From 8670b416714e3df07f8ec4efbc7dfd54ea57dfb5 Mon Sep 17 00:00:00 2001 From: Andras Bacsai Date: Fri, 17 Nov 2023 11:56:14 +0100 Subject: [PATCH 1/6] fix: do not allow to enter local ip addresses --- config/sentry.php | 2 +- config/version.php | 2 +- resources/views/livewire/server/form.blade.php | 2 +- resources/views/livewire/server/new/by-ip.blade.php | 2 +- versions.json | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/sentry.php b/config/sentry.php index b66785b50..f3c3f9e6c 100644 --- a/config/sentry.php +++ b/config/sentry.php @@ -7,7 +7,7 @@ return [ // The release version of your application // Example with dynamic git hash: trim(exec('git --git-dir ' . base_path('.git') . ' log --pretty="%h" -n1 HEAD')) - 'release' => '4.0.0-beta.139', + 'release' => '4.0.0-beta.140', // When left empty or `null` the Laravel environment will be used 'environment' => config('app.env'), diff --git a/config/version.php b/config/version.php index 085941feb..23436c488 100644 --- a/config/version.php +++ b/config/version.php @@ -1,3 +1,3 @@ --}}
-
diff --git a/resources/views/livewire/server/new/by-ip.blade.php b/resources/views/livewire/server/new/by-ip.blade.php index 7dfb3a5b0..01ef6ec27 100644 --- a/resources/views/livewire/server/new/by-ip.blade.php +++ b/resources/views/livewire/server/new/by-ip.blade.php @@ -10,7 +10,7 @@
- diff --git a/versions.json b/versions.json index 2dc7c1e54..bf5d5ed96 100644 --- a/versions.json +++ b/versions.json @@ -4,7 +4,7 @@ "version": "3.12.36" }, "v4": { - "version": "4.0.0-beta.139" + "version": "4.0.0-beta.140" } } } From 16281248ac7bb762cefcc29c748b4b1d55bfe6a5 Mon Sep 17 00:00:00 2001 From: Andras Bacsai Date: Fri, 17 Nov 2023 12:22:45 +0100 Subject: [PATCH 2/6] Refactor Dockerfile deployment logic and server validation --- app/Jobs/ApplicationDeploymentJob.php | 12 +++++-- app/Jobs/ContainerStatusJob.php | 2 +- app/Models/Server.php | 45 ++++++++++++++------------- 3 files changed, 33 insertions(+), 26 deletions(-) diff --git a/app/Jobs/ApplicationDeploymentJob.php b/app/Jobs/ApplicationDeploymentJob.php index 25c6c879c..4c0450920 100644 --- a/app/Jobs/ApplicationDeploymentJob.php +++ b/app/Jobs/ApplicationDeploymentJob.php @@ -1078,9 +1078,15 @@ COPY ./nginx.conf /etc/nginx/conf.d/default.conf"); ); } else { // Pure Dockerfile based deployment - $this->execute_remote_command([ - executeInDocker($this->deployment_uuid, "docker build --pull $this->buildTarget $this->addHosts --network host -f {$this->workdir}{$this->dockerfile_location} {$this->build_args} --progress plain -t $this->production_image_name {$this->workdir}"), "hidden" => true - ]); + if ($this->application->dockerfile) { + $this->execute_remote_command([ + executeInDocker($this->deployment_uuid, "docker build --pull $this->buildTarget $this->addHosts --network host -f {$this->workdir}{$this->dockerfile_location} {$this->build_args} --progress plain -t $this->production_image_name {$this->workdir}"), "hidden" => true + ]); + } else { + $this->execute_remote_command([ + executeInDocker($this->deployment_uuid, "docker build $this->buildTarget $this->addHosts --network host -f {$this->workdir}{$this->dockerfile_location} {$this->build_args} --progress plain -t $this->production_image_name {$this->workdir}"), "hidden" => true + ]); + } } } diff --git a/app/Jobs/ContainerStatusJob.php b/app/Jobs/ContainerStatusJob.php index 74d300c38..250156831 100644 --- a/app/Jobs/ContainerStatusJob.php +++ b/app/Jobs/ContainerStatusJob.php @@ -23,7 +23,7 @@ class ContainerStatusJob implements ShouldQueue, ShouldBeEncrypted public function __construct(public Server $server) { - $this->handle(); + // $this->handle(); } public function middleware(): array { diff --git a/app/Models/Server.php b/app/Models/Server.php index 788808430..a86800403 100644 --- a/app/Models/Server.php +++ b/app/Models/Server.php @@ -169,23 +169,6 @@ class Server extends BaseModel Sleep::for(5)->seconds(); return; } - $this->update([ - 'unreachable_count' => 0, - ]); - if (data_get($this, 'unreachable_notification_sent') === true) { - ray('Server is reachable again, sending notification...'); - $this->team->notify(new Revived($this)); - $this->update(['unreachable_notification_sent' => false]); - } - if ( - data_get($this, 'settings.is_reachable') === false || - data_get($this, 'settings.is_usable') === false - ) { - $this->settings()->update([ - 'is_reachable' => true, - 'is_usable' => true - ]); - } break; } } @@ -308,19 +291,37 @@ class Server extends BaseModel { return $this->settings->is_reachable && $this->settings->is_usable; } - public function isDrainLogActivated() { + public function isDrainLogActivated() + { return $this->settings->is_logdrain_newrelic_enabled || $this->settings->is_logdrain_highlight_enabled || $this->settings->is_logdrain_axiom_enabled; } public function validateConnection() { $uptime = instant_remote_process(['uptime'], $this, false); if (!$uptime) { - $this->settings->is_reachable = false; - $this->settings->save(); + $this->settings()->update([ + 'is_reachable' => false, + 'is_usable' => false + ]); return false; } - $this->settings->is_reachable = true; - $this->settings->save(); + + if (data_get($this, 'unreachable_notification_sent') === true) { + $this->team->notify(new Revived($this)); + $this->update(['unreachable_notification_sent' => false]); + } + if ( + data_get($this, 'settings.is_reachable') === false || + data_get($this, 'settings.is_usable') === false + ) { + $this->settings()->update([ + 'is_reachable' => true, + 'is_usable' => true + ]); + } + $this->update([ + 'unreachable_count' => 0, + ]); return true; } public function validateDockerEngine($throwError = false) From 673b944647d3a987111c39cb35f0daa0880b089a Mon Sep 17 00:00:00 2001 From: Andras Bacsai Date: Fri, 17 Nov 2023 12:38:47 +0100 Subject: [PATCH 3/6] Fix IP address validation in server forms --- resources/views/livewire/server/form.blade.php | 2 +- resources/views/livewire/server/new/by-ip.blade.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/views/livewire/server/form.blade.php b/resources/views/livewire/server/form.blade.php index f1292417f..c36d34cbc 100644 --- a/resources/views/livewire/server/form.blade.php +++ b/resources/views/livewire/server/form.blade.php @@ -42,7 +42,7 @@ label="Is it part of a Swarm cluster?" /> --}}
-
diff --git a/resources/views/livewire/server/new/by-ip.blade.php b/resources/views/livewire/server/new/by-ip.blade.php index 01ef6ec27..7dfb3a5b0 100644 --- a/resources/views/livewire/server/new/by-ip.blade.php +++ b/resources/views/livewire/server/new/by-ip.blade.php @@ -10,7 +10,7 @@
- From 5ae08d009ec6422470551188de730f22d2ecd5a8 Mon Sep 17 00:00:00 2001 From: Andras Bacsai Date: Fri, 17 Nov 2023 12:47:15 +0100 Subject: [PATCH 4/6] Add skipServer() method to Server model --- app/Models/Server.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/app/Models/Server.php b/app/Models/Server.php index a86800403..8e7831f83 100644 --- a/app/Models/Server.php +++ b/app/Models/Server.php @@ -120,8 +120,19 @@ class Server extends BaseModel { return $this->ip === 'host.docker.internal' || $this->id === 0; } + public function skipServer() + { + if ($this->ip === '1.2.3.4') { + ray('skipping 1.2.3.4'); + return true; + } + return false; + } public function checkServerRediness() { + if ($this->skipServer()) { + return; + } $serverUptimeCheckNumber = $this->unreachable_count; $serverUptimeCheckNumberMax = 5; @@ -297,6 +308,10 @@ class Server extends BaseModel } public function validateConnection() { + if ($this->skipServer()) { + return false; + } + $uptime = instant_remote_process(['uptime'], $this, false); if (!$uptime) { $this->settings()->update([ From 2c4e69ad5072e59dec1600563dcb680343de58fb Mon Sep 17 00:00:00 2001 From: Andras Bacsai Date: Fri, 17 Nov 2023 13:04:51 +0100 Subject: [PATCH 5/6] Fix server readiness check in ContainerStatusJob and ServerStatusJob --- app/Jobs/ContainerStatusJob.php | 4 +++- app/Jobs/ServerStatusJob.php | 4 +++- app/Models/Server.php | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/app/Jobs/ContainerStatusJob.php b/app/Jobs/ContainerStatusJob.php index 250156831..20acb4bc4 100644 --- a/app/Jobs/ContainerStatusJob.php +++ b/app/Jobs/ContainerStatusJob.php @@ -39,7 +39,9 @@ class ContainerStatusJob implements ShouldQueue, ShouldBeEncrypted { // ray("checking server status for {$this->server->id}"); try { - $this->server->checkServerRediness(); + if (!$this->server->checkServerRediness()) { + return; + } $containers = instant_remote_process(["docker container ls -q"], $this->server); if (!$containers) { return; diff --git a/app/Jobs/ServerStatusJob.php b/app/Jobs/ServerStatusJob.php index 7d591bc83..4337cecf5 100644 --- a/app/Jobs/ServerStatusJob.php +++ b/app/Jobs/ServerStatusJob.php @@ -34,7 +34,9 @@ class ServerStatusJob implements ShouldQueue, ShouldBeEncrypted { ray("checking server status for {$this->server->id}"); try { - $this->server->checkServerRediness(); + if (!$this->server->checkServerRediness()) { + return; + } $this->cleanup(notify: false); } catch (\Throwable $e) { send_internal_notification('ServerStatusJob failed with: ' . $e->getMessage()); diff --git a/app/Models/Server.php b/app/Models/Server.php index 8e7831f83..1461f8cdc 100644 --- a/app/Models/Server.php +++ b/app/Models/Server.php @@ -131,7 +131,7 @@ class Server extends BaseModel public function checkServerRediness() { if ($this->skipServer()) { - return; + return false; } $serverUptimeCheckNumber = $this->unreachable_count; $serverUptimeCheckNumberMax = 5; From 8c73068cc758c2a563dea5ca57587a117b1ca63f Mon Sep 17 00:00:00 2001 From: Andras Bacsai Date: Fri, 17 Nov 2023 13:11:46 +0100 Subject: [PATCH 6/6] Refactor server filtering logic in Kernel.php --- app/Console/Kernel.php | 6 +++--- app/Models/Server.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php index e0d9f2752..7f8c86b94 100644 --- a/app/Console/Kernel.php +++ b/app/Console/Kernel.php @@ -43,7 +43,7 @@ class Kernel extends ConsoleKernel } private function pull_helper_image($schedule) { - $servers = Server::all()->where('settings.is_usable', true)->where('settings.is_reachable', true); + $servers = Server::all()->where('settings.is_usable', true)->where('settings.is_reachable', true)->where('ip', '!=', '1.2.3.4'); foreach ($servers as $server) { $schedule->job(new PullHelperImageJob($server))->everyTenMinutes()->onOneServer(); } @@ -51,9 +51,9 @@ class Kernel extends ConsoleKernel private function check_resources($schedule) { if (isCloud()) { - $servers = Server::all()->whereNotNull('team.subscription')->where('team.subscription.stripe_trial_already_ended', false); + $servers = Server::all()->whereNotNull('team.subscription')->where('team.subscription.stripe_trial_already_ended', false)->where('ip', '!=', '1.2.3.4'); } else { - $servers = Server::all(); + $servers = Server::all()->where('ip', '!=', '1.2.3.4'); } foreach ($servers as $server) { $schedule->job(new ServerStatusJob($server))->everyTenMinutes()->onOneServer(); diff --git a/app/Models/Server.php b/app/Models/Server.php index 1461f8cdc..15be118a8 100644 --- a/app/Models/Server.php +++ b/app/Models/Server.php @@ -168,7 +168,7 @@ class Server extends BaseModel $db->update(['status' => 'exited']); } } - throw new \Exception('Server is not reachable.'); + return false; } $result = $this->validateConnection(); ray('validateConnection: ' . $result);