Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(windows-client): proof of concept for installing a system service with WiX #4903

Merged
merged 26 commits into from May 13, 2024
Merged

chore(windows-client): proof of concept for installing a system service with WiX #4903

merged 26 commits into from May 13, 2024

Conversation

ReactorScram
Copy link
Collaborator

@ReactorScram ReactorScram commented May 7, 2024
edited

Before merging

Edit tasklist title
Beta Give feedback Tasklist Before merging, more options

Delete tasklist

Delete tasklist block?
Are you sure? All relationships in this tasklist will be removed.
  1. Make sure the service auto-starts
    Options
  2. Make the process idle and report its status to Windows properly using https://github.com/mullvad/windows-service-rs
    Options
  3. DRY log dir code
    Options
  4. Figure out where service logs will go and how the GUI will zip them
    Options
  5. Make sure the service gets a shut down signal from Windows (this is hard to catch in the Tauri GUI)
    Options
  6. Make sure the service restarts when Firezone is updated
    Options
  7. Make sure the service is stopped and un-installed when Firezone is un-installed
    Options
  8. Add test to install the MSI and check that the service runs
    Options
  9. (will move to another PR) Clean up function names
    Options
  10. Make sure the Linux GUI was not broken by refactoring
    Options

@ReactorScram ReactorScram added the area/windows_client Issues related to the Windows client label May 7, 2024
@ReactorScram ReactorScram self-assigned this May 7, 2024
@vercel Vercel
Copy link

vercel bot commented May 7, 2024
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
firezone ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 10, 2024 7:20pm

@github-actions github-actions bot added the kind/chore Issues related to repository cleanup or maintenance label May 7, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented May 7, 2024
edited

Terraform Cloud Plan Output

Plan: 15 to add, 15 to change, 15 to destroy.

Terraform Cloud Plan

@github-actions GitHub Actions
Copy link

github-actions bot commented May 7, 2024
edited

Performance Test Results

TCP

Test Name Received/s Sent/s Retransmits
direct-tcp-client2server 239.3 MiB (-1%) 241.0 MiB (-1%) 265 (+10%)
direct-tcp-server2client 237.6 MiB (-2%) 239.4 MiB (-2%) 182 (-15%)
relayed-tcp-client2server 222.9 MiB (-0%) 223.9 MiB (+0%) 310 (+26%)
relayed-tcp-server2client 249.3 MiB (+4%) 250.2 MiB (+4%) 340 (-3%)

UDP

Test Name Total/s Jitter Lost
direct-udp-client2server 500.0 MiB (+0%) 0.02ms (-2%) 41.72% (-10%)
direct-udp-server2client 500.0 MiB (-0%) 0.02ms (-57%) 20.51% (-0%)
relayed-udp-client2server 500.0 MiB (+0%) 0.09ms (+103%) 56.44% (+4%)
relayed-udp-server2client 500.0 MiB (-0%) 0.01ms (-65%) 39.14% (-1%)

@ReactorScram ReactorScram mentioned this pull request May 7, 2024
Closed
@ReactorScram ReactorScram mentioned this pull request May 7, 2024
Closed
@ReactorScram
refactor(gui-client): move known_dirs module into headless-client
618c941 
I'm going to want a well-known dir that the Windows IPC service writes logs to,
and that the Windows GUI can pick them up from.

I don't know how I did this for Linux last week, but it should probably be in
here too.
@ReactorScram
fix Linux build
442e01c
@ReactorScram ReactorScram changed the base branch from main to refactor/move-known-dirs May 8, 2024 13:48
ReactorScram
ReactorScram commented May 8, 2024
View reviewed changes
rust/gui-client/docs/intended_behavior.md
@@ -39,7 +39,7 @@ Best performed on a clean VM
1. Export the logs
1. Expect the zip file to start with "firezone_logs_"
1. Expect `zipinfo` to show a single directory in the root of the zip, to prevent zip bombing
1. Expect two subdirectories in the zip, "connlib", and "app", each with 3 files, totalling 6 files
1. Expect two subdirectories in the zip, "connlib", and "app", with 3 and 2 files respectively, totalling 5 files
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure why this had 6 files before. I have two hypotheses:

  1. I had been clicking on the notification to test the single-instance behavior, that could create a 3rd log file
  2. Maybe the deep link used to write a log file and stopped recently

The 5 files should be correct now though:

  1. The IPC service runs when it's first installed
  2. After you reboot, the IPC service runs again
  3. Then the GUI runs
  4. Then there's another reboot, and the IPC service runs again
  5. Then the GUI runs again

A 6th file would have to come from somewhere odd.

@ReactorScram ReactorScram marked this pull request as ready for review May 8, 2024 19:57
Base automatically changed from refactor/move-known-dirs to main May 8, 2024 20:42
@ReactorScram ReactorScram mentioned this pull request May 9, 2024
Merged
conectado
conectado reviewed May 9, 2024
View reviewed changes
Copy link
Collaborator

@conectado conectado left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a few comments, nothing major but is there an issue corresponding to this PR? I'm not familiar with what WiX is

rust/headless-client/src/imp_linux.rs
let (layer, _handle) = cli.log_dir.as_deref().map(file_logger::layer).unzip();
setup_global_subscriber(layer);
tracing::info!(git_version = crate::GIT_VERSION);

if !nix::unistd::getuid().is_root() {
anyhow::bail!("This is the IPC service binary, it's not meant to run interactively.");
}
run_ipc_service(cli)
let rt = tokio::runtime::Runtime::new()?;
let (_shutdown_tx, shutdown_rx) = mpsc::channel(1);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this channel doesn't seem to be used anywhere

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's only there to match the signature of the Windows implementation. On Windows it signals from the main thread (which handles requests from the Windows service controller) to the service function (which Windows forces to run in a worker thread) telling our service function to exit.

There is probably a way to move the caller into the platform-specific files, or replace the shutdown channel with a poll function, but I'm not sure how to do it from here.

rust/headless-client/src/known_dirs.rs Outdated Show resolved Hide resolved
rust/headless-client/src/imp_windows.rs Show resolved Hide resolved
rust/headless-client/src/imp_windows.rs Outdated
ServiceControl::SessionChange(_) => ServiceControlHandlerResult::NotImplemented,
ServiceControl::TimeChange => ServiceControlHandlerResult::NotImplemented,
ServiceControl::TriggerEvent => ServiceControlHandlerResult::NotImplemented,
_ => todo!(),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we just match all the above here with NotImplemented?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep. The enum is non-exhaustive so I had to keep the _ and stick the others together with |. Otherwise it would run afoul of the linter.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but we could just remove all the previous NotImplemented matches and just match _ => NotImplemented

rust/headless-client/src/imp_windows.rs
shutdown_rx: mpsc::Receiver<()>,
) -> Result<()> {
tracing::info!("run_ipc_service");
rt.block_on(async { ipc_listen(cli, shutdown_rx).await })
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we move shutdown_rx.recv().await here?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe. I did it this way to match the Linux impl, but actually in both cases I could inline the async fn into an async block. All that this does is wrap block_on and save one layer of indentation.

@ReactorScram
Copy link
Collaborator Author

@conectado Yes, the related issue is #4899. I couldn't find a way to make Windows automatically delete the DNS rules when we exit, and this was causing problems when the system reboots. By running this background service, we can just clear our own rules on boot. And we'll need the service soon anyway for #3712

@ReactorScram
Copy link
Collaborator Author

And WiX is a toolkit from Microsoft that uses an XML schema to generate MSI installers. Tauri uses it internally, so I took it apart a little bit to add our background service. https://wixtoolset.org/docs/v3/

@conectado
Copy link
Collaborator

@conectado Yes, the related issue is #4899. I couldn't find a way to make Windows automatically delete the DNS rules when we exit, and this was causing problems when the system reboots. By running this background service, we can just clear our own rules on boot. And we'll need the service soon anyway for #3712

oh so this service would only delete our NRPT rules?

@ReactorScram
Copy link
Collaborator Author

@conectado Yeah #4918 builds on this to delete the NRPT rules, and that'll close #4899.
In this PR I just added a do-nothing placeholder for the service. #4918 could be squashed into this one, it's only a few lines.

conectado
conectado approved these changes May 10, 2024
View reviewed changes
Copy link
Collaborator

@conectado conectado left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ReactorScram ReactorScram added this pull request to the merge queue May 13, 2024
Merged via the queue into main with commit 5814efc May 13, 2024
135 checks passed
@ReactorScram ReactorScram deleted the chore/windows-service-poc branch May 13, 2024 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conectado conectado conectado approved these changes

Assignees

@ReactorScram ReactorScram

Labels
area/windows_client Issues related to the Windows client kind/chore Issues related to repository cleanup or maintenance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ReactorScram @conectado