From 53754701d5f6cf412151e213897945698819df4a Mon Sep 17 00:00:00 2001 From: Trumeet Date: Sat, 3 Apr 2021 16:33:19 -0700 Subject: fix(agent): move WireGuard ip del commands to a separate provisioner to be executed after all done This resolves conflicts with systemd managed wg-quick legacy services --- .../dn42peering/agent/grpc/AgentServiceImpl.java | 4 ++ .../provision/WireGuardCleanupProvisioner.java | 57 ++++++++++++++++++++++ .../agent/provision/WireGuardProvisioner.java | 20 -------- 3 files changed, 61 insertions(+), 20 deletions(-) create mode 100644 agent/src/main/java/moe/yuuta/dn42peering/agent/provision/WireGuardCleanupProvisioner.java diff --git a/agent/src/main/java/moe/yuuta/dn42peering/agent/grpc/AgentServiceImpl.java b/agent/src/main/java/moe/yuuta/dn42peering/agent/grpc/AgentServiceImpl.java index f477599..6ff5a52 100644 --- a/agent/src/main/java/moe/yuuta/dn42peering/agent/grpc/AgentServiceImpl.java +++ b/agent/src/main/java/moe/yuuta/dn42peering/agent/grpc/AgentServiceImpl.java @@ -9,6 +9,7 @@ import moe.yuuta.dn42peering.agent.proto.NodeConfig; import moe.yuuta.dn42peering.agent.proto.VertxAgentGrpc; import moe.yuuta.dn42peering.agent.provision.BGPProvisioner; import moe.yuuta.dn42peering.agent.provision.Change; +import moe.yuuta.dn42peering.agent.provision.WireGuardCleanupProvisioner; import moe.yuuta.dn42peering.agent.provision.WireGuardProvisioner; import javax.annotation.Nonnull; @@ -40,6 +41,7 @@ class AgentServiceImpl extends VertxAgentGrpc.AgentVertxImplBase { logger.info("Deployment started"); final BGPProvisioner bgpProvisioner = new BGPProvisioner(vertx); final WireGuardProvisioner wireGuardProvisioner = new WireGuardProvisioner(vertx); + final WireGuardCleanupProvisioner wireGuardCleanupProvisioner = new WireGuardCleanupProvisioner(vertx); // TODO: Currently all provisioning operations are non-fault-tolering. This means that // TODO: if one operation fails, the following will fail. This may be changed in later. @@ -49,6 +51,8 @@ class AgentServiceImpl extends VertxAgentGrpc.AgentVertxImplBase { .compose(this::chainChanges) .compose(_v -> wireGuardProvisioner.calculateChanges(config.getNode(), config.getWgsList()) .compose(this::chainChanges)) + .compose(_v -> wireGuardCleanupProvisioner.calculateChanges(config.getNode(), config.getWgsList()) + .compose(this::chainChanges)) .onSuccess(res -> logger.info("Deployment finished. Detailed log can be traced above.")) .onFailure(err -> logger.error("Deployment failed. Detailed log can be traced above.", err)) .compose(compositeFuture -> Future.succeededFuture(null)); diff --git a/agent/src/main/java/moe/yuuta/dn42peering/agent/provision/WireGuardCleanupProvisioner.java b/agent/src/main/java/moe/yuuta/dn42peering/agent/provision/WireGuardCleanupProvisioner.java new file mode 100644 index 0000000..6d4dd7f --- /dev/null +++ b/agent/src/main/java/moe/yuuta/dn42peering/agent/provision/WireGuardCleanupProvisioner.java @@ -0,0 +1,57 @@ +package moe.yuuta.dn42peering.agent.provision; + +import io.vertx.core.Future; +import io.vertx.core.Vertx; +import moe.yuuta.dn42peering.agent.ip.Address; +import moe.yuuta.dn42peering.agent.ip.IP; +import moe.yuuta.dn42peering.agent.ip.IPOptions; +import moe.yuuta.dn42peering.agent.proto.Node; +import moe.yuuta.dn42peering.agent.proto.WireGuardConfig; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; +import java.util.ArrayList; +import java.util.List; + +public class WireGuardCleanupProvisioner implements IProvisioner { + private final Vertx vertx; + + public WireGuardCleanupProvisioner(@Nonnull Vertx vertx) { + this.vertx = vertx; + } + + @Nullable + private WireGuardConfig searchDesiredConfig(@Nonnull List configs, + @Nonnull String device) { + // TODO: Optimize algorithm + for (final WireGuardConfig config : configs) { + if(config.getInterface().equals(device)) + return config; + } + return null; + } + + @Nonnull + @Override + public Future> calculateChanges(@Nonnull Node node, @Nonnull List allDesired) { + return IP.ip(vertx, new IPOptions(), IP.Addr.show(null)) + .compose(IP.Addr::handler) + .compose(addrs -> { + final List ipCommands = new ArrayList<>(); + // Detect interfaces to delete + for (final Address address : addrs) { + if(!address.getLinkType().equals("none") || + !address.getIfname().matches("wg_.*")) { + continue; + } + if(searchDesiredConfig(allDesired, address.getIfname()) == null) + ipCommands.add(String.join(" ", IP.Link.del(address.getIfname()))); + } + final List changes = new ArrayList<>(); + if(!ipCommands.isEmpty()) { + changes.add(new IPChange(true, ipCommands)); + } + return Future.succeededFuture(changes); + }); + } +} diff --git a/agent/src/main/java/moe/yuuta/dn42peering/agent/provision/WireGuardProvisioner.java b/agent/src/main/java/moe/yuuta/dn42peering/agent/provision/WireGuardProvisioner.java index bdf4d28..fee8917 100644 --- a/agent/src/main/java/moe/yuuta/dn42peering/agent/provision/WireGuardProvisioner.java +++ b/agent/src/main/java/moe/yuuta/dn42peering/agent/provision/WireGuardProvisioner.java @@ -69,17 +69,6 @@ public class WireGuardProvisioner implements IProvisioner { return engine.render(params, "wg.conf.ftlh"); } - @Nullable - private WireGuardConfig searchDesiredConfig(@Nonnull List configs, - @Nonnull String device) { - // TODO: Optimize algorithm - for (final WireGuardConfig config : configs) { - if(config.getInterface().equals(device)) - return config; - } - return null; - } - @Nullable private Address searchActualAddress(@Nonnull List
addresses, @Nonnull String device) { @@ -210,15 +199,6 @@ public class WireGuardProvisioner implements IProvisioner { return Future.failedFuture(e); } } - // Detect interfaces to delete - for (final Address address : addrs) { - if(!address.getLinkType().equals("none") || - !address.getIfname().matches("wg_.*")) { - continue; - } - if(searchDesiredConfig(allDesired, address.getIfname()) == null) - ipCommands.add(String.join(" ", IP.Link.del(address.getIfname()))); - } final List changes = new ArrayList<>(); if(!ipCommands.isEmpty()) { changes.add(new IPChange(true, ipCommands)); -- cgit v1.2.3