From b950297c28470b40adf804e91f9ebd0a983da26a Mon Sep 17 00:00:00 2001 From: Felix Kollmann Date: Sun, 12 Mar 2023 13:59:30 +0100 Subject: [PATCH 1/9] Add Windows Service support https://github.com/GoogleCloudPlatform/cloud-sql-proxy/issues/277 --- .gitignore | 2 + go.mod | 1 + go.sum | 2 + main.go => main_linux.go | 0 main_windows.go | 113 ++++++++++++++++++++++++++++++++++++ windows-service-guide.md | 76 ++++++++++++++++++++++++ windows_install_service.bat | 14 +++++ windows_remove_service.bat | 10 ++++ 8 files changed, 218 insertions(+) rename main.go => main_linux.go (100%) create mode 100644 main_windows.go create mode 100644 windows-service-guide.md create mode 100644 windows_install_service.bat create mode 100644 windows_remove_service.bat diff --git a/.gitignore b/.gitignore index adbe94a4e..42bf21dcd 100644 --- a/.gitignore +++ b/.gitignore @@ -6,5 +6,7 @@ .vscode/ /cloud-sql-proxy +/cloud-sql-proxy.exe /key.json +/logs/ diff --git a/go.mod b/go.mod index ceae26d86..2a5d149a9 100644 --- a/go.mod +++ b/go.mod @@ -72,6 +72,7 @@ require ( google.golang.org/grpc v1.54.0 // indirect google.golang.org/protobuf v1.30.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect + gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 81142847e..2d1d94a7a 100644 --- a/go.sum +++ b/go.sum @@ -1821,6 +1821,8 @@ gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= +gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= +gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce h1:+JknDZhAj8YMt7GC73Ei8pv4MzjDUNPHgQWJdtMAaDU= gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:5AcXVHNjg+BDxry382+8OKon8SEWiKktQR07RKPsv1c= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= diff --git a/main.go b/main_linux.go similarity index 100% rename from main.go rename to main_linux.go diff --git a/main_windows.go b/main_windows.go new file mode 100644 index 000000000..4c41984dc --- /dev/null +++ b/main_windows.go @@ -0,0 +1,113 @@ +package main + +import ( + "context" + "errors" + "github.com/GoogleCloudPlatform/cloud-sql-proxy/v2/cmd" + "github.com/GoogleCloudPlatform/cloud-sql-proxy/v2/internal/log" + "golang.org/x/sys/windows/svc" + "gopkg.in/natefinch/lumberjack.v2" + "os" + "path/filepath" + "time" +) + +type windowsService struct{} + +func (m *windowsService) Execute(_ []string, r <-chan svc.ChangeRequest, changes chan<- svc.Status) (bool, uint32) { + // start the service + changes <- svc.Status{State: svc.StartPending} + + // set up the log file + exePath, err := os.Executable() + if err != nil { + changes <- svc.Status{State: svc.StopPending} + return true, 101 // service specific exit code=101 + } + + logFolder := filepath.Join(filepath.Dir(exePath), "logs") + os.Mkdir(logFolder, 0644) // ignore all errors + + logFile := &lumberjack.Logger{ + Filename: filepath.Join(logFolder, "cloud-sql-proxy.log"), + MaxSize: 50, // megabytes + MaxBackups: 10, + MaxAge: 30, //days + } + + logger := log.NewStdLogger(logFile, logFile) + logger.Infof("Starting...") + + // start the main command + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + app := cmd.NewCommand(cmd.WithLogger(logger)) + + cmdErrCh := make(chan error, 1) + go func() { + cmdErrCh <- app.ExecuteContext(ctx) + }() + + // now running + changes <- svc.Status{State: svc.Running, Accepts: svc.AcceptStop | svc.AcceptShutdown} + + var cmdErr error + +loop: + for { + select { + case err := <-cmdErrCh: + cmdErr = err + break loop + + case c := <-r: + switch c.Cmd { + case svc.Interrogate: + changes <- c.CurrentStatus + // testing deadlock from https://code.google.com/p/winsvc/issues/detail?id=4 + time.Sleep(100 * time.Millisecond) + changes <- c.CurrentStatus + + case svc.Stop, svc.Shutdown: + cancel() + + default: + logger.Errorf("unexpected control request #%d", c) + } + } + } + + // start shutting down + logger.Infof("Stopping...") + + changes <- svc.Status{State: svc.StopPending} + + if cmdErr != nil && errors.Is(cmdErr, context.Canceled) { + logger.Errorf("Unexpected error: %v", cmdErr) + return true, 2 + } + + return false, 0 +} + +func main() { + // determine if running as a windows service + inService, err := svc.IsWindowsService() + if err != nil { + os.Exit(99) // failed to determine service status + return + } + + // running as service? + if inService { + err := svc.Run("cloud-sql-proxy", &windowsService{}) + if err != nil { + os.Exit(100) // failed to execute service + return + } + } + + // run as commandline + cmd.Execute() +} diff --git a/windows-service-guide.md b/windows-service-guide.md new file mode 100644 index 000000000..7a8ff9e76 --- /dev/null +++ b/windows-service-guide.md @@ -0,0 +1,76 @@ +# Cloud SQL Auth Proxy Windows Service Guide + +This document covers running the *Cloud SQL Auth Proxy* as service +on the Windows operating system. + +It was originally built and tested using Go 1.20.2 on Windows Server 2019. + +## Install the Windows Service + +First, install the binary by: + +1. Create a new empty folder e.g. `C:\Program Files\cloud-sql-proxy` +2. Copy the binary and helper batch files +3. Grant *read & execute* access to the `Network Service` user +4. Create a `logs` sub-folder +5. Grant *modify* access to the `Network Service` user + +After that, perform the setup: + +1. Copy the JSON credentials file, if required +2. Modify the `windows_install_service.bat` file to your needs +3. Run the `windows_install_service.bat` file from the commandline + +Please see the FAQ below for common error messages. + +## Uninstall the Windows Service + +To uninstall the Windows Service, perform the following steps: + +1. Modify the `windows_remove_service.bat` file to your needs +2. Run the `windows_remove_service.bat` file from the commandline + +## FAQ + +### Error Message: *Access is denied* + +The error message `Access is denied.` (or `System error 5 has occurred.`) occurs when +trying to start the installed service but the service account does not have access +to the service's file directory. + +Usually this is the *Network Service* built-in user. + +Please note that write access is also required for creating and managing the log files, e.g.: + +- `cloud-sql-proxy.log` +- `cloud-sql-proxy-2016-11-04T18-30-00.000.log` + +### Error Message: *The specified service has been marked for deletion.* + +The error message `The specified service has been marked for deletion.` occurs when +reinstalling the service and the previous deletion request could not be completed +(e.g. because the service was still running or opened in the service manager). + +In this case, the local machine needs to be restarted. + +### Why not running as the *System* user? + +Since the Cloud Proxy does not require and file system access, besides the log files, +extensive operating system access is not required. + +The *Network Service* accounts allow binding ports while not granting +access to file system resources. + +### Why not using *Automatic (Delayed Start)* startup type? + +The service is installed in the *Automatic* startup type, by default. + +The alternative *Automatic (Delayed Start)* startup type was introduced +by Microsoft for services that are not required for operating system operations +like Windows Update and similar services. + +However, if the primary purpose of the local machine is to provide services +which require access to the cloud database, then the start of the service +should not be delayed. + +Delayed services might be started even minutes after operating system startup. diff --git a/windows_install_service.bat b/windows_install_service.bat new file mode 100644 index 000000000..2c4be1506 --- /dev/null +++ b/windows_install_service.bat @@ -0,0 +1,14 @@ +@echo off + +setlocal + +set SERVICE=cloud-sql-proxy +set DISPLAYNAME=Google Cloud SQL Auth Proxy +set CREDENTIALSFILE=%~dp0key.json +set CONNECTIONNAME=project-id:region:db-instance + +sc.exe create "%SERVICE%" binPath= "\"%~dp0cloud-sql-proxy.exe\" --credentials-file \"%CREDENTIALSFILE%\" %CONNECTIONNAME%" obj= "NT AUTHORITY\Network Service" start= auto displayName= "%DISPLAYNAME%" +sc.exe failure "%SERVICE%" reset= 0 actions= restart/0/restart/0/restart/0 +net start "%SERVICE%" + +endlocal diff --git a/windows_remove_service.bat b/windows_remove_service.bat new file mode 100644 index 000000000..387436b47 --- /dev/null +++ b/windows_remove_service.bat @@ -0,0 +1,10 @@ +@echo off + +setlocal + +set SERVICE=cloud-sql-proxy + +net stop "%SERVICE%" +sc.exe delete "%SERVICE%" + +endlocal From ac81d938aa195e696679bdb1b683c2d6f6ea495f Mon Sep 17 00:00:00 2001 From: Felix Kollmann Date: Sun, 12 Mar 2023 14:09:48 +0100 Subject: [PATCH 2/9] Fix missing license header --- main_windows.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/main_windows.go b/main_windows.go index 4c41984dc..5a3473f1a 100644 --- a/main_windows.go +++ b/main_windows.go @@ -1,3 +1,17 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package main import ( From 2cd03f331321568357c75b9b0ea6875bf5d7d5fd Mon Sep 17 00:00:00 2001 From: Felix Kollmann Date: Sun, 12 Mar 2023 14:10:51 +0100 Subject: [PATCH 3/9] Fix missing license header II --- main_windows.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main_windows.go b/main_windows.go index 5a3473f1a..e4e2316bf 100644 --- a/main_windows.go +++ b/main_windows.go @@ -1,4 +1,4 @@ -// Copyright 2022 Google LLC +// Copyright 2023 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. From 903cdd3e93ae588500dc7f5bd4575ebbc733fd28 Mon Sep 17 00:00:00 2001 From: Felix Kollmann Date: Mon, 27 Mar 2023 21:40:51 +0200 Subject: [PATCH 4/9] Change windows service guide --- windows-service-guide.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows-service-guide.md b/windows-service-guide.md index 7a8ff9e76..51bde0423 100644 --- a/windows-service-guide.md +++ b/windows-service-guide.md @@ -7,12 +7,14 @@ It was originally built and tested using Go 1.20.2 on Windows Server 2019. ## Install the Windows Service +Prerequisites: A built binary for Windows of the Cloud SQL Auth Proxy is required. Either build it from source or [download a release](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/releases) of a Windows pre-built version, e.g. `cloud-sql-proxy.x64.exe`. + First, install the binary by: -1. Create a new empty folder e.g. `C:\Program Files\cloud-sql-proxy` +1. Create a new empty folder, e.g. `C:\Program Files\cloud-sql-proxy` 2. Copy the binary and helper batch files 3. Grant *read & execute* access to the `Network Service` user -4. Create a `logs` sub-folder +4. Create a `logs` sub-folder, e.g. `C:\Program Files\cloud-sql-proxy\logs` 5. Grant *modify* access to the `Network Service` user After that, perform the setup: From 3f45cb6d0896e975c3cfc44524b31490a98fc96b Mon Sep 17 00:00:00 2001 From: Felix Kollmann Date: Mon, 27 Mar 2023 21:41:51 +0200 Subject: [PATCH 5/9] Change Go import ordering --- main_windows.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/main_windows.go b/main_windows.go index e4e2316bf..416f9ea19 100644 --- a/main_windows.go +++ b/main_windows.go @@ -17,13 +17,14 @@ package main import ( "context" "errors" + "os" + "path/filepath" + "time" + "github.com/GoogleCloudPlatform/cloud-sql-proxy/v2/cmd" "github.com/GoogleCloudPlatform/cloud-sql-proxy/v2/internal/log" "golang.org/x/sys/windows/svc" "gopkg.in/natefinch/lumberjack.v2" - "os" - "path/filepath" - "time" ) type windowsService struct{} From 0bd0ea581b1ea4f1e36206b63d87e944df6b5a92 Mon Sep 17 00:00:00 2001 From: Felix Kollmann Date: Mon, 27 Mar 2023 21:42:36 +0200 Subject: [PATCH 6/9] Fix issue link in comment --- main_windows.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main_windows.go b/main_windows.go index 416f9ea19..1b7bf3d84 100644 --- a/main_windows.go +++ b/main_windows.go @@ -80,7 +80,7 @@ loop: switch c.Cmd { case svc.Interrogate: changes <- c.CurrentStatus - // testing deadlock from https://code.google.com/p/winsvc/issues/detail?id=4 + // testing deadlock from https://code.google.com/archive/p/winsvc/issues/4 time.Sleep(100 * time.Millisecond) changes <- c.CurrentStatus From 7523ed5d13e7e0c5e9e0c774bc0d4d9351078233 Mon Sep 17 00:00:00 2001 From: Felix Kollmann Date: Wed, 19 Apr 2023 10:43:42 +0200 Subject: [PATCH 7/9] Change main file to use build tag comments (instead of using build tag filename convention) --- main_linux.go => main.go | 3 +++ 1 file changed, 3 insertions(+) rename main_linux.go => main.go (94%) diff --git a/main_linux.go b/main.go similarity index 94% rename from main_linux.go rename to main.go index 81401f9b8..d9188054f 100644 --- a/main_linux.go +++ b/main.go @@ -12,6 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build !windows +// +build !windows + package main import ( From 2f37518a6d99a7b59d9216a7afd98e0f226f1f12 Mon Sep 17 00:00:00 2001 From: Felix Kollmann Date: Wed, 19 Apr 2023 10:45:36 +0200 Subject: [PATCH 8/9] Fix lint error --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 2a5d149a9..104d23515 100644 --- a/go.mod +++ b/go.mod @@ -19,6 +19,7 @@ require ( golang.org/x/oauth2 v0.7.0 golang.org/x/sys v0.7.0 google.golang.org/api v0.118.0 + gopkg.in/natefinch/lumberjack.v2 v2.2.1 ) require ( @@ -72,7 +73,6 @@ require ( google.golang.org/grpc v1.54.0 // indirect google.golang.org/protobuf v1.30.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) From 06bb5ef6e174a98608034c1ce7c6120626c2312a Mon Sep 17 00:00:00 2001 From: Felix Kollmann Date: Wed, 19 Apr 2023 11:11:56 +0200 Subject: [PATCH 9/9] Change windows service guide --- windows-service-guide.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/windows-service-guide.md b/windows-service-guide.md index 51bde0423..454016a13 100644 --- a/windows-service-guide.md +++ b/windows-service-guide.md @@ -12,10 +12,17 @@ Prerequisites: A built binary for Windows of the Cloud SQL Auth Proxy is require First, install the binary by: 1. Create a new empty folder, e.g. `C:\Program Files\cloud-sql-proxy` -2. Copy the binary and helper batch files -3. Grant *read & execute* access to the `Network Service` user -4. Create a `logs` sub-folder, e.g. `C:\Program Files\cloud-sql-proxy\logs` -5. Grant *modify* access to the `Network Service` user +2. Copy the binary and helper batch files +3. Modify the batch files as needed: + - `SERVICE` is the Windows internal service name (as shown in the Task Manager) + - `DISPLAYNAME` is the service name (as shown in the Windows Administration Console (MMC)) + - `CREDENTIALSFILE` is the *full* path to the credentials file, where `%~dp0` points to the full path of the script file folder. + - `CONNECTIONNAME` is the Google SQL connection name in the format of `project-id:region:db-instance` + - Please note that the `--credentials-file \"%CREDENTIALSFILE%\"` argument is optional and is not needed if the local machine runs within the Google Cloud Compute Engine and "defaults" to the VM instance service account. +4. Grant *read & execute* access to the `Network Service` user +5. Create a `logs` sub-folder, e.g. `C:\Program Files\cloud-sql-proxy\logs` +6. Grant *modify* access to the `Network Service` user +7. Run the `windows_install_service.bat` batch file within an *elevated* command line prompt (read: *Run as Administrator*). After that, perform the setup: