ipn/{conffile,ipnlocal}: start booting tailscaled from a config file w/ auth key
Updates #1412 Change-Id: Icd880035a31df59797b8379f4af19da5c4c453e2 Co-authored-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
committed by
Brad Fitzpatrick
Brad Fitzpatrick
parent
6ca8650c7b
commit
1fc3573446
+8
-5
@@ -13,10 +13,11 @@ import (
|
||||
|
||||
// ConfigVAlpha is the config file format for the "alpha0" version.
|
||||
type ConfigVAlpha struct {
|
||||
Locked opt.Bool `json:",omitempty"` // whether the config is locked from being changed by 'tailscale set'; it defaults to true
|
||||
Version string // "alpha0" for now
|
||||
Locked opt.Bool `json:",omitempty"` // whether the config is locked from being changed by 'tailscale set'; it defaults to true
|
||||
|
||||
ServerURL *string `json:",omitempty"` // defaults to https://controlplane.tailscale.com
|
||||
AuthKey *string `json:",omitempty"` // as needed if NeedsLogin. either key or path to a file (if it contains a slash)
|
||||
AuthKey *string `json:",omitempty"` // as needed if NeedsLogin. either key or path to a file (if prefixed with "file:")
|
||||
Enabled opt.Bool `json:",omitempty"` // wantRunning; empty string defaults to true
|
||||
|
||||
OperatorUser *string `json:",omitempty"` // local user name who is allowed to operate tailscaled without being root or using sudo
|
||||
@@ -48,13 +49,15 @@ func (c *ConfigVAlpha) ToPrefs() (MaskedPrefs, error) {
|
||||
if c == nil {
|
||||
return mp, nil
|
||||
}
|
||||
mp.WantRunning = !c.Enabled.EqualBool(false)
|
||||
mp.WantRunningSet = mp.WantRunning || c.Enabled != ""
|
||||
if c.ServerURL != nil {
|
||||
mp.ControlURL = *c.ServerURL
|
||||
mp.ControlURLSet = true
|
||||
}
|
||||
if c.Enabled != "" {
|
||||
mp.WantRunning = c.Enabled.EqualBool(true)
|
||||
mp.WantRunningSet = true
|
||||
if c.AuthKey != nil && *c.AuthKey != "" {
|
||||
mp.LoggedOut = false
|
||||
mp.LoggedOutSet = true
|
||||
}
|
||||
if c.OperatorUser != nil {
|
||||
mp.OperatorUser = *c.OperatorUser
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
package conffile
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"os"
|
||||
@@ -14,7 +15,7 @@ import (
|
||||
"tailscale.com/ipn"
|
||||
)
|
||||
|
||||
// Config describes a config file
|
||||
// Config describes a config file.
|
||||
type Config struct {
|
||||
Path string // disk path of HuJSON
|
||||
Raw []byte // raw bytes from disk, in HuJSON form
|
||||
@@ -29,6 +30,11 @@ type Config struct {
|
||||
Parsed ipn.ConfigVAlpha
|
||||
}
|
||||
|
||||
// WantRunning reports whether c is non-nil and it's configured to be running.
|
||||
func (c *Config) WantRunning() bool {
|
||||
return c != nil && !c.Parsed.Enabled.EqualBool(false)
|
||||
}
|
||||
|
||||
// Load reads and parses the config file at the provided path on disk.
|
||||
func Load(path string) (*Config, error) {
|
||||
var c Config
|
||||
@@ -58,9 +64,14 @@ func Load(path string) (*Config, error) {
|
||||
}
|
||||
c.Version = ver.Version
|
||||
|
||||
err = json.Unmarshal(c.Std, &c.Parsed)
|
||||
jd := json.NewDecoder(bytes.NewReader(c.Std))
|
||||
jd.DisallowUnknownFields()
|
||||
err = jd.Decode(&c.Parsed)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error parsing config file %s: %w", path, err)
|
||||
}
|
||||
if jd.More() {
|
||||
return nil, fmt.Errorf("error parsing config file %s: trailing data after JSON object", path)
|
||||
}
|
||||
return &c, nil
|
||||
}
|
||||
|
||||
+45
-3
@@ -322,8 +322,18 @@ func NewLocalBackend(logf logger.Logf, logID logid.PublicID, sys *tsd.System, lo
|
||||
sds.SetDialer(dialer.SystemDial)
|
||||
}
|
||||
|
||||
hi := hostinfo.New()
|
||||
logf.JSON(1, "Hostinfo", hi)
|
||||
if sys.InitialConfig != nil {
|
||||
p := pm.CurrentPrefs().AsStruct()
|
||||
mp, err := sys.InitialConfig.Parsed.ToPrefs()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
p.ApplyEdits(&mp)
|
||||
if err := pm.SetPrefs(p.View(), ""); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
envknob.LogCurrent(logf)
|
||||
if dialer == nil {
|
||||
dialer = &tsdial.Dialer{Logf: logf}
|
||||
@@ -1473,6 +1483,17 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
|
||||
}
|
||||
}
|
||||
profileID := b.pm.CurrentProfile().ID
|
||||
if b.state != ipn.Running && b.conf != nil && b.conf.Parsed.AuthKey != nil && opts.AuthKey == "" {
|
||||
v := *b.conf.Parsed.AuthKey
|
||||
if filename, ok := strings.CutPrefix(v, "file:"); ok {
|
||||
b, err := os.ReadFile(filename)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error reading config file authKey: %w", err)
|
||||
}
|
||||
v = strings.TrimSpace(string(b))
|
||||
}
|
||||
opts.AuthKey = v
|
||||
}
|
||||
|
||||
// The iOS client sends a "Start" whenever its UI screen comes
|
||||
// up, just because it wants a netmap. That should be fixed,
|
||||
@@ -1495,10 +1516,12 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
|
||||
}
|
||||
|
||||
hostinfo := hostinfo.New()
|
||||
applyConfigToHostinfo(hostinfo, b.conf)
|
||||
hostinfo.BackendLogID = b.backendLogID.String()
|
||||
hostinfo.FrontendLogID = opts.FrontendLogID
|
||||
hostinfo.Userspace.Set(b.sys.IsNetstack())
|
||||
hostinfo.UserspaceRouter.Set(b.sys.IsNetstackRouter())
|
||||
b.logf.JSON(1, "Hostinfo", hostinfo)
|
||||
|
||||
// TODO(apenwarr): avoid the need to reinit controlclient.
|
||||
// This will trigger a full relogin/reconfigure cycle every
|
||||
@@ -1648,6 +1671,7 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
|
||||
}
|
||||
tkaHead = string(head)
|
||||
}
|
||||
confWantRunning := b.conf != nil && wantRunning
|
||||
b.mu.Unlock()
|
||||
|
||||
if endpoints != nil {
|
||||
@@ -1662,7 +1686,7 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
|
||||
b.send(ipn.Notify{BackendLogID: &blid})
|
||||
b.send(ipn.Notify{Prefs: &prefs})
|
||||
|
||||
if !loggedOut && b.hasNodeKey() {
|
||||
if !loggedOut && (b.hasNodeKey() || confWantRunning) {
|
||||
// Even if !WantRunning, we should verify our key, if there
|
||||
// is one. If you want tailscaled to be completely idle,
|
||||
// use logout instead.
|
||||
@@ -2013,9 +2037,12 @@ func (b *LocalBackend) readPoller() {
|
||||
// ResendHostinfoIfNeeded is called to recompute the Hostinfo and send
|
||||
// the new version to the control server.
|
||||
func (b *LocalBackend) ResendHostinfoIfNeeded() {
|
||||
// TODO(maisem,bradfitz): this is all wrong. hostinfo has been modified
|
||||
// a dozen ways elsewhere that this omits. This method should be rethought.
|
||||
hi := hostinfo.New()
|
||||
|
||||
b.mu.Lock()
|
||||
applyConfigToHostinfo(hi, b.conf)
|
||||
if b.hostinfo != nil {
|
||||
hi.Services = b.hostinfo.Services
|
||||
}
|
||||
@@ -2025,6 +2052,15 @@ func (b *LocalBackend) ResendHostinfoIfNeeded() {
|
||||
b.doSetHostinfoFilterServices(hi)
|
||||
}
|
||||
|
||||
func applyConfigToHostinfo(hi *tailcfg.Hostinfo, c *conffile.Config) {
|
||||
if c == nil {
|
||||
return
|
||||
}
|
||||
if c.Parsed.Hostname != nil {
|
||||
hi.Hostname = *c.Parsed.Hostname
|
||||
}
|
||||
}
|
||||
|
||||
// WatchNotifications subscribes to the ipn.Notify message bus notification
|
||||
// messages.
|
||||
//
|
||||
@@ -2732,6 +2768,12 @@ func (b *LocalBackend) CheckPrefs(p *ipn.Prefs) error {
|
||||
}
|
||||
|
||||
func (b *LocalBackend) checkPrefsLocked(p *ipn.Prefs) error {
|
||||
if b.conf != nil && !b.conf.Parsed.Locked.EqualBool(false) {
|
||||
// TODO(bradfitz,maisem): make this more fine-grained, permit changing
|
||||
// some things if they're not explicitly set in the config. But for now
|
||||
// (2023-10-16), just blanket disable everything.
|
||||
return errors.New("can't reconfigure tailscaled when using a config file; config file is locked")
|
||||
}
|
||||
var errs []error
|
||||
if p.Hostname == "badhostname.tailscale." {
|
||||
// Keep this one just for testing.
|
||||
|
||||
Reference in New Issue
Block a user