262 lines
11 KiB
JavaScript
262 lines
11 KiB
JavaScript
'use strict';
|
|
|
|
exports = module.exports = {
|
|
initialize,
|
|
uninitialize,
|
|
|
|
onActivated,
|
|
onDashboardLocationSet,
|
|
onDashboardLocationChanged,
|
|
onMailServerLocationChanged,
|
|
onMailServerIncomingDomainsChanged,
|
|
|
|
getStatus
|
|
};
|
|
|
|
const apps = require('./apps.js'),
|
|
appTaskManager = require('./apptaskmanager.js'),
|
|
assert = require('node:assert'),
|
|
AuditSource = require('./auditsource.js'),
|
|
BoxError = require('./boxerror.js'),
|
|
constants = require('./constants.js'),
|
|
cron = require('./cron.js'),
|
|
dashboard = require('./dashboard.js'),
|
|
database = require('./database.js'),
|
|
debug = require('debug')('box:platform'),
|
|
dockerProxy = require('./dockerproxy.js'),
|
|
fs = require('node:fs'),
|
|
infra = require('./infra_version.js'),
|
|
locks = require('./locks.js'),
|
|
oidcServer = require('./oidcserver.js'),
|
|
paths = require('./paths.js'),
|
|
reverseProxy = require('./reverseproxy.js'),
|
|
safe = require('safetydance'),
|
|
services = require('./services.js'),
|
|
shell = require('./shell.js')('platform'),
|
|
tasks = require('./tasks.js'),
|
|
timers = require('timers/promises'),
|
|
updater = require('./updater.js'),
|
|
users = require('./users.js'),
|
|
volumes = require('./volumes.js'),
|
|
_ = require('./underscore.js');
|
|
|
|
let gStatusMessage = 'Initializing';
|
|
|
|
function getStatus() {
|
|
return { message: gStatusMessage, isReady: gStatusMessage === 'Ready' };
|
|
}
|
|
|
|
async function pruneVolumes() {
|
|
debug('pruneVolumes: remove all unused local volumes');
|
|
|
|
const [error] = await safe(shell.spawn('docker', [ 'volume', 'prune', '--all', '--force' ], { encoding: 'utf8' }));
|
|
if (error) debug(`pruneVolumes: error pruning volumes: ${error.mesage}`);
|
|
}
|
|
|
|
async function createDockerNetwork() {
|
|
debug('createDockerNetwork: recreating docker network');
|
|
|
|
await shell.spawn('docker', ['network', 'rm', '-f', 'cloudron'], {});
|
|
// the --ipv6 option will work even in ipv6 is disabled. fd00 is IPv6 ULA
|
|
await shell.spawn('docker', ['network', 'create', `--subnet=${constants.DOCKER_IPv4_SUBNET}`, `--ip-range=${constants.DOCKER_IPv4_RANGE}`,
|
|
`--gateway=${constants.DOCKER_IPv4_GATEWAY}`, '--ipv6', `--subnet=${constants.DOCKER_IPv6_SUBNET}`, 'cloudron'], { encoding: 'utf8' });
|
|
}
|
|
|
|
async function removeAllContainers() {
|
|
debug('removeAllContainers: removing all containers for infra upgrade');
|
|
|
|
const output = await shell.spawn('docker', ['ps', '-qa', '--filter', 'label=isCloudronManaged'], { encoding: 'utf8' });
|
|
if (!output) return;
|
|
|
|
for (const containerId of output.trim().split('\n')) {
|
|
debug(`removeAllContainers: stopping and removing ${containerId}`);
|
|
await shell.spawn('docker', ['stop', containerId], { encoding: 'utf8' });
|
|
await shell.spawn('docker', ['rm', '-f', containerId], { encoding: 'utf8' });
|
|
}
|
|
}
|
|
|
|
async function markApps(existingInfra, restoreOptions) {
|
|
assert.strictEqual(typeof existingInfra, 'object');
|
|
assert.strictEqual(typeof restoreOptions, 'object'); // { backupSite, skipDnsSetup }
|
|
|
|
if (existingInfra.version === 'none') { // cloudron is being restored from backup
|
|
debug('markApps: restoring apps');
|
|
await apps.restoreApps(await apps.list(), restoreOptions, AuditSource.PLATFORM);
|
|
} else if (existingInfra.version !== infra.version) {
|
|
debug('markApps: reconfiguring apps');
|
|
reverseProxy.removeAppConfigs(); // should we change the cert location, nginx will not start
|
|
await apps.configureApps(await apps.list(), { scheduleNow: false }, AuditSource.PLATFORM); // we will schedule it when infra is ready
|
|
} else {
|
|
const changedAddons = [];
|
|
if (infra.images.mysql !== existingInfra.images.mysql) changedAddons.push('mysql');
|
|
if (infra.images.postgresql !== existingInfra.images.postgresql) changedAddons.push('postgresql');
|
|
if (infra.images.mongodb !== existingInfra.images.mongodb) changedAddons.push('mongodb');
|
|
if (infra.images.redis !== existingInfra.images.redis) changedAddons.push('redis');
|
|
|
|
if (changedAddons.length) {
|
|
// restart apps if docker image changes since the IP changes and any "persistent" connections fail
|
|
debug(`markApps: changedAddons: ${JSON.stringify(changedAddons)}`);
|
|
await apps.restartAppsUsingAddons(changedAddons, AuditSource.PLATFORM);
|
|
} else {
|
|
debug('markApps: apps are already uptodate');
|
|
}
|
|
}
|
|
}
|
|
|
|
async function onInfraReady(infraChanged) {
|
|
debug(`onInfraReady: platform is ready. infra changed: ${infraChanged}`);
|
|
gStatusMessage = 'Ready';
|
|
|
|
if (infraChanged) await safe(pruneVolumes(), { debug }); // ignore error
|
|
await apps.schedulePendingTasks(AuditSource.PLATFORM);
|
|
await appTaskManager.start();
|
|
}
|
|
|
|
async function startInfra(restoreOptions) {
|
|
assert.strictEqual(typeof restoreOptions, 'object'); // { backupSite, skipDnsSetup }
|
|
|
|
if (constants.TEST && !process.env.TEST_CREATE_INFRA) return;
|
|
|
|
debug('startInfra: checking infrastructure');
|
|
|
|
let existingInfra = { version: 'none' };
|
|
if (fs.existsSync(paths.INFRA_VERSION_FILE)) {
|
|
existingInfra = safe.JSON.parse(fs.readFileSync(paths.INFRA_VERSION_FILE, 'utf8'));
|
|
if (!existingInfra) existingInfra = { version: 'corrupt' };
|
|
}
|
|
|
|
// short-circuit for the restart case
|
|
if (_.isEqual(infra, existingInfra)) {
|
|
debug('startInfra: infra is uptodate at version %s', infra.version);
|
|
await onInfraReady(false /* !infraChanged */);
|
|
return;
|
|
}
|
|
|
|
debug(`startInfra: updating infrastructure from ${existingInfra.version} to ${infra.version}`);
|
|
|
|
for (let attempt = 0; attempt < 5; attempt++) {
|
|
try {
|
|
await markApps(existingInfra, restoreOptions); // mark app state before we start addons. this gives the db import logic a chance to mark an app as errored
|
|
gStatusMessage = 'Updating platform, this can take a while';
|
|
if (existingInfra.version !== infra.version) {
|
|
gStatusMessage = 'Removing containers for upgrade';
|
|
await removeAllContainers();
|
|
await createDockerNetwork();
|
|
}
|
|
if (existingInfra.version === 'none') await volumes.mountAll(); // when restoring, mount all volumes
|
|
gStatusMessage = 'Starting services, this can take a while';
|
|
await services.startServices(existingInfra);
|
|
await fs.promises.writeFile(paths.INFRA_VERSION_FILE, JSON.stringify(infra, null, 4));
|
|
break;
|
|
} catch (error) {
|
|
// for some reason, mysql arbitrary restarts making startup tasks fail. this makes the box update stuck
|
|
// LOST is when existing connection breaks. REFUSED is when new connection cannot connect at all
|
|
const retry = error.reason === BoxError.DATABASE_ERROR && (error.code === 'PROTOCOL_CONNECTION_LOST' || error.code === 'ECONNREFUSED');
|
|
debug(`startInfra: Failed to start services. retry=${retry} (attempt ${attempt}): ${error.message}`);
|
|
if (!retry) throw error; // refuse to start
|
|
await timers.setTimeout(10000);
|
|
}
|
|
}
|
|
|
|
await onInfraReady(true /* infraChanged */);
|
|
}
|
|
|
|
async function initialize() {
|
|
debug('initialize: start platform');
|
|
|
|
await database.initialize();
|
|
await tasks.stopAllTasks(); // when box code crashes, systemd will clean up the control-group but not the tasks
|
|
await locks.releaseAll();
|
|
|
|
// always generate webadmin config since we have no versioning mechanism for the ejs
|
|
const dashboardLocation = await dashboard.getLocation();
|
|
if (dashboardLocation.domain) await onDashboardLocationSet(dashboardLocation.subdomain, dashboardLocation.domain);
|
|
|
|
// configure nginx to be reachable by IP when not activated. for the moment, the IP based redirect exists even after domain is setup
|
|
// just in case user forgot or some network error happenned in the middle (then browser refresh takes you to activation page)
|
|
// we remove the config as a simple security measure to not expose IP <-> domain
|
|
const activated = await users.isActivated();
|
|
if (!activated) {
|
|
debug('initialize: not activated. generating IP based redirection config');
|
|
await safe(reverseProxy.writeDefaultConfig({ activated: false }), { debug }); // ok to fail if no disk space
|
|
}
|
|
|
|
await updater.notifyBoxUpdate();
|
|
|
|
if (await users.isActivated()) safe(onActivated({ skipDnsSetup: false }), { debug }); // run in background
|
|
}
|
|
|
|
async function uninitialize() {
|
|
debug('uninitializing platform');
|
|
|
|
if (await users.isActivated()) await onDeactivated();
|
|
|
|
await tasks.stopAllTasks(); // when box code is stopped/restarted, we get a chance to cleanup all the sudo+tasks
|
|
await database.uninitialize();
|
|
}
|
|
|
|
async function onActivated(restoreOptions) {
|
|
assert.strictEqual(typeof restoreOptions, 'object'); // { backupSite, skipDnsSetup }
|
|
|
|
debug('onActivated: starting post activation services');
|
|
|
|
// Starting the infra after a user is available means:
|
|
// 1. mail bounces can now be sent to the cloudron owner
|
|
// 2. the restore code path can run without sudo (since mail/ is non-root)
|
|
await startInfra(restoreOptions);
|
|
await cron.startJobs();
|
|
await dockerProxy.start(); // this relies on the 'cloudron' docker network interface to be available
|
|
|
|
// disable responding to api calls via IP to not leak domain info. this is carefully placed as the last item, so it buys
|
|
// the UI some time to query the dashboard domain in the restore code path
|
|
if (!constants.TEST) await timers.setTimeout(30000);
|
|
await reverseProxy.writeDefaultConfig({ activated :true });
|
|
|
|
debug('onActivated: finished');
|
|
}
|
|
|
|
async function onDeactivated() {
|
|
debug('onDeactivated: stopping post activation services');
|
|
|
|
await cron.stopJobs();
|
|
await dockerProxy.stop();
|
|
await oidcServer.stop();
|
|
}
|
|
|
|
async function onDashboardLocationSet(subdomain, domain) {
|
|
assert.strictEqual(typeof subdomain, 'string');
|
|
assert.strictEqual(typeof domain, 'string');
|
|
|
|
await safe(reverseProxy.writeDashboardConfig(subdomain, domain), { debug }); // ok to fail if no disk space
|
|
await oidcServer.stop();
|
|
await oidcServer.start();
|
|
}
|
|
|
|
async function onDashboardLocationChanged(auditSource) {
|
|
assert.strictEqual(typeof auditSource, 'object');
|
|
|
|
// mark all apps to be reconfigured, all have ExtraHosts injected
|
|
const [, installedApps] = await safe(apps.list());
|
|
await safe(apps.configureApps(installedApps, { scheduleNow: true }, auditSource), { debug });
|
|
|
|
await safe(services.rebuildService('turn', auditSource), { debug }); // to update the realm variable
|
|
}
|
|
|
|
async function onMailServerLocationChanged(auditSource) {
|
|
assert.strictEqual(typeof auditSource, 'object');
|
|
|
|
// mark apps using email addon to be reconfigured
|
|
const [, installedApps] = await safe(apps.list());
|
|
const appsUsingEmail = installedApps.filter((a) => !!a.manifest.addons?.email || a.manifest.addons?.sendmail?.requiresValidCertificate);
|
|
await safe(apps.configureApps(appsUsingEmail, { scheduleNow: true }, auditSource), { debug });
|
|
}
|
|
|
|
async function onMailServerIncomingDomainsChanged(auditSource) {
|
|
assert.strictEqual(typeof auditSource, 'object');
|
|
|
|
// mark apps using email addon to be reconfigured
|
|
const [, installedApps] = await safe(apps.list());
|
|
const appsUsingEmail = installedApps.filter((a) => !!a.manifest.addons?.email);
|
|
await safe(apps.configureApps(appsUsingEmail, { scheduleNow: true }, auditSource), { debug });
|
|
}
|