Add a special vhost for health checking that uses /etc/nolvs

quentinmit · quentinmit · commit 31d1588a3804 · 2021-04-07T02:29:24.000-04:00
Also adds another special vhost for debugging/monitoring
diff --git a/server/common/oursrc/scripts-proxy/main.go b/server/common/oursrc/scripts-proxy/main.go
@@ -28,8 +28,10 @@ func always(context.Context, string) bool {
 }
 
 type ldapTarget struct {
-	localPoolRange *net.IPNet
-	ldap           *ldap.Pool
+	localPoolRange    *net.IPNet
+	ldap              *ldap.Pool
+	statuszServer     *HijackedServer
+	unavailableServer *HijackedServer
 }
 
 // HandleConn is called by tcpproxy after receiving a connection and sniffing the host.
@@ -39,6 +41,17 @@ func (l *ldapTarget) HandleConn(netConn net.Conn) {
 	var pool string
 	var err error
 	if conn, ok := netConn.(*tcpproxy.Conn); ok {
+		switch conn.HostName {
+		case "proxy.scripts.scripts.mit.edu":
+			// Special handling for proxy.scripts.scripts.mit.edu
+			l.statuszServer.HandleConn(netConn)
+			return
+		case "heartbeat.scripts.scripts.mit.edu":
+			if nolvsPresent() {
+				l.unavailableServer.HandleConn(netConn)
+				return
+			}
+		}
 		pool, err = l.ldap.ResolvePool(conn.HostName)
 		if err != nil {
 			log.Printf("resolving %q: %v", conn.HostName, err)
@@ -50,9 +63,9 @@ func (l *ldapTarget) HandleConn(netConn net.Conn) {
 			log.Printf("resolving default pool: %v", err)
 		}
 	}
-	// TODO: Serve an error page? Forward to scripts-director?
+	// TODO: Forward to sorry server on director?
 	if pool == "" {
-		netConn.Close()
+		l.unavailableServer.HandleConn(netConn)
 		return
 	}
 	laddr := netConn.LocalAddr().(*net.TCPAddr)
@@ -91,8 +104,10 @@ func main() {
 
 	var p tcpproxy.Proxy
 	t := &ldapTarget{
-		localPoolRange: ipnet,
-		ldap:           ldapPool,
+		localPoolRange:    ipnet,
+		ldap:              ldapPool,
+		statuszServer:     NewHijackedServer(nil),
+		unavailableServer: NewUnavailableServer(),
 	}
 	for _, addr := range strings.Split(*httpAddrs, ",") {
 		p.AddHTTPHostMatchRoute(addr, always, t)
diff --git a/server/common/oursrc/scripts-proxy/statusz.go b/server/common/oursrc/scripts-proxy/statusz.go
@@ -0,0 +1,64 @@
+package main
+
+import (
+	"errors"
+	"net"
+	"net/http"
+	_ "net/http/pprof"
+	"os"
+)
+
+func nolvsPresent() bool {
+	if _, err := os.Stat("/etc/nolvs"); err == nil {
+		return true
+	}
+	return false
+}
+
+// HijackedServer is an HTTP server that serves from connections hijacked from another server instead of a listening socket.
+// (See net/http.Hijacker for the opposite direction.)
+// Users can call HandleConn to handle any request(s) waiting on that net.Conn.
+type HijackedServer struct {
+	connCh chan net.Conn
+}
+
+// NewHijackedServer constructs a HijackedServer that handles incoming HTTP connections with handler.
+func NewHijackedServer(handler http.Handler) *HijackedServer {
+	s := &HijackedServer{
+		connCh: make(chan net.Conn),
+	}
+	go http.Serve(s, handler)
+	return s
+}
+
+// Accept is called by http.Server to acquire a new connection.
+func (s *HijackedServer) Accept() (net.Conn, error) {
+	c, ok := <-s.connCh
+	if ok {
+		return c, nil
+	}
+	return nil, errors.New("closed")
+}
+
+// Close shuts down the server.
+func (s *HijackedServer) Close() error {
+	close(s.connCh)
+	return nil
+}
+
+// Addr must be present to implement net.Listener
+func (s *HijackedServer) Addr() net.Addr {
+	return nil
+}
+
+// HandleConn instructs the server to take control of c and handle any HTTP request(s) that are waiting.
+func (s *HijackedServer) HandleConn(c net.Conn) {
+	s.connCh <- c
+}
+
+// NewUnavailableServer constructs a HijackedServer that serves 500 Service Unavailable for all requests.
+func NewUnavailableServer() *HijackedServer {
+	return NewHijackedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		http.Error(w, "0 proxy nolvs", http.StatusServiceUnavailable)
+	}))
+}
