NationTech/harmony
3
0
Fork 2
Code Issues 38 Pull Requests 29 Actions Packages Projects Releases 1 Wiki Activity
Files
feat/fleet-operator-web-frontend
harmony/Cargo.toml
Jean-Gabriel Gill-Couture af06177502
Some checks failed
Run Check Script / check (pull_request) Failing after 1m0s
Details
fix(deps): enable async-nats websockets feature for wss:// support 
The fleet agent connects to NATS via the OKD edge-TLS Route at
`wss://nats-fleet-stg.cb1.nationtech.io`. Without the `websockets`
feature on async-nats, the connector parses the URL but doesn't know
how to do the HTTP Upgrade — it opens a raw TCP socket to port 443
and sits waiting for NATS's plaintext `INFO` frame, which never
comes (the OKD router speaks TLS+HTTPS, not raw NATS). 30s later:

  ERROR async_nats::connector: expected INFO, got nothing
  Error: Nats connection FAILED : IO error: expected INFO, got nothing

…and systemd restart-loops forever.

`websockets` isn't in async-nats 0.45's default feature set; the
crate's own Cargo.toml lists it as
`websockets = ["dep:tokio-websockets"]`. Enabling it on the
workspace dep makes the connector route `wss://` URLs through
tokio-websockets which does the TLS+upgrade dance correctly. Curl
already proved the server-side path works (`101 Switching
Protocols` + NATS `INFO`); the missing piece was always client
support.

The operator wasn't affected because it talks to NATS in-cluster
on `nats://fleet-nats.fleet-staging.svc.cluster.local:4222` (plain
TCP). Only external clients going through the public wss:// Route
hit this.
2026-05-06 13:20:48 -04:00

119 lines
3.0 KiB
TOML
Raw Permalink Blame History

[workspace]
resolver = "2"
members = [
"examples/*",
"private_repos/*",
"harmony",
"harmony_types",
"harmony_macros",
"harmony_tui",
"harmony_execution",
"opnsense-config",
"opnsense-config-xml",
"harmony_cli",
"k3d",
"harmony_composer",
"harmony_inventory_agent",
"harmony_secret_derive",
"harmony_secret",
"network_stress_test",
"examples/kvm_okd_ha_cluster",
"examples/example_linux_vm",
"harmony_i18n",
"harmony_config_derive",
"harmony_config",
"brocade",
"harmony_agent",
"harmony_agent/deploy",
"harmony_node_readiness",
"harmony-k8s",
"harmony_assets", "opnsense-codegen", "opnsense-api",
"fleet/harmony-fleet-operator",
"fleet/harmony-fleet-agent",
"fleet/harmony-fleet-auth",
"harmony-reconciler-contracts",
"examples/fleet_server_install",
"examples/fleet_staging_install",
"nats/jwt",
"nats/callout",
"nats/integration-test-callout",
]
[workspace.package]
version = "0.1.0"
readme = "README.md"
license = "GNU AGPL v3"
[workspace.dependencies]
log = { version = "0.4", features = ["kv"] }
env_logger = "0.11"
derive-new = "0.7"
async-trait = "0.1"
tokio = { version = "1.40", features = [
"io-std",
"io-util",
"fs",
"macros",
"net",
"rt-multi-thread",
] }
tokio-retry = "0.3.0"
tokio-util = "0.7.15"
cidr = { features = ["serde"], version = "0.2" }
russh = "0.45"
russh-keys = "0.45"
rand = "0.9"
url = "2.5"
kube = { version = "1.1.0", features = [
"config",
"client",
"runtime",
"rustls-tls",
"ws",
"jsonpatch",
] }
k8s-openapi = { version = "0.25", features = ["v1_30", "schemars"] }
# TODO replace with https://github.com/bourumir-wyngs/serde-saphyr as serde_yaml is deprecated https://github.com/sebastienrousseau/serde_yml
serde_yaml = "0.9"
serde-value = "0.7"
http = "1.2"
inquire = "0.7"
convert_case = "0.8"
chrono = "0.4"
similar = "2"
uuid = { version = "1.11", features = ["v4", "fast-rng", "macro-diagnostics"] }
pretty_assertions = "1.4.1"
tempfile = "3.20.0"
bollard = "0.19.1"
base64 = "0.22.1"
tar = "0.4.44"
lazy_static = "1.5.0"
directories = "6.0.0"
futures-util = "0.3"
thiserror = "2.0.14"
serde = { version = "1.0.209", features = ["derive", "rc"] }
serde_json = "1.0.127"
askama = "0.14"
sqlx = { version = "0.8", features = ["runtime-tokio", "sqlite"] }
reqwest = { version = "0.12", features = [
"blocking",
"stream",
"rustls-tls",
"http2",
"json",
], default-features = false }
assertor = "0.0.4"
tokio-test = "0.4"
anyhow = "1.0"
clap = { version = "4", features = ["derive", "env"] }
# `websockets` enables `ws://` / `wss://` URL schemes. Without it the
# connector parses the URL but treats it as a raw TCP connect (no TLS,
# no HTTP Upgrade), so the agent against the OKD edge-TLS Route hangs
# 30s on `expected INFO, got nothing` because the router only speaks
# TLS+HTTPS on 443. The operator works without this feature because
# it talks to NATS in-cluster on `nats://...:4222` (raw TCP).
async-nats = { version = "0.45.0", features = ["websockets"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
toml = "0.8"
Reference in New Issue View Git Blame Copy Permalink