Log Wireguard commands (#28443)

author: Håkon Hallingstad <hakon.hallingstad@gmail.com> 2023-09-11 11:47:59 +0200
committer: GitHub <noreply@github.com> 2023-09-11 11:47:59 +0200
commit: c38fcd2e6f09273459ade724fd571e615ff3f6c9 (patch)
tree: 5858b03ede6104c5dda8348a81b232e922c4921b /node-admin
parent: 6d9d3fb1265a3bf61fdb2582ceb2f148ef9680c1 (diff)
6 files changed, 40 insertions, 14 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngine.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngine.java
index 2aa1d12c491..68dab0b32fb 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngine.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngine.java
@@ -7,6 +7,7 @@ import com.yahoo.vespa.hosted.node.admin.container.image.Image;
 import com.yahoo.vespa.hosted.node.admin.nodeagent.ContainerData;
 import com.yahoo.vespa.hosted.node.admin.nodeagent.NodeAgentContext;
 import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixUser;
+import com.yahoo.vespa.hosted.node.admin.task.util.process.CommandLine;
 import com.yahoo.vespa.hosted.node.admin.task.util.process.CommandResult;
 
 import java.time.Duration;
@@ -48,7 +49,11 @@ public interface ContainerEngine {
     CommandResult execute(NodeAgentContext context, UnixUser user, Duration timeout, String... command);
 
     /** Execute command inside the container's network namespace. Throws on non-zero exit code */
-    CommandResult executeInNetworkNamespace(NodeAgentContext context, String... command);
+    CommandResult executeInNetworkNamespace(NodeAgentContext context, CommandLine.Options options, String... command);
+
+    default CommandResult executeInNetworkNamespace(NodeAgentContext context, String... command) {
+        return executeInNetworkNamespace(context, new CommandLine.Options(), command);
+    }
 
     /** Download given image */
     void pullImage(TaskContext context, DockerImage image, RegistryCredentials registryCredentials);
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerOperations.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerOperations.java
index fa933e9622a..cae47a88961 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerOperations.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerOperations.java
@@ -78,7 +78,11 @@ public class ContainerOperations {
 
     /** Execute command in inside containers network namespace, identified by given context. Throws on non-zero exit code */
     public CommandResult executeCommandInNetworkNamespace(NodeAgentContext context, String... command) {
-        return containerEngine.executeInNetworkNamespace(context, command);
+        return executeCommandInNetworkNamespace(context, new CommandLine.Options(), command);
+    }
+
+    public CommandResult executeCommandInNetworkNamespace(NodeAgentContext context, CommandLine.Options options, String... command) {
+        return containerEngine.executeInNetworkNamespace(context, options, command);
     }
 
     /** Resume node. Resuming a node means that it is ready to receive traffic */
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java
index e8d10805a45..1cfe73e8937 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java
@@ -9,10 +9,10 @@ import com.yahoo.vespa.hosted.node.admin.task.util.file.Editor;
 import com.yahoo.vespa.hosted.node.admin.task.util.file.LineEditor;
 import com.yahoo.vespa.hosted.node.admin.task.util.network.IPAddresses;
 import com.yahoo.vespa.hosted.node.admin.task.util.network.IPVersion;
+import com.yahoo.vespa.hosted.node.admin.task.util.process.CommandLine;
 
 import java.io.IOException;
 import java.net.InetAddress;
-import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.List;
@@ -89,7 +89,7 @@ public class AclMaintainer {
 
     private Supplier<List<String>> listTable(NodeAgentContext context, String table, IPVersion ipVersion) {
         return () -> containerOperations
-                .executeCommandInNetworkNamespace(context, ipVersion.iptablesCmd(), "-S", "-t", table)
+                .executeCommandInNetworkNamespace(context, new CommandLine.Options().setSilent(true), ipVersion.iptablesCmd(), "-S", "-t", table)
                 .mapEachLine(String::trim);
     }
 
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/process/CommandLine.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/process/CommandLine.java
index 2153a15e76b..3d45f515d96 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/process/CommandLine.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/process/CommandLine.java
@@ -144,6 +144,23 @@ public class CommandLine {
         return doExecute();
     }
 
+    public static class Options {
+        private boolean silent = false;
+
+        public Options() {}
+
+        /** Invoke {@link #executeSilently()} instead of {@link #execute()} (default). */
+        public Options setSilent(boolean silent) {
+            this.silent = silent;
+            return this;
+        }
+    }
+
+    /** Convenience method to bundle up a bunch of calls on this into an options object. */
+    public CommandResult execute(Options options) {
+        return options.silent ? executeSilently() : execute();
+    }
+
     /**
      * Record an already executed executeSilently() as having modified the system.
      * For instance with YUM it is not known until after a 'yum install' whether it
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngineMock.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngineMock.java
index af869786504..28e733ac018 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngineMock.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngineMock.java
@@ -8,6 +8,7 @@ import com.yahoo.vespa.hosted.node.admin.nodeagent.ContainerData;
 import com.yahoo.vespa.hosted.node.admin.nodeagent.NodeAgentContext;
 import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixUser;
 import com.yahoo.vespa.hosted.node.admin.task.util.fs.ContainerPath;
+import com.yahoo.vespa.hosted.node.admin.task.util.process.CommandLine;
 import com.yahoo.vespa.hosted.node.admin.task.util.process.CommandResult;
 import com.yahoo.vespa.hosted.node.admin.task.util.process.TestTerminal;
 
@@ -158,13 +159,11 @@ public class ContainerEngineMock implements ContainerEngine {
     }
 
     @Override
-    public CommandResult executeInNetworkNamespace(NodeAgentContext context, String... command) {
+    public CommandResult executeInNetworkNamespace(NodeAgentContext context, CommandLine.Options options, String... command) {
         if (terminal == null) {
             return new CommandResult(null, 0, "");
         }
-        return terminal.newCommandLine(context)
-                       .add(command)
-                       .executeSilently();
+        return terminal.newCommandLine(context).add(command).execute(options);
     }
 
     @Override
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainerTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainerTest.java
index 827c6ebb6ec..32e82627d9a 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainerTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainerTest.java
@@ -9,6 +9,7 @@ import com.yahoo.vespa.hosted.node.admin.nodeagent.NodeAgentContextImpl;
 import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixPath;
 import com.yahoo.vespa.hosted.node.admin.task.util.network.IPAddressesMock;
 import com.yahoo.vespa.hosted.node.admin.task.util.network.IPVersion;
+import com.yahoo.vespa.hosted.node.admin.task.util.process.CommandLine;
 import com.yahoo.vespa.hosted.node.admin.task.util.process.CommandResult;
 import com.yahoo.vespa.test.file.TestFileSystem;
 import org.junit.jupiter.api.BeforeEach;
@@ -64,7 +65,7 @@ public class AclMaintainerTest {
 
         aclMaintainer.converge(context);
 
-        verify(containerOperations, times(4)).executeCommandInNetworkNamespace(eq(context), any(), eq("-S"), eq("-t"), any());
+        verify(containerOperations, times(4)).executeCommandInNetworkNamespace(eq(context), any(CommandLine.Options.class), any(), eq("-S"), eq("-t"), any());
         verify(containerOperations, times(2)).executeCommandInNetworkNamespace(eq(context), eq("iptables-restore"), any());
         verify(containerOperations, times(2)).executeCommandInNetworkNamespace(eq(context), eq("ip6tables-restore"), any());
         verifyNoMoreInteractions(containerOperations);
@@ -131,7 +132,7 @@ public class AclMaintainerTest {
 
         aclMaintainer.converge(context);
 
-        verify(containerOperations, times(2)).executeCommandInNetworkNamespace(eq(context), any(), eq("-S"), eq("-t"), any());
+        verify(containerOperations, times(2)).executeCommandInNetworkNamespace(eq(context), any(CommandLine.Options.class), any(), eq("-S"), eq("-t"), any());
         verify(containerOperations, times(1)).executeCommandInNetworkNamespace(eq(context), eq("iptables-restore"), any());
         verify(containerOperations, times(1)).executeCommandInNetworkNamespace(eq(context), eq("ip6tables-restore"), any());
         verifyNoMoreInteractions(containerOperations);
@@ -188,7 +189,7 @@ public class AclMaintainerTest {
 
         aclMaintainer.converge(context);
 
-        verify(containerOperations, times(3)).executeCommandInNetworkNamespace(eq(context), any(), eq("-S"), eq("-t"), any());
+        verify(containerOperations, times(3)).executeCommandInNetworkNamespace(eq(context), any(CommandLine.Options.class), any(), eq("-S"), eq("-t"), any());
         verify(containerOperations, times(1)).executeCommandInNetworkNamespace(eq(context), eq("iptables-restore"), any());
         verify(containerOperations, never()).executeCommandInNetworkNamespace(eq(context), eq("ip6tables-restore"), any()); //we don't have a ip4 address for the container so no redirect
         verifyNoMoreInteractions(containerOperations);
@@ -237,7 +238,7 @@ public class AclMaintainerTest {
 
         aclMaintainer.converge(context);
 
-        verify(containerOperations, times(3)).executeCommandInNetworkNamespace(eq(context), any(), eq("-S"), eq("-t"), any());
+        verify(containerOperations, times(3)).executeCommandInNetworkNamespace(eq(context), any(CommandLine.Options.class), any(), eq("-S"), eq("-t"), any());
         verify(containerOperations, times(1)).executeCommandInNetworkNamespace(eq(context), eq("iptables-restore"), any());
         verify(containerOperations, times(1)).executeCommandInNetworkNamespace(eq(context), eq("iptables"), eq("-F"), eq("-t"), eq("filter"));
         verifyNoMoreInteractions(containerOperations);
@@ -271,7 +272,7 @@ public class AclMaintainerTest {
 
         aclMaintainer.converge(context);
 
-        verify(containerOperations, times(4)).executeCommandInNetworkNamespace(eq(context), any(), eq("-S"), eq("-t"), any());
+        verify(containerOperations, times(4)).executeCommandInNetworkNamespace(eq(context), any(CommandLine.Options.class), any(), eq("-S"), eq("-t"), any());
         verify(containerOperations, times(2)).executeCommandInNetworkNamespace(eq(context), eq("iptables-restore"), any());
         verify(containerOperations, times(2)).executeCommandInNetworkNamespace(eq(context), eq("ip6tables-restore"), any());
         verifyNoMoreInteractions(containerOperations);
@@ -343,7 +344,7 @@ public class AclMaintainerTest {
 
     private void whenListRules(NodeAgentContext context, String table, IPVersion ipVersion, String output) {
         when(containerOperations.executeCommandInNetworkNamespace(
-                eq(context), eq(ipVersion.iptablesCmd()), eq("-S"), eq("-t"), eq(table)))
+                eq(context), any(CommandLine.Options.class), eq(ipVersion.iptablesCmd()), eq("-S"), eq("-t"), eq(table)))
                 .thenReturn(new CommandResult(null, 0, output));
     }
author	Håkon Hallingstad <hakon.hallingstad@gmail.com>	2023-09-11 11:47:59 +0200
committer	GitHub <noreply@github.com>	2023-09-11 11:47:59 +0200
commit	c38fcd2e6f09273459ade724fd571e615ff3f6c9 (patch)
tree	5858b03ede6104c5dda8348a81b232e922c4921b /node-admin
parent	6d9d3fb1265a3bf61fdb2582ceb2f148ef9680c1 (diff)