2023-03-28 19:12:30 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
2023-08-11 13:12:13 +00:00
|
|
|
// SPDX-License-Identifier: BUSL-1.1
|
2023-03-28 19:12:30 +00:00
|
|
|
|
2021-11-16 18:04:01 +00:00
|
|
|
//go:build linux || darwin
|
2018-10-05 20:08:01 +00:00
|
|
|
// +build linux darwin
|
|
|
|
|
|
|
|
package envoy
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
2019-06-21 15:06:25 +00:00
|
|
|
"fmt"
|
2018-10-05 20:08:01 +00:00
|
|
|
"os"
|
2019-06-21 15:06:25 +00:00
|
|
|
"os/exec"
|
2018-10-05 20:08:01 +00:00
|
|
|
"path/filepath"
|
2019-06-21 15:06:25 +00:00
|
|
|
"syscall"
|
|
|
|
"time"
|
2018-10-05 20:08:01 +00:00
|
|
|
|
|
|
|
"golang.org/x/sys/unix"
|
|
|
|
)
|
|
|
|
|
2019-06-21 15:06:25 +00:00
|
|
|
func makeBootstrapPipe(bootstrapJSON []byte) (string, error) {
|
|
|
|
pipeFile := filepath.Join(os.TempDir(),
|
|
|
|
fmt.Sprintf("envoy-%x-bootstrap.json", time.Now().UnixNano()+int64(os.Getpid())))
|
2018-10-09 09:57:26 +00:00
|
|
|
|
2019-06-21 15:06:25 +00:00
|
|
|
err := syscall.Mkfifo(pipeFile, 0600)
|
|
|
|
if err != nil {
|
|
|
|
return pipeFile, err
|
2018-10-05 20:08:01 +00:00
|
|
|
}
|
|
|
|
|
2021-05-31 22:10:58 +00:00
|
|
|
binary, args, err := execArgs("connect", "envoy", "pipe-bootstrap", pipeFile)
|
2018-10-05 20:08:01 +00:00
|
|
|
if err != nil {
|
2019-06-21 15:06:25 +00:00
|
|
|
return pipeFile, err
|
2018-10-05 20:08:01 +00:00
|
|
|
}
|
|
|
|
|
2019-06-21 15:06:25 +00:00
|
|
|
// Exec the pipe-bootstrap internal sub-command which will write the bootstrap
|
|
|
|
// from STDIN to the named pipe (once Envoy opens it) and then clean up the
|
|
|
|
// file for us.
|
2021-05-31 22:10:58 +00:00
|
|
|
cmd := exec.Command(binary, args...)
|
|
|
|
cmd.Stdout = os.Stdout
|
|
|
|
cmd.Stderr = os.Stderr
|
2019-06-21 15:06:25 +00:00
|
|
|
stdin, err := cmd.StdinPipe()
|
|
|
|
if err != nil {
|
|
|
|
return pipeFile, err
|
2018-10-05 20:08:01 +00:00
|
|
|
}
|
2021-05-31 22:10:58 +00:00
|
|
|
err = cmd.Start()
|
|
|
|
if err != nil {
|
|
|
|
return pipeFile, err
|
|
|
|
}
|
2018-10-05 20:08:01 +00:00
|
|
|
|
2019-06-21 15:06:25 +00:00
|
|
|
// Write the config
|
|
|
|
n, err := stdin.Write(bootstrapJSON)
|
|
|
|
// Close STDIN whether it was successful or not
|
2021-05-31 22:10:58 +00:00
|
|
|
_ = stdin.Close()
|
2019-06-21 15:06:25 +00:00
|
|
|
if err != nil {
|
|
|
|
return pipeFile, err
|
2018-10-05 20:08:01 +00:00
|
|
|
}
|
2019-06-21 15:06:25 +00:00
|
|
|
if n < len(bootstrapJSON) {
|
|
|
|
return pipeFile, fmt.Errorf("failed writing boostrap to child STDIN: %s", err)
|
2018-10-05 20:08:01 +00:00
|
|
|
}
|
|
|
|
|
2019-06-21 15:06:25 +00:00
|
|
|
// We can't wait for the process since we need to exec into Envoy before it
|
|
|
|
// will be able to complete so it will be remain as a zombie until Envoy is
|
|
|
|
// killed then will be reaped by the init process (pid 0). This is all a bit
|
|
|
|
// gross but the cleanest workaround I can think of for Envoy 1.10 not
|
|
|
|
// supporting /dev/fd/<fd> config paths any more. So we are done and leaving
|
|
|
|
// the child to run it's course without reaping it.
|
|
|
|
return pipeFile, nil
|
2018-10-05 20:08:01 +00:00
|
|
|
}
|
|
|
|
|
2019-06-21 15:06:25 +00:00
|
|
|
func execEnvoy(binary string, prefixArgs, suffixArgs []string, bootstrapJSON []byte) error {
|
|
|
|
pipeFile, err := makeBootstrapPipe(bootstrapJSON)
|
2018-10-05 20:08:01 +00:00
|
|
|
if err != nil {
|
2019-06-21 15:06:25 +00:00
|
|
|
os.RemoveAll(pipeFile)
|
2018-10-05 20:08:01 +00:00
|
|
|
return err
|
|
|
|
}
|
2019-06-21 15:06:25 +00:00
|
|
|
// We don't defer a cleanup since we are about to Exec into Envoy which means
|
|
|
|
// defer will never fire. The child process cleans up for us in the happy
|
|
|
|
// path.
|
2018-10-05 20:08:01 +00:00
|
|
|
|
2019-06-21 15:06:25 +00:00
|
|
|
// We default to disabling hot restart because it makes it easier to run
|
|
|
|
// multiple envoys locally for testing without them trying to share memory and
|
|
|
|
// unix sockets and complain about being different IDs. But if user is
|
|
|
|
// actually configuring hot-restart explicitly with the --restart-epoch option
|
|
|
|
// then don't disable it!
|
|
|
|
disableHotRestart := !hasHotRestartOption(prefixArgs, suffixArgs)
|
2018-10-05 20:08:01 +00:00
|
|
|
|
2019-06-21 15:06:25 +00:00
|
|
|
// First argument needs to be the executable name.
|
|
|
|
envoyArgs := []string{binary}
|
|
|
|
envoyArgs = append(envoyArgs, prefixArgs...)
|
|
|
|
envoyArgs = append(envoyArgs, "--config-path", pipeFile)
|
|
|
|
if disableHotRestart {
|
|
|
|
envoyArgs = append(envoyArgs, "--disable-hot-restart")
|
2018-10-05 20:08:01 +00:00
|
|
|
}
|
2019-06-21 15:06:25 +00:00
|
|
|
envoyArgs = append(envoyArgs, suffixArgs...)
|
2018-10-05 20:08:01 +00:00
|
|
|
|
2019-06-21 15:06:25 +00:00
|
|
|
// Exec
|
|
|
|
if err = unix.Exec(binary, envoyArgs, os.Environ()); err != nil {
|
|
|
|
return errors.New("Failed to exec envoy: " + err.Error())
|
|
|
|
}
|
2018-10-05 20:08:01 +00:00
|
|
|
|
2019-06-21 15:06:25 +00:00
|
|
|
return nil
|
2018-10-05 20:08:01 +00:00
|
|
|
}
|