Start wireguard on configserver hosts (#24345)

Co-authored-by: gjoranv <gv@verizonmedia.com>
author: gjoranv <gjoranv@gmail.com> 2022-10-13 13:50:41 +0200
committer: GitHub <noreply@github.com> 2022-10-13 13:50:41 +0200
commit: 0f7ffd08b1263ba1dfb038b8896150d0d90acdbf (patch)
tree: e714448bdad5a8ac3b24e37ab445f9b79729f6ca /node-admin
parent: 470422e72242a1aff915d44f0a12548fd035b685 (diff)
4 files changed, 24 insertions, 6 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/WireguardMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/WireguardMaintainer.java
new file mode 100644
index 00000000000..f7f1a421cd8
--- /dev/null
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/WireguardMaintainer.java
@@ -0,0 +1,14 @@
+package com.yahoo.vespa.hosted.node.admin.maintenance;
+
+import com.yahoo.vespa.hosted.node.admin.nodeagent.NodeAgentContext;
+
+/**
+ * Ensures that wireguard-go is running on the host.
+ *
+ * @author gjoranv
+ */
+public interface WireguardMaintainer {
+
+    void converge(NodeAgentContext context);
+
+}
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImpl.java
index ea352791b36..20ea29381f3 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImpl.java
@@ -24,6 +24,7 @@ import com.yahoo.vespa.hosted.node.admin.container.ContainerResources;
 import com.yahoo.vespa.hosted.node.admin.container.RegistryCredentials;
 import com.yahoo.vespa.hosted.node.admin.container.RegistryCredentialsProvider;
 import com.yahoo.vespa.hosted.node.admin.maintenance.StorageMaintainer;
+import com.yahoo.vespa.hosted.node.admin.maintenance.WireguardMaintainer;
 import com.yahoo.vespa.hosted.node.admin.maintenance.acl.AclMaintainer;
 import com.yahoo.vespa.hosted.node.admin.maintenance.identity.CredentialsMaintainer;
 import com.yahoo.vespa.hosted.node.admin.maintenance.servicedump.VespaServiceDumper;
@@ -71,6 +72,7 @@ public class NodeAgentImpl implements NodeAgent {
     private final Duration warmUpDuration;
     private final DoubleFlag containerCpuCap;
     private final VespaServiceDumper serviceDumper;
+    private final Optional<WireguardMaintainer> wireguardMaintainer;
 
     private Thread loopThread;
     private ContainerState containerState = UNKNOWN;
@@ -101,16 +103,15 @@ public class NodeAgentImpl implements NodeAgent {
     }
 
 
-    // Created in NodeAdminImpl
     public NodeAgentImpl(NodeAgentContextSupplier contextSupplier, NodeRepository nodeRepository,
                          Orchestrator orchestrator, ContainerOperations containerOperations,
                          RegistryCredentialsProvider registryCredentialsProvider, StorageMaintainer storageMaintainer,
                          FlagSource flagSource, List<CredentialsMaintainer> credentialsMaintainers,
                          Optional<AclMaintainer> aclMaintainer, Optional<HealthChecker> healthChecker, Clock clock,
-                         VespaServiceDumper serviceDumper) {
+                         VespaServiceDumper serviceDumper, Optional<WireguardMaintainer> wireguardMaintainer) {
         this(contextSupplier, nodeRepository, orchestrator, containerOperations, registryCredentialsProvider,
              storageMaintainer, flagSource, credentialsMaintainers, aclMaintainer, healthChecker, clock,
-             DEFAULT_WARM_UP_DURATION, serviceDumper);
+             DEFAULT_WARM_UP_DURATION, serviceDumper, wireguardMaintainer);
     }
 
     public NodeAgentImpl(NodeAgentContextSupplier contextSupplier, NodeRepository nodeRepository,
@@ -118,7 +119,8 @@ public class NodeAgentImpl implements NodeAgent {
                          RegistryCredentialsProvider registryCredentialsProvider, StorageMaintainer storageMaintainer,
                          FlagSource flagSource, List<CredentialsMaintainer> credentialsMaintainers,
                          Optional<AclMaintainer> aclMaintainer, Optional<HealthChecker> healthChecker, Clock clock,
-                         Duration warmUpDuration, VespaServiceDumper serviceDumper) {
+                         Duration warmUpDuration, VespaServiceDumper serviceDumper,
+                         Optional<WireguardMaintainer> wireguardMaintainer) {
         this.contextSupplier = contextSupplier;
         this.nodeRepository = nodeRepository;
         this.orchestrator = orchestrator;
@@ -132,6 +134,7 @@ public class NodeAgentImpl implements NodeAgent {
         this.warmUpDuration = warmUpDuration;
         this.containerCpuCap = PermanentFlags.CONTAINER_CPU_CAP.bindTo(flagSource);
         this.serviceDumper = serviceDumper;
+        this.wireguardMaintainer = wireguardMaintainer;
     }
 
     @Override
@@ -495,6 +498,7 @@ public class NodeAgentImpl implements NodeAgent {
                 }
 
                 aclMaintainer.ifPresent(maintainer -> maintainer.converge(context));
+                wireguardMaintainer.ifPresent(maintainer -> maintainer.converge(context));
                 startServicesIfNeeded(context);
                 resumeNodeIfNeeded(context);
                 if (healthChecker.isPresent()) {
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integration/ContainerTester.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integration/ContainerTester.java
index 1773eb4be25..2f9b282c44e 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integration/ContainerTester.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integration/ContainerTester.java
@@ -95,7 +95,7 @@ public class ContainerTester implements AutoCloseable {
                 new NodeAgentImpl(contextSupplier, nodeRepository, orchestrator, containerOperations, () -> RegistryCredentials.none,
                                   storageMaintainer, flagSource,
                                   Collections.emptyList(), Optional.empty(), Optional.empty(), clock, Duration.ofSeconds(-1),
-                                  VespaServiceDumper.DUMMY_INSTANCE) {
+                                  VespaServiceDumper.DUMMY_INSTANCE, Optional.empty()) {
                     @Override public void converge(NodeAgentContext context) {
                         super.converge(context);
                         phaser.arriveAndAwaitAdvance();
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImplTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImplTest.java
index a7697e5cb5f..fb132c9b717 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImplTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImplTest.java
@@ -789,7 +789,7 @@ public class NodeAgentImplTest {
         return new NodeAgentImpl(contextSupplier, nodeRepository, orchestrator, containerOperations,
                                  () -> RegistryCredentials.none, storageMaintainer, flagSource,
                                  List.of(credentialsMaintainer), Optional.of(aclMaintainer), Optional.of(healthChecker),
-                                 clock, warmUpDuration, VespaServiceDumper.DUMMY_INSTANCE);
+                                 clock, warmUpDuration, VespaServiceDumper.DUMMY_INSTANCE, Optional.empty());
     }
 
     private void mockGetContainer(DockerImage dockerImage, boolean isRunning) {
author	gjoranv <gjoranv@gmail.com>	2022-10-13 13:50:41 +0200
committer	GitHub <noreply@github.com>	2022-10-13 13:50:41 +0200
commit	0f7ffd08b1263ba1dfb038b8896150d0d90acdbf (patch)
tree	e714448bdad5a8ac3b24e37ab445f9b79729f6ca /node-admin
parent	470422e72242a1aff915d44f0a12548fd035b685 (diff)