src/sftp.js

'use strict';

exports = module.exports = {
    start,
    status,

    DEFAULT_MEMORY_LIMIT: 256 * 1024 * 1024
};

const apps = require('./apps.js'),
    assert = require('assert'),
    blobs = require('./blobs.js'),
    BoxError = require('./boxerror.js'),
    debug = require('debug')('box:sftp'),
    docker = require('./docker.js'),
    hat = require('./hat.js'),
    infra = require('./infra_version.js'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
    settings = require('./settings.js'),
    services = require('./services.js'),
    shell = require('./shell.js'),
    system = require('./system.js'),
    volumes = require('./volumes.js');

async function ensureKeys() {
    const sftpPrivateKey = await blobs.get(blobs.SFTP_PRIVATE_KEY);
    const sftpPublicKey = await blobs.get(blobs.SFTP_PUBLIC_KEY);

    if (!sftpPrivateKey || !sftpPublicKey) {
        debug('ensureSecrets: generating new sftp keys');
        if (!safe.child_process.execSync(`ssh-keygen -m PEM -t rsa -f "${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key" -q -N ""`)) throw new BoxError(BoxError.OPENSSL_ERROR, `Could not generate sftp ssh keys: ${safe.error.message}`);
        const newSftpPublicKey = safe.fs.readFileSync(paths.SFTP_PUBLIC_KEY_FILE);
        await blobs.set(blobs.SFTP_PUBLIC_KEY, newSftpPublicKey);
        const newSftpPrivateKey = safe.fs.readFileSync(paths.SFTP_PRIVATE_KEY_FILE);
        await blobs.set(blobs.SFTP_PRIVATE_KEY, newSftpPrivateKey);
    } else {
        if (!safe.fs.writeFileSync(paths.SFTP_PUBLIC_KEY_FILE, sftpPublicKey)) throw new BoxError(BoxError.FS_ERROR, `Could not save sftp public key: ${safe.error.message}`);
        if (!safe.fs.writeFileSync(paths.SFTP_PRIVATE_KEY_FILE, sftpPrivateKey, { mode: 0o600 })) throw new BoxError(BoxError.FS_ERROR, `Could not save sftp private key: ${safe.error.message}`);
    }
}

async function start(existingInfra) {
    assert.strictEqual(typeof existingInfra, 'object');

    debug('start: re-creating container');

    const servicesConfig = await settings.getServicesConfig();
    const serviceConfig = servicesConfig['sftp'] || {};
    const tag = infra.images.sftp.tag;
    const memoryLimit = serviceConfig.memoryLimit || exports.DEFAULT_MEMORY_LIMIT;
    const memory = await system.getMemoryAllocation(memoryLimit);
    const cloudronToken = hat(8 * 128);

    await ensureKeys();

    const resolvedAppDataDir = safe.fs.realpathSync(paths.APPS_DATA_DIR);
    if (!resolvedAppDataDir) throw new BoxError(BoxError.FS_ERROR, `Could not resolve apps data dir: ${safe.error.message}`);

    const dataDirs = [{ hostDir: resolvedAppDataDir, mountDir: '/mnt/appsdata' }];

    // custom app data directories
    const allApps = await apps.list();
    for (const app of allApps) {
        if (!app.manifest.addons['localstorage'] || !app.storageVolumeId) continue;

        const hostDir = await apps.getStorageDir(app), mountDir = `/mnt/app-${app.id}`; // see also sftp:userSearchSftp
        if (!safe.fs.existsSync(hostDir)) { // this can fail if external mount does not have permissions for yellowtent user
            // do not create host path when cloudron is restoring. this will then create dir with root perms making restore logic fail
            debug(`Ignoring app data dir ${hostDir} for ${app.id} since it does not exist`);
            continue;
        }

        dataDirs.push({ hostDir, mountDir });
    }

    // volume directories
    dataDirs.push({ hostDir: '/mnt/volumes', mountDir: '/mnt/volumes' }); // managed volumes
    const allVolumes = await volumes.list();
    for (const volume of allVolumes) {
        if (volume.hostPath.startsWith('/mnt/volumes/')) continue; // skip managed volume

        if (!safe.fs.existsSync(volume.hostPath)) {
            debug(`Ignoring volume host path ${volume.hostPath} since it does not exist`);
            continue;
        }

        dataDirs.push({ hostDir: volume.hostPath, mountDir: `/mnt/volume-${volume.id}` });
    }

    // mail data dir
    const resolvedMailDataDir = safe.fs.realpathSync(paths.MAIL_DATA_DIR);
    if (!resolvedMailDataDir) throw new BoxError(BoxError.FS_ERROR, `Could not resolve mail data dir: ${safe.error.message}`);
    dataDirs.push({ hostDir: resolvedMailDataDir, mountDir: '/mnt/maildata' });

    const readOnly = !serviceConfig.recoveryMode ? '--read-only' : '';
    const cmd = serviceConfig.recoveryMode ? '/bin/bash -c \'echo "Debug mode. Sleeping" && sleep infinity\'' : '';

    const mounts = dataDirs.map(v => `-v "${v.hostDir}:${v.mountDir}"`).join(' ');
    const runCmd = `docker run --restart=always -d --name="sftp" \
                --hostname sftp \
                --net cloudron \
                --net-alias sftp \
                --log-driver syslog \
                --log-opt syslog-address=udp://127.0.0.1:2514 \
                --log-opt syslog-format=rfc5424 \
                --log-opt tag=sftp \
                -m ${memory} \
                --memory-swap ${memoryLimit} \
                --dns 172.18.0.1 \
                --dns-search=. \
                -p 222:22 \
                ${mounts} \
                -e CLOUDRON_SFTP_TOKEN="${cloudronToken}" \
                -v "${paths.SFTP_KEYS_DIR}:/etc/ssh:ro" \
                --label isCloudronManaged=true \
                ${readOnly} -v /tmp -v /run "${tag}" ${cmd}`;

    // ignore error if container not found (and fail later) so that this code works across restarts
    await shell.promises.exec('stopSftp', 'docker stop sftp || true');
    await shell.promises.exec('removeSftp', 'docker rm -f sftp || true');
    await shell.promises.exec('startSftp', runCmd);
}

async function status() {
    const [error, container] = await safe(docker.inspect('sftp'));
    if (error && error.reason === BoxError.NOT_FOUND) return { status: services.SERVICE_STATUS_STOPPED };
    if (error) throw error;

    const result = await docker.memoryUsage('sftp');

    const status = container.State.Running
        ? (container.HostConfig.ReadonlyRootfs ? services.SERVICE_STATUS_ACTIVE : services.SERVICE_STATUS_STARTING)
        : services.SERVICE_STATUS_STOPPED;

    const stats = result.memory_stats || { usage: 0, limit: 1 };

    return {
        status,
        memoryUsed: stats.usage,
        memoryPercent: parseInt(100 * stats.usage / stats.limit)
    };
}
containerize sftp 2019-04-04 20:46:01 -07:00			`'use strict';`

			`exports = module.exports = {`
Fixes to service configuration restart service does not rebuild automatically, we should add a route for that. we need to figure where to scale services etc if we randomly create containers like that. 2021-01-21 12:53:38 -08:00			`start,`
services: better status for sftp and turn 2021-10-19 15:51:22 -07:00			`status,`
Fixes to service configuration restart service does not rebuild automatically, we should add a route for that. we need to figure where to scale services etc if we randomly create containers like that. 2021-01-21 12:53:38 -08:00
			`DEFAULT_MEMORY_LIMIT: 256 * 1024 * 1024`
containerize sftp 2019-04-04 20:46:01 -07:00			`};`

volumes: async'ify 2021-05-11 17:50:48 -07:00			`const apps = require('./apps.js'),`
Mount data custom app data location specifically into sftp addon Fixes #722 2020-07-24 14:44:41 +02:00			`assert = require('assert'),`
sftp: move key generation to sftp code 2021-11-16 21:50:09 -08:00			`blobs = require('./blobs.js'),`
sftp: rework appdata and volume mounting logic this tries to solve two issues: * the current approach mounts the data directories of apps/volumes individually. this causes a problem with volume mounts that mount after the container is started i.e not network time/delay but systemd ordering. With CIFS, the mount is a hostname. This requires unbound to be running but unbound can only start after docker because it wants to bind to the docker network. one way to fix is to not start sftp automatically and only start sftp container in the box code. This results in the sftp container attaching itself of the directory before mounting and it appears empty. (on the host, the directory will appear to have mount data!) * every time apptask runs we keep rebuilding this sftp container. this results in much race. the fix is: mount the parent directory of apps and volumes. in addition, then any specialized appdata paths and volume paths are mounted individually. this greatly minimized rebuilding and also since we don't rely on binding to the mount point itself. the child directories can mount in leisure. this limits the race issue to only no-op volume mounts. part of #789 2021-06-24 16:19:30 -07:00			`BoxError = require('./boxerror.js'),`
Mount data custom app data location specifically into sftp addon Fixes #722 2020-07-24 14:44:41 +02:00			`debug = require('debug')('box:sftp'),`
services: better status for sftp and turn 2021-10-19 15:51:22 -07:00			`docker = require('./docker.js'),`
sftp: init and access API with a token 2020-10-19 17:26:20 -07:00			`hat = require('./hat.js'),`
containerize sftp 2019-04-04 20:46:01 -07:00			`infra = require('./infra_version.js'),`
sftp: ubuntu 20 requires keys in legacy format 2020-11-26 11:45:43 -08:00			`paths = require('./paths.js'),`
sftp: only mount data dirs that exist when restoring, the platform starts first and the sftp container goes and creates app data dirs with root permission. this prevents the app restore logic from downloading the backup since it expects yellowtent perm 2020-08-09 12:10:20 -07:00			`safe = require('safetydance'),`
services: simplify startup logic 2021-09-26 22:48:14 -07:00			`settings = require('./settings.js'),`
services: better status for sftp and turn 2021-10-19 15:51:22 -07:00			`services = require('./services.js'),`
Only rebuild sftp is something has changed 2020-08-20 11:04:31 +02:00			`shell = require('./shell.js'),`
Fixes to service configuration restart service does not rebuild automatically, we should add a route for that. we need to figure where to scale services etc if we randomly create containers like that. 2021-01-21 12:53:38 -08:00			`system = require('./system.js'),`
sftp: rework appdata and volume mounting logic this tries to solve two issues: * the current approach mounts the data directories of apps/volumes individually. this causes a problem with volume mounts that mount after the container is started i.e not network time/delay but systemd ordering. With CIFS, the mount is a hostname. This requires unbound to be running but unbound can only start after docker because it wants to bind to the docker network. one way to fix is to not start sftp automatically and only start sftp container in the box code. This results in the sftp container attaching itself of the directory before mounting and it appears empty. (on the host, the directory will appear to have mount data!) * every time apptask runs we keep rebuilding this sftp container. this results in much race. the fix is: mount the parent directory of apps and volumes. in addition, then any specialized appdata paths and volume paths are mounted individually. this greatly minimized rebuilding and also since we don't rely on binding to the mount point itself. the child directories can mount in leisure. this limits the race issue to only no-op volume mounts. part of #789 2021-06-24 16:19:30 -07:00			`volumes = require('./volumes.js');`
containerize sftp 2019-04-04 20:46:01 -07:00
sftp: move key generation to sftp code 2021-11-16 21:50:09 -08:00			`async function ensureKeys() {`
sftp: fix private key file permissions on restore 2022-03-30 11:29:14 -07:00			`const sftpPrivateKey = await blobs.get(blobs.SFTP_PRIVATE_KEY);`
			`const sftpPublicKey = await blobs.get(blobs.SFTP_PUBLIC_KEY);`
sftp: move key generation to sftp code 2021-11-16 21:50:09 -08:00
			`if (!sftpPrivateKey \|\| !sftpPublicKey) {`
			`debug('ensureSecrets: generating new sftp keys');`
			if (!safe.child_process.execSync(`ssh-keygen -m PEM -t rsa -f "${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key" -q -N ""`)) throw new BoxError(BoxError.OPENSSL_ERROR, `Could not generate sftp ssh keys: ${safe.error.message}`);
sftp: fix private key file permissions on restore 2022-03-30 11:29:14 -07:00			`const newSftpPublicKey = safe.fs.readFileSync(paths.SFTP_PUBLIC_KEY_FILE);`
			`await blobs.set(blobs.SFTP_PUBLIC_KEY, newSftpPublicKey);`
			`const newSftpPrivateKey = safe.fs.readFileSync(paths.SFTP_PRIVATE_KEY_FILE);`
			`await blobs.set(blobs.SFTP_PRIVATE_KEY, newSftpPrivateKey);`
			`} else {`
			if (!safe.fs.writeFileSync(paths.SFTP_PUBLIC_KEY_FILE, sftpPublicKey)) throw new BoxError(BoxError.FS_ERROR, `Could not save sftp public key: ${safe.error.message}`);
			if (!safe.fs.writeFileSync(paths.SFTP_PRIVATE_KEY_FILE, sftpPrivateKey, { mode: 0o600 })) throw new BoxError(BoxError.FS_ERROR, `Could not save sftp private key: ${safe.error.message}`);
sftp: move key generation to sftp code 2021-11-16 21:50:09 -08:00			`}`
			`}`

services: simplify startup logic 2021-09-26 22:48:14 -07:00			`async function start(existingInfra) {`
			`assert.strictEqual(typeof existingInfra, 'object');`
Mount data custom app data location specifically into sftp addon Fixes #722 2020-07-24 14:44:41 +02:00
services: simplify startup logic 2021-09-26 22:48:14 -07:00			`debug('start: re-creating container');`
Mount data custom app data location specifically into sftp addon Fixes #722 2020-07-24 14:44:41 +02:00
services: simplify startup logic 2021-09-26 22:48:14 -07:00			`const servicesConfig = await settings.getServicesConfig();`
			`const serviceConfig = servicesConfig['sftp'] \|\| {};`
containerize sftp 2019-04-04 20:46:01 -07:00			`const tag = infra.images.sftp.tag;`
Fixes to service configuration restart service does not rebuild automatically, we should add a route for that. we need to figure where to scale services etc if we randomly create containers like that. 2021-01-21 12:53:38 -08:00			`const memoryLimit = serviceConfig.memoryLimit \|\| exports.DEFAULT_MEMORY_LIMIT;`
return swap listing in the disk route 2022-11-04 15:09:37 +01:00			`const memory = await system.getMemoryAllocation(memoryLimit);`
sftp: init and access API with a token 2020-10-19 17:26:20 -07:00			`const cloudronToken = hat(8 * 128);`
containerize sftp 2019-04-04 20:46:01 -07:00
sftp: move key generation to sftp code 2021-11-16 21:50:09 -08:00			`await ensureKeys();`

use realpath to resolve links 2021-09-26 18:36:33 -07:00			`const resolvedAppDataDir = safe.fs.realpathSync(paths.APPS_DATA_DIR);`
			if (!resolvedAppDataDir) throw new BoxError(BoxError.FS_ERROR, `Could not resolve apps data dir: ${safe.error.message}`);
sftp: rework appdata and volume mounting logic this tries to solve two issues: * the current approach mounts the data directories of apps/volumes individually. this causes a problem with volume mounts that mount after the container is started i.e not network time/delay but systemd ordering. With CIFS, the mount is a hostname. This requires unbound to be running but unbound can only start after docker because it wants to bind to the docker network. one way to fix is to not start sftp automatically and only start sftp container in the box code. This results in the sftp container attaching itself of the directory before mounting and it appears empty. (on the host, the directory will appear to have mount data!) * every time apptask runs we keep rebuilding this sftp container. this results in much race. the fix is: mount the parent directory of apps and volumes. in addition, then any specialized appdata paths and volume paths are mounted individually. this greatly minimized rebuilding and also since we don't rely on binding to the mount point itself. the child directories can mount in leisure. this limits the race issue to only no-op volume mounts. part of #789 2021-06-24 16:19:30 -07:00
sftp: refactor 2021-09-25 17:07:07 -07:00			`const dataDirs = [{ hostDir: resolvedAppDataDir, mountDir: '/mnt/appsdata' }];`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
sftp: refactor 2021-09-25 17:07:07 -07:00			`// custom app data directories`
			`const allApps = await apps.list();`
			`for (const app of allApps) {`
migrate app dataDir to volumes 2022-06-01 22:44:52 -07:00			`if (!app.manifest.addons['localstorage'] \|\| !app.storageVolumeId) continue;`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
migrate app dataDir to volumes 2022-06-01 22:44:52 -07:00			const hostDir = await apps.getStorageDir(app), mountDir = `/mnt/app-${app.id}`; // see also sftp:userSearchSftp
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			`if (!safe.fs.existsSync(hostDir)) { // this can fail if external mount does not have permissions for yellowtent user`
			`// do not create host path when cloudron is restoring. this will then create dir with root perms making restore logic fail`
			debug(`Ignoring app data dir ${hostDir} for ${app.id} since it does not exist`);
sftp: refactor 2021-09-25 17:07:07 -07:00			`continue;`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			`}`

			`dataDirs.push({ hostDir, mountDir });`
sftp: refactor 2021-09-25 17:07:07 -07:00			`}`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
sftp: refactor 2021-09-25 17:07:07 -07:00			`// volume directories`
sftp: add note 2021-12-23 22:35:20 -08:00			`dataDirs.push({ hostDir: '/mnt/volumes', mountDir: '/mnt/volumes' }); // managed volumes`
sftp: refactor 2021-09-25 17:07:07 -07:00			`const allVolumes = await volumes.list();`
			`for (const volume of allVolumes) {`
sftp: add note 2021-12-23 22:35:20 -08:00			`if (volume.hostPath.startsWith('/mnt/volumes/')) continue; // skip managed volume`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
			`if (!safe.fs.existsSync(volume.hostPath)) {`
			debug(`Ignoring volume host path ${volume.hostPath} since it does not exist`);
sftp: refactor 2021-09-25 17:07:07 -07:00			`continue;`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			`}`

filemanager: fix mounting of filesystem and mountpoint backends 2021-12-24 10:43:39 -08:00			dataDirs.push({ hostDir: volume.hostPath, mountDir: `/mnt/volume-${volume.id}` });
sftp: refactor 2021-09-25 17:07:07 -07:00			`}`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
mail: mount mail data directory into sftp container fixes #794 2021-09-25 17:19:58 -07:00			`// mail data dir`
use realpath to resolve links 2021-09-26 18:36:33 -07:00			`const resolvedMailDataDir = safe.fs.realpathSync(paths.MAIL_DATA_DIR);`
			if (!resolvedMailDataDir) throw new BoxError(BoxError.FS_ERROR, `Could not resolve mail data dir: ${safe.error.message}`);
			`dataDirs.push({ hostDir: resolvedMailDataDir, mountDir: '/mnt/maildata' });`
mail: mount mail data directory into sftp container fixes #794 2021-09-25 17:19:58 -07:00
services: add recoveryMode 2021-10-01 12:09:13 -07:00			`const readOnly = !serviceConfig.recoveryMode ? '--read-only' : '';`
			`const cmd = serviceConfig.recoveryMode ? '/bin/bash -c \'echo "Debug mode. Sleeping" && sleep infinity\'' : '';`

sftp: refactor 2021-09-25 17:07:07 -07:00			const mounts = dataDirs.map(v => `-v "${v.hostDir}:${v.mountDir}"`).join(' ');
services: add recoveryMode 2021-10-01 12:09:13 -07:00			const runCmd = `docker run --restart=always -d --name="sftp" \
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			`--hostname sftp \`
			`--net cloudron \`
			`--net-alias sftp \`
			`--log-driver syslog \`
			`--log-opt syslog-address=udp://127.0.0.1:2514 \`
			`--log-opt syslog-format=rfc5424 \`
			`--log-opt tag=sftp \`
			`-m ${memory} \`
			`--memory-swap ${memoryLimit} \`
			`--dns 172.18.0.1 \`
			`--dns-search=. \`
			`-p 222:22 \`
			`${mounts} \`
			`-e CLOUDRON_SFTP_TOKEN="${cloudronToken}" \`
			`-v "${paths.SFTP_KEYS_DIR}:/etc/ssh:ro" \`
			`--label isCloudronManaged=true \`
services: add recoveryMode 2021-10-01 12:09:13 -07:00			${readOnly} -v /tmp -v /run "${tag}" ${cmd}`;
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00
			`// ignore error if container not found (and fail later) so that this code works across restarts`
			`await shell.promises.exec('stopSftp', 'docker stop sftp \|\| true');`
			`await shell.promises.exec('removeSftp', 'docker rm -f sftp \|\| true');`
services: add recoveryMode 2021-10-01 12:09:13 -07:00			`await shell.promises.exec('startSftp', runCmd);`
containerize sftp 2019-04-04 20:46:01 -07:00			`}`
services: better status for sftp and turn 2021-10-19 15:51:22 -07:00
			`async function status() {`
			`const [error, container] = await safe(docker.inspect('sftp'));`
			`if (error && error.reason === BoxError.NOT_FOUND) return { status: services.SERVICE_STATUS_STOPPED };`
			`if (error) throw error;`

			`const result = await docker.memoryUsage('sftp');`

			`const status = container.State.Running`
			`? (container.HostConfig.ReadonlyRootfs ? services.SERVICE_STATUS_ACTIVE : services.SERVICE_STATUS_STARTING)`
			`: services.SERVICE_STATUS_STOPPED;`

Fix crash when accessing memory_stats 2022-11-24 00:40:40 +01:00			`const stats = result.memory_stats \|\| { usage: 0, limit: 1 };`

services: better status for sftp and turn 2021-10-19 15:51:22 -07:00			`return {`
			`status,`
Fix crash when accessing memory_stats 2022-11-24 00:40:40 +01:00			`memoryUsed: stats.usage,`
			`memoryPercent: parseInt(100 * stats.usage / stats.limit)`
services: better status for sftp and turn 2021-10-19 15:51:22 -07:00			`};`
			`}`