Add flag to disable P2P connections

kylecarbs · kylecarbs · commit 9a50ac496ef1 · 2022-10-14T15:37:38.000Z
diff --git a/cli/agent_test.go b/cli/agent_test.go
@@ -7,8 +7,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"cdr.dev/slog"
-
 	"github.com/coder/coder/cli/clitest"
 	"github.com/coder/coder/coderd/coderdtest"
 	"github.com/coder/coder/provisioner/echo"
@@ -67,7 +65,7 @@ func TestWorkspaceAgent(t *testing.T) {
 		if assert.NotEmpty(t, workspace.LatestBuild.Resources) && assert.NotEmpty(t, resources[0].Agents) {
 			assert.NotEmpty(t, resources[0].Agents[0].Version)
 		}
-		dialer, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, resources[0].Agents[0].ID)
+		dialer, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, nil)
 		require.NoError(t, err)
 		defer dialer.Close()
 		require.Eventually(t, func() bool {
@@ -128,7 +126,7 @@ func TestWorkspaceAgent(t *testing.T) {
 		if assert.NotEmpty(t, resources) && assert.NotEmpty(t, resources[0].Agents) {
 			assert.NotEmpty(t, resources[0].Agents[0].Version)
 		}
-		dialer, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, resources[0].Agents[0].ID)
+		dialer, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, nil)
 		require.NoError(t, err)
 		defer dialer.Close()
 		require.Eventually(t, func() bool {
@@ -189,7 +187,7 @@ func TestWorkspaceAgent(t *testing.T) {
 		if assert.NotEmpty(t, resources) && assert.NotEmpty(t, resources[0].Agents) {
 			assert.NotEmpty(t, resources[0].Agents[0].Version)
 		}
-		dialer, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, resources[0].Agents[0].ID)
+		dialer, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, nil)
 		require.NoError(t, err)
 		defer dialer.Close()
 		require.Eventually(t, func() bool {
diff --git a/cli/configssh_test.go b/cli/configssh_test.go
@@ -19,7 +19,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"cdr.dev/slog"
 	"cdr.dev/slog/sloggers/slogtest"
 
 	"github.com/coder/coder/agent"
@@ -115,7 +114,7 @@ func TestConfigSSH(t *testing.T) {
 		_ = agentCloser.Close()
 	}()
 	resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID)
-	agentConn, err := client.DialWorkspaceAgentTailnet(context.Background(), slog.Logger{}, resources[0].Agents[0].ID)
+	agentConn, err := client.DialWorkspaceAgent(context.Background(), resources[0].Agents[0].ID, nil)
 	require.NoError(t, err)
 	defer agentConn.Close()
 
diff --git a/cli/portforward.go b/cli/portforward.go
@@ -16,7 +16,6 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/xerrors"
 
-	"cdr.dev/slog"
 	"github.com/coder/coder/agent"
 	"github.com/coder/coder/cli/cliflag"
 	"github.com/coder/coder/cli/cliui"
@@ -96,7 +95,7 @@ func portForward() *cobra.Command {
 				return xerrors.Errorf("await agent: %w", err)
 			}
 
-			conn, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, workspaceAgent.ID)
+			conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, nil)
 			if err != nil {
 				return err
 			}
diff --git a/cli/speedtest.go b/cli/speedtest.go
@@ -55,7 +55,9 @@ func speedtest() *cobra.Command {
 			if cliflag.IsSetBool(cmd, varVerbose) {
 				logger = logger.Leveled(slog.LevelDebug)
 			}
-			conn, err := client.DialWorkspaceAgentTailnet(ctx, logger, workspaceAgent.ID)
+			conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, &codersdk.DialWorkspaceAgentOptions{
+				Logger: logger,
+			})
 			if err != nil {
 				return err
 			}
diff --git a/cli/ssh.go b/cli/ssh.go
@@ -20,8 +20,6 @@ import (
 	"golang.org/x/term"
 	"golang.org/x/xerrors"
 
-	"cdr.dev/slog"
-
 	"github.com/coder/coder/cli/cliflag"
 	"github.com/coder/coder/cli/cliui"
 	"github.com/coder/coder/coderd/autobuild/notify"
@@ -86,7 +84,7 @@ func ssh() *cobra.Command {
 				return xerrors.Errorf("await agent: %w", err)
 			}
 
-			conn, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, workspaceAgent.ID)
+			conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, nil)
 			if err != nil {
 				return err
 			}
diff --git a/coderd/activitybump_test.go b/coderd/activitybump_test.go
@@ -74,7 +74,9 @@ func TestWorkspaceActivityBump(t *testing.T) {
 		client, workspace, assertBumped := setupActivityTest(t)
 
 		resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID)
-		conn, err := client.DialWorkspaceAgentTailnet(ctx, slogtest.Make(t, nil), resources[0].Agents[0].ID)
+		conn, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, &codersdk.DialWorkspaceAgentOptions{
+			Logger: slogtest.Make(t, nil),
+		})
 		require.NoError(t, err)
 		defer conn.Close()
 
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -123,7 +123,7 @@ func New(options *Options) *API {
 		options.TailnetCoordinator = tailnet.NewCoordinator()
 	}
 	if options.DERPServer == nil {
-		options.DERPServer = derp.NewServer(key.NewNode(), tailnet.Logger(options.Logger))
+		options.DERPServer = derp.NewServer(key.NewNode(), tailnet.Logger(options.Logger.Named("derp").Leveled(slog.LevelDebug)))
 		options.DERPServer.SetMeshKey("todo-kyle-change-this")
 	}
 	if options.Auditor == nil {
diff --git a/coderd/templates_test.go b/coderd/templates_test.go
@@ -626,7 +626,9 @@ func TestTemplateDAUs(t *testing.T) {
 	require.NoError(t, err)
 	assert.Zero(t, workspaces[0].LastUsedAt)
 
-	conn, err := client.DialWorkspaceAgentTailnet(ctx, slogtest.Make(t, nil).Named("tailnet"), resources[0].Agents[0].ID)
+	conn, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, &codersdk.DialWorkspaceAgentOptions{
+		Logger: slogtest.Make(t, nil).Named("tailnet"),
+	})
 	require.NoError(t, err)
 	defer func() {
 		_ = conn.Close()
diff --git a/coderd/workspaceagents_test.go b/coderd/workspaceagents_test.go
@@ -123,7 +123,7 @@ func TestWorkspaceAgentListen(t *testing.T) {
 		defer cancel()
 
 		resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID)
-		conn, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, resources[0].Agents[0].ID)
+		conn, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, nil)
 		require.NoError(t, err)
 		defer func() {
 			_ = conn.Close()
@@ -253,7 +253,9 @@ func TestWorkspaceAgentTailnet(t *testing.T) {
 
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	defer cancelFunc()
-	conn, err := client.DialWorkspaceAgentTailnet(ctx, slogtest.Make(t, nil).Named("client").Leveled(slog.LevelDebug), resources[0].Agents[0].ID)
+	conn, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, &codersdk.DialWorkspaceAgentOptions{
+		Logger: slogtest.Make(t, nil).Named("client").Leveled(slog.LevelDebug),
+	})
 	require.NoError(t, err)
 	defer conn.Close()
 	sshClient, err := conn.SSHClient()
diff --git a/codersdk/workspaceagents.go b/codersdk/workspaceagents.go
@@ -331,7 +331,13 @@ func (c *Client) ListenWorkspaceAgentTailnet(ctx context.Context) (net.Conn, err
 	return websocket.NetConn(ctx, conn, websocket.MessageBinary), nil
 }
 
-func (c *Client) DialWorkspaceAgentTailnet(ctx context.Context, logger slog.Logger, agentID uuid.UUID) (*AgentConn, error) {
+type DialWorkspaceAgentOptions struct {
+	Logger slog.Logger
+	// BlockEndpoints forced a direct connection through DERP.
+	BlockEndpoints bool
+}
+
+func (c *Client) DialWorkspaceAgent(ctx context.Context, agentID uuid.UUID, options *DialWorkspaceAgentOptions) (*AgentConn, error) {
 	res, err := c.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/workspaceagents/%s/connection", agentID), nil)
 	if err != nil {
 		return nil, err
@@ -348,9 +354,10 @@ func (c *Client) DialWorkspaceAgentTailnet(ctx context.Context, logger slog.Logg
 
 	ip := tailnet.IP()
 	conn, err := tailnet.NewConn(&tailnet.Options{
-		Addresses: []netip.Prefix{netip.PrefixFrom(ip, 128)},
-		DERPMap:   connInfo.DERPMap,
-		Logger:    logger,
+		Addresses:      []netip.Prefix{netip.PrefixFrom(ip, 128)},
+		DERPMap:        connInfo.DERPMap,
+		Logger:         options.Logger,
+		BlockEndpoints: options.BlockEndpoints,
 	})
 	if err != nil {
 		return nil, xerrors.Errorf("create tailnet: %w", err)
@@ -378,7 +385,7 @@ func (c *Client) DialWorkspaceAgentTailnet(ctx context.Context, logger slog.Logg
 		defer close(closed)
 		isFirst := true
 		for retrier := retry.New(50*time.Millisecond, 10*time.Second); retrier.Wait(ctx); {
-			logger.Debug(ctx, "connecting")
+			options.Logger.Debug(ctx, "connecting")
 			// nolint:bodyclose
 			ws, res, err := websocket.Dial(ctx, coordinateURL.String(), &websocket.DialOptions{
 				HTTPClient: httpClient,
@@ -397,21 +404,21 @@ func (c *Client) DialWorkspaceAgentTailnet(ctx context.Context, logger slog.Logg
 				if errors.Is(err, context.Canceled) {
 					return
 				}
-				logger.Debug(ctx, "failed to dial", slog.Error(err))
+				options.Logger.Debug(ctx, "failed to dial", slog.Error(err))
 				continue
 			}
 			sendNode, errChan := tailnet.ServeCoordinator(websocket.NetConn(ctx, ws, websocket.MessageBinary), func(node []*tailnet.Node) error {
 				return conn.UpdateNodes(node)
 			})
 			conn.SetNodeCallback(sendNode)
-			logger.Debug(ctx, "serving coordinator")
+			options.Logger.Debug(ctx, "serving coordinator")
 			err = <-errChan
 			if errors.Is(err, context.Canceled) {
 				_ = ws.Close(websocket.StatusGoingAway, "")
 				return
 			}
 			if err != nil {
-				logger.Debug(ctx, "error serving coordinator", slog.Error(err))
+				options.Logger.Debug(ctx, "error serving coordinator", slog.Error(err))
 				_ = ws.Close(websocket.StatusGoingAway, "")
 				continue
 			}
diff --git a/enterprise/coderd/coderd.go b/enterprise/coderd/coderd.go
@@ -3,6 +3,7 @@ package coderd
 import (
 	"context"
 	"crypto/ed25519"
+	"fmt"
 	"net/http"
 	"sync"
 	"time"
@@ -126,7 +127,7 @@ func New(ctx context.Context, options *Options) (*API, error) {
 	if err != nil {
 		return nil, xerrors.Errorf("initialize replica: %w", err)
 	}
-	api.derpMesh = derpmesh.New(options.Logger, api.DERPServer)
+	api.derpMesh = derpmesh.New(options.Logger.Named("derpmesh"), api.DERPServer)
 
 	err = api.updateEntitlements(ctx)
 	if err != nil {
@@ -246,6 +247,7 @@ func (api *API) updateEntitlements(ctx context.Context) error {
 				coordinator = haCoordinator
 			}
 
+			fmt.Printf("HA enabled\n")
 			api.replicaManager.SetCallback(func() {
 				addresses := make([]string, 0)
 				for _, replica := range api.replicaManager.Regional() {
diff --git a/enterprise/coderd/replicas_test.go b/enterprise/coderd/replicas_test.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/coder/coder/coderd/coderdtest"
 	"github.com/coder/coder/coderd/database/dbtestutil"
+	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/enterprise/coderd/coderdenttest"
 	"github.com/coder/coder/testutil"
 )
@@ -61,14 +62,16 @@ func TestReplicas(t *testing.T) {
 			},
 		})
 		secondClient.SessionToken = firstClient.SessionToken
-
 		agentID := setupWorkspaceAgent(t, firstClient, firstUser)
-		conn, err := secondClient.DialWorkspaceAgentTailnet(context.Background(), slogtest.Make(t, nil).Leveled(slog.LevelDebug), agentID)
+		conn, err := secondClient.DialWorkspaceAgent(context.Background(), agentID, &codersdk.DialWorkspaceAgentOptions{
+			BlockEndpoints: true,
+			Logger:         slogtest.Make(t, nil).Leveled(slog.LevelDebug),
+		})
 		require.NoError(t, err)
 		require.Eventually(t, func() bool {
 			_, err = conn.Ping()
 			return err == nil
-		}, testutil.WaitShort, testutil.IntervalFast)
+		}, testutil.WaitLong, testutil.IntervalFast)
 		_ = conn.Close()
 	})
 }
diff --git a/enterprise/coderd/workspaceagents_test.go b/enterprise/coderd/workspaceagents_test.go
@@ -8,7 +8,6 @@ import (
 	"github.com/google/uuid"
 	"github.com/stretchr/testify/require"
 
-	"cdr.dev/slog"
 	"cdr.dev/slog/sloggers/slogtest"
 	"github.com/coder/coder/agent"
 	"github.com/coder/coder/coderd/coderdtest"
@@ -33,7 +32,7 @@ func TestBlockNonBrowser(t *testing.T) {
 			BrowserOnly: true,
 		})
 		id := setupWorkspaceAgent(t, client, user)
-		_, err := client.DialWorkspaceAgentTailnet(context.Background(), slog.Logger{}, id)
+		_, err := client.DialWorkspaceAgent(context.Background(), id, nil)
 		var apiErr *codersdk.Error
 		require.ErrorAs(t, err, &apiErr)
 		require.Equal(t, http.StatusConflict, apiErr.StatusCode())
@@ -50,7 +49,7 @@ func TestBlockNonBrowser(t *testing.T) {
 			BrowserOnly: false,
 		})
 		id := setupWorkspaceAgent(t, client, user)
-		conn, err := client.DialWorkspaceAgentTailnet(context.Background(), slog.Logger{}, id)
+		conn, err := client.DialWorkspaceAgent(context.Background(), id, nil)
 		require.NoError(t, err)
 		_ = conn.Close()
 	})
diff --git a/enterprise/derpmesh/derpmesh.go b/enterprise/derpmesh/derpmesh.go
@@ -2,6 +2,7 @@ package derpmesh
 
 import (
 	"context"
+	"net"
 	"net/url"
 	"sync"
 
@@ -88,11 +89,15 @@ func (m *Mesh) addAddress(address string) (bool, error) {
 	if isActive {
 		return false, nil
 	}
-	client, err := derphttp.NewClient(m.server.PrivateKey(), address, tailnet.Logger(m.logger))
+	client, err := derphttp.NewClient(m.server.PrivateKey(), address, tailnet.Logger(m.logger.Named("client")))
 	if err != nil {
 		return false, xerrors.Errorf("create derp client: %w", err)
 	}
 	client.MeshKey = m.server.MeshKey()
+	client.SetURLDialer(func(ctx context.Context, network, addr string) (net.Conn, error) {
+		var dialer net.Dialer
+		return dialer.DialContext(ctx, network, addr)
+	})
 	ctx, cancelFunc := context.WithCancel(m.ctx)
 	closed := make(chan struct{})
 	closeFunc := func() {
@@ -103,7 +108,7 @@ func (m *Mesh) addAddress(address string) (bool, error) {
 	m.active[address] = closeFunc
 	go func() {
 		defer close(closed)
-		client.RunWatchConnectionLoop(ctx, m.server.PublicKey(), tailnet.Logger(m.logger), func(np key.NodePublic) {
+		client.RunWatchConnectionLoop(ctx, m.server.PublicKey(), tailnet.Logger(m.logger.Named("loop")), func(np key.NodePublic) {
 			m.server.AddPacketForwarder(np, client)
 		}, func(np key.NodePublic) {
 			m.server.RemovePacketForwarder(np, client)
diff --git a/tailnet/conn.go b/tailnet/conn.go
@@ -344,6 +344,9 @@ func (c *Conn) UpdateNodes(nodes []*Node) error {
 			// reason. TODO: @kylecarbs debug this!
 			KeepAlive: ok && peerStatus.Active,
 		}
+		if c.blockEndpoints {
+			peerNode.Endpoints = nil
+		}
 		c.peerMap[node.ID] = peerNode
 	}
 	c.netMap.Peers = make([]*tailcfg.Node, 0, len(c.peerMap))

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,6 @@ import (`
`16`	`16`	`"github.com/spf13/cobra"`
`17`	`17`	`"golang.org/x/xerrors"`
`18`	`18`
`19`		`- "cdr.dev/slog"`
`20`	`19`	`"github.com/coder/coder/agent"`
`21`	`20`	`"github.com/coder/coder/cli/cliflag"`
`22`	`21`	`"github.com/coder/coder/cli/cliui"`
`@@ -96,7 +95,7 @@ func portForward() *cobra.Command {`
`96`	`95`	`return xerrors.Errorf("await agent: %w", err)`
`97`	`96`	`}`
`98`	`97`
`99`		`- conn, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, workspaceAgent.ID)`
	`98`	`+ conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, nil)`
`100`	`99`	`if err != nil {`
`101`	`100`	`return err`
`102`	`101`	`}`
Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,9 @@ func speedtest() *cobra.Command {`
`55`	`55`	`if cliflag.IsSetBool(cmd, varVerbose) {`
`56`	`56`	`logger = logger.Leveled(slog.LevelDebug)`
`57`	`57`	`}`
`58`		`- conn, err := client.DialWorkspaceAgentTailnet(ctx, logger, workspaceAgent.ID)`
	`58`	`+ conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, &codersdk.DialWorkspaceAgentOptions{`
	`59`	`+ Logger: logger,`
	`60`	`+ })`
`59`	`61`	`if err != nil {`
`60`	`62`	`return err`
`61`	`63`	`}`
Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ func New(options Options) API {`
`123`	`123`	`options.TailnetCoordinator = tailnet.NewCoordinator()`
`124`	`124`	`}`
`125`	`125`	`if options.DERPServer == nil {`
`126`		`- options.DERPServer = derp.NewServer(key.NewNode(), tailnet.Logger(options.Logger))`
	`126`	`+ options.DERPServer = derp.NewServer(key.NewNode(), tailnet.Logger(options.Logger.Named("derp").Leveled(slog.LevelDebug)))`
`127`	`127`	`options.DERPServer.SetMeshKey("todo-kyle-change-this")`
`128`	`128`	`}`
`129`	`129`	`if options.Auditor == nil {`
Original file line number	Diff line number	Diff line change
`@@ -344,6 +344,9 @@ func (c Conn) UpdateNodes(nodes []Node) error {`
`344`	`344`	`// reason. TODO: @kylecarbs debug this!`
`345`	`345`	`KeepAlive: ok && peerStatus.Active,`
`346`	`346`	`}`
	`347`	`+ if c.blockEndpoints {`
	`348`	`+ peerNode.Endpoints = nil`
	`349`	`+ }`
`347`	`350`	`c.peerMap[node.ID] = peerNode`
`348`	`351`	`}`
`349`	`352`	`c.netMap.Peers = make([]*tailcfg.Node, 0, len(c.peerMap))`