improve the main function for launching on GCP app engine; fix an unintended spamming issue coming from supervisor

Author: HouzuoGuo

.gcloudignore

@@ -0,0 +1,25 @@
+# This file specifies files that are *not* uploaded to Google Cloud Platform
+# using gcloud. It follows the same syntax as .gitignore, with the addition of
+# "#!include" directives (which insert the entries of the given .gitignore-style
+# file at that point).
+#
+# For more information, run:
+#   $ gcloud topic gcloudignore
+#
+.gcloudignore
+# If you would like to upload your .git directory, .gitignore file or files
+# from your .gitignore file, remove the corresponding line
+# below:
+.git
+.gitignore
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+# Test binary, build with `go test -c`
+*.test
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out

.gitignore

@@ -19,3 +19,4 @@ laitos.exe
 nohup.out
 pass
 tags
+gcp_appengine_data/

app.yaml

@@ -0,0 +1,3 @@
+runtime: go114
+includes:
+  - gcp_appengine_data/appeng-environment.yaml

launcher/supervisor.go

@@ -43,7 +43,7 @@ const (
 	*/
 	FailureThresholdSec = 20 * 60
 	// StartAttemptIntervalSec is the amount of time to wait between supervisor's attempts to start main program.
-	StartAttemptIntervalSec = 10
+	StartAttemptIntervalSec = 30
 	// MemoriseOutputCapacity is the size of laitos main program output to memorise for notification purpose.
 	MemoriseOutputCapacity = 4 * 1024
 )
@@ -254,31 +254,27 @@ func (sup *Supervisor) Start() {
 		mainProgram.Stderr = sup.mainStderr
 		if err := FeedDecryptionPasswordToStdinAndStart(misc.ProgramDataDecryptionPassword, mainProgram); err != nil {
 			sup.logger.Warning("Start", strconv.Itoa(paramChoice), err, "failed to start main program")
-			time.Sleep(1 * time.Second)
+			// Avoid incidentally overwhelming the user with notification emails
+			time.Sleep(StartAttemptIntervalSec * time.Second)
 			sup.notifyFailure(cliFlags, err)
 			if time.Now().Unix()-lastAttemptTime < FailureThresholdSec {
 				paramChoice++
 			}
-			time.Sleep(StartAttemptIntervalSec * time.Second)
 			continue
 		}
 		lastAttemptTime = time.Now().Unix()
 		if err := mainProgram.Wait(); err != nil {
 			sup.logger.Warning("Start", strconv.Itoa(paramChoice), err, "main program has crashed")
-			/*
-				Unsure what's going on - the main program crashes, the buffer storing latest stderr content just barely
-				catches the beginning of a panic message and never the full stack trace. The full panic message
-				including stack trace shows up properly in system journal. Let's see if a delay of a second will help.
-			*/
-			time.Sleep(1 * time.Second)
+			// Avoid incidentally overwhelming the user with notification emails
+			time.Sleep(StartAttemptIntervalSec * time.Second)
 			sup.notifyFailure(cliFlags, err)
 			if time.Now().Unix()-lastAttemptTime < FailureThresholdSec {
 				paramChoice++
 			}
 			time.Sleep(StartAttemptIntervalSec * time.Second)
 			continue
 		}
-		// laitos main program is not supposed to exit, therefore, restart it in the next iteration even if it exits normally.
+		// The main function is not supposed to exit while it is running under supervision. Restart the program in the next iteration of this loop.
 	}
 }
 

main.go

@@ -24,6 +24,7 @@ import (
 	"net/http"
 	"net/http/pprof"
 	"os"
+	"path"
 	"path/filepath"
 	"regexp"
 	"runtime"
@@ -46,6 +47,12 @@ import (
 	"github.com/aws/aws-xray-sdk-go/xraylog"
 )
 
+const (
+	// AppEngineDataDir is the relative path to a data directory that contains config files and data files required for launching laitos program
+	// on GCP app engine.
+	AppEngineDataDir = "./gcp_appengine_data"
+)
+
 var (
 	// pprofHTTPPort is the localhost port to listen on for serving pprof profiling data over HTTP.
 	// The port number must differ from those used with regular HTTP and HTTPS servers.
@@ -126,15 +133,21 @@ func main() {
 	var gomaxprocs int
 	flag.StringVar(&misc.ConfigFilePath, launcher.ConfigFlagName, "", "(Mandatory) path to configuration file in JSON syntax")
 	flag.StringVar(&daemonList, launcher.DaemonsFlagName, "", "(Mandatory) comma-separated list of daemon names to start (autounlock, dnsd, httpd, httpproxy, insecurehttpd, maintenance, passwdrpc, phonehome, plainsocket, serialport, simpleipsvcd, smtpd, snmpd, sockd, telegram)")
-	flag.BoolVar(&disableConflicts, "disableconflicts", false, "(Optional) automatically stop and disable other daemon programs that may cause port usage conflicts")
 	flag.BoolVar(&awsLambda, launcher.LambdaFlagName, false, "(Optional) run AWS Lambda handler to proxy HTTP requests to laitos web server")
+	// Internal supervisor flag
+	var isSupervisor = true
+	flag.BoolVar(&isSupervisor, launcher.SupervisorFlagName, true, "(Internal use only) launch a supervisor process to auto-restart laitos main process in case of crash")
+	// Auxiliary features
+	flag.BoolVar(&disableConflicts, "disableconflicts", false, "(Optional) automatically stop and disable other daemon programs that may cause port usage conflicts")
+	flag.StringVar(&passwordUnlockServers, "passwordunlockservers", "", "(Optional) comma-separated list of server:port combos that offer password unlocking service (daemon \"passwdrpc\") over gRPC")
+	// Optional integration features
 	flag.BoolVar(&misc.EnableAWSIntegration, "awsinteg", false, "(Optional) activate all points of integration with various AWS services such as sending warning log entries to SQS")
 	flag.BoolVar(&misc.EnablePrometheusIntegration, "prominteg", false, "(Optional) activate all points of integration with Prometheus such as collecting performance metrics and serving them over HTTP")
+	// Diagnosis features
 	flag.BoolVar(&debug, "debug", false, "(Optional) print goroutine stack traces upon receiving interrupt signal")
 	flag.IntVar(&pprofHTTPPort, "profhttpport", pprofHTTPPort, "(Optional) serve program profiling data (pprof) over HTTP on this port at localhost")
 	flag.IntVar(&gomaxprocs, "gomaxprocs", 0, "(Optional) set gomaxprocs")
-	flag.StringVar(&passwordUnlockServers, "passwordunlockservers", "", "(Optional) comma-separated list of server:port combos that offer password unlocking service (daemon \"passwdrpc\") over gRPC")
-	// Data unlocker (password input server) flags
+	// Decryption password collector (password input server) flags
 	var pwdServer bool
 	var pwdServerPort int
 	var pwdServerURL string
@@ -145,12 +158,35 @@ func main() {
 	var dataUtil, dataUtilFile string
 	flag.StringVar(&dataUtil, "datautil", "", "(Optional) program data encryption utility: encrypt|decrypt")
 	flag.StringVar(&dataUtilFile, "datautilfile", "", "(Optional) program data encryption utility: encrypt/decrypt file location")
-	// Internal supervisor flag
-	var isSupervisor = true
-	flag.BoolVar(&isSupervisor, launcher.SupervisorFlagName, true, "(Internal use only) launch a supervisor process to auto-restart laitos main process in case of crash")
 
 	flag.Parse()
 
+	logger.Info("main", "", nil, "program is starting, here is a summary of the runtime environment:\n%s", platform.GetProgramStatusSummary(false))
+	// FIXME: TODO: this main function is way too long >:-|
+	if os.Getenv("GAE_ENV") == "standard" {
+		// Change working directory to the data directory (if not done yet).
+		// All program config files and data files are expected to reside in the data directory.
+		cwd, err := os.Getwd()
+		if err != nil {
+			logger.Abort("main", "", err, "failed to determine current working directory")
+		}
+		if path.Base(cwd) != path.Base(AppEngineDataDir) {
+			if err := os.Chdir(AppEngineDataDir); err != nil {
+				logger.Abort("main", "", err, "failed to change directory to %s", AppEngineDataDir)
+				return
+			}
+		}
+		// Read the value of CLI parameter "-daemons" from a text file
+		daemonListContent, err := ioutil.ReadFile("daemonList")
+		if err != nil {
+			logger.Abort("main", "", err, "failed to read daemonList")
+			return
+		}
+		// Find program configuration data (encrypted or otherwise) in "config.json"
+		misc.ConfigFilePath = "config.json"
+		daemonList = string(daemonListContent)
+	}
+
 	// Common diagnosis and security practices
 	platform.LockMemory()
 	ReseedPseudoRandAndInBackground()

platform/os_config.go

@@ -558,7 +558,9 @@ func GetRedactedEnviron() []string {
 	ret := make([]string, 0, len(environ))
 	for _, keyValue := range environ {
 		redacted := false
-		for _, keyToRedact := range []string{"AWS_SESSION_TOKEN", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", misc.EnvironmentDecryptionPassword} {
+		for _, keyToRedact := range []string{
+			"AWS_SESSION_TOKEN", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "S2A_ACCESS_TOKEN",
+			misc.EnvironmentDecryptionPassword} {
 			if strings.HasPrefix(keyValue, keyToRedact+"=") {
 				ret = append(ret, keyToRedact+"=REDACTED")
 				redacted = true