Client tools auto update #47466
Merged
Client tools auto update #47466
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vapopov
added
the
no-changelog
vapopov
commented
Oct 10, 2024
| return 0, trace.Errorf("invalid size") | ||
| } | ||
| avail := stat.Bavail * uint64(stat.Bsize) | ||
| avail := uint64(stat.Bavail) * uint64(stat.Bsize) |
There was a problem hiding this comment.
This change related to this comment #47060 (comment)
also I'm locally checking linter for warnings related touint64(stat.Bavail)
vapopov
force-pushed
the
vapopov/client-auto-update
branch
from
5bc4215 to
ddcbaf9
Compare
sclevine
reviewed
Oct 15, 2024
Move integration tests to client tools specific dir Use context cancellation with SIGTERM, SIGINT Remove cancelable tee reader with context replacement Renaming
Fix archive cleanup if hash is not valid Limit the archive write bytes
vapopov
force-pushed
the
vapopov/client-auto-update
branch
from
144d573 to
d5dd770
Compare
vapopov
force-pushed
the
vapopov/client-auto-update
branch
from
355c675 to
5f5688e
Compare
sclevine
reviewed
Oct 16, 2024
Base URL renaming
sclevine
reviewed
Oct 17, 2024
Replace hash for bytes matching Proper temp file close for archive download
vapopov
force-pushed
the
vapopov/client-auto-update
branch
from
c860415 to
b019206
Compare
sclevine
approved these changes
Oct 17, 2024
hugoShaka
reviewed
Oct 18, 2024
hugoShaka
approved these changes
Oct 18, 2024
|
@hugoShaka note lib/modules might not work for tbot: #47565 (comment) |
vapopov
commented
Oct 18, 2024
lib/autoupdate/fips_enabled.go
Outdated
| @@ -0,0 +1,25 @@ | |||
| //go:build fips | |||
There was a problem hiding this comment.
@zmb3 should I move this one to lib/modules to identify if the build supports the FIPS? Or there already a way to get this info from modules package
There was a problem hiding this comment.
I think this is present as modules.GetModules().IsBoringCrypto() -- BoringCrypto is FIPS validated
I think tbot should be considered an agent like teleport and be updated by the agent updater we're building (as opposed to tools self-update). According to the RFD we going to have a single agent updater for oss, ent, fips and it will figure out the right build from /find or /ping rather than any existing binary version or build flag. So I think everything will fit nicely? |
|
@hugoShaka tbot also has a oneshot mode for CI/CD use cases. The current (possibly only verbally discussed) plan is to allow tbot to be upgraded through either method. But this may not ship in the first release of client tools updates. |
|
@avatus @EdwardDowling would appreciate your review, need one more approval |
avatus
approved these changes
Oct 18, 2024
public-teleport-github-review-bot
bot
removed the request for review
from EdwardDowling
vapopov
added a commit
that referenced
this pull request
Nov 8, 2024
* Add client tools auto update * Replace fork for posix platform for re-exec Move integration tests to client tools specific dir Use context cancellation with SIGTERM, SIGINT Remove cancelable tee reader with context replacement Renaming * Fix syscall path execution Fix archive cleanup if hash is not valid Limit the archive write bytes * Cover the case with single package for darwin platform after v17 * Move updater logic to tools package * Move context out from the library Base URL renaming * Add more context in comments * Changes in find endpoint * Replace test http server with `httptest` Replace hash for bytes matching Proper temp file close for archive download * Add more context to comments * Move feature flag to main package to be reused * Constant rename * Replace build tag with lib/modules to identify enterprise build * Replace fips tag with modules flag
vapopov
added a commit
that referenced
this pull request
Nov 8, 2024
* Add client tools auto update * Replace fork for posix platform for re-exec Move integration tests to client tools specific dir Use context cancellation with SIGTERM, SIGINT Remove cancelable tee reader with context replacement Renaming * Fix syscall path execution Fix archive cleanup if hash is not valid Limit the archive write bytes * Cover the case with single package for darwin platform after v17 * Move updater logic to tools package * Move context out from the library Base URL renaming * Add more context in comments * Changes in find endpoint * Replace test http server with `httptest` Replace hash for bytes matching Proper temp file close for archive download * Add more context to comments * Move feature flag to main package to be reused * Constant rename * Replace build tag with lib/modules to identify enterprise build * Replace fips tag with modules flag
github-merge-queue bot
pushed a commit
that referenced
this pull request
Dec 4, 2024
* Expose client tools auto update for find endpoint (#46785) * Expose client tools auto update for find endpoint * Group auto update settings in find response Log error instead returning error Add tests auto update settings in find endpoint Add check for not implemented error * Add more test cases * Client AutoUpdate proto structure changes (#47532) * Update client autoupdate proto structure * Replace with reserved * Fix unit tests * Add more info in proto * Rename proto to be aligned RFD namings * Replace enum type for ToolsMode to string * Add packaging utility for client tools auto updates (#47060) * Add packaging utility for client tools auto updates * Add error handling for close functions * Move archive to existing utils package * Move archive helpers to integration/helper CR changes * CR changes * CR changes * CR changes Replace creating directory with extract path as argument * CR changes * Validate full size before un-archive Extract files to extractDir with ignore dir structure * Change compressing with relative paths Add test for cleanup and fix skip logic * CR changes * CR changes * Fix linter * Client tools auto update (#47466) * Add client tools auto update * Replace fork for posix platform for re-exec Move integration tests to client tools specific dir Use context cancellation with SIGTERM, SIGINT Remove cancelable tee reader with context replacement Renaming * Fix syscall path execution Fix archive cleanup if hash is not valid Limit the archive write bytes * Cover the case with single package for darwin platform after v17 * Move updater logic to tools package * Move context out from the library Base URL renaming * Add more context in comments * Changes in find endpoint * Replace test http server with `httptest` Replace hash for bytes matching Proper temp file close for archive download * Add more context to comments * Move feature flag to main package to be reused * Constant rename * Replace build tag with lib/modules to identify enterprise build * Replace fips tag with modules flag * Client auto updates integration for {tctl,tsh} (#47815) * Client auto updates integration for tctl/tsh * Add version validation Fix recursive version check for darwin platform Fix cleanup for multi-package support * Fix identifying tools removal from home directory * Replace ToolsMode with ToolsAutoUpdate * Reuse insecure flag for tests * Fix CheckRemote with login * Fix windows administrative access requirement Update must be able to be canceled, re-execute with latest version or last updated Show progress bar before request is made * Fix update cancellation for login action Address review comments * Add signal handler with stack context cancellation * Use copy instead of hard link for windows Fix progress bar if we can't receive size of package * Replace with list in order to support manual cancel * Download archive package to temp directory * Decrease timeout for client tools proxy call * Add audit logs for auto update resources (#48218) * Connect: Make sure tsh auto-updates are turned off (#49180) * Add dir for code shared between Node.js processes * Connect: Make sure tsh auto-updates are turned off * Pass TELEPORT_TOOLS_VERSION=off to tsh vnet-daemon * Disable client tools auto update disabled if there are no home dir (#49159) Move updater to general tools package * Move client auto update helper to lib package (#49247) --------- Co-authored-by: Rafał Cieślak <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Dec 11, 2024
* Expose client tools auto update for find endpoint (#46785) * Expose client tools auto update for find endpoint * Group auto update settings in find response Log error instead returning error Add tests auto update settings in find endpoint Add check for not implemented error * Add more test cases * Client AutoUpdate proto structure changes (#47532) * Update client autoupdate proto structure * Replace with reserved * Fix unit tests * Add more info in proto * Rename proto to be aligned RFD namings * Replace enum type for ToolsMode to string * Add packaging utility for client tools auto updates (#47060) * Add packaging utility for client tools auto updates * Add error handling for close functions * Move archive to existing utils package * Move archive helpers to integration/helper CR changes * CR changes * CR changes * CR changes Replace creating directory with extract path as argument * CR changes * Validate full size before un-archive Extract files to extractDir with ignore dir structure * Change compressing with relative paths Add test for cleanup and fix skip logic * CR changes * CR changes * Fix linter * Client tools auto update (#47466) * Add client tools auto update * Replace fork for posix platform for re-exec Move integration tests to client tools specific dir Use context cancellation with SIGTERM, SIGINT Remove cancelable tee reader with context replacement Renaming * Fix syscall path execution Fix archive cleanup if hash is not valid Limit the archive write bytes * Cover the case with single package for darwin platform after v17 * Move updater logic to tools package * Move context out from the library Base URL renaming * Add more context in comments * Changes in find endpoint * Replace test http server with `httptest` Replace hash for bytes matching Proper temp file close for archive download * Add more context to comments * Move feature flag to main package to be reused * Constant rename * Replace build tag with lib/modules to identify enterprise build * Replace fips tag with modules flag * Client auto updates integration for {tctl,tsh} (#47815) * Client auto updates integration for tctl/tsh * Add version validation Fix recursive version check for darwin platform Fix cleanup for multi-package support * Fix identifying tools removal from home directory * Replace ToolsMode with ToolsAutoUpdate * Reuse insecure flag for tests * Fix CheckRemote with login * Fix windows administrative access requirement Update must be able to be canceled, re-execute with latest version or last updated Show progress bar before request is made * Fix update cancellation for login action Address review comments * Add signal handler with stack context cancellation * Use copy instead of hard link for windows Fix progress bar if we can't receive size of package * Replace with list in order to support manual cancel * Download archive package to temp directory * Decrease timeout for client tools proxy call * Add audit logs for auto update resources (#48218) * Connect: Make sure tsh auto-updates are turned off * Add dir for code shared between Node.js processes * Connect: Make sure tsh auto-updates are turned off * Pass TELEPORT_TOOLS_VERSION=off to tsh vnet-daemon * Disable client tools auto update disabled if there are no home dir (#49159) Move updater to general tools package * Move client auto update helper to lib package (#49247) --------- Co-authored-by: Rafał Cieślak <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In this PR implemented logic for client tools auto update {tsh, tctl} described in this RFD #39805
Update logic downloads Teleport binaries from CDN, extracts data in tools sub-directory (going to be used
$TELEPORT_HOME/bin/{UUID-update-pkg}/{tsh,tctl}) and creates symlinks for {tsh,tctl} to$TELEPORT_HOME/bin/{tsh,tctl}.Added integration tests which compiles updater binary with update logic only to simulate command execution with requested version to downloads them from fake test CDN server.