NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit37a0537

authored

fix: disable relay if built-in DERP is disabled (#12654)

1 parentd3c9aaf commit37a0537Copy full SHA for 37a0537

File tree

8 files changed

+225

-60

lines changed

cli
- server_test.go
coderd
- coderd.go
- coderdtest
  - coderdtest.go
enterprise
- cli
  - server.go
  - server_test.go
- coderd
  - coderd.go
  - coderd_test.go
- replicasync
  - replicasync.go

8 files changed

+225

-60

lines changed

`‎cli/server_test.go`

Lines changed: 31 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,8 @@ import (`
`35`	`35`	`"github.com/stretchr/testify/require"`
`36`	`36`	`"go.uber.org/goleak"`
`37`	`37`	`"gopkg.in/yaml.v3"`
	`38`	`+"tailscale.com/derp/derphttp"`
	`39`	`+"tailscale.com/types/key"`
`38`	`40`
`39`	`41`	`"cdr.dev/slog/sloggers/slogtest"`
`40`	`42`
`@@ -1830,3 +1832,32 @@ func TestServer_InvalidDERP(t *testing.T) {`
`1830`	`1832`	`require.Error(t,err)`
`1831`	`1833`	`require.ErrorContains(t,err,"A valid DERP map is required for networking to work")`
`1832`	`1834`	`}`
	`1835`	`+`
	`1836`	`+funcTestServer_DisabledDERP(t*testing.T) {`
	`1837`	`+t.Parallel()`
	`1838`	`+`
	`1839`	`+ctx,cancelFunc:=context.WithTimeout(context.Background(),testutil.WaitShort)`
	`1840`	`+defercancelFunc()`
	`1841`	`+`
	`1842`	`+// Try to start a server with the built-in DERP server disabled and an`
	`1843`	`+// external DERP map.`
	`1844`	`+inv,cfg:=clitest.New(t,`
	`1845`	`+"server",`
	`1846`	`+"--in-memory",`
	`1847`	`+"--http-address",":0",`
	`1848`	`+"--access-url","http://example.com",`
	`1849`	`+"--derp-server-enable=false",`
	`1850`	`+"--derp-config-url","https://controlplane.tailscale.com/derpmap/default",`
	`1851`	`+)`
	`1852`	`+clitest.Start(t,inv.WithContext(ctx))`
	`1853`	`+accessURL:=waitAccessURL(t,cfg)`
	`1854`	`+derpURL,err:=accessURL.Parse("/derp")`
	`1855`	`+require.NoError(t,err)`
	`1856`	`+`
	`1857`	`+c,err:=derphttp.NewClient(key.NewNode(),derpURL.String(),func(formatstring,args...any) {})`
	`1858`	`+require.NoError(t,err)`
	`1859`	`+`
	`1860`	`+// DERP should fail to connect`
	`1861`	`+err=c.Connect(ctx)`
	`1862`	`+require.Error(t,err)`
	`1863`	`+}`

`‎coderd/coderd.go`

Lines changed: 23 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -288,7 +288,7 @@ func New(options Options) API {`
`288`	`288`	`ifoptions.PrometheusRegistry==nil {`
`289`	`289`	`options.PrometheusRegistry=prometheus.NewRegistry()`
`290`	`290`	`}`
`291`		`-ifoptions.DERPServer==nil {`
	`291`	`+ifoptions.DERPServer==nil&&options.DeploymentValues.DERP.Server.Enable{`
`292`	`292`	`options.DERPServer=derp.NewServer(key.NewNode(),tailnet.Logger(options.Logger.Named("derp")))`
`293`	`293`	`}`
`294`	`294`	`ifoptions.DERPMapUpdateFrequency==0 {`
`@@ -577,8 +577,6 @@ func New(options Options) API {`
`577`	`577`	`// replicas or instances of this middleware.`
`578`	`578`	`apiRateLimiter:=httpmw.RateLimit(options.APIRateLimit,time.Minute)`
`579`	`579`
`580`		`-derpHandler:=derphttp.Handler(api.DERPServer)`
`581`		`-derpHandler,api.derpCloseFunc=tailnet.WithWebsocketSupport(api.DERPServer,derpHandler)`
`582`	`580`	`// Register DERP on expvar HTTP handler, which we serve below in the router, c.f. expvar.Handler()`
`583`	`581`	`// These are the metrics the DERP server exposes.`
`584`	`582`	`// TODO: export via prometheus`
`@@ -587,7 +585,9 @@ func New(options Options) API {`
`587`	`585`	`// register multiple times. In production there is only one Coderd and one DERP server per`
`588`	`586`	`// process, but in testing, we create multiple of both, so the Once protects us from`
`589`	`587`	`// panicking.`
`590`		`-expvar.Publish("derp",api.DERPServer.ExpVar())`
	`588`	`+ifoptions.DERPServer!=nil {`
	`589`	`+expvar.Publish("derp",api.DERPServer.ExpVar())`
	`590`	`+}`
`591`	`591`	`})`
`592`	`592`	`cors:=httpmw.Cors(options.DeploymentValues.Dangerous.AllowAllCors.Value())`
`593`	`593`	`prometheusMW:=httpmw.Prometheus(options.PrometheusRegistry)`
`@@ -637,13 +637,18 @@ func New(options Options) API {`
`637`	`637`	`api.workspaceAppServer.Attach(r)`
`638`	`638`	`})`
`639`	`639`
`640`		`-r.Route("/derp",func(r chi.Router) {`
`641`		`-r.Get("/",derpHandler.ServeHTTP)`
`642`		`-// This is used when UDP is blocked, and latency must be checked via HTTP(s).`
`643`		`-r.Get("/latency-check",func(w http.ResponseWriter,r*http.Request) {`
`644`		`-w.WriteHeader(http.StatusOK)`
	`640`	`+ifoptions.DERPServer!=nil {`
	`641`	`+derpHandler:=derphttp.Handler(api.DERPServer)`
	`642`	`+derpHandler,api.derpCloseFunc=tailnet.WithWebsocketSupport(api.DERPServer,derpHandler)`
	`643`	`+`
	`644`	`+r.Route("/derp",func(r chi.Router) {`
	`645`	`+r.Get("/",derpHandler.ServeHTTP)`
	`646`	`+// This is used when UDP is blocked, and latency must be checked via HTTP(s).`
	`647`	`+r.Get("/latency-check",func(w http.ResponseWriter,r*http.Request) {`
	`648`	`+w.WriteHeader(http.StatusOK)`
	`649`	`+})`
`645`	`650`	`})`
`646`		`-})`
	`651`	`+}`
`647`	`652`
`648`	`653`	`// Register callback handlers for each OAuth2 provider.`
`649`	`654`	`// We must support gitauth and externalauth for backwards compatibility.`
`@@ -1067,9 +1072,11 @@ func New(options Options) API {`
`1067`	`1072`	`r.Use(httpmw.ExtractUserParam(options.Database))`
`1068`	`1073`	`r.Get("/debug-link",api.userDebugOIDC)`
`1069`	`1074`	`})`
`1070`		`-r.Route("/derp",func(r chi.Router) {`
`1071`		`-r.Get("/traffic",options.DERPServer.ServeDebugTraffic)`
`1072`		`-})`
	`1075`	`+ifoptions.DERPServer!=nil {`
	`1076`	`+r.Route("/derp",func(r chi.Router) {`
	`1077`	`+r.Get("/traffic",options.DERPServer.ServeDebugTraffic)`
	`1078`	`+})`
	`1079`	`+}`
`1073`	`1080`	`r.Method("GET","/expvar",expvar.Handler())// contains DERP metrics as well as cmdline and memstats`
`1074`	`1081`	`})`
`1075`	`1082`	`})`
`@@ -1197,7 +1204,9 @@ type API struct {`
`1197`	`1204`	`// Close waits for all WebSocket connections to drain before returning.`
`1198`	`1205`	`func (api*API)Close()error {`
`1199`	`1206`	`api.cancel()`
`1200`		`-api.derpCloseFunc()`
	`1207`	`+ifapi.derpCloseFunc!=nil {`
	`1208`	`+api.derpCloseFunc()`
	`1209`	`+}`
`1201`	`1210`
`1202`	`1211`	`api.WebsocketWaitMutex.Lock()`
`1203`	`1212`	`api.WebsocketWaitGroup.Wait()`

`‎coderd/coderdtest/coderdtest.go`

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -429,7 +429,11 @@ func NewOptions(t testing.TB, options *Options) (func(http.Handler), context.Can`
`429`	`429`	`if!options.DeploymentValues.DERP.Server.Enable.Value() {`
`430`	`430`	`region=nil`
`431`	`431`	`}`
`432`		`-derpMap,err:=tailnet.NewDERPMap(ctx,region,stunAddresses,"","",options.DeploymentValues.DERP.Config.BlockDirect.Value())`
	`432`	`+derpMap,err:=tailnet.NewDERPMap(ctx,region,stunAddresses,`
	`433`	`+options.DeploymentValues.DERP.Config.URL.Value(),`
	`434`	`+options.DeploymentValues.DERP.Config.Path.Value(),`
	`435`	`+options.DeploymentValues.DERP.Config.BlockDirect.Value(),`
	`436`	`+)`
`433`	`437`	`require.NoError(t,err)`
`434`	`438`
`435`	`439`	`returnfunc(h http.Handler) {`

`‎enterprise/cli/server.go`

Lines changed: 30 additions & 29 deletions

Original file line number	Diff line number	Diff line change
`@@ -37,41 +37,42 @@ func (r RootCmd) Server(_ func()) serpent.Command {`
`37`	`37`	`}`
`38`	`38`	`}`
`39`	`39`
`40`		`-options.DERPServer=derp.NewServer(key.NewNode(),tailnet.Logger(options.Logger.Named("derp")))`
`41`		`-`
`42`		`-varmeshKeystring`
`43`		`-err:=options.Database.InTx(func(tx database.Store)error {`
`44`		`-// This will block until the lock is acquired, and will be`
`45`		`-// automatically released when the transaction ends.`
`46`		`-err:=tx.AcquireLock(ctx,database.LockIDEnterpriseDeploymentSetup)`
`47`		`-iferr!=nil {`
`48`		`-returnxerrors.Errorf("acquire lock: %w",err)`
`49`		`-}`
	`40`	`+ifoptions.DeploymentValues.DERP.Server.Enable {`
	`41`	`+options.DERPServer=derp.NewServer(key.NewNode(),tailnet.Logger(options.Logger.Named("derp")))`
	`42`	`+varmeshKeystring`
	`43`	`+err:=options.Database.InTx(func(tx database.Store)error {`
	`44`	`+// This will block until the lock is acquired, and will be`
	`45`	`+// automatically released when the transaction ends.`
	`46`	`+err:=tx.AcquireLock(ctx,database.LockIDEnterpriseDeploymentSetup)`
	`47`	`+iferr!=nil {`
	`48`	`+returnxerrors.Errorf("acquire lock: %w",err)`
	`49`	`+}`
`50`	`50`
`51`		`-meshKey,err=tx.GetDERPMeshKey(ctx)`
`52`		`-iferr==nil {`
	`51`	`+meshKey,err=tx.GetDERPMeshKey(ctx)`
	`52`	`+iferr==nil {`
	`53`	`+returnnil`
	`54`	`+}`
	`55`	`+if!errors.Is(err,sql.ErrNoRows) {`
	`56`	`+returnxerrors.Errorf("get DERP mesh key: %w",err)`
	`57`	`+}`
	`58`	`+meshKey,err=cryptorand.String(32)`
	`59`	`+iferr!=nil {`
	`60`	`+returnxerrors.Errorf("generate DERP mesh key: %w",err)`
	`61`	`+}`
	`62`	`+err=tx.InsertDERPMeshKey(ctx,meshKey)`
	`63`	`+iferr!=nil {`
	`64`	`+returnxerrors.Errorf("insert DERP mesh key: %w",err)`
	`65`	`+}`
`53`	`66`	`returnnil`
`54`		`-}`
`55`		`-if!errors.Is(err,sql.ErrNoRows) {`
`56`		`-returnxerrors.Errorf("get DERP mesh key: %w",err)`
`57`		`-}`
`58`		`-meshKey,err=cryptorand.String(32)`
	`67`	`+},nil)`
`59`	`68`	`iferr!=nil {`
`60`		`-returnxerrors.Errorf("generate DERP mesh key: %w",err)`
	`69`	`+returnnil,nil,err`
`61`	`70`	`}`
`62`		`-err=tx.InsertDERPMeshKey(ctx,meshKey)`
`63`		`-iferr!=nil {`
`64`		`-returnxerrors.Errorf("insert DERP mesh key: %w",err)`
	`71`	`+ifmeshKey=="" {`
	`72`	`+returnnil,nil,xerrors.New("mesh key is empty")`
`65`	`73`	`}`
`66`		`-returnnil`
`67`		`-},nil)`
`68`		`-iferr!=nil {`
`69`		`-returnnil,nil,err`
`70`		`-}`
`71`		`-ifmeshKey=="" {`
`72`		`-returnnil,nil,xerrors.New("mesh key is empty")`
	`74`	`+options.DERPServer.SetMeshKey(meshKey)`
`73`	`75`	`}`
`74`		`-options.DERPServer.SetMeshKey(meshKey)`
`75`	`76`
`76`	`77`	`options.Auditor=audit.NewAuditor(`
`77`	`78`	`options.Database,`

`‎enterprise/cli/server_test.go`

Lines changed: 28 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,38 +1,43 @@`
`1`	`1`	`package cli_test`
`2`	`2`
`3`	`3`	`import (`
`4`		`-"fmt"`
	`4`	`+"context"`
`5`	`5`	`"io"`
`6`	`6`	`"net/http"`
	`7`	`+"net/url"`
`7`	`8`	`"testing"`
`8`	`9`
`9`	`10`	`"github.com/stretchr/testify/assert"`
`10`	`11`	`"github.com/stretchr/testify/require"`
`11`	`12`
`12`	`13`	`"github.com/coder/coder/v2/cli/clitest"`
	`14`	`+"github.com/coder/coder/v2/cli/config"`
`13`	`15`	`"github.com/coder/coder/v2/enterprise/cli"`
`14`	`16`	`"github.com/coder/coder/v2/testutil"`
`15`	`17`	`)`
`16`	`18`
`17`	`19`	`// TestServer runs the enterprise server command`
`18`	`20`	`// and waits for /healthz to return "OK".`
`19`		`-funcTestServer(t*testing.T) {`
	`21`	`+funcTestServer_Single(t*testing.T) {`
`20`	`22`	`t.Parallel()`
`21`	`23`
	`24`	`+ctx,cancelFunc:=context.WithTimeout(context.Background(),testutil.WaitLong)`
	`25`	`+defercancelFunc()`
	`26`	`+`
`22`	`27`	`varroot cli.RootCmd`
`23`	`28`	`cmd,err:=root.Command(root.EnterpriseSubcommands())`
`24`	`29`	`require.NoError(t,err)`
`25`		`-port:=testutil.RandomPort(t)`
`26`		`-inv,_:=clitest.NewWithCommand(t,cmd,`
	`30`	`+inv,cfg:=clitest.NewWithCommand(t,cmd,`
`27`	`31`	`"server",`
`28`	`32`	`"--in-memory",`
`29`		`-"--http-address",fmt.Sprintf(":%d",port),`
	`33`	`+"--http-address",":0",`
`30`	`34`	`"--access-url","http://example.com",`
`31`	`35`	`)`
`32`		`-waiter:=clitest.StartWithWaiter(t,inv)`
	`36`	`+clitest.Start(t,inv.WithContext(ctx))`
	`37`	`+accessURL:=waitAccessURL(t,cfg)`
`33`	`38`	`require.Eventually(t,func()bool {`
`34`	`39`	`reqCtx:=testutil.Context(t,testutil.IntervalMedium)`
`35`		`-req,err:=http.NewRequestWithContext(reqCtx,http.MethodGet,fmt.Sprintf("http://localhost:%d/healthz",port),nil)`
	`40`	`+req,err:=http.NewRequestWithContext(reqCtx,http.MethodGet,accessURL.String()+"/healthz",nil)`
`36`	`41`	`iferr!=nil {`
`37`	`42`	`panic(err)`
`38`	`43`	`}`
`@@ -48,5 +53,20 @@ func TestServer(t *testing.T) {`
`48`	`53`	`}`
`49`	`54`	`returnassert.Equal(t,"OK",string(bs))`
`50`	`55`	`},testutil.WaitShort,testutil.IntervalMedium)`
`51`		`-waiter.Cancel()`
	`56`	`+}`
	`57`	`+`
	`58`	`+funcwaitAccessURL(ttesting.T,cfg config.Root)url.URL {`
	`59`	`+t.Helper()`
	`60`	`+`
	`61`	`+varerrerror`
	`62`	`+varrawURLstring`
	`63`	`+require.Eventually(t,func()bool {`
	`64`	`+rawURL,err=cfg.URL().Read()`
	`65`	`+returnerr==nil&&rawURL!=""`
	`66`	`+},testutil.WaitLong,testutil.IntervalFast,"failed to get access URL")`
	`67`	`+`
	`68`	`+accessURL,err:=url.Parse(rawURL)`
	`69`	`+require.NoError(t,err,"failed to parse access URL")`
	`70`	`+`
	`71`	`+returnaccessURL`
`52`	`72`	`}`

`‎enterprise/coderd/coderd.go`

Lines changed: 16 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -418,6 +418,8 @@ func New(ctx context.Context, options Options) (_ API, err error) {`
`418`	`418`	`iferr!=nil {`
`419`	`419`	`returnnil,xerrors.Errorf("create DERP mesh TLS config: %w",err)`
`420`	`420`	`}`
	`421`	`+// We always want to run the replica manager even if we don't have DERP`
	`422`	`+// enabled, since it's used to detect other coder servers for licensing.`
`421`	`423`	`api.replicaManager,err=replicasync.New(ctx,options.Logger,options.Database,options.Pubsub,&replicasync.Options{`
`422`	`424`	`ID:api.AGPL.ID,`
`423`	`425`	`RelayAddress:options.DERPServerRelayAddress,`
`@@ -428,7 +430,9 @@ func New(ctx context.Context, options Options) (_ API, err error) {`
`428`	`430`	`iferr!=nil {`
`429`	`431`	`returnnil,xerrors.Errorf("initialize replica: %w",err)`
`430`	`432`	`}`
`431`		`-api.derpMesh=derpmesh.New(options.Logger.Named("derpmesh"),api.DERPServer,meshTLSConfig)`
	`433`	`+ifapi.DERPServer!=nil {`
	`434`	`+api.derpMesh=derpmesh.New(options.Logger.Named("derpmesh"),api.DERPServer,meshTLSConfig)`
	`435`	`+}`
`432`	`436`
`433`	`437`	`// Moon feature init. Proxyhealh is a go routine to periodically check`
`434`	`438`	`// the health of all workspace proxies.`
`@@ -666,11 +670,18 @@ func (api *API) updateEntitlements(ctx context.Context) error {`
`666`	`670`	`}`
`667`	`671`
`668`	`672`	`api.replicaManager.SetCallback(func() {`
`669`		`-addresses:=make([]string,0)`
`670`		`-for_,replica:=rangeapi.replicaManager.Regional() {`
`671`		`-addresses=append(addresses,replica.RelayAddress)`
	`673`	`+// Only update DERP mesh if the built-in server is enabled.`
	`674`	`+ifapi.Options.DeploymentValues.DERP.Server.Enable {`
	`675`	`+addresses:=make([]string,0)`
	`676`	`+for_,replica:=rangeapi.replicaManager.Regional() {`
	`677`	`+// Don't add replicas with an empty relay address.`
	`678`	`+ifreplica.RelayAddress=="" {`
	`679`	`+continue`
	`680`	`+}`
	`681`	`+addresses=append(addresses,replica.RelayAddress)`
	`682`	`+}`
	`683`	`+api.derpMesh.SetAddresses(addresses,false)`
`672`	`684`	`}`
`673`		`-api.derpMesh.SetAddresses(addresses,false)`
`674`	`685`	`_=api.updateEntitlements(ctx)`
`675`	`686`	`})`
`676`	`687`	`}else {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit37a0537

File tree

8 files changed

8 files changed

`‎cli/server_test.go`

`‎coderd/coderd.go`

`‎coderd/coderdtest/coderdtest.go`

`‎enterprise/cli/server.go`

`‎enterprise/cli/server_test.go`

`‎enterprise/coderd/coderd.go`

0 commit comments