isle/go/daemon/daecommon/config.go

package daecommon

import (
	"bytes"
	"fmt"
	"io"
	"isle/bootstrap"
	"isle/toolkit"
	"isle/yamlutil"
	"net"
	"strconv"

	_ "embed"

	"dev.mediocregopher.com/mediocre-go-lib.git/mctx"
	"gopkg.in/yaml.v3"
)

const (
	// Network ID used when translating from the old single-network daemon
	// config to the multi-network config.
	DeprecatedNetworkID = "_" // DEPRECATED
)

//go:embed daemon.yml
var defaultConfigB []byte

type ConfigTun struct {
	Device string `yaml:"device"`
}

type ConfigFirewall struct {
	Outbound []ConfigFirewallRule `yaml:"outbound"`
	Inbound  []ConfigFirewallRule `yaml:"inbound"`
}

type ConfigFirewallRule struct {
	Port   string   `yaml:"port,omitempty"`
	Code   string   `yaml:"code,omitempty"`
	Proto  string   `yaml:"proto,omitempty"`
	Host   string   `yaml:"host,omitempty"`
	Group  string   `yaml:"group,omitempty"`
	Groups []string `yaml:"groups,omitempty"`
	CIDR   string   `yaml:"cidr,omitempty"`
	CASha  string   `yaml:"ca_sha,omitempty"`
	CAName string   `yaml:"ca_name,omitempty"`
}

// ConfigStorageAllocation describes the structure of each storage allocation
// within the daemon config file.
type ConfigStorageAllocation struct {
	DataPath  string `yaml:"data_path"`
	MetaPath  string `yaml:"meta_path"`
	Capacity  int    `yaml:"capacity"`
	S3APIPort int    `yaml:"s3_api_port"`
	RPCPort   int    `yaml:"rpc_port"`
	AdminPort int    `yaml:"admin_port"`

	// Zone is a secret option which makes it easier to test garage bugs, but
	// which we don't want users to otherwise know about.
	Zone string `yaml:"zone"`
}

// Annotate implements the mctx.Annotator interface.
func (csa ConfigStorageAllocation) Annotate(aa mctx.Annotations) {
	aa["allocDataPath"] = csa.DataPath
	aa["allocMetaPath"] = csa.MetaPath
	aa["allocCapacity"] = csa.Capacity
	aa["allocS3APIPort"] = csa.S3APIPort
	aa["allocRPCPort"] = csa.RPCPort
	aa["allocAdminPort"] = csa.AdminPort
}

// NetworkConfig describes the configuration of a single network.
type NetworkConfig struct {
	DNS struct {
		Resolvers []string `yaml:"resolvers"`
	} `yaml:"dns"`
	VPN struct {
		PublicAddr string         `yaml:"public_addr"`
		Firewall   ConfigFirewall `yaml:"firewall"`
		Tun        ConfigTun      `yaml:"tun"`
	} `yaml:"vpn"`
	Storage struct {
		Allocations []ConfigStorageAllocation `yaml:"allocations"`
	} `yaml:"storage"`
}

func (c *NetworkConfig) fillDefaults() {
	if c.DNS.Resolvers == nil {
		c.DNS.Resolvers = []string{
			"1.1.1.1",
			"8.8.8.8",
		}
	}

	if c.VPN.Firewall.Outbound == nil {
		c.VPN.Firewall.Outbound = []ConfigFirewallRule{
			{
				Port:  "any",
				Proto: "any",
				Host:  "any",
			},
		}
	}

	if c.VPN.Firewall.Inbound == nil {
		c.VPN.Firewall.Inbound = []ConfigFirewallRule{
			{
				Port:  "any",
				Proto: "icmp",
				Host:  "any",
			},
		}
	}

	if c.VPN.Tun.Device == "" {
		c.VPN.Tun.Device = "isle-tun"
	}

	var firewallGarageInbound []ConfigFirewallRule

	for i := range c.Storage.Allocations {
		if c.Storage.Allocations[i].RPCPort == 0 {
			c.Storage.Allocations[i].RPCPort = 3900 + (i * 10)
		}

		if c.Storage.Allocations[i].S3APIPort == 0 {
			c.Storage.Allocations[i].S3APIPort = 3901 + (i * 10)
		}

		if c.Storage.Allocations[i].AdminPort == 0 {
			c.Storage.Allocations[i].AdminPort = 3902 + (i * 10)
		}

		alloc := c.Storage.Allocations[i]

		firewallGarageInbound = append(
			firewallGarageInbound,
			ConfigFirewallRule{
				Port:  strconv.Itoa(alloc.S3APIPort),
				Proto: "tcp",
				Host:  "any",
			},
			ConfigFirewallRule{
				Port:  strconv.Itoa(alloc.RPCPort),
				Proto: "tcp",
				Host:  "any",
			},
		)
	}

	c.VPN.Firewall.Inbound = append(
		c.VPN.Firewall.Inbound,
		firewallGarageInbound...,
	)
}

// UnmarshalYAML implements the yaml.Unmarshaler interface. It will attempt to
// fill in default values where it can.
func (c *NetworkConfig) UnmarshalYAML(n *yaml.Node) error {
	type wrap NetworkConfig
	if err := n.Decode((*wrap)(c)); err != nil {
		return fmt.Errorf("decoding into %T: %w", c, err)
	}

	c.fillDefaults()
	return nil
}

// Config describes the structure of the daemon config file.
type Config struct {
	Networks map[string]NetworkConfig `yaml:"networks"`
}

// Validate asserts that the Config has no internal inconsistencies which would
// render it unusable.
func (c Config) Validate() error {
	nebulaPorts := map[string]string{}

	for id, network := range c.Networks {
		if network.VPN.PublicAddr == "" {
			continue
		}

		_, port, err := net.SplitHostPort(network.VPN.PublicAddr)
		if err != nil {
			return fmt.Errorf(
				"invalid vpn.public_addr %q: %w", network.VPN.PublicAddr, err,
			)
		} else if otherID, ok := nebulaPorts[port]; ok {
			return fmt.Errorf(
				"two networks with the same vpn.public_addr: %q and %q",
				id,
				otherID,
			)
		}

		nebulaPorts[port] = id
	}

	return nil
}

// CopyDefaultConfig copies the daemon config file embedded in the AppDir into
// the given io.Writer.
func CopyDefaultConfig(into io.Writer) error {
	_, err := io.Copy(into, bytes.NewReader(defaultConfigB))
	return err
}

// UnmarshalYAML implements the yaml.Unmarshaler interface. It will attempt to
// fill in default values where it can.
func (c *Config) UnmarshalYAML(n *yaml.Node) error {
	{ // DEPRECATED
		var networkConfig NetworkConfig
		_ = n.Decode(&networkConfig)
		if !toolkit.IsZero(networkConfig) {
			*c = Config{
				Networks: map[string]NetworkConfig{
					DeprecatedNetworkID: networkConfig,
				},
			}
			return c.Validate()
		}
	}

	type wrap Config
	if err := n.Decode((*wrap)(c)); err != nil {
		return fmt.Errorf("yaml unmarshaling back into Config struct: %w", err)
	}

	return c.Validate()
}

// LoadConfig loads the daemon config from userConfigPath.
//
// If userConfigPath is not given then the default is loaded and returned.
func LoadConfig(userConfigPath string) (Config, error) {
	if userConfigPath == "" {
		return Config{}, nil
	}

	var config Config
	err := yamlutil.LoadYamlFile(&config, userConfigPath)
	return config, err
}

// BootstrapGarageHostForAlloc returns the bootstrap.GarageHostInstance which
// corresponds with the given alloc from the daemon config. This will panic if
// no associated instance can be found.
func BootstrapGarageHostForAlloc(
	host bootstrap.Host, alloc ConfigStorageAllocation,
) bootstrap.GarageHostInstance {
	for _, inst := range host.Garage.Instances {
		if inst.RPCPort == alloc.RPCPort {
			return inst
		}
	}

	panic(fmt.Sprintf("could not find alloc %+v in the bootstrap data", alloc))
}
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			`package daecommon`

			`import (`
Embed default daemon.yml directly in entrypoint 2024-09-24 09:22:00 +00:00			`"bytes"`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			`"fmt"`
			`"io"`
Factor daemon.Children into its own package 2024-09-07 13:46:59 +00:00			`"isle/bootstrap"`
Support configuring more than one network 2024-09-10 20:51:33 +00:00			`"isle/toolkit"`
Implement initial go test for network.Create 2024-10-05 21:03:26 +00:00			`"isle/yamlutil"`
Check that two different networks aren't trying to use the same nebula port 2024-09-12 06:59:23 +00:00			`"net"`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			`"strconv"`

Embed default daemon.yml directly in entrypoint 2024-09-24 09:22:00 +00:00			`_ "embed"`

Block for bucket list to sync across garage instances during init 2024-11-05 20:25:04 +00:00			`"dev.mediocregopher.com/mediocre-go-lib.git/mctx"`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			`"gopkg.in/yaml.v3"`
			`)`

Support configuring more than one network 2024-09-10 20:51:33 +00:00			`const (`
			`// Network ID used when translating from the old single-network daemon`
			`// config to the multi-network config.`
			`DeprecatedNetworkID = "_" // DEPRECATED`
			`)`

Embed default daemon.yml directly in entrypoint 2024-09-24 09:22:00 +00:00			`//go:embed daemon.yml`
			`var defaultConfigB []byte`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00
			`type ConfigTun struct {`
			Device string `yaml:"device"`
			`}`

			`type ConfigFirewall struct {`
Support configuring more than one network 2024-09-10 20:51:33 +00:00			Outbound []ConfigFirewallRule `yaml:"outbound"`
			Inbound []ConfigFirewallRule `yaml:"inbound"`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			`}`

			`type ConfigFirewallRule struct {`
			Port string `yaml:"port,omitempty"`
			Code string `yaml:"code,omitempty"`
			Proto string `yaml:"proto,omitempty"`
			Host string `yaml:"host,omitempty"`
			Group string `yaml:"group,omitempty"`
			Groups []string `yaml:"groups,omitempty"`
			CIDR string `yaml:"cidr,omitempty"`
			CASha string `yaml:"ca_sha,omitempty"`
			CAName string `yaml:"ca_name,omitempty"`
			`}`

			`// ConfigStorageAllocation describes the structure of each storage allocation`
			`// within the daemon config file.`
			`type ConfigStorageAllocation struct {`
			DataPath string `yaml:"data_path"`
			MetaPath string `yaml:"meta_path"`
			Capacity int `yaml:"capacity"`
			S3APIPort int `yaml:"s3_api_port"`
			RPCPort int `yaml:"rpc_port"`
			AdminPort int `yaml:"admin_port"`

			`// Zone is a secret option which makes it easier to test garage bugs, but`
			`// which we don't want users to otherwise know about.`
			Zone string `yaml:"zone"`
			`}`

Block for bucket list to sync across garage instances during init 2024-11-05 20:25:04 +00:00			`// Annotate implements the mctx.Annotator interface.`
			`func (csa ConfigStorageAllocation) Annotate(aa mctx.Annotations) {`
			`aa["allocDataPath"] = csa.DataPath`
			`aa["allocMetaPath"] = csa.MetaPath`
			`aa["allocCapacity"] = csa.Capacity`
			`aa["allocS3APIPort"] = csa.S3APIPort`
			`aa["allocRPCPort"] = csa.RPCPort`
			`aa["allocAdminPort"] = csa.AdminPort`
			`}`

Support configuring more than one network 2024-09-10 20:51:33 +00:00			`// NetworkConfig describes the configuration of a single network.`
			`type NetworkConfig struct {`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			`DNS struct {`
			Resolvers []string `yaml:"resolvers"`
			} `yaml:"dns"`
			`VPN struct {`
			PublicAddr string `yaml:"public_addr"`
			Firewall ConfigFirewall `yaml:"firewall"`
			Tun ConfigTun `yaml:"tun"`
			} `yaml:"vpn"`
			`Storage struct {`
Implement initial go test for network.Create 2024-10-05 21:03:26 +00:00			Allocations []ConfigStorageAllocation `yaml:"allocations"`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			} `yaml:"storage"`
			`}`

Support configuring more than one network 2024-09-10 20:51:33 +00:00			`func (c *NetworkConfig) fillDefaults() {`
			`if c.DNS.Resolvers == nil {`
			`c.DNS.Resolvers = []string{`
			`"1.1.1.1",`
			`"8.8.8.8",`
			`}`
			`}`

			`if c.VPN.Firewall.Outbound == nil {`
			`c.VPN.Firewall.Outbound = []ConfigFirewallRule{`
			`{`
			`Port: "any",`
			`Proto: "any",`
			`Host: "any",`
			`},`
			`}`
			`}`

			`if c.VPN.Firewall.Inbound == nil {`
			`c.VPN.Firewall.Inbound = []ConfigFirewallRule{`
			`{`
			`Port: "any",`
			`Proto: "icmp",`
			`Host: "any",`
			`},`
			`}`
			`}`

			`if c.VPN.Tun.Device == "" {`
			`c.VPN.Tun.Device = "isle-tun"`
			`}`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00
			`var firewallGarageInbound []ConfigFirewallRule`

			`for i := range c.Storage.Allocations {`
			`if c.Storage.Allocations[i].RPCPort == 0 {`
			`c.Storage.Allocations[i].RPCPort = 3900 + (i * 10)`
			`}`

			`if c.Storage.Allocations[i].S3APIPort == 0 {`
			`c.Storage.Allocations[i].S3APIPort = 3901 + (i * 10)`
			`}`

			`if c.Storage.Allocations[i].AdminPort == 0 {`
			`c.Storage.Allocations[i].AdminPort = 3902 + (i * 10)`
			`}`

			`alloc := c.Storage.Allocations[i]`

			`firewallGarageInbound = append(`
			`firewallGarageInbound,`
			`ConfigFirewallRule{`
			`Port: strconv.Itoa(alloc.S3APIPort),`
			`Proto: "tcp",`
			`Host: "any",`
			`},`
			`ConfigFirewallRule{`
			`Port: strconv.Itoa(alloc.RPCPort),`
			`Proto: "tcp",`
			`Host: "any",`
			`},`
			`)`
			`}`

			`c.VPN.Firewall.Inbound = append(`
			`c.VPN.Firewall.Inbound,`
			`firewallGarageInbound...,`
			`)`
			`}`

Implement initial go test for network.Create 2024-10-05 21:03:26 +00:00			`// UnmarshalYAML implements the yaml.Unmarshaler interface. It will attempt to`
			`// fill in default values where it can.`
			`func (c NetworkConfig) UnmarshalYAML(n yaml.Node) error {`
			`type wrap NetworkConfig`
			`if err := n.Decode((*wrap)(c)); err != nil {`
			`return fmt.Errorf("decoding into %T: %w", c, err)`
			`}`

			`c.fillDefaults()`
			`return nil`
			`}`

Support configuring more than one network 2024-09-10 20:51:33 +00:00			`// Config describes the structure of the daemon config file.`
			`type Config struct {`
			Networks map[string]NetworkConfig `yaml:"networks"`
			`}`

Check that two different networks aren't trying to use the same nebula port 2024-09-12 06:59:23 +00:00			`// Validate asserts that the Config has no internal inconsistencies which would`
			`// render it unusable.`
			`func (c Config) Validate() error {`
			`nebulaPorts := map[string]string{}`

			`for id, network := range c.Networks {`
			`if network.VPN.PublicAddr == "" {`
			`continue`
			`}`

			`_, port, err := net.SplitHostPort(network.VPN.PublicAddr)`
			`if err != nil {`
			`return fmt.Errorf(`
			`"invalid vpn.public_addr %q: %w", network.VPN.PublicAddr, err,`
			`)`
			`} else if otherID, ok := nebulaPorts[port]; ok {`
			`return fmt.Errorf(`
			`"two networks with the same vpn.public_addr: %q and %q",`
			`id,`
			`otherID,`
			`)`
			`}`

			`nebulaPorts[port] = id`
			`}`

			`return nil`
			`}`

Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			`// CopyDefaultConfig copies the daemon config file embedded in the AppDir into`
			`// the given io.Writer.`
Embed default daemon.yml directly in entrypoint 2024-09-24 09:22:00 +00:00			`func CopyDefaultConfig(into io.Writer) error {`
			`_, err := io.Copy(into, bytes.NewReader(defaultConfigB))`
			`return err`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			`}`

Implement initial go test for network.Create 2024-10-05 21:03:26 +00:00			`// UnmarshalYAML implements the yaml.Unmarshaler interface. It will attempt to`
			`// fill in default values where it can.`
			`func (c Config) UnmarshalYAML(n yaml.Node) error {`
Support configuring more than one network 2024-09-10 20:51:33 +00:00			`{ // DEPRECATED`
Check that two different networks aren't trying to use the same nebula port 2024-09-12 06:59:23 +00:00			`var networkConfig NetworkConfig`
Implement initial go test for network.Create 2024-10-05 21:03:26 +00:00			`_ = n.Decode(&networkConfig)`
Check that two different networks aren't trying to use the same nebula port 2024-09-12 06:59:23 +00:00			`if !toolkit.IsZero(networkConfig) {`
Implement initial go test for network.Create 2024-10-05 21:03:26 +00:00			`*c = Config{`
Support configuring more than one network 2024-09-10 20:51:33 +00:00			`Networks: map[string]NetworkConfig{`
Check that two different networks aren't trying to use the same nebula port 2024-09-12 06:59:23 +00:00			`DeprecatedNetworkID: networkConfig,`
Support configuring more than one network 2024-09-10 20:51:33 +00:00			`},`
Check that two different networks aren't trying to use the same nebula port 2024-09-12 06:59:23 +00:00			`}`
Implement initial go test for network.Create 2024-10-05 21:03:26 +00:00			`return c.Validate()`
Support configuring more than one network 2024-09-10 20:51:33 +00:00			`}`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			`}`

Implement initial go test for network.Create 2024-10-05 21:03:26 +00:00			`type wrap Config`
			`if err := n.Decode((*wrap)(c)); err != nil {`
			`return fmt.Errorf("yaml unmarshaling back into Config struct: %w", err)`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			`}`

Implement initial go test for network.Create 2024-10-05 21:03:26 +00:00			`return c.Validate()`
			`}`

			`// LoadConfig loads the daemon config from userConfigPath.`
			`//`
			`// If userConfigPath is not given then the default is loaded and returned.`
			`func LoadConfig(userConfigPath string) (Config, error) {`
			`if userConfigPath == "" {`
			`return Config{}, nil`
Support configuring more than one network 2024-09-10 20:51:33 +00:00			`}`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00
Implement initial go test for network.Create 2024-10-05 21:03:26 +00:00			`var config Config`
			`err := yamlutil.LoadYamlFile(&config, userConfigPath)`
			`return config, err`
Move common daemon types and values into daecommon 2024-09-07 13:11:04 +00:00			`}`
Factor daemon.Children into its own package 2024-09-07 13:46:59 +00:00
			`// BootstrapGarageHostForAlloc returns the bootstrap.GarageHostInstance which`
			`// corresponds with the given alloc from the daemon config. This will panic if`
			`// no associated instance can be found.`
			`func BootstrapGarageHostForAlloc(`
Implement SetConfig, but in a stupid way 2024-10-24 17:52:08 +00:00			`host bootstrap.Host, alloc ConfigStorageAllocation,`
Factor daemon.Children into its own package 2024-09-07 13:46:59 +00:00			`) bootstrap.GarageHostInstance {`
			`for _, inst := range host.Garage.Instances {`
			`if inst.RPCPort == alloc.RPCPort {`
			`return inst`
			`}`
			`}`

			`panic(fmt.Sprintf("could not find alloc %+v in the bootstrap data", alloc))`
			`}`