NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit93f965a

committed

Move all connection negotiation in-memory

1 parentf4e5887 commit93f965aCopy full SHA for 93f965a

File tree

31 files changed

+224

-1316

lines changed

.vscode
- settings.json
agent
- agent.go
- conn.go
cli
coderd
- database
  - databasefake
    - databasefake.go
  - dbtypes
    - dbtypes.go
  - dump.sql
  - migrations
  - models.go
  - postgres
    - postgres.go
  - querier.go
  - queries
    - workspaceagents.sql
  - queries.sql.go
  - sqlc.yaml
- provisionerdaemons.go
- provisionerjobs.go
- workspaceagents.go
- workspaceresources.go
codersdk
- workspaceagents.go
peer/peerwg
site/src/api
- typesGenerated.ts
tailnet
- conn.go

31 files changed

+224

-1316

lines changed

`‎.vscode/settings.json`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@`
`38`	`38`	`"idtoken",`
`39`	`39`	`"Iflag",`
`40`	`40`	`"incpatch",`
	`41`	`+"ipnstate",`
`41`	`42`	`"isatty",`
`42`	`43`	`"Jobf",`
`43`	`44`	`"Keygen",`
`@@ -52,6 +53,7 @@`
`52`	`53`	`"namesgenerator",`
`53`	`54`	`"namespacing",`
`54`	`55`	`"netaddr",`
	`56`	`+"netip",`
`55`	`57`	`"netmap",`
`56`	`58`	`"netns",`
`57`	`59`	`"netstack",`

`‎agent/agent.go`

Lines changed: 27 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,15 @@ const (`
`51`	`51`	`MagicSessionErrorCode=229`
`52`	`52`	`)`
`53`	`53`
	`54`	`+var (`
	`55`	`+// tailnetIP is a static IPv6 address with the Tailscale prefix that is used to route`
	`56`	`+// connections from clients to this node. A dynamic address is not required because a Tailnet`
	`57`	`+// client only dials a single agent at a time.`
	`58`	`+tailnetIP=netip.MustParseAddr("fd7a:115c:a1e0:49d6:b259:b7ac:b1b2:48f4")`
	`59`	`+tailnetSSHPort=1`
	`60`	`+tailnetReconnectingPTYPort=2`
	`61`	`+)`
	`62`	`+`
`54`	`63`	`typeOptionsstruct {`
`55`	`64`	`EnableTailnetbool`
`56`	`65`	`CoordinatorDialerCoordinatorDialer`
`@@ -63,7 +72,6 @@ type Options struct {`
`63`	`72`	`}`
`64`	`73`
`65`	`74`	`typeMetadatastruct {`
`66`		-IPAddresses []netip.Addr`json:"ip_addresses"`
`67`	`75`	DERPMap*tailcfg.DERPMap`json:"derpmap"`
`68`	`76`	EnvironmentVariablesmap[string]string`json:"environment_variables"`
`69`	`77`	StartupScriptstring`json:"startup_script"`
`@@ -163,18 +171,14 @@ func (a *agent) run(ctx context.Context) {`
`163`	`171`
`164`	`172`	`goa.runWebRTCNetworking(ctx)`
`165`	`173`	`ifa.enableTailnet {`
`166`		`-goa.runTailnet(ctx,metadata.IPAddresses,metadata.DERPMap)`
	`174`	`+goa.runTailnet(ctx,metadata.DERPMap)`
`167`	`175`	`}`
`168`	`176`	`}`
`169`	`177`
`170`		`-func (aagent)runTailnet(ctx context.Context,addresses []netip.Addr,derpMaptailcfg.DERPMap) {`
`171`		`-ipRanges:=make([]netip.Prefix,0,len(addresses))`
`172`		`-for_,address:=rangeaddresses {`
`173`		`-ipRanges=append(ipRanges,netip.PrefixFrom(address,128))`
`174`		`-}`
	`178`	`+func (aagent)runTailnet(ctx context.Context,derpMaptailcfg.DERPMap) {`
`175`	`179`	`varerrerror`
`176`	`180`	`a.network,err=tailnet.NewConn(&tailnet.Options{`
`177`		`-Addresses:ipRanges,`
	`181`	`+Addresses:[]netip.Prefix{netip.PrefixFrom(tailnetIP,128)},`
`178`	`182`	`DERPMap:derpMap,`
`179`	`183`	`Logger:a.logger.Named("tailnet"),`
`180`	`184`	`})`
`@@ -184,7 +188,7 @@ func (a *agent) runTailnet(ctx context.Context, addresses []netip.Addr, derpMap`
`184`	`188`	`}`
`185`	`189`	`goa.runCoordinator(ctx)`
`186`	`190`
`187`		`-sshListener,err:=a.network.Listen("tcp",":12212")`
	`191`	`+sshListener,err:=a.network.Listen("tcp",":"+strconv.Itoa(tailnetSSHPort))`
`188`	`192`	`iferr!=nil {`
`189`	`193`	`a.logger.Critical(ctx,"listen for ssh",slog.Error(err))`
`190`	`194`	`return`
`@@ -198,6 +202,20 @@ func (a *agent) runTailnet(ctx context.Context, addresses []netip.Addr, derpMap`
`198`	`202`	`goa.sshServer.HandleConn(conn)`
`199`	`203`	`}`
`200`	`204`	`}()`
	`205`	`+reconnectingPTYListener,err:=a.network.Listen("tcp",":"+strconv.Itoa(tailnetReconnectingPTYPort))`
	`206`	`+iferr!=nil {`
	`207`	`+a.logger.Critical(ctx,"listen for reconnecting pty",slog.Error(err))`
	`208`	`+return`
	`209`	`+}`
	`210`	`+gofunc() {`
	`211`	`+for {`
	`212`	`+conn,err:=reconnectingPTYListener.Accept()`
	`213`	`+iferr!=nil {`
	`214`	`+return`
	`215`	`+}`
	`216`	`+goa.handleReconnectingPTY(ctx,"tailnet",conn)`
	`217`	`+}`
	`218`	`+}()`
`201`	`219`	`}`
`202`	`220`
`203`	`221`	`// runCoordinator listens for nodes and updates the self-node as it changes.`

`‎agent/conn.go`

Lines changed: 3 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -135,7 +135,6 @@ func (c *WebRTCConn) Close() error {`
`135`	`135`	`}`
`136`	`136`
`137`	`137`	`typeTailnetConnstruct {`
`138`		`-Target netip.Addr`
`139`	`138`	`*tailnet.Conn`
`140`	`139`	`}`
`141`	`140`
`@@ -152,11 +151,11 @@ func (c *TailnetConn) CloseWithError(err error) error {`
`152`	`151`	`}`
`153`	`152`
`154`	`153`	`func (c*TailnetConn)ReconnectingPTY(idstring,height,widthuint16,commandstring) (net.Conn,error) {`
`155`		`-returnnil,xerrors.New("not implemented")`
	`154`	`+returnc.DialContextTCP(context.Background(),netip.AddrPortFrom(tailnetIP,uint16(tailnetReconnectingPTYPort)))`
`156`	`155`	`}`
`157`	`156`
`158`	`157`	`func (c*TailnetConn)SSH() (net.Conn,error) {`
`159`		`-returnc.DialContextTCP(context.Background(),netip.AddrPortFrom(c.Target,12212))`
	`158`	`+returnc.DialContextTCP(context.Background(),netip.AddrPortFrom(tailnetIP,uint16(tailnetSSHPort)))`
`160`	`159`	`}`
`161`	`160`
`162`	`161`	`// SSHClient calls SSH to create a client that uses a weak cipher`
`@@ -181,5 +180,5 @@ func (c TailnetConn) SSHClient() (ssh.Client, error) {`
`181`	`180`	`func (c*TailnetConn)DialContext(ctx context.Context,networkstring,addrstring) (net.Conn,error) {`
`182`	`181`	`_,rawPort,_:=net.SplitHostPort(addr)`
`183`	`182`	`port,_:=strconv.Atoi(rawPort)`
`184`		`-returnc.Conn.DialContextTCP(ctx,netip.AddrPortFrom(c.Target,uint16(port)))`
	`183`	`+returnc.Conn.DialContextTCP(ctx,netip.AddrPortFrom(tailnetIP,uint16(port)))`
`185`	`184`	`}`

`‎cli/root.go`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,6 @@ func Root() *cobra.Command {`
`133`	`133`	`update(),`
`134`	`134`	`users(),`
`135`	`135`	`versionCmd(),`
`136`		`-wireguardPortForward(),`
`137`	`136`	`workspaceAgent(),`
`138`	`137`	`)`
`139`	`138`

`‎cli/server.go`

Lines changed: 71 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ import (`
`41`	`41`	`"golang.org/x/xerrors"`
`42`	`42`	`"google.golang.org/api/idtoken"`
`43`	`43`	`"google.golang.org/api/option"`
	`44`	`+"tailscale.com/tailcfg"`
`44`	`45`
`45`	`46`	`"cdr.dev/slog"`
`46`	`47`	`"cdr.dev/slog/sloggers/sloghuman"`
`@@ -94,6 +95,7 @@ func server() *cobra.Command {`
`94`	`95`	`oidcEmailDomainstring`
`95`	`96`	`oidcIssuerURLstring`
`96`	`97`	`oidcScopes []string`
	`98`	`+tailscaleEnablebool`
`97`	`99`	`telemetryEnablebool`
`98`	`100`	`telemetryURLstring`
`99`	`101`	`tlsCertFilestring`
`@@ -231,6 +233,17 @@ func server() *cobra.Command {`
`231`	`233`	`iferr!=nil {`
`232`	`234`	`returnxerrors.Errorf("parse URL: %w",err)`
`233`	`235`	`}`
	`236`	`+accessURLPortRaw:=accessURLParsed.Port()`
	`237`	`+ifaccessURLPortRaw=="" {`
	`238`	`+accessURLPortRaw="80"`
	`239`	`+ifaccessURLParsed.Scheme=="https" {`
	`240`	`+accessURLPortRaw="443"`
	`241`	`+}`
	`242`	`+}`
	`243`	`+accessURLPort,err:=strconv.Atoi(accessURLPortRaw)`
	`244`	`+iferr!=nil {`
	`245`	`+returnxerrors.Errorf("parse access URL port: %w",err)`
	`246`	`+}`
`234`	`247`
`235`	`248`	`// Warn the user if the access URL appears to be a loopback address.`
`236`	`249`	`isLocal,err:=isLocalURL(ctx,accessURLParsed)`
`@@ -272,10 +285,61 @@ func server() *cobra.Command {`
`272`	`285`	`})`
`273`	`286`	`}`
`274`	`287`	`options:=&coderd.Options{`
`275`		`-AccessURL:accessURLParsed,`
`276`		`-ICEServers:iceServers,`
`277`		`-Logger:logger.Named("coderd"),`
`278`		`-Database:databasefake.New(),`
	`288`	`+AccessURL:accessURLParsed,`
	`289`	`+ICEServers:iceServers,`
	`290`	`+Logger:logger.Named("coderd"),`
	`291`	`+Database:databasefake.New(),`
	`292`	`+DERPMap:&tailcfg.DERPMap{`
	`293`	`+Regions:map[int]*tailcfg.DERPRegion{`
	`294`	`+1: {`
	`295`	`+RegionID:1,`
	`296`	`+RegionCode:"coder",`
	`297`	`+RegionName:"Coder",`
	`298`	`+Nodes: []*tailcfg.DERPNode{{`
	`299`	`+Name:"1a",`
	`300`	`+RegionID:1,`
	`301`	`+STUNOnly:true,`
	`302`	`+HostName:"stun.l.google.com",`
	`303`	`+STUNPort:19302,`
	`304`	`+}, {`
	`305`	`+Name:"1b",`
	`306`	`+RegionID:1,`
	`307`	`+HostName:accessURLParsed.Hostname(),`
	`308`	`+DERPPort:accessURLPort,`
	`309`	`+STUNPort:-1,`
	`310`	`+HTTPForTests:accessURLParsed.Scheme=="http",`
	`311`	`+}},`
	`312`	`+},`
	`313`	`+2: {`
	`314`	`+RegionID:2,`
	`315`	`+RegionCode:"nyc",`
	`316`	`+RegionName:"New York City",`
	`317`	`+Nodes: []*tailcfg.DERPNode{`
	`318`	`+{`
	`319`	`+Name:"2c",`
	`320`	`+RegionID:2,`
	`321`	`+HostName:"derp1c.tailscale.com",`
	`322`	`+IPv4:"104.248.8.210",`
	`323`	`+IPv6:"2604:a880:800:10::7a0:e001",`
	`324`	`+},`
	`325`	`+},`
	`326`	`+},`
	`327`	`+3: {`
	`328`	`+RegionID:3,`
	`329`	`+RegionCode:"sin",`
	`330`	`+RegionName:"Singapore",`
	`331`	`+Nodes: []*tailcfg.DERPNode{`
	`332`	`+{`
	`333`	`+Name:"3a",`
	`334`	`+RegionID:3,`
	`335`	`+HostName:"derp3.tailscale.com",`
	`336`	`+IPv4:"68.183.179.66",`
	`337`	`+IPv6:"2400:6180:0:d1::67d:8001",`
	`338`	`+},`
	`339`	`+},`
	`340`	`+},`
	`341`	`+},`
	`342`	`+},`
`279`	`343`	`Pubsub:database.NewPubsubInMemory(),`
`280`	`344`	`CacheDir:cacheDir,`
`281`	`345`	`GoogleTokenValidator:googleTokenValidator,`
`@@ -710,6 +774,9 @@ func server() *cobra.Command {`
`710`	`774`	`"Specifies an issuer URL to use for OIDC.")`
`711`	`775`	`cliflag.StringArrayVarP(root.Flags(),&oidcScopes,"oidc-scopes","","CODER_OIDC_SCOPES", []string{oidc.ScopeOpenID,"profile","email"},`
`712`	`776`	`"Specifies scopes to grant when authenticating with OIDC.")`
	`777`	`+cliflag.BoolVarP(root.Flags(),&tailscaleEnable,"tailscale","","CODER_TAILSCALE",false,`
	`778`	`+"Specifies whether Tailscale networking is used for web applications and terminals.")`
	`779`	`+_=root.Flags().MarkHidden("tailscale")`
`713`	`780`	`enableTelemetryByDefault:=!isTest()`
`714`	`781`	`cliflag.BoolVarP(root.Flags(),&telemetryEnable,"telemetry","","CODER_TELEMETRY",enableTelemetryByDefault,"Specifies whether telemetry is enabled or not. Coder collects anonymized usage data to help improve our product.")`
`715`	`782`	`cliflag.StringVarP(root.Flags(),&telemetryURL,"telemetry-url","","CODER_TELEMETRY_URL","https://telemetry.coder.com","Specifies a URL to send telemetry to.")`

`‎cli/ssh.go`

Lines changed: 26 additions & 75 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,15 +19,17 @@ import (`
`19`	`19`	`gosshagent"golang.org/x/crypto/ssh/agent"`
`20`	`20`	`"golang.org/x/term"`
`21`	`21`	`"golang.org/x/xerrors"`
`22`		`-tslogger"tailscale.com/types/logger"`
`23`	`22`
	`23`	`+"cdr.dev/slog"`
	`24`	`+"cdr.dev/slog/sloggers/sloghuman"`
	`25`	`+`
	`26`	`+"github.com/coder/coder/agent"`
`24`	`27`	`"github.com/coder/coder/cli/cliflag"`
`25`	`28`	`"github.com/coder/coder/cli/cliui"`
`26`	`29`	`"github.com/coder/coder/coderd/autobuild/notify"`
`27`	`30`	`"github.com/coder/coder/coderd/util/ptr"`
`28`	`31`	`"github.com/coder/coder/codersdk"`
`29`	`32`	`"github.com/coder/coder/cryptorand"`
`30`		`-"github.com/coder/coder/peer/peerwg"`
`31`	`33`	`)`
`32`	`34`
`33`	`35`	`varworkspacePollInterval=time.Minute`
`@@ -85,86 +87,35 @@ func ssh() *cobra.Command {`
`85`	`87`	`returnxerrors.Errorf("await agent: %w",err)`
`86`	`88`	`}`
`87`	`89`
`88`		`-varnewSSHClientfunc() (*gossh.Client,error)`
`89`		`-`
	`90`	`+varconn agent.Conn`
`90`	`91`	`if!wireguard {`
`91`		`-conn,err:=client.DialWorkspaceAgent(ctx,workspaceAgent.ID,nil)`
`92`		`-iferr!=nil {`
`93`		`-returnerr`
`94`		`-}`
`95`		`-deferconn.Close()`
`96`		`-`
`97`		`-stopPolling:=tryPollWorkspaceAutostop(ctx,client,workspace)`
`98`		`-deferstopPolling()`
	`92`	`+conn,err=client.DialWorkspaceAgent(ctx,workspaceAgent.ID,nil)`
	`93`	`+}else {`
	`94`	`+conn,err=client.DialWorkspaceAgentTailnet(ctx,slog.Make(sloghuman.Sink(cmd.ErrOrStderr())).Leveled(slog.LevelDebug),workspaceAgent.ID)`
	`95`	`+}`
	`96`	`+iferr!=nil {`
	`97`	`+returnerr`
	`98`	`+}`
	`99`	`+deferconn.Close()`
`99`	`100`
`100`		`-ifstdio {`
`101`		`-rawSSH,err:=conn.SSH()`
`102`		`-iferr!=nil {`
`103`		`-returnerr`
`104`		`-}`
`105`		`-deferrawSSH.Close()`
	`101`	`+stopPolling:=tryPollWorkspaceAutostop(ctx,client,workspace)`
	`102`	`+deferstopPolling()`
`106`	`103`
`107`		`-gofunc() {`
`108`		`-_,_=io.Copy(cmd.OutOrStdout(),rawSSH)`
`109`		`-}()`
`110`		`-_,_=io.Copy(rawSSH,cmd.InOrStdin())`
`111`		`-returnnil`
	`104`	`+ifstdio {`
	`105`	`+rawSSH,err:=conn.SSH()`
	`106`	`+iferr!=nil {`
	`107`	`+returnerr`
`112`	`108`	`}`
	`109`	`+deferrawSSH.Close()`
`113`	`110`
`114`		`-newSSHClient=conn.SSHClient`
`115`		`-}else {`
`116`		`-// TODO: more granual control of Tailscale logging.`
`117`		`-peerwg.Logf=tslogger.Discard//nolint`
`118`		`-`
`119`		`-// ipv6 := peerwg.UUIDToNetaddr(uuid.New())`
`120`		`-// wgn, err := peerwg.New(`
`121`		`-// slog.Make(sloghuman.Sink(os.Stderr)),`
`122`		`-// []netip.Prefix{netip.PrefixFrom(ipv6, 128)},`
`123`		`-// )`
`124`		`-// if err != nil {`
`125`		`-// return xerrors.Errorf("create wireguard network: %w", err)`
`126`		`-// }`
`127`		`-`
`128`		`-// err = client.PostWireguardPeer(cmd.Context(), workspace.ID, peerwg.Handshake{`
`129`		`-// Recipient: workspaceAgent.ID,`
`130`		`-// NodePublicKey: wgn.NodePrivateKey.Public(),`
`131`		`-// DiscoPublicKey: wgn.DiscoPublicKey,`
`132`		`-// IPv6: ipv6,`
`133`		`-// })`
`134`		`-// if err != nil {`
`135`		`-// return xerrors.Errorf("post wireguard peer: %w", err)`
`136`		`-// }`
`137`		`-`
`138`		`-// err = wgn.AddPeer(peerwg.Handshake{`
`139`		`-// Recipient: workspaceAgent.ID,`
`140`		`-// DiscoPublicKey: workspaceAgent.DiscoPublicKey,`
`141`		`-// NodePublicKey: workspaceAgent.NodePublicKey,`
`142`		`-// IPv6: workspaceAgent.IPAddresses[0], // TODO: fix?`
`143`		`-// })`
`144`		`-// if err != nil {`
`145`		`-// return xerrors.Errorf("add workspace agent as peer: %w", err)`
`146`		`-// }`
`147`		`-`
`148`		`-// if stdio {`
`149`		`-// rawSSH, err := wgn.SSH(cmd.Context(), workspaceAgent.IPAddresses[0]) // TODO: fix?`
`150`		`-// if err != nil {`
`151`		`-// return err`
`152`		`-// }`
`153`		`-// defer rawSSH.Close()`
`154`		`-`
`155`		`-// go func() {`
`156`		`-// _, _ = io.Copy(cmd.OutOrStdout(), rawSSH)`
`157`		`-// }()`
`158`		`-// _, _ = io.Copy(rawSSH, cmd.InOrStdin())`
`159`		`-// return nil`
`160`		`-// }`
`161`		`-`
`162`		`-// newSSHClient = func() (*gossh.Client, error) {`
`163`		`-// return wgn.SSHClient(ctx, workspaceAgent.IPAddresses[0]) // TODO: fix?`
`164`		`-// }`
	`111`	`+gofunc() {`
	`112`	`+_,_=io.Copy(cmd.OutOrStdout(),rawSSH)`
	`113`	`+}()`
	`114`	`+_,_=io.Copy(rawSSH,cmd.InOrStdin())`
	`115`	`+returnnil`
`165`	`116`	`}`
`166`	`117`
`167`		`-sshClient,err:=newSSHClient()`
	`118`	`+sshClient,err:=conn.SSHClient()`
`168`	`119`	`iferr!=nil {`
`169`	`120`	`returnerr`
`170`	`121`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit93f965a

File tree

31 files changed

31 files changed

`‎.vscode/settings.json`

`‎agent/agent.go`

`‎agent/conn.go`

`‎cli/root.go`

`‎cli/server.go`

`‎cli/ssh.go`

0 commit comments