dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

refactor: Remove CleanupSshKeysJob from schedule in Kernel.php

Browse Source
This commit is contained in:
Andras Bacsai
2024-09-19 12:06:56 +02:00
parent d47bd047bf
commit 9518040d23
4 changed files with 43 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Console/Kernel.php
View File

@@ -4,7 +4,6 @@ namespace App\Console;
use App\Jobs\CheckForUpdatesJob; use App\Jobs\CheckForUpdatesJob;
use App\Jobs\CleanupInstanceStuffsJob; use App\Jobs\CleanupInstanceStuffsJob;
use App\Jobs\CleanupSshKeysJob;
use App\Jobs\CleanupStaleMultiplexedConnections; use App\Jobs\CleanupStaleMultiplexedConnections;
use App\Jobs\DatabaseBackupJob; use App\Jobs\DatabaseBackupJob;
use App\Jobs\DockerCleanupJob; use App\Jobs\DockerCleanupJob;
@@ -45,7 +44,6 @@ class Kernel extends ConsoleKernel
$schedule->command('telescope:prune')->daily(); $schedule->command('telescope:prune')->daily();
$schedule->job(new CleanupSshKeysJob)->weekly()->onOneServer();
$schedule->job(new PullHelperImageJob)->everyFiveMinutes()->onOneServer(); $schedule->job(new PullHelperImageJob)->everyFiveMinutes()->onOneServer();
} else { } else {
// Instance Jobs // Instance Jobs
@@ -63,8 +61,6 @@ class Kernel extends ConsoleKernel
$schedule->command('cleanup:database --yes')->daily(); $schedule->command('cleanup:database --yes')->daily();
$schedule->command('uploads:clear')->everyTwoMinutes(); $schedule->command('uploads:clear')->everyTwoMinutes();
$schedule->job(new CleanupSshKeysJob)->weekly()->onOneServer();
} }
} }

42
app/Helpers/SshMultiplexingHelper.php
View File

@@ -2,10 +2,10 @@
namespace App\Helpers; namespace App\Helpers;
use App\Models\Server;
use App\Models\PrivateKey; use App\Models\PrivateKey;
use Illuminate\Support\Facades\Process; use App\Models\Server;
use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Process;
class SshMultiplexingHelper class SshMultiplexingHelper
{ {
@@ -13,7 +13,7 @@ class SshMultiplexingHelper
{ {
$privateKey = PrivateKey::findOrFail($server->private_key_id); $privateKey = PrivateKey::findOrFail($server->private_key_id);
$sshKeyLocation = $privateKey->getKeyLocation(); $sshKeyLocation = $privateKey->getKeyLocation();
$muxFilename = '/var/www/html/storage/app/ssh/mux/mux_' . $server->uuid; $muxFilename = '/var/www/html/storage/app/ssh/mux/mux_'.$server->uuid;
return [ return [
'sshKeyLocation' => $sshKeyLocation, 'sshKeyLocation' => $sshKeyLocation,
@@ -23,7 +23,7 @@ class SshMultiplexingHelper
public static function ensureMultiplexedConnection(Server $server) public static function ensureMultiplexedConnection(Server $server)
{ {
if (!self::isMultiplexingEnabled()) { if (! self::isMultiplexingEnabled()) {
// ray('SSH Multiplexing: DISABLED')->red(); // ray('SSH Multiplexing: DISABLED')->red();
return; return;
} }
@@ -64,8 +64,8 @@ class SshMultiplexingHelper
$muxPersistTime = config('constants.ssh.mux_persist_time'); $muxPersistTime = config('constants.ssh.mux_persist_time');
$establishCommand = "ssh -fNM -o ControlMaster=auto -o ControlPath=$muxSocket -o ControlPersist={$muxPersistTime} " $establishCommand = "ssh -fNM -o ControlMaster=auto -o ControlPath=$muxSocket -o ControlPersist={$muxPersistTime} "
. self::getCommonSshOptions($server, $sshKeyLocation, $connectionTimeout, $serverInterval) .self::getCommonSshOptions($server, $sshKeyLocation, $connectionTimeout, $serverInterval)
. "{$server->user}@{$server->ip}"; ."{$server->user}@{$server->ip}";
// ray('Establish Command:', $establishCommand); // ray('Establish Command:', $establishCommand);
@@ -77,13 +77,13 @@ class SshMultiplexingHelper
if ($establishProcess->exitCode() !== 0) { if ($establishProcess->exitCode() !== 0) {
// ray('Failed to establish multiplexed connection')->red(); // ray('Failed to establish multiplexed connection')->red();
throw new \RuntimeException('Failed to establish multiplexed connection: ' . $establishProcess->errorOutput()); throw new \RuntimeException('Failed to establish multiplexed connection: '.$establishProcess->errorOutput());
} }
// ray('Successfully established multiplexed connection')->green(); // ray('Successfully established multiplexed connection')->green();
// Check if the mux socket file was created // Check if the mux socket file was created
if (!file_exists($muxSocket)) { if (! file_exists($muxSocket)) {
// ray('Mux socket file not found after connection establishment')->orange(); // ray('Mux socket file not found after connection establishment')->orange();
} }
} }
@@ -92,10 +92,10 @@ class SshMultiplexingHelper
{ {
$sshConfig = self::serverSshConfiguration($server); $sshConfig = self::serverSshConfiguration($server);
$muxSocket = $sshConfig['muxFilename']; $muxSocket = $sshConfig['muxFilename'];
$closeCommand = "ssh -O exit -o ControlPath=$muxSocket {$server->user}@{$server->ip}"; $closeCommand = "ssh -O exit -o ControlPath=$muxSocket {$server->user}@{$server->ip}";
$process = Process::run($closeCommand); $process = Process::run($closeCommand);
// ray('Closing multiplexed connection')->blue(); // ray('Closing multiplexed connection')->blue();
// ray('Close command:', $closeCommand); // ray('Close command:', $closeCommand);
// ray('Close process exit code:', $process->exitCode()); // ray('Close process exit code:', $process->exitCode());
@@ -127,7 +127,7 @@ class SshMultiplexingHelper
self::addCloudflareProxyCommand($scp_command, $server); self::addCloudflareProxyCommand($scp_command, $server);
$scp_command .= self::getCommonSshOptions($server, $sshKeyLocation, config('constants.ssh.connection_timeout'), config('constants.ssh.server_interval')); $scp_command .= self::getCommonSshOptions($server, $sshKeyLocation, config('constants.ssh.connection_timeout'), config('constants.ssh.server_interval'), isScp: true);
$scp_command .= "{$source} {$server->user}@{$server->ip}:{$dest}"; $scp_command .= "{$source} {$server->user}@{$server->ip}:{$dest}";
return $scp_command; return $scp_command;
@@ -170,7 +170,7 @@ class SshMultiplexingHelper
private static function isMultiplexingEnabled(): bool private static function isMultiplexingEnabled(): bool
{ {
return config('constants.ssh.mux_enabled') && !config('coolify.is_windows_docker_desktop'); return config('constants.ssh.mux_enabled') && ! config('coolify.is_windows_docker_desktop');
} }
private static function validateSshKey(string $sshKeyLocation): void private static function validateSshKey(string $sshKeyLocation): void
@@ -190,15 +190,23 @@ class SshMultiplexingHelper
} }
} }
private static function getCommonSshOptions(Server $server, string $sshKeyLocation, int $connectionTimeout, int $serverInterval): string private static function getCommonSshOptions(Server $server, string $sshKeyLocation, int $connectionTimeout, int $serverInterval, bool $isScp = false): string
{ {
return "-i {$sshKeyLocation} " $options = "-i {$sshKeyLocation} "
.'-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ' .'-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null '
.'-o PasswordAuthentication=no ' .'-o PasswordAuthentication=no '
."-o ConnectTimeout=$connectionTimeout " ."-o ConnectTimeout=$connectionTimeout "
."-o ServerAliveInterval=$serverInterval " ."-o ServerAliveInterval=$serverInterval "
.'-o RequestTTY=no ' .'-o RequestTTY=no '
.'-o LogLevel=ERROR ' .'-o LogLevel=ERROR ';
."-p {$server->port} ";
// Bruh
if ($isScp) {
$options .= "-P {$server->port} ";
} else {
$options .= "-p {$server->port} ";
}
return $options;
} }
} }

6
app/Livewire/Server/ShowPrivateKey.php
View File

@@ -2,9 +2,9 @@
namespace App\Livewire\Server; namespace App\Livewire\Server;
use App\Models\PrivateKey;
use App\Models\Server; use App\Models\Server;
use Livewire\Component; use Livewire\Component;
use App\Models\PrivateKey;
class ShowPrivateKey extends Component class ShowPrivateKey extends Component
{ {
@@ -22,7 +22,7 @@ class ShowPrivateKey extends Component
$this->server->refresh(); $this->server->refresh();
$this->dispatch('success', 'Private key updated successfully.'); $this->dispatch('success', 'Private key updated successfully.');
} catch (\Exception $e) { } catch (\Exception $e) {
$this->dispatch('error', 'Failed to update private key: ' . $e->getMessage()); $this->dispatch('error', 'Failed to update private key: '.$e->getMessage());
} }
} }
@@ -34,7 +34,7 @@ class ShowPrivateKey extends Component
$this->dispatch('success', 'Server is reachable.'); $this->dispatch('success', 'Server is reachable.');
} else { } else {
ray($error); ray($error);
$this->dispatch('error', 'Server is not reachable.<br>Please validate your configuration and connection.<br><br>Check this <a target="_blank" class="underline" href="https://coolify.io/docs/knowledge-base/server/openssh">documentation</a> for further help.'); $this->dispatch('error', 'Server is not reachable.<br><br>Check this <a target="_blank" class="underline" href="https://coolify.io/docs/knowledge-base/server/openssh">documentation</a> for further help.<br><br>Error: '.$error);
return; return;
} }

25
bootstrap/helpers/remoteProcess.php
View File

@@ -11,8 +11,8 @@ use App\Models\Server;
use Carbon\Carbon; use Carbon\Carbon;
use Illuminate\Database\Eloquent\Model; use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Collection; use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Process;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Process;
use Illuminate\Support\Str; use Illuminate\Support\Str;
use Spatie\Activitylog\Contracts\Activity; use Spatie\Activitylog\Contracts\Activity;
@@ -28,16 +28,16 @@ function remote_process(
): Activity { ): Activity {
$type = $type ?? ActivityTypes::INLINE->value; $type = $type ?? ActivityTypes::INLINE->value;
$command = $command instanceof Collection ? $command->toArray() : $command; $command = $command instanceof Collection ? $command->toArray() : $command;
if ($server->isNonRoot()) { if ($server->isNonRoot()) {
$command = parseCommandsByLineForSudo(collect($command), $server); $command = parseCommandsByLineForSudo(collect($command), $server);
} }
$command_string = implode("\n", $command); $command_string = implode("\n", $command);
if (Auth::check()) { if (Auth::check()) {
$teams = Auth::user()->teams->pluck('id'); $teams = Auth::user()->teams->pluck('id');
if (!$teams->contains($server->team_id) && !$teams->contains(0)) { if (! $teams->contains($server->team_id) && ! $teams->contains(0)) {
throw new \Exception('User is not part of the team that owns this server'); throw new \Exception('User is not part of the team that owns this server');
} }
} }
@@ -67,13 +67,14 @@ function instant_scp(string $source, string $dest, Server $server, $throwError =
if ($exitCode !== 0) { if ($exitCode !== 0) {
return $throwError ? excludeCertainErrors($process->errorOutput(), $exitCode) : null; return $throwError ? excludeCertainErrors($process->errorOutput(), $exitCode) : null;
} }
return $output === 'null' ? null : $output; return $output === 'null' ? null : $output;
} }
function instant_remote_process(Collection|array $command, Server $server, bool $throwError = true, bool $no_sudo = false): ?string function instant_remote_process(Collection|array $command, Server $server, bool $throwError = true, bool $no_sudo = false): ?string
{ {
$command = $command instanceof Collection ? $command->toArray() : $command; $command = $command instanceof Collection ? $command->toArray() : $command;
if ($server->isNonRoot() && !$no_sudo) { if ($server->isNonRoot() && ! $no_sudo) {
$command = parseCommandsByLineForSudo(collect($command), $server); $command = parseCommandsByLineForSudo(collect($command), $server);
} }
$command_string = implode("\n", $command); $command_string = implode("\n", $command);
@@ -92,6 +93,7 @@ function instant_remote_process(Collection|array $command, Server $server, bool
if ($exitCode !== 0) { if ($exitCode !== 0) {
return $throwError ? excludeCertainErrors($process->errorOutput(), $exitCode) : null; return $throwError ? excludeCertainErrors($process->errorOutput(), $exitCode) : null;
} }
return $output === 'null' ? null : $output; return $output === 'null' ? null : $output;
} }
@@ -101,7 +103,7 @@ function excludeCertainErrors(string $errorOutput, ?int $exitCode = null)
'Permission denied (publickey', 'Permission denied (publickey',
'Could not resolve hostname', 'Could not resolve hostname',
]); ]);
$ignored = $ignoredErrors->contains(fn($error) => Str::contains($errorOutput, $error)); $ignored = $ignoredErrors->contains(fn ($error) => Str::contains($errorOutput, $error));
if ($ignored) { if ($ignored) {
// TODO: Create new exception and disable in sentry // TODO: Create new exception and disable in sentry
throw new \RuntimeException($errorOutput, $exitCode); throw new \RuntimeException($errorOutput, $exitCode);
@@ -127,19 +129,21 @@ function decode_remote_command_output(?ApplicationDeploymentQueue $application_d
} }
$seenCommands = collect(); $seenCommands = collect();
$formatted = collect($decoded); $formatted = collect($decoded);
if (!$is_debug_enabled) { if (! $is_debug_enabled) {
$formatted = $formatted->filter(fn ($i) => $i['hidden'] === false ?? false); $formatted = $formatted->filter(fn ($i) => $i['hidden'] === false ?? false);
} }
return $formatted return $formatted
->sortBy(fn ($i) => data_get($i, 'order')) ->sortBy(fn ($i) => data_get($i, 'order'))
->map(function ($i) { ->map(function ($i) {
data_set($i, 'timestamp', Carbon::parse(data_get($i, 'timestamp'))->format('Y-M-d H:i:s.u')); data_set($i, 'timestamp', Carbon::parse(data_get($i, 'timestamp'))->format('Y-M-d H:i:s.u'));
return $i; return $i;
}) })
->reduce(function ($deploymentLogLines, $logItem) use ($seenCommands) { ->reduce(function ($deploymentLogLines, $logItem) use ($seenCommands) {
$command = data_get($logItem, 'command'); $command = data_get($logItem, 'command');
$isStderr = data_get($logItem, 'type') === 'stderr'; $isStderr = data_get($logItem, 'type') === 'stderr';
$isNewCommand = !is_null($command) && !$seenCommands->first(function ($seenCommand) use ($logItem) { $isNewCommand = ! is_null($command) && ! $seenCommands->first(function ($seenCommand) use ($logItem) {
return data_get($seenCommand, 'command') === data_get($logItem, 'command') && data_get($seenCommand, 'batch') === data_get($logItem, 'batch'); return data_get($seenCommand, 'command') === data_get($logItem, 'command') && data_get($seenCommand, 'batch') === data_get($logItem, 'batch');
}); });
@@ -176,6 +180,7 @@ function decode_remote_command_output(?ApplicationDeploymentQueue $application_d
function remove_iip($text) function remove_iip($text)
{ {
$text = preg_replace('/x-access-token:.*?(?=@)/', 'x-access-token:'.REDACTED, $text); $text = preg_replace('/x-access-token:.*?(?=@)/', 'x-access-token:'.REDACTED, $text);
return preg_replace('/\x1b\[[0-9;]*m/', '', $text); return preg_replace('/\x1b\[[0-9;]*m/', '', $text);
} }
@@ -203,7 +208,7 @@ function checkRequiredCommands(Server $server)
break; break;
} }
$commandFound = instant_remote_process(["docker run --rm --privileged --net=host --pid=host --ipc=host --volume /:/host busybox chroot /host bash -c 'command -v {$command}'"], $server, false); $commandFound = instant_remote_process(["docker run --rm --privileged --net=host --pid=host --ipc=host --volume /:/host busybox chroot /host bash -c 'command -v {$command}'"], $server, false);
if (!$commandFound) { if (! $commandFound) {
break; break;
} }
} }