coder
diff --git a/‎agent/agent.go
Lines changed: 22 additions & 3 deletions b/‎agent/agent.go
Lines changed: 22 additions & 3 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 3 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 3 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/tailnet.go
Lines changed: 67 additions & 39 deletions b/‎coderd/tailnet.go
Lines changed: 67 additions & 39 deletions
diff --git a/‎coderd/tailnet_test.go
Lines changed: 1 addition & 1 deletion b/‎coderd/tailnet_test.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/workspaceagents.go
Lines changed: 1 addition & 0 deletions b/‎coderd/workspaceagents.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/wsconncache/wsconncache.go
Lines changed: 1 addition & 1 deletion b/‎coderd/wsconncache/wsconncache.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/wsconncache/wsconncache_test.go
Lines changed: 1 addition & 1 deletion b/‎coderd/wsconncache/wsconncache_test.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎codersdk/agentsdk/agentsdk.go
Lines changed: 1 addition & 0 deletions b/‎codersdk/agentsdk/agentsdk.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎codersdk/workspaceagentconn.go
Lines changed: 6 additions & 3 deletions b/‎codersdk/workspaceagentconn.go
Lines changed: 6 additions & 3 deletions
@@ -605,7 +605,7 @@ func (a *agent) run(ctx context.Context) error {
 	network := a.network
 	a.closeMutex.Unlock()
 	if network == nil {
-		network, err = a.createTailnet(ctx, manifest.DERPMap, manifest.DisableDirectConnections)
+		network, err = a.createTailnet(ctx, manifest.AgentID, manifest.DERPMap, manifest.DisableDirectConnections)
 		if err != nil {
 			return xerrors.Errorf("create tailnet: %w", err)
 		}
@@ -623,6 +623,11 @@ func (a *agent) run(ctx context.Context) error {
 
 		a.startReportingConnectionStats(ctx)
 	} else {
+		// Update the wireguard IPs if the agent ID changed.
+		err := network.SetAddresses(a.wireguardAddresses(manifest.AgentID))
+		if err != nil {
+			a.logger.Error(ctx, "update tailnet addresses", slog.Error(err))
+		}
 		// Update the DERP map and allow/disallow direct connections.
 		network.SetDERPMap(manifest.DERPMap)
 		network.SetBlockEndpoints(manifest.DisableDirectConnections)
@@ -636,6 +641,20 @@ func (a *agent) run(ctx context.Context) error {
 	return nil
 }
 
+func (a *agent) wireguardAddresses(agentID uuid.UUID) []netip.Prefix {
+	if len(a.addresses) == 0 {
+		return []netip.Prefix{
+			// This is the IP that should be used primarily.
+			netip.PrefixFrom(tailnet.IPFromUUID(agentID), 128),
+			// We also listen on the legacy codersdk.WorkspaceAgentIP. This
+			// allows for a transition away from wsconncache.
+			netip.PrefixFrom(codersdk.WorkspaceAgentIP, 128),
+		}
+	}
+
+	return a.addresses
+}
+
 func (a *agent) trackConnGoroutine(fn func()) error {
 	a.closeMutex.Lock()
 	defer a.closeMutex.Unlock()
@@ -650,9 +669,9 @@ func (a *agent) trackConnGoroutine(fn func()) error {
 	return nil
 }
 
-func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap, disableDirectConnections bool) (_ *tailnet.Conn, err error) {
+func (a *agent) createTailnet(ctx context.Context, agentID uuid.UUID, derpMap *tailcfg.DERPMap, disableDirectConnections bool) (_ *tailnet.Conn, err error) {
 	network, err := tailnet.NewConn(&tailnet.Options{
-		Addresses:      a.addresses,
+		Addresses:      a.wireguardAddresses(agentID),
 		DERPMap:        derpMap,
 		Logger:         a.logger.Named("tailnet"),
 		ListenPort:     a.tailnetListenPort,
 
@@ -35,7 +35,7 @@ func init() {
 	}
 }
 
-// TODO: ServerTailnet does not currently remove stale peers.
+// TODO(coadler): ServerTailnet does not currently remove stale peers.
 
 // NewServerTailnet creates a new tailnet intended for use by coderd. It
 // automatically falls back to wsconncache if a legacy agent is encountered.
@@ -56,10 +56,17 @@ func NewServerTailnet(
 		return nil, xerrors.Errorf("create tailnet conn: %w", err)
 	}
 
+	id := uuid.New()
+	ma := (*coord.Load()).ServeMultiAgent(id)
+
+	serverCtx, cancel := context.WithCancel(ctx)
 	tn := &ServerTailnet{
+		ctx:         serverCtx,
+		cancel:      cancel,
 		logger:      logger,
 		conn:        conn,
 		coordinator: coord,
+		agentConn:   ma,
 		cache:       cache,
 		agentNodes:  map[uuid.UUID]*tailnetNode{},
 		transport:   tailnetTransport.Clone(),
@@ -69,16 +76,9 @@ func NewServerTailnet(
 	tn.transport.MaxIdleConns = 0
 
 	conn.SetNodeCallback(func(node *tailnet.Node) {
-		tn.nodesMu.Lock()
-		ids := make([]uuid.UUID, 0, len(tn.agentNodes))
-		for id := range tn.agentNodes {
-			ids = append(ids, id)
-		}
-		tn.nodesMu.Unlock()
-
-		err := (*tn.coordinator.Load()).BroadcastToAgents(ids, node)
+		err := tn.agentConn.UpdateSelf(node)
 		if err != nil {
-			tn.logger.Error(context.Background(), "broadcast server node to agents", slog.Error(err))
+			tn.logger.Warn(context.Background(), "broadcast server node to agents", slog.Error(err))
 		}
 	})
 
@@ -99,19 +99,52 @@ func NewServerTailnet(
 		return left
 	})
 
+	go tn.watchAgentUpdates()
 	return tn, nil
 }
 
+func (s *ServerTailnet) watchAgentUpdates() {
+	for {
+		nodes := s.agentConn.NextUpdate(s.ctx)
+		if nodes == nil {
+			return
+		}
+
+		toUpdate := make([]*tailnet.Node, 0)
+
+		s.nodesMu.Lock()
+		for _, node := range nodes {
+			cached, ok := s.agentNodes[node.AgentID]
+			if ok {
+				cached.node = node.Node
+				toUpdate = append(toUpdate, node.Node)
+			}
+		}
+		s.nodesMu.Unlock()
+
+		if len(toUpdate) > 0 {
+			err := s.conn.UpdateNodes(toUpdate, false)
+			if err != nil {
+				s.logger.Error(context.Background(), "update node in server tailnet", slog.Error(err))
+				return
+			}
+		}
+	}
+}
+
 type tailnetNode struct {
 	node           *tailnet.Node
 	lastConnection time.Time
-	stop           func()
 }
 
 type ServerTailnet struct {
+	ctx    context.Context
+	cancel func()
+
 	logger      slog.Logger
 	conn        *tailnet.Conn
 	coordinator *atomic.Pointer[tailnet.Coordinator]
+	agentConn   tailnet.MultiAgentConn
 	cache       *wsconncache.Cache
 	nodesMu     sync.Mutex
 	// agentNodes is a map of agent tailnetNodes the server wants to keep a
@@ -121,23 +154,6 @@ type ServerTailnet struct {
 	transport *http.Transport
 }
 
-func (s *ServerTailnet) updateNode(id uuid.UUID, node *tailnet.Node) {
-	s.nodesMu.Lock()
-	cached, ok := s.agentNodes[id]
-	if ok {
-		cached.node = node
-	}
-	s.nodesMu.Unlock()
-
-	if ok {
-		err := s.conn.UpdateNodes([]*tailnet.Node{node}, false)
-		if err != nil {
-			s.logger.Error(context.Background(), "update node in server tailnet", slog.Error(err))
-			return
-		}
-	}
-}
-
 func (s *ServerTailnet) ReverseProxy(targetURL, dashboardURL *url.URL, agentID uuid.UUID) (_ *httputil.ReverseProxy, release func(), _ error) {
 	proxy := httputil.NewSingleHostReverseProxy(targetURL)
 	proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
@@ -188,18 +204,16 @@ func (s *ServerTailnet) getNode(agentID uuid.UUID) (*tailnet.Node, error) {
 			s.nodesMu.Unlock()
 			return nil, xerrors.Errorf("node %q not found", agentID.String())
 		}
-		stop := coord.SubscribeAgent(agentID, s.updateNode)
+
+		err := s.agentConn.SubscribeAgent(agentID, s.conn.Node())
+		if err != nil {
+			return nil, xerrors.Errorf("subscribe agent: %w", err)
+		}
 		tnode = &tailnetNode{
 			node:           node,
 			lastConnection: time.Now(),
-			stop:           stop,
 		}
 		s.agentNodes[agentID] = tnode
-
-		err := coord.BroadcastToAgents([]uuid.UUID{agentID}, s.conn.Node())
-		if err != nil {
-			s.logger.Debug(context.Background(), "broadcast server node to agents", slog.Error(err))
-		}
 	}
 	s.nodesMu.Unlock()
 
@@ -257,7 +271,7 @@ func (*ServerTailnet) nodeIsLegacy(node *tailnet.Node) bool {
 	return node.Addresses[0].Addr() == codersdk.WorkspaceAgentIP
 }
 
-func (s *ServerTailnet) AgentConn(ctx context.Context, agentID uuid.UUID) (_ *codersdk.WorkspaceAgentConn, release func(), _ error) {
+func (s *ServerTailnet) AgentConn(ctx context.Context, agentID uuid.UUID) (*codersdk.WorkspaceAgentConn, func(), error) {
 	node, err := s.awaitNodeExists(ctx, agentID, 5*time.Second)
 	if err != nil {
 		return nil, nil, xerrors.Errorf("get agent node: %w", err)
@@ -284,8 +298,13 @@ func (s *ServerTailnet) AgentConn(ctx context.Context, agentID uuid.UUID) (_ *co
 		})
 	}
 
+	// Since we now have an open conn, be careful to close it if we error
+	// without returning it to the user.
+
 	reachable := conn.AwaitReachable(ctx)
 	if !reachable {
+		ret()
+		conn.Close()
 		return nil, nil, xerrors.New("agent is unreachable")
 	}
 
@@ -298,8 +317,13 @@ func (s *ServerTailnet) DialAgentNetConn(ctx context.Context, agentID uuid.UUID,
 		return nil, xerrors.Errorf("acquire agent conn: %w", err)
 	}
 
+	// Since we now have an open conn, be careful to close it if we error
+	// without returning it to the user.
+
 	node, err := s.getNode(agentID)
 	if err != nil {
+		release()
+		conn.Close()
 		return nil, xerrors.New("get agent node")
 	}
 
@@ -308,11 +332,14 @@ func (s *ServerTailnet) DialAgentNetConn(ctx context.Context, agentID uuid.UUID,
 	ipp := netip.AddrPortFrom(node.Addresses[0].Addr(), uint16(port))
 
 	var nc net.Conn
-	if network == "tcp" {
+	switch network {
+	case "tcp":
 		nc, err = conn.DialContextTCP(ctx, ipp)
-	} else if network == "udp" {
+	case "udp":
 		nc, err = conn.DialContextUDP(ctx, ipp)
-	} else {
+	default:
+		release()
+		conn.Close()
 		return nil, xerrors.Errorf("unknown network %q", network)
 	}
 
@@ -333,6 +360,7 @@ func (c *netConnCloser) Close() error {
 }
 
 func (s *ServerTailnet) Close() error {
+	s.cancel()
 	_ = s.cache.Close()
 	_ = s.conn.Close()
 	s.transport.CloseIdleConnections()
 
@@ -183,7 +183,7 @@ func setupAgent(t *testing.T, agentAddresses []netip.Prefix) (uuid.UUID, agent.A
 			GetNode: func(agentID uuid.UUID) (*tailnet.Node, error) {
 				node := coordinator.Node(agentID)
 				if node == nil {
-					return nil, xerrors.Errorf("node not found %q", err)
+					return nil, xerrors.Errorf("node not found %q", agentID)
 				}
 				return node, nil
 			},
 
@@ -161,6 +161,7 @@ func (api *API) workspaceAgentManifest(rw http.ResponseWriter, r *http.Request)
 	}
 
 	httpapi.Write(ctx, rw, http.StatusOK, agentsdk.Manifest{
+		AgentID:                  apiAgent.ID,
 		Apps:                     convertApps(dbApps),
 		DERPMap:                  api.DERPMap,
 		GitAuthConfigs:           len(api.GitAuthConfigs),
 
@@ -1,5 +1,5 @@
 // Package wsconncache caches workspace agent connections by UUID.
-// Deprecated
+// Deprecated: Use ServerTailnet instead.
 package wsconncache
 
 import (
 
@@ -200,7 +200,7 @@ func setupAgent(t *testing.T, manifest agentsdk.Manifest, ptyTimeout time.Durati
 		GetNode: func(agentID uuid.UUID) (*tailnet.Node, error) {
 			node := coordinator.Node(agentID)
 			if node == nil {
-				return nil, xerrors.Errorf("node not found %q", err)
+				return nil, xerrors.Errorf("node not found %q", agentID)
 			}
 			return node, nil
 		},
 
@@ -84,6 +84,7 @@ func (c *Client) PostMetadata(ctx context.Context, key string, req PostMetadataR
 }
 
 type Manifest struct {
+	AgentID uuid.UUID `json:"agent_id"`
 	// GitAuthConfigs stores the number of Git configurations
 	// the Coder deployment has. If this number is >0, we
 	// set up special configuration in the workspace.
 
@@ -167,9 +167,12 @@ func (c *WorkspaceAgentConn) AwaitReachable(ctx context.Context) bool {
 	defer span.End()
 
 	var (
-		addr netip.Addr
-		err  error
+		addr   netip.Addr
+		err    error
+		ticker = time.NewTicker(10 * time.Millisecond)
 	)
+	defer ticker.Stop()
+
 	for {
 		addr, err = c.getAgentAddress()
 		if err == nil {
@@ -179,7 +182,7 @@ func (c *WorkspaceAgentConn) AwaitReachable(ctx context.Context) bool {
 		select {
 		case <-ctx.Done():
 			return false
-		case <-time.After(10 * time.Millisecond):
+		case <-ticker.C:
 			continue
 		}
 	}
Original file line number	Diff line number	Diff line change
`@@ -183,7 +183,7 @@ func setupAgent(t *testing.T, agentAddresses []netip.Prefix) (uuid.UUID, agent.A`
`183`	`183`	`GetNode: func(agentID uuid.UUID) (*tailnet.Node, error) {`
`184`	`184`	`node := coordinator.Node(agentID)`
`185`	`185`	`if node == nil {`
`186`		`- return nil, xerrors.Errorf("node not found %q", err)`
	`186`	`+ return nil, xerrors.Errorf("node not found %q", agentID)`
`187`	`187`	`}`
`188`	`188`	`return node, nil`
`189`	`189`	`},`
Original file line number	Diff line number	Diff line change
`@@ -161,6 +161,7 @@ func (api API) workspaceAgentManifest(rw http.ResponseWriter, r http.Request)`
`161`	`161`	`}`
`162`	`162`
`163`	`163`	`httpapi.Write(ctx, rw, http.StatusOK, agentsdk.Manifest{`
	`164`	`+ AgentID: apiAgent.ID,`
`164`	`165`	`Apps: convertApps(dbApps),`
`165`	`166`	`DERPMap: api.DERPMap,`
`166`	`167`	`GitAuthConfigs: len(api.GitAuthConfigs),`
Original file line number	Diff line number	Diff line change
`@@ -200,7 +200,7 @@ func setupAgent(t *testing.T, manifest agentsdk.Manifest, ptyTimeout time.Durati`
`200`	`200`	`GetNode: func(agentID uuid.UUID) (*tailnet.Node, error) {`
`201`	`201`	`node := coordinator.Node(agentID)`
`202`	`202`	`if node == nil {`
`203`		`- return nil, xerrors.Errorf("node not found %q", err)`
	`203`	`+ return nil, xerrors.Errorf("node not found %q", agentID)`
`204`	`204`	`}`
`205`	`205`	`return node, nil`
`206`	`206`	`},`
Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ func (c *Client) PostMetadata(ctx context.Context, key string, req PostMetadataR`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`type Manifest struct {`
	`87`	+ AgentID uuid.UUID `json:"agent_id"`
`87`	`88`	`// GitAuthConfigs stores the number of Git configurations`
`88`	`89`	`// the Coder deployment has. If this number is >0, we`
`89`	`90`	`// set up special configuration in the workspace.`