mirror of
https://github.com/Infisical/infisical.git
synced 2026-01-10 07:58:15 -05:00
feat: resolved small gateway issues and added gateway uninstall command
This commit is contained in:
=
@@ -18,10 +18,10 @@ import (
|
||||
)
|
||||
|
||||
var gatewayCmd = &cobra.Command{
|
||||
Use: "gateway",
|
||||
Short: "Run the Infisical gateway or manage its systemd service",
|
||||
Long: "Run the Infisical gateway in the foreground or manage its systemd service installation. Use 'gateway install' to set up the systemd service.",
|
||||
Example: `infisical gateway --token=<token>
|
||||
Use: "gateway",
|
||||
Short: "Run the Infisical gateway or manage its systemd service",
|
||||
Long: "Run the Infisical gateway in the foreground or manage its systemd service installation. Use 'gateway install' to set up the systemd service.",
|
||||
Example: `infisical gateway --token=<token>
|
||||
sudo infisical gateway install --token=<token> --domain=<domain>`,
|
||||
DisableFlagsInUseLine: true,
|
||||
Args: cobra.NoArgs,
|
||||
@@ -148,6 +148,28 @@ var gatewayInstallCmd = &cobra.Command{
|
||||
},
|
||||
}
|
||||
|
||||
var gatewayUninstallCmd = &cobra.Command{
|
||||
Use: "uninstall",
|
||||
Short: "Uninstall and remove systemd service for the gateway (requires sudo)",
|
||||
Long: "Uninstall and remove systemd service for the gateway. Must be run with sudo on Linux.",
|
||||
Example: "sudo infisical gateway uninstall",
|
||||
DisableFlagsInUseLine: true,
|
||||
Args: cobra.NoArgs,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
if runtime.GOOS != "linux" {
|
||||
util.HandleError(fmt.Errorf("systemd service installation is only supported on Linux"))
|
||||
}
|
||||
|
||||
if os.Geteuid() != 0 {
|
||||
util.HandleError(fmt.Errorf("systemd service installation requires root/sudo privileges"))
|
||||
}
|
||||
|
||||
if err := gateway.UninstallGatewaySystemdService(); err != nil {
|
||||
util.HandleError(err, "Failed to uninstall systemd service")
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
var gatewayRelayCmd = &cobra.Command{
|
||||
Example: `infisical gateway relay`,
|
||||
Short: "Used to run infisical gateway relay",
|
||||
@@ -183,6 +205,7 @@ func init() {
|
||||
gatewayRelayCmd.Flags().String("config", "", "Relay config yaml file path")
|
||||
|
||||
gatewayCmd.AddCommand(gatewayInstallCmd)
|
||||
gatewayCmd.AddCommand(gatewayUninstallCmd)
|
||||
gatewayCmd.AddCommand(gatewayRelayCmd)
|
||||
rootCmd.AddCommand(gatewayCmd)
|
||||
}
|
||||
|
||||
@@ -89,7 +89,7 @@ func (g *Gateway) ConnectWithRelay() error {
|
||||
turnClientCfg.Conn = turn.NewSTUNConn(conn)
|
||||
} else {
|
||||
log.Info().Msgf("Provided relay port %s. Using non TLS connection.", relayPort)
|
||||
conn, err := net.ListenPacket("udp4", turnAddr.String())
|
||||
conn, err := net.ListenPacket("udp4", "0.0.0.0:0")
|
||||
if err != nil {
|
||||
return fmt.Errorf("Failed to connect with relay server: %w", err)
|
||||
}
|
||||
@@ -342,7 +342,9 @@ func (g *Gateway) registerRelayIsActive(ctx context.Context, errCh chan error) e
|
||||
case <-ticker.C:
|
||||
log.Debug().Msg("Performing relay connection health check")
|
||||
err := g.createPermissionForStaticIps(g.config.InfisicalStaticIp)
|
||||
if err != nil && !strings.Contains(err.Error(), "tls:") {
|
||||
// try again error message from server happens to avoid congestion
|
||||
// https://github.com/pion/turn/blob/master/internal/client/udp_conn.go#L382
|
||||
if err != nil && !strings.Contains(err.Error(), "try again") {
|
||||
failures++
|
||||
log.Warn().Err(err).Int("failures", failures).Msg("Failed to refresh TURN permissions")
|
||||
if failures >= maxFailures {
|
||||
@@ -351,6 +353,7 @@ func (g *Gateway) registerRelayIsActive(ctx context.Context, errCh chan error) e
|
||||
}
|
||||
continue
|
||||
}
|
||||
failures = 0 // reset
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
@@ -15,7 +15,8 @@ Description=Infisical Gateway Service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Type=notify
|
||||
NotifyAccess=all
|
||||
EnvironmentFile=/etc/infisical/gateway.conf
|
||||
ExecStart=infisical gateway
|
||||
Restart=on-failure
|
||||
@@ -50,8 +51,6 @@ func InstallGatewaySystemdService(token string, domain string) error {
|
||||
configContent := fmt.Sprintf("INFISICAL_UNIVERSAL_AUTH_ACCESS_TOKEN=%s\n", token)
|
||||
if domain != "" {
|
||||
configContent += fmt.Sprintf("INFISICAL_API_URL=%s\n", domain)
|
||||
} else {
|
||||
configContent += "INFISICAL_API_URL=\n"
|
||||
}
|
||||
|
||||
configPath := filepath.Join(configDir, "gateway.conf")
|
||||
@@ -60,11 +59,6 @@ func InstallGatewaySystemdService(token string, domain string) error {
|
||||
}
|
||||
|
||||
servicePath := "/etc/systemd/system/infisical-gateway.service"
|
||||
if _, err := os.Stat(servicePath); err == nil {
|
||||
log.Info().Msg("Systemd service file already exists")
|
||||
return nil
|
||||
}
|
||||
|
||||
if err := os.WriteFile(servicePath, []byte(systemdServiceTemplate), 0644); err != nil {
|
||||
return fmt.Errorf("failed to write systemd service file: %v", err)
|
||||
}
|
||||
@@ -80,3 +74,48 @@ func InstallGatewaySystemdService(token string, domain string) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func UninstallGatewaySystemdService() error {
|
||||
if runtime.GOOS != "linux" {
|
||||
log.Info().Msg("Skipping systemd service uninstallation - not on Linux")
|
||||
return nil
|
||||
}
|
||||
|
||||
if os.Geteuid() != 0 {
|
||||
log.Info().Msg("Skipping systemd service uninstallation - not running as root/sudo")
|
||||
return nil
|
||||
}
|
||||
|
||||
// Stop the service if it's running
|
||||
stopCmd := exec.Command("systemctl", "stop", "infisical-gateway")
|
||||
if err := stopCmd.Run(); err != nil {
|
||||
log.Warn().Msgf("Failed to stop service: %v", err)
|
||||
}
|
||||
|
||||
// Disable the service
|
||||
disableCmd := exec.Command("systemctl", "disable", "infisical-gateway")
|
||||
if err := disableCmd.Run(); err != nil {
|
||||
log.Warn().Msgf("Failed to disable service: %v", err)
|
||||
}
|
||||
|
||||
// Remove the service file
|
||||
servicePath := "/etc/systemd/system/infisical-gateway.service"
|
||||
if err := os.Remove(servicePath); err != nil && !os.IsNotExist(err) {
|
||||
return fmt.Errorf("failed to remove systemd service file: %v", err)
|
||||
}
|
||||
|
||||
// Remove the configuration file
|
||||
configPath := "/etc/infisical/gateway.conf"
|
||||
if err := os.Remove(configPath); err != nil && !os.IsNotExist(err) {
|
||||
return fmt.Errorf("failed to remove config file: %v", err)
|
||||
}
|
||||
|
||||
// Reload systemd to apply changes
|
||||
reloadCmd := exec.Command("systemctl", "daemon-reload")
|
||||
if err := reloadCmd.Run(); err != nil {
|
||||
return fmt.Errorf("failed to reload systemd: %v", err)
|
||||
}
|
||||
|
||||
log.Info().Msg("Successfully uninstalled Infisical Gateway systemd service")
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -245,8 +245,9 @@ func getCurrentBranch() (string, error) {
|
||||
}
|
||||
|
||||
func AppendAPIEndpoint(address string) string {
|
||||
// if it's empty return as it is
|
||||
// Ensure the address does not already end with "/api"
|
||||
if strings.HasSuffix(address, "/api") {
|
||||
if address == "" || strings.HasSuffix(address, "/api") {
|
||||
return address
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user