Add all edgevpn config features to bridge command (#540)

Fixes kairos-io/kairos#2456 --------- Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>
2025-09-10 11:21:20 +00:00 · 2024-04-25 16:56:35 +02:00
parent ef178fe402
commit 014050b39f
5 changed files with 214 additions and 582 deletions
--- a/go.mod
+++ b/go.mod
@@ -8,10 +8,10 @@ require (
 	github.com/creack/pty v1.1.21
 	github.com/gliderlabs/ssh v0.3.7
 	github.com/google/go-containerregistry v0.19.1 // indirect
-	github.com/ipfs/go-log/v2 v2.5.1
+	github.com/ipfs/go-log/v2 v2.5.1 // indirect
 	github.com/kairos-io/kairos-agent/v2 v2.9.1
 	github.com/kairos-io/kairos-sdk v0.1.1
-	github.com/mudler/edgevpn v0.25.2
+	github.com/mudler/edgevpn v0.25.3-0.20240423154352-8cf7992723be
 	github.com/mudler/go-pluggable v0.0.0-20230126220627-7710299a0ae5
 	github.com/mudler/go-processmanager v0.0.0-20230818213616-f204007f963c
 	github.com/onsi/ginkgo/v2 v2.17.1
@@ -44,7 +44,6 @@ require (
 	github.com/Microsoft/hcsshim v0.11.4 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/StackExchange/wmi v1.2.1 // indirect
-	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
 	github.com/avast/retry-go v3.0.0+incompatible // indirect
 	github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59 // indirect
@@ -239,7 +238,6 @@ require (
 	github.com/spectrocloud-labs/herd v0.4.2 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/spf13/viper v1.18.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
@@ -248,9 +246,9 @@ require (
 	github.com/tklauser/go-sysconf v0.3.11 // indirect
 	github.com/tklauser/numcpus v0.6.0 // indirect
 	github.com/tredoe/osutil/v2 v2.0.0-rc.16 // indirect
-	github.com/twpayne/go-vfs v1.7.2 // indirect
 	github.com/twpayne/go-vfs/v4 v4.3.0 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
+	github.com/urfave/cli v1.22.14 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
 	github.com/vbatts/tar-split v0.11.3 // indirect
@@ -285,7 +283,6 @@ require (
 	golang.zx2c4.com/wireguard v0.0.0-20220703234212-c31a7b1ab478 // indirect
 	golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
 	gonum.org/v1/gonum v0.13.0 // indirect
-	google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect
 	google.golang.org/grpc v1.59.0 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
--- a/go.sum
+++ b/go.sum
--- a/internal/cli/bridge.go
+++ b/internal/cli/bridge.go
@@ -9,11 +9,15 @@ import (
 	"github.com/ipfs/go-log"
 	qr "github.com/kairos-io/go-nodepair/qrcode"
 	"github.com/kairos-io/kairos-sdk/utils"
+	rcmgr "github.com/libp2p/go-libp2p/p2p/host/resource-manager"
 	"github.com/mudler/edgevpn/api"
+	"github.com/mudler/edgevpn/cmd"
+	"github.com/mudler/edgevpn/pkg/config"
 	"github.com/mudler/edgevpn/pkg/logger"
 	"github.com/mudler/edgevpn/pkg/node"
 	"github.com/mudler/edgevpn/pkg/services"
 	"github.com/mudler/edgevpn/pkg/vpn"
+	"github.com/multiformats/go-multiaddr"
 	"github.com/urfave/cli/v2"
 )

@@ -28,7 +32,7 @@ func BridgeCMD(toolName string) *cli.Command {

 		For example:

-		$ sudo %s bridge --network-token <TOKEN>
+		$ sudo %s bridge --token <TOKEN>

 		Will start a VPN, which local ip is fixed to 10.1.0.254 (tweakable with --address).

@@ -54,25 +58,7 @@ func BridgeCMD(toolName string) *cli.Command {
 		description = "\t\tWARNING: This command will be deprecated in the next release. Please use the new kairosctl binary instead.\n" + description
 	}

-	return &cli.Command{
-		Name:        "bridge",
-		UsageText:   fmt.Sprintf("%s %s", toolName, "bridge --network-token XXX"),
-		Usage:       usage,
-		Description: fmt.Sprintf(description, toolName, toolName, toolName),
-		Flags: []cli.Flag{
-			&cli.StringFlag{
-				Name:     "network-token",
-				Required: false,
-				EnvVars:  []string{"NETWORK_TOKEN"},
-				Usage:    "Network token to connect over",
-			},
-			&cli.StringFlag{
-				Name:     "log-level",
-				Required: false,
-				EnvVars:  []string{"LOGLEVEL"},
-				Value:    "info",
-				Usage:    "Bridge log level",
-			},
+	flags := []cli.Flag{
 		&cli.BoolFlag{
 			Name:     "qr-code-snapshot",
 			Required: false,
@@ -107,11 +93,110 @@ func BridgeCMD(toolName string) *cli.Command {
 			EnvVars: []string{"lease-dir"},
 			Usage:   "DHCP Lease directory",
 		},
+		&cli.StringFlag{
+			Name:    "interface",
+			Usage:   "Interface name",
+			Value:   "kairos0",
+			EnvVars: []string{"IFACE"},
 		},
+	}
+
+	flags = append(flags, cmd.CommonFlags...)
+
+	return &cli.Command{
+		Name:        "bridge",
+		UsageText:   fmt.Sprintf("%s %s", toolName, "bridge --token XXX"),
+		Usage:       usage,
+		Description: fmt.Sprintf(description, toolName, toolName, toolName),
+		Flags:       flags,
 		Action:      bridge,
 	}
 }

+func stringsToMultiAddr(peers []string) []multiaddr.Multiaddr {
+	res := []multiaddr.Multiaddr{}
+	for _, p := range peers {
+		addr, err := multiaddr.NewMultiaddr(p)
+		if err != nil {
+			continue
+		}
+		res = append(res, addr)
+	}
+	return res
+}
+
+func configFromContext(c *cli.Context) *config.Config {
+	autorelayInterval, err := time.ParseDuration(c.String("autorelay-discovery-interval"))
+	if err != nil {
+		autorelayInterval = 0
+	}
+	var limitConfig *rcmgr.PartialLimitConfig
+	d := map[string]map[string]interface{}{}
+
+	return &config.Config{
+		NetworkConfig:     c.String("config"),
+		NetworkToken:      c.String("token"),
+		Address:           c.String("address"),
+		Router:            c.String("router"),
+		Interface:         c.String("interface"),
+		Libp2pLogLevel:    c.String("libp2p-log-level"),
+		LogLevel:          c.String("log-level"),
+		LowProfile:        c.Bool("low-profile"),
+		Blacklist:         c.StringSlice("blacklist"),
+		Concurrency:       c.Int("concurrency"),
+		FrameTimeout:      c.String("timeout"),
+		ChannelBufferSize: c.Int("channel-buffer-size"),
+		InterfaceMTU:      c.Int("mtu"),
+		PacketMTU:         c.Int("packet-mtu"),
+		BootstrapIface:    c.Bool("bootstrap-iface"),
+		Whitelist:         stringsToMultiAddr(c.StringSlice("whitelist")),
+		Ledger: config.Ledger{
+			StateDir:         c.String("ledger-state"),
+			AnnounceInterval: time.Duration(c.Int("ledger-announce-interval")) * time.Second,
+			SyncInterval:     time.Duration(c.Int("ledger-syncronization-interval")) * time.Second,
+		},
+		NAT: config.NAT{
+			Service:           c.Bool("natservice"),
+			Map:               c.Bool("natmap"),
+			RateLimit:         c.Bool("nat-ratelimit"),
+			RateLimitGlobal:   c.Int("nat-ratelimit-global"),
+			RateLimitPeer:     c.Int("nat-ratelimit-peer"),
+			RateLimitInterval: time.Duration(c.Int("nat-ratelimit-interval")) * time.Second,
+		},
+		Discovery: config.Discovery{
+			BootstrapPeers: c.StringSlice("discovery-bootstrap-peers"),
+			DHT:            c.Bool("dht"),
+			MDNS:           c.Bool("mdns"),
+			Interval:       time.Duration(c.Int("discovery-interval")) * time.Second,
+		},
+		Connection: config.Connection{
+			AutoRelay:                  c.Bool("autorelay"),
+			MaxConnections:             c.Int("max-connections"),
+			HolePunch:                  c.Bool("holepunch"),
+			StaticRelays:               c.StringSlice("autorelay-static-peer"),
+			AutoRelayDiscoveryInterval: autorelayInterval,
+			OnlyStaticRelays:           c.Bool("autorelay-static-only"),
+			HighWater:                  c.Int("connection-high-water"),
+			LowWater:                   c.Int("connection-low-water"),
+		},
+		Limit: config.ResourceLimit{
+			Enable:      c.Bool("limit-enable"),
+			FileLimit:   c.String("limit-file"),
+			Scope:       c.String("limit-scope"),
+			MaxConns:    c.Int("max-connections"), // Turn to 0 to use other way of limiting. Files take precedence
+			LimitConfig: limitConfig,
+		},
+		PeerGuard: config.PeerGuard{
+			Enable:        c.Bool("peerguard"),
+			PeerGate:      c.Bool("peergate"),
+			Relaxed:       c.Bool("peergate-relaxed"),
+			Autocleanup:   c.Bool("peergate-autoclean"),
+			SyncInterval:  time.Duration(c.Int("peergate-interval")) * time.Second,
+			AuthProviders: d,
+		},
+	}
+}
+
 // bridge is just starting a VPN with edgevpn to the given network token.
 func bridge(c *cli.Context) error {
 	qrCodePath := ""
@@ -127,8 +212,6 @@ func bridge(c *cli.Context) error {
 		fromQRCode = true
 	}

-	token := c.String("network-token")
-
 	if fromQRCode {
 		recoveryToken := qr.Reader(qrCodePath)
 		data := utils.DecodeRecoveryToken(recoveryToken)
@@ -136,17 +219,22 @@ func bridge(c *cli.Context) error {
 			fmt.Println("Token not decoded correctly")
 			return fmt.Errorf("invalid token")
 		}
-		token = data[0]
+		token := data[0]
 		serviceUUID = data[1]
 		sshPassword = data[2]
 		if serviceUUID == "" || sshPassword == "" || token == "" {
 			return fmt.Errorf("decoded invalid values")
 		}
+
+		err := c.Set("token", token)
+		if err != nil {
+			return err
+		}
 	}

 	ctx := context.Background()

-	nc := networkConfig(token, c.String("address"), c.String("log-level"), "kairos0")
+	nc := configFromContext(c)

 	lvl, err := log.LevelFromString(nc.LogLevel)
 	if err != nil {
--- a/internal/cli/recovery.go
+++ b/internal/cli/recovery.go
@@ -5,11 +5,8 @@ import (
 	"fmt"
 	"io"
 	"os/exec"
-	"runtime"
 	"time"

-	edgevpnConfig "github.com/mudler/edgevpn/pkg/config"
-
 	"github.com/ipfs/go-log"

 	"github.com/creack/pty"
@@ -18,49 +15,16 @@ import (
 	"github.com/mudler/edgevpn/pkg/node"
 	"github.com/mudler/edgevpn/pkg/services"
 	"github.com/pterm/pterm"
+	cliV2 "github.com/urfave/cli/v2"
 )

-func networkConfig(token, address, loglevel, i string) *edgevpnConfig.Config {
-	return &edgevpnConfig.Config{
-		NetworkToken:   token,
-		Address:        address,
-		Libp2pLogLevel: "error",
-		FrameTimeout:   "30s",
-		BootstrapIface: true,
-		LogLevel:       loglevel,
-		LowProfile:     true,
-		Interface:      i,
-		Concurrency:    runtime.NumCPU(),
-		PacketMTU:      1420,
-		InterfaceMTU:   1200,
-		Ledger: edgevpnConfig.Ledger{
-			AnnounceInterval: time.Duration(30) * time.Second,
-			SyncInterval:     time.Duration(30) * time.Second,
-		},
-		NAT: edgevpnConfig.NAT{
-			Service:           true,
-			Map:               true,
-			RateLimit:         true,
-			RateLimitGlobal:   10,
-			RateLimitPeer:     10,
-			RateLimitInterval: time.Duration(10) * time.Second,
-		},
-		Discovery: edgevpnConfig.Discovery{
-			DHT:      true,
-			MDNS:     true,
-			Interval: time.Duration(120) * time.Second,
-		},
-		Connection: edgevpnConfig.Connection{
-			AutoRelay:      true,
-			MaxConnections: 100,
-			HolePunch:      true,
-		},
+func startRecoveryService(ctx context.Context, loglevel string, c *cliV2.Context) error {
+	err := c.Set("log-level", loglevel)
+	if err != nil {
+		return err
 	}
-}

-func startRecoveryService(ctx context.Context, token, name, address, loglevel string) error {
-
-	nc := networkConfig(token, "", loglevel, "kairosrecovery0")
+	nc := configFromContext(c)

 	lvl, err := log.LevelFromString(loglevel)
 	if err != nil {
@@ -83,7 +47,7 @@ func startRecoveryService(ctx context.Context, token, name, address, loglevel st
 	// if err != nil {
 	// 	return err
 	// }
-	o = append(o, services.RegisterService(llger, time.Duration(5*time.Second), name, address)...)
+	o = append(o, services.RegisterService(llger, time.Duration(5*time.Second), c.String("service"), c.String("listen"))...)

 	e, err := node.New(o...)
 	if err != nil {
@@ -125,14 +89,14 @@ func sshServer(listenAdddr, password string) {
 	))
 }

-func StartRecoveryService(tk, serviceUUID, generatedPassword, listenAddr string) error {
+func StartRecoveryService(c *cliV2.Context) error {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	if err := startRecoveryService(ctx, tk, serviceUUID, listenAddr, "fatal"); err != nil {
+	if err := startRecoveryService(ctx, "fatal", c); err != nil {
 		return err
 	}

-	sshServer(listenAddr, generatedPassword)
+	sshServer(c.String("listen"), c.String("password"))

 	return fmt.Errorf("should not return")
 }
--- a/internal/cli/start.go
+++ b/internal/cli/start.go
@@ -166,7 +166,7 @@ For all the example cases, see: https://kairos.io/docs/
 					},
 				},
 				Action: func(c *cli.Context) error {
-					return StartRecoveryService(c.String("token"), c.String("service"), c.String("password"), c.String("listen"))
+					return StartRecoveryService(c)
 				},
 			},
 			RegisterCMD(toolName),