doctor: add ts_omit_doctor support
Updates #12614 Change-Id: I84c166c4b99ca75d70abe4087e5ff3f7d90d4bcc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
committed by
Brad Fitzpatrick
Brad Fitzpatrick
parent
87ee0f4e98
commit
832e94607e
+2
-54
@@ -43,10 +43,6 @@ import (
|
||||
"tailscale.com/clientupdate"
|
||||
"tailscale.com/control/controlclient"
|
||||
"tailscale.com/control/controlknobs"
|
||||
"tailscale.com/doctor"
|
||||
"tailscale.com/doctor/ethtool"
|
||||
"tailscale.com/doctor/permissions"
|
||||
"tailscale.com/doctor/routetable"
|
||||
"tailscale.com/drive"
|
||||
"tailscale.com/envknob"
|
||||
"tailscale.com/envknob/featureknob"
|
||||
@@ -6706,56 +6702,8 @@ func (b *LocalBackend) handleQuad100Port80Conn(w http.ResponseWriter, r *http.Re
|
||||
io.WriteString(w, "</ul>\n")
|
||||
}
|
||||
|
||||
func (b *LocalBackend) Doctor(ctx context.Context, logf logger.Logf) {
|
||||
// We can write logs too fast for logtail to handle, even when
|
||||
// opting-out of rate limits. Limit ourselves to at most one message
|
||||
// per 20ms and a burst of 60 log lines, which should be fast enough to
|
||||
// not block for too long but slow enough that we can upload all lines.
|
||||
logf = logger.SlowLoggerWithClock(ctx, logf, 20*time.Millisecond, 60, b.clock.Now)
|
||||
|
||||
var checks []doctor.Check
|
||||
checks = append(checks,
|
||||
permissions.Check{},
|
||||
routetable.Check{},
|
||||
ethtool.Check{},
|
||||
)
|
||||
|
||||
// Print a log message if any of the global DNS resolvers are Tailscale
|
||||
// IPs; this can interfere with our ability to connect to the Tailscale
|
||||
// controlplane.
|
||||
checks = append(checks, doctor.CheckFunc("dns-resolvers", func(_ context.Context, logf logger.Logf) error {
|
||||
b.mu.Lock()
|
||||
nm := b.NetMap()
|
||||
b.mu.Unlock()
|
||||
if nm == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
for i, resolver := range nm.DNS.Resolvers {
|
||||
ipp, ok := resolver.IPPort()
|
||||
if ok && tsaddr.IsTailscaleIP(ipp.Addr()) {
|
||||
logf("resolver %d is a Tailscale address: %v", i, resolver)
|
||||
}
|
||||
}
|
||||
for i, resolver := range nm.DNS.FallbackResolvers {
|
||||
ipp, ok := resolver.IPPort()
|
||||
if ok && tsaddr.IsTailscaleIP(ipp.Addr()) {
|
||||
logf("fallback resolver %d is a Tailscale address: %v", i, resolver)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}))
|
||||
|
||||
// TODO(andrew): more
|
||||
|
||||
numChecks := len(checks)
|
||||
checks = append(checks, doctor.CheckFunc("numchecks", func(_ context.Context, log logger.Logf) error {
|
||||
log("%d checks", numChecks)
|
||||
return nil
|
||||
}))
|
||||
|
||||
doctor.RunChecks(ctx, logf, checks...)
|
||||
}
|
||||
// HookDoctor is an optional hook for the "doctor" problem diagnosis feature.
|
||||
var HookDoctor feature.Hook[func(context.Context, *LocalBackend, logger.Logf)]
|
||||
|
||||
// SetDevStateStore updates the LocalBackend's state storage to the provided values.
|
||||
//
|
||||
|
||||
+3
-21
@@ -217,6 +217,7 @@ type peerAPIHandler struct {
|
||||
type PeerAPIHandler interface {
|
||||
Peer() tailcfg.NodeView
|
||||
PeerCaps() tailcfg.PeerCapMap
|
||||
CanDebug() bool // can remote node can debug this node (internal state, etc)
|
||||
Self() tailcfg.NodeView
|
||||
LocalBackend() *LocalBackend
|
||||
IsSelfUntagged() bool // whether the peer is untagged and the same as this user
|
||||
@@ -380,9 +381,6 @@ func (h *peerAPIHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
case "/v0/interfaces":
|
||||
h.handleServeInterfaces(w, r)
|
||||
return
|
||||
case "/v0/doctor":
|
||||
h.handleServeDoctor(w, r)
|
||||
return
|
||||
case "/v0/sockstats":
|
||||
h.handleServeSockStats(w, r)
|
||||
return
|
||||
@@ -455,24 +453,6 @@ func (h *peerAPIHandler) handleServeInterfaces(w http.ResponseWriter, r *http.Re
|
||||
fmt.Fprintln(w, "</table>")
|
||||
}
|
||||
|
||||
func (h *peerAPIHandler) handleServeDoctor(w http.ResponseWriter, r *http.Request) {
|
||||
if !h.canDebug() {
|
||||
http.Error(w, "denied; no debug access", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
fmt.Fprintln(w, "<h1>Doctor Output</h1>")
|
||||
|
||||
fmt.Fprintln(w, "<pre>")
|
||||
|
||||
h.ps.b.Doctor(r.Context(), func(format string, args ...any) {
|
||||
line := fmt.Sprintf(format, args...)
|
||||
fmt.Fprintln(w, html.EscapeString(line))
|
||||
})
|
||||
|
||||
fmt.Fprintln(w, "</pre>")
|
||||
}
|
||||
|
||||
func (h *peerAPIHandler) handleServeSockStats(w http.ResponseWriter, r *http.Request) {
|
||||
if !h.canDebug() {
|
||||
http.Error(w, "denied; no debug access", http.StatusForbidden)
|
||||
@@ -571,6 +551,8 @@ func (h *peerAPIHandler) handleServeSockStats(w http.ResponseWriter, r *http.Req
|
||||
fmt.Fprintln(w, "</pre>")
|
||||
}
|
||||
|
||||
func (h *peerAPIHandler) CanDebug() bool { return h.canDebug() }
|
||||
|
||||
// canDebug reports whether h can debug this node (goroutines, metrics,
|
||||
// magicsock internal state, etc).
|
||||
func (h *peerAPIHandler) canDebug() bool {
|
||||
|
||||
@@ -402,7 +402,9 @@ func (h *Handler) serveBugReport(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
if defBool(r.URL.Query().Get("diagnose"), false) {
|
||||
h.b.Doctor(r.Context(), logger.WithPrefix(h.logf, "diag: "))
|
||||
if f, ok := ipnlocal.HookDoctor.GetOk(); ok {
|
||||
f(r.Context(), h.b, logger.WithPrefix(h.logf, "diag: "))
|
||||
}
|
||||
}
|
||||
w.Header().Set("Content-Type", "text/plain")
|
||||
fmt.Fprintln(w, startMarker)
|
||||
|
||||
Reference in New Issue
Block a user