balena-supervisor/sync/device.ts

import * as Docker from 'dockerode';
import { Dockerfile } from 'livepush';
import * as _ from 'lodash';
import { Builder } from 'resin-docker-build';

import { promises as fs } from 'fs';
import * as Path from 'path';
import { Readable } from 'stream';
import * as tar from 'tar-stream';
import * as readline from 'readline';

import { exec } from '../src/lib/fs-utils';

export function getDocker(deviceAddress: string): Docker {
	return new Docker({
		host: deviceAddress,
		// TODO: Make this configurable
		port: 2375,
	});
}

export async function getSupervisorContainer(
	docker: Docker,
	requireRunning: boolean = false,
): Promise<Docker.ContainerInfo> {
	// First get the supervisor container id
	const containers = await docker.listContainers({
		filters: { name: ['balena_supervisor', 'resin_supervisor'] },
		all: !requireRunning,
	});

	if (containers.length !== 1) {
		throw new Error('supervisor container not found');
	}
	return containers[0];
}

export async function getDeviceArch(docker: Docker): Promise<string> {
	try {
		const supervisorContainer = await getSupervisorContainer(docker);
		const arch = supervisorContainer.Labels?.['io.balena.architecture'];
		if (arch == null) {
			// We can try to inspect the image for the
			// architecture if this fails
			const match = /(amd64|i386|aarch64|armv7hf|rpi)/.exec(
				supervisorContainer.Image,
			);
			if (match != null) {
				return match[1];
			}

			throw new Error('supervisor container does not have architecture label');
		}

		return arch.trim();
	} catch (e: any) {
		throw new Error(
			`Unable to get device architecture: ${e.message}.\nTry specifying the architecture with -a.`,
		);
	}
}

export async function getCacheFrom(docker: Docker): Promise<string[]> {
	try {
		const container = await getSupervisorContainer(docker);
		return [container.Image];
	} catch {
		return [];
	}
}

// Source: https://github.com/balena-io/balena-cli/blob/f6d668684a6f5ea8102a964ca1942b242eaa7ae2/lib/utils/device/live.ts#L539-L547
function extractDockerArrowMessage(outputLine: string): string | undefined {
	const arrowTest = /^.*\s*-+>\s*(.+)/i;
	const match = arrowTest.exec(outputLine);
	if (match != null) {
		return match[1];
	}
}

export async function performBuild(
	docker: Docker,
	dockerfile: Dockerfile,
	dockerOpts: { [key: string]: any },
): Promise<string[]> {
	const builder = Builder.fromDockerode(docker);

	// tar the directory, but replace the dockerfile with the
	// livepush generated one
	const tarStream = await tarDirectory(Path.join(__dirname, '..'), dockerfile);

	return new Promise((resolve, reject) => {
		// Store the stage ids for caching
		const ids = [] as string[];
		builder.createBuildStream(dockerOpts, {
			buildSuccess: () => {
				// Return the image ids
				resolve(ids);
			},
			buildFailure: reject,
			buildStream: (input: NodeJS.ReadWriteStream) => {
				// Parse the build output to get stage ids and
				// for logging
				let lastArrowMessage: string | undefined;
				readline.createInterface({ input }).on('line', (line) => {
					// If this was a FROM line, take the last found
					// image id and save it as a stage id
					// Source: https://github.com/balena-io/balena-cli/blob/f6d668684a6f5ea8102a964ca1942b242eaa7ae2/lib/utils/device/live.ts#L300-L325
					if (
						/step \d+(?:\/\d+)?\s*:\s*FROM/i.test(line) &&
						lastArrowMessage != null
					) {
						ids.push(lastArrowMessage);
					} else {
						const msg = extractDockerArrowMessage(line);
						if (msg != null) {
							lastArrowMessage = msg;
						}
					}

					// Log the build line
					console.info(line);
				});

				// stream.pipe(bufStream);
				tarStream.pipe(input);
			},
		});
	});
}

async function tarDirectory(
	dir: string,
	dockerfile: Dockerfile,
): Promise<Readable> {
	const pack = tar.pack();

	const add = async (path: string) => {
		const entries = await fs.readdir(path);
		for (const entry of entries) {
			const newPath = Path.resolve(path, entry);
			// Here we filter the things we don't want
			if (
				newPath.includes('node_modules/') ||
				newPath.includes('.git/') ||
				newPath.includes('build/') ||
				newPath.includes('coverage/')
			) {
				continue;
			}
			// We use lstat here, otherwise an error will be
			// thrown on a symbolic link
			const stat = await fs.lstat(newPath);
			if (stat.isDirectory()) {
				await add(newPath);
			} else {
				if (newPath.endsWith('Dockerfile.template')) {
					pack.entry(
						{ name: 'Dockerfile', mode: stat.mode, size: stat.size },
						dockerfile.generateLiveDockerfile(),
					);
					continue;
				}

				pack.entry(
					{
						name: Path.relative(dir, newPath),
						mode: stat.mode,
						size: stat.size,
					},
					await fs.readFile(newPath),
				);
			}
		}
	};

	await add(dir);
	pack.finalize();
	return pack;
}

// Absolutely no escaping in this function, just be careful
async function runSshCommand(address: string, command: string) {
	// TODO: Make the port configurable
	const { stdout } = await exec(
		'ssh -p 22222 -o LogLevel=ERROR ' +
			'-o StrictHostKeyChecking=no ' +
			'-o UserKnownHostsFile=/dev/null ' +
			`root@${address} ` +
			`"${command}"`,
	);
	return stdout;
}

export async function stopSupervisor(address: string) {
	try {
		await runSshCommand(address, 'systemctl stop balena-supervisor');
	} catch {
		await runSshCommand(address, 'systemctl stop resin-supervisor');
	}
}

export async function startSupervisor(address: string) {
	try {
		await runSshCommand(address, 'systemctl start balena-supervisor');
	} catch {
		await runSshCommand(address, 'systemctl start resin-supervisor');
	}
}

export async function replaceSupervisorImage(
	address: string,
	imageName: string,
	imageTag: string,
) {
	// TODO: Maybe don't overwrite the LED file?
	const fileStr = `#This file was edited by livepush
SUPERVISOR_IMAGE=${imageName}
SUPERVISOR_TAG=${imageTag}
LED_FILE=/dev/null
`;

	return runSshCommand(
		address,
		`echo '${fileStr}' > /tmp/update-supervisor.conf`,
	);
}

export async function readBuildCache(address: string): Promise<string[]> {
	const cache = await runSshCommand(
		address,
		`cat /tmp/livepush-cache.json || true`,
	);
	return JSON.parse(cache || '[]');
}

export async function writeBuildCache(address: string, stageImages: string[]) {
	// Convert the list to JSON with escaped quotes
	const contents = JSON.stringify(stageImages).replace(/["]/g, '\\"');
	return runSshCommand(
		address,
		`echo '${contents}' > /tmp/livepush-cache.json`,
	);
}
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`import * as Docker from 'dockerode';`
			`import { Dockerfile } from 'livepush';`
			`import * as _ from 'lodash';`
			`import { Builder } from 'resin-docker-build';`

			`import { promises as fs } from 'fs';`
			`import * as Path from 'path';`
Fix livepush to work with node 16 This also improves the memory efficiency of the sync mechanism by calculating the stage ids on the fly instead of storing the full build output in memory and then parsing the string. 2022-09-20 14:56:22 +00:00			`import { Readable } from 'stream';`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`import * as tar from 'tar-stream';`
Fix livepush to work with node 16 This also improves the memory efficiency of the sync mechanism by calculating the stage ids on the fly instead of storing the full build output in memory and then parsing the string. 2022-09-20 14:56:22 +00:00			`import * as readline from 'readline';`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00
Remove mz, mkdirp, body-parser dependencies 'mz' can be safely replaced with fs.promises and util.promisify for faster native methods. 'mkdirp' after Node v8 uses native fs.mkdir, thus is redundant. 'body-parser' is deprecated and contained within express v4.x. Closes: #1567 Change-type: patch Signed-off-by: Christina Wang <christina@balena.io> 2021-04-26 19:54:04 +00:00			`import { exec } from '../src/lib/fs-utils';`

⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`export function getDocker(deviceAddress: string): Docker {`
			`return new Docker({`
			`host: deviceAddress,`
			`// TODO: Make this configurable`
			`port: 2375,`
			`});`
			`}`

			`export async function getSupervisorContainer(`
			`docker: Docker,`
			`requireRunning: boolean = false,`
			`): Promise<Docker.ContainerInfo> {`
			`// First get the supervisor container id`
			`const containers = await docker.listContainers({`
Backwards compatility changes for old resin namespaces Change-type: patch Signed-off-by: Kyle Harding <kyle@balena.io> 2021-04-30 19:59:51 +00:00			`filters: { name: ['balena_supervisor', 'resin_supervisor'] },`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`all: !requireRunning,`
			`});`

			`if (containers.length !== 1) {`
			`throw new Error('supervisor container not found');`
			`}`
			`return containers[0];`
			`}`

			`export async function getDeviceArch(docker: Docker): Promise<string> {`
			`try {`
			`const supervisorContainer = await getSupervisorContainer(docker);`
			`const arch = supervisorContainer.Labels?.['io.balena.architecture'];`
			`if (arch == null) {`
			`// We can try to inspect the image for the`
			`// architecture if this fails`
			`const match = /(amd64\|i386\|aarch64\|armv7hf\|rpi)/.exec(`
			`supervisorContainer.Image,`
			`);`
			`if (match != null) {`
			`return match[1];`
			`}`

			`throw new Error('supervisor container does not have architecture label');`
			`}`

			`return arch.trim();`
Fix livepush to work with node 16 This also improves the memory efficiency of the sync mechanism by calculating the stage ids on the fly instead of storing the full build output in memory and then parsing the string. 2022-09-20 14:56:22 +00:00			`} catch (e: any) {`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`throw new Error(`
			`Unable to get device architecture: ${e.message}.\nTry specifying the architecture with -a.`,
			`);`
			`}`
			`}`

			`export async function getCacheFrom(docker: Docker): Promise<string[]> {`
Don't require an existing supervisor container to sync Change-type: patch Signed-off-by: Cameron Diver <cameron@balena.io> 2020-10-13 09:46:23 +00:00			`try {`
			`const container = await getSupervisorContainer(docker);`
			`return [container.Image];`
			`} catch {`
			`return [];`
			`}`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`}`

Fix livepush to work with node 16 This also improves the memory efficiency of the sync mechanism by calculating the stage ids on the fly instead of storing the full build output in memory and then parsing the string. 2022-09-20 14:56:22 +00:00			`// Source: https://github.com/balena-io/balena-cli/blob/f6d668684a6f5ea8102a964ca1942b242eaa7ae2/lib/utils/device/live.ts#L539-L547`
			`function extractDockerArrowMessage(outputLine: string): string \| undefined {`
			`const arrowTest = /^.\s-+>\s*(.+)/i;`
			`const match = arrowTest.exec(outputLine);`
			`if (match != null) {`
			`return match[1];`
			`}`
			`}`

⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`export async function performBuild(`
			`docker: Docker,`
			`dockerfile: Dockerfile,`
			`dockerOpts: { [key: string]: any },`
Fix livepush to work with node 16 This also improves the memory efficiency of the sync mechanism by calculating the stage ids on the fly instead of storing the full build output in memory and then parsing the string. 2022-09-20 14:56:22 +00:00			`): Promise<string[]> {`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`const builder = Builder.fromDockerode(docker);`

			`// tar the directory, but replace the dockerfile with the`
			`// livepush generated one`
			`const tarStream = await tarDirectory(Path.join(__dirname, '..'), dockerfile);`

			`return new Promise((resolve, reject) => {`
Fix livepush to work with node 16 This also improves the memory efficiency of the sync mechanism by calculating the stage ids on the fly instead of storing the full build output in memory and then parsing the string. 2022-09-20 14:56:22 +00:00			`// Store the stage ids for caching`
			`const ids = [] as string[];`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`builder.createBuildStream(dockerOpts, {`
			`buildSuccess: () => {`
Fix livepush to work with node 16 This also improves the memory efficiency of the sync mechanism by calculating the stage ids on the fly instead of storing the full build output in memory and then parsing the string. 2022-09-20 14:56:22 +00:00			`// Return the image ids`
			`resolve(ids);`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`},`
			`buildFailure: reject,`
Fix livepush to work with node 16 This also improves the memory efficiency of the sync mechanism by calculating the stage ids on the fly instead of storing the full build output in memory and then parsing the string. 2022-09-20 14:56:22 +00:00			`buildStream: (input: NodeJS.ReadWriteStream) => {`
			`// Parse the build output to get stage ids and`
			`// for logging`
			`let lastArrowMessage: string \| undefined;`
			`readline.createInterface({ input }).on('line', (line) => {`
			`// If this was a FROM line, take the last found`
			`// image id and save it as a stage id`
			`// Source: https://github.com/balena-io/balena-cli/blob/f6d668684a6f5ea8102a964ca1942b242eaa7ae2/lib/utils/device/live.ts#L300-L325`
			`if (`
			`/step \d+(?:\/\d+)?\s:\sFROM/i.test(line) &&`
			`lastArrowMessage != null`
			`) {`
			`ids.push(lastArrowMessage);`
			`} else {`
			`const msg = extractDockerArrowMessage(line);`
			`if (msg != null) {`
			`lastArrowMessage = msg;`
			`}`
			`}`

			`// Log the build line`
			`console.info(line);`
			`});`

			`// stream.pipe(bufStream);`
			`tarStream.pipe(input);`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`},`
			`});`
			`});`
			`}`

			`async function tarDirectory(`
			`dir: string,`
			`dockerfile: Dockerfile,`
			`): Promise<Readable> {`
			`const pack = tar.pack();`

			`const add = async (path: string) => {`
			`const entries = await fs.readdir(path);`
			`for (const entry of entries) {`
			`const newPath = Path.resolve(path, entry);`
Use lstat rather than stat to avoid error with symlinks in sync Change-type: patch Closes: #1301 Signed-off-by: Cameron Diver <cameron@balena.io> 2020-05-06 08:35:13 +00:00			`// Here we filter the things we don't want`
			`if (`
			`newPath.includes('node_modules/') \|\|`
			`newPath.includes('.git/') \|\|`
			`newPath.includes('build/') \|\|`
			`newPath.includes('coverage/')`
			`) {`
			`continue;`
			`}`
			`// We use lstat here, otherwise an error will be`
			`// thrown on a symbolic link`
			`const stat = await fs.lstat(newPath);`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`if (stat.isDirectory()) {`
			`await add(newPath);`
			`} else {`
Fix livepush to work with Dockerfile.template Change-type: patch 2021-11-10 15:20:17 +00:00			`if (newPath.endsWith('Dockerfile.template')) {`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`pack.entry(`
			`{ name: 'Dockerfile', mode: stat.mode, size: stat.size },`
			`dockerfile.generateLiveDockerfile(),`
			`);`
			`continue;`
			`}`

			`pack.entry(`
			`{`
			`name: Path.relative(dir, newPath),`
			`mode: stat.mode,`
			`size: stat.size,`
			`},`
			`await fs.readFile(newPath),`
			`);`
			`}`
			`}`
			`};`

			`await add(dir);`
			`pack.finalize();`
			`return pack;`
			`}`

			`// Absolutely no escaping in this function, just be careful`
			`async function runSshCommand(address: string, command: string) {`
			`// TODO: Make the port configurable`
Remove mz, mkdirp, body-parser dependencies 'mz' can be safely replaced with fs.promises and util.promisify for faster native methods. 'mkdirp' after Node v8 uses native fs.mkdir, thus is redundant. 'body-parser' is deprecated and contained within express v4.x. Closes: #1567 Change-type: patch Signed-off-by: Christina Wang <christina@balena.io> 2021-04-26 19:54:04 +00:00			`const { stdout } = await exec(`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`'ssh -p 22222 -o LogLevel=ERROR ' +`
			`'-o StrictHostKeyChecking=no ' +`
			`'-o UserKnownHostsFile=/dev/null ' +`
			`root@${address} ` +
			`"${command}"`,
			`);`
			`return stdout;`
			`}`

Backwards compatility changes for old resin namespaces Change-type: patch Signed-off-by: Kyle Harding <kyle@balena.io> 2021-04-30 19:59:51 +00:00			`export async function stopSupervisor(address: string) {`
			`try {`
			`await runSshCommand(address, 'systemctl stop balena-supervisor');`
			`} catch {`
			`await runSshCommand(address, 'systemctl stop resin-supervisor');`
			`}`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`}`

Backwards compatility changes for old resin namespaces Change-type: patch Signed-off-by: Kyle Harding <kyle@balena.io> 2021-04-30 19:59:51 +00:00			`export async function startSupervisor(address: string) {`
			`try {`
			`await runSshCommand(address, 'systemctl start balena-supervisor');`
			`} catch {`
			`await runSshCommand(address, 'systemctl start resin-supervisor');`
			`}`
⚡ Update synchronisation scripts for supervisor development We move the old sync.js script to tools/, and delete the now-broken sync-debug.js. We add a command `npm run sync`, which starts a livepush process with the supervisor on a device. Change-type: minor Signed-off-by: Cameron Diver <cameron@balena.io> 2020-04-06 08:53:34 +00:00			`}`

			`export async function replaceSupervisorImage(`
			`address: string,`
			`imageName: string,`
			`imageTag: string,`
			`) {`
			`// TODO: Maybe don't overwrite the LED file?`
			const fileStr = `#This file was edited by livepush
			`SUPERVISOR_IMAGE=${imageName}`
			`SUPERVISOR_TAG=${imageTag}`
			`LED_FILE=/dev/null`
			`;

			`return runSshCommand(`
			`address,`
			`echo '${fileStr}' > /tmp/update-supervisor.conf`,
			`);`
			`}`
Refactor supervisor Dockerfile to remove custom dependencies Restructure the supervisor image to remove the dependency on the custom `alpine-supervisor-base` image and the custom node build. The dockerfile is now a multi-stage build that splits the process into two build stages and two runtime stages. Here is the full list of changes - The node binary is now copied from `balenalib/${ARCH}-alpine-node:12-run`, the node binary now supports running with a debugger. - The runtime image now inherits from the official `alpine:3.16` image - Tests are ran within the runtime image configuration instead of the build image - Livepush is ran within the runtime image context - Unnecessary packages have been removed - Removed avahi-daemon.conf as that service is not being used - Fix livepush to work with a multi-stage image. This also deprecates the `image-tag` argument to npm run sync as `SUPERVISOR_TAG` is no longer used by new OSs - Fix livepush build on old rpi devices. Allows passing a 'PREFIX' argument to let the builder pull images directly from docker hub arch repositories. Relates to https://github.com/balena-os/balena-engine/issues/269 Change-type: patch 2022-07-06 19:51:49 +00:00
			`export async function readBuildCache(address: string): Promise<string[]> {`
			`const cache = await runSshCommand(`
			`address,`
			`cat /tmp/livepush-cache.json \|\| true`,
			`);`
			`return JSON.parse(cache \|\| '[]');`
			`}`

			`export async function writeBuildCache(address: string, stageImages: string[]) {`
			`// Convert the list to JSON with escaped quotes`
			`const contents = JSON.stringify(stageImages).replace(/["]/g, '\\"');`
			`return runSshCommand(`
			`address,`
			`echo '${contents}' > /tmp/livepush-cache.json`,
			`);`
			`}`