Merge pull request #7361 from rancher-sandbox/remove-vtunnel

Remove vtunnel

.github/actions/spelling/expect.txt

@@ -146,7 +146,7 @@ corepack
 coreutils
 crds
 credfwd
-credhelper
+CREDHELPER
 cri
 crond
 crt
@@ -204,7 +204,6 @@ doclink
 dompurify
 donotuse
 dotfile
-Dowloading
 dport
 dri
 DSL
@@ -694,6 +693,7 @@ Runas
 runbook
 runc
 rundir
+runlevels
 RUnlock
 runtimeclass
 runtimeclasses

.github/dependabot.yml

@@ -106,14 +106,6 @@ updates:
     labels: ["component/dependencies"]
     reviewers: [ "jandubois" ]
 
-  - package-ecosystem: "gomod"
-    directory: "/src/go/vtunnel"
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 1
-    labels: ["component/dependencies"]
-    reviewers: [ "Nino-K" ]
-
   - package-ecosystem: "gomod"
     directory: "/src/go/wsl-helper"
     schedule:

build/signing-config-win.yaml

@@ -30,5 +30,4 @@ resources/resources/win32/internal:
 - host-switch.exe
 - privileged-service.exe
 - steve.exe
-- vtunnel.exe
 - wsl-helper.exe

e2e/credentials-server.e2e.spec.ts

@@ -31,11 +31,8 @@ import { expect, test } from '@playwright/test';
 import fetch from 'node-fetch';
 
 import { NavPage } from './pages/nav-page';
-import {
-  getFullPathForTool, retry, startSlowerDesktop, teardown, tool,
-} from './utils/TestUtils';
+import { getFullPathForTool, startSlowerDesktop, teardown, tool } from './utils/TestUtils';
 
-import { defaultSettings } from '@pkg/config/settings';
 import { ServerState } from '@pkg/main/commandServer/httpCommandServer';
 import { spawnFile } from '@pkg/utils/childProcess';
 import paths from '@pkg/utils/paths';
@@ -109,7 +106,6 @@ function haveCredentialServerHelper(): boolean {
 
 const describeWithCreds = haveCredentialServerHelper() ? test.describe : test.describe.skip;
 const describeCredHelpers = credStore === 'none' ? test.describe.skip : test.describe;
-const testWin32 = os.platform() === 'win32' ? test : test.skip;
 const testUnix = os.platform() === 'win32' ? test.skip : test;
 
 describeWithCreds('Credentials server', () => {
@@ -334,32 +330,6 @@ describeWithCreds('Credentials server', () => {
     // behavior is all over the place. Fails with osxkeychain, succeeds with wincred.
   });
 
-  // On Windows, we need to wait for the vtunnel proxy to be established.
-  testWin32('ensure vtunnel proxy is ready', () => {
-    const isTunnel = defaultSettings.experimental.virtualMachine.networkingTunnel;
-
-    test.skip(isTunnel, 'vtunnel process is not needed when network tunnel is enabled');
-    const args = ['--distribution', 'rancher-desktop', '--exec',
-      'curl', '--verbose', '--user', `${ serverState.user }:${ serverState.password }`,
-      'http://localhost:3030/'];
-
-    return retry(async() => {
-      try {
-        await spawnFile('wsl.exe', args);
-      } catch (ex: any) {
-        const curlExitReason = {
-          7:  'Failed to connect to host',
-          56: 'Failure in receiving network data',
-        };
-
-        if (!curlExitReason) {
-          throw ex;
-        }
-        throw new Error(`curl failed with ${ ex } (${ curlExitReason })`);
-      }
-    });
-  });
-
   test('it should complain about an unrecognized command', async() => {
     const badCommand = 'gazornaanplatt';
     const stdout = await doRequest(badCommand);

go.work

@@ -13,6 +13,5 @@ use (
 	./src/go/networking
 	./src/go/privileged-service
 	./src/go/rdctl
-	./src/go/vtunnel
 	./src/go/wsl-helper
 )

pkg/rancher-desktop/assets/scripts/rancher-desktop-guestagent.initd

@@ -2,7 +2,6 @@
 # shellcheck shell=ksh
 
 depend() {
-  after vtunnel-peer
   after network-online
 }
 

pkg/rancher-desktop/backend/wsl.ts

@@ -37,7 +37,6 @@ import SERVICE_GUEST_AGENT_INIT from '@pkg/assets/scripts/rancher-desktop-guesta
 import SERVICE_SCRIPT_CRI_DOCKERD from '@pkg/assets/scripts/service-cri-dockerd.initd';
 import SERVICE_SCRIPT_HOST_RESOLVER from '@pkg/assets/scripts/service-host-resolver.initd';
 import SERVICE_SCRIPT_K3S from '@pkg/assets/scripts/service-k3s.initd';
-import SERVICE_VTUNNEL_PEER from '@pkg/assets/scripts/service-vtunnel-peer.initd';
 import SERVICE_SCRIPT_DOCKERD from '@pkg/assets/scripts/service-wsl-dockerd.initd';
 import SCRIPT_DATA_WSL_CONF from '@pkg/assets/scripts/wsl-data.conf';
 import WSL_EXEC from '@pkg/assets/scripts/wsl-exec';
@@ -46,7 +45,6 @@ import WSL_INIT_RD_NETWORKING_SCRIPT from '@pkg/assets/scripts/wsl-init-rd-netwo
 import { ContainerEngine } from '@pkg/config/settings';
 import { getServerCredentialsPath, ServerState } from '@pkg/main/credentialServer/httpCredentialHelperServer';
 import mainEvents from '@pkg/main/mainEvents';
-import { getVtunnelInstance, getVtunnelConfigPath } from '@pkg/main/networking/vtunnel';
 import BackgroundProcess from '@pkg/utils/backgroundProcess';
 import * as childProcess from '@pkg/utils/childProcess';
 import clone from '@pkg/utils/clone';
@@ -147,18 +145,6 @@ export default class WSLBackend extends events.EventEmitter implements VMBackend
       shouldRun: () => Promise.resolve([State.STARTING, State.STARTED, State.DISABLED].includes(this.state)),
     });
 
-    if (!this.cfg?.experimental.virtualMachine.networkingTunnel) {
-      // Register a new tunnel for RD Guest Agent
-      this.vtun.addTunnel({
-        name:                  'Rancher Desktop Privileged Service',
-        handshakePort:         17382,
-        vsockHostPort:         17381,
-        peerAddress:           '127.0.0.1',
-        peerPort:              3040,
-        upstreamServerAddress: 'npipe:////./pipe/rancher_desktop/privileged_service',
-      });
-    }
-
     this.kubeBackend = kubeFactory(this);
   }
 
@@ -244,9 +230,6 @@ export default class WSLBackend extends events.EventEmitter implements VMBackend
     this.#noModalDialogs = value;
   }
 
-  /** Vtunnel Proxy management singleton. */
-  protected vtun = getVtunnelInstance();
-
   /**
    * The current operation underway; used to avoid responding to state changes
    * when we're in the process of doing a different one.
@@ -807,43 +790,18 @@ export default class WSLBackend extends events.EventEmitter implements VMBackend
     const credsPath = getServerCredentialsPath();
 
     try {
-      const vtunnelPeerServerAddr = '127.0.0.1:3030';
       const credentialServerAddr = '192.168.127.254:6109';
-      // When networkTunnel is enabled we talk directly to the host which is assigned
-      // with 192.168.127.254 static address. Otherwise, we talk to the vtunnel peer
-      // which is listening in the WSL VM on 127.0.0.1:3030.
-      const credForwarderURL = this.cfg?.experimental.virtualMachine.networkingTunnel ? credentialServerAddr : vtunnelPeerServerAddr;
       const stateInfo: ServerState = JSON.parse(await fs.promises.readFile(credsPath, { encoding: 'utf-8' }));
       const escapedPassword = stateInfo.password.replace(/\\/g, '\\\\')
         .replace(/'/g, "\\'");
       // leading `$` is needed to escape single-quotes, as : $'abc\'xyz'
       const leadingDollarSign = stateInfo.password.includes("'") ? '$' : '';
       const fileContents = `CREDFWD_AUTH=${ leadingDollarSign }'${ stateInfo.user }:${ escapedPassword }'
-      CREDFWD_URL='http://${ credForwarderURL }'
+      CREDFWD_URL='http://${ credentialServerAddr }'
       `;
       const defaultConfig = { credsStore: 'rancher-desktop' };
       let existingConfig: Record<string, any>;
 
-      const OldCredHelperService = '/etc/init.d/credhelper-vtunnel-peer';
-      const OldCredHelperConfd = '/etc/conf.d/credhelper-vtunnel-peer';
-
-      await this.handleUpgrade([OldCredHelperService, OldCredHelperConfd]);
-
-      await this.writeFile('/etc/init.d/vtunnel-peer', SERVICE_VTUNNEL_PEER, 0o755);
-      await this.writeConf('vtunnel-peer', {
-        VTUNNEL_PEER_BINARY: await this.getVtunnelPeerPath(),
-        LOG_DIR:             await this.wslify(paths.logs),
-        CONFIG_PATH:         await this.wslify(getVtunnelConfigPath()),
-      });
-      await this.execCommand('/sbin/rc-update', 'add', 'vtunnel-peer', 'default');
-
-      // Stop the service if RD Networking is enabled. We need to add it
-      // first as rc-service del … fails if the service is not enabled,
-      // but rc-service add … handles an already-enabled service fine.
-      if (this.cfg?.experimental.virtualMachine.networkingTunnel) {
-        await this.execCommand('/sbin/rc-update', 'del', 'vtunnel-peer', 'default');
-      }
-
       await this.execCommand('mkdir', '-p', ETC_RANCHER_DESKTOP_DIR);
       await this.writeFile(CREDENTIAL_FORWARDER_SETTINGS_PATH, fileContents, 0o644);
       await this.writeFile(DOCKER_CREDENTIAL_PATH, DOCKER_CREDENTIAL_SCRIPT, 0o755);
@@ -1333,10 +1291,6 @@ export default class WSLBackend extends events.EventEmitter implements VMBackend
 
         this.privilegedServiceEnabled = rdNetworking ? false : await this.invokePrivilegedService('start');
 
-        if (!rdNetworking) {
-          await this.vtun.start();
-        }
-
         if (config.kubernetes.enabled) {
           prepActions.push((async() => {
             [kubernetesVersion] = await this.kubeBackend.download(config);
@@ -1478,6 +1432,8 @@ export default class WSLBackend extends events.EventEmitter implements VMBackend
                   await this.execCommand({ root: true }, 'rm', '-f', obsoleteImageAllowListConf);
                 }),
                 await this.progressTracker.action('Rancher Desktop guest agent', 50, this.installGuestAgent(kubernetesVersion, this.cfg)),
+                // Remove any residual rc artifacts from previous versions when vtunnel was installed
+                await this.execCommand({ root: true }, 'rm', '-f', '/etc/init.d/vtunnel-peer', '/etc/runlevels/default/vtunnel-peer'),
               ]);
 
               await this.writeFile('/usr/local/bin/wsl-exec', WSL_EXEC, 0o755);
@@ -1731,7 +1687,6 @@ export default class WSLBackend extends events.EventEmitter implements VMBackend
           }
         }
         if (!this.cfg?.experimental.virtualMachine.networkingTunnel) {
-          await this.vtun.stop();
           await this.resolverHostProcess.stop();
           await this.invokePrivilegedService('stop');
         }
@@ -1821,16 +1776,6 @@ export default class WSLBackend extends events.EventEmitter implements VMBackend
     return this.wslify(executable('wsl-helper-linux'), distro);
   }
 
-  /**
-   * Return the Linux path to the vtunnel peer executable.
-   */
-  protected getVtunnelPeerPath(): Promise<string> {
-    // We need to get the Linux path to our helper executable; it is easier to
-    // just get WSL to do the transformation for us.
-
-    return this.wslify(path.join(paths.resources, 'linux', 'internal', 'vtunnel'));
-  }
-
   async getFailureDetails(exception: any): Promise<FailureDetails> {
     const loglines = (await fs.promises.readFile(console.path, 'utf-8')).split('\n').slice(-10);
 

pkg/rancher-desktop/main/commandServer/httpCommandServer.ts

@@ -12,7 +12,6 @@ import type { TransientSettings } from '@pkg/config/transientSettings';
 import type { DiagnosticsResultCollection } from '@pkg/main/diagnostics/diagnostics';
 import { ExtensionMetadata } from '@pkg/main/extensions/types';
 import mainEvents from '@pkg/main/mainEvents';
-import { getVtunnelInstance } from '@pkg/main/networking/vtunnel';
 import * as serverHelper from '@pkg/main/serverHelper';
 import { Snapshot } from '@pkg/main/snapshots/types';
 import Logging from '@pkg/utils/logging';
@@ -47,7 +46,6 @@ const SERVER_FILE_BASENAME = 'rd-engine.json';
 const MAX_REQUEST_BODY_LENGTH = 4194304; // 4MiB
 
 export class HttpCommandServer {
-  protected vtun = getVtunnelInstance();
   protected server = http.createServer();
   protected app = express();
   protected readonly externalState: ServerState = {
@@ -117,19 +115,6 @@ export class HttpCommandServer {
 
   async init() {
     const localHost = '127.0.0.1';
-
-    // The peerPort and upstreamServerAddress port will need to match
-    // this is crucial if we ever pick dynamic ports for upstreamServerAddress
-    if (process.platform === 'win32') {
-      this.vtun.addTunnel({
-        name:                  'CLI Server',
-        handshakePort:         17372,
-        vsockHostPort:         17371,
-        peerAddress:           localHost,
-        peerPort:              SERVER_PORT,
-        upstreamServerAddress: `${ localHost }:${ SERVER_PORT }`,
-      });
-    }
     const statePath = path.join(paths.appHome, SERVER_FILE_BASENAME);
 
     await fs.promises.mkdir(paths.appHome, { recursive: true });

pkg/rancher-desktop/main/credentialServer/httpCredentialHelperServer.ts

@@ -5,7 +5,6 @@ import { URL } from 'url';
 
 import runCredentialHelper from './credentialUtils';
 
-import { getVtunnelInstance } from '@pkg/main/networking/vtunnel';
 import * as serverHelper from '@pkg/main/serverHelper';
 import Logging from '@pkg/utils/logging';
 import paths from '@pkg/utils/paths';
@@ -54,7 +53,6 @@ function ensureEndsWithNewline(s: string) {
 }
 
 export class HttpCredentialHelperServer {
-  protected vtun = getVtunnelInstance();
   protected server = http.createServer();
   protected password = serverHelper.randomStr();
   protected stateInfo: ServerState = {
@@ -67,16 +65,6 @@ export class HttpCredentialHelperServer {
   protected listenAddr = '127.0.0.1';
 
   async init() {
-    if (process.platform === 'win32') {
-      this.vtun.addTunnel({
-        name:                  'Credential Server',
-        handshakePort:         17362,
-        vsockHostPort:         17361,
-        peerAddress:           this.listenAddr,
-        peerPort:              3030,
-        upstreamServerAddress: `${ this.listenAddr }:${ SERVER_PORT }`,
-      });
-    }
     const statePath = getServerCredentialsPath();
 
     await fs.promises.writeFile(statePath,