Alteration for version passing

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>

.gitignore

@@ -1,3 +1,7 @@
 /faasd
 hosts
 /resolv.conf
+.idea/
+
+basic-auth-user
+basic-auth-password

Gopkg.lock

@@ -45,6 +45,14 @@
   revision = "961405ea754427780f2151adff607fa740d377f7"
   version = "0.3.0"
 
+[[projects]]
+  digest = "1:6076d857867a70e87dd1994407deb142f27436f1293b13e75cc053192d14eb0c"
+  name = "github.com/alexellis/k3sup"
+  packages = ["pkg/env"]
+  pruneopts = "UT"
+  revision = "f9a4adddc732742a9ee7962609408fb0999f2d7b"
+  version = "0.7.1"
+
 [[projects]]
   digest = "1:386ca0ac781cc1b630b3ed21725759770174140164b3faf3810e6ed6366a970b"
   name = "github.com/containerd/containerd"
@@ -265,6 +273,14 @@
   revision = "ba968bfe8b2f7e042a574c888954fccecfa385b4"
   version = "v0.8.1"
 
+[[projects]]
+  digest = "1:044c51736e2688a3e4f28f72537f8a7b3f9c188fab4477d5334d92dfe2c07ed5"
+  name = "github.com/sethvargo/go-password"
+  packages = ["password"]
+  pruneopts = "UT"
+  revision = "07c3d521e892540e71469bb0312866130714c038"
+  version = "v0.1.3"
+
 [[projects]]
   digest = "1:fd61cf4ae1953d55df708acb6b91492d538f49c305b364a014049914495db426"
   name = "github.com/sirupsen/logrus"
@@ -449,6 +465,7 @@
   analyzer-version = 1
   input-imports = [
     "github.com/alexellis/go-execute/pkg/v1",
+    "github.com/alexellis/k3sup/pkg/env",
     "github.com/containerd/containerd",
     "github.com/containerd/containerd/cio",
     "github.com/containerd/containerd/containers",
@@ -457,6 +474,7 @@
     "github.com/containerd/containerd/oci",
     "github.com/morikuni/aec",
     "github.com/opencontainers/runtime-spec/specs-go",
+    "github.com/sethvargo/go-password/password",
     "github.com/spf13/cobra",
     "github.com/vishvananda/netlink",
     "github.com/vishvananda/netns",

Gopkg.toml

@@ -10,6 +10,9 @@
   name = "github.com/spf13/cobra"
   version = "0.0.5"
 
+[[constraint]]
+  name = "github.com/alexellis/k3sup"
+  version = "0.7.1"
 
 [[constraint]]
   name = "github.com/alexellis/go-execute"
@@ -18,3 +21,7 @@
 [prune]
   go-tests = true
   unused-packages = true
+
+[[constraint]]
+  name = "github.com/sethvargo/go-password"
+  version = "0.1.3"

Makefile

@@ -1,6 +1,6 @@
 Version := $(shell git describe --tags --dirty)
 GitCommit := $(shell git rev-parse HEAD)
-LDFLAGS := "-s -w -X pkg.Version=$(Version) -X pkg.GitCommit=$(GitCommit)"
+LDFLAGS := "-s -w -X main.Version=$(Version) -X main.GitCommit=$(GitCommit)"
 
 .PHONY: all
 all: local

README.md

@@ -24,64 +24,84 @@ You can use the standard [faas-cli](https://github.com/openfaas/faas-cli) with f
 * `faas describe` 
 * `faas deploy --update=true --replace=false`
 * `faas invoke`
+* `faas invoke --async`
 
 Other operations are pending development in the provider.
 
 ### Pre-reqs
 
-* Linux - ideally Ubuntu, which is used for testing.
+* Linux - ideally Ubuntu, which is used for testing
 * Installation steps as per [faas-containerd](https://github.com/alexellis/faas-containerd) for building and for development
+    * [netns](https://github.com/genuinetools/netns/releases) binary in `$PATH`
+    * [containerd v1.3.2](https://github.com/containerd/containerd)
 * [faas-cli](https://github.com/openfaas/faas-cli) (optional)
 
 ## Backlog
 
-* Use CNI to create network namespaces and adapters
-* Inject / manage IPs between core components for service to service communication - i.e. so Prometheus can scrape the OpenFaaS gateway
-* Monitor and restart any of the core components, if they crash
-* Configure `basic_auth` to protect the OpenFaaS gateway and faas-containerd HTTP API
-* Self-install / create systemd service on start-up using [go-systemd](https://github.com/coreos/go-systemd)
-* Bundle/package/automate installation of containerd - [see bootstrap from k3s](https://github.com/rancher/k3s)
-* Create [faasd.service](https://github.com/rancher/k3s/blob/master/k3s.service)
+Pending:
 
+* [ ] Use CNI to create network namespaces and adapters
+* [ ] Monitor and restart any of the core components at runtime if the container stops
+* [ ] Bundle/package/automate installation of containerd - [see bootstrap from k3s](https://github.com/rancher/k3s)
+* [ ] Provide ufw rules / example for blocking access to everything but a reverse proxy to the gateway container
 
-## Hacking
+Done:
+
+* [x] Inject / manage IPs between core components for service to service communication - i.e. so Prometheus can scrape the OpenFaaS gateway - done via `/etc/hosts` mount
+* [x] Add queue-worker and NATS
+* [x] Create faasd.service and faas-containerd.service
+* [x] Self-install / create systemd service via `faasd install`
+* [x] Restart containers upon restart of faasd
+* [x] Clear / remove containers and tasks with SIGTERM / SIGINT
+* [x] Determine armhf/arm64 containers to run for gateway
+* [x] Configure `basic_auth` to protect the OpenFaaS gateway and faas-containerd HTTP API
+
+## Hacking (build from source)
 
 First run faas-containerd
 
 ```sh
 cd $GOPATH/src/github.com/alexellis/faas-containerd
-go build && sudo ./faas-containerd
+
+# You'll need to install containerd and its pre-reqs first
+# https://github.com/alexellis/faas-containerd/
+
+sudo ./faas-containerd
 ```
 
 Then run faasd, which brings up the gateway and Prometheus as containers
 
 ```sh
 cd $GOPATH/src/github.com/alexellis/faasd
-go build && sudo ./faasd
+go build
+
+# Install with systemd
+# sudo ./faasd install
+
+# Or run interactively
+# sudo ./faasd up
 ```
 
-Or get from binaries:
-
-
-### Build and run
+### Build and run (binaries)
 
 ```sh
 # For x86_64
-sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.2.1/faasd" \
+sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.3.1/faasd" \
     -o "/usr/local/bin/faasd" \
     && sudo chmod a+x "/usr/local/bin/faasd"
 
 # armhf
-sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.2.1/faasd-armhf" \
+sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.3.1/faasd-armhf" \
     -o "/usr/local/bin/faasd" \
     && sudo chmod a+x "/usr/local/bin/faasd"
 
 # arm64
-sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.2.1/faasd-arm64" \
+sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.3.1/faasd-arm64" \
     -o "/usr/local/bin/faasd" \
     && sudo chmod a+x "/usr/local/bin/faasd"
 ```
 
+### At run-time
 
 Look in `hosts` in the current working folder to get the IP for the gateway or Prometheus
 
@@ -91,20 +111,39 @@ Look in `hosts` in the current working folder to get the IP for the gateway or P
 172.19.0.2      prometheus
 
 172.19.0.3      gateway
+172.19.0.4      nats
+172.19.0.5      queue-worker
 ```
 
 Since faas-containerd uses containerd heavily it is not running as a container, but as a stand-alone process. Its port is available via the bridge interface, i.e. netns0.
 
-Now go to the gateway's IP address as shown above on port 8080, i.e. http://172.19.0.3:8080 - you can also use this address to deploy OpenFaaS Functions via the `faas-cli`. 
+* Prometheus will run on the Prometheus IP plus port 8080 i.e. http://172.19.0.2:9090/targets
+
+* faas-containerd runs on 172.19.0.1:8081
+
+* Now go to the gateway's IP address as shown above on port 8080, i.e. http://172.19.0.3:8080 - you can also use this address to deploy OpenFaaS Functions via the `faas-cli`. 
+
+* basic-auth
+
+    You will then need to get the basic-auth password, it is written to `$GOPATH/src/github.com/alexellis/faasd/basic-auth-password` if you followed the above instructions.
+The default Basic Auth username is `admin`, which is written to `$GOPATH/src/github.com/alexellis/faasd/basic-auth-user`, if you wish to use a non-standard user then create this file and add your username (no newlines or other characters) 
+
+#### Installation with systemd
+
+* `faasd install` - install faasd and containerd with systemd, run in `$GOPATH/src/github.com/alexellis/faasd`
+* `journalctl -u faasd` - faasd systemd logs
+* `journalctl -u faas-containerd` - faas-containerd systemd logs
+
+### Appendix
 
 Removing containers:
 
 ```sh
-echo faas-containerd gateway prometheus |xargs sudo ctr task rm -f
+echo faas-containerd gateway prometheus | xargs sudo ctr task rm -f
 
-echo faas-containerd gateway prometheus |xargs sudo ctr container rm
+echo faas-containerd gateway prometheus | xargs sudo ctr container rm
 
-echo faas-containerd gateway prometheus |xargs sudo ctr snapshot rm
+echo faas-containerd gateway prometheus | xargs sudo ctr snapshot rm
 ```
 
 ## Links
@@ -117,4 +156,3 @@ https://github.com/containernetworking/plugins
 
 https://github.com/containerd/go-cni
 
-

cmd/install.go

@@ -23,6 +23,11 @@ func runInstall(_ *cobra.Command, _ []string) error {
 		return err
 	}
 
+	err = binExists("/usr/local/bin/", "faasd")
+	if err != nil {
+		return err
+	}
+
 	err = binExists("/usr/local/bin/", "netns")
 	if err != nil {
 		return err

cmd/root.go

@@ -3,19 +3,10 @@ package cmd
 import (
 	"fmt"
 
-	"github.com/alexellis/faasd/pkg"
 	"github.com/morikuni/aec"
 	"github.com/spf13/cobra"
 )
 
-var (
-	// Version as per git repo
-	Version string
-
-	// GitCommit as per git repo
-	GitCommit string
-)
-
 // WelcomeMessage to introduce ofc-bootstrap
 const WelcomeMessage = "Welcome to faasd"
 
@@ -25,39 +16,14 @@ func init() {
 	rootCommand.AddCommand(installCmd)
 }
 
-var rootCommand = &cobra.Command{
-	Use:   "faasd",
-	Short: "Start faasd",
-	Long: `
-faasd - serverless without Kubernetes
-`,
-	RunE:         runRootCommand,
-	SilenceUsage: true,
-}
-
-var versionCmd = &cobra.Command{
-	Use:   "version",
-	Short: "Display version information.",
-	Run:   parseBaseCommand,
-}
-
-func getVersion() string {
-	if len(Version) != 0 {
-		return Version
-	}
-	return "dev"
-}
-
-func parseBaseCommand(_ *cobra.Command, _ []string) {
-	printLogo()
-
-	fmt.Printf(
-		`faasd
-Commit: %s
-Version: %s
-`, pkg.GitCommit, pkg.GetVersion())
-}
+var (
+	// GitCommit Git Commit SHA
+	GitCommit string
+	// Version version of the CLI
+	Version string
+)
 
+// Execute faasd
 func Execute(version, gitCommit string) error {
 
 	// Get Version and GitCommit values from main.go.
@@ -70,6 +36,16 @@ func Execute(version, gitCommit string) error {
 	return nil
 }
 
+var rootCommand = &cobra.Command{
+	Use:   "faasd",
+	Short: "Start faasd",
+	Long: `
+faasd - serverless without Kubernetes
+`,
+	RunE:         runRootCommand,
+	SilenceUsage: true,
+}
+
 func runRootCommand(cmd *cobra.Command, args []string) error {
 
 	printLogo()
@@ -78,7 +54,39 @@ func runRootCommand(cmd *cobra.Command, args []string) error {
 	return nil
 }
 
+var versionCmd = &cobra.Command{
+	Use:   "version",
+	Short: "Display version information.",
+	Run:   parseBaseCommand,
+}
+
+func parseBaseCommand(_ *cobra.Command, _ []string) {
+	printLogo()
+
+	fmt.Printf(
+		`faasd
+Commit: %s
+Version: %s
+`, GitCommit, GetVersion())
+}
+
 func printLogo() {
-	logoText := aec.WhiteF.Apply(pkg.Logo)
+	logoText := aec.WhiteF.Apply(Logo)
 	fmt.Println(logoText)
 }
+
+// GetVersion get latest version
+func GetVersion() string {
+	if len(Version) == 0 {
+		return "dev"
+	}
+	return Version
+}
+
+// Logo for version and root command
+const Logo = `  __                     _ 
+ / _| __ _  __ _ ___  __| |
+| |_ / _` + "`" + ` |/ _` + "`" + ` / __|/ _` + "`" + ` |
+|  _| (_| | (_| \__ \ (_| |
+|_|  \__,_|\__,_|___/\__,_|
+`

cmd/up.go

@@ -2,6 +2,8 @@ package cmd
 
 import (
 	"fmt"
+	"github.com/pkg/errors"
+	"io/ioutil"
 	"log"
 	"os"
 	"os/signal"
@@ -11,6 +13,8 @@ import (
 	"time"
 
 	"github.com/alexellis/faasd/pkg"
+	"github.com/alexellis/k3sup/pkg/env"
+	"github.com/sethvargo/go-password/password"
 	"github.com/spf13/cobra"
 )
 
@@ -22,7 +26,31 @@ var upCmd = &cobra.Command{
 
 func runUp(_ *cobra.Command, _ []string) error {
 
-	services := makeServiceDefinitions()
+	clientArch, clientOS := env.GetClientArch()
+
+	if clientOS != "Linux" {
+		return fmt.Errorf("You can only use faasd on Linux")
+	}
+	clientSuffix := ""
+	switch clientArch {
+	case "x86_64":
+		clientSuffix = ""
+		break
+	case "armhf":
+	case "armv7l":
+		clientSuffix = "-armhf"
+		break
+	case "arm64":
+	case "aarch64":
+		clientSuffix = "-arm64"
+	}
+
+	authFileErr := errors.Wrap(makeBasicAuthFiles(), "Could not create gateway auth files")
+	if authFileErr != nil {
+		return authFileErr
+	}
+
+	services := makeServiceDefinitions(clientSuffix)
 
 	start := time.Now()
 	supervisor, err := pkg.NewSupervisor("/run/containerd/containerd.sock")
@@ -45,6 +73,7 @@ func runUp(_ *cobra.Command, _ []string) error {
 	log.Printf("Supervisor init done in: %s\n", time.Since(start).String())
 
 	shutdownTimeout := time.Second * 1
+	timeout := time.Second * 60
 
 	wg := sync.WaitGroup{}
 	wg.Add(1)
@@ -65,14 +94,80 @@ func runUp(_ *cobra.Command, _ []string) error {
 		})
 	}()
 
+	go func() {
+		wd, _ := os.Getwd()
+		proxy := pkg.NewProxy(path.Join(wd, "hosts"), timeout)
+		proxy.Start()
+	}()
+
 	wg.Wait()
 	return nil
 }
 
-func makeServiceDefinitions() []pkg.Service {
+func makeBasicAuthFiles() error {
+	wd, _ := os.Getwd()
+	pwdFile := wd + "/basic-auth-password"
+	authPassword, err := password.Generate(63, 10, 0, false, true)
+
+	if err != nil {
+		return err
+	}
+
+	err = makeFile(pwdFile, authPassword)
+	if err != nil {
+		return err
+	}
+
+	userFile := wd + "/basic-auth-user"
+	err = makeFile(userFile, "admin")
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func makeFile(filePath, fileContents string) error {
+	_, err := os.Stat(filePath)
+	if err == nil {
+		log.Printf("File exists: %q, Using data from this file",filePath)
+		return nil
+	} else if os.IsNotExist(err) {
+		log.Printf("Writing file: %q", filePath)
+		return ioutil.WriteFile(filePath, []byte(fileContents), 0644)
+	} else {
+		return err
+	}
+}
+
+func makeServiceDefinitions(archSuffix string) []pkg.Service {
 	wd, _ := os.Getwd()
 
+	secretMountDir := "/run/secrets/"
+
 	return []pkg.Service{
+		pkg.Service{
+			Name:   "basic-auth-plugin",
+			Image:  "docker.io/openfaas/basic-auth-plugin:0.18.10" + archSuffix,
+			Env: []string{
+				"port=8080",
+				"secret_mount_path=" + secretMountDir,
+				"user_filename=basic-auth-user",
+				"pass_filename=basic-auth-password",
+			},
+			Mounts: []pkg.Mount{
+				pkg.Mount{
+					Src:path.Join(wd, "/basic-auth-password"),
+					Dest:secretMountDir + "basic-auth-password",
+				},
+				pkg.Mount{
+					Src:  path.Join(wd, "/basic-auth-user"),
+					Dest: secretMountDir + "basic-auth-user",
+				},
+			},
+			Caps: []string{"CAP_NET_RAW"},
+			Args:   nil,
+		},
 		pkg.Service{
 			Name:  "nats",
 			Env:   []string{""},
@@ -95,7 +190,7 @@ func makeServiceDefinitions() []pkg.Service {
 		pkg.Service{
 			Name: "gateway",
 			Env: []string{
-				"basic_auth=false",
+				"basic_auth=true",
 				"functions_provider_url=http://faas-containerd:8081/",
 				"direct_functions=false",
 				"read_timeout=60s",
@@ -103,9 +198,21 @@ func makeServiceDefinitions() []pkg.Service {
 				"upstream_timeout=65s",
 				"faas_nats_address=nats",
 				"faas_nats_port=4222",
+				"auth_proxy_url=http://basic-auth-plugin:8080/validate",
+				"auth_proxy_pass_body=false",
+				"secret_mount_path=" + secretMountDir,
+			},
+			Image:  "docker.io/openfaas/gateway:0.18.8" + archSuffix,
+			Mounts: []pkg.Mount{
+				pkg.Mount{
+					Src:path.Join(wd, "/basic-auth-password"),
+					Dest:secretMountDir + "basic-auth-password",
+				},
+				pkg.Mount{
+					Src:  path.Join(wd, "/basic-auth-user"),
+					Dest: secretMountDir + "basic-auth-user",
+				},
 			},
-			Image:  "docker.io/openfaas/gateway:0.18.7",
-			Mounts: []pkg.Mount{},
 			Caps:   []string{"CAP_NET_RAW"},
 		},
 		pkg.Service{
@@ -117,10 +224,21 @@ func makeServiceDefinitions() []pkg.Service {
 				"faas_gateway_address=gateway",
 				"ack_wait=5m5s",
 				"max_inflight=1",
-				"faas_print_body=true",
+				"write_debug=false",
+				"basic_auth=true",
+				"secret_mount_path=" + secretMountDir,
 			},
 			Image:  "docker.io/openfaas/queue-worker:0.9.0",
-			Mounts: []pkg.Mount{},
+			Mounts: []pkg.Mount{
+				pkg.Mount{
+					Src:path.Join(wd, "/basic-auth-password"),
+					Dest:secretMountDir + "basic-auth-password",
+				},
+				pkg.Mount{
+					Src:  path.Join(wd, "/basic-auth-user"),
+					Dest: secretMountDir + "basic-auth-user",
+				},
+			},
 			Caps:   []string{"CAP_NET_RAW"},
 		},
 	}

hack/build-containerd-armhf.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+export ARCH="armv6l"
+echo "Downloading Go"
+
+curl -SLsf https://dl.google.com/go/go1.12.14.linux-$ARCH.tar.gz --output /tmp/go.tgz
+sudo rm -rf /usr/local/go/
+sudo mkdir -p /usr/local/go/
+sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
+
+export GOPATH=$HOME/go/
+export PATH=$PATH:/usr/local/go/bin/
+
+go version
+
+echo "Building containerd"
+
+mkdir -p $GOPATH/src/github.com/containerd
+cd $GOPATH/src/github.com/containerd
+git clone https://github.com/containerd/containerd
+
+cd containerd
+git fetch origin --tags
+git checkout v1.3.2
+
+make
+sudo make install
+
+sudo containerd --version

hack/build-containerd.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+export ARCH="amd64"
+echo "Downloading Go"
+
+curl -SLsf https://dl.google.com/go/go1.12.14.linux-$ARCH.tar.gz --output /tmp/go.tgz
+sudo rm -rf /usr/local/go/
+sudo mkdir -p /usr/local/go/
+sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
+
+export GOPATH=$HOME/go/
+export PATH=$PATH:/usr/local/go/bin/
+
+go version
+
+echo "Building containerd"
+
+mkdir -p $GOPATH/src/github.com/containerd
+cd $GOPATH/src/github.com/containerd
+git clone https://github.com/containerd/containerd
+
+cd containerd
+git fetch origin --tags
+git checkout v1.3.2
+
+make
+sudo make install
+
+sudo containerd --version

hack/faasd.service

@@ -4,7 +4,7 @@ After=faas-containerd.service
 
 [Service]
 MemoryLimit=500M
-ExecStart={{.Cwd}}/faasd up
+ExecStart=/usr/local/bin/faasd up
 Restart=on-failure
 RestartSec=10s
 WorkingDirectory={{.Cwd}}

main.go

@@ -4,13 +4,19 @@ import (
 	"os"
 
 	"github.com/alexellis/faasd/cmd"
-	"github.com/alexellis/faasd/pkg"
+)
+
+// These values will be injected into these variables at the build time.
+var (
+	// GitCommit Git Commit SHA
+	GitCommit string
+	// Version version of the CLI
+	Version string
 )
 
 func main() {
-	if err := cmd.Execute(pkg.Version, pkg.GitCommit); err != nil {
+	if err := cmd.Execute(Version, GitCommit); err != nil {
 		os.Exit(1)
 	}
 	return
-
 }

pkg/proxy.go

@@ -0,0 +1,102 @@
+package pkg
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"strings"
+
+	"time"
+)
+
+func NewProxy(hosts string, timeout time.Duration) *Proxy {
+
+	return &Proxy{
+		Hosts:   hosts,
+		Timeout: timeout,
+	}
+}
+
+type Proxy struct {
+	Hosts   string
+	Timeout time.Duration
+}
+
+func (p *Proxy) Start() error {
+	tcp := 8080
+
+	http.DefaultClient.CheckRedirect = func(req *http.Request, via []*http.Request) error {
+		return http.ErrUseLastResponse
+	}
+
+	time.Sleep(3 * time.Second)
+	log.Printf("Starting faasd proxy on %d\n", tcp)
+	data := struct{ host string }{
+		host: "",
+	}
+
+	fileData, fileErr := ioutil.ReadFile(p.Hosts)
+	if fileErr != nil {
+		return fileErr
+	}
+
+	lines := strings.Split(string(fileData), "\n")
+	for _, line := range lines {
+		if strings.Index(line, "gateway") > -1 {
+			data.host = line[:strings.Index(line, "\t")]
+		}
+	}
+	fmt.Printf("Gateway: %s\n", data.host)
+
+	s := &http.Server{
+		Addr:           fmt.Sprintf(":%d", tcp),
+		ReadTimeout:    p.Timeout,
+		WriteTimeout:   p.Timeout,
+		MaxHeaderBytes: 1 << 20, // Max header of 1MB
+		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+			query := ""
+			if len(r.URL.RawQuery) > 0 {
+				query = "?" + r.URL.RawQuery
+			}
+
+			upstream := fmt.Sprintf("http://%s:8080%s%s", data.host, r.URL.Path, query)
+			fmt.Printf("[faasd] proxy: %s\n", upstream)
+
+			if r.Body != nil {
+				defer r.Body.Close()
+			}
+
+			wrapper := ioutil.NopCloser(r.Body)
+			upReq, upErr := http.NewRequest(r.Method, upstream, wrapper)
+
+			if upErr != nil {
+				log.Println(upErr)
+
+				http.Error(w, upErr.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			upRes, upResErr := http.DefaultClient.Do(upReq)
+
+			if upResErr != nil {
+				log.Println(upResErr)
+
+				http.Error(w, upResErr.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			for k, v := range upRes.Header {
+				w.Header().Set(k, v[0])
+			}
+
+			w.WriteHeader(upRes.StatusCode)
+			io.Copy(w, upRes.Body)
+
+		}),
+	}
+
+	return s.ListenAndServe()
+}

pkg/service/service.go

@@ -0,0 +1,117 @@
+package service
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"sync"
+	"time"
+
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/errdefs"
+	"golang.org/x/sys/unix"
+)
+
+// Remove removes a container
+func Remove(ctx context.Context, client *containerd.Client, name string) error {
+
+	container, containerErr := client.LoadContainer(ctx, name)
+
+	if containerErr == nil {
+		found := true
+		t, err := container.Task(ctx, nil)
+		if err != nil {
+			if errdefs.IsNotFound(err) {
+				found = false
+			} else {
+				return fmt.Errorf("unable to get task %s: ", err)
+			}
+		}
+
+		if found {
+			status, _ := t.Status(ctx)
+			fmt.Printf("Status of %s is: %s\n", name, status.Status)
+
+			log.Printf("Need to kill %s\n", name)
+			err := killTask(ctx, t)
+			if err != nil {
+				return fmt.Errorf("error killing task %s, %s, %s", container.ID(), name, err)
+			}
+		}
+
+		err = container.Delete(ctx, containerd.WithSnapshotCleanup)
+		if err != nil {
+			return fmt.Errorf("error deleting container %s, %s, %s", container.ID(), name, err)
+		}
+	} else {
+		service := client.SnapshotService("")
+		key := name + "snapshot"
+		if _, err := client.SnapshotService("").Stat(ctx, key); err == nil {
+			service.Remove(ctx, key)
+		}
+	}
+	return nil
+}
+
+// From Stellar
+func killTask(ctx context.Context, task containerd.Task) error {
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+	var err error
+	go func() {
+		defer wg.Done()
+		if task != nil {
+			wait, err := task.Wait(ctx)
+			if err != nil {
+				err = fmt.Errorf("error waiting on task: %s", err)
+				return
+			}
+			if err := task.Kill(ctx, unix.SIGTERM, containerd.WithKillAll); err != nil {
+				log.Printf("error killing container task: %s", err)
+			}
+			select {
+			case <-wait:
+				task.Delete(ctx)
+				return
+			case <-time.After(5 * time.Second):
+				if err := task.Kill(ctx, unix.SIGKILL, containerd.WithKillAll); err != nil {
+					log.Printf("error force killing container task: %s", err)
+				}
+				return
+			}
+		}
+	}()
+	wg.Wait()
+
+	return err
+}
+
+func PrepareImage(ctx context.Context, client *containerd.Client, imageName, snapshotter string) (containerd.Image, error) {
+
+	var empty containerd.Image
+	image, err := client.GetImage(ctx, imageName)
+	if err != nil {
+		if !errdefs.IsNotFound(err) {
+			return empty, err
+		}
+
+		img, err := client.Pull(ctx, imageName, containerd.WithPullUnpack)
+		if err != nil {
+			return empty, fmt.Errorf("cannot pull: %s", err)
+		}
+		image = img
+	}
+
+	unpacked, err := image.IsUnpacked(ctx, snapshotter)
+	if err != nil {
+		return empty, fmt.Errorf("cannot check if unpacked: %s", err)
+	}
+
+	if !unpacked {
+		if err := image.Unpack(ctx, snapshotter); err != nil {
+			return empty, fmt.Errorf("cannot unpack: %s", err)
+		}
+	}
+
+	return image, nil
+}

pkg/supervisor.go

@@ -8,15 +8,12 @@ import (
 	"os"
 	"os/exec"
 	"path"
-	"sync"
-	"time"
 
+	"github.com/alexellis/faasd/pkg/service"
 	"github.com/alexellis/faasd/pkg/weave"
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/cio"
 	"github.com/containerd/containerd/containers"
-	"github.com/containerd/containerd/errdefs"
-	"golang.org/x/sys/unix"
 
 	"github.com/containerd/containerd/namespaces"
 	"github.com/containerd/containerd/oci"
@@ -48,7 +45,7 @@ func (s *Supervisor) Remove(svcs []Service) error {
 	ctx := namespaces.WithNamespace(context.Background(), "default")
 
 	for _, svc := range svcs {
-		err := removeContainer(ctx, s.client, svc.Name)
+		err := service.Remove(ctx, s.client, svc.Name)
 		if err != nil {
 			return err
 		}
@@ -75,7 +72,7 @@ func (s *Supervisor) Start(svcs []Service) error {
 	for _, svc := range svcs {
 		fmt.Printf("Preparing: %s with image: %s\n", svc.Name, svc.Image)
 
-		img, err := prepareImage(ctx, s.client, svc.Image)
+		img, err := service.PrepareImage(ctx, s.client, svc.Image, defaultSnapshotter)
 		if err != nil {
 			return err
 		}
@@ -87,13 +84,13 @@ func (s *Supervisor) Start(svcs []Service) error {
 	for _, svc := range svcs {
 		fmt.Printf("Reconciling: %s\n", svc.Name)
 
-		image := images[svc.Name]
-
-		containerErr := removeContainer(ctx, s.client, svc.Name)
+		containerErr := service.Remove(ctx, s.client, svc.Name)
 		if containerErr != nil {
 			return containerErr
 		}
 
+		image := images[svc.Name]
+
 		mounts := []specs.Mount{}
 		if len(svc.Mounts) > 0 {
 			for _, mnt := range svc.Mounts {
@@ -189,7 +186,6 @@ func (s *Supervisor) Start(svcs []Service) error {
 		}
 		log.Println("Exited: ", exitStatusC)
 
-		// call start on the task to execute the redis server
 		if err := task.Start(ctx); err != nil {
 			log.Println("Task err: ", err)
 			return err
@@ -199,37 +195,6 @@ func (s *Supervisor) Start(svcs []Service) error {
 	return nil
 }
 
-func prepareImage(ctx context.Context, client *containerd.Client, imageName string) (containerd.Image, error) {
-	snapshotter := defaultSnapshotter
-
-	var empty containerd.Image
-	image, err := client.GetImage(ctx, imageName)
-	if err != nil {
-		if !errdefs.IsNotFound(err) {
-			return empty, err
-		}
-
-		img, err := client.Pull(ctx, imageName, containerd.WithPullUnpack)
-		if err != nil {
-			return empty, fmt.Errorf("cannot pull: %s", err)
-		}
-		image = img
-	}
-
-	unpacked, err := image.IsUnpacked(ctx, snapshotter)
-	if err != nil {
-		return empty, fmt.Errorf("cannot check if unpacked: %s", err)
-	}
-
-	if !unpacked {
-		if err := image.Unpack(ctx, snapshotter); err != nil {
-			return empty, fmt.Errorf("cannot unpack: %s", err)
-		}
-	}
-
-	return image, nil
-}
-
 func getIP(containerID string, taskPID uint32) string {
 	// https://github.com/weaveworks/weave/blob/master/net/netdev.go
 
@@ -274,70 +239,3 @@ func withOCIArgs(args []string) oci.SpecOpts {
 	}
 
 }
-
-// From Stellar
-func killTask(ctx context.Context, task containerd.Task) error {
-	wg := &sync.WaitGroup{}
-	wg.Add(1)
-	var err error
-	go func() {
-		defer wg.Done()
-		if task != nil {
-			wait, err := task.Wait(ctx)
-			if err != nil {
-				err = fmt.Errorf("error waiting on task: %s", err)
-				return
-			}
-			if err := task.Kill(ctx, unix.SIGTERM, containerd.WithKillAll); err != nil {
-				log.Printf("error killing container task: %s", err)
-			}
-			select {
-			case <-wait:
-				task.Delete(ctx)
-				return
-			case <-time.After(5 * time.Second):
-				if err := task.Kill(ctx, unix.SIGKILL, containerd.WithKillAll); err != nil {
-					log.Printf("error force killing container task: %s", err)
-				}
-				return
-			}
-		}
-	}()
-	wg.Wait()
-
-	return err
-}
-
-func removeContainer(ctx context.Context, client *containerd.Client, name string) error {
-
-	container, containerErr := client.LoadContainer(ctx, name)
-
-	if containerErr == nil {
-		found := true
-		t, err := container.Task(ctx, nil)
-		if err != nil {
-			if errdefs.IsNotFound(err) {
-				found = false
-			} else {
-				return fmt.Errorf("unable to get task %s: ", err)
-			}
-		}
-
-		if found {
-			status, _ := t.Status(ctx)
-			fmt.Printf("Status of %s is: %s\n", name, status.Status)
-
-			log.Printf("Need to kill %s\n", name)
-			err := killTask(ctx, t)
-			if err != nil {
-				return fmt.Errorf("error killing task %s, %s, %s", container.ID(), name, err)
-			}
-		}
-
-		err = container.Delete(ctx, containerd.WithSnapshotCleanup)
-		if err != nil {
-			return fmt.Errorf("error deleting container %s, %s, %s", container.ID(), name, err)
-		}
-	}
-	return nil
-}

pkg/systemd/systemd.go

@@ -65,8 +65,12 @@ func DaemonReload() error {
 }
 
 func InstallUnit(name string) error {
+	tmplName := "./hack/" + name + ".service"
+	tmpl, err := template.ParseFiles(tmplName)
 
-	tmpl, err := template.ParseFiles("./hack/" + name + ".service")
+	if err != nil {
+		return fmt.Errorf("error loading template %s, error %s", tmplName, err)
+	}
 
 	wd, _ := os.Getwd()
 	var tpl bytes.Buffer

pkg/version.go

@@ -1,23 +1 @@
 package pkg
-
-var (
-	//GitCommit Git Commit SHA
-	GitCommit string
-	//Version version of the CLI
-	Version string
-)
-
-//GetVersion get latest version
-func GetVersion() string {
-	if len(Version) == 0 {
-		return "dev"
-	}
-	return Version
-}
-
-const Logo = `  __                     _ 
- / _| __ _  __ _ ___  __| |
-| |_ / _` + "`" + ` |/ _` + "`" + ` / __|/ _` + "`" + ` |
-|  _| (_| | (_| \__ \ (_| |
-|_|  \__,_|\__,_|___/\__,_|
-`

vendor/github.com/alexellis/k3sup/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Alex Ellis
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

vendor/github.com/alexellis/k3sup/pkg/env/env.go

@@ -0,0 +1,29 @@
+package env
+
+import (
+	"log"
+	"strings"
+
+	execute "github.com/alexellis/go-execute/pkg/v1"
+)
+
+// GetClientArch returns a pair of arch and os
+func GetClientArch() (string, string) {
+	task := execute.ExecTask{Command: "uname", Args: []string{"-m"}}
+	res, err := task.Execute()
+	if err != nil {
+		log.Println(err)
+	}
+
+	arch := strings.TrimSpace(res.Stdout)
+
+	taskOS := execute.ExecTask{Command: "uname", Args: []string{"-s"}}
+	resOS, errOS := taskOS.Execute()
+	if errOS != nil {
+		log.Println(errOS)
+	}
+
+	os := strings.TrimSpace(resOS.Stdout)
+
+	return arch, os
+}

vendor/github.com/sethvargo/go-password/LICENSE

@@ -0,0 +1,20 @@
+Copyright 2017 Seth Vargo <seth@sethvargo.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

vendor/github.com/sethvargo/go-password/password/generate.go

@@ -0,0 +1,253 @@
+// Package password provides a library for generating high-entropy random
+// password strings via the crypto/rand package.
+//
+//    res, err := Generate(64, 10, 10, false, false)
+//    if err != nil  {
+//      log.Fatal(err)
+//    }
+//    log.Printf(res)
+//
+// Most functions are safe for concurrent use.
+package password
+
+import (
+	"crypto/rand"
+	"errors"
+	"math/big"
+	"strings"
+)
+
+// Built-time checks that the generators implement the interface.
+var _ PasswordGenerator = (*Generator)(nil)
+
+// PasswordGenerator is an interface that implements the Generate function. This
+// is useful for testing where you can pass this interface instead of a real
+// password generator to mock responses for predicability.
+type PasswordGenerator interface {
+	Generate(int, int, int, bool, bool) (string, error)
+	MustGenerate(int, int, int, bool, bool) string
+}
+
+const (
+	// LowerLetters is the list of lowercase letters.
+	LowerLetters = "abcdefghijklmnopqrstuvwxyz"
+
+	// UpperLetters is the list of uppercase letters.
+	UpperLetters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+	// Digits is the list of permitted digits.
+	Digits = "0123456789"
+
+	// Symbols is the list of symbols.
+	Symbols = "~!@#$%^&*()_+`-={}|[]\\:\"<>?,./"
+)
+
+var (
+	// ErrExceedsTotalLength is the error returned with the number of digits and
+	// symbols is greater than the total length.
+	ErrExceedsTotalLength = errors.New("number of digits and symbols must be less than total length")
+
+	// ErrLettersExceedsAvailable is the error returned with the number of letters
+	// exceeds the number of available letters and repeats are not allowed.
+	ErrLettersExceedsAvailable = errors.New("number of letters exceeds available letters and repeats are not allowed")
+
+	// ErrDigitsExceedsAvailable is the error returned with the number of digits
+	// exceeds the number of available digits and repeats are not allowed.
+	ErrDigitsExceedsAvailable = errors.New("number of digits exceeds available digits and repeats are not allowed")
+
+	// ErrSymbolsExceedsAvailable is the error returned with the number of symbols
+	// exceeds the number of available symbols and repeats are not allowed.
+	ErrSymbolsExceedsAvailable = errors.New("number of symbols exceeds available symbols and repeats are not allowed")
+)
+
+// Generator is the stateful generator which can be used to customize the list
+// of letters, digits, and/or symbols.
+type Generator struct {
+	lowerLetters string
+	upperLetters string
+	digits       string
+	symbols      string
+}
+
+// GeneratorInput is used as input to the NewGenerator function.
+type GeneratorInput struct {
+	LowerLetters string
+	UpperLetters string
+	Digits       string
+	Symbols      string
+}
+
+// NewGenerator creates a new Generator from the specified configuration. If no
+// input is given, all the default values are used. This function is safe for
+// concurrent use.
+func NewGenerator(i *GeneratorInput) (*Generator, error) {
+	if i == nil {
+		i = new(GeneratorInput)
+	}
+
+	g := &Generator{
+		lowerLetters: i.LowerLetters,
+		upperLetters: i.UpperLetters,
+		digits:       i.Digits,
+		symbols:      i.Symbols,
+	}
+
+	if g.lowerLetters == "" {
+		g.lowerLetters = LowerLetters
+	}
+
+	if g.upperLetters == "" {
+		g.upperLetters = UpperLetters
+	}
+
+	if g.digits == "" {
+		g.digits = Digits
+	}
+
+	if g.symbols == "" {
+		g.symbols = Symbols
+	}
+
+	return g, nil
+}
+
+// Generate generates a password with the given requirements. length is the
+// total number of characters in the password. numDigits is the number of digits
+// to include in the result. numSymbols is the number of symbols to include in
+// the result. noUpper excludes uppercase letters from the results. allowRepeat
+// allows characters to repeat.
+//
+// The algorithm is fast, but it's not designed to be performant; it favors
+// entropy over speed. This function is safe for concurrent use.
+func (g *Generator) Generate(length, numDigits, numSymbols int, noUpper, allowRepeat bool) (string, error) {
+	letters := g.lowerLetters
+	if !noUpper {
+		letters += g.upperLetters
+	}
+
+	chars := length - numDigits - numSymbols
+	if chars < 0 {
+		return "", ErrExceedsTotalLength
+	}
+
+	if !allowRepeat && chars > len(letters) {
+		return "", ErrLettersExceedsAvailable
+	}
+
+	if !allowRepeat && numDigits > len(g.digits) {
+		return "", ErrDigitsExceedsAvailable
+	}
+
+	if !allowRepeat && numSymbols > len(g.symbols) {
+		return "", ErrSymbolsExceedsAvailable
+	}
+
+	var result string
+
+	// Characters
+	for i := 0; i < chars; i++ {
+		ch, err := randomElement(letters)
+		if err != nil {
+			return "", err
+		}
+
+		if !allowRepeat && strings.Contains(result, ch) {
+			i--
+			continue
+		}
+
+		result, err = randomInsert(result, ch)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	// Digits
+	for i := 0; i < numDigits; i++ {
+		d, err := randomElement(g.digits)
+		if err != nil {
+			return "", err
+		}
+
+		if !allowRepeat && strings.Contains(result, d) {
+			i--
+			continue
+		}
+
+		result, err = randomInsert(result, d)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	// Symbols
+	for i := 0; i < numSymbols; i++ {
+		sym, err := randomElement(g.symbols)
+		if err != nil {
+			return "", err
+		}
+
+		if !allowRepeat && strings.Contains(result, sym) {
+			i--
+			continue
+		}
+
+		result, err = randomInsert(result, sym)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	return result, nil
+}
+
+// MustGenerate is the same as Generate, but panics on error.
+func (g *Generator) MustGenerate(length, numDigits, numSymbols int, noUpper, allowRepeat bool) string {
+	res, err := g.Generate(length, numDigits, numSymbols, noUpper, allowRepeat)
+	if err != nil {
+		panic(err)
+	}
+	return res
+}
+
+// Generate is the package shortcut for Generator.Generate.
+func Generate(length, numDigits, numSymbols int, noUpper, allowRepeat bool) (string, error) {
+	gen, err := NewGenerator(nil)
+	if err != nil {
+		return "", err
+	}
+
+	return gen.Generate(length, numDigits, numSymbols, noUpper, allowRepeat)
+}
+
+// MustGenerate is the package shortcut for Generator.MustGenerate.
+func MustGenerate(length, numDigits, numSymbols int, noUpper, allowRepeat bool) string {
+	res, err := Generate(length, numDigits, numSymbols, noUpper, allowRepeat)
+	if err != nil {
+		panic(err)
+	}
+	return res
+}
+
+// randomInsert randomly inserts the given value into the given string.
+func randomInsert(s, val string) (string, error) {
+	if s == "" {
+		return val, nil
+	}
+
+	n, err := rand.Int(rand.Reader, big.NewInt(int64(len(s)+1)))
+	if err != nil {
+		return "", err
+	}
+	i := n.Int64()
+	return s[0:i] + val + s[i:], nil
+}
+
+// randomElement extracts a random element from the given string.
+func randomElement(s string) (string, error) {
+	n, err := rand.Int(rand.Reader, big.NewInt(int64(len(s))))
+	if err != nil {
+		return "", err
+	}
+	return string(s[n.Int64()]), nil
+}

vendor/github.com/sethvargo/go-password/password/mock.go

@@ -0,0 +1,39 @@
+package password
+
+// Built-time checks that the generators implement the interface.
+var _ PasswordGenerator = (*mockGenerator)(nil)
+
+type mockGenerator struct {
+	result string
+	err    error
+}
+
+// NewMockGenerator creates a new generator that satisfies the PasswordGenerator
+// interface. If an error is provided, the error is returned. If a result if
+// provided, the result is always returned, regardless of what parameters are
+// passed into the Generate or MustGenerate methods.
+//
+// This function is most useful for tests where you want to have predicable
+// results for a transitive resource that depends on go-password.
+func NewMockGenerator(result string, err error) *mockGenerator {
+	return &mockGenerator{
+		result: result,
+		err:    err,
+	}
+}
+
+// Generate returns the mocked result or error.
+func (g *mockGenerator) Generate(int, int, int, bool, bool) (string, error) {
+	if g.err != nil {
+		return "", g.err
+	}
+	return g.result, nil
+}
+
+// MustGenerate returns the mocked result or panics if an error was given.
+func (g *mockGenerator) MustGenerate(int, int, int, bool, bool) string {
+	if g.err != nil {
+		panic(g.err)
+	}
+	return g.result
+}