Documentation
¶
Index ¶
- Constants
- func AutoRestart(logger *lalog.Logger, logActorName string, fun func() error)
- func ClearDedupBuffersInBackground()
- func CopyNonEssentialUtilitiesInBackground(logger *lalog.Logger)
- func DecryptFile(filePath string)
- func DisableConflicts(logger *lalog.Logger)
- func DumpGoroutinesOnInterrupt()
- func EncryptFile(filePath string)
- func GAEDaemonList(logger *lalog.Logger) string
- func GetConfig(logger *lalog.Logger, pwdServer bool, pwdServerPort int, pwdServerURL string, ...) []byte
- func GetUnlockingPassword(ctx context.Context, useTLS bool, logger *lalog.Logger, ...) string
- func GetUnlockingPasswordWithRetry(ctx context.Context, useTLS bool, logger *lalog.Logger, serverAddrs ...string) string
- func HandleDaemonSignals()
- func HandleSecurityDataUtil(dataUtil, dataUtilFile string, logger *lalog.Logger)
- func HandleTCPOverDNSClient(logger *lalog.Logger, proxyOpts ProxyCLIOptions)
- func InitialiseAWS()
- func InstallOptionalLoggerSQSCallback(logger *lalog.Logger, sqsURL string)
- func ReseedPseudoRandAndInBackground(logger *lalog.Logger)
- func StartProfilingServer(logger *lalog.Logger, pprofHTTPPort int)
- func SyncInBackground(logger *lalog.Logger)
- type LogWarningCallbackQueueMessageBody
- type ProxyCLIOptions
Constants ¶
const ( // AppEngineDataDir is the relative path to a data directory that contains config files and data files required for launching laitos program // on GCP app engine. AppEngineDataDir = "./gcp_appengine_data" )
const ( // PasswdRPCTimeout is the timeout used by gRPC client when performing operations involving IO, such as creating gRPC connection, // invoking RPC functions, etc. PasswdRPCTimeout = 5 * time.Second )
Variables ¶
This section is empty.
Functions ¶
func AutoRestart ¶
AutoRestartFunc runs the input function and restarts it when it returns an error, subjected to increasing delay of up to 60 seconds between each restart. If the input function crashes in a panic, there won't be an auto-restart. The function returns to the caller only after the input function returns nil.
func ClearDedupBuffersInBackground ¶
func ClearDedupBuffersInBackground()
ClearDedupBuffersInBackground periodically clears the global LRU buffers used for de-duplicating log messages.
func CopyNonEssentialUtilitiesInBackground ¶
CopyNonEssentialUtilitiesInBackground immediately copies utility programs that are not essential but helpful to certain toolbox features and daemons, and then continues in background at regular interval (1 hour).
func DecryptFile ¶
func DecryptFile(filePath string)
DecryptFile is a distinct routine of laitos main program, it reads password from standard input and uses it to decrypt the input file in-place.
func DisableConflicts ¶
DisableConflicts prevents system daemons from conflicting with laitos, this is usually done by disabling them.
func DumpGoroutinesOnInterrupt ¶
func DumpGoroutinesOnInterrupt()
DumpGoroutinesOnInterrupt installs an interrupt signal handler that dumps all goroutine traces to standard error.
func EncryptFile ¶
func EncryptFile(filePath string)
EncryptFile is a distinct routine of laitos main program, it reads password from standard input and uses it to encrypt the input file in-place.
func GAEDaemonList ¶
GAEDaemonList changes the PWD to App Engine's data directory and then returns the new comma-separated daemon list from the daemonList file. If laitos is not running on App Engine then the function does nothing and returns an empty string.
func GetConfig ¶
func GetConfig(logger *lalog.Logger, pwdServer bool, pwdServerPort int, pwdServerURL string, passwordUnlockServers string) []byte
GetConfig returns the laitos program configuration content (JSON) by retrieving it from program environment, or a text file. If the text file is encrypted, the function will retrieve its encryption password from STDIN, password unlocking server, or a web server for password input, and then return the text file decrypted.
func GetUnlockingPassword ¶
func GetUnlockingPassword(ctx context.Context, useTLS bool, logger *lalog.Logger, challengeStr, serverAddr string) string
GetUnlockingPassword uses a gRPC client to contact the gRPC server, registering intent to obtain unlocking password and then attempts to obtain the unlock password immediately. If a password is available and hence obtained, the function will return the password string. If no password is available or an IO error occurs, the function will return an empty string.
func GetUnlockingPasswordWithRetry ¶
func GetUnlockingPasswordWithRetry(ctx context.Context, useTLS bool, logger *lalog.Logger, serverAddrs ...string) string
GetUnlockingPasswordWithRetry contacts each of the gRPC servers, it registered an intent to obtain unlocking password for laitos program data and config files, and retries until this password is available and subsequently obtained. The function blocks caller until a password has been obtained or the input context is cancelled. The default source of PRNG must be seeded prior to calling this function.
func HandleDaemonSignals ¶
func HandleDaemonSignals()
HandleDaemonSignals ignores signals irrelevant to daemon operation.
func HandleSecurityDataUtil ¶
HandleSecurityDataUtil the main routine of data file maintenance utilities.
func HandleTCPOverDNSClient ¶
func HandleTCPOverDNSClient(logger *lalog.Logger, proxyOpts ProxyCLIOptions)
func InitialiseAWS ¶
func InitialiseAWS()
func InstallOptionalLoggerSQSCallback ¶
InstallOptionalLoggerSQSCallback installs a global callback function for all laitos loggers to forward a copy of each warning log entry to AWS SQS. This behaviour is enabled optionally by specifying the queue URL in environment variable LAITOS_SEND_WARNING_LOG_TO_SQS_URL.
func ReseedPseudoRandAndInBackground ¶
ReseedPseudoRandAndInBackground seeds the default PRNG using a cryptographically-secure RNG, and then spawns a background goroutine to continuously reseeds the default PRNG at regular interval. This function helps securing several laitos program components that depend on the default PRNG, therefore, it should be invoked at or near the start of the main function.
func StartProfilingServer ¶
StartProfilingServer starts an HTTP server on localhost to serve program profiling data
func SyncInBackground ¶
Types ¶
type LogWarningCallbackQueueMessageBody ¶
type LogWarningCallbackQueueMessageBody struct {
UnixNanoSec int64 `json:"unix_nano_sec"`
UnixSec int64 `json:"unix_sec"`
ComponentName string `json:"component_name"`
ComponentID string `json:"component_id"`
FunctionName string `json:"function_name"`
ActorName string `json:"actor_name"`
Error error `json:"error"`
Message string `json:"message"`
}
LogWarningCallbackQueueMessageBody contains details of a warning log entry, ready to be serialised into JSON for sending as an SQS message.
func (LogWarningCallbackQueueMessageBody) GetJSON ¶
func (messageBody LogWarningCallbackQueueMessageBody) GetJSON() []byte
GetJSON returns the message body serialised into JSON.
type ProxyCLIOptions ¶
type ProxyCLIOptions struct {
// Port number of the local HTTP(s) proxy server.
Port int
// Debug turns on debug output for both the initiator (local) and responder
// (remote) transmission control.
Debug bool
// EnableDNSRelay starts a recursive resolver on 127.0.0.12:53 to relay
// DNS queries to laitos DNS server over TCP-over-DNS.
EnableDNSRelay bool
// RecursiveResolverAddress is the address of a local or public recursive
// resolver (ip:port).
RecursiveResolverAddress string
// SegmentLenth is the maximum segment length of the initiator's
// transmission controls.
MaxSegmentLength int
// LaitosDNSName is the laitos DNS server's DNS name.
LaitosDNSName string
// AccessOTPSecret is the proxy OTP secret for laitos DNS server to
// authorise this client's connection requests.
AccessOTPSecret string
// EnableTXT enables using DNS TXT records in place of CNAME records to
// carry transmission control segments. TXT records have significantly more
// capacity and bandwidth.
EnableTXT bool
// DownstreamSegmentLength is used for configuring the responder (remote)
// transmission control's segment length. This enables better utilisation
// of available bandwidth when the upstream and downstream have asymmetric
// capacity.
// If CNAME is used as carrier then the upstream and downstream segment
// length must be identical. If TXT is used as carrier then the downstream
// length can be up to ~5 times the upstream length.
DownstreamSegmentLength int
}
ProxyCLIOptions encapsulates CLI options for the TCP-over-DNS proxy client.
Source Files