|
| 1 | +package tail |
| 2 | + |
| 3 | +import ( |
| 4 | + "encoding/json" |
| 5 | + "fmt" |
| 6 | + "net/http" |
| 7 | + "net/url" |
| 8 | + "os" |
| 9 | + "os/signal" |
| 10 | + "syscall" |
| 11 | + "time" |
| 12 | + |
| 13 | + "github.com/mattn/go-colorable" |
| 14 | + "github.com/rs/zerolog" |
| 15 | + "github.com/urfave/cli/v2" |
| 16 | + "nhooyr.io/websocket" |
| 17 | + |
| 18 | + "github.com/cloudflare/cloudflared/logger" |
| 19 | + "github.com/cloudflare/cloudflared/management" |
| 20 | +) |
| 21 | + |
| 22 | +var ( |
| 23 | + version string |
| 24 | +) |
| 25 | + |
| 26 | +func Init(v string) { |
| 27 | + version = v |
| 28 | +} |
| 29 | + |
| 30 | +func Command() *cli.Command { |
| 31 | + return &cli.Command{ |
| 32 | + Name: "tail", |
| 33 | + Action: Run, |
| 34 | + Usage: "Stream logs from a remote cloudflared", |
| 35 | + Flags: []cli.Flag{ |
| 36 | + &cli.StringFlag{ |
| 37 | + Name: "connector-id", |
| 38 | + Usage: "Access a specific cloudflared instance by connector id (for when a tunnel has multiple cloudflared's)", |
| 39 | + Value: "", |
| 40 | + EnvVars: []string{"TUNNEL_MANAGEMENT_CONNECTOR"}, |
| 41 | + }, |
| 42 | + &cli.StringFlag{ |
| 43 | + Name: "token", |
| 44 | + Usage: "Access token for a specific tunnel", |
| 45 | + Value: "", |
| 46 | + EnvVars: []string{"TUNNEL_MANAGEMENT_TOKEN"}, |
| 47 | + }, |
| 48 | + &cli.StringFlag{ |
| 49 | + Name: "management-hostname", |
| 50 | + Usage: "Management hostname to signify incoming management requests", |
| 51 | + EnvVars: []string{"TUNNEL_MANAGEMENT_HOSTNAME"}, |
| 52 | + Hidden: true, |
| 53 | + Value: "management.argotunnel.com", |
| 54 | + }, |
| 55 | + &cli.StringFlag{ |
| 56 | + Name: "trace", |
| 57 | + Usage: "Set a cf-trace-id for the request", |
| 58 | + Hidden: true, |
| 59 | + Value: "", |
| 60 | + }, |
| 61 | + &cli.StringFlag{ |
| 62 | + Name: logger.LogLevelFlag, |
| 63 | + Value: "info", |
| 64 | + Usage: "Application logging level {debug, info, warn, error, fatal}. ", |
| 65 | + EnvVars: []string{"TUNNEL_LOGLEVEL"}, |
| 66 | + }, |
| 67 | + }, |
| 68 | + } |
| 69 | +} |
| 70 | + |
| 71 | +// Middleware validation error struct for returning to the eyeball |
| 72 | +type managementError struct { |
| 73 | + Code int `json:"code,omitempty"` |
| 74 | + Message string `json:"message,omitempty"` |
| 75 | +} |
| 76 | + |
| 77 | +// Middleware validation error HTTP response JSON for returning to the eyeball |
| 78 | +type managementErrorResponse struct { |
| 79 | + Success bool `json:"success,omitempty"` |
| 80 | + Errors []managementError `json:"errors,omitempty"` |
| 81 | +} |
| 82 | + |
| 83 | +func handleValidationError(resp *http.Response, log *zerolog.Logger) { |
| 84 | + if resp.StatusCode == 530 { |
| 85 | + log.Error().Msgf("no cloudflared connector available or reachable via management request (a recent version of cloudflared is required to use streaming logs)") |
| 86 | + } |
| 87 | + var managementErr managementErrorResponse |
| 88 | + err := json.NewDecoder(resp.Body).Decode(&managementErr) |
| 89 | + if err != nil { |
| 90 | + log.Error().Msgf("unable to start management log streaming session: http response code returned %d", resp.StatusCode) |
| 91 | + return |
| 92 | + } |
| 93 | + if managementErr.Success || len(managementErr.Errors) == 0 { |
| 94 | + log.Error().Msgf("management tunnel validation returned success with invalid HTTP response code to convert to a WebSocket request") |
| 95 | + return |
| 96 | + } |
| 97 | + for _, e := range managementErr.Errors { |
| 98 | + log.Error().Msgf("management request failed validation: (%d) %s", e.Code, e.Message) |
| 99 | + } |
| 100 | +} |
| 101 | + |
| 102 | +// logger will be created to emit only against the os.Stderr as to not obstruct with normal output from |
| 103 | +// management requests |
| 104 | +func createLogger(c *cli.Context) *zerolog.Logger { |
| 105 | + level, levelErr := zerolog.ParseLevel(c.String(logger.LogLevelFlag)) |
| 106 | + if levelErr != nil { |
| 107 | + level = zerolog.InfoLevel |
| 108 | + } |
| 109 | + log := zerolog.New(zerolog.ConsoleWriter{ |
| 110 | + Out: colorable.NewColorable(os.Stderr), |
| 111 | + TimeFormat: time.RFC3339, |
| 112 | + }).With().Timestamp().Logger().Level(level) |
| 113 | + return &log |
| 114 | +} |
| 115 | + |
| 116 | +// Run implements a foreground runner |
| 117 | +func Run(c *cli.Context) error { |
| 118 | + log := createLogger(c) |
| 119 | + |
| 120 | + signals := make(chan os.Signal, 10) |
| 121 | + signal.Notify(signals, syscall.SIGTERM, syscall.SIGINT) |
| 122 | + defer signal.Stop(signals) |
| 123 | + |
| 124 | + managementHostname := c.String("management-hostname") |
| 125 | + token := c.String("token") |
| 126 | + u := url.URL{Scheme: "wss", Host: managementHostname, Path: "/logs", RawQuery: "access_token=" + token} |
| 127 | + |
| 128 | + header := make(http.Header) |
| 129 | + header.Add("User-Agent", "cloudflared/"+version) |
| 130 | + trace := c.String("trace") |
| 131 | + if trace != "" { |
| 132 | + header["cf-trace-id"] = []string{trace} |
| 133 | + } |
| 134 | + ctx := c.Context |
| 135 | + conn, resp, err := websocket.Dial(ctx, u.String(), &websocket.DialOptions{ |
| 136 | + HTTPHeader: header, |
| 137 | + }) |
| 138 | + if err != nil { |
| 139 | + if resp != nil && resp.StatusCode != http.StatusSwitchingProtocols { |
| 140 | + handleValidationError(resp, log) |
| 141 | + return nil |
| 142 | + } |
| 143 | + log.Error().Err(err).Msgf("unable to start management log streaming session") |
| 144 | + return nil |
| 145 | + } |
| 146 | + defer conn.Close(websocket.StatusInternalError, "management connection was closed abruptly") |
| 147 | + |
| 148 | + // Once connection is established, send start_streaming event to begin receiving logs |
| 149 | + err = management.WriteEvent(conn, ctx, &management.EventStartStreaming{ |
| 150 | + ClientEvent: management.ClientEvent{Type: management.StartStreaming}, |
| 151 | + }) |
| 152 | + if err != nil { |
| 153 | + log.Error().Err(err).Msg("unable to request logs from management tunnel") |
| 154 | + return nil |
| 155 | + } |
| 156 | + |
| 157 | + readerDone := make(chan struct{}) |
| 158 | + |
| 159 | + go func() { |
| 160 | + defer close(readerDone) |
| 161 | + for { |
| 162 | + select { |
| 163 | + case <-ctx.Done(): |
| 164 | + return |
| 165 | + default: |
| 166 | + event, err := management.ReadServerEvent(conn, ctx) |
| 167 | + if err != nil { |
| 168 | + if closeErr := management.AsClosed(err); closeErr != nil { |
| 169 | + // If the client (or the server) already closed the connection, don't continue to |
| 170 | + // attempt to read from the client. |
| 171 | + if closeErr.Code == websocket.StatusNormalClosure { |
| 172 | + return |
| 173 | + } |
| 174 | + // Only log abnormal closures |
| 175 | + log.Error().Msgf("received remote closure: (%d) %s", closeErr.Code, closeErr.Reason) |
| 176 | + return |
| 177 | + } |
| 178 | + log.Err(err).Msg("unable to read event from server") |
| 179 | + return |
| 180 | + } |
| 181 | + switch event.Type { |
| 182 | + case management.Logs: |
| 183 | + logs, ok := management.IntoServerEvent(event, management.Logs) |
| 184 | + if !ok { |
| 185 | + log.Error().Msgf("invalid logs event") |
| 186 | + continue |
| 187 | + } |
| 188 | + // Output all the logs received to stdout |
| 189 | + for _, l := range logs.Logs { |
| 190 | + fmt.Printf("%s %s %s %s\n", l.Timestamp, l.Level, l.Event, l.Message) |
| 191 | + } |
| 192 | + case management.UnknownServerEventType: |
| 193 | + fallthrough |
| 194 | + default: |
| 195 | + log.Debug().Msgf("unexpected log event type: %s", event.Type) |
| 196 | + } |
| 197 | + } |
| 198 | + } |
| 199 | + }() |
| 200 | + |
| 201 | + for { |
| 202 | + select { |
| 203 | + case <-ctx.Done(): |
| 204 | + return nil |
| 205 | + case <-readerDone: |
| 206 | + return nil |
| 207 | + case <-signals: |
| 208 | + log.Debug().Msg("closing management connection") |
| 209 | + // Cleanly close the connection by sending a close message and then |
| 210 | + // waiting (with timeout) for the server to close the connection. |
| 211 | + conn.Close(websocket.StatusNormalClosure, "") |
| 212 | + select { |
| 213 | + case <-readerDone: |
| 214 | + case <-time.After(time.Second): |
| 215 | + } |
| 216 | + return nil |
| 217 | + } |
| 218 | + } |
| 219 | +} |
0 commit comments