2023-05-24 14:26:50 +02:00
|
|
|
<?php
|
|
|
|
|
|
2023-05-24 15:25:08 +02:00
|
|
|
use App\Actions\CoolifyTask\PrepareCoolifyTask;
|
2023-05-24 14:26:50 +02:00
|
|
|
use App\Data\CoolifyTaskArgs;
|
2023-05-25 14:40:47 +02:00
|
|
|
use App\Enums\ActivityTypes;
|
2023-06-30 15:57:40 +02:00
|
|
|
use App\Models\Application;
|
|
|
|
|
use App\Models\ApplicationDeploymentQueue;
|
2023-07-25 14:43:49 +02:00
|
|
|
use App\Models\PrivateKey;
|
2023-05-24 14:26:50 +02:00
|
|
|
use App\Models\Server;
|
2023-06-30 15:57:40 +02:00
|
|
|
use Carbon\Carbon;
|
2023-05-24 14:26:50 +02:00
|
|
|
use Illuminate\Database\Eloquent\Model;
|
2023-06-30 15:57:40 +02:00
|
|
|
use Illuminate\Support\Collection;
|
2024-04-09 11:48:57 +02:00
|
|
|
use Illuminate\Support\Facades\Hash;
|
2023-05-24 14:26:50 +02:00
|
|
|
use Illuminate\Support\Facades\Process;
|
|
|
|
|
use Illuminate\Support\Facades\Storage;
|
2023-09-15 12:43:03 +02:00
|
|
|
use Illuminate\Support\Str;
|
2023-09-18 11:49:26 +02:00
|
|
|
use Spatie\Activitylog\Contracts\Activity;
|
2023-05-24 14:26:50 +02:00
|
|
|
|
2023-05-24 15:25:08 +02:00
|
|
|
function remote_process(
|
2024-06-10 22:43:34 +02:00
|
|
|
Collection|array $command,
|
|
|
|
|
Server $server,
|
|
|
|
|
?string $type = null,
|
2023-05-24 15:25:08 +02:00
|
|
|
?string $type_uuid = null,
|
2024-06-10 22:43:34 +02:00
|
|
|
?Model $model = null,
|
|
|
|
|
bool $ignore_errors = false,
|
2024-03-12 11:22:02 +01:00
|
|
|
$callEventOnFinish = null,
|
|
|
|
|
$callEventData = null
|
2023-08-11 20:48:52 +02:00
|
|
|
): Activity {
|
2023-09-18 14:41:31 +02:00
|
|
|
if (is_null($type)) {
|
|
|
|
|
$type = ActivityTypes::INLINE->value;
|
|
|
|
|
}
|
2023-09-22 08:42:27 +02:00
|
|
|
if ($command instanceof Collection) {
|
|
|
|
|
$command = $command->toArray();
|
|
|
|
|
}
|
2024-04-16 15:42:38 +02:00
|
|
|
if ($server->isNonRoot()) {
|
2024-04-16 20:57:54 +02:00
|
|
|
$command = parseCommandsByLineForSudo(collect($command), $server);
|
2024-04-16 15:42:38 +02:00
|
|
|
}
|
2023-05-24 15:25:08 +02:00
|
|
|
$command_string = implode("\n", $command);
|
2023-06-30 22:24:39 +02:00
|
|
|
if (auth()->user()) {
|
|
|
|
|
$teams = auth()->user()->teams->pluck('id');
|
2024-06-10 22:43:34 +02:00
|
|
|
if (! $teams->contains($server->team_id) && ! $teams->contains(0)) {
|
|
|
|
|
throw new \Exception('User is not part of the team that owns this server');
|
2023-06-30 22:24:39 +02:00
|
|
|
}
|
|
|
|
|
}
|
2024-06-10 22:43:34 +02:00
|
|
|
|
2023-05-24 15:25:08 +02:00
|
|
|
return resolve(PrepareCoolifyTask::class, [
|
|
|
|
|
'remoteProcessArgs' => new CoolifyTaskArgs(
|
2023-09-15 15:34:25 +02:00
|
|
|
server_uuid: $server->uuid,
|
2023-05-24 15:25:08 +02:00
|
|
|
command: <<<EOT
|
2023-05-24 14:26:50 +02:00
|
|
|
{$command_string}
|
|
|
|
|
EOT,
|
2023-05-24 15:25:08 +02:00
|
|
|
type: $type,
|
|
|
|
|
type_uuid: $type_uuid,
|
|
|
|
|
model: $model,
|
2023-12-08 12:12:44 +01:00
|
|
|
ignore_errors: $ignore_errors,
|
|
|
|
|
call_event_on_finish: $callEventOnFinish,
|
2024-03-12 11:22:02 +01:00
|
|
|
call_event_data: $callEventData,
|
2023-05-24 15:25:08 +02:00
|
|
|
),
|
|
|
|
|
])();
|
2023-05-24 14:26:50 +02:00
|
|
|
}
|
2024-04-09 08:46:00 +02:00
|
|
|
function server_ssh_configuration(Server $server)
|
|
|
|
|
{
|
|
|
|
|
$uuid = data_get($server, 'uuid');
|
|
|
|
|
if (is_null($uuid)) {
|
2024-06-10 22:43:34 +02:00
|
|
|
throw new \Exception('Server does not have a uuid');
|
2024-04-09 08:46:00 +02:00
|
|
|
}
|
|
|
|
|
$private_key_filename = "id.root@{$server->uuid}";
|
2024-06-10 22:43:34 +02:00
|
|
|
$location = '/var/www/html/storage/app/ssh/keys/'.$private_key_filename;
|
|
|
|
|
$mux_filename = '/var/www/html/storage/app/ssh/mux/'.$server->muxFilename();
|
|
|
|
|
|
2024-04-09 08:46:00 +02:00
|
|
|
return [
|
|
|
|
|
'location' => $location,
|
|
|
|
|
'mux_filename' => $mux_filename,
|
2024-06-10 22:43:34 +02:00
|
|
|
'private_key_filename' => $private_key_filename,
|
2024-04-09 08:46:00 +02:00
|
|
|
];
|
|
|
|
|
}
|
2023-09-18 13:01:01 +02:00
|
|
|
function savePrivateKeyToFs(Server $server)
|
2023-05-24 15:25:08 +02:00
|
|
|
{
|
2023-06-07 10:33:45 +02:00
|
|
|
if (data_get($server, 'privateKey.private_key') === null) {
|
|
|
|
|
throw new \Exception("Server {$server->name} does not have a private key");
|
|
|
|
|
}
|
2024-06-10 22:43:34 +02:00
|
|
|
['location' => $location, 'private_key_filename' => $private_key_filename] = server_ssh_configuration($server);
|
2023-09-15 12:30:25 +02:00
|
|
|
Storage::disk('ssh-keys')->makeDirectory('.');
|
|
|
|
|
Storage::disk('ssh-mux')->makeDirectory('.');
|
2024-04-09 08:46:00 +02:00
|
|
|
Storage::disk('ssh-keys')->put($private_key_filename, $server->privateKey->private_key);
|
2024-06-10 22:43:34 +02:00
|
|
|
|
2023-09-15 15:34:25 +02:00
|
|
|
return $location;
|
2023-05-24 14:26:50 +02:00
|
|
|
}
|
|
|
|
|
|
2024-01-06 06:24:57 +01:00
|
|
|
function generateScpCommand(Server $server, string $source, string $dest)
|
|
|
|
|
{
|
|
|
|
|
$user = $server->user;
|
|
|
|
|
$port = $server->port;
|
|
|
|
|
$privateKeyLocation = savePrivateKeyToFs($server);
|
|
|
|
|
$timeout = config('constants.ssh.command_timeout');
|
|
|
|
|
$connectionTimeout = config('constants.ssh.connection_timeout');
|
|
|
|
|
$serverInterval = config('constants.ssh.server_interval');
|
|
|
|
|
|
|
|
|
|
$scp_command = "timeout $timeout scp ";
|
|
|
|
|
$scp_command .= "-i {$privateKeyLocation} "
|
2024-06-10 22:43:34 +02:00
|
|
|
.'-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null '
|
|
|
|
|
.'-o PasswordAuthentication=no '
|
|
|
|
|
."-o ConnectTimeout=$connectionTimeout "
|
|
|
|
|
."-o ServerAliveInterval=$serverInterval "
|
|
|
|
|
.'-o RequestTTY=no '
|
|
|
|
|
.'-o LogLevel=ERROR '
|
|
|
|
|
."-P {$port} "
|
|
|
|
|
."{$source} "
|
|
|
|
|
."{$user}@{$server->ip}:{$dest}";
|
2024-01-06 06:24:57 +01:00
|
|
|
|
|
|
|
|
return $scp_command;
|
|
|
|
|
}
|
|
|
|
|
function instant_scp(string $source, string $dest, Server $server, $throwError = true)
|
|
|
|
|
{
|
|
|
|
|
$timeout = config('constants.ssh.command_timeout');
|
|
|
|
|
$scp_command = generateScpCommand($server, $source, $dest);
|
|
|
|
|
$process = Process::timeout($timeout)->run($scp_command);
|
|
|
|
|
$output = trim($process->output());
|
|
|
|
|
$exitCode = $process->exitCode();
|
|
|
|
|
if ($exitCode !== 0) {
|
2024-06-10 22:43:34 +02:00
|
|
|
if (! $throwError) {
|
2024-01-06 06:24:57 +01:00
|
|
|
return null;
|
|
|
|
|
}
|
2024-06-10 22:43:34 +02:00
|
|
|
|
2024-01-06 06:24:57 +01:00
|
|
|
return excludeCertainErrors($process->errorOutput(), $exitCode);
|
|
|
|
|
}
|
|
|
|
|
if ($output === 'null') {
|
|
|
|
|
$output = null;
|
|
|
|
|
}
|
2024-06-10 22:43:34 +02:00
|
|
|
|
2024-01-06 06:24:57 +01:00
|
|
|
return $output;
|
|
|
|
|
}
|
2024-01-26 08:54:56 +01:00
|
|
|
function generateSshCommand(Server $server, string $command)
|
2023-05-24 15:25:08 +02:00
|
|
|
{
|
2024-02-26 14:22:24 +01:00
|
|
|
if ($server->settings->force_disabled) {
|
|
|
|
|
throw new \RuntimeException('Server is disabled.');
|
|
|
|
|
}
|
2023-09-15 15:34:25 +02:00
|
|
|
$user = $server->user;
|
|
|
|
|
$port = $server->port;
|
2023-09-18 13:01:01 +02:00
|
|
|
$privateKeyLocation = savePrivateKeyToFs($server);
|
2023-09-13 13:00:16 +02:00
|
|
|
$timeout = config('constants.ssh.command_timeout');
|
|
|
|
|
$connectionTimeout = config('constants.ssh.connection_timeout');
|
|
|
|
|
$serverInterval = config('constants.ssh.server_interval');
|
2024-04-12 23:50:23 +02:00
|
|
|
$muxPersistTime = config('constants.ssh.mux_persist_time');
|
2023-09-13 13:00:16 +02:00
|
|
|
|
|
|
|
|
$ssh_command = "timeout $timeout ssh ";
|
2023-05-24 14:26:50 +02:00
|
|
|
|
2024-01-26 09:36:08 +01:00
|
|
|
if (config('coolify.mux_enabled') && config('coolify.is_windows_docker_desktop') == false) {
|
2024-04-12 23:50:23 +02:00
|
|
|
$ssh_command .= "-o ControlMaster=auto -o ControlPersist={$muxPersistTime} -o ControlPath=/var/www/html/storage/app/ssh/mux/%h_%p_%r ";
|
2023-05-24 14:26:50 +02:00
|
|
|
}
|
2023-10-07 00:51:01 +02:00
|
|
|
if (data_get($server, 'settings.is_cloudflare_tunnel')) {
|
2023-09-23 13:34:40 +02:00
|
|
|
$ssh_command .= '-o ProxyCommand="/usr/local/bin/cloudflared access ssh --hostname %h" ';
|
|
|
|
|
}
|
2024-01-15 19:57:29 +01:00
|
|
|
$command = "PATH=\$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/host/usr/local/sbin:/host/usr/local/bin:/host/usr/sbin:/host/usr/bin:/host/sbin:/host/bin && $command";
|
2024-04-09 11:48:57 +02:00
|
|
|
$delimiter = Hash::make($command);
|
|
|
|
|
$command = str_replace($delimiter, '', $command);
|
2023-09-15 12:30:25 +02:00
|
|
|
$ssh_command .= "-i {$privateKeyLocation} "
|
2024-06-10 22:43:34 +02:00
|
|
|
.'-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null '
|
|
|
|
|
.'-o PasswordAuthentication=no '
|
|
|
|
|
."-o ConnectTimeout=$connectionTimeout "
|
|
|
|
|
."-o ServerAliveInterval=$serverInterval "
|
|
|
|
|
.'-o RequestTTY=no '
|
|
|
|
|
.'-o LogLevel=ERROR '
|
|
|
|
|
."-p {$port} "
|
|
|
|
|
."{$user}@{$server->ip} "
|
|
|
|
|
." 'bash -se' << \\$delimiter".PHP_EOL
|
|
|
|
|
.$command.PHP_EOL
|
|
|
|
|
.$delimiter;
|
|
|
|
|
|
2023-09-24 10:55:15 +02:00
|
|
|
// ray($ssh_command);
|
2023-05-24 15:25:08 +02:00
|
|
|
return $ssh_command;
|
2023-05-24 14:26:50 +02:00
|
|
|
}
|
2024-08-21 10:50:05 +02:00
|
|
|
function instant_remote_process(Collection|array $command, Server $server, bool $throwError = true, bool $no_sudo = false): ?string
|
2023-05-24 15:25:08 +02:00
|
|
|
{
|
2023-10-13 15:16:52 +02:00
|
|
|
$timeout = config('constants.ssh.command_timeout');
|
2023-09-22 08:42:27 +02:00
|
|
|
if ($command instanceof Collection) {
|
|
|
|
|
$command = $command->toArray();
|
|
|
|
|
}
|
2024-06-10 22:43:34 +02:00
|
|
|
if ($server->isNonRoot() && ! $no_sudo) {
|
2024-04-16 20:57:54 +02:00
|
|
|
$command = parseCommandsByLineForSudo(collect($command), $server);
|
2024-04-16 15:42:38 +02:00
|
|
|
}
|
2023-05-24 15:25:08 +02:00
|
|
|
$command_string = implode("\n", $command);
|
2024-04-16 15:42:38 +02:00
|
|
|
$ssh_command = generateSshCommand($server, $command_string, $no_sudo);
|
2023-10-13 15:16:52 +02:00
|
|
|
$process = Process::timeout($timeout)->run($ssh_command);
|
2023-05-24 15:25:08 +02:00
|
|
|
$output = trim($process->output());
|
|
|
|
|
$exitCode = $process->exitCode();
|
|
|
|
|
if ($exitCode !== 0) {
|
2024-06-10 22:43:34 +02:00
|
|
|
if (! $throwError) {
|
2023-05-24 15:25:08 +02:00
|
|
|
return null;
|
2023-05-24 14:26:50 +02:00
|
|
|
}
|
2024-06-10 22:43:34 +02:00
|
|
|
|
2023-09-18 11:49:26 +02:00
|
|
|
return excludeCertainErrors($process->errorOutput(), $exitCode);
|
2023-05-24 14:26:50 +02:00
|
|
|
}
|
2023-11-28 18:31:04 +01:00
|
|
|
if ($output === 'null') {
|
|
|
|
|
$output = null;
|
|
|
|
|
}
|
2024-06-10 22:43:34 +02:00
|
|
|
|
2023-05-24 15:25:08 +02:00
|
|
|
return $output;
|
2023-05-24 14:26:50 +02:00
|
|
|
}
|
2023-10-07 00:51:01 +02:00
|
|
|
function excludeCertainErrors(string $errorOutput, ?int $exitCode = null)
|
|
|
|
|
{
|
2023-09-18 11:49:26 +02:00
|
|
|
$ignoredErrors = collect([
|
|
|
|
|
'Permission denied (publickey',
|
|
|
|
|
'Could not resolve hostname',
|
|
|
|
|
]);
|
|
|
|
|
$ignored = false;
|
2023-10-07 00:51:01 +02:00
|
|
|
foreach ($ignoredErrors as $ignoredError) {
|
2023-09-18 11:49:26 +02:00
|
|
|
if (Str::contains($errorOutput, $ignoredError)) {
|
|
|
|
|
$ignored = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ($ignored) {
|
|
|
|
|
// TODO: Create new exception and disable in sentry
|
|
|
|
|
throw new \RuntimeException($errorOutput, $exitCode);
|
|
|
|
|
}
|
|
|
|
|
throw new \RuntimeException($errorOutput, $exitCode);
|
|
|
|
|
}
|
2023-06-30 15:57:40 +02:00
|
|
|
function decode_remote_command_output(?ApplicationDeploymentQueue $application_deployment_queue = null): Collection
|
|
|
|
|
{
|
|
|
|
|
$application = Application::find(data_get($application_deployment_queue, 'application_id'));
|
|
|
|
|
$is_debug_enabled = data_get($application, 'settings.is_debug_enabled');
|
|
|
|
|
if (is_null($application_deployment_queue)) {
|
|
|
|
|
return collect([]);
|
|
|
|
|
}
|
2023-11-27 11:54:55 +01:00
|
|
|
// ray(data_get($application_deployment_queue, 'logs'));
|
2023-06-30 15:57:40 +02:00
|
|
|
try {
|
|
|
|
|
$decoded = json_decode(
|
2023-06-30 21:22:14 +02:00
|
|
|
data_get($application_deployment_queue, 'logs'),
|
2023-06-30 15:57:40 +02:00
|
|
|
associative: true,
|
|
|
|
|
flags: JSON_THROW_ON_ERROR
|
|
|
|
|
);
|
|
|
|
|
} catch (\JsonException $exception) {
|
|
|
|
|
return collect([]);
|
|
|
|
|
}
|
2023-11-27 11:54:55 +01:00
|
|
|
// ray($decoded );
|
2023-06-30 15:57:40 +02:00
|
|
|
$formatted = collect($decoded);
|
2024-06-10 22:43:34 +02:00
|
|
|
if (! $is_debug_enabled) {
|
2023-08-11 20:48:52 +02:00
|
|
|
$formatted = $formatted->filter(fn ($i) => $i['hidden'] === false ?? false);
|
2023-06-30 15:57:40 +02:00
|
|
|
}
|
2023-06-30 21:22:14 +02:00
|
|
|
$formatted = $formatted
|
2023-11-23 21:02:30 +01:00
|
|
|
->sortBy(fn ($i) => data_get($i, 'order'))
|
2023-06-30 15:57:40 +02:00
|
|
|
->map(function ($i) {
|
2023-11-23 21:02:30 +01:00
|
|
|
data_set($i, 'timestamp', Carbon::parse(data_get($i, 'timestamp'))->format('Y-M-d H:i:s.u'));
|
2024-06-10 22:43:34 +02:00
|
|
|
|
2023-06-30 15:57:40 +02:00
|
|
|
return $i;
|
|
|
|
|
});
|
2024-06-10 22:43:34 +02:00
|
|
|
|
2023-06-30 15:57:40 +02:00
|
|
|
return $formatted;
|
|
|
|
|
}
|
2023-11-20 13:49:10 +01:00
|
|
|
function remove_iip($text)
|
|
|
|
|
{
|
2024-06-10 22:43:34 +02:00
|
|
|
$text = preg_replace('/x-access-token:.*?(?=@)/', 'x-access-token:'.REDACTED, $text);
|
|
|
|
|
|
2023-11-20 13:49:10 +01:00
|
|
|
return preg_replace('/\x1b\[[0-9;]*m/', '', $text);
|
|
|
|
|
}
|
2024-04-09 08:46:00 +02:00
|
|
|
function remove_mux_and_private_key(Server $server)
|
|
|
|
|
{
|
|
|
|
|
$muxFilename = $server->muxFilename();
|
|
|
|
|
$privateKeyLocation = savePrivateKeyToFs($server);
|
|
|
|
|
Storage::disk('ssh-mux')->delete($muxFilename);
|
|
|
|
|
Storage::disk('ssh-keys')->delete($privateKeyLocation);
|
|
|
|
|
}
|
2023-11-06 10:53:01 +01:00
|
|
|
function refresh_server_connection(?PrivateKey $private_key = null)
|
2023-07-25 14:43:49 +02:00
|
|
|
{
|
2023-11-06 10:53:01 +01:00
|
|
|
if (is_null($private_key)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2023-07-25 14:43:49 +02:00
|
|
|
foreach ($private_key->servers as $server) {
|
|
|
|
|
Storage::disk('ssh-mux')->delete($server->muxFilename());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-04 16:03:11 +02:00
|
|
|
function checkRequiredCommands(Server $server)
|
|
|
|
|
{
|
2024-06-10 22:43:34 +02:00
|
|
|
$commands = collect(['jq', 'jc']);
|
2023-09-04 16:03:11 +02:00
|
|
|
foreach ($commands as $command) {
|
|
|
|
|
$commandFound = instant_remote_process(["docker run --rm --privileged --net=host --pid=host --ipc=host --volume /:/host busybox chroot /host bash -c 'command -v {$command}'"], $server, false);
|
|
|
|
|
if ($commandFound) {
|
2024-06-10 22:43:34 +02:00
|
|
|
ray($command.' found');
|
|
|
|
|
|
2023-09-04 16:03:11 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
try {
|
|
|
|
|
instant_remote_process(["docker run --rm --privileged --net=host --pid=host --ipc=host --volume /:/host busybox chroot /host bash -c 'apt update && apt install -y {$command}'"], $server);
|
2023-09-11 17:36:30 +02:00
|
|
|
} catch (\Throwable $e) {
|
2024-06-10 22:43:34 +02:00
|
|
|
ray('could not install '.$command);
|
2023-09-04 16:03:11 +02:00
|
|
|
ray($e);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
$commandFound = instant_remote_process(["docker run --rm --privileged --net=host --pid=host --ipc=host --volume /:/host busybox chroot /host bash -c 'command -v {$command}'"], $server, false);
|
|
|
|
|
if ($commandFound) {
|
2024-06-10 22:43:34 +02:00
|
|
|
ray($command.' found');
|
|
|
|
|
|
2023-09-04 16:03:11 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
2024-06-10 22:43:34 +02:00
|
|
|
ray('could not install '.$command);
|
2023-09-04 16:03:11 +02:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
