coder · kylecarbs · Oct 17, 2022 · Sep 22, 2022 · Sep 23, 2022 · Sep 23, 2022
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -19,6 +19,7 @@
     "derphttp",
     "derpmap",
     "devel",
+    "dflags",
     "drpc",
     "drpcconn",
     "drpcmux",
@@ -86,8 +87,10 @@
     "ptytest",
     "quickstart",
     "reconfig",
+    "replicasync",
     "retrier",
     "rpty",
+    "SCIM",
     "sdkproto",
     "sdktrace",
     "Signup",

diff --git a/agent/agent.go b/agent/agent.go
@@ -170,6 +170,7 @@ func (a *agent) runTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) {
 	if a.isClosed() {
 		return
 	}
+	a.logger.Debug(ctx, "running tailnet with derpmap", slog.F("derpmap", derpMap))
 	if a.network != nil {
 		a.network.SetDERPMap(derpMap)
 		return

diff --git a/agent/agent_test.go b/agent/agent_test.go
@@ -465,7 +465,7 @@ func TestAgent(t *testing.T) {
 
 				conn, _ := setupAgent(t, codersdk.WorkspaceAgentMetadata{}, 0)
 				require.Eventually(t, func() bool {
-					_, err := conn.Ping()
+					_, err := conn.Ping(context.Background())
 					return err == nil
 				}, testutil.WaitMedium, testutil.IntervalFast)
 				conn1, err := conn.DialContext(context.Background(), l.Addr().Network(), l.Addr().String())
@@ -483,9 +483,7 @@ func TestAgent(t *testing.T) {
 
 	t.Run("Speedtest", func(t *testing.T) {
 		t.Parallel()
-		if testing.Short() {
-			t.Skip("The minimum duration for a speedtest is hardcoded in Tailscale to 5s!")
-		}
+		t.Skip("This test is relatively flakey because of Tailscale's speedtest code...")
 		derpMap := tailnettest.RunDERPAndSTUN(t)
 		conn, _ := setupAgent(t, codersdk.WorkspaceAgentMetadata{
 			DERPMap: derpMap,

diff --git a/cli/agent_test.go b/cli/agent_test.go
@@ -7,8 +7,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"cdr.dev/slog"
-
 	"github.com/coder/coder/cli/clitest"
 	"github.com/coder/coder/coderd/coderdtest"
 	"github.com/coder/coder/provisioner/echo"
@@ -67,11 +65,11 @@ func TestWorkspaceAgent(t *testing.T) {
 		if assert.NotEmpty(t, workspace.LatestBuild.Resources) && assert.NotEmpty(t, resources[0].Agents) {
 			assert.NotEmpty(t, resources[0].Agents[0].Version)
 		}
-		dialer, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, resources[0].Agents[0].ID)
+		dialer, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, nil)
 		require.NoError(t, err)
 		defer dialer.Close()
 		require.Eventually(t, func() bool {
-			_, err := dialer.Ping()
+			_, err := dialer.Ping(ctx)
 			return err == nil
 		}, testutil.WaitMedium, testutil.IntervalFast)
 		cancelFunc()
@@ -128,11 +126,11 @@ func TestWorkspaceAgent(t *testing.T) {
 		if assert.NotEmpty(t, resources) && assert.NotEmpty(t, resources[0].Agents) {
 			assert.NotEmpty(t, resources[0].Agents[0].Version)
 		}
-		dialer, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, resources[0].Agents[0].ID)
+		dialer, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, nil)
 		require.NoError(t, err)
 		defer dialer.Close()
 		require.Eventually(t, func() bool {
-			_, err := dialer.Ping()
+			_, err := dialer.Ping(ctx)
 			return err == nil
 		}, testutil.WaitMedium, testutil.IntervalFast)
 		cancelFunc()
@@ -189,11 +187,11 @@ func TestWorkspaceAgent(t *testing.T) {
 		if assert.NotEmpty(t, resources) && assert.NotEmpty(t, resources[0].Agents) {
 			assert.NotEmpty(t, resources[0].Agents[0].Version)
 		}
-		dialer, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, resources[0].Agents[0].ID)
+		dialer, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, nil)
 		require.NoError(t, err)
 		defer dialer.Close()
 		require.Eventually(t, func() bool {
-			_, err := dialer.Ping()
+			_, err := dialer.Ping(ctx)
 			return err == nil
 		}, testutil.WaitMedium, testutil.IntervalFast)
 		cancelFunc()

diff --git a/cli/config/file.go b/cli/config/file.go
@@ -13,6 +13,11 @@ func (r Root) Session() File {
 	return File(filepath.Join(string(r), "session"))
 }
 
+// ReplicaID is a unique identifier for the Coder server.
+func (r Root) ReplicaID() File {
+	return File(filepath.Join(string(r), "replica_id"))
+}
+
 func (r Root) URL() File {
 	return File(filepath.Join(string(r), "url"))
 }

diff --git a/cli/configssh_test.go b/cli/configssh_test.go
@@ -19,7 +19,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"cdr.dev/slog"
 	"cdr.dev/slog/sloggers/slogtest"
 
 	"github.com/coder/coder/agent"
@@ -115,7 +114,7 @@ func TestConfigSSH(t *testing.T) {
 		_ = agentCloser.Close()
 	}()
 	resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID)
-	agentConn, err := client.DialWorkspaceAgentTailnet(context.Background(), slog.Logger{}, resources[0].Agents[0].ID)
+	agentConn, err := client.DialWorkspaceAgent(context.Background(), resources[0].Agents[0].ID, nil)
 	require.NoError(t, err)
 	defer agentConn.Close()
 

diff --git a/cli/deployment/flags.go b/cli/deployment/flags.go
@@ -85,6 +85,13 @@ func Flags() *codersdk.DeploymentFlags {
 			Description: "Addresses for STUN servers to establish P2P connections. Set empty to disable P2P connections.",
 			Default:     []string{"stun.l.google.com:19302"},
 		},
+		DerpServerRelayAddress: &codersdk.StringFlag{
+			Name:        "DERP Server Relay Address",
+			Flag:        "derp-server-relay-address",
+			EnvVar:      "CODER_DERP_SERVER_RELAY_ADDRESS",
+			Description: "An HTTP address that is accessible by other replicas to relay DERP traffic. Required for high availability.",
+			Enterprise:  true,
+		},
 		DerpConfigURL: &codersdk.StringFlag{
 			Name:        "DERP Config URL",
 			Flag:        "derp-config-url",

diff --git a/cli/portforward.go b/cli/portforward.go
@@ -16,7 +16,6 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/xerrors"
 
-	"cdr.dev/slog"
 	"github.com/coder/coder/agent"
 	"github.com/coder/coder/cli/cliflag"
 	"github.com/coder/coder/cli/cliui"
@@ -96,7 +95,7 @@ func portForward() *cobra.Command {
 				return xerrors.Errorf("await agent: %w", err)
 			}
 
-			conn, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, workspaceAgent.ID)
+			conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, nil)
 			if err != nil {
 				return err
 			}
@@ -156,7 +155,7 @@ func portForward() *cobra.Command {
 				case <-ticker.C:
 				}
 
-				_, err = conn.Ping()
+				_, err = conn.Ping(ctx)
 				if err != nil {
 					continue
 				}

diff --git a/cli/root.go b/cli/root.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 	"os"
@@ -100,8 +101,9 @@ func Core() []*cobra.Command {
 }
 
 func AGPL() []*cobra.Command {
-	all := append(Core(), Server(deployment.Flags(), func(_ context.Context, o *coderd.Options) (*coderd.API, error) {
-		return coderd.New(o), nil
+	all := append(Core(), Server(deployment.Flags(), func(_ context.Context, o *coderd.Options) (*coderd.API, io.Closer, error) {
+		api := coderd.New(o)
+		return api, api, nil
 	}))
 	return all
 }

diff --git a/cli/server.go b/cli/server.go
@@ -69,7 +69,7 @@ import (
 )
 
 // nolint:gocyclo
-func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *coderd.Options) (*coderd.API, error)) *cobra.Command {
+func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *coderd.Options) (*coderd.API, io.Closer, error)) *cobra.Command {
 	root := &cobra.Command{
 		Use:   "server",
 		Short: "Start a Coder server",
@@ -167,9 +167,10 @@ func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *code
 			}
 			defer listener.Close()
 
+			var tlsConfig *tls.Config
 			if dflags.TLSEnable.Value {
-				listener, err = configureServerTLS(
-					listener, dflags.TLSMinVersion.Value,
+				tlsConfig, err = configureTLS(
+					dflags.TLSMinVersion.Value,
 					dflags.TLSClientAuth.Value,
 					dflags.TLSCertFiles.Value,
 					dflags.TLSKeyFiles.Value,
@@ -178,6 +179,7 @@ func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *code
 				if err != nil {
 					return xerrors.Errorf("configure tls: %w", err)
 				}
+				listener = tls.NewListener(listener, tlsConfig)
 			}
 
 			tcpAddr, valid := listener.Addr().(*net.TCPAddr)
@@ -328,6 +330,9 @@ func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *code
 				Experimental:                ExperimentalEnabled(cmd),
 				DeploymentFlags:             dflags,
 			}
+			if tlsConfig != nil {
+				options.TLSCertificates = tlsConfig.Certificates
+			}
 
 			if dflags.OAuth2GithubClientSecret.Value != "" {
 				options.GithubOAuth2Config, err = configureGithubOAuth2(accessURLParsed,
@@ -471,11 +476,14 @@ func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *code
 				), dflags.PromAddress.Value, "prometheus")()
 			}
 
-			coderAPI, err := newAPI(ctx, options)
+			// We use a separate closer so the Enterprise API
+			// can have it's own close functions. This is cleaner
+			// than abstracting the Coder API itself.
+			coderAPI, closer, err := newAPI(ctx, options)
 			if err != nil {
 				return err
 			}
-			defer coderAPI.Close()
+			defer closer.Close()
 
 			client := codersdk.New(localURL)
 			if dflags.TLSEnable.Value {
@@ -893,7 +901,7 @@ func loadCertificates(tlsCertFiles, tlsKeyFiles []string) ([]tls.Certificate, er
 	return certs, nil
 }
 
-func configureServerTLS(listener net.Listener, tlsMinVersion, tlsClientAuth string, tlsCertFiles, tlsKeyFiles []string, tlsClientCAFile string) (net.Listener, error) {
+func configureTLS(tlsMinVersion, tlsClientAuth string, tlsCertFiles, tlsKeyFiles []string, tlsClientCAFile string) (*tls.Config, error) {
 	tlsConfig := &tls.Config{
 		MinVersion: tls.VersionTLS12,
 	}
@@ -929,6 +937,7 @@ func configureServerTLS(listener net.Listener, tlsMinVersion, tlsClientAuth stri
 	if err != nil {
 		return nil, xerrors.Errorf("load certificates: %w", err)
 	}
+	tlsConfig.Certificates = certs
 	tlsConfig.GetCertificate = func(hi *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		// If there's only one certificate, return it.
 		if len(certs) == 1 {
@@ -963,7 +972,7 @@ func configureServerTLS(listener net.Listener, tlsMinVersion, tlsClientAuth stri
 		tlsConfig.ClientCAs = caPool
 	}
 
-	return tls.NewListener(listener, tlsConfig), nil
+	return tlsConfig, nil
 }
 
 func configureGithubOAuth2(accessURL *url.URL, clientID, clientSecret string, allowSignups bool, allowOrgs []string, rawTeams []string, enterpriseBaseURL string) (*coderd.GithubOAuth2Config, error) {

diff --git a/cli/speedtest.go b/cli/speedtest.go
@@ -55,7 +55,9 @@ func speedtest() *cobra.Command {
 			if cliflag.IsSetBool(cmd, varVerbose) {
 				logger = logger.Leveled(slog.LevelDebug)
 			}
-			conn, err := client.DialWorkspaceAgentTailnet(ctx, logger, workspaceAgent.ID)
+			conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, &codersdk.DialWorkspaceAgentOptions{
+				Logger: logger,
+			})
 			if err != nil {
 				return err
 			}
@@ -68,7 +70,7 @@ func speedtest() *cobra.Command {
 					return ctx.Err()
 				case <-ticker.C:
 				}
-				dur, err := conn.Ping()
+				dur, err := conn.Ping(ctx)
 				if err != nil {
 					continue
 				}

diff --git a/cli/ssh.go b/cli/ssh.go
@@ -20,8 +20,6 @@ import (
 	"golang.org/x/term"
 	"golang.org/x/xerrors"
 
-	"cdr.dev/slog"
-
 	"github.com/coder/coder/cli/cliflag"
 	"github.com/coder/coder/cli/cliui"
 	"github.com/coder/coder/coderd/autobuild/notify"
@@ -86,7 +84,7 @@ func ssh() *cobra.Command {
 				return xerrors.Errorf("await agent: %w", err)
 			}
 
-			conn, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, workspaceAgent.ID)
+			conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, nil)
 			if err != nil {
 				return err
 			}

diff --git a/coderd/activitybump_test.go b/coderd/activitybump_test.go
@@ -72,7 +72,7 @@ func TestWorkspaceActivityBump(t *testing.T) {
 				"deadline %v never updated", firstDeadline,
 			)
 
-			require.WithinDuration(t, database.Now().Add(time.Hour), workspace.LatestBuild.Deadline.Time, time.Second)
+			require.WithinDuration(t, database.Now().Add(time.Hour), workspace.LatestBuild.Deadline.Time, 3*time.Second)
 		}
 	}
 
@@ -82,7 +82,9 @@ func TestWorkspaceActivityBump(t *testing.T) {
 		client, workspace, assertBumped := setupActivityTest(t)
 
 		resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID)
-		conn, err := client.DialWorkspaceAgentTailnet(ctx, slogtest.Make(t, nil), resources[0].Agents[0].ID)
+		conn, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, &codersdk.DialWorkspaceAgentOptions{
+			Logger: slogtest.Make(t, nil),
+		})
 		require.NoError(t, err)
 		defer conn.Close()