feat(cli): add p2p diagnostics to ping

ethanndickson · ethanndickson · commit 047e8717c800 · 2024-08-27T05:41:04.000Z
diff --git a/agent/api.go b/agent/api.go
@@ -37,6 +37,7 @@ func (a *agent) apiHandler() http.Handler {
 	}
 	promHandler := PrometheusMetricsHandler(a.prometheusRegistry, a.logger)
 	r.Get("/api/v0/listening-ports", lp.handler)
+	r.Get("/api/v0/netcheck", a.HandleNetcheck)
 	r.Get("/debug/logs", a.HandleHTTPDebugLogs)
 	r.Get("/debug/magicsock", a.HandleHTTPDebugMagicsock)
 	r.Get("/debug/magicsock/debug-logging/{state}", a.HandleHTTPMagicsockDebugLoggingState)
diff --git a/agent/health.go b/agent/health.go
@@ -0,0 +1,31 @@
+package agent
+
+import (
+	"net/http"
+
+	"github.com/coder/coder/v2/coderd/healthcheck/health"
+	"github.com/coder/coder/v2/coderd/httpapi"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
+)
+
+func (a *agent) HandleNetcheck(rw http.ResponseWriter, r *http.Request) {
+	ni := a.TailnetConn().GetNetInfo()
+
+	ifReport, err := healthsdk.RunInterfacesReport()
+	if err != nil {
+		httpapi.Write(r.Context(), rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to run interfaces report",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	httpapi.Write(r.Context(), rw, http.StatusOK, healthsdk.AgentNetcheckReport{
+		BaseReport: healthsdk.BaseReport{
+			Severity: health.SeverityOK,
+		},
+		NetInfo:    ni,
+		Interfaces: ifReport,
+	})
+}
diff --git a/cli/cliui/agent.go b/cli/cliui/agent.go
@@ -10,8 +10,11 @@ import (
 
 	"github.com/google/uuid"
 	"golang.org/x/xerrors"
+	"tailscale.com/tailcfg"
 
 	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
 	"github.com/coder/coder/v2/tailnet"
 )
 
@@ -346,3 +349,49 @@ func PeerDiagnostics(w io.Writer, d tailnet.PeerDiagnostics) {
 		_, _ = fmt.Fprint(w, "✘ Wireguard is not connected\n")
 	}
 }
+
+type ConnDiags struct {
+	ConnInfo        *workspacesdk.AgentConnectionInfo
+	PingP2P         bool
+	LocalNetInfo    *tailcfg.NetInfo
+	LocalInterfaces *healthsdk.InterfacesReport
+	AgentNetcheck   *healthsdk.AgentNetcheckReport
+	// TODO: More diagnostics
+}
+
+func ConnDiagnostics(w io.Writer, d ConnDiags) {
+	if d.AgentNetcheck != nil {
+		for _, msg := range d.AgentNetcheck.Interfaces.Warnings {
+			_, _ = fmt.Fprintf(w, "❗ Agent: %s\n", msg.Message)
+		}
+	}
+
+	if d.LocalInterfaces != nil {
+		for _, msg := range d.LocalInterfaces.Warnings {
+			_, _ = fmt.Fprintf(w, "❗ Client: %s\n", msg.Message)
+		}
+	}
+
+	if d.PingP2P {
+		_, _ = fmt.Fprint(w, "✔ You are connected directly, peer-to-peer (p2p)\n")
+		return
+	}
+	_, _ = fmt.Fprint(w, "❗ You are connected via a DERP relay, not directly, peer-to-peer (p2p)\n")
+
+	if d.ConnInfo != nil && d.ConnInfo.DisableDirectConnections {
+		_, _ = fmt.Fprint(w, "❗ Your Coder administrator has blocked direct connections\n")
+		return
+	}
+
+	if d.ConnInfo != nil && d.ConnInfo.DERPMap != nil && !d.ConnInfo.DERPMap.HasSTUN() {
+		_, _ = fmt.Fprint(w, "✘ The DERP map is not configured to use STUN, which will prevent direct connections from starting outside of local networks\n")
+	}
+
+	if d.LocalNetInfo != nil && d.LocalNetInfo.MappingVariesByDestIP.EqualBool(true) {
+		_, _ = fmt.Fprint(w, "❗ Client is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers\n")
+	}
+
+	if d.AgentNetcheck != nil && d.AgentNetcheck.NetInfo != nil && d.AgentNetcheck.NetInfo.MappingVariesByDestIP.EqualBool(true) {
+		_, _ = fmt.Fprint(w, "❗ Agent is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers\n")
+	}
+}
diff --git a/cli/cliui/agent_test.go b/cli/cliui/agent_test.go
@@ -20,8 +20,11 @@ import (
 
 	"github.com/coder/coder/v2/cli/clitest"
 	"github.com/coder/coder/v2/cli/cliui"
+	"github.com/coder/coder/v2/coderd/healthcheck/health"
 	"github.com/coder/coder/v2/coderd/util/ptr"
 	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
 	"github.com/coder/coder/v2/tailnet"
 	"github.com/coder/coder/v2/testutil"
 	"github.com/coder/serpent"
@@ -672,3 +675,139 @@ func TestPeerDiagnostics(t *testing.T) {
 		})
 	}
 }
+
+func TestConnDiagnostics(t *testing.T) {
+	t.Parallel()
+	testCases := []struct {
+		name  string
+		diags cliui.ConnDiags
+		want  []*regexp.Regexp
+	}{
+		{
+			name: "Direct",
+			diags: cliui.ConnDiags{
+				ConnInfo:     &workspacesdk.AgentConnectionInfo{},
+				PingP2P:      true,
+				LocalNetInfo: &tailcfg.NetInfo{},
+			},
+			want: []*regexp.Regexp{
+				regexp.MustCompile(`^✔ You are connected directly, peer-to-peer \(p2p\)$`),
+			},
+		},
+		{
+			name: "DirectBlocked",
+			diags: cliui.ConnDiags{
+				ConnInfo: &workspacesdk.AgentConnectionInfo{
+					DisableDirectConnections: true,
+				},
+			},
+			want: []*regexp.Regexp{
+				regexp.MustCompile(`^❗ You are connected via a DERP relay, not directly, peer-to-peer \(p2p\)$`),
+				regexp.MustCompile(`^❗ Your Coder administrator has blocked direct connections$`),
+			},
+		},
+		{
+			name: "NoStun",
+			diags: cliui.ConnDiags{
+				ConnInfo: &workspacesdk.AgentConnectionInfo{
+					DERPMap: &tailcfg.DERPMap{},
+				},
+				LocalNetInfo: &tailcfg.NetInfo{},
+			},
+			want: []*regexp.Regexp{
+				regexp.MustCompile(`^❗ You are connected via a DERP relay, not directly, peer-to-peer \(p2p\)$`),
+				regexp.MustCompile(`^✘ The DERP map is not configured to use STUN, which will prevent direct connections from starting outside of local networks$`),
+			},
+		},
+		{
+			name: "ClientHardNat",
+			diags: cliui.ConnDiags{
+				LocalNetInfo: &tailcfg.NetInfo{
+					MappingVariesByDestIP: "true",
+				},
+			},
+			want: []*regexp.Regexp{
+				regexp.MustCompile(`^❗ You are connected via a DERP relay, not directly, peer-to-peer \(p2p\)$`),
+				regexp.MustCompile(`^❗ Client is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers$`),
+			},
+		},
+		{
+			name: "AgentHardNat",
+			diags: cliui.ConnDiags{
+				ConnInfo:     &workspacesdk.AgentConnectionInfo{},
+				PingP2P:      false,
+				LocalNetInfo: &tailcfg.NetInfo{},
+				AgentNetcheck: &healthsdk.AgentNetcheckReport{
+					NetInfo: &tailcfg.NetInfo{MappingVariesByDestIP: "true"},
+				},
+			},
+			want: []*regexp.Regexp{
+				regexp.MustCompile(`^❗ You are connected via a DERP relay, not directly, peer-to-peer \(p2p\)$`),
+				regexp.MustCompile(`^❗ Agent is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers$`),
+			},
+		},
+		{
+			name: "AgentInterfaceWarnings",
+			diags: cliui.ConnDiags{
+				PingP2P: true,
+				AgentNetcheck: &healthsdk.AgentNetcheckReport{
+					Interfaces: healthsdk.InterfacesReport{
+						BaseReport: healthsdk.BaseReport{
+							Warnings: []health.Message{
+								health.Messagef(health.CodeInterfaceSmallMTU, "network interface eth0 has MTU 1280, (less than 1378), which may cause problems with direct connections"),
+							},
+						},
+					},
+				},
+			},
+			want: []*regexp.Regexp{
+				regexp.MustCompile(`^❗ Agent: network interface eth0 has MTU 1280, \(less than 1378\), which may cause problems with direct connections$`),
+				regexp.MustCompile(`^✔ You are connected directly, peer-to-peer \(p2p\)$`),
+			},
+		},
+		{
+			name: "LocalInterfaceWarnings",
+			diags: cliui.ConnDiags{
+				PingP2P: true,
+				LocalInterfaces: &healthsdk.InterfacesReport{
+					BaseReport: healthsdk.BaseReport{
+						Warnings: []health.Message{
+							health.Messagef(health.CodeInterfaceSmallMTU, "network interface eth1 has MTU 1310, (less than 1378), which may cause problems with direct connections"),
+						},
+					},
+				},
+			},
+			want: []*regexp.Regexp{
+				regexp.MustCompile(`^❗ Client: network interface eth1 has MTU 1310, \(less than 1378\), which may cause problems with direct connections$`),
+				regexp.MustCompile(`^✔ You are connected directly, peer-to-peer \(p2p\)$`),
+			},
+		},
+	}
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			r, w := io.Pipe()
+			go func() {
+				defer w.Close()
+				cliui.ConnDiagnostics(w, tc.diags)
+			}()
+			s := bufio.NewScanner(r)
+			i := 0
+			got := make([]string, 0)
+			for s.Scan() {
+				got = append(got, s.Text())
+				if i < len(tc.want) {
+					reg := tc.want[i]
+					if reg.Match(s.Bytes()) {
+						i++
+					}
+				}
+			}
+			if i < len(tc.want) {
+				t.Logf("failed to match regexp: %s\ngot:\n%s", tc.want[i].String(), strings.Join(got, "\n"))
+				t.FailNow()
+			}
+		})
+	}
+}
diff --git a/cli/ping.go b/cli/ping.go
@@ -2,7 +2,9 @@ package cli
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"net/http"
 	"time"
 
 	"golang.org/x/xerrors"
@@ -14,6 +16,7 @@ import (
 
 	"github.com/coder/coder/v2/cli/cliui"
 	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
 	"github.com/coder/coder/v2/codersdk/workspacesdk"
 	"github.com/coder/serpent"
 )
@@ -61,7 +64,8 @@ func (r *RootCmd) ping() *serpent.Command {
 			if !r.disableNetworkTelemetry {
 				opts.EnableTelemetry = true
 			}
-			conn, err := workspacesdk.New(client).DialAgent(ctx, workspaceAgent.ID, opts)
+			client := workspacesdk.New(client)
+			conn, err := client.DialAgent(ctx, workspaceAgent.ID, opts)
 			if err != nil {
 				return err
 			}
@@ -138,11 +142,38 @@ func (r *RootCmd) ping() *serpent.Command {
 				)
 
 				if n == int(pingNum) {
-					diags := conn.GetPeerDiagnostics()
-					cliui.PeerDiagnostics(inv.Stdout, diags)
-					return nil
+					break
 				}
 			}
+			ctx, cancel = context.WithTimeout(inv.Context(), 30*time.Second)
+			defer cancel()
+			diags := conn.GetPeerDiagnostics()
+			cliui.PeerDiagnostics(inv.Stdout, diags)
+
+			connDiags := cliui.ConnDiags{
+				PingP2P: didP2p,
+			}
+			connInfo, err := client.AgentConnectionInfoGeneric(ctx)
+			if err == nil {
+				connDiags.ConnInfo = &connInfo
+			}
+			ifReport, err := healthsdk.RunInterfacesReport()
+			if err == nil {
+				connDiags.LocalInterfaces = &ifReport
+			}
+			agentNetcheck, err := conn.Netcheck(ctx)
+			if err == nil {
+				connDiags.AgentNetcheck = &agentNetcheck
+			} else {
+				var sdkErr *codersdk.Error
+				if errors.As(err, &sdkErr) && sdkErr.StatusCode() == http.StatusNotFound {
+					_, _ = fmt.Fprint(inv.Stdout, "Could not generate full connection report as the workspace agent is outdated\n")
+				} else {
+					_, _ = fmt.Fprintf(inv.Stdout, "Failed to retrieve connection report from agent: %v\n", err)
+				}
+			}
+			cliui.ConnDiagnostics(inv.Stdout, connDiags)
+			return nil
 		},
 	}
 
diff --git a/codersdk/healthsdk/healthsdk.go b/codersdk/healthsdk/healthsdk.go
@@ -273,3 +273,10 @@ type ClientNetcheckReport struct {
 	DERP       DERPHealthReport `json:"derp"`
 	Interfaces InterfacesReport `json:"interfaces"`
 }
+
+// @typescript-ignore AgentNetcheckReport
+type AgentNetcheckReport struct {
+	BaseReport
+	NetInfo    *tailcfg.NetInfo `json:"net_info"`
+	Interfaces InterfacesReport `json:"interfaces"`
+}
diff --git a/codersdk/workspacesdk/agentconn.go b/codersdk/workspacesdk/agentconn.go
@@ -22,6 +22,7 @@ import (
 
 	"github.com/coder/coder/v2/coderd/tracing"
 	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
 	"github.com/coder/coder/v2/tailnet"
 )
 
@@ -241,6 +242,23 @@ func (c *AgentConn) ListeningPorts(ctx context.Context) (codersdk.WorkspaceAgent
 	return resp, json.NewDecoder(res.Body).Decode(&resp)
 }
 
+// Netcheck returns a network check report from the workspace agent.
+func (c *AgentConn) Netcheck(ctx context.Context) (healthsdk.AgentNetcheckReport, error) {
+	ctx, span := tracing.StartSpan(ctx)
+	defer span.End()
+	res, err := c.apiRequest(ctx, http.MethodGet, "/api/v0/netcheck", nil)
+	if err != nil {
+		return healthsdk.AgentNetcheckReport{}, xerrors.Errorf("do request: %w", err)
+	}
+	defer res.Body.Close()
+	if res.StatusCode != http.StatusOK {
+		return healthsdk.AgentNetcheckReport{}, codersdk.ReadBodyAsError(res)
+	}
+
+	var resp healthsdk.AgentNetcheckReport
+	return resp, json.NewDecoder(res.Body).Decode(&resp)
+}
+
 // DebugMagicsock makes a request to the workspace agent's magicsock debug endpoint.
 func (c *AgentConn) DebugMagicsock(ctx context.Context) ([]byte, error) {
 	ctx, span := tracing.StartSpan(ctx)
diff --git a/tailnet/conn.go b/tailnet/conn.go

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@ func (a *agent) apiHandler() http.Handler {`
`37`	`37`	`}`
`38`	`38`	`promHandler := PrometheusMetricsHandler(a.prometheusRegistry, a.logger)`
`39`	`39`	`r.Get("/api/v0/listening-ports", lp.handler)`
	`40`	`+ r.Get("/api/v0/netcheck", a.HandleNetcheck)`
`40`	`41`	`r.Get("/debug/logs", a.HandleHTTPDebugLogs)`
`41`	`42`	`r.Get("/debug/magicsock", a.HandleHTTPDebugMagicsock)`
`42`	`43`	`r.Get("/debug/magicsock/debug-logging/{state}", a.HandleHTTPMagicsockDebugLoggingState)`