Fix coordination

kylecarbs · kylecarbs · commit cd88dca0079a · 2022-08-15T17:54:45.000-05:00
diff --git a/agent/conn.go b/agent/conn.go
@@ -181,5 +181,5 @@ func (c *TailnetConn) SSHClient() (*ssh.Client, error) {
 func (c *TailnetConn) DialContext(ctx context.Context, network string, addr string) (net.Conn, error) {
 	_, rawPort, _ := net.SplitHostPort(addr)
 	port, _ := strconv.Atoi(rawPort)
-	return c.Server.DialContextTCP(ctx, netip.AddrPortFrom(c.Target, uint16(port)))
+	return c.Conn.DialContextTCP(ctx, netip.AddrPortFrom(c.Target, uint16(port)))
 }
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -72,7 +72,8 @@ type Options struct {
 	TURNServer           *turnconn.Server
 	TracerProvider       *sdktrace.TracerProvider
 
-	DERPMap *tailcfg.DERPMap
+	ConnCoordinator *tailnet.Coordinator
+	DERPMap         *tailcfg.DERPMap
 }
 
 // New constructs a Coder API handler.
@@ -99,6 +100,9 @@ func New(options *Options) *API {
 	if options.PrometheusRegistry == nil {
 		options.PrometheusRegistry = prometheus.NewRegistry()
 	}
+	if options.ConnCoordinator == nil {
+		options.ConnCoordinator = tailnet.NewCoordinator()
+	}
 
 	siteCacheDir := options.CacheDir
 	if siteCacheDir != "" {
@@ -338,7 +342,7 @@ func New(options *Options) *API {
 				r.Get("/iceservers", api.workspaceAgentICEServers)
 
 				// Everything below this is Tailnet.
-				r.Get("/node", api.workspaceAgentNode)
+				r.Get("/coordinate", api.workspaceAgentClientCoordinate)
 			})
 			r.Route("/{workspaceagent}", func(r chi.Router) {
 				r.Use(
@@ -355,7 +359,7 @@ func New(options *Options) *API {
 				r.Get("/derpmap", func(w http.ResponseWriter, r *http.Request) {
 					httpapi.Write(w, http.StatusOK, options.DERPMap)
 				})
-				r.Post("/node", api.postWorkspaceAgentNode)
+				r.Get("/coordinate", api.workspaceAgentClientCoordinate)
 			})
 		})
 		r.Route("/workspaceresources/{workspaceresource}", func(r chi.Router) {
diff --git a/coderd/workspaceagents.go b/coderd/workspaceagents.go
@@ -507,10 +507,10 @@ func (api *API) dialWorkspaceAgent(r *http.Request, agentID uuid.UUID) (agent.Co
 	}, nil
 }
 
-// workspaceAgentNode accepts a WebSocket that reads node network updates.
+// workspaceAgentClientCoordinate accepts a WebSocket that reads node network updates.
 // After accept a PubSub starts listening for new connection node updates
 // which are written to the WebSocket.
-func (api *API) workspaceAgentNode(rw http.ResponseWriter, r *http.Request) {
+func (api *API) workspaceAgentClientCoordinate(rw http.ResponseWriter, r *http.Request) {
 	api.websocketWaitMutex.Lock()
 	api.websocketWaitGroup.Add(1)
 	api.websocketWaitMutex.Unlock()
diff --git a/codersdk/workspaceagents.go b/codersdk/workspaceagents.go
@@ -3,12 +3,14 @@ package codersdk
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net"
 	"net/http"
 	"net/http/cookiejar"
 	"net/netip"
+	"time"
 
 	"cloud.google.com/go/compute/metadata"
 	"github.com/google/uuid"
@@ -29,6 +31,7 @@ import (
 	"github.com/coder/coder/peerbroker/proto"
 	"github.com/coder/coder/provisionersdk"
 	"github.com/coder/coder/tailnet"
+	"github.com/coder/retry"
 )
 
 type GoogleInstanceIdentityToken struct {
@@ -51,6 +54,11 @@ type WorkspaceAgentAuthenticateResponse struct {
 	SessionToken string `json:"session_token"`
 }
 
+type WorkspaceAgentConnectionRequest struct {
+	DERPMap   tailcfg.DERPMap `json:"derp_map"`
+	IPAddress netip.Addr      `json:"ip_address"`
+}
+
 // AuthWorkspaceGoogleInstanceIdentity uses the Google Compute Engine Metadata API to
 // fetch a signed JWT, and exchange it for a session token for a workspace agent.
 //
@@ -303,7 +311,7 @@ func (c *Client) WorkspaceAgentNodeBroker(ctx context.Context) (agent.NodeBroker
 	return &workspaceAgentNodeBroker{conn}, nil
 }
 
-func (c *Client) DialWorkspaceAgentTailnet(ctx context.Context, agentID uuid.UUID, logger slog.Logger) (agent.Conn, error) {
+func (c *Client) DialWorkspaceAgentTailnet(ctx context.Context, logger slog.Logger, agentID uuid.UUID) (agent.Conn, error) {
 	res, err := c.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/workspaceagents/%s/derpmap", agentID), nil)
 	if err != nil {
 		return nil, err
@@ -319,48 +327,64 @@ func (c *Client) DialWorkspaceAgentTailnet(ctx context.Context, agentID uuid.UUI
 	}
 
 	ip := tailnet.IP()
-	server, err := tailnet.NewConn(&tailnet.Options{
+	conn, err := tailnet.NewConn(&tailnet.Options{
 		Addresses: []netip.Prefix{netip.PrefixFrom(ip, 128)},
 		DERPMap:   &derpMap,
 		Logger:    logger,
 	})
 	if err != nil {
 		return nil, xerrors.Errorf("create tailnet: %w", err)
 	}
-	server.SetNodeCallback(func(node *tailnet.Node) {
-		res, err := c.Request(ctx, http.MethodPost, fmt.Sprintf("/api/v2/workspaceagents/%s/node", agentID), node)
-		if err != nil {
-			logger.Error(ctx, "update node", slog.Error(err), slog.F("node", node))
-			return
-		}
-		defer res.Body.Close()
-		if res.StatusCode != http.StatusOK {
-			logger.Error(ctx, "update node", slog.F("status_code", res.StatusCode), slog.F("node", node))
-		}
-	})
-	workspaceAgent, err := c.WorkspaceAgent(ctx, agentID)
+
+	coordinateURL, err := c.URL.Parse("/api/v2/workspaceagents/me/coordinate")
 	if err != nil {
-		return nil, xerrors.Errorf("get workspace agent: %w", err)
-	}
-	ipRanges := make([]netip.Prefix, 0, len(workspaceAgent.IPAddresses))
-	for _, address := range workspaceAgent.IPAddresses {
-		ipRanges = append(ipRanges, netip.PrefixFrom(address, 128))
-	}
-	agentNode := &tailnet.Node{
-		Key:           workspaceAgent.NodePublicKey,
-		DiscoKey:      workspaceAgent.DiscoPublicKey,
-		PreferredDERP: workspaceAgent.PreferredDERP,
-		Addresses:     ipRanges,
-		AllowedIPs:    ipRanges,
+		return nil, xerrors.Errorf("parse url: %w", err)
 	}
-	logger.Debug(ctx, "adding agent node", slog.F("node", agentNode))
-	err = server.UpdateNodes([]*tailnet.Node{agentNode})
+	jar, err := cookiejar.New(nil)
 	if err != nil {
-		return nil, xerrors.Errorf("update nodes: %w", err)
+		return nil, xerrors.Errorf("create cookie jar: %w", err)
+	}
+	jar.SetCookies(coordinateURL, []*http.Cookie{{
+		Name:  SessionTokenKey,
+		Value: c.SessionToken,
+	}})
+	httpClient := &http.Client{
+		Jar: jar,
 	}
+	go func() {
+		for retrier := retry.New(50*time.Millisecond, 10*time.Second); retrier.Wait(ctx); {
+			logger.Debug(ctx, "connecting")
+			ws, res, err := websocket.Dial(ctx, coordinateURL.String(), &websocket.DialOptions{
+				HTTPClient: httpClient,
+				// Need to disable compression to avoid a data-race.
+				CompressionMode: websocket.CompressionDisabled,
+			})
+			if errors.Is(err, context.Canceled) {
+				return
+			}
+			if err != nil {
+				logger.Debug(ctx, "failed to dial", slog.Error(err))
+				continue
+			}
+			_ = res.Body.Close()
+			sendNode, errChan := tailnet.ServeCoordinator(ctx, ws, func(node []*tailnet.Node) error {
+				return conn.UpdateNodes(node)
+			})
+			conn.SetNodeCallback(sendNode)
+			logger.Debug(ctx, "serving coordinator")
+			err = <-errChan
+			if errors.Is(err, context.Canceled) {
+				return
+			}
+			if err != nil {
+				logger.Debug(ctx, "error serving coordinator", slog.Error(err))
+				continue
+			}
+		}
+	}()
 	return &agent.TailnetConn{
 		Target: workspaceAgent.IPAddresses[0],
-		Server: server,
+		Conn:   conn,
 	}, nil
 }
 
diff --git a/codersdk/workspaceresources.go b/codersdk/workspaceresources.go
@@ -5,11 +5,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
-	"net/netip"
 	"time"
 
 	"github.com/google/uuid"
-	"tailscale.com/types/key"
 )
 
 type WorkspaceAgentStatus string
@@ -54,11 +52,6 @@ type WorkspaceAgent struct {
 	StartupScript        string               `json:"startup_script,omitempty"`
 	Directory            string               `json:"directory,omitempty"`
 	Apps                 []WorkspaceApp       `json:"apps"`
-
-	// For internal routing only.
-	IPAddresses    []netip.Addr    `json:"ip_addresses"`
-	NodePublicKey  key.NodePublic  `json:"node_public_key"`
-	DiscoPublicKey key.DiscoPublic `json:"disco_public_key"`
 	// PreferredDERP represents the connected region.
 	PreferredDERP int `json:"preferred_derp"`
 	// Maps DERP region to MS latency.
diff --git a/site/site.go b/site/site.go
@@ -346,7 +346,7 @@ func secureHeaders(next http.Handler) http.Handler {
 	return secure.New(secure.Options{
 		PermissionsPolicy: permissions,
 
-		// Prevent the browser from sending Referer header with requests
+		// Prevent the browser from sending Referrer header with requests
 		ReferrerPolicy: "no-referrer",
 	}).Handler(cspHeaders(next))
 }
diff --git a/tailnet/coordinator.go b/tailnet/coordinator.go
@@ -12,7 +12,7 @@ import (
 )
 
 // ServeCoordinator matches the RW structure of a coordinator to exchange node messages.
-func ServeCoordinator(ctx context.Context, socket *websocket.Conn, updateNodes func(node []*Node)) (func(node *Node), <-chan error) {
+func ServeCoordinator(ctx context.Context, socket *websocket.Conn, updateNodes func(node []*Node) error) (func(node *Node), <-chan error) {
 	errChan := make(chan error, 1)
 	go func() {
 		for {
@@ -22,12 +22,19 @@ func ServeCoordinator(ctx context.Context, socket *websocket.Conn, updateNodes f
 				errChan <- xerrors.Errorf("read: %w", err)
 				return
 			}
-			updateNodes(nodes)
+			err = updateNodes(nodes)
+			if err != nil {
+				errChan <- xerrors.Errorf("update nodes: %w", err)
+			}
 		}
 	}()
 
 	return func(node *Node) {
 		err := wsjson.Write(ctx, socket, node)
+		if errors.Is(err, context.Canceled) || errors.As(err, &websocket.CloseError{}) {
+			errChan <- nil
+			return
+		}
 		if err != nil {
 			errChan <- xerrors.Errorf("write: %w", err)
 		}
diff --git a/tailnet/coordinator_test.go b/tailnet/coordinator_test.go
@@ -23,7 +23,9 @@ func TestCoordinator(t *testing.T) {
 		t.Parallel()
 		coordinator := tailnet.NewCoordinator()
 		client, server := pipeWS(t)
-		sendNode, errChan := tailnet.ServeCoordinator(context.Background(), client, func(node []*tailnet.Node) {})
+		sendNode, errChan := tailnet.ServeCoordinator(context.Background(), client, func(node []*tailnet.Node) error {
+			return nil
+		})
 		id := uuid.New()
 		closeChan := make(chan struct{})
 		go func() {
@@ -45,7 +47,9 @@ func TestCoordinator(t *testing.T) {
 		t.Parallel()
 		coordinator := tailnet.NewCoordinator()
 		client, server := pipeWS(t)
-		sendNode, errChan := tailnet.ServeCoordinator(context.Background(), client, func(node []*tailnet.Node) {})
+		sendNode, errChan := tailnet.ServeCoordinator(context.Background(), client, func(node []*tailnet.Node) error {
+			return nil
+		})
 		id := uuid.New()
 		closeChan := make(chan struct{})
 		go func() {
@@ -70,8 +74,9 @@ func TestCoordinator(t *testing.T) {
 		agentWS, agentServerWS := pipeWS(t)
 		defer agentWS.Close(websocket.StatusNormalClosure, "")
 		agentNodeChan := make(chan []*tailnet.Node)
-		sendAgentNode, agentErrChan := tailnet.ServeCoordinator(context.Background(), agentWS, func(nodes []*tailnet.Node) {
+		sendAgentNode, agentErrChan := tailnet.ServeCoordinator(context.Background(), agentWS, func(nodes []*tailnet.Node) error {
 			agentNodeChan <- nodes
+			return nil
 		})
 		agentID := uuid.New()
 		closeAgentChan := make(chan struct{})
@@ -89,8 +94,9 @@ func TestCoordinator(t *testing.T) {
 		defer clientWS.Close(websocket.StatusNormalClosure, "")
 		defer clientServerWS.Close(websocket.StatusNormalClosure, "")
 		clientNodeChan := make(chan []*tailnet.Node)
-		sendClientNode, clientErrChan := tailnet.ServeCoordinator(context.Background(), clientWS, func(nodes []*tailnet.Node) {
+		sendClientNode, clientErrChan := tailnet.ServeCoordinator(context.Background(), clientWS, func(nodes []*tailnet.Node) error {
 			clientNodeChan <- nodes
+			return nil
 		})
 		clientID := uuid.New()
 		closeClientChan := make(chan struct{})
@@ -120,8 +126,9 @@ func TestCoordinator(t *testing.T) {
 		agentWS, agentServerWS = pipeWS(t)
 		defer agentWS.Close(websocket.StatusNormalClosure, "")
 		agentNodeChan = make(chan []*tailnet.Node)
-		_, agentErrChan = tailnet.ServeCoordinator(context.Background(), agentWS, func(nodes []*tailnet.Node) {
+		_, agentErrChan = tailnet.ServeCoordinator(context.Background(), agentWS, func(nodes []*tailnet.Node) error {
 			agentNodeChan <- nodes
+			return nil
 		})
 		closeAgentChan = make(chan struct{})
 		go func() {

Original file line number	Diff line number	Diff line change
`@@ -181,5 +181,5 @@ func (c TailnetConn) SSHClient() (ssh.Client, error) {`
`181`	`181`	`func (c *TailnetConn) DialContext(ctx context.Context, network string, addr string) (net.Conn, error) {`
`182`	`182`	`_, rawPort, _ := net.SplitHostPort(addr)`
`183`	`183`	`port, _ := strconv.Atoi(rawPort)`
`184`		`- return c.Server.DialContextTCP(ctx, netip.AddrPortFrom(c.Target, uint16(port)))`
	`184`	`+ return c.Conn.DialContextTCP(ctx, netip.AddrPortFrom(c.Target, uint16(port)))`
`185`	`185`	`}`
Original file line number	Diff line number	Diff line change
`@@ -346,7 +346,7 @@ func secureHeaders(next http.Handler) http.Handler {`
`346`	`346`	`return secure.New(secure.Options{`
`347`	`347`	`PermissionsPolicy: permissions,`
`348`	`348`
`349`		`- // Prevent the browser from sending Referer header with requests`
	`349`	`+ // Prevent the browser from sending Referrer header with requests`
`350`	`350`	`ReferrerPolicy: "no-referrer",`
`351`	`351`	`}).Handler(cspHeaders(next))`
`352`	`352`	`}`