Implement workspace proxy cmd

Emyrk · Emyrk · commit c077c729f847 · 2023-04-12T09:36:51.000-05:00
diff --git a/cli/server.go b/cli/server.go
@@ -33,14 +33,15 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/prometheus/client_golang/prometheus/collectors"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/coreos/go-systemd/daemon"
 	embeddedpostgres "github.com/fergusstrange/embedded-postgres"
 	"github.com/google/go-github/v43/github"
 	"github.com/google/uuid"
 	"github.com/prometheus/client_golang/prometheus"
-	"github.com/prometheus/client_golang/prometheus/collectors"
-	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/spf13/afero"
 	"go.opentelemetry.io/otel/trace"
 	"golang.org/x/mod/semver"
@@ -660,33 +661,33 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 				defer options.Telemetry.Close()
 			}
 
-			// This prevents the pprof import from being accidentally deleted.
-			_ = pprof.Handler
-			if cfg.Pprof.Enable {
-				//nolint:revive
-				defer serveHandler(ctx, logger, nil, cfg.Pprof.Address.String(), "pprof")()
-			}
-			if cfg.Prometheus.Enable {
-				options.PrometheusRegistry.MustRegister(collectors.NewGoCollector())
-				options.PrometheusRegistry.MustRegister(collectors.NewProcessCollector(collectors.ProcessCollectorOpts{}))
-
-				closeUsersFunc, err := prometheusmetrics.ActiveUsers(ctx, options.PrometheusRegistry, options.Database, 0)
-				if err != nil {
-					return xerrors.Errorf("register active users prometheus metric: %w", err)
-				}
-				defer closeUsersFunc()
-
-				closeWorkspacesFunc, err := prometheusmetrics.Workspaces(ctx, options.PrometheusRegistry, options.Database, 0)
-				if err != nil {
-					return xerrors.Errorf("register workspaces prometheus metric: %w", err)
-				}
-				defer closeWorkspacesFunc()
-
-				//nolint:revive
-				defer serveHandler(ctx, logger, promhttp.InstrumentMetricHandler(
-					options.PrometheusRegistry, promhttp.HandlerFor(options.PrometheusRegistry, promhttp.HandlerOpts{}),
-				), cfg.Prometheus.Address.String(), "prometheus")()
-			}
+			//// This prevents the pprof import from being accidentally deleted.
+			//_ = pprof.Handler
+			//if cfg.Pprof.Enable {
+			//	//nolint:revive
+			//	defer serveHandler(ctx, logger, nil, cfg.Pprof.Address.String(), "pprof")()
+			//}
+			//if cfg.Prometheus.Enable {
+			//	options.PrometheusRegistry.MustRegister(collectors.NewGoCollector())
+			//	options.PrometheusRegistry.MustRegister(collectors.NewProcessCollector(collectors.ProcessCollectorOpts{}))
+			//
+			//	closeUsersFunc, err := prometheusmetrics.ActiveUsers(ctx, options.PrometheusRegistry, options.Database, 0)
+			//	if err != nil {
+			//		return xerrors.Errorf("register active users prometheus metric: %w", err)
+			//	}
+			//	defer closeUsersFunc()
+			//
+			//	closeWorkspacesFunc, err := prometheusmetrics.Workspaces(ctx, options.PrometheusRegistry, options.Database, 0)
+			//	if err != nil {
+			//		return xerrors.Errorf("register workspaces prometheus metric: %w", err)
+			//	}
+			//	defer closeWorkspacesFunc()
+			//
+			//	//nolint:revive
+			//	defer serveHandler(ctx, logger, promhttp.InstrumentMetricHandler(
+			//		options.PrometheusRegistry, promhttp.HandlerFor(options.PrometheusRegistry, promhttp.HandlerOpts{}),
+			//	), cfg.Prometheus.Address.String(), "prometheus")()
+			//}
 
 			if cfg.Swagger.Enable {
 				options.SwaggerEndpoint = cfg.Swagger.Enable.Value()
@@ -701,6 +702,18 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 			}
 
 			if cfg.Prometheus.Enable {
+				closeUsersFunc, err := prometheusmetrics.ActiveUsers(ctx, options.PrometheusRegistry, options.Database, 0)
+				if err != nil {
+					return xerrors.Errorf("register active users prometheus metric: %w", err)
+				}
+				defer closeUsersFunc()
+
+				closeWorkspacesFunc, err := prometheusmetrics.Workspaces(ctx, options.PrometheusRegistry, options.Database, 0)
+				if err != nil {
+					return xerrors.Errorf("register workspaces prometheus metric: %w", err)
+				}
+				defer closeWorkspacesFunc()
+
 				// Agent metrics require reference to the tailnet coordinator, so must be initiated after Coder API.
 				closeAgentsFunc, err := prometheusmetrics.Agents(ctx, logger, options.PrometheusRegistry, coderAPI.Database, &coderAPI.TailnetCoordinator, options.DERPMap, coderAPI.Options.AgentInactiveDisconnectTimeout, 0)
 				if err != nil {
@@ -720,7 +733,6 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 					},
 				}
 			}
-			defer client.HTTPClient.CloseIdleConnections()
 
 			// This is helpful for tests, but can be silently ignored.
 			// Coder may be ran as users that don't have permission to write in the homedir,
@@ -819,6 +831,11 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 				}
 			}()
 
+			autobuildPoller := time.NewTicker(cfg.AutobuildPollInterval.Value())
+			defer autobuildPoller.Stop()
+			autobuildExecutor := executor.New(ctx, options.Database, coderAPI.TemplateScheduleStore, logger, autobuildPoller.C)
+			autobuildExecutor.Run()
+
 			cliui.Infof(inv.Stdout, "\n==> Logs will stream in below (press ctrl+c to gracefully exit):")
 
 			// Updates the systemd status from activating to activated.
@@ -827,11 +844,6 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 				return xerrors.Errorf("notify systemd: %w", err)
 			}
 
-			autobuildPoller := time.NewTicker(cfg.AutobuildPollInterval.Value())
-			defer autobuildPoller.Stop()
-			autobuildExecutor := executor.New(ctx, options.Database, coderAPI.TemplateScheduleStore, logger, autobuildPoller.C)
-			autobuildExecutor.Run()
-
 			// Currently there is no way to ask the server to shut
 			// itself down, so any exit signal will result in a non-zero
 			// exit of the server.
@@ -1214,9 +1226,10 @@ type CommonServerCmd struct {
 	HTTPServers *HTTPServers
 	HTTPClient  *http.Client
 	LocalURL    *url.URL
-	Logger      slog.Logger
 
-	Tracer trace.TracerProvider
+	Logger             slog.Logger
+	PrometheusRegistry *prometheus.Registry
+	Tracer             trace.TracerProvider
 	// SQLDriver is the driver that the tracer is active on.
 	SQLDriver string
 
@@ -1328,12 +1341,6 @@ func SetupServerCmd(inv *clibase.Invocation, cfg *codersdk.DeploymentValues) (_
 	// A newline is added before for visibility in terminal output.
 	cliui.Infof(inv.Stdout, "\nView the Web UI: %s", cfg.AccessURL.String())
 
-	// Used for zero-trust instance identity with Google Cloud.
-	googleTokenValidator, err := idtoken.NewValidator(ctx, option.WithoutAuthentication())
-	if err != nil {
-		return nil, err
-	}
-
 	c.AppHostname = cfg.WildcardAccessURL.String()
 	if c.AppHostname != "" {
 		c.AppHostnameRegex, err = httpapi.CompileHostnamePattern(c.AppHostname)
@@ -1347,6 +1354,29 @@ func SetupServerCmd(inv *clibase.Invocation, cfg *codersdk.DeploymentValues) (_
 		return nil, xerrors.Errorf("parse real ip config: %w", err)
 	}
 
+	if cfg.Pprof.Enable {
+		// This prevents the pprof import from being accidentally deleted.
+		// pprof has an init function that attaches itself to the default handler.
+		// By passing a nil handler to 'serverHandler', it will automatically use
+		// the default, which has pprof attached.
+		_ = pprof.Handler
+		//nolint:revive
+		closeFunc := serveHandler(ctx, logger, nil, cfg.Pprof.Address.String(), "pprof")
+		c.addClose(closeFunc)
+	}
+
+	c.PrometheusRegistry = prometheus.NewRegistry()
+	if cfg.Prometheus.Enable {
+		c.PrometheusRegistry.MustRegister(collectors.NewGoCollector())
+		c.PrometheusRegistry.MustRegister(collectors.NewProcessCollector(collectors.ProcessCollectorOpts{}))
+
+		//nolint:revive
+		closeFunc := serveHandler(ctx, logger, promhttp.InstrumentMetricHandler(
+			c.PrometheusRegistry, promhttp.HandlerFor(c.PrometheusRegistry, promhttp.HandlerOpts{}),
+		), cfg.Prometheus.Address.String(), "prometheus")
+		c.addClose(closeFunc)
+	}
+
 	return c, nil
 }
 
diff --git a/enterprise/cli/workspaceproxy.go b/enterprise/cli/workspaceproxy.go
@@ -1,9 +1,19 @@
 package cli
 
 import (
+	"context"
+	"fmt"
 	"io"
 	"log"
+	"net"
 	"net/http"
+	"runtime/pprof"
+	"time"
+
+	"github.com/coreos/go-systemd/daemon"
+
+	"github.com/coder/coder/cli/cliui"
+	"golang.org/x/xerrors"
 
 	"github.com/coder/coder/cli"
 	"github.com/coder/coder/coderd/workspaceapps"
@@ -54,23 +64,30 @@ func (r *RootCmd) proxyServer() *clibase.Cmd {
 			if err != nil {
 				return err
 			}
+			defer scd.Close()
+			ctx := scd.Ctx
 
 			proxy, err := wsproxy.New(&wsproxy.Options{
-				Logger:             scd.Logger,
+				Logger: scd.Logger,
+				// TODO: PrimaryAccessURL
 				PrimaryAccessURL:   nil,
-				AccessURL:          nil,
+				AccessURL:          cfg.AccessURL.Value(),
 				AppHostname:        scd.AppHostname,
 				AppHostnameRegex:   scd.AppHostnameRegex,
 				RealIPConfig:       scd.RealIPConfig,
 				AppSecurityKey:     workspaceapps.SecurityKey{},
 				Tracing:            scd.Tracer,
-				PrometheusRegistry: nil,
-				APIRateLimit:       0,
-				SecureAuthCookie:   false,
-				DisablePathApps:    false,
-				ProxySessionToken:  "",
+				PrometheusRegistry: scd.PrometheusRegistry,
+				APIRateLimit:       int(cfg.RateLimit.API.Value()),
+				SecureAuthCookie:   cfg.SecureAuthCookie.Value(),
+				// TODO: DisablePathApps
+				DisablePathApps: false,
+				// TODO: ProxySessionToken
+				ProxySessionToken: "",
 			})
 
+			shutdownConnsCtx, shutdownConns := context.WithCancel(ctx)
+			defer shutdownConns()
 			// ReadHeaderTimeout is purposefully not enabled. It caused some
 			// issues with websockets over the dev tunnel.
 			// See: https://github.com/coder/coder/pull/3730
@@ -81,16 +98,90 @@ func (r *RootCmd) proxyServer() *clibase.Cmd {
 				// https://github.com/hashicorp/vault/blob/e2490059d0711635e529a4efcbaa1b26998d6e1c/command/server.go#L2714
 				ErrorLog: log.New(io.Discard, "", 0),
 				Handler:  proxy.Handler,
-				//BaseContext: func(_ net.Listener) context.Context {
-				//	return shutdownConnsCtx
-				//},
+				BaseContext: func(_ net.Listener) context.Context {
+					return shutdownConnsCtx
+				},
 			}
-			//defer func() {
-			//	_ = shutdownWithTimeout(httpServer.Shutdown, 5*time.Second)
-			//}()
+			defer func() {
+				ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+				defer cancel()
+				_ = httpServer.Shutdown(ctx)
+			}()
 
 			// TODO: So this obviously is not going to work well.
-			return scd.HTTPServers.Serve(httpServer)
+			errCh := make(chan error, 1)
+			pprof.Do(ctx, pprof.Labels("service", "workspace-proxy"), func(ctx context.Context) {
+				errCh <- scd.HTTPServers.Serve(httpServer)
+			})
+
+			cliui.Infof(inv.Stdout, "\n==> Logs will stream in below (press ctrl+c to gracefully exit):")
+
+			// Updates the systemd status from activating to activated.
+			_, err = daemon.SdNotify(false, daemon.SdNotifyReady)
+			if err != nil {
+				return xerrors.Errorf("notify systemd: %w", err)
+			}
+
+			// Currently there is no way to ask the server to shut
+			// itself down, so any exit signal will result in a non-zero
+			// exit of the server.
+			var exitErr error
+			select {
+			case exitErr = <-errCh:
+				fmt.Println("As")
+			case <-scd.NotifyCtx.Done():
+				exitErr = scd.NotifyCtx.Err()
+				_, _ = fmt.Fprintln(inv.Stdout, cliui.Styles.Bold.Render(
+					"Interrupt caught, gracefully exiting. Use ctrl+\\ to force quit",
+				))
+			}
+
+			if exitErr != nil && !xerrors.Is(exitErr, context.Canceled) {
+				cliui.Errorf(inv.Stderr, "Unexpected error, shutting down server: %s\n", exitErr)
+			}
+
+			// Begin clean shut down stage, we try to shut down services
+			// gracefully in an order that gives the best experience.
+			// This procedure should not differ greatly from the order
+			// of `defer`s in this function, but allows us to inform
+			// the user about what's going on and handle errors more
+			// explicitly.
+
+			_, err = daemon.SdNotify(false, daemon.SdNotifyStopping)
+			if err != nil {
+				cliui.Errorf(inv.Stderr, "Notify systemd failed: %s", err)
+			}
+
+			// Stop accepting new connections without interrupting
+			// in-flight requests, give in-flight requests 5 seconds to
+			// complete.
+			cliui.Info(inv.Stdout, "Shutting down API server..."+"\n")
+			ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+			defer cancel()
+			err = httpServer.Shutdown(ctx)
+			if err != nil {
+				cliui.Errorf(inv.Stderr, "API server shutdown took longer than 3s: %s\n", err)
+			} else {
+				cliui.Info(inv.Stdout, "Gracefully shut down API server\n")
+			}
+			// Cancel any remaining in-flight requests.
+			shutdownConns()
+
+			// Trigger context cancellation for any remaining services.
+			scd.Close()
+
+			switch {
+			case xerrors.Is(exitErr, context.DeadlineExceeded):
+				cliui.Warnf(inv.Stderr, "Graceful shutdown timed out")
+				// Errors here cause a significant number of benign CI failures.
+				return nil
+			case xerrors.Is(exitErr, context.Canceled):
+				return nil
+			case exitErr != nil:
+				return xerrors.Errorf("graceful shutdown: %w", exitErr)
+			default:
+				return nil
+			}
 		},
 	}
 
