr: fd00:1122:3344::, prefix: 48 }) } file = nexus/src/context.rs:142
60	2023-11-08T06:59:24.588Z	INFO	nexus (DnsResolver): new DNS resolver addresses = [[fd00:1122:3344:1::1]:53, [fd00:1122:3344:2::1]:53, [fd00:1122:3344:3::1]:53, [fd00:1122:3344:4::1]:53, [fd00:1122:3344:5::1]:53] file = internal-dns/src/resolver.rs:60
61	2023-11-08T06:59:24.590Z	INFO	nexus (ServerContext): Accessing DB url from DNS file = nexus/src/context.rs:171
62	2023-11-08T06:59:24.598Z	DEBG	nexus (DnsResolver): lookup_all_socket_v6 srv dns_name = _cockroach._tcp.control-plane.oxide.internal response = SrvLookup(Lookup { query: Query { name: Name("_cockroach._tcp.control-plane.oxide.internal"), query_type: SRV, query_class: IN }, records: [Record { name_labels: Name("_cockroach._tcp.control-plane.oxide.internal."), rr_type: SRV, dns_class: IN, ttl: 0, rdata: Some(SRV(SRV { priority: 0, weight: 0, port: 32221, target: Name("3c68f5f6-7104-4b77-b9af-c5db8d07df9e.host.control-plane.oxide.internal.") })) }, Record { name_labels: Name("_cockroach._tcp.control-plane.oxide.internal."), rr_type: SRV, dns_class: IN, ttl: 0, rdata: Some(SRV(SRV { priority: 0, weight: 0, port: 32221, target: Name("6216fa3e-8985-4cef-a593-0f1e3188c9d6.host.control-plane.oxide.internal.") })) }, Record { name_labels: Name("_cockroach._tcp.control-plane.oxide.internal."), rr_type: SRV, dns_class: IN, ttl: 0, rdata: Some(SRV(SRV { priority: 0, weight: 0, port: 32221, target: Name("72cd1a3c-388a-4567-9bee-b2e774044585.host.control-plane.oxide.internal.") })) }, Record { name_labels: Name("_cockroach._tcp.control-plane.oxide.internal."), rr_type: SRV, dns_class: IN, ttl: 0, rdata: Some(SRV(SRV { priority: 0, weight: 0, port: 32221, target: Name("c1f7da38-bdd6-4773-93aa-f891f8bb05aa.host.control-plane.oxide.internal.") })) }, Record { name_labels: Name("_cockroach._tcp.control-plane.oxide.internal."), rr_type: SRV, dns_class: IN, ttl: 0, rdata: Some(SRV(SRV { priority: 0, weight: 0, port: 32221, target: Name("e61db6d2-be53-4a13-afcd-e88a9466dc80.host.control-plane.oxide.internal.") })) }, Record { name_labels: Name("e61db6d2-be53-4a13-afcd-e88a9466dc80.host.control-plane.oxide.internal."), rr_type: AAAA, dns_class: IN, ttl: 0, rdata: Some(AAAA(fd00:1122:3344:101::5)) }], valid_until: Instant { tv_sec: 1334, tv_nsec: 807610526 } })
63	2023-11-08T06:59:24.600Z	INFO	nexus (ServerContext): DB addresses: [fd00:1122:3344:101::7]:32221,[fd00:1122:3344:101::3]:32221,[fd00:1122:3344:101::4]:32221,[fd00:1122:3344:101::6]:32221,[fd00:1122:3344:101::5]:32221 file = nexus/src/context.rs:201
64	2023-11-08T06:59:24.601Z	INFO	nexus (db::Pool): database connection pool database_url = postgresql://root@[fd00:1122:3344:101::7]:32221,[fd00:1122:3344:101::3]:32221,[fd00:1122:3344:101::4]:32221,[fd00:1122:3344:101::6]:32221,[fd00:1122:3344:101::5]:32221/omicron?sslmode=disable file = nexus/db-queries/src/db/pool.rs:75
65	2023-11-08T06:59:24.618Z	INFO	nexus: Compatible database schema: 9.0.0 file = nexus/db-queries/src/db/datastore/db_metadata.rs:110
66	2023-11-08T06:59:24.621Z	INFO	nexus (SEC): SEC running file = /home/build/.cargo/registry/src/index.crates.io-6f17d22bba15001f/steno-0.4.0/src/sec.rs:811 sec_id = ec378940-3587-4f60-90e2-7be002dd08ca
67	2023-11-08T06:59:24.621Z	DEBG	nexus (DnsResolver): lookup_all_ipv6 srv dns_name = _dendrite._tcp.control-plane.oxide.internal response = SrvLookup(Lookup { query: Query { name: Name("_dendrite._tcp.control-plane.oxide.internal"), query_type: SRV, query_class: IN }, records: [Record { name_labels: Name("_dendrite._tcp.control-plane.oxide.internal."), rr_type: SRV, dns_class: IN, ttl: 0, rdata: Some(SRV(SRV { priority: 0, weight: 0, port: 12224, target: Name("dendrite-a5a3dfb8-54e1-48d1-92e9-fc318209c1e6.host.control-plane.oxide.internal.") })) }, Record { name_labels: Name("dendrite-a5a3dfb8-54e1-48d1-92e9-fc318209c1e6.host.control-plane.oxide.internal."), rr_type: AAAA, dns_class: IN, ttl: 0, rdata: Some(AAAA(fd00:1122:3344:101::2)) }], valid_until: Instant { tv_sec: 1334, tv_nsec: 830634023 } })
68	2023-11-08T06:59:24.621Z	INFO	nexus (Nexus): Determining switch slots managed by switch zones file = nexus/src/app/mod.rs:847
69	2023-11-08T06:59:24.672Z	INFO	nexus (Nexus): determining switch slot managed by dendrite zone file = nexus/src/app/mod.rs:855 zone_address = fd00:1122:3344:101::2
70	2023-11-08T06:59:24.672Z	DEBG	nexus (MgsClient): client request body = None method = GET uri = http://[fd00:1122:3344:101::2]:12225/local/switch-id
71	2023-11-08T06:59:24.675Z	DEBG	nexus (MgsClient): client response result = Ok(Response { url: Url { scheme: "http", cannot_be_a_base: false, username: "", password: None, host: Some(Ipv6(fd00:1122:3344:101::2)), port: Some(12225), path: "/local/switch-id", query: None, fragment: None }, status: 200, headers: {"content-type": "application/json", "x-request-id": "41229a33-a0f9-4c77-a87a-bda8b52c6b60", "content-length": "26", "date": "Wed, 08 Nov 2023 06:59:24 GMT"} })
72	2023-11-08T06:59:24.676Z	INFO	nexus (Nexus): identified switch slot for dendrite zone file = nexus/src/app/mod.rs:860 slot = SpIdentifier {\n slot: 0,\n type_: Switch,\n} zone_address = fd00:1122:3344:101::2
73	2023-11-08T06:59:24.676Z	INFO	nexus (Nexus): completed mapping dendrite zones to switch slots file = nexus/src/app/mod.rs:892 mappings = {\n Switch0: fd00:1122:3344:101::2,\n}
74	2023-11-08T06:59:24.709Z	DEBG	nexus (DnsResolver): lookup_all_ipv6 srv dns_name = _dendrite._tcp.control-plane.oxide.internal response = SrvLookup(Lookup { query: Query { name: Name("_dendrite._tcp.control-plane.oxide.internal"), query_type: SRV, query_class: IN }, records: [Record { name_labels: Name("_dendrite._tcp.control-plane.oxide.internal."), rr_type: SRV, dns_class: IN, ttl: 0, rdata: Some(SRV(SRV { priority: 0, weight: 0, port: 12224, target: Name("dendrite-a5a3dfb8-54e1-48d1-92e9-fc318209c1e6.host.control-plane.oxide.internal.") })) }, Record { name_labels: Name("dendrite-a5a3dfb8-54e1-48d1-92e9-fc318209c1e6.host.control-plane.oxide.internal."), rr_type: AAAA, dns_class: IN, ttl: 0, rdata: Some(AAAA(fd00:1122:3344:101::2)) }], valid_until: Instant { tv_sec: 1334, tv_nsec: 918609582 } })
75	2023-11-08T06:59:24.710Z	INFO	nexus (Nexus): Determining switch slots managed by switch zones file = nexus/src/app/mod.rs:847
76	2023-11-08T06:59:24.743Z	INFO	nexus (Nexus): determining switch slot managed by dendrite zone file = nexus/src/app/mod.rs:855 zone_address = fd00:1122:3344:101::2
77	2023-11-08T06:59:24.743Z	DEBG	nexus (MgsClient): client request body = None method = GET uri = http://[fd00:1122:3344:101::2]:12225/local/switch-id
78	2023-11-08T06:59:24.744Z	DEBG	nexus (MgsClient): client response result = Ok(Response { url: Url { scheme: "http", cannot_be_a_base: false, username: "", password: None, host: Some(Ipv6(fd00:1122:3344:101::2)), port: Some(12225), path: "/local/switch-id", query: None, fragment: None }, status: 200, headers: {"content-type": "application/json", "x-request-id": "e4f2450b-1d9f-4785-89ed-56242194b76f", "content-length": "26", "date": "Wed, 08 Nov 2023 06:59:24 GMT"} })
79	2023-11-08T06:59:24.744Z	INFO	nexus (Nexus): identified switch slot for dendrite zone file = nexus/src/app/mod.rs:860 slot = SpIdentifier {\n slot: 0,\n type_: Switch,\n} zone_address = fd00:1122:3344:101::2
80	2023-11-08T06:59:24.744Z	INFO	nexus (Nexus): completed mapping dendrite zones to switch slots file = nexus/src/app/mod.rs:892 mappings = {\n Switch0: fd00:1122:3344:101::2,\n}
81	2023-11-08T06:59:24.784Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
82	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): activating background_task = dns_propagation_internal dns_group = internal iteration = 1 reason = Timeout
83	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): activating background_task = dns_servers_external dns_group = external iteration = 1 reason = Timeout
84	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): activating background_task = external_endpoints iteration = 1 reason = Timeout
85	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): activating background_task = inventory_collection iteration = 1 reason = Timeout
86	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): activating background_task = dns_config_internal dns_group = internal iteration = 1 reason = Timeout
87	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): activating background_task = dns_propagation_external dns_group = external iteration = 1 reason = Timeout
88	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): activating background_task = dns_servers_internal dns_group = internal iteration = 1 reason = Timeout
89	2023-11-08T06:59:24.787Z	WARN	nexus (BackgroundTasks): DNS propagation: skipped background_task = dns_propagation_internal dns_group = internal file = nexus/src/app/background/dns_propagation.rs:65 reason = no config nor servers
90	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): activating background_task = dns_config_external dns_group = external iteration = 1 reason = Timeout
91	2023-11-08T06:59:24.787Z	WARN	nexus (BackgroundTasks): DNS propagation: skipped background_task = dns_propagation_external dns_group = external file = nexus/src/app/background/dns_propagation.rs:65 reason = no config nor servers
92	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): activation complete background_task = dns_propagation_internal dns_group = internal elapsed = 906.686\u{b5}s iteration = 1
93	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): activation complete background_task = dns_propagation_external dns_group = external elapsed = 912.436\u{b5}s iteration = 1
94	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): roles background_task = inventory_collection roles = RoleSet { roles: {} }
95	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): roles background_task = dns_servers_external dns_group = external roles = RoleSet { roles: {} }
96	2023-11-08T06:59:24.787Z	DEBG	nexus (BackgroundTasks): roles background_task = dns_servers_internal dns_group = internal roles = RoleSet { roles: {} }
97	2023-11-08T06:59:24.788Z	DEBG	nexus (BackgroundTasks): reading DNS version background_task = dns_config_internal dns_group = internal
98	2023-11-08T06:59:24.788Z	DEBG	nexus (BackgroundTasks): reading DNS version background_task = dns_config_external dns_group = external
99	2023-11-08T06:59:24.788Z	DEBG	nexus (BackgroundTasks): roles background_task = dns_config_external dns_group = external roles = RoleSet { roles: {} }
100	2023-11-08T06:59:24.788Z	DEBG	nexus (BackgroundTasks): roles background_task = dns_config_internal dns_group = internal roles = RoleSet { roles: {} }
101	2023-11-08T06:59:24.789Z	DEBG	nexus (BackgroundTasks): roles background_task = external_endpoints roles = RoleSet { roles: {} }
102	2023-11-08T06:59:24.790Z	INFO	nexus (SagaRecoverer): start saga recovery file = nexus/db-queries/src/db/saga_recovery.rs:77
103	2023-11-08T06:59:24.795Z	DEBG	nexus (BackgroundTasks): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = inventory_collection resource = Database result = Ok(())
104	2023-11-08T06:59:24.796Z	DEBG	nexus (DataLoader): authorize result action = Modify actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
105	2023-11-08T06:59:24.796Z	DEBG	nexus (DataLoader): attempting to create built-in users
106	2023-11-08T06:59:24.796Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
107	2023-11-08T06:59:24.797Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
108	2023-11-08T06:59:24.797Z	DEBG	nexus (BackgroundTasks): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = external_endpoints resource = Database result = Ok(())
109	2023-11-08T06:59:24.799Z	DEBG	nexus (BackgroundTasks): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = dns_config_internal dns_group = internal resource = Database result = Ok(())
110	2023-11-08T06:59:24.799Z	DEBG	nexus (BackgroundTasks): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = dns_servers_internal dns_group = internal resource = Database result = Ok(())
111	2023-11-08T06:59:24.799Z	DEBG	nexus (BackgroundTasks): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = dns_config_external dns_group = external resource = Database result = Ok(())
112	2023-11-08T06:59:24.800Z	DEBG	nexus (BackgroundTasks): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = dns_servers_external dns_group = external resource = Database result = Ok(())
113	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = GET path = /artifacts/{kind}/{name}/{version}
114	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = GET path = /bgtasks
115	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = GET path = /bgtasks/{bgtask_name}
116	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = POST path = /disk/{disk_id}/remove-read-only-parent
117	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = PUT path = /disks/{disk_id}
118	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = PUT path = /instances/{instance_id}
119	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = GET path = /metrics/collect/{producer_id}
120	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = POST path = /metrics/collectors
121	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = POST path = /metrics/producers
122	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = DELETE path = /physical-disk
123	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = PUT path = /physical-disk
124	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = PUT path = /racks/{rack_id}/initialization-complete
125	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = GET path = /sagas
126	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = GET path = /sagas/{saga_id}
127	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = POST path = /sled-agents/{sled_id}
128	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = PUT path = /sled-agents/{sled_id}/zpools/{zpool_id}
129	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = PUT path = /switch/{switch_id}
130	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): registered endpoint local_addr = [fd00:1122:3344:101::b]:12221 method = POST path = /volume/{volume_id}/remove-read-only-parent
131	2023-11-08T06:59:24.818Z	INFO	nexus (dropshot_internal): listening file = /home/build/.cargo/git/checkouts/dropshot-a4a923d29dccc492/fa728d0/dropshot/src/server.rs:195 local_addr = [fd00:1122:3344:101::b]:12221
132	2023-11-08T06:59:24.818Z	DEBG	nexus (dropshot_internal): successfully registered DTrace USDT probes local_addr = [fd00:1122:3344:101::b]:12221
133	2023-11-08T06:59:24.819Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
134	2023-11-08T06:59:24.821Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
135	2023-11-08T06:59:24.826Z	DEBG	nexus (BackgroundTasks): roles background_task = dns_config_internal dns_group = internal roles = RoleSet { roles: {} }
136	2023-11-08T06:59:24.829Z	DEBG	nexus (BackgroundTasks): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = dns_config_internal dns_group = internal resource = Database result = Ok(())
137	2023-11-08T06:59:24.837Z	INFO	nexus (DataLoader): created 0 built-in users file = nexus/db-queries/src/db/datastore/silo_user.rs:394
138	2023-11-08T06:59:24.837Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
139	2023-11-08T06:59:24.838Z	DEBG	nexus (DataLoader): authorize result action = Modify actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
140	2023-11-08T06:59:24.838Z	DEBG	nexus (DataLoader): attempting to create built-in roles
141	2023-11-08T06:59:24.838Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
142	2023-11-08T06:59:24.838Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
143	2023-11-08T06:59:24.841Z	DEBG	nexus (BackgroundTasks): roles background_task = dns_config_external dns_group = external roles = RoleSet { roles: {} }
144	2023-11-08T06:59:24.841Z	DEBG	nexus (BackgroundTasks): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = dns_config_external dns_group = external resource = Database result = Ok(())
145	2023-11-08T06:59:24.845Z	WARN	nexus: Cannot look up rack: Object (of type ById(83981ec3-4271-4dd8-a597-37f5e57d725b)) not found: rack file = nexus/src/app/rack.rs:567
146	2023-11-08T06:59:24.872Z	DEBG	nexus (BackgroundTasks): roles background_task = inventory_collection roles = RoleSet { roles: {} }
147	2023-11-08T06:59:24.872Z	INFO	nexus (DataLoader): created 0 built-in roles file = nexus/db-queries/src/db/datastore/role.rs:87
148	2023-11-08T06:59:24.872Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
149	2023-11-08T06:59:24.874Z	DEBG	nexus (DataLoader): authorize result action = Modify actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
150	2023-11-08T06:59:24.874Z	DEBG	nexus (DataLoader): attempting to create built-in role assignments
151	2023-11-08T06:59:24.874Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
152	2023-11-08T06:59:24.874Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
153	2023-11-08T06:59:24.875Z	DEBG	nexus (BackgroundTasks): authorize result action = Modify actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = inventory_collection resource = Inventory result = Err(Forbidden)
154	2023-11-08T06:59:24.875Z	WARN	nexus (BackgroundTasks): inventory collection failed background_task = inventory_collection error = failed to collect inventory: pruning old collections: Forbidden file = nexus/src/app/background/inventory_collection.rs:69
155	2023-11-08T06:59:24.875Z	DEBG	nexus (BackgroundTasks): activation complete background_task = inventory_collection elapsed = 89.657398ms iteration = 1
156	2023-11-08T06:59:24.886Z	INFO	nexus (DataLoader): created 4 built-in role assignments file = nexus/db-queries/src/db/datastore/role.rs:116
157	2023-11-08T06:59:24.886Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
158	2023-11-08T06:59:24.888Z	DEBG	nexus (DataLoader): authorize result action = Modify actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
159	2023-11-08T06:59:24.888Z	DEBG	nexus (DataLoader): attempting to create built-in silos
160	2023-11-08T06:59:24.888Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
161	2023-11-08T06:59:24.888Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
162	2023-11-08T06:59:24.893Z	INFO	nexus (SagaRecoverer): listed sagas (0 total) file = nexus/db-queries/src/db/saga_recovery.rs:113
163	2023-11-08T06:59:24.899Z	DEBG	nexus (BackgroundTasks): roles background_task = external_endpoints roles = RoleSet { roles: {} }
164	2023-11-08T06:59:24.905Z	DEBG	nexus (BackgroundTasks): authorize result action = ListChildren actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = external_endpoints resource = Fleet result = Err(Forbidden)
165	2023-11-08T06:59:24.905Z	WARN	nexus (BackgroundTasks): failed to read Silo/DNS/TLS configuration background_task = external_endpoints error = Forbidden file = nexus/src/app/background/external_endpoints.rs:59
166	2023-11-08T06:59:24.905Z	DEBG	nexus (BackgroundTasks): activation complete background_task = external_endpoints elapsed = 119.307553ms iteration = 1
167	2023-11-08T06:59:24.913Z	DEBG	nexus (BackgroundTasks): roles background_task = dns_servers_internal dns_group = internal roles = RoleSet { roles: {} }
168	2023-11-08T06:59:24.915Z	DEBG	nexus (BackgroundTasks): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = dns_servers_internal dns_group = internal resource = Fleet result = Err(Forbidden)
169	2023-11-08T06:59:24.915Z	WARN	nexus (BackgroundTasks): failed to read list of DNS servers background_task = dns_servers_internal dns_group = internal error = Forbidden file = nexus/src/app/background/dns_servers.rs:102
170	2023-11-08T06:59:24.915Z	DEBG	nexus (BackgroundTasks): activation complete background_task = dns_servers_internal dns_group = internal elapsed = 129.318409ms iteration = 1
171	2023-11-08T06:59:24.927Z	DEBG	nexus (BackgroundTasks): roles background_task = dns_config_external dns_group = external roles = RoleSet { roles: {} }
172	2023-11-08T06:59:24.929Z	DEBG	nexus (BackgroundTasks): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = dns_config_external dns_group = external resource = DnsConfig result = Err(Forbidden)
173	2023-11-08T06:59:24.930Z	WARN	nexus (BackgroundTasks): failed to read DNS config background_task = dns_config_external dns_group = external error = Forbidden file = nexus/src/app/background/dns_config.rs:76
174	2023-11-08T06:59:24.930Z	DEBG	nexus (BackgroundTasks): activation complete background_task = dns_config_external dns_group = external elapsed = 144.137121ms iteration = 1
175	2023-11-08T06:59:24.930Z	DEBG	nexus (BackgroundTasks): roles background_task = dns_config_internal dns_group = internal roles = RoleSet { roles: {} }
176	2023-11-08T06:59:24.932Z	DEBG	nexus (BackgroundTasks): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = dns_config_internal dns_group = internal resource = DnsConfig result = Err(Forbidden)
177	2023-11-08T06:59:24.932Z	WARN	nexus (BackgroundTasks): failed to read DNS config background_task = dns_config_internal dns_group = internal error = Forbidden file = nexus/src/app/background/dns_config.rs:76
178	2023-11-08T06:59:24.932Z	DEBG	nexus (BackgroundTasks): activation complete background_task = dns_config_internal dns_group = internal elapsed = 146.969222ms iteration = 1
179	2023-11-08T06:59:24.933Z	DEBG	nexus (BackgroundTasks): roles background_task = dns_servers_external dns_group = external roles = RoleSet { roles: {} }
180	2023-11-08T06:59:24.934Z	DEBG	nexus (BackgroundTasks): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000002, .. }) background_task = dns_servers_external dns_group = external resource = Fleet result = Err(Forbidden)
181	2023-11-08T06:59:24.934Z	WARN	nexus (BackgroundTasks): failed to read list of DNS servers background_task = dns_servers_external dns_group = external error = Forbidden file = nexus/src/app/background/dns_servers.rs:102
182	2023-11-08T06:59:24.934Z	DEBG	nexus (BackgroundTasks): activation complete background_task = dns_servers_external dns_group = external elapsed = 148.98588ms iteration = 1
183	2023-11-08T06:59:24.977Z	INFO	nexus (DataLoader): created 2 built-in silos file = nexus/db-queries/src/db/datastore/silo.rs:70
184	2023-11-08T06:59:24.977Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
185	2023-11-08T06:59:24.977Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
186	2023-11-08T06:59:24.991Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
187	2023-11-08T06:59:24.992Z	DEBG	nexus (DataLoader): authorize result action = Modify actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
188	2023-11-08T06:59:24.992Z	DEBG	nexus (DataLoader): attempting to create built-in projects
189	2023-11-08T06:59:24.992Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
190	2023-11-08T06:59:24.992Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
191	2023-11-08T06:59:24.998Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
192	2023-11-08T06:59:24.998Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
193	2023-11-08T06:59:25.000Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
194	2023-11-08T06:59:25.000Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
195	2023-11-08T06:59:25.001Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
196	2023-11-08T06:59:25.003Z	DEBG	nexus (DataLoader): authorize result action = CreateChild actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) } result = Ok(())
197	2023-11-08T06:59:25.003Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
198	2023-11-08T06:59:25.003Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
199	2023-11-08T06:59:25.004Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
200	2023-11-08T06:59:25.004Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
201	2023-11-08T06:59:25.041Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
202	2023-11-08T06:59:25.044Z	DEBG	nexus (DataLoader): authorize result action = CreateChild actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) } result = Ok(())
203	2023-11-08T06:59:25.044Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
204	2023-11-08T06:59:25.044Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
205	2023-11-08T06:59:25.070Z	INFO	nexus (DataLoader): created built-in services project file = nexus/db-queries/src/db/datastore/project.rs:122
206	2023-11-08T06:59:25.070Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
207	2023-11-08T06:59:25.071Z	DEBG	nexus (DataLoader): authorize result action = Modify actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
208	2023-11-08T06:59:25.071Z	DEBG	nexus (DataLoader): attempting to create built-in VPCs
209	2023-11-08T06:59:25.071Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
210	2023-11-08T06:59:25.071Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
211	2023-11-08T06:59:25.073Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
212	2023-11-08T06:59:25.073Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
213	2023-11-08T06:59:25.075Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
214	2023-11-08T06:59:25.075Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
215	2023-11-08T06:59:25.104Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
216	2023-11-08T06:59:25.104Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
217	2023-11-08T06:59:25.108Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
218	2023-11-08T06:59:25.108Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
219	2023-11-08T06:59:25.141Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
220	2023-11-08T06:59:25.143Z	DEBG	nexus (DataLoader): authorize result action = CreateChild actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) } result = Ok(())
221	2023-11-08T06:59:25.143Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
222	2023-11-08T06:59:25.144Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
223	2023-11-08T06:59:25.145Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
224	2023-11-08T06:59:25.145Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
225	2023-11-08T06:59:25.146Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
226	2023-11-08T06:59:25.146Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
227	2023-11-08T06:59:25.147Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
228	2023-11-08T06:59:25.149Z	DEBG	nexus (DataLoader): authorize result action = CreateChild actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) } result = Ok(())
229	2023-11-08T06:59:25.149Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
230	2023-11-08T06:59:25.149Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
231	2023-11-08T06:59:25.163Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
232	2023-11-08T06:59:25.163Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
233	2023-11-08T06:59:25.164Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
234	2023-11-08T06:59:25.164Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
235	2023-11-08T06:59:25.166Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
236	2023-11-08T06:59:25.166Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
237	2023-11-08T06:59:25.167Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
238	2023-11-08T06:59:25.167Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
239	2023-11-08T06:59:25.168Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
240	2023-11-08T06:59:25.169Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
241	2023-11-08T06:59:25.170Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
242	2023-11-08T06:59:25.170Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
243	2023-11-08T06:59:25.171Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
244	2023-11-08T06:59:25.171Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
245	2023-11-08T06:59:25.172Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
246	2023-11-08T06:59:25.175Z	DEBG	nexus (DataLoader): authorize result action = CreateChild actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = VpcRouter { parent: Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000001, lookup_type: ById(001de000-074c-4000-8000-000000000001) } result = Ok(())
247	2023-11-08T06:59:25.175Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
248	2023-11-08T06:59:25.175Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
249	2023-11-08T06:59:25.176Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
250	2023-11-08T06:59:25.176Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
251	2023-11-08T06:59:25.177Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
252	2023-11-08T06:59:25.177Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
253	2023-11-08T06:59:25.178Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
254	2023-11-08T06:59:25.181Z	DEBG	nexus (DataLoader): authorize result action = CreateChild actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = VpcRouter { parent: Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000001, lookup_type: ById(001de000-074c-4000-8000-000000000001) } result = Ok(())
255	2023-11-08T06:59:25.181Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
256	2023-11-08T06:59:25.181Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
257	2023-11-08T06:59:25.225Z	DEBG	nexus (DataLoader): attempting to create built-in VPC firewall rules
258	2023-11-08T06:59:25.225Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
259	2023-11-08T06:59:25.225Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
260	2023-11-08T06:59:25.226Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
261	2023-11-08T06:59:25.226Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
262	2023-11-08T06:59:25.227Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
263	2023-11-08T06:59:25.227Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
264	2023-11-08T06:59:25.228Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
265	2023-11-08T06:59:25.228Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
266	2023-11-08T06:59:25.229Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
267	2023-11-08T06:59:25.229Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
268	2023-11-08T06:59:25.230Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
269	2023-11-08T06:59:25.231Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
270	2023-11-08T06:59:25.232Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
271	2023-11-08T06:59:25.234Z	DEBG	nexus (DataLoader): authorize result action = CreateChild actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) } result = Ok(())
272	2023-11-08T06:59:25.234Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
273	2023-11-08T06:59:25.234Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
274	2023-11-08T06:59:25.235Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
275	2023-11-08T06:59:25.236Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
276	2023-11-08T06:59:25.237Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
277	2023-11-08T06:59:25.237Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
278	2023-11-08T06:59:25.238Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
279	2023-11-08T06:59:25.241Z	DEBG	nexus (DataLoader): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) } result = Ok(())
280	2023-11-08T06:59:25.241Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
281	2023-11-08T06:59:25.241Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
282	2023-11-08T06:59:25.243Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
283	2023-11-08T06:59:25.243Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
284	2023-11-08T06:59:25.276Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
285	2023-11-08T06:59:25.277Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
286	2023-11-08T06:59:25.278Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
287	2023-11-08T06:59:25.278Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
288	2023-11-08T06:59:25.279Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
289	2023-11-08T06:59:25.282Z	DEBG	nexus (DataLoader): authorize result action = Modify actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Vpc { parent: Project { parent: Silo { parent: Fleet, key: 001de000-5110-4000-8000-000000000001, lookup_type: ById(001de000-5110-4000-8000-000000000001) }, key: 001de000-4401-4000-8000-000000000000, lookup_type: ById(001de000-4401-4000-8000-000000000000) }, key: 001de000-074c-4000-8000-000000000000, lookup_type: ById(001de000-074c-4000-8000-000000000000) } result = Ok(())
290	2023-11-08T06:59:25.282Z	DEBG	nexus (DataLoader): roles roles = RoleSet { roles: {} }
291	2023-11-08T06:59:25.282Z	DEBG	nexus (DataLoader): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-000000000001, .. }) resource = Database result = Ok(())
292	2023-11-08T06:59:25.373Z	ERRO	nexus (DataLoader): gave up trying to populate built-in PopulateBuiltinVpcs error_message = InternalError { internal_message: "database error (kind = SerializationFailure): restart transaction: TransactionRetryWithProtoRefreshError: WriteTooOldError: write for key /Table/160/1/\\"\\\\x00\\\\x1d\\\\xe0\\\\x00\\\\aL@\\\\x00\\\\x80\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\"/0 at timestamp 1699426765.282633272,0 too old; wrote at 1699426765.282633272,2: \\"sql txn\\" meta={id=36a0c605 key=/Table/175/2/\\"\\\\x00\\\\x1d\\\\xe0\\\\x00\\\\aL@\\\\x00\\\\x80\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\" pri=0.00436394 epo=0 ts=1699426765.282633272,2 min=1699426765.282633272,0 seq=0} lock=true stat=PENDING rts=1699426765.282633272,0 wto=false gul=1699426765.782633272,0\\nHINT: See: https://www.cockroachlabs.com/docs/v22.1/transaction-retry-error-reference.html\\n" } file = nexus/src/populate.rs:126
293	2023-11-08T06:59:25.373Z	ERRO	nexus: populate failed file = nexus/src/app/mod.rs:463
294	2023-11-08T06:59:26.846Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
295	2023-11-08T06:59:26.846Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
296	2023-11-08T06:59:26.848Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
297	2023-11-08T06:59:26.848Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
298	2023-11-08T06:59:26.849Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
299	2023-11-08T06:59:26.852Z	DEBG	nexus (ServiceBalancer): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Rack { parent: Fleet, key: 83981ec3-4271-4dd8-a597-37f5e57d725b, lookup_type: ById(83981ec3-4271-4dd8-a597-37f5e57d725b) } result = Ok(())
300	2023-11-08T06:59:26.852Z	INFO	nexus: Still waiting for rack initialization: Rack { identity: RackIdentity { id: 83981ec3-4271-4dd8-a597-37f5e57d725b, time_created: 2023-11-08T06:59:25.431382Z, time_modified: 2023-11-08T06:59:25.431382Z }, initialized: false, tuf_base_url: None, rack_subnet: None } file = nexus/src/app/rack.rs:561
301	2023-11-08T06:59:28.853Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
302	2023-11-08T06:59:28.853Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
303	2023-11-08T06:59:28.854Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
304	2023-11-08T06:59:28.854Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
305	2023-11-08T06:59:28.856Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
306	2023-11-08T06:59:28.858Z	DEBG	nexus (ServiceBalancer): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Rack { parent: Fleet, key: 83981ec3-4271-4dd8-a597-37f5e57d725b, lookup_type: ById(83981ec3-4271-4dd8-a597-37f5e57d725b) } result = Ok(())
307	2023-11-08T06:59:28.858Z	INFO	nexus: Still waiting for rack initialization: Rack { identity: RackIdentity { id: 83981ec3-4271-4dd8-a597-37f5e57d725b, time_created: 2023-11-08T06:59:25.431382Z, time_modified: 2023-11-08T06:59:25.431382Z }, initialized: false, tuf_base_url: None, rack_subnet: None } file = nexus/src/app/rack.rs:561
308	2023-11-08T06:59:30.859Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
309	2023-11-08T06:59:30.860Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
310	2023-11-08T06:59:30.861Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
311	2023-11-08T06:59:30.861Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
312	2023-11-08T06:59:30.862Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
313	2023-11-08T06:59:30.864Z	DEBG	nexus (ServiceBalancer): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Rack { parent: Fleet, key: 83981ec3-4271-4dd8-a597-37f5e57d725b, lookup_type: ById(83981ec3-4271-4dd8-a597-37f5e57d725b) } result = Ok(())
314	2023-11-08T06:59:30.864Z	INFO	nexus: Still waiting for rack initialization: Rack { identity: RackIdentity { id: 83981ec3-4271-4dd8-a597-37f5e57d725b, time_created: 2023-11-08T06:59:25.431382Z, time_modified: 2023-11-08T06:59:25.431382Z }, initialized: false, tuf_base_url: None, rack_subnet: None } file = nexus/src/app/rack.rs:561
315	2023-11-08T06:59:32.866Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
316	2023-11-08T06:59:32.866Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
317	2023-11-08T06:59:32.867Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
318	2023-11-08T06:59:32.867Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
319	2023-11-08T06:59:32.869Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
320	2023-11-08T06:59:32.871Z	DEBG	nexus (ServiceBalancer): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Rack { parent: Fleet, key: 83981ec3-4271-4dd8-a597-37f5e57d725b, lookup_type: ById(83981ec3-4271-4dd8-a597-37f5e57d725b) } result = Ok(())
321	2023-11-08T06:59:32.871Z	INFO	nexus: Still waiting for rack initialization: Rack { identity: RackIdentity { id: 83981ec3-4271-4dd8-a597-37f5e57d725b, time_created: 2023-11-08T06:59:25.431382Z, time_modified: 2023-11-08T06:59:25.431382Z }, initialized: false, tuf_base_url: None, rack_subnet: None } file = nexus/src/app/rack.rs:561
322	2023-11-08T06:59:33.640Z	INFO	nexus (dropshot_internal): accepted connection file = /home/build/.cargo/git/checkouts/dropshot-a4a923d29dccc492/fa728d0/dropshot/src/server.rs:769 local_addr = [fd00:1122:3344:101::b]:12221 remote_addr = [fd00:1122:3344:101::d]:64211
323	2023-11-08T06:59:33.646Z	INFO	nexus: registered new oximeter metric collection server address = [fd00:1122:3344:101::d]:12223 collector_id = 2dd53c9f-e723-4f6d-9546-e7826ca557b4 file = nexus/src/app/oximeter.rs:83
324	2023-11-08T06:59:33.648Z	INFO	nexus (dropshot_internal): request completed file = /home/build/.cargo/git/checkouts/dropshot-a4a923d29dccc492/fa728d0/dropshot/src/server.rs:853 latency_us = 7559 local_addr = [fd00:1122:3344:101::b]:12221 method = POST remote_addr = [fd00:1122:3344:101::d]:64211 req_id = 1ab07da5-579e-4395-b1b5-4e0c7f049349 response_code = 204 uri = /metrics/collectors
325	2023-11-08T06:59:34.872Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
326	2023-11-08T06:59:34.872Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
327	2023-11-08T06:59:34.873Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
328	2023-11-08T06:59:34.873Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
329	2023-11-08T06:59:34.874Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
330	2023-11-08T06:59:34.877Z	DEBG	nexus (ServiceBalancer): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Rack { parent: Fleet, key: 83981ec3-4271-4dd8-a597-37f5e57d725b, lookup_type: ById(83981ec3-4271-4dd8-a597-37f5e57d725b) } result = Ok(())
331	2023-11-08T06:59:34.877Z	INFO	nexus: Still waiting for rack initialization: Rack { identity: RackIdentity { id: 83981ec3-4271-4dd8-a597-37f5e57d725b, time_created: 2023-11-08T06:59:25.431382Z, time_modified: 2023-11-08T06:59:25.431382Z }, initialized: false, tuf_base_url: None, rack_subnet: None } file = nexus/src/app/rack.rs:561
332	2023-11-08T06:59:36.878Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
333	2023-11-08T06:59:36.879Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
334	2023-11-08T06:59:36.879Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
335	2023-11-08T06:59:36.880Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
336	2023-11-08T06:59:36.881Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
337	2023-11-08T06:59:36.883Z	DEBG	nexus (ServiceBalancer): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Rack { parent: Fleet, key: 83981ec3-4271-4dd8-a597-37f5e57d725b, lookup_type: ById(83981ec3-4271-4dd8-a597-37f5e57d725b) } result = Ok(())
338	2023-11-08T06:59:36.883Z	INFO	nexus: Still waiting for rack initialization: Rack { identity: RackIdentity { id: 83981ec3-4271-4dd8-a597-37f5e57d725b, time_created: 2023-11-08T06:59:25.431382Z, time_modified: 2023-11-08T06:59:25.431382Z }, initialized: false, tuf_base_url: None, rack_subnet: None } file = nexus/src/app/rack.rs:561
339	2023-11-08T06:59:38.884Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
340	2023-11-08T06:59:38.884Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
341	2023-11-08T06:59:38.885Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
342	2023-11-08T06:59:38.886Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
343	2023-11-08T06:59:38.887Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
344	2023-11-08T06:59:38.890Z	DEBG	nexus (ServiceBalancer): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Rack { parent: Fleet, key: 83981ec3-4271-4dd8-a597-37f5e57d725b, lookup_type: ById(83981ec3-4271-4dd8-a597-37f5e57d725b) } result = Ok(())
345	2023-11-08T06:59:38.890Z	INFO	nexus: Still waiting for rack initialization: Rack { identity: RackIdentity { id: 83981ec3-4271-4dd8-a597-37f5e57d725b, time_created: 2023-11-08T06:59:25.431382Z, time_modified: 2023-11-08T06:59:25.431382Z }, initialized: false, tuf_base_url: None, rack_subnet: None } file = nexus/src/app/rack.rs:561
346	2023-11-08T06:59:40.891Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
347	2023-11-08T06:59:40.891Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
348	2023-11-08T06:59:40.892Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
349	2023-11-08T06:59:40.892Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
350	2023-11-08T06:59:40.893Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
351	2023-11-08T06:59:40.896Z	DEBG	nexus (ServiceBalancer): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Rack { parent: Fleet, key: 83981ec3-4271-4dd8-a597-37f5e57d725b, lookup_type: ById(83981ec3-4271-4dd8-a597-37f5e57d725b) } result = Ok(())
352	2023-11-08T06:59:40.896Z	INFO	nexus: Still waiting for rack initialization: Rack { identity: RackIdentity { id: 83981ec3-4271-4dd8-a597-37f5e57d725b, time_created: 2023-11-08T06:59:25.431382Z, time_modified: 2023-11-08T06:59:25.431382Z }, initialized: false, tuf_base_url: None, rack_subnet: None } file = nexus/src/app/rack.rs:561
353	2023-11-08T06:59:42.897Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
354	2023-11-08T06:59:42.897Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
355	2023-11-08T06:59:42.899Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
356	2023-11-08T06:59:42.899Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
357	2023-11-08T06:59:42.900Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
358	2023-11-08T06:59:42.903Z	DEBG	nexus (ServiceBalancer): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Rack { parent: Fleet, key: 83981ec3-4271-4dd8-a597-37f5e57d725b, lookup_type: ById(83981ec3-4271-4dd8-a597-37f5e57d725b) } result = Ok(())
359	2023-11-08T06:59:42.903Z	INFO	nexus: Still waiting for rack initialization: Rack { identity: RackIdentity { id: 83981ec3-4271-4dd8-a597-37f5e57d725b, time_created: 2023-11-08T06:59:25.431382Z, time_modified: 2023-11-08T06:59:25.431382Z }, initialized: false, tuf_base_url: None, rack_subnet: None } file = nexus/src/app/rack.rs:561
360	2023-11-08T06:59:44.904Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
361	2023-11-08T06:59:44.904Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
362	2023-11-08T06:59:44.905Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {} }
363	2023-11-08T06:59:44.905Z	DEBG	nexus (ServiceBalancer): authorize result action = Query actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Database result = Ok(())
364	2023-11-08T06:59:44.907Z	DEBG	nexus (ServiceBalancer): roles roles = RoleSet { roles: {(Fleet, 001de000-1334-4000-8000-000000000000, "admin")} }
365	2023-11-08T06:59:44.909Z	DEBG	nexus (ServiceBalancer): authorize result action = Read actor = Some(Actor::UserBuiltin { user_builtin_id: 001de000-05e4-4000-8000-00000000bac3, .. }) resource = Rack { parent: Fleet, key: 83981ec3-4271-4dd8-a597-37f5e57d725b, lookup_type: ById(83981ec3-4271-4dd8-a597-37f5e57d725b) } result = Ok(())
366	2023-11-08T06:59:44.909Z	INFO	nexus: Rack initialized file = nexus/src/app/rack.rs:558
367	2023-11-08T06:59:59.041Z	INFO	nexus (dropshot_internal): accepted connection file = /home/build/.cargo/git/checkouts/dropshot-a4a923d29dccc492/fa728d0/dropshot/src/server.rs:769 local_addr = [fd00:1122:3344:101::b]:12221 remote_addr = [fd00:1122:3344:101::22]:36871
368	2023-11-08T06:59:59.079Z	INFO	nexus: registered oximeter collector client file = nexus/src/app/oximeter.rs:310 id = 2dd53c9f-e723-4f6d-9546-e7826ca557b4
369	2023-11-08T06:59:59.085Z	DEBG	nexus: client request body = Some(Body) method = POST oximeter-collector = 2dd53c9f-e723-4f6d-9546-e7826ca557b4 uri = http://[fd00:1122:3344:101::d]:12223/producers
370	2023-11-08T06:59:59.085Z	DEBG	nexus: client response oximeter-collector = 2dd53c9f-e723-4f6d-9546-e7826ca557b4 result = Ok(Response { url: Url { scheme: "http", cannot_be_a_base: false, username: "", password: None, host: Some(Ipv6(fd00:1122:3344:101::d)), port: Some(12223), path: "/producers", query: None, fragment: None }, status: 204, headers: {"x-request-id": "2a28d5db-d9ad-4563-96e7-ed913f6bfa31", "date": "Wed, 08 Nov 2023 06:59:59 GMT"} })
371	2023-11-08T06:59:59.085Z	INFO	nexus: assigned collector to new producer collector_id = 2dd53c9f-e723-4f6d-9546-e7826ca557b4 file = nexus/src/app/oximeter.rs:181 producer_id = e86c7fb5-9bfd-45f9-b02e-16e20a8ca88c
372	2023-11-08T06:59:59.087Z	INFO	nexus (dropshot_internal): request completed file = /home/build/.cargo/git/checkouts/dropshot-a4a923d29dccc492/fa728d0/dropshot/src/server.rs:853 latency_us = 44792 local_addr = [fd00:1122:3344:101::b]:12221 method = POST remote_addr = [fd00:1122:3344:101::22]:36871 req_id = ad04c8d9-bf78-4601-bb0a-d725abb25ba7 response_code = 204 uri = /metrics/producers