[relay] Refactor initial Relay connection (#2800)

Can support firewalls with restricted WS rules allow to run engine without Relay servers keep up to date Relay address changes
2025-08-09 07:15:15 +02:00 · 2024-11-22 18:12:34 +01:00
parent 9db1932664
commit 2a5cb16494
10 changed files with 211 additions and 96 deletions
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@ -538,6 +538,7 @@ func (e *Engine) handleSync(update *mgmProto.SyncResponse) error {

 		relayMsg := wCfg.GetRelay()
 		if relayMsg != nil {
+			// when we receive token we expect valid address list too
 			c := &auth.Token{
 				Payload:   relayMsg.GetTokenPayload(),
 				Signature: relayMsg.GetTokenSignature(),
@ -546,9 +547,16 @@ func (e *Engine) handleSync(update *mgmProto.SyncResponse) error {
 				log.Errorf("failed to update relay token: %v", err)
 				return fmt.Errorf("update relay token: %w", err)
 			}
+
+			e.relayManager.UpdateServerURLs(relayMsg.Urls)
+
+			// Just in case the agent started with an MGM server where the relay was disabled but was later enabled.
+			// We can ignore all errors because the guard will manage the reconnection retries.
+			_ = e.relayManager.Serve()
+		} else {
+			e.relayManager.UpdateServerURLs(nil)
 		}

-		// todo update relay address in the relay manager
 		// todo update signal
 	}