daemon

package
v1.27.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2025 License: GPL-3.0 Imports: 53 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrRestartSocket         = fmt.Errorf("daemon stop requested to wait for socket activation")
	ErrRestartServiceFailure = fmt.Errorf("daemon stop requested due to service failure")
	ErrRestartCheckFailure   = fmt.Errorf("daemon stop requested due to check failure")
	ErrRestartExternal       = fmt.Errorf("daemon stop requested due to externally-handled reboot")
)
View Source 
var (
	BadRequest       = makeErrorResponder(http.StatusBadRequest)
	Unauthorized     = makeErrorResponder(http.StatusUnauthorized)
	Forbidden        = makeErrorResponder(http.StatusForbidden)
	NotFound         = makeErrorResponder(http.StatusNotFound)
	MethodNotAllowed = makeErrorResponder(http.StatusMethodNotAllowed)
	InternalError    = makeErrorResponder(http.StatusInternalServerError)
	GatewayTimeout   = makeErrorResponder(http.StatusGatewayTimeout)
)

Standard error responses.

View Source 
var API = []*Command{{
	Path:       "/v1/system-info",
	ReadAccess: OpenAccess{},
	GET:        v1SystemInfo,
}, {
	Path:       "/v1/health",
	ReadAccess: OpenAccess{},
	GET:        v1Health,
}, {
	Path:       "/v1/changes",
	ReadAccess: UserAccess{},
	GET:        v1GetChanges,
}, {
	Path:        "/v1/changes/{id}",
	ReadAccess:  UserAccess{},
	WriteAccess: AdminAccess{},
	GET:         v1GetChange,
	POST:        v1PostChange,
}, {
	Path:       "/v1/changes/{id}/wait",
	ReadAccess: UserAccess{},
	GET:        v1GetChangeWait,
}, {
	Path:        "/v1/services",
	ReadAccess:  UserAccess{},
	WriteAccess: AdminAccess{},
	GET:         v1GetServices,
	POST:        v1PostServices,
}, {
	Path:        "/v1/services/{name}",
	ReadAccess:  UserAccess{},
	WriteAccess: AdminAccess{},
	GET:         v1GetService,
	POST:        v1PostService,
}, {
	Path:       "/v1/plan",
	ReadAccess: UserAccess{},
	GET:        v1GetPlan,
}, {
	Path:        "/v1/layers",
	WriteAccess: AdminAccess{},
	POST:        v1PostLayers,
}, {
	Path:        "/v1/files",
	ReadAccess:  AdminAccess{},
	WriteAccess: AdminAccess{},
	GET:         v1GetFiles,
	POST:        v1PostFiles,
}, {
	Path:       "/v1/logs",
	ReadAccess: UserAccess{},
	GET:        v1GetLogs,
}, {
	Path:        "/v1/exec",
	WriteAccess: AdminAccess{},
	POST:        v1PostExec,
}, {
	Path:       "/v1/tasks/{task-id}/websocket/{websocket-id}",
	ReadAccess: AdminAccess{},
	GET:        v1GetTaskWebsocket,
}, {
	Path:        "/v1/signals",
	WriteAccess: AdminAccess{},
	POST:        v1PostSignals,
}, {
	Path:        "/v1/checks",
	ReadAccess:  UserAccess{},
	WriteAccess: AdminAccess{},
	GET:         v1GetChecks,
	POST:        v1PostChecks,
}, {
	Path:        "/v1/checks/refresh",
	WriteAccess: AdminAccess{},
	POST:        v1PostChecksRefresh,
}, {
	Path:        "/v1/notices",
	ReadAccess:  UserAccess{},
	WriteAccess: UserAccess{},
	GET:         v1GetNotices,
	POST:        v1PostNotices,
}, {
	Path:       "/v1/notices/{id}",
	ReadAccess: UserAccess{},
	GET:        v1GetNotice,
}, {
	Path:        "/v1/identities",
	ReadAccess:  UserAccess{},
	WriteAccess: AdminAccess{},
	GET:         v1GetIdentities,
	POST:        v1PostIdentities,
}, {
	Path:        "/v1/pairing",
	WriteAccess: PairingAccess{},
	POST:        v1PostPairing,
}, {
	Path:       "/v1/metrics",
	ReadAccess: MetricsAccess{},
	GET:        v1GetMetrics,
}}

Functions

func SetRebootMode 

func SetRebootMode(mode RebootMode)

SetRebootMode configures how the system issues a reboot. The default reboot handler mode is SystemdMode, which relies on systemd (or similar) provided functionality to reboot.

Types

type AccessChecker added in v1.9.0 

type AccessChecker interface {
	// CheckAccess reports whether access should be granted or denied. If
	// access is granted, return nil. If access is denied, return a non-nil
	// error such as Unauthorized("access denied").
	CheckAccess(d *Daemon, r *http.Request, user *UserState) Response
}

AccessChecker checks whether a particular request is allowed.

type AdminAccess added in v1.9.0 

type AdminAccess struct{}

AdminAccess only allows incoming requests over unix domain sockets and HTTPS, and only if the user is valid and has AdminAccess role.

func (AdminAccess) CheckAccess added in v1.9.0 

func (ac AdminAccess) CheckAccess(d *Daemon, r *http.Request, user *UserState) Response

type Command 

type Command struct {
	Path       string
	PathPrefix string
	//
	GET  ResponseFunc
	PUT  ResponseFunc
	POST ResponseFunc

	// Access control.
	ReadAccess  AccessChecker
	WriteAccess AccessChecker
	// contains filtered or unexported fields
}

A Command routes a request to an individual per-verb ResponseFUnc

func (*Command) Daemon 

func (c *Command) Daemon() *Daemon

func (*Command) ServeHTTP 

func (c *Command) ServeHTTP(w http.ResponseWriter, r *http.Request)

type Daemon 

type Daemon struct {
	Version   string
	StartTime time.Time
	// contains filtered or unexported fields
}

A Daemon listens for requests and routes them to the right command

func New 

func New(opts *Options) (*Daemon, error)

func (*Daemon) CanStandby 

func (d *Daemon) CanStandby() bool

func (*Daemon) Dying 

func (d *Daemon) Dying() <-chan struct{}

func (*Daemon) Err added in v1.16.0 

func (d *Daemon) Err() error

Err returns the death reason, or ErrStillAlive if the tomb is not in a dying or dead state.

func (*Daemon) HandleRestart 

func (d *Daemon) HandleRestart(t restart.RestartType)

HandleRestart implements overlord.RestartBehavior.

func (*Daemon) Init 

func (d *Daemon) Init() error

Init sets up the Daemon's internal workings. Don't call more than once.

func (*Daemon) Overlord 

func (d *Daemon) Overlord() *overlord.Overlord

func (*Daemon) RebootAsExpected added in v1.16.0 

func (d *Daemon) RebootAsExpected(st *state.State) error

RebootAsExpected implements part of overlord.RestartBehavior.

func (*Daemon) RebootDidNotHappen added in v1.16.0 

func (d *Daemon) RebootDidNotHappen(st *state.State) error

RebootDidNotHappen implements part of overlord.RestartBehavior.

func (*Daemon) SetDegradedMode 

func (d *Daemon) SetDegradedMode(err error)

SetDegradedMode puts the daemon into a degraded mode which will the error given in the "err" argument for commands that are not marked as readonlyOK.

This is useful to report errors to the client when the daemon cannot work because e.g. a sanity check failed or the system is out of diskspace.

When the system is fine again calling "DegradedMode(nil)" is enough to put the daemon into full operation again.

func (*Daemon) SetServiceArgs 

func (d *Daemon) SetServiceArgs(serviceArgs map[string][]string) error

SetServiceArgs updates the specified service commands by replacing existing arguments with the newly specified arguments.

func (*Daemon) Start 

func (d *Daemon) Start() error

func (*Daemon) Stop 

func (d *Daemon) Stop(sigCh chan<- os.Signal) error

Stop shuts down the Daemon.

type MetricsAccess added in v1.19.0 

type MetricsAccess struct{}

MetricsAccess allows incoming requests over unix domain sockets, HTTP and HTTPS. In the case of unix domain sockets and HTTPS, access is granted if the user is valid and has the MetricsAccess, ReadAccess or AdminAccess role. If HTTP is used, access is only available for a valid user with the MetricsAccess user role (to restrict the credentials we are exposing over the clear text channel).

func (MetricsAccess) CheckAccess added in v1.19.0 

func (ac MetricsAccess) CheckAccess(d *Daemon, r *http.Request, user *UserState) Response

type OpenAccess added in v1.9.0 

type OpenAccess struct{}

OpenAccess allows all incoming requests over unix domain sockets, HTTP and HTTPS, even without user credentials (or invalid credentials).

func (OpenAccess) CheckAccess added in v1.9.0 

func (ac OpenAccess) CheckAccess(d *Daemon, r *http.Request, user *UserState) Response

type Options 

type Options struct {
	// Dir is the pebble directory where all setup is found. Defaults to /var/lib/pebble/default.
	Dir string

	// LayersDir is an optional path for the layers directory.
	// Defaults to "layers" inside the pebble directory.
	LayersDir string

	// TLSDir is an optional path for where the TLS manager persists PEM files.
	// Defaults to "tls" inside the pebble directory.
	TLSDir string

	// IDSigner is a private key representing the identity of a Pebble
	// instance (machine, container or device), which implements the
	// tlsstate.IDSigner interface (for digest signing).
	IDSigner tlsstate.IDSigner

	// SocketPath is an optional path for the unix socket used for the client
	// to communicate with the daemon. Defaults to a hidden (dotted) name inside
	// the pebble directory.
	SocketPath string

	// HTTPAddress is the address for the plain HTTP API server, for example
	// ":4000" to listen on any address, port 4000. If not set, the HTTP API
	// server is not started.
	HTTPAddress string

	// HTTPSAddress is the address for the HTTPS API server, for example
	// ":8443" to listen on any address, port 8443. If not set, the HTTPS
	// API server is not started.
	HTTPSAddress string

	// ServiceOuput is an optional io.Writer for the service log output, if set, all services
	// log output will be written to the writer.
	ServiceOutput io.Writer

	// OverlordExtension is an optional interface used to extend the capabilities
	// of the Overlord.
	OverlordExtension overlord.Extension

	// Persist specifies whether the state should be persisted to disk.
	Persist overlord.PersistMode
}

Options holds the daemon setup required for the initialization of a new daemon.

type PairingAccess added in v1.26.0 

type PairingAccess struct{}

PairingAccess is only intended for use as an access checker for the pairing endpoint. This access checker allows a new mTLS client identity to be forwarded to the pairing manager, without identity verification. This access checker will only allow pairing requests while the pairing manager has its pairing window enabled, which typically involves a proof of server ownership procedure, such as a controlled power cycle or button press.

func (PairingAccess) CheckAccess added in v1.26.0 

func (ac PairingAccess) CheckAccess(d *Daemon, r *http.Request, user *UserState) Response

type RebootMode 

type RebootMode int
const (
	// Reboot uses systemd
	SystemdMode RebootMode = iota + 1
	// Reboot uses direct kernel syscalls
	SyscallMode
	// Reboot is handled externally after the daemon stops
	ExternalMode
)

type Response 

type Response interface {
	ServeHTTP(w http.ResponseWriter, r *http.Request)
}

Response knows how to serve itself, and how to find itself

func AsyncResponse 

func AsyncResponse(result map[string]any, change string) Response

func ErrorResponse added in v1.5.0 

func ErrorResponse(status int, format string, v ...any) Response

ErrorResponse builds an error Response that returns the status and formatted message.

If no arguments are provided, formatting is disabled, and the format string is used as is and not interpreted in any way.

func SyncResponse 

func SyncResponse(result any) Response

type ResponseFunc 

type ResponseFunc func(*Command, *http.Request, *UserState) Response

A ResponseFunc handles one of the individual verbs for a method

type ResponseType 

type ResponseType string
const (
	ResponseTypeSync  ResponseType = "sync"
	ResponseTypeAsync ResponseType = "async"
	ResponseTypeError ResponseType = "error"
)

type TransportType added in v1.22.0 

type TransportType int

TransportType defines the possible API transport types we support. The type can be extracted from the http.Request using RequestTransportType. 

const (
	TransportTypeUnknown TransportType = iota // Must be zero value => 0
	TransportTypeUnixSocket
	TransportTypeHTTP
	TransportTypeHTTPS
)

func RequestTransportType added in v1.22.0 

func RequestTransportType(r *http.Request) TransportType

RequestTransportType extracts the transport type of the HTTP request. If the transport cannot be found in the context, it returns the zero value TransportTypeUnknown.

func (TransportType) IsConcealed added in v1.22.0 

func (t TransportType) IsConcealed() bool

IsConcealed returns true if the transport type is either encrypted (HTTPS) or if its local to the device (Unix Domain Socket).

func (TransportType) IsValid added in v1.22.0 

func (t TransportType) IsValid() bool

IsValid reports whether the transport type is valid.

func (TransportType) String added in v1.22.0 

func (t TransportType) String() string

String returns a string representation of the transport type.

type TransportTypeKey added in v1.22.0 

type TransportTypeKey struct{}

Used with context.WithValue as the key.

type Ucrednet added in v1.9.0 

type Ucrednet struct {
	Pid    int32
	Uid    uint32
	Socket string
}

func (*Ucrednet) String added in v1.9.0 

func (un *Ucrednet) String() string

type UserAccess added in v1.9.0 

type UserAccess struct{}

UserAccess only allows incoming requests over unix domain sockets and HTTPS, and only if the user is valid and has the ReadAccess or AdminAccess role.

func (UserAccess) CheckAccess added in v1.9.0 

func (ac UserAccess) CheckAccess(d *Daemon, r *http.Request, user *UserState) Response

type UserState 

type UserState struct {
	Access   state.IdentityAccess
	UID      *uint32
	Username string
}

UserState represents the state of an authenticated API user.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.