bestool 1.8.0

BES Deployment tooling
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583

//! Shared helpers for collecting Tamanu server identity and host facts.
//!
//! Used by `meta_ticket`, `alertd`, and `doctor`. Kept here so each subcommand
//! pulls from one place rather than reaching into a sibling's module.

use std::{
	path::{Path, PathBuf},
	process::Command,
};

use miette::{IntoDiagnostic, Result};
use tracing::{debug, info, warn};
use uuid::Uuid;

/// Standard on-disk location for the Tamanu device key PEM.
///
/// - Linux: `/etc/tamanu/device-key.pem`
/// - Windows: `C:\Tamanu\device-key.pem`
/// - Other platforms: same as Linux.
///
/// Prefer reading from here. The Tamanu DB's `local_system_facts.deviceKey`
/// row is the legacy fallback while the JS `SendStatusToMetaServer` task is
/// still around — once everything reads from this path, that task and the
/// row it populates can be retired.
pub fn standard_device_key_path() -> PathBuf {
	if cfg!(windows) {
		PathBuf::from(r"C:\Tamanu\device-key.pem")
	} else {
		PathBuf::from("/etc/tamanu/device-key.pem")
	}
}

/// Standard on-disk location for the Tamanu meta-server ID.
///
/// - Linux: `/etc/tamanu/server-id`
/// - Windows: `C:\Tamanu\server-id`
/// - Other platforms: same as Linux.
///
/// Like the device key, this is the preferred source; the
/// `local_system_facts.metaServerId` row is the legacy fallback.
pub fn standard_server_id_path() -> PathBuf {
	if cfg!(windows) {
		PathBuf::from(r"C:\Tamanu\server-id")
	} else {
		PathBuf::from("/etc/tamanu/server-id")
	}
}

/// Resolve the `metaServerId` for this Tamanu server.
///
/// Resolution order:
/// 1. Read [`standard_server_id_path`] if present.
/// 2. Read the legacy `local_system_facts.metaServerId` row; best-effort copy
///    to the file path so subsequent runs don't need the DB.
/// 3. Generate a fresh UUIDv4. Persist to the file path; if the file write
///    fails, fall back to inserting into `local_system_facts` so the new ID
///    isn't lost across runs.
pub async fn get_or_create_server_id(client: &tokio_postgres::Client) -> Result<String> {
	let path = standard_server_id_path();

	if let Some(id) = read_server_id_file(&path) {
		return Ok(id);
	}

	if let Some(id) = query_server_id_row(client).await? {
		match write_server_id_file(&path, &id) {
			Ok(()) => info!(
				path = %path.display(),
				"copied metaServerId from Tamanu DB to standard path"
			),
			Err(err) => debug!(
				path = %path.display(),
				%err,
				"could not copy metaServerId to standard path; will retry next run"
			),
		}
		return Ok(id);
	}

	let id = Uuid::new_v4().to_string();
	info!(server_id = %id, "generating new metaServerId");

	match write_server_id_file(&path, &id) {
		Ok(()) => Ok(id),
		Err(err) => {
			debug!(
				path = %path.display(),
				%err,
				"could not persist new metaServerId to file; falling back to DB"
			);
			client
				.execute(
					"INSERT INTO local_system_facts (key, value) VALUES ('metaServerId', $1)",
					&[&id],
				)
				.await
				.into_diagnostic()?;
			Ok(id)
		}
	}
}

/// Read just the `metaServerId` row from the Tamanu DB, without creating one.
async fn query_server_id_row(
	client: &tokio_postgres::Client,
) -> Result<Option<String>> {
	let row = client
		.query_opt(
			"SELECT value FROM local_system_facts WHERE key = 'metaServerId'",
			&[],
		)
		.await
		.into_diagnostic()?;

	let Some(row) = row else {
		return Ok(None);
	};
	let id: String = row.try_get(0).into_diagnostic()?;
	debug!(server_id = %id, "found existing metaServerId in DB");
	Ok(Some(id))
}

fn read_server_id_file(path: &Path) -> Option<String> {
	match std::fs::read_to_string(path) {
		Ok(s) => {
			let trimmed = s.trim();
			if trimmed.is_empty() {
				warn!(path = %path.display(), "server-id file is empty; ignoring");
				return None;
			}
			if Uuid::parse_str(trimmed).is_err() {
				warn!(
					path = %path.display(),
					"server-id file does not contain a UUID; ignoring",
				);
				return None;
			}
			debug!(path = %path.display(), server_id = trimmed, "loaded metaServerId from standard path");
			Some(trimmed.to_string())
		}
		Err(err) if err.kind() == std::io::ErrorKind::NotFound => None,
		Err(err) => {
			debug!(path = %path.display(), %err, "could not read server-id file");
			None
		}
	}
}

fn write_server_id_file(path: &Path, id: &str) -> std::io::Result<()> {
	use std::io::Write as _;

	if let Some(parent) = path.parent()
		&& !parent.exists()
	{
		return Err(std::io::Error::new(
			std::io::ErrorKind::NotFound,
			"parent directory does not exist",
		));
	}

	let tmp = path.with_extension("tmp");
	{
		let mut f = std::fs::OpenOptions::new()
			.write(true)
			.create_new(true)
			.open(&tmp)?;
		#[cfg(unix)]
		{
			use std::os::unix::fs::PermissionsExt as _;
			let perms = std::fs::Permissions::from_mode(0o644);
			f.set_permissions(perms)?;
		}
		f.write_all(id.as_bytes())?;
		f.write_all(b"\n")?;
		f.sync_all()?;
	}
	std::fs::rename(&tmp, path)
}

/// Best-effort load of the Tamanu deviceKey PEM.
///
/// Tries the standard file path first ([`standard_device_key_path`]). If that
/// isn't readable, falls back to the legacy `local_system_facts.deviceKey`
/// row in the Tamanu DB by opening a fresh connection to `database_url`. When
/// the fallback succeeds and the standard path doesn't already exist,
/// attempts a best-effort copy so subsequent runs don't need the DB.
///
/// Callers that already have a Tamanu DB client should use
/// [`fetch_device_key_with`] instead to avoid opening a second connection.
///
/// Returns `None` if neither source yields a key. Logging is the only signal:
/// callers without a device key continue to work (canopy tailscale path is
/// still available).
pub async fn fetch_device_key(database_url: &str) -> Option<String> {
	fetch_device_key_with(|| fetch_device_key_from_db(database_url)).await
}

/// Like [`fetch_device_key`] but with a caller-supplied DB-fallback fetcher.
///
/// Use this from contexts that already hold a `tokio_postgres::Client` so we
/// don't open a second connection. The closure is invoked only if the file at
/// the standard path is missing/unreadable.
pub async fn fetch_device_key_with<F, Fut>(db_fetch: F) -> Option<String>
where
	F: FnOnce() -> Fut,
	Fut: std::future::Future<Output = Option<String>>,
{
	let path = standard_device_key_path();

	if let Some(pem) = read_device_key_file(&path) {
		return Some(pem);
	}

	let pem = db_fetch().await?;

	if !path.exists() {
		match write_device_key_file(&path, &pem) {
			Ok(()) => info!(
				path = %path.display(),
				"copied deviceKey from Tamanu DB to standard path"
			),
			Err(err) => debug!(
				path = %path.display(),
				%err,
				"could not copy deviceKey to standard path; will retry next run"
			),
		}
	}

	Some(pem)
}

/// Query `local_system_facts.deviceKey` on an existing Tamanu DB client.
///
/// Logs at warn/info on errors and missing rows, returning `None`. Suitable
/// to pass as the closure to [`fetch_device_key_with`].
pub async fn query_device_key_row(client: &tokio_postgres::Client) -> Option<String> {
	match client
		.query_opt(
			"SELECT value FROM local_system_facts WHERE key = 'deviceKey'",
			&[],
		)
		.await
	{
		Ok(Some(row)) => match row.try_get::<_, String>(0) {
			Ok(pem) => {
				info!("loaded deviceKey from Tamanu DB for canopy targets");
				Some(pem)
			}
			Err(err) => {
				warn!("deviceKey row not a string: {err}");
				None
			}
		},
		Ok(None) => {
			info!("no deviceKey in local_system_facts; canopy targets unavailable");
			None
		}
		Err(err) => {
			warn!("failed to query deviceKey: {err}");
			None
		}
	}
}

fn read_device_key_file(path: &Path) -> Option<String> {
	match std::fs::read_to_string(path) {
		Ok(s) if !s.trim().is_empty() => {
			debug!(path = %path.display(), "loaded deviceKey from standard path");
			Some(s)
		}
		Ok(_) => {
			warn!(path = %path.display(), "deviceKey file is empty; ignoring");
			None
		}
		Err(err) if err.kind() == std::io::ErrorKind::NotFound => None,
		Err(err) => {
			debug!(path = %path.display(), %err, "could not read deviceKey file");
			None
		}
	}
}

fn write_device_key_file(path: &Path, pem: &str) -> std::io::Result<()> {
	use std::io::Write as _;

	if let Some(parent) = path.parent()
		&& !parent.exists()
	{
		return Err(std::io::Error::new(
			std::io::ErrorKind::NotFound,
			"parent directory does not exist",
		));
	}

	// Write to a sibling temp file then rename, so a partial write never
	// leaves a half-readable PEM at the target path.
	let tmp = path.with_extension("pem.tmp");
	{
		let mut opts = std::fs::OpenOptions::new();
		opts.write(true).create_new(true);
		#[cfg(windows)]
		{
			use std::os::windows::fs::OpenOptionsExt as _;
			// FILE_ATTRIBUTE_HIDDEN — tucks the key out of casual Explorer view.
			// The attribute is set on creation so it applies before any bytes
			// land, and survives the rename below.
			const FILE_ATTRIBUTE_HIDDEN: u32 = 0x0000_0002;
			opts.attributes(FILE_ATTRIBUTE_HIDDEN);
		}
		let mut f = opts.open(&tmp)?;
		#[cfg(unix)]
		{
			use std::os::unix::fs::PermissionsExt as _;
			let perms = std::fs::Permissions::from_mode(0o600);
			f.set_permissions(perms)?;
		}
		f.write_all(pem.as_bytes())?;
		f.sync_all()?;
	}
	std::fs::rename(&tmp, path)
}

async fn fetch_device_key_from_db(database_url: &str) -> Option<String> {
	let (client, connection) = match tokio_postgres::connect(database_url, tokio_postgres::NoTls)
		.await
	{
		Ok(c) => c,
		Err(err) => {
			warn!("failed to connect for deviceKey fetch: {err}");
			return None;
		}
	};
	tokio::spawn(async move {
		if let Err(err) = connection.await {
			warn!("deviceKey-fetch connection error: {err}");
		}
	});

	query_device_key_row(&client).await
}

/// Read the tailscale Self node's first IP and DNS name, if tailscale is
/// installed and responding to `status --json`.
pub fn get_tailscale_info() -> (Option<String>, Option<String>) {
	let output = match Command::new("tailscale")
		.arg("status")
		.arg("--json")
		.output()
	{
		Ok(output) if output.status.success() => output,
		Ok(output) => {
			debug!(
				status = %output.status,
				"tailscale status command failed"
			);
			return (None, None);
		}
		Err(e) => {
			debug!(error = %e, "tailscale not available");
			return (None, None);
		}
	};

	let parsed: serde_json::Value = match serde_json::from_slice(&output.stdout) {
		Ok(v) => v,
		Err(e) => {
			warn!(error = %e, "failed to parse tailscale status JSON");
			return (None, None);
		}
	};

	let self_node = &parsed["Self"];
	let ip = self_node["TailscaleIPs"]
		.as_array()
		.and_then(|ips| ips.first())
		.and_then(|ip| ip.as_str())
		.map(String::from);
	let name = self_node["DNSName"]
		.as_str()
		.map(|s| s.trim_end_matches('.').to_string());

	(ip, name)
}

/// Linux: read `systemd-detect-virt`'s output. Returns `None` if the command
/// is unavailable. The string is whatever systemd reports (e.g. `kvm`, `lxc`,
/// `none` for bare metal).
pub fn detect_virtualisation() -> Option<String> {
	let output = Command::new("systemd-detect-virt").output().ok()?;

	let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
	if stdout.is_empty() {
		return None;
	}

	Some(stdout)
}

#[cfg(test)]
mod tests {
	use std::sync::Mutex;

	use tokio_postgres::NoTls;

	use super::*;

	static DB_TEST_MUTEX: Mutex<()> = Mutex::new(());

	async fn test_db_client() -> tokio_postgres::Client {
		let url = std::env::var("DATABASE_URL").expect("DATABASE_URL must be set for tests");
		let (client, connection) = tokio_postgres::connect(&url, NoTls).await.unwrap();
		tokio::spawn(async move {
			if let Err(e) = connection.await {
				eprintln!("connection error: {e}");
			}
		});

		client
			.batch_execute(
				"CREATE TABLE IF NOT EXISTS local_system_facts (
					key TEXT PRIMARY KEY,
					value TEXT NOT NULL
				)",
			)
			.await
			.unwrap();
		client
			.execute(
				"DELETE FROM local_system_facts WHERE key = 'metaServerId'",
				&[],
			)
			.await
			.unwrap();

		client
	}

	#[tokio::test]
	async fn test_get_or_create_server_id_generates_new() {
		let _lock = DB_TEST_MUTEX.lock().unwrap();
		let client = test_db_client().await;

		let id = get_or_create_server_id(&client).await.unwrap();
		assert!(!id.is_empty());
		uuid::Uuid::parse_str(&id).expect("should be a valid UUID");

		let row = client
			.query_one(
				"SELECT value FROM local_system_facts WHERE key = 'metaServerId'",
				&[],
			)
			.await
			.unwrap();
		let stored: String = row.get(0);
		assert_eq!(stored, id);
	}

	#[tokio::test]
	async fn test_get_or_create_server_id_returns_existing() {
		let _lock = DB_TEST_MUTEX.lock().unwrap();
		let client = test_db_client().await;

		client
			.execute(
				"INSERT INTO local_system_facts (key, value) VALUES ('metaServerId', 'existing-id-123')",
				&[],
			)
			.await
			.unwrap();

		let id = get_or_create_server_id(&client).await.unwrap();
		assert_eq!(id, "existing-id-123");
	}

	#[tokio::test]
	async fn test_get_or_create_server_id_is_stable() {
		let _lock = DB_TEST_MUTEX.lock().unwrap();
		let client = test_db_client().await;

		let id1 = get_or_create_server_id(&client).await.unwrap();
		let id2 = get_or_create_server_id(&client).await.unwrap();
		assert_eq!(id1, id2);
	}

	#[test]
	fn read_device_key_file_returns_none_for_missing() {
		let dir = tempfile::tempdir().unwrap();
		let path = dir.path().join("missing.pem");
		assert!(read_device_key_file(&path).is_none());
	}

	#[test]
	fn read_device_key_file_returns_contents() {
		let dir = tempfile::tempdir().unwrap();
		let path = dir.path().join("device.pem");
		std::fs::write(&path, "PEM CONTENT").unwrap();
		assert_eq!(read_device_key_file(&path).as_deref(), Some("PEM CONTENT"));
	}

	#[test]
	fn read_device_key_file_treats_empty_as_missing() {
		let dir = tempfile::tempdir().unwrap();
		let path = dir.path().join("empty.pem");
		std::fs::write(&path, "   \n").unwrap();
		assert!(read_device_key_file(&path).is_none());
	}

	#[test]
	fn write_device_key_file_creates_and_roundtrips() {
		let dir = tempfile::tempdir().unwrap();
		let path = dir.path().join("device.pem");
		write_device_key_file(&path, "PEM").unwrap();
		assert_eq!(std::fs::read_to_string(&path).unwrap(), "PEM");

		#[cfg(unix)]
		{
			use std::os::unix::fs::PermissionsExt as _;
			let mode = std::fs::metadata(&path).unwrap().permissions().mode();
			assert_eq!(mode & 0o777, 0o600);
		}
	}

	#[test]
	fn write_device_key_file_errors_when_parent_missing() {
		let dir = tempfile::tempdir().unwrap();
		let path = dir.path().join("nope").join("device.pem");
		assert!(write_device_key_file(&path, "PEM").is_err());
	}

	#[test]
	fn write_device_key_file_refuses_to_overwrite() {
		let dir = tempfile::tempdir().unwrap();
		let path = dir.path().join("device.pem");
		std::fs::write(&path, "OLD").unwrap();
		// The temp file create_new path collides if a previous attempt left it
		// behind; the rename then overwrites. Easier check: the function
		// succeeds-and-replaces here, but the caller never invokes it when
		// `path.exists()` (see fetch_device_key). Just verify the rename
		// behaviour didn't lose data.
		write_device_key_file(&path, "NEW").unwrap();
		assert_eq!(std::fs::read_to_string(&path).unwrap(), "NEW");
	}

	#[test]
	fn read_server_id_file_returns_none_for_missing() {
		let dir = tempfile::tempdir().unwrap();
		assert!(read_server_id_file(&dir.path().join("missing")).is_none());
	}

	#[test]
	fn read_server_id_file_returns_uuid() {
		let dir = tempfile::tempdir().unwrap();
		let path = dir.path().join("server-id");
		let id = "7deb2793-0425-427e-8a19-7213946fa9be";
		std::fs::write(&path, format!("{id}\n")).unwrap();
		assert_eq!(read_server_id_file(&path).as_deref(), Some(id));
	}

	#[test]
	fn read_server_id_file_rejects_non_uuid() {
		let dir = tempfile::tempdir().unwrap();
		let path = dir.path().join("server-id");
		std::fs::write(&path, "not-a-uuid\n").unwrap();
		assert!(read_server_id_file(&path).is_none());
	}

	#[test]
	fn write_server_id_file_roundtrips() {
		let dir = tempfile::tempdir().unwrap();
		let path = dir.path().join("server-id");
		let id = Uuid::new_v4().to_string();
		write_server_id_file(&path, &id).unwrap();
		assert_eq!(read_server_id_file(&path).as_deref(), Some(id.as_str()));

		#[cfg(unix)]
		{
			use std::os::unix::fs::PermissionsExt as _;
			let mode = std::fs::metadata(&path).unwrap().permissions().mode();
			assert_eq!(mode & 0o777, 0o644);
		}
	}
}