mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-26 03:25:35 +00:00
ipn/ipnlocal: lazily connect to control, lazily generate machine key
Fixes #1573 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
parent
d50406f185
commit
9b57cd53ba
@ -18,6 +18,7 @@
|
|||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
"sync/atomic"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"inet.af/netaddr"
|
"inet.af/netaddr"
|
||||||
@ -567,6 +568,13 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
|
|||||||
return fmt.Errorf("loading requested state: %v", err)
|
return fmt.Errorf("loading requested state: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
wantRunning := b.prefs.WantRunning
|
||||||
|
if wantRunning {
|
||||||
|
if err := b.initMachineKeyLocked(); err != nil {
|
||||||
|
return fmt.Errorf("initMachineKeyLocked: %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
b.inServerMode = b.prefs.ForceDaemon
|
b.inServerMode = b.prefs.ForceDaemon
|
||||||
b.serverURL = b.prefs.ControlURL
|
b.serverURL = b.prefs.ControlURL
|
||||||
hostinfo.RoutableIPs = append(hostinfo.RoutableIPs, b.prefs.AdvertiseRoutes...)
|
hostinfo.RoutableIPs = append(hostinfo.RoutableIPs, b.prefs.AdvertiseRoutes...)
|
||||||
@ -579,7 +587,6 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
|
|||||||
b.notify = opts.Notify
|
b.notify = opts.Notify
|
||||||
b.setNetMapLocked(nil)
|
b.setNetMapLocked(nil)
|
||||||
persistv := b.prefs.Persist
|
persistv := b.prefs.Persist
|
||||||
machinePrivKey := b.machinePrivKey
|
|
||||||
b.mu.Unlock()
|
b.mu.Unlock()
|
||||||
|
|
||||||
b.updateFilter(nil, nil)
|
b.updateFilter(nil, nil)
|
||||||
@ -616,12 +623,7 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
|
|||||||
persistv = &persist.Persist{}
|
persistv = &persist.Persist{}
|
||||||
}
|
}
|
||||||
cli, err := controlclient.New(controlclient.Options{
|
cli, err := controlclient.New(controlclient.Options{
|
||||||
GetMachinePrivateKey: func() (wgkey.Private, error) {
|
GetMachinePrivateKey: b.createGetMachinePrivateKeyFunc(),
|
||||||
// TODO(bradfitz): finish pushing this laziness further; see
|
|
||||||
// https://github.com/tailscale/tailscale/issues/1573
|
|
||||||
// For now this is only lazy-ified in controlclient.
|
|
||||||
return machinePrivKey, nil
|
|
||||||
},
|
|
||||||
Logf: logger.WithPrefix(b.logf, "control: "),
|
Logf: logger.WithPrefix(b.logf, "control: "),
|
||||||
Persist: *persistv,
|
Persist: *persistv,
|
||||||
ServerURL: b.serverURL,
|
ServerURL: b.serverURL,
|
||||||
@ -664,7 +666,9 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
|
|||||||
b.send(ipn.Notify{BackendLogID: &blid})
|
b.send(ipn.Notify{BackendLogID: &blid})
|
||||||
b.send(ipn.Notify{Prefs: prefs})
|
b.send(ipn.Notify{Prefs: prefs})
|
||||||
|
|
||||||
|
if wantRunning {
|
||||||
cli.Login(nil, controlclient.LoginDefault)
|
cli.Login(nil, controlclient.LoginDefault)
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -924,6 +928,31 @@ func (b *LocalBackend) popBrowserAuthNow() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// For testing lazy machine key generation.
|
||||||
|
var panicOnMachineKeyGeneration, _ = strconv.ParseBool(os.Getenv("TS_DEBUG_PANIC_MACHINE_KEY"))
|
||||||
|
|
||||||
|
func (b *LocalBackend) createGetMachinePrivateKeyFunc() func() (wgkey.Private, error) {
|
||||||
|
var cache atomic.Value
|
||||||
|
return func() (wgkey.Private, error) {
|
||||||
|
if panicOnMachineKeyGeneration {
|
||||||
|
panic("machine key generated")
|
||||||
|
}
|
||||||
|
if v, ok := cache.Load().(wgkey.Private); ok {
|
||||||
|
return v, nil
|
||||||
|
}
|
||||||
|
b.mu.Lock()
|
||||||
|
defer b.mu.Unlock()
|
||||||
|
if v, ok := cache.Load().(wgkey.Private); ok {
|
||||||
|
return v, nil
|
||||||
|
}
|
||||||
|
if err := b.initMachineKeyLocked(); err != nil {
|
||||||
|
return wgkey.Private{}, err
|
||||||
|
}
|
||||||
|
cache.Store(b.machinePrivKey)
|
||||||
|
return b.machinePrivKey, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// initMachineKeyLocked is called to initialize b.machinePrivKey.
|
// initMachineKeyLocked is called to initialize b.machinePrivKey.
|
||||||
//
|
//
|
||||||
// b.prefs must already be initialized.
|
// b.prefs must already be initialized.
|
||||||
@ -1041,9 +1070,6 @@ func (b *LocalBackend) loadStateLocked(key ipn.StateKey, prefs *ipn.Prefs, legac
|
|||||||
// value instead of making up a new one.
|
// value instead of making up a new one.
|
||||||
b.logf("using frontend prefs: %s", prefs.Pretty())
|
b.logf("using frontend prefs: %s", prefs.Pretty())
|
||||||
b.prefs = prefs.Clone()
|
b.prefs = prefs.Clone()
|
||||||
if err := b.initMachineKeyLocked(); err != nil {
|
|
||||||
return fmt.Errorf("initMachineKeyLocked: %w", err)
|
|
||||||
}
|
|
||||||
b.writeServerModeStartState(b.userID, b.prefs)
|
b.writeServerModeStartState(b.userID, b.prefs)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -1076,11 +1102,9 @@ func (b *LocalBackend) loadStateLocked(key ipn.StateKey, prefs *ipn.Prefs, legac
|
|||||||
}
|
}
|
||||||
if !loaded {
|
if !loaded {
|
||||||
b.prefs = ipn.NewPrefs()
|
b.prefs = ipn.NewPrefs()
|
||||||
|
b.prefs.WantRunning = false
|
||||||
b.logf("created empty state for %q: %s", key, b.prefs.Pretty())
|
b.logf("created empty state for %q: %s", key, b.prefs.Pretty())
|
||||||
}
|
}
|
||||||
if err := b.initMachineKeyLocked(); err != nil {
|
|
||||||
return fmt.Errorf("initMachineKeyLocked: %w", err)
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
case err != nil:
|
case err != nil:
|
||||||
return fmt.Errorf("store.ReadState(%q): %v", key, err)
|
return fmt.Errorf("store.ReadState(%q): %v", key, err)
|
||||||
@ -1090,9 +1114,6 @@ func (b *LocalBackend) loadStateLocked(key ipn.StateKey, prefs *ipn.Prefs, legac
|
|||||||
return fmt.Errorf("PrefsFromBytes: %v", err)
|
return fmt.Errorf("PrefsFromBytes: %v", err)
|
||||||
}
|
}
|
||||||
b.logf("backend prefs for %q: %s", key, b.prefs.Pretty())
|
b.logf("backend prefs for %q: %s", key, b.prefs.Pretty())
|
||||||
if err := b.initMachineKeyLocked(); err != nil {
|
|
||||||
return fmt.Errorf("initMachineKeyLocked: %w", err)
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -335,7 +335,7 @@ func NewPrefs() *Prefs {
|
|||||||
RouteAll: true,
|
RouteAll: true,
|
||||||
AllowSingleHosts: true,
|
AllowSingleHosts: true,
|
||||||
CorpDNS: true,
|
CorpDNS: true,
|
||||||
WantRunning: true,
|
WantRunning: false,
|
||||||
NetfilterMode: preftype.NetfilterOn,
|
NetfilterMode: preftype.NetfilterOn,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user