From c900fa81bbcaca684e54ea346c6a34b0ef6095b3 Mon Sep 17 00:00:00 2001 From: Maycon Santos Date: Thu, 18 Jul 2024 12:15:14 +0200 Subject: [PATCH] Remove copy functions from signal (#2285) remove migration function for wiretrustee directories to netbird --- signal/cmd/run.go | 207 +++++++++++++++------------------------------- 1 file changed, 67 insertions(+), 140 deletions(-) diff --git a/signal/cmd/run.go b/signal/cmd/run.go index 8f75c1e04..cfc140acb 100644 --- a/signal/cmd/run.go +++ b/signal/cmd/run.go @@ -6,12 +6,8 @@ import ( "errors" "flag" "fmt" - "io" - "io/fs" "net" "net/http" - "os" - "path" "strings" "time" @@ -58,9 +54,15 @@ var ( }) runCmd = &cobra.Command{ - Use: "run", - Short: "start NetBird Signal Server daemon", + Use: "run", + Short: "start NetBird Signal Server daemon", + SilenceUsage: true, PreRun: func(cmd *cobra.Command, args []string) { + err := util.InitLog(logLevel, logFile) + if err != nil { + log.Fatalf("failed initializing log %v", err) + } + flag.Parse() // detect whether user specified a port @@ -83,40 +85,9 @@ var ( RunE: func(cmd *cobra.Command, args []string) error { flag.Parse() - err := util.InitLog(logLevel, logFile) + opts, certManager, err := getTLSConfigurations() if err != nil { - log.Fatalf("failed initializing log %v", err) - } - - if signalSSLDir == "" { - oldPath := "/var/lib/wiretrustee" - if migrateToNetbird(oldPath, defaultSignalSSLDir) { - if err := cpDir(oldPath, defaultSignalSSLDir); err != nil { - log.Fatal(err) - } - } - } - - var opts []grpc.ServerOption - var certManager *autocert.Manager - var tlsConfig *tls.Config - if signalLetsencryptDomain != "" { - certManager, err = encryption.CreateCertManager(signalSSLDir, signalLetsencryptDomain) - if err != nil { - return err - } - transportCredentials := credentials.NewTLS(certManager.TLSConfig()) - opts = append(opts, grpc.Creds(transportCredentials)) - log.Infof("setting up TLS with LetsEncrypt.") - } else if signalCertFile != "" && signalCertKey != "" { - tlsConfig, err = loadTLSConfig(signalCertFile, signalCertKey) - if err != nil { - log.Errorf("cannot load TLS credentials: %v", err) - return err - } - transportCredentials := credentials.NewTLS(tlsConfig) - opts = append(opts, grpc.Creds(transportCredentials)) - log.Infof("setting up TLS with custom certificates.") + return err } metricsServer := metrics.NewServer(metricsPort, "") @@ -141,24 +112,15 @@ var ( proto.RegisterSignalExchangeServer(grpcServer, srv) grpcRootHandler := grpcHandlerFunc(grpcServer) + + if certManager != nil { + startServerWithCertManager(certManager, grpcRootHandler) + } + var compatListener net.Listener var grpcListener net.Listener var httpListener net.Listener - if certManager != nil { - // a call to certManager.Listener() always creates a new listener so we do it once - httpListener := certManager.Listener() - if signalPort == 443 { - // running gRPC and HTTP cert manager on the same port - serveHTTP(httpListener, certManager.HTTPHandler(grpcRootHandler)) - log.Infof("running HTTP server (LetsEncrypt challenge handler) and gRPC server on the same port: %s", httpListener.Addr().String()) - } else { - // Start the HTTP cert manager server separately - serveHTTP(httpListener, certManager.HTTPHandler(nil)) - log.Infof("running HTTP server (LetsEncrypt challenge handler): %s", httpListener.Addr().String()) - } - } - // If certManager is configured and signalPort == 443, then the gRPC server has already been started if certManager == nil || signalPort != 443 { grpcListener, err = serveGRPC(grpcServer, signalPort) @@ -211,6 +173,58 @@ var ( } ) +func getTLSConfigurations() ([]grpc.ServerOption, *autocert.Manager, error) { + var ( + err error + certManager *autocert.Manager + tlsConfig *tls.Config + ) + + if signalLetsencryptDomain == "" && signalCertFile == "" && signalCertKey == "" { + log.Infof("running without TLS") + return nil, nil, nil + } + + if signalLetsencryptDomain != "" { + certManager, err = encryption.CreateCertManager(signalSSLDir, signalLetsencryptDomain) + if err != nil { + return nil, certManager, err + } + tlsConfig = certManager.TLSConfig() + log.Infof("setting up TLS with LetsEncrypt.") + } else { + if signalCertFile == "" || signalCertKey == "" { + log.Errorf("both cert-file and cert-key must be provided when not using LetsEncrypt") + return nil, certManager, errors.New("both cert-file and cert-key must be provided when not using LetsEncrypt") + } + + tlsConfig, err = loadTLSConfig(signalCertFile, signalCertKey) + if err != nil { + log.Errorf("cannot load TLS credentials: %v", err) + return nil, certManager, err + } + log.Infof("setting up TLS with custom certificates.") + } + + transportCredentials := credentials.NewTLS(tlsConfig) + + return []grpc.ServerOption{grpc.Creds(transportCredentials)}, certManager, err +} + +func startServerWithCertManager(certManager *autocert.Manager, grpcRootHandler http.Handler) { + // a call to certManager.Listener() always creates a new listener so we do it once + httpListener := certManager.Listener() + if signalPort == 443 { + // running gRPC and HTTP cert manager on the same port + serveHTTP(httpListener, certManager.HTTPHandler(grpcRootHandler)) + log.Infof("running HTTP server (LetsEncrypt challenge handler) and gRPC server on the same port: %s", httpListener.Addr().String()) + } else { + // Start the HTTP cert manager server separately + serveHTTP(httpListener, certManager.HTTPHandler(nil)) + log.Infof("running HTTP server (LetsEncrypt challenge handler): %s", httpListener.Addr().String()) + } +} + func grpcHandlerFunc(grpcServer *grpc.Server) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { grpcHeader := strings.HasPrefix(r.Header.Get("Content-Type"), "application/grpc") || @@ -272,93 +286,6 @@ func loadTLSConfig(certFile string, certKey string) (*tls.Config, error) { return config, nil } -func cpFile(src, dst string) error { - var err error - var srcfd *os.File - var dstfd *os.File - var srcinfo os.FileInfo - - if srcfd, err = os.Open(src); err != nil { - return err - } - defer srcfd.Close() - - if dstfd, err = os.Create(dst); err != nil { - return err - } - defer dstfd.Close() - - if _, err = io.Copy(dstfd, srcfd); err != nil { - return err - } - if srcinfo, err = os.Stat(src); err != nil { - return err - } - return os.Chmod(dst, srcinfo.Mode()) -} - -func copySymLink(source, dest string) error { - link, err := os.Readlink(source) - if err != nil { - return err - } - return os.Symlink(link, dest) -} - -func cpDir(src string, dst string) error { - var err error - var fds []os.DirEntry - var srcinfo os.FileInfo - - if srcinfo, err = os.Stat(src); err != nil { - return err - } - - if err = os.MkdirAll(dst, srcinfo.Mode()); err != nil { - return err - } - - if fds, err = os.ReadDir(src); err != nil { - return err - } - for _, fd := range fds { - srcfp := path.Join(src, fd.Name()) - dstfp := path.Join(dst, fd.Name()) - - fileInfo, err := os.Stat(srcfp) - if err != nil { - log.Fatalf("Couldn't get fileInfo; %v", err) - } - - switch fileInfo.Mode() & os.ModeType { - case os.ModeSymlink: - if err = copySymLink(srcfp, dstfp); err != nil { - log.Fatalf("Failed to copy from %s to %s; %v", srcfp, dstfp, err) - } - case os.ModeDir: - if err = cpDir(srcfp, dstfp); err != nil { - log.Fatalf("Failed to copy from %s to %s; %v", srcfp, dstfp, err) - } - default: - if err = cpFile(srcfp, dstfp); err != nil { - log.Fatalf("Failed to copy from %s to %s; %v", srcfp, dstfp, err) - } - } - } - return nil -} - -func migrateToNetbird(oldPath, newPath string) bool { - _, errOld := os.Stat(oldPath) - _, errNew := os.Stat(newPath) - - if errors.Is(errOld, fs.ErrNotExist) || errNew == nil { - return false - } - - return true -} - func init() { runCmd.PersistentFlags().IntVar(&signalPort, "port", 80, "Server port to listen on (defaults to 443 if TLS is enabled, 80 otherwise") runCmd.Flags().StringVar(&signalSSLDir, "ssl-dir", defaultSignalSSLDir, "server ssl directory location. *Required only for Let's Encrypt certificates.")