backport for node

Author: nyiyui

README.md

@@ -42,7 +42,7 @@ Flakes are recommended. See `flake.nix` for options.
 
 ## TODO
 
-- node: wg config persistent over reboot, etc (change only when cs requests so, or when wg conn fails?)
+- node: test node backport (in test.nix)
 - confine qrystal-node and qrystal-cs (using systemd's options)
 - configure existing interfaces without disrupting connections (as much as possible)
 - support multiple hosts

cmd/runner-node/main.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"path/filepath"
 	"regexp"
 
 	"crypto/tls"
@@ -128,6 +129,7 @@ func main() {
 		HokutoDNSParent:    c.Hokuto.Parent,
 		HokutoExtraParents: c.Hokuto.ExtraParents,
 		EndpointOverride:   c.EndpointOverride,
+		BackportPath:       filepath.Join(os.Getenv("STATE_DIRECTORY"), "node-backport.json"),
 	}
 	if os.Getenv("HOKUTO_ADDR") != "" {
 		nc.HokutoAddr = os.Getenv("HOKUTO_ADDR")
@@ -141,5 +143,9 @@ func main() {
 		panic(err)
 	}
 
+	err = n.LoadBackport()
+	if err != nil {
+		util.S.Errorf("load backport: %s", err)
+	}
 	n.ListenCS()
 }

node/api.go

@@ -74,11 +74,15 @@ func (n *Node) setupClient(cl *rpc2.Client) {
 			return fmt.Errorf("updateHokutoCC: %w", err)
 		}
 		cns := new(strings.Builder)
-		for cnn, cn := range n.cc.Networks {
+		for cnn := range n.cc.Networks {
 			fmt.Fprintf(cns, " %s", cnn)
 		}
 		util.Notify(fmt.Sprintf("STATUS=Synced. CNs:%s", cns))
 		util.Notify("READY=1")
+		err = n.saveBackport()
+		if err != nil {
+			util.S.Errorf("save backport: %s", err)
+		}
 		n.traceCheck()
 		return nil
 	})

node/backport.go

@@ -0,0 +1,50 @@
+package node
+
+import (
+	"encoding/json"
+	"os"
+
+	"github.com/nyiyui/qrystal/central"
+)
+
+type Backport struct {
+	CC *central.Config `json:"cc"`
+}
+
+// LoadBackport reads a backport from the path and applies it if CC exists in the backport.
+// This must not be called after Node.ListenCS.
+func (n *Node) LoadBackport() error {
+	encoded, err := os.ReadFile(n.backportPath)
+	if err != nil {
+		return err
+	}
+	var b Backport
+	err = json.Unmarshal(encoded, &b)
+	if err != nil {
+		return err
+	}
+	if b.CC != nil {
+		func() {
+			n.ccLock.Lock()
+			defer n.ccLock.Unlock()
+			n.cc = *b.CC
+		}()
+	}
+	return nil
+}
+
+// saveBackport saves a backport from the current CC.
+// Note: Node.ccLock must be read-locked (i.e. RLock was called).
+func (n *Node) saveBackport() error {
+	encoded, err := json.Marshal(Backport{
+		CC: &n.cc,
+	})
+	if err != nil {
+		return err
+	}
+	err = os.WriteFile(n.backportPath, encoded, 0o0600)
+	if err != nil {
+		return err
+	}
+	return nil
+}

node/main.go

@@ -22,6 +22,7 @@ type NodeConfig struct {
 	HokutoExtraParents []hokuto.ExtraParent
 	CS                 CSConfig
 	EndpointOverride   string
+	BackportPath       string
 }
 
 // There must be only one Node instance as a Node can trigger a trace to stop.
@@ -46,6 +47,7 @@ func NewNode(cfg NodeConfig) (*Node, error) {
 		mio:                  mh,
 		hokuto:               hh,
 		endpointOverridePath: cfg.EndpointOverride,
+		backportPath:         cfg.BackportPath,
 	}
 	if cfg.HokutoDNSAddr != "" {
 		addr, err := net.ResolveUDPAddr("udp", cfg.HokutoDNSAddr)
@@ -80,4 +82,6 @@ type Node struct {
 	endpointOverridePath string
 	eoState              *eoState
 	eoStateLock          sync.Mutex
+
+	backportPath string
 }

runner/node.go

@@ -7,6 +7,7 @@ import (
 	"log"
 	"os"
 	"os/exec"
+	"path/filepath"
 
 	"github.com/nyiyui/qrystal/runner/config"
 )
@@ -17,6 +18,38 @@ type nodeHandle struct {
 }
 
 func newNode(cfg *config.Node, mh, hh *mioHandle) (*nodeHandle, error) {
+	backportPath := filepath.Join(os.Getenv("STATE_DIRECTORY"), "node-backport.json")
+	_, err := os.Stat(backportPath)
+	if os.IsNotExist(err) {
+		f, err := os.Create(backportPath)
+		if err != nil {
+			return nil, fmt.Errorf("create backport file: %w", err)
+		}
+		err = f.Close()
+		if err != nil {
+			return nil, fmt.Errorf("close created backport file: %w", err)
+		}
+	} else if err != nil {
+		return nil, fmt.Errorf("stat backport file: %w", err)
+	}
+	err = os.Chmod(backportPath, 0o0600)
+	if err != nil {
+		return nil, fmt.Errorf("chmod created backport file: %w", err)
+	}
+	cred, err := cfg.Subprocess.Credential.ToCredential()
+	if err != nil {
+		return nil, fmt.Errorf("backport file: load credential: %w", err)
+	}
+	err = os.Chown(backportPath, int(cred.Uid), int(cred.Gid))
+	if err != nil {
+		return nil, fmt.Errorf("chown created backport file: %w", err)
+	}
+
+	err = os.Chown(os.Getenv("STATE_DIRECTORY"), int(cred.Uid), int(cred.Gid))
+	if err != nil {
+		return nil, fmt.Errorf("chown STATE_DIRECTORY: %w", err)
+	}
+
 	cmd, err := newSubprocess(cfg.Subprocess)
 	if err != nil {
 		return nil, fmt.Errorf("subprocess: %w", err)