Merge pull request #1306 from CarlosNihelton/wsl-tcp-deeng-284

Enables TCPSite for WSL

scripts/runtests.sh

@@ -231,6 +231,54 @@ grep -q 'finish: subiquity/Install/install/postinstall/run_unattended_upgrades:
 
 # The OOBE doesn't exist in WSL < 20.04
 if [ "${RELEASE%.*}" -ge 20 ]; then
+    # Test TCP connectivity (system_setup only)
+    clean
+    port=50321
+    LANG=C.UTF-8 timeout --foreground 60 \
+        python3 -m system_setup.cmd.server --dry-run --tcp-port=$port &
+    subiquity_pid=$!
+    next_time=3
+    until [ $next_time -eq 0 ] || [ ! -z "$(ss -Hlt sport = $port)" ]; do
+        sleep $(( next_time-- ))
+    done
+    if [ $next_time -eq 0 ]; then
+        echo "Timeout reached before Subiquity TCP socket started listening"
+        exit 1
+    fi
+    loopback_failed=0
+    unallowed_failed=0
+    # Assert that only loopback interface is accepted.
+    interfaces=($(ip --json link show up | jq -r '.[]["ifname"] | select ( . != null )'))
+    for if in ${interfaces[@]}; do
+        for ipv in 4 6; do
+            curl_ec=0
+            timeout 10s \
+                curl -$ipv "http://localhost:$port/meta/status" --interface $if \
+                || curl_ec=$?
+            # Loopback should exit 0 on IPv4
+            if [ $if = "lo" ]; then
+                if [ $curl_ec -ne 0 -a $ipv -eq 4 ]; then
+                    loopback_failed=1
+                fi
+            # Everything else should not.
+            else
+                if [ $curl_ec -eq 0 ]; then
+                    unallowed_failed=1
+                fi
+            fi
+        done
+    done
+    kill $subiquity_pid
+    if [ $loopback_failed -ne 0 ]; then
+        echo "Loopback was expected to connect"
+        exit 1
+    fi
+    if [ $unallowed_failed -ne 0 ]; then
+        echo "Only the loopback interface should be allowed."
+        exit 1
+    fi
+
+    # Test system_setup autoinstall.
     for mode in "" "-full" "-no-shutdown"; do
         clean
         LANG=C.UTF-8 timeout --foreground 60 \

system_setup/cmd/server.py

@@ -42,6 +42,13 @@ def make_server_args_parser():
     parser.add_argument('--output-base', action='store', dest='output_base',
                         default='.subiquity',
                         help='in dryrun, control basedir of files')
+    parser.add_argument('--tcp-port',
+                        dest='tcp_port',
+                        type=int,
+                        choices=range(49152, 60999),
+                        help='The TCP port Subiquity must listen to. It means '
+                        'TCP will be used instead of Unix domain sockets. '
+                        'Only localhost connections are accepted.')
     return parser
 
 

system_setup/server/server.py

@@ -13,6 +13,8 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+from aiohttp import web
+
 from system_setup.common.wsl_utils import is_reconfigure
 from subiquity.server.server import SubiquityServer
 from system_setup.models.system_setup import SystemSetupModel
@@ -37,6 +39,8 @@ INSTALL_MODEL_NAMES = ModelNames({
 
 POSTINSTALL_MODEL_NAMES = ModelNames(set())
 
+LOCALHOST_ADDR = "127.0.0.1"
+
 
 class SystemSetupServer(SubiquityServer):
     prefillInfo = None
@@ -88,3 +92,13 @@ class SystemSetupServer(SubiquityServer):
     async def wait_for_cloudinit(self):
         self.cloud_init_ok = True
         return
+
+    async def start_site(self, runner: web.AppRunner):
+        port = self.opts.tcp_port
+        if port is None:
+            return await super().start_site(runner)
+
+        # Subiquity runs with root privileges, that's why we don't want
+        # outsiders to connect to it. Only localhost loopback is allowed.
+        site = web.TCPSite(runner, host=LOCALHOST_ADDR, port=port)
+        await site.start()