src/sftp.js

'use strict';

exports = module.exports = {
    start,
    status,

    DEFAULT_MEMORY_LIMIT: 256 * 1024 * 1024
};

const apps = require('./apps.js'),
    assert = require('assert'),
    BoxError = require('./boxerror.js'),
    debug = require('debug')('box:sftp'),
    docker = require('./docker.js'),
    hat = require('./hat.js'),
    infra = require('./infra_version.js'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
    settings = require('./settings.js'),
    services = require('./services.js'),
    shell = require('./shell.js'),
    system = require('./system.js'),
    volumes = require('./volumes.js');

async function start(existingInfra) {
    assert.strictEqual(typeof existingInfra, 'object');

    debug('start: re-creating container');

    const servicesConfig = await settings.getServicesConfig();
    const serviceConfig = servicesConfig['sftp'] || {};
    const tag = infra.images.sftp.tag;
    const memoryLimit = serviceConfig.memoryLimit || exports.DEFAULT_MEMORY_LIMIT;
    const memory = system.getMemoryAllocation(memoryLimit);
    const cloudronToken = hat(8 * 128);

    const resolvedAppDataDir = safe.fs.realpathSync(paths.APPS_DATA_DIR);
    if (!resolvedAppDataDir) throw new BoxError(BoxError.FS_ERROR, `Could not resolve apps data dir: ${safe.error.message}`);

    const dataDirs = [{ hostDir: resolvedAppDataDir, mountDir: '/mnt/appsdata' }];

    // custom app data directories
    const allApps = await apps.list();
    for (const app of allApps) {
        if (!app.manifest.addons['localstorage'] || !app.dataDir) continue;

        const hostDir = apps.getDataDir(app, app.dataDir), mountDir = `/mnt/${app.id}`;
        if (!safe.fs.existsSync(hostDir)) { // this can fail if external mount does not have permissions for yellowtent user
            // do not create host path when cloudron is restoring. this will then create dir with root perms making restore logic fail
            debug(`Ignoring app data dir ${hostDir} for ${app.id} since it does not exist`);
            continue;
        }

        dataDirs.push({ hostDir, mountDir });
    }

    // volume directories
    dataDirs.push({ hostDir: '/mnt/volumes', mountDir: '/mnt/volumes' });
    const allVolumes = await volumes.list();
    for (const volume of allVolumes) {
        if (volume.hostPath.startsWith('/mnt/volumes/')) continue;

        if (!safe.fs.existsSync(volume.hostPath)) {
            debug(`Ignoring volume host path ${volume.hostPath} since it does not exist`);
            continue;
        }

        dataDirs.push({ hostDir: volume.hostPath, mountDir: `/mnt/${volume.id}` });
    }

    // mail data dir
    const resolvedMailDataDir = safe.fs.realpathSync(paths.MAIL_DATA_DIR);
    if (!resolvedMailDataDir) throw new BoxError(BoxError.FS_ERROR, `Could not resolve mail data dir: ${safe.error.message}`);
    dataDirs.push({ hostDir: resolvedMailDataDir, mountDir: '/mnt/maildata' });

    const readOnly = !serviceConfig.recoveryMode ? '--read-only' : '';
    const cmd = serviceConfig.recoveryMode ? '/bin/bash -c \'echo "Debug mode. Sleeping" && sleep infinity\'' : '';

    const mounts = dataDirs.map(v => `-v "${v.hostDir}:${v.mountDir}"`).join(' ');
    const runCmd = `docker run --restart=always -d --name="sftp" \
                --hostname sftp \
                --net cloudron \
                --net-alias sftp \
                --log-driver syslog \
                --log-opt syslog-address=udp://127.0.0.1:2514 \
                --log-opt syslog-format=rfc5424 \
                --log-opt tag=sftp \
                -m ${memory} \
                --memory-swap ${memoryLimit} \
                --dns 172.18.0.1 \
                --dns-search=. \
                -p 222:22 \
                ${mounts} \
                -e CLOUDRON_SFTP_TOKEN="${cloudronToken}" \
                -v "${paths.SFTP_KEYS_DIR}:/etc/ssh:ro" \
                --label isCloudronManaged=true \
                ${readOnly} -v /tmp -v /run "${tag}" ${cmd}`;

    // ignore error if container not found (and fail later) so that this code works across restarts
    await shell.promises.exec('stopSftp', 'docker stop sftp || true');
    await shell.promises.exec('removeSftp', 'docker rm -f sftp || true');
    await shell.promises.exec('startSftp', runCmd);
}

async function status() {
    const [error, container] = await safe(docker.inspect('sftp'));
    if (error && error.reason === BoxError.NOT_FOUND) return { status: services.SERVICE_STATUS_STOPPED };
    if (error) throw error;

    const result = await docker.memoryUsage('sftp');

    const status = container.State.Running
        ? (container.HostConfig.ReadonlyRootfs ? services.SERVICE_STATUS_ACTIVE : services.SERVICE_STATUS_STARTING)
        : services.SERVICE_STATUS_STOPPED;

    return {
        status,
        memoryUsed: result.memory_stats.usage,
        memoryPercent: parseInt(100 * result.memory_stats.usage / result.memory_stats.limit)
    };
}
containerize sftp 2019-04-04 20:46:01 -07:00			`'use strict';`

			`exports = module.exports = {`
Fixes to service configuration 2021-01-21 12:53:38 -08:00			`start,`
services: better status for sftp and turn 2021-10-19 15:51:22 -07:00			`status,`
Fixes to service configuration 2021-01-21 12:53:38 -08:00
			`DEFAULT_MEMORY_LIMIT: 256 * 1024 * 1024`
containerize sftp 2019-04-04 20:46:01 -07:00			`};`

volumes: async'ify 2021-05-11 17:50:48 -07:00			`const apps = require('./apps.js'),`
Mount data custom app data location specifically into sftp addon 2020-07-24 14:44:41 +02:00			`assert = require('assert'),`
sftp: rework appdata and volume mounting logic 2021-06-24 16:19:30 -07:00			`BoxError = require('./boxerror.js'),`
Mount data custom app data location specifically into sftp addon 2020-07-24 14:44:41 +02:00			`debug = require('debug')('box:sftp'),`
services: better status for sftp and turn 2021-10-19 15:51:22 -07:00			`docker = require('./docker.js'),`
sftp: init and access API with a token 2020-10-19 17:26:20 -07:00			`hat = require('./hat.js'),`
containerize sftp 2019-04-04 20:46:01 -07:00			`infra = require('./infra_version.js'),`
sftp: ubuntu 20 requires keys in legacy format 2020-11-26 11:45:43 -08:00			`paths = require('./paths.js'),`
sftp: only mount data dirs that exist 2020-08-09 12:10:20 -07:00			`safe = require('safetydance'),`
services: simplify startup logic 2021-09-26 22:48:14 -07:00			`settings = require('./settings.js'),`
services: better status for sftp and turn 2021-10-19 15:51:22 -07:00			`services = require('./services.js'),`
Only rebuild sftp is something has changed 2020-08-20 11:04:31 +02:00			`shell = require('./shell.js'),`
Fixes to service configuration 2021-01-21 12:53:38 -08:00			`system = require('./system.js'),`
sftp: rework appdata and volume mounting logic 2021-06-24 16:19:30 -07:00			`volumes = require('./volumes.js');`
containerize sftp 2019-04-04 20:46:01 -07:00
services: simplify startup logic 2021-09-26 22:48:14 -07:00			`async function start(existingInfra) {`
			`assert.strictEqual(typeof existingInfra, 'object');`
Mount data custom app data location specifically into sftp addon 2020-07-24 14:44:41 +02:00
services: simplify startup logic 2021-09-26 22:48:14 -07:00			`debug('start: re-creating container');`
Mount data custom app data location specifically into sftp addon 2020-07-24 14:44:41 +02:00
services: simplify startup logic 2021-09-26 22:48:14 -07:00			`const servicesConfig = await settings.getServicesConfig();`
			`const serviceConfig = servicesConfig['sftp'] \|\| {};`
containerize sftp 2019-04-04 20:46:01 -07:00			`const tag = infra.images.sftp.tag;`
Fixes to service configuration 2021-01-21 12:53:38 -08:00			`const memoryLimit = serviceConfig.memoryLimit \|\| exports.DEFAULT_MEMORY_LIMIT;`
			`const memory = system.getMemoryAllocation(memoryLimit);`
sftp: init and access API with a token 2020-10-19 17:26:20 -07:00			`const cloudronToken = hat(8 * 128);`
containerize sftp 2019-04-04 20:46:01 -07:00
use realpath to resolve links 2021-09-26 18:36:33 -07:00			`const resolvedAppDataDir = safe.fs.realpathSync(paths.APPS_DATA_DIR);`
			if (!resolvedAppDataDir) throw new BoxError(BoxError.FS_ERROR, `Could not resolve apps data dir: ${safe.error.message}`);
sftp: rework appdata and volume mounting logic 2021-06-24 16:19:30 -07:00
sftp: refactor 2021-09-25 17:07:07 -07:00			`const dataDirs = [{ hostDir: resolvedAppDataDir, mountDir: '/mnt/appsdata' }];`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
sftp: refactor 2021-09-25 17:07:07 -07:00			`// custom app data directories`
			`const allApps = await apps.list();`
			`for (const app of allApps) {`
			`if (!app.manifest.addons['localstorage'] \|\| !app.dataDir) continue;`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
			const hostDir = apps.getDataDir(app, app.dataDir), mountDir = `/mnt/${app.id}`;
			`if (!safe.fs.existsSync(hostDir)) { // this can fail if external mount does not have permissions for yellowtent user`
			`// do not create host path when cloudron is restoring. this will then create dir with root perms making restore logic fail`
			debug(`Ignoring app data dir ${hostDir} for ${app.id} since it does not exist`);
sftp: refactor 2021-09-25 17:07:07 -07:00			`continue;`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			`}`

			`dataDirs.push({ hostDir, mountDir });`
sftp: refactor 2021-09-25 17:07:07 -07:00			`}`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
sftp: refactor 2021-09-25 17:07:07 -07:00			`// volume directories`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			`dataDirs.push({ hostDir: '/mnt/volumes', mountDir: '/mnt/volumes' });`
sftp: refactor 2021-09-25 17:07:07 -07:00			`const allVolumes = await volumes.list();`
			`for (const volume of allVolumes) {`
			`if (volume.hostPath.startsWith('/mnt/volumes/')) continue;`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
			`if (!safe.fs.existsSync(volume.hostPath)) {`
			debug(`Ignoring volume host path ${volume.hostPath} since it does not exist`);
sftp: refactor 2021-09-25 17:07:07 -07:00			`continue;`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			`}`

			dataDirs.push({ hostDir: volume.hostPath, mountDir: `/mnt/${volume.id}` });
sftp: refactor 2021-09-25 17:07:07 -07:00			`}`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
mail: mount mail data directory into sftp container 2021-09-25 17:19:58 -07:00			`// mail data dir`
use realpath to resolve links 2021-09-26 18:36:33 -07:00			`const resolvedMailDataDir = safe.fs.realpathSync(paths.MAIL_DATA_DIR);`
			if (!resolvedMailDataDir) throw new BoxError(BoxError.FS_ERROR, `Could not resolve mail data dir: ${safe.error.message}`);
			`dataDirs.push({ hostDir: resolvedMailDataDir, mountDir: '/mnt/maildata' });`
mail: mount mail data directory into sftp container 2021-09-25 17:19:58 -07:00
services: add recoveryMode 2021-10-01 12:09:13 -07:00			`const readOnly = !serviceConfig.recoveryMode ? '--read-only' : '';`
			`const cmd = serviceConfig.recoveryMode ? '/bin/bash -c \'echo "Debug mode. Sleeping" && sleep infinity\'' : '';`

sftp: refactor 2021-09-25 17:07:07 -07:00			const mounts = dataDirs.map(v => `-v "${v.hostDir}:${v.mountDir}"`).join(' ');
services: add recoveryMode 2021-10-01 12:09:13 -07:00			const runCmd = `docker run --restart=always -d --name="sftp" \
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			`--hostname sftp \`
			`--net cloudron \`
			`--net-alias sftp \`
			`--log-driver syslog \`
			`--log-opt syslog-address=udp://127.0.0.1:2514 \`
			`--log-opt syslog-format=rfc5424 \`
			`--log-opt tag=sftp \`
			`-m ${memory} \`
			`--memory-swap ${memoryLimit} \`
			`--dns 172.18.0.1 \`
			`--dns-search=. \`
			`-p 222:22 \`
			`${mounts} \`
			`-e CLOUDRON_SFTP_TOKEN="${cloudronToken}" \`
			`-v "${paths.SFTP_KEYS_DIR}:/etc/ssh:ro" \`
			`--label isCloudronManaged=true \`
services: add recoveryMode 2021-10-01 12:09:13 -07:00			${readOnly} -v /tmp -v /run "${tag}" ${cmd}`;
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
			`// ignore error if container not found (and fail later) so that this code works across restarts`
			`await shell.promises.exec('stopSftp', 'docker stop sftp \|\| true');`
			`await shell.promises.exec('removeSftp', 'docker rm -f sftp \|\| true');`
services: add recoveryMode 2021-10-01 12:09:13 -07:00			`await shell.promises.exec('startSftp', runCmd);`
containerize sftp 2019-04-04 20:46:01 -07:00			`}`
services: better status for sftp and turn 2021-10-19 15:51:22 -07:00
			`async function status() {`
			`const [error, container] = await safe(docker.inspect('sftp'));`
			`if (error && error.reason === BoxError.NOT_FOUND) return { status: services.SERVICE_STATUS_STOPPED };`
			`if (error) throw error;`

			`const result = await docker.memoryUsage('sftp');`

			`const status = container.State.Running`
			`? (container.HostConfig.ReadonlyRootfs ? services.SERVICE_STATUS_ACTIVE : services.SERVICE_STATUS_STARTING)`
			`: services.SERVICE_STATUS_STOPPED;`

			`return {`
			`status,`
			`memoryUsed: result.memory_stats.usage,`
			`memoryPercent: parseInt(100 * result.memory_stats.usage / result.memory_stats.limit)`
			`};`
			`}`