cmd/containerboot: symlink TS_SOCKET to socket expected by CLI

`tailscaled` and `tailscale` expect the socket to be at
`/var/run/tailscale/tailscaled.sock`, however containerboot
would set up the socket at `/tmp/tailscaled.sock`. This leads to a
poor UX when users try to use any `tailscale` command as they
have to prefix everything with `--socket /tmp/tailscaled.sock`.

To improve the UX, this adds a symlink to
`/var/run/tailscale/tailscaled.sock` to point to `/tmp/tailscaled.sock`.

This approach has two benefits, 1 users are able to continue to use
existing scripts without this being a breaking change. 2. users are
able to use the `tailscale` CLI without having to add the `--socket` flag.

Fixes tailscale/corp#15902
Fixes #6849
Fixes #10027

Signed-off-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
Maisem Ali 2023-12-08 09:46:32 -08:00 committed by Maisem Ali
parent ddb4b51122
commit 7bdea283bd
1 changed files with 18 additions and 0 deletions

View File

@ -208,6 +208,24 @@ func main() {
log.Fatalf("failed to watch tailscaled for updates: %v", err) log.Fatalf("failed to watch tailscaled for updates: %v", err)
} }
// Now that we've started tailscaled, we can symlink the socket to the
// default location if needed.
const defaultTailscaledSocketPath = "/var/run/tailscale/tailscaled.sock"
if cfg.Socket != "" && cfg.Socket != defaultTailscaledSocketPath {
// If we were given a socket path, symlink it to the default location so
// that the CLI can find it without any extra flags.
// See #6849.
dir := filepath.Dir(defaultTailscaledSocketPath)
err := os.MkdirAll(dir, 0700)
if err == nil {
err = syscall.Symlink(cfg.Socket, defaultTailscaledSocketPath)
}
if err != nil {
log.Printf("[warning] failed to symlink socket: %v\n\tTo interact with the Tailscale CLI please use `tailscale --socket=%q`", err, cfg.Socket)
}
}
// Because we're still shelling out to `tailscale up` to get access to its // Because we're still shelling out to `tailscale up` to get access to its
// flag parser, we have to stop watching the IPN bus so that we can block on // flag parser, we have to stop watching the IPN bus so that we can block on
// the subcommand without stalling anything. Then once it's done, we resume // the subcommand without stalling anything. Then once it's done, we resume