2022-10-13 16:00:08 +02:00
|
|
|
package tsic
|
|
|
|
|
|
|
|
import (
|
2022-10-18 11:58:49 +02:00
|
|
|
"encoding/json"
|
2022-10-13 16:00:08 +02:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"log"
|
|
|
|
"net/netip"
|
2022-11-03 16:56:19 +01:00
|
|
|
"net/url"
|
2023-02-02 16:05:52 +01:00
|
|
|
"strconv"
|
2022-10-13 16:00:08 +02:00
|
|
|
"strings"
|
2023-02-02 16:05:52 +01:00
|
|
|
"time"
|
2022-10-13 16:00:08 +02:00
|
|
|
|
2023-05-11 09:09:18 +02:00
|
|
|
"github.com/juanfont/headscale/hscontrol/util"
|
2022-10-13 16:00:08 +02:00
|
|
|
"github.com/juanfont/headscale/integration/dockertestutil"
|
2022-11-06 20:22:21 +01:00
|
|
|
"github.com/juanfont/headscale/integration/integrationutil"
|
2022-10-13 16:00:08 +02:00
|
|
|
"github.com/ory/dockertest/v3"
|
|
|
|
"github.com/ory/dockertest/v3/docker"
|
2022-10-18 11:58:49 +02:00
|
|
|
"tailscale.com/ipn/ipnstate"
|
2022-10-13 16:00:08 +02:00
|
|
|
)
|
|
|
|
|
2022-10-18 12:09:10 +02:00
|
|
|
const (
|
2023-09-10 10:00:12 +02:00
|
|
|
tsicHashLength = 6
|
|
|
|
defaultPingTimeout = 300 * time.Millisecond
|
|
|
|
defaultPingCount = 10
|
|
|
|
dockerContextPath = "../."
|
|
|
|
headscaleCertPath = "/usr/local/share/ca-certificates/headscale.crt"
|
|
|
|
dockerExecuteTimeout = 60 * time.Second
|
2022-10-18 12:09:10 +02:00
|
|
|
)
|
2022-10-13 16:00:08 +02:00
|
|
|
|
2022-10-18 12:09:10 +02:00
|
|
|
var (
|
2022-11-03 16:56:19 +01:00
|
|
|
errTailscalePingFailed = errors.New("ping failed")
|
2023-04-13 21:09:09 +00:00
|
|
|
errTailscalePingNotDERP = errors.New("ping not via DERP")
|
2022-11-03 16:56:19 +01:00
|
|
|
errTailscaleNotLoggedIn = errors.New("tailscale not logged in")
|
|
|
|
errTailscaleWrongPeerCount = errors.New("wrong peer count")
|
|
|
|
errTailscaleCannotUpWithoutAuthkey = errors.New("cannot up without authkey")
|
|
|
|
errTailscaleNotConnected = errors.New("tailscale not connected")
|
2023-08-29 08:33:33 +02:00
|
|
|
errTailscaledNotReadyForLogin = errors.New("tailscaled not ready for login")
|
2022-10-18 12:09:10 +02:00
|
|
|
)
|
2022-10-13 16:00:08 +02:00
|
|
|
|
2023-08-29 08:33:33 +02:00
|
|
|
func errTailscaleStatus(hostname string, err error) error {
|
|
|
|
return fmt.Errorf("%s failed to fetch tailscale status: %w", hostname, err)
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// TailscaleInContainer is an implementation of TailscaleClient which
|
|
|
|
// sets up a Tailscale instance inside a container.
|
2022-10-13 16:00:08 +02:00
|
|
|
type TailscaleInContainer struct {
|
|
|
|
version string
|
2022-10-21 13:17:54 +02:00
|
|
|
hostname string
|
2022-10-13 16:00:08 +02:00
|
|
|
|
|
|
|
pool *dockertest.Pool
|
|
|
|
container *dockertest.Resource
|
|
|
|
network *dockertest.Network
|
2022-10-23 14:13:22 +02:00
|
|
|
|
|
|
|
// "cache"
|
|
|
|
ips []netip.Addr
|
|
|
|
fqdn string
|
2022-11-06 20:22:21 +01:00
|
|
|
|
|
|
|
// optional config
|
|
|
|
headscaleCert []byte
|
|
|
|
headscaleHostname string
|
2022-11-08 15:10:03 +00:00
|
|
|
withSSH bool
|
2023-02-02 16:05:52 +01:00
|
|
|
withTags []string
|
2023-03-20 08:52:52 +01:00
|
|
|
withEntrypoint []string
|
2023-04-13 21:09:09 +00:00
|
|
|
withExtraHosts []string
|
2023-03-20 08:52:52 +01:00
|
|
|
workdir string
|
2023-08-31 18:37:18 +02:00
|
|
|
netfilter string
|
2022-11-06 20:22:21 +01:00
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// Option represent optional settings that can be given to a
|
|
|
|
// Tailscale instance.
|
2022-11-06 20:22:21 +01:00
|
|
|
type Option = func(c *TailscaleInContainer)
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// WithHeadscaleTLS takes the certificate of the Headscale instance
|
|
|
|
// and adds it to the trusted surtificate of the Tailscale container.
|
2022-11-06 20:22:21 +01:00
|
|
|
func WithHeadscaleTLS(cert []byte) Option {
|
|
|
|
return func(tsic *TailscaleInContainer) {
|
|
|
|
tsic.headscaleCert = cert
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// WithOrCreateNetwork sets the Docker container network to use with
|
|
|
|
// the Tailscale instance, if the parameter is nil, a new network,
|
|
|
|
// isolating the TailscaleClient, will be created. If a network is
|
|
|
|
// passed, the Tailscale instance will join the given network.
|
2022-11-06 20:22:21 +01:00
|
|
|
func WithOrCreateNetwork(network *dockertest.Network) Option {
|
|
|
|
return func(tsic *TailscaleInContainer) {
|
|
|
|
if network != nil {
|
|
|
|
tsic.network = network
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
network, err := dockertestutil.GetFirstOrCreateNetwork(
|
|
|
|
tsic.pool,
|
|
|
|
fmt.Sprintf("%s-network", tsic.hostname),
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("failed to create network: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
tsic.network = network
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// WithHeadscaleName set the name of the headscale instance,
|
|
|
|
// mostly useful in combination with TLS and WithHeadscaleTLS.
|
2022-11-06 20:22:21 +01:00
|
|
|
func WithHeadscaleName(hsName string) Option {
|
|
|
|
return func(tsic *TailscaleInContainer) {
|
|
|
|
tsic.headscaleHostname = hsName
|
|
|
|
}
|
2022-10-13 16:00:08 +02:00
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// WithTags associates the given tags to the Tailscale instance.
|
2023-02-02 16:05:52 +01:00
|
|
|
func WithTags(tags []string) Option {
|
|
|
|
return func(tsic *TailscaleInContainer) {
|
|
|
|
tsic.withTags = tags
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// WithSSH enables SSH for the Tailscale instance.
|
2022-11-08 15:10:03 +00:00
|
|
|
func WithSSH() Option {
|
|
|
|
return func(tsic *TailscaleInContainer) {
|
|
|
|
tsic.withSSH = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-03-20 08:52:52 +01:00
|
|
|
// WithDockerWorkdir allows the docker working directory to be set.
|
|
|
|
func WithDockerWorkdir(dir string) Option {
|
|
|
|
return func(tsic *TailscaleInContainer) {
|
|
|
|
tsic.workdir = dir
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-04-13 21:09:09 +00:00
|
|
|
func WithExtraHosts(hosts []string) Option {
|
|
|
|
return func(tsic *TailscaleInContainer) {
|
|
|
|
tsic.withExtraHosts = hosts
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-03-20 08:52:52 +01:00
|
|
|
// WithDockerEntrypoint allows the docker entrypoint of the container
|
|
|
|
// to be overridden. This is a dangerous option which can make
|
|
|
|
// the container not work as intended as a typo might prevent
|
|
|
|
// tailscaled and other processes from starting.
|
|
|
|
// Use with caution.
|
|
|
|
func WithDockerEntrypoint(args []string) Option {
|
|
|
|
return func(tsic *TailscaleInContainer) {
|
|
|
|
tsic.withEntrypoint = args
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-08-31 18:37:18 +02:00
|
|
|
// WithNetfilter configures Tailscales parameter --netfilter-mode
|
|
|
|
// allowing us to turn of modifying ip[6]tables/nftables.
|
|
|
|
// It takes: "on", "off", "nodivert".
|
|
|
|
func WithNetfilter(state string) Option {
|
|
|
|
return func(tsic *TailscaleInContainer) {
|
|
|
|
tsic.netfilter = state
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// New returns a new TailscaleInContainer instance.
|
2022-10-13 16:00:08 +02:00
|
|
|
func New(
|
|
|
|
pool *dockertest.Pool,
|
|
|
|
version string,
|
2022-10-18 12:09:10 +02:00
|
|
|
network *dockertest.Network,
|
2022-11-06 20:22:21 +01:00
|
|
|
opts ...Option,
|
2022-10-18 12:09:10 +02:00
|
|
|
) (*TailscaleInContainer, error) {
|
2023-05-11 09:09:18 +02:00
|
|
|
hash, err := util.GenerateRandomStringDNSSafe(tsicHashLength)
|
2022-10-13 16:00:08 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2022-10-21 14:07:46 +02:00
|
|
|
hostname := fmt.Sprintf("ts-%s-%s", strings.ReplaceAll(version, ".", "-"), hash)
|
2022-10-13 16:00:08 +02:00
|
|
|
|
2022-11-06 20:22:21 +01:00
|
|
|
tsic := &TailscaleInContainer{
|
|
|
|
version: version,
|
|
|
|
hostname: hostname,
|
|
|
|
|
|
|
|
pool: pool,
|
|
|
|
network: network,
|
2023-03-20 08:52:52 +01:00
|
|
|
|
|
|
|
withEntrypoint: []string{
|
2023-08-29 08:33:33 +02:00
|
|
|
"/bin/sh",
|
2023-03-20 08:52:52 +01:00
|
|
|
"-c",
|
2023-07-24 08:58:51 +02:00
|
|
|
"/bin/sleep 3 ; update-ca-certificates ; tailscaled --tun=tsdev --verbose=10",
|
2023-03-20 08:52:52 +01:00
|
|
|
},
|
2022-11-06 20:22:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, opt := range opts {
|
|
|
|
opt(tsic)
|
|
|
|
}
|
2022-10-13 16:00:08 +02:00
|
|
|
|
|
|
|
tailscaleOptions := &dockertest.RunOptions{
|
|
|
|
Name: hostname,
|
2023-04-13 21:09:09 +00:00
|
|
|
Networks: []*dockertest.Network{tsic.network},
|
2022-11-06 20:22:21 +01:00
|
|
|
// Cmd: []string{
|
|
|
|
// "tailscaled", "--tun=tsdev",
|
|
|
|
// },
|
2023-03-20 08:52:52 +01:00
|
|
|
Entrypoint: tsic.withEntrypoint,
|
2023-04-13 21:09:09 +00:00
|
|
|
ExtraHosts: tsic.withExtraHosts,
|
2022-10-13 16:00:08 +02:00
|
|
|
}
|
|
|
|
|
2022-11-06 20:22:21 +01:00
|
|
|
if tsic.headscaleHostname != "" {
|
|
|
|
tailscaleOptions.ExtraHosts = []string{
|
|
|
|
"host.docker.internal:host-gateway",
|
|
|
|
fmt.Sprintf("%s:host-gateway", tsic.headscaleHostname),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-03-20 08:52:52 +01:00
|
|
|
if tsic.workdir != "" {
|
|
|
|
tailscaleOptions.WorkingDir = tsic.workdir
|
|
|
|
}
|
|
|
|
|
2022-10-13 16:00:08 +02:00
|
|
|
// dockertest isnt very good at handling containers that has already
|
|
|
|
// been created, this is an attempt to make sure this container isnt
|
|
|
|
// present.
|
|
|
|
err = pool.RemoveContainerByName(hostname)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-08-29 08:33:33 +02:00
|
|
|
var container *dockertest.Resource
|
|
|
|
switch version {
|
|
|
|
case "head":
|
|
|
|
buildOptions := &dockertest.BuildOptions{
|
|
|
|
Dockerfile: "Dockerfile.tailscale-HEAD",
|
|
|
|
ContextDir: dockerContextPath,
|
|
|
|
BuildArgs: []docker.BuildArg{},
|
|
|
|
}
|
|
|
|
|
|
|
|
container, err = pool.BuildAndRunWithBuildOptions(
|
|
|
|
buildOptions,
|
|
|
|
tailscaleOptions,
|
|
|
|
dockertestutil.DockerRestartPolicy,
|
|
|
|
dockertestutil.DockerAllowLocalIPv6,
|
|
|
|
dockertestutil.DockerAllowNetworkAdministration,
|
|
|
|
)
|
|
|
|
case "unstable":
|
|
|
|
tailscaleOptions.Repository = "tailscale/tailscale"
|
|
|
|
tailscaleOptions.Tag = version
|
|
|
|
|
|
|
|
container, err = pool.RunWithOptions(
|
|
|
|
tailscaleOptions,
|
|
|
|
dockertestutil.DockerRestartPolicy,
|
|
|
|
dockertestutil.DockerAllowLocalIPv6,
|
|
|
|
dockertestutil.DockerAllowNetworkAdministration,
|
|
|
|
)
|
|
|
|
default:
|
|
|
|
tailscaleOptions.Repository = "tailscale/tailscale"
|
|
|
|
tailscaleOptions.Tag = "v" + version
|
|
|
|
|
|
|
|
container, err = pool.RunWithOptions(
|
|
|
|
tailscaleOptions,
|
|
|
|
dockertestutil.DockerRestartPolicy,
|
|
|
|
dockertestutil.DockerAllowLocalIPv6,
|
|
|
|
dockertestutil.DockerAllowNetworkAdministration,
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2022-10-13 16:00:08 +02:00
|
|
|
if err != nil {
|
2023-05-02 11:51:30 +02:00
|
|
|
return nil, fmt.Errorf(
|
2023-08-29 08:33:33 +02:00
|
|
|
"%s could not start tailscale container (version: %s): %w",
|
|
|
|
hostname,
|
2023-05-02 11:51:30 +02:00
|
|
|
version,
|
|
|
|
err,
|
|
|
|
)
|
2022-10-13 16:00:08 +02:00
|
|
|
}
|
|
|
|
log.Printf("Created %s container\n", hostname)
|
|
|
|
|
2022-11-06 20:22:21 +01:00
|
|
|
tsic.container = container
|
|
|
|
|
|
|
|
if tsic.hasTLS() {
|
|
|
|
err = tsic.WriteFile(headscaleCertPath, tsic.headscaleCert)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to write TLS certificate to container: %w", err)
|
|
|
|
}
|
|
|
|
}
|
2022-10-13 16:00:08 +02:00
|
|
|
|
2022-11-06 20:22:21 +01:00
|
|
|
return tsic, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (t *TailscaleInContainer) hasTLS() bool {
|
|
|
|
return len(t.headscaleCert) != 0
|
2022-10-13 16:00:08 +02:00
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// Shutdown stops and cleans up the Tailscale container.
|
2022-10-13 16:00:08 +02:00
|
|
|
func (t *TailscaleInContainer) Shutdown() error {
|
|
|
|
return t.pool.Purge(t.container)
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// Hostname returns the hostname of the Tailscale instance.
|
2022-10-21 13:17:54 +02:00
|
|
|
func (t *TailscaleInContainer) Hostname() string {
|
|
|
|
return t.hostname
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// Version returns the running Tailscale version of the instance.
|
2022-10-18 11:58:49 +02:00
|
|
|
func (t *TailscaleInContainer) Version() string {
|
|
|
|
return t.version
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// ID returns the Docker container ID of the TailscaleInContainer
|
|
|
|
// instance.
|
2022-11-08 15:09:52 +00:00
|
|
|
func (t *TailscaleInContainer) ID() string {
|
|
|
|
return t.container.Container.ID
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// Execute runs a command inside the Tailscale container and returns the
|
|
|
|
// result of stdout as a string.
|
2022-10-23 14:13:22 +02:00
|
|
|
func (t *TailscaleInContainer) Execute(
|
|
|
|
command []string,
|
2023-04-13 21:09:09 +00:00
|
|
|
options ...dockertestutil.ExecuteCommandOption,
|
2022-11-03 16:50:20 +01:00
|
|
|
) (string, string, error) {
|
2022-10-23 14:13:22 +02:00
|
|
|
stdout, stderr, err := dockertestutil.ExecuteCommand(
|
|
|
|
t.container,
|
|
|
|
command,
|
|
|
|
[]string{},
|
2023-04-13 21:09:09 +00:00
|
|
|
options...,
|
2022-10-23 14:13:22 +02:00
|
|
|
)
|
|
|
|
if err != nil {
|
2023-09-03 12:30:11 +02:00
|
|
|
// log.Printf("command issued: %s", strings.Join(command, " "))
|
2023-08-29 08:33:33 +02:00
|
|
|
// log.Printf("command stderr: %s\n", stderr)
|
2022-10-23 14:13:22 +02:00
|
|
|
|
2022-10-25 09:24:05 +02:00
|
|
|
if stdout != "" {
|
|
|
|
log.Printf("command stdout: %s\n", stdout)
|
|
|
|
}
|
|
|
|
|
2022-10-23 14:13:22 +02:00
|
|
|
if strings.Contains(stderr, "NeedsLogin") {
|
2022-11-03 16:50:20 +01:00
|
|
|
return stdout, stderr, errTailscaleNotLoggedIn
|
2022-10-23 14:13:22 +02:00
|
|
|
}
|
|
|
|
|
2022-11-03 16:50:20 +01:00
|
|
|
return stdout, stderr, err
|
2022-10-23 14:13:22 +02:00
|
|
|
}
|
|
|
|
|
2022-11-03 16:50:20 +01:00
|
|
|
return stdout, stderr, nil
|
2022-10-23 14:13:22 +02:00
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// Up runs the login routine on the given Tailscale instance.
|
|
|
|
// This login mechanism uses the authorised key for authentication.
|
2023-08-29 08:33:33 +02:00
|
|
|
func (t *TailscaleInContainer) Login(
|
2022-10-13 16:00:08 +02:00
|
|
|
loginServer, authKey string,
|
|
|
|
) error {
|
|
|
|
command := []string{
|
|
|
|
"tailscale",
|
|
|
|
"up",
|
2023-08-29 08:33:33 +02:00
|
|
|
"--login-server=" + loginServer,
|
|
|
|
"--authkey=" + authKey,
|
|
|
|
"--hostname=" + t.hostname,
|
2023-09-03 13:54:41 +02:00
|
|
|
"--accept-routes=false",
|
2022-10-13 16:00:08 +02:00
|
|
|
}
|
|
|
|
|
2022-11-08 15:10:03 +00:00
|
|
|
if t.withSSH {
|
|
|
|
command = append(command, "--ssh")
|
|
|
|
}
|
|
|
|
|
2023-08-31 18:37:18 +02:00
|
|
|
if t.netfilter != "" {
|
|
|
|
command = append(command, "--netfilter-mode="+t.netfilter)
|
|
|
|
}
|
|
|
|
|
2023-02-02 16:05:52 +01:00
|
|
|
if len(t.withTags) > 0 {
|
|
|
|
command = append(command,
|
|
|
|
fmt.Sprintf(`--advertise-tags=%s`, strings.Join(t.withTags, ",")),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2023-09-10 10:00:12 +02:00
|
|
|
if _, _, err := t.Execute(command, dockertestutil.ExecuteCommandTimeout(dockerExecuteTimeout)); err != nil {
|
2023-08-29 08:33:33 +02:00
|
|
|
return fmt.Errorf(
|
|
|
|
"%s failed to join tailscale client (%s): %w",
|
|
|
|
t.hostname,
|
|
|
|
strings.Join(command, " "),
|
|
|
|
err,
|
|
|
|
)
|
2022-10-18 11:58:49 +02:00
|
|
|
}
|
|
|
|
|
2022-10-13 16:00:08 +02:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// Up runs the login routine on the given Tailscale instance.
|
|
|
|
// This login mechanism uses web + command line flow for authentication.
|
2023-08-29 08:33:33 +02:00
|
|
|
func (t *TailscaleInContainer) LoginWithURL(
|
2022-11-03 16:56:19 +01:00
|
|
|
loginServer string,
|
|
|
|
) (*url.URL, error) {
|
|
|
|
command := []string{
|
|
|
|
"tailscale",
|
|
|
|
"up",
|
2023-08-29 08:33:33 +02:00
|
|
|
"--login-server=" + loginServer,
|
|
|
|
"--hostname=" + t.hostname,
|
2023-09-03 13:54:41 +02:00
|
|
|
"--accept-routes=false",
|
2022-11-03 16:56:19 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
_, stderr, err := t.Execute(command)
|
2022-11-13 21:25:19 +01:00
|
|
|
if errors.Is(err, errTailscaleNotLoggedIn) {
|
2022-11-03 16:56:19 +01:00
|
|
|
return nil, errTailscaleCannotUpWithoutAuthkey
|
|
|
|
}
|
|
|
|
|
|
|
|
urlStr := strings.ReplaceAll(stderr, "\nTo authenticate, visit:\n\n\t", "")
|
|
|
|
urlStr = strings.TrimSpace(urlStr)
|
|
|
|
|
|
|
|
// parse URL
|
2022-11-13 21:25:19 +01:00
|
|
|
loginURL, err := url.Parse(urlStr)
|
2022-11-03 16:56:19 +01:00
|
|
|
if err != nil {
|
|
|
|
log.Printf("Could not parse login URL: %s", err)
|
|
|
|
log.Printf("Original join command result: %s", stderr)
|
2022-11-13 21:25:19 +01:00
|
|
|
|
2022-11-03 16:56:19 +01:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2022-11-13 21:25:19 +01:00
|
|
|
return loginURL, nil
|
2022-11-03 16:56:19 +01:00
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// Logout runs the logout routine on the given Tailscale instance.
|
2022-12-21 22:29:52 +00:00
|
|
|
func (t *TailscaleInContainer) Logout() error {
|
|
|
|
_, _, err := t.Execute([]string{"tailscale", "logout"})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// IPs returns the netip.Addr of the Tailscale instance.
|
2022-10-13 16:00:08 +02:00
|
|
|
func (t *TailscaleInContainer) IPs() ([]netip.Addr, error) {
|
2022-10-23 14:13:22 +02:00
|
|
|
if t.ips != nil && len(t.ips) != 0 {
|
|
|
|
return t.ips, nil
|
|
|
|
}
|
|
|
|
|
2022-10-13 16:00:08 +02:00
|
|
|
ips := make([]netip.Addr, 0)
|
|
|
|
|
|
|
|
command := []string{
|
|
|
|
"tailscale",
|
|
|
|
"ip",
|
|
|
|
}
|
|
|
|
|
2022-11-03 16:50:20 +01:00
|
|
|
result, _, err := t.Execute(command)
|
2022-10-13 16:00:08 +02:00
|
|
|
if err != nil {
|
2023-08-29 08:33:33 +02:00
|
|
|
return []netip.Addr{}, fmt.Errorf("%s failed to join tailscale client: %w", t.hostname, err)
|
2022-10-13 16:00:08 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, address := range strings.Split(result, "\n") {
|
|
|
|
address = strings.TrimSuffix(address, "\n")
|
|
|
|
if len(address) < 1 {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
ip, err := netip.ParseAddr(address)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
ips = append(ips, ip)
|
|
|
|
}
|
|
|
|
|
|
|
|
return ips, nil
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// Status returns the ipnstate.Status of the Tailscale instance.
|
2022-10-18 11:58:49 +02:00
|
|
|
func (t *TailscaleInContainer) Status() (*ipnstate.Status, error) {
|
2022-10-13 16:00:08 +02:00
|
|
|
command := []string{
|
2022-10-18 11:58:49 +02:00
|
|
|
"tailscale",
|
|
|
|
"status",
|
|
|
|
"--json",
|
2022-10-13 16:00:08 +02:00
|
|
|
}
|
|
|
|
|
2022-11-03 16:50:20 +01:00
|
|
|
result, _, err := t.Execute(command)
|
2022-10-13 16:00:08 +02:00
|
|
|
if err != nil {
|
2022-10-18 11:58:49 +02:00
|
|
|
return nil, fmt.Errorf("failed to execute tailscale status command: %w", err)
|
2022-10-13 16:00:08 +02:00
|
|
|
}
|
|
|
|
|
2022-10-18 11:58:49 +02:00
|
|
|
var status ipnstate.Status
|
|
|
|
err = json.Unmarshal([]byte(result), &status)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to unmarshal tailscale status: %w", err)
|
2022-10-13 16:00:08 +02:00
|
|
|
}
|
|
|
|
|
2022-10-18 11:58:49 +02:00
|
|
|
return &status, err
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// FQDN returns the FQDN as a string of the Tailscale instance.
|
2022-10-21 17:44:40 +02:00
|
|
|
func (t *TailscaleInContainer) FQDN() (string, error) {
|
2022-10-23 14:13:22 +02:00
|
|
|
if t.fqdn != "" {
|
|
|
|
return t.fqdn, nil
|
|
|
|
}
|
|
|
|
|
2022-10-21 17:44:40 +02:00
|
|
|
status, err := t.Status()
|
|
|
|
if err != nil {
|
|
|
|
return "", fmt.Errorf("failed to get FQDN: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return status.Self.DNSName, nil
|
|
|
|
}
|
|
|
|
|
2023-08-29 08:33:33 +02:00
|
|
|
// WaitForNeedsLogin blocks until the Tailscale (tailscaled) instance has
|
|
|
|
// started and needs to be logged into.
|
|
|
|
func (t *TailscaleInContainer) WaitForNeedsLogin() error {
|
2022-11-13 13:06:53 +01:00
|
|
|
return t.pool.Retry(func() error {
|
|
|
|
status, err := t.Status()
|
|
|
|
if err != nil {
|
2023-08-29 08:33:33 +02:00
|
|
|
return errTailscaleStatus(t.hostname, err)
|
2022-11-13 13:06:53 +01:00
|
|
|
}
|
|
|
|
|
2023-08-29 08:33:33 +02:00
|
|
|
// ipnstate.Status.CurrentTailnet was added in Tailscale 1.22.0
|
|
|
|
// https://github.com/tailscale/tailscale/pull/3865
|
|
|
|
//
|
|
|
|
// Before that, we can check the BackendState to see if the
|
|
|
|
// tailscaled daemon is connected to the control system.
|
|
|
|
if status.BackendState == "NeedsLogin" {
|
2022-11-13 13:06:53 +01:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-08-29 08:33:33 +02:00
|
|
|
return errTailscaledNotReadyForLogin
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// WaitForRunning blocks until the Tailscale (tailscaled) instance is logged in
|
|
|
|
// and ready to be used.
|
|
|
|
func (t *TailscaleInContainer) WaitForRunning() error {
|
|
|
|
return t.pool.Retry(func() error {
|
|
|
|
status, err := t.Status()
|
|
|
|
if err != nil {
|
|
|
|
return errTailscaleStatus(t.hostname, err)
|
|
|
|
}
|
|
|
|
|
2023-04-12 09:25:51 +02:00
|
|
|
// ipnstate.Status.CurrentTailnet was added in Tailscale 1.22.0
|
|
|
|
// https://github.com/tailscale/tailscale/pull/3865
|
|
|
|
//
|
|
|
|
// Before that, we can check the BackendState to see if the
|
|
|
|
// tailscaled daemon is connected to the control system.
|
|
|
|
if status.BackendState == "Running" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-11-13 13:06:53 +01:00
|
|
|
return errTailscaleNotConnected
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// WaitForPeers blocks until N number of peers is present in the
|
|
|
|
// Peer list of the Tailscale instance.
|
2022-10-18 11:58:49 +02:00
|
|
|
func (t *TailscaleInContainer) WaitForPeers(expected int) error {
|
|
|
|
return t.pool.Retry(func() error {
|
|
|
|
status, err := t.Status()
|
|
|
|
if err != nil {
|
2023-08-29 08:33:33 +02:00
|
|
|
return errTailscaleStatus(t.hostname, err)
|
2022-10-18 11:58:49 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if peers := status.Peers(); len(peers) != expected {
|
2023-08-29 08:33:33 +02:00
|
|
|
return fmt.Errorf(
|
|
|
|
"%s err: %w expected %d, got %d",
|
|
|
|
t.hostname,
|
|
|
|
errTailscaleWrongPeerCount,
|
|
|
|
expected,
|
|
|
|
len(peers),
|
|
|
|
)
|
2022-10-18 11:58:49 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2023-02-02 16:05:52 +01:00
|
|
|
type (
|
2023-04-13 21:09:09 +00:00
|
|
|
// PingOption represent optional settings that can be given
|
2023-02-03 12:24:27 +01:00
|
|
|
// to ping another host.
|
2023-02-02 16:05:52 +01:00
|
|
|
PingOption = func(args *pingArgs)
|
2023-02-03 12:24:27 +01:00
|
|
|
|
|
|
|
pingArgs struct {
|
2023-02-02 16:05:52 +01:00
|
|
|
timeout time.Duration
|
|
|
|
count int
|
|
|
|
direct bool
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// WithPingTimeout sets the timeout for the ping command.
|
2023-02-02 16:05:52 +01:00
|
|
|
func WithPingTimeout(timeout time.Duration) PingOption {
|
|
|
|
return func(args *pingArgs) {
|
|
|
|
args.timeout = timeout
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// WithPingCount sets the count of pings to attempt.
|
2023-02-02 16:05:52 +01:00
|
|
|
func WithPingCount(count int) PingOption {
|
|
|
|
return func(args *pingArgs) {
|
|
|
|
args.count = count
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// WithPingUntilDirect decides if the ping should only succeed
|
|
|
|
// if a direct connection is established or if successful
|
|
|
|
// DERP ping is sufficient.
|
2023-02-02 16:05:52 +01:00
|
|
|
func WithPingUntilDirect(direct bool) PingOption {
|
|
|
|
return func(args *pingArgs) {
|
|
|
|
args.direct = direct
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// Ping executes the Tailscale ping command and pings a hostname
|
|
|
|
// or IP. It accepts a series of PingOption.
|
2022-10-18 12:09:10 +02:00
|
|
|
// TODO(kradalby): Make multiping, go routine magic.
|
2023-02-02 16:05:52 +01:00
|
|
|
func (t *TailscaleInContainer) Ping(hostnameOrIP string, opts ...PingOption) error {
|
|
|
|
args := pingArgs{
|
2023-08-09 22:56:21 +02:00
|
|
|
timeout: defaultPingTimeout,
|
2023-02-02 16:05:52 +01:00
|
|
|
count: defaultPingCount,
|
|
|
|
direct: true,
|
|
|
|
}
|
2022-10-18 11:58:49 +02:00
|
|
|
|
2023-02-02 16:05:52 +01:00
|
|
|
for _, opt := range opts {
|
|
|
|
opt(&args)
|
|
|
|
}
|
|
|
|
|
|
|
|
command := []string{
|
|
|
|
"tailscale", "ping",
|
|
|
|
fmt.Sprintf("--timeout=%s", args.timeout),
|
|
|
|
fmt.Sprintf("--c=%d", args.count),
|
|
|
|
fmt.Sprintf("--until-direct=%s", strconv.FormatBool(args.direct)),
|
|
|
|
}
|
|
|
|
|
|
|
|
command = append(command, hostnameOrIP)
|
|
|
|
|
2023-07-26 17:51:33 +02:00
|
|
|
result, _, err := t.Execute(
|
|
|
|
command,
|
|
|
|
dockertestutil.ExecuteCommandTimeout(
|
|
|
|
time.Duration(int64(args.timeout)*int64(args.count)),
|
|
|
|
),
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
log.Printf(
|
|
|
|
"failed to run ping command from %s to %s, err: %s",
|
|
|
|
t.Hostname(),
|
|
|
|
hostnameOrIP,
|
|
|
|
err,
|
2023-04-13 21:09:09 +00:00
|
|
|
)
|
|
|
|
|
2023-07-26 17:51:33 +02:00
|
|
|
return err
|
|
|
|
}
|
2023-04-13 21:09:09 +00:00
|
|
|
|
2023-07-26 17:51:33 +02:00
|
|
|
if strings.Contains(result, "is local") {
|
|
|
|
return nil
|
|
|
|
}
|
2023-04-13 21:09:09 +00:00
|
|
|
|
2023-07-26 17:51:33 +02:00
|
|
|
if !strings.Contains(result, "pong") {
|
|
|
|
return errTailscalePingFailed
|
|
|
|
}
|
2023-04-13 21:09:09 +00:00
|
|
|
|
2023-07-26 17:51:33 +02:00
|
|
|
if !args.direct {
|
|
|
|
if strings.Contains(result, "via DERP") {
|
|
|
|
return nil
|
|
|
|
} else {
|
|
|
|
return errTailscalePingNotDERP
|
2023-04-13 21:09:09 +00:00
|
|
|
}
|
2023-07-26 17:51:33 +02:00
|
|
|
}
|
2023-04-13 21:09:09 +00:00
|
|
|
|
2023-07-26 17:51:33 +02:00
|
|
|
return nil
|
2023-04-13 21:09:09 +00:00
|
|
|
}
|
|
|
|
|
2023-03-20 08:52:52 +01:00
|
|
|
type (
|
|
|
|
// CurlOption repreent optional settings that can be given
|
|
|
|
// to curl another host.
|
|
|
|
CurlOption = func(args *curlArgs)
|
|
|
|
|
|
|
|
curlArgs struct {
|
|
|
|
connectionTimeout time.Duration
|
|
|
|
maxTime time.Duration
|
|
|
|
retry int
|
|
|
|
retryDelay time.Duration
|
|
|
|
retryMaxTime time.Duration
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
// WithCurlConnectionTimeout sets the timeout for each connection started
|
|
|
|
// by curl.
|
|
|
|
func WithCurlConnectionTimeout(timeout time.Duration) CurlOption {
|
|
|
|
return func(args *curlArgs) {
|
|
|
|
args.connectionTimeout = timeout
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// WithCurlMaxTime sets the max time for a transfer for each connection started
|
|
|
|
// by curl.
|
|
|
|
func WithCurlMaxTime(t time.Duration) CurlOption {
|
|
|
|
return func(args *curlArgs) {
|
|
|
|
args.maxTime = t
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// WithCurlRetry sets the number of retries a connection is attempted by curl.
|
|
|
|
func WithCurlRetry(ret int) CurlOption {
|
|
|
|
return func(args *curlArgs) {
|
|
|
|
args.retry = ret
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
const (
|
|
|
|
defaultConnectionTimeout = 3 * time.Second
|
|
|
|
defaultMaxTime = 10 * time.Second
|
|
|
|
defaultRetry = 5
|
|
|
|
defaultRetryDelay = 0 * time.Second
|
|
|
|
defaultRetryMaxTime = 50 * time.Second
|
|
|
|
)
|
|
|
|
|
|
|
|
// Curl executes the Tailscale curl command and curls a hostname
|
|
|
|
// or IP. It accepts a series of CurlOption.
|
|
|
|
func (t *TailscaleInContainer) Curl(url string, opts ...CurlOption) (string, error) {
|
|
|
|
args := curlArgs{
|
|
|
|
connectionTimeout: defaultConnectionTimeout,
|
|
|
|
maxTime: defaultMaxTime,
|
|
|
|
retry: defaultRetry,
|
|
|
|
retryDelay: defaultRetryDelay,
|
|
|
|
retryMaxTime: defaultRetryMaxTime,
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, opt := range opts {
|
|
|
|
opt(&args)
|
|
|
|
}
|
|
|
|
|
|
|
|
command := []string{
|
|
|
|
"curl",
|
|
|
|
"--silent",
|
|
|
|
"--connect-timeout", fmt.Sprintf("%d", int(args.connectionTimeout.Seconds())),
|
|
|
|
"--max-time", fmt.Sprintf("%d", int(args.maxTime.Seconds())),
|
|
|
|
"--retry", fmt.Sprintf("%d", args.retry),
|
|
|
|
"--retry-delay", fmt.Sprintf("%d", int(args.retryDelay.Seconds())),
|
|
|
|
"--retry-max-time", fmt.Sprintf("%d", int(args.retryMaxTime.Seconds())),
|
|
|
|
url,
|
|
|
|
}
|
|
|
|
|
|
|
|
var result string
|
2023-07-26 17:51:33 +02:00
|
|
|
result, _, err := t.Execute(command)
|
|
|
|
if err != nil {
|
|
|
|
log.Printf(
|
|
|
|
"failed to run curl command from %s to %s, err: %s",
|
|
|
|
t.Hostname(),
|
|
|
|
url,
|
|
|
|
err,
|
|
|
|
)
|
2023-03-20 08:52:52 +01:00
|
|
|
|
2023-07-26 17:51:33 +02:00
|
|
|
return result, err
|
|
|
|
}
|
2023-03-20 08:52:52 +01:00
|
|
|
|
2023-07-26 17:51:33 +02:00
|
|
|
return result, nil
|
2023-03-20 08:52:52 +01:00
|
|
|
}
|
|
|
|
|
2023-02-03 12:24:27 +01:00
|
|
|
// WriteFile save file inside the Tailscale container.
|
2022-11-06 20:22:21 +01:00
|
|
|
func (t *TailscaleInContainer) WriteFile(path string, data []byte) error {
|
|
|
|
return integrationutil.WriteFileToContainer(t.pool, t.container, path, data)
|
|
|
|
}
|