From a0c465c2eb178b8ccbe07349c9b211a7d095f7a1 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 30 May 2022 14:47:41 +0200 Subject: [PATCH 1/5] Wire up setting to enable/disable logtail --- app.go | 6 ++++++ cmd/headscale/cli/utils.go | 13 +++++++++++++ config-example.yaml | 9 +++++++++ 3 files changed, 28 insertions(+) diff --git a/app.go b/app.go index a96ab83a..30a9b841 100644 --- a/app.go +++ b/app.go @@ -112,6 +112,8 @@ type Config struct { OIDC OIDCConfig + LogTail LogTailConfig + CLI CLIConfig } @@ -138,6 +140,10 @@ type DERPConfig struct { UpdateFrequency time.Duration } +type LogTailConfig struct { + Enabled bool +} + type CLIConfig struct { Address string APIKey string diff --git a/cmd/headscale/cli/utils.go b/cmd/headscale/cli/utils.go index 8a2157a7..b1a5d4f8 100644 --- a/cmd/headscale/cli/utils.go +++ b/cmd/headscale/cli/utils.go @@ -72,6 +72,8 @@ func LoadConfig(path string) error { viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"}) viper.SetDefault("oidc.strip_email_domain", true) + viper.SetDefault("logtail.enabled", false) + if err := viper.ReadInConfig(); err != nil { return fmt.Errorf("fatal error reading config file: %w", err) } @@ -167,6 +169,14 @@ func GetDERPConfig() headscale.DERPConfig { } } +func GetLogConfig() headscale.LogTailConfig { + enabled := viper.GetBool("logtail.enabled") + + return headscale.LogTailConfig{ + Enabled: enabled, + } +} + func GetDNSConfig() (*tailcfg.DNSConfig, string) { if viper.IsSet("dns_config") { dnsConfig := &tailcfg.DNSConfig{} @@ -270,6 +280,7 @@ func absPath(path string) string { func getHeadscaleConfig() headscale.Config { dnsConfig, baseDomain := GetDNSConfig() derpConfig := GetDERPConfig() + logConfig := GetLogConfig() configuredPrefixes := viper.GetStringSlice("ip_prefixes") parsedPrefixes := make([]netaddr.IPPrefix, 0, len(configuredPrefixes)+1) @@ -378,6 +389,8 @@ func getHeadscaleConfig() headscale.Config { StripEmaildomain: viper.GetBool("oidc.strip_email_domain"), }, + LogTail: logConfig, + CLI: headscale.CLIConfig{ Address: viper.GetString("cli.address"), APIKey: viper.GetString("cli.api_key"), diff --git a/config-example.yaml b/config-example.yaml index ebaa7101..2330a69d 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -235,3 +235,12 @@ unix_socket_permission: "0770" # namespace: `first-name.last-name.example.com` # # strip_email_domain: true + +# Logtail configuration +# Logtail is Tailscales logging and auditing infrastructure, it allows the control panel +# to instruct tailscale nodes to log their activity to a remote server. +logtail: + # Enable logtail for this headscales clients. + # As there is currently no support for overriding the log server in headscale, this is + # disabled by default. Enabling this will make your clients send logs to Tailscale Inc. + enabled: false From ff5f31b87eb17a48927f7221b9009a9dbc9ce96e Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 30 May 2022 14:52:50 +0200 Subject: [PATCH 2/5] Disable logtail for clients --- api.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/api.go b/api.go index 61ec1b5f..461492a7 100644 --- a/api.go +++ b/api.go @@ -279,6 +279,9 @@ func (h *Headscale) getMapResponse( PacketFilter: h.aclRules, DERPMap: h.DERPMap, UserProfiles: profiles, + Debug: &tailcfg.Debug{ + DisableLogTail: !h.cfg.LogTail.Enabled, + }, } log.Trace(). From 7f66d9184bf7a29c531aa37c9c282662b2d3ff04 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 30 May 2022 14:57:43 +0200 Subject: [PATCH 3/5] Add config test --- cmd/headscale/headscale_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/headscale/headscale_test.go b/cmd/headscale/headscale_test.go index c971220b..faf55f4c 100644 --- a/cmd/headscale/headscale_test.go +++ b/cmd/headscale/headscale_test.go @@ -67,6 +67,7 @@ func (*Suite) TestConfigLoading(c *check.C) { check.Equals, fs.FileMode(0o770), ) + c.Assert(viper.GetBool("logtail.enabled"), check.Equals, false) } func (*Suite) TestDNSConfigLoading(c *check.C) { From 86dfc91dd50da407fdfe2ac9b00e6ae1b1029f73 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 30 May 2022 14:57:49 +0200 Subject: [PATCH 4/5] update readme --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ad78da08..67a576e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,8 @@ - Add command to set tags on a node [#525](https://github.com/juanfont/headscale/issues/525) - Add command to view tags of nodes [#356](https://github.com/juanfont/headscale/issues/356) - Add --all (-a) flag to enable routes command [#360](https://github.com/juanfont/headscale/issues/360) +- Add option to enable/disable logtail (Tailscale's logging infrastructure) [#596](https://github.com/juanfont/headscale/pull/596) + - This change disables the logs by default ## 0.15.0 (2022-03-20) From df7d5fa2b9976dd7994c3347f10c11be76637e47 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 30 May 2022 14:58:40 +0200 Subject: [PATCH 5/5] Fix lint --- config-example.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config-example.yaml b/config-example.yaml index 2330a69d..380db11a 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -241,6 +241,6 @@ unix_socket_permission: "0770" # to instruct tailscale nodes to log their activity to a remote server. logtail: # Enable logtail for this headscales clients. - # As there is currently no support for overriding the log server in headscale, this is + # As there is currently no support for overriding the log server in headscale, this is # disabled by default. Enabling this will make your clients send logs to Tailscale Inc. enabled: false