From 0f6f91c7e6481b9ca845371c676b18e389453944 Mon Sep 17 00:00:00 2001 From: Pallab Pain Date: Thu, 30 Nov 2023 18:35:27 +0530 Subject: [PATCH 1/2] fix(db): sets max open and idle connections for postgres --- CHANGELOG.md | 3 ++- hscontrol/db.go | 13 ++++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c2976e9e1..67ec6c931d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - Code reorganisation, a lot of code has moved, please review the following PRs accordingly [#1444](https://github.com/juanfont/headscale/pull/1444) ### Changes +- Set max open and idle connections for postgres ## 0.22.3 (2023-05-12) @@ -19,7 +20,7 @@ ### Changes - Add environment flags to enable pprof (profiling) [#1382](https://github.com/juanfont/headscale/pull/1382) - - Profiles are continously generated in our integration tests. +- Profiles are continously generated in our integration tests. - Fix systemd service file location in `.deb` packages [#1391](https://github.com/juanfont/headscale/pull/1391) - Improvements on Noise implementation [#1379](https://github.com/juanfont/headscale/pull/1379) - Replace node filter logic, ensuring nodes with access can see eachother [#1381](https://github.com/juanfont/headscale/pull/1381) diff --git a/hscontrol/db.go b/hscontrol/db.go index 14df4b3bf1..337ef4fd0f 100644 --- a/hscontrol/db.go +++ b/hscontrol/db.go @@ -20,6 +20,10 @@ import ( const ( dbVersion = "1" + _pgsqlMaxOpenConnections = 10 + _pgsqlMaxIdleConnections = 10 + _pgsqlMaxConnectionLifetime = 1 * time.Hour + errValueNotFound = Error("not found") ErrCannotParsePrefix = Error("cannot parse prefix") ) @@ -251,10 +255,17 @@ func (h *Headscale) openDB() (*gorm.DB, error) { sqlDB.SetConnMaxIdleTime(time.Hour) case Postgres: - db, err = gorm.Open(postgres.Open(h.dbString), &gorm.Config{ + db, err := gorm.Open(postgres.Open(h.dbString), &gorm.Config{ DisableForeignKeyConstraintWhenMigrating: true, Logger: log, }) + + sqlDB, _ := db.DB() + sqlDB.SetMaxOpenConns(_pgsqlMaxOpenConnections) + sqlDB.SetMaxIdleConns(_pgsqlMaxIdleConnections) + sqlDB.SetConnMaxLifetime(_pgsqlMaxConnectionLifetime) + + return db, err } if err != nil { From 08b62fa5dddba5e897ee5936625fd7f1aa738acd Mon Sep 17 00:00:00 2001 From: Pallab Pain Date: Wed, 29 Nov 2023 16:25:07 +0530 Subject: [PATCH 2/2] ci: adds workflow to build custom alpine image (cherry picked from commit a7ed52fc3fb8ecf477a34d824dbef6514e052181) --- .github/workflows/build-alpine.yml | 54 ++++++++++++++++++++++++++++++ Dockerfile.alpine | 37 ++++++++++++++++++++ hack/acl_watcher.sh | 9 +++++ hack/start.sh | 6 ++++ 4 files changed, 106 insertions(+) create mode 100644 .github/workflows/build-alpine.yml create mode 100644 Dockerfile.alpine create mode 100644 hack/acl_watcher.sh create mode 100644 hack/start.sh diff --git a/.github/workflows/build-alpine.yml b/.github/workflows/build-alpine.yml new file mode 100644 index 0000000000..1e8489eb52 --- /dev/null +++ b/.github/workflows/build-alpine.yml @@ -0,0 +1,54 @@ +name: Build alpine image + +on: + push: + branches: + - main + workflow_dispatch: + +env: + BUILD_VERSION: "v0.22.3-dev" + DOCKER_CLI_EXPERIMENTAL: enabled + +permissions: read-all + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - name: 🛒 Checkout Code + uses: actions/checkout@v4 + + - name: ⚙️ Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: ⚙️ Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: 🔑 Login to quay.io + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_USER }} + password: ${{ secrets.QUAY_PASS }} + + - name: 🏷️ Generate Image Tags + id: image-metadata + uses: docker/metadata-action@v4 + with: + images: | + name=quay.io/rapyuta/rr-headscale + tags: | + type=raw,value=${{ env.BUILD_VERSION }} + + - name: ⬆️ Build and Push + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.image-metadata.outputs.tags }} + push: true + build-args: | + BUILD_VERSION + sbom: true \ No newline at end of file diff --git a/Dockerfile.alpine b/Dockerfile.alpine new file mode 100644 index 0000000000..0b76343a41 --- /dev/null +++ b/Dockerfile.alpine @@ -0,0 +1,37 @@ +FROM golang:1.21.4-alpine3.18@sha256:110b07af87238fbdc5f1df52b00927cf58ce3de358eeeb1854f10a8b5e5e1411 AS build + +WORKDIR /go/src/github.com/juanfont/headscale/ + +ARG BUILD_VERSION + +COPY . . + +RUN test -n "${BUILD_VERSION}" \ + && apk update \ + && apk upgrade -a \ + && apk add --no-cache ca-certificates curl gcc musl-dev \ + && update-ca-certificates \ + && CGO_ENABLED=0 go build -o ./headscale -v -trimpath -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=${BUILD_VERSION}" ./cmd/headscale + +WORKDIR /config + +FROM alpine:3.18.4@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978 + +LABEL org.opencontainers.image.title="quay.io/rapyuta/rr-headscale" +LABEL org.opencontainers.image.description="An open source, self-hosted implementation of the Tailscale coordination server." + +RUN apk update && apk upgrade -a && apk add inotify-tools + +COPY --from=build /etc/ssl/certs /etc/ssl/certs + +COPY --from=build /go/src/github.com/juanfont/headscale/headscale /usr/local/bin/headscale +COPY --from=build /config /config + +COPY ./hack/acl_watcher.sh ./hack/start.sh . +RUN chmod +x start.sh acl_watcher.sh + +EXPOSE 8080/tcp + +ENTRYPOINT [ "./start.sh" ] + +CMD ["help"] diff --git a/hack/acl_watcher.sh b/hack/acl_watcher.sh new file mode 100644 index 0000000000..b10278309f --- /dev/null +++ b/hack/acl_watcher.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -x + +inotifywait --event moved_to --recursive --monitor /acl | +while read -r +do + echo "$(date +%s) noticed acl update; triggered reload" + killall -s SIGHUP headscale +done \ No newline at end of file diff --git a/hack/start.sh b/hack/start.sh new file mode 100644 index 0000000000..c6e6147515 --- /dev/null +++ b/hack/start.sh @@ -0,0 +1,6 @@ +#!/bin/sh +set -x + +./acl_watcher.sh & + +/usr/local/bin/headscale serve --config /etc/headscale/config.yaml \ No newline at end of file