dean changes

agent/agent.go

@@ -981,6 +981,17 @@ func (a *agent) createOrUpdateNetwork(manifestOK <-chan struct{}, networkOK chan
 		if network == nil {
 			// use the graceful context here, because creating the tailnet is not itself tied to the
 			// agent API.
+			urls := []string{}
+			for _, d := range manifest.DERPMap.Regions {
+				for _, n := range d.Nodes {
+					u := n.HostName
+					if u == "" {
+						u = n.IPv4
+					}
+					urls = append(urls, u)
+				}
+			}
+			fmt.Println("=== AGENT DERP MAP URLS: " + strings.Join(urls, ", "))
 			network, err = a.createTailnet(a.gracefulCtx, manifest.AgentID, manifest.DERPMap, manifest.DERPForceWebSockets, manifest.DisableDirectConnections)
 			if err != nil {
 				return xerrors.Errorf("create tailnet: %w", err)
@@ -1006,6 +1017,17 @@ func (a *agent) createOrUpdateNetwork(manifestOK <-chan struct{}, networkOK chan
 			// Update the DERP map, force WebSocket setting and allow/disallow
 			// direct connections.
 			network.SetDERPMap(manifest.DERPMap)
+			urls := []string{}
+			for _, d := range manifest.DERPMap.Regions {
+				for _, n := range d.Nodes {
+					u := n.HostName
+					if u == "" {
+						u = n.IPv4
+					}
+					urls = append(urls, u)
+				}
+			}
+			fmt.Println("=== AGENT DERP MAP URLS: " + strings.Join(urls, ", "))
 			network.SetDERPForceWebSockets(manifest.DERPForceWebSockets)
 			network.SetBlockEndpoints(manifest.DisableDirectConnections)
 		}

coderd/database/lock.go

@@ -9,6 +9,7 @@ const (
 	// Keep the unused iota here so we don't need + 1 every time
 	lockIDUnused = iota
 	LockIDDeploymentSetup
+	LockIDEnterpriseDeploymentSetup
 )
 
 // GenLockID generates a unique and consistent lock ID from a given string.

codersdk/workspaceagents.go

@@ -273,6 +273,18 @@ func (c *Client) DialWorkspaceAgent(dialCtx context.Context, agentID uuid.UUID,
 		options.BlockEndpoints = true
 	}
 
+	urls := []string{}
+	for _, d := range connInfo.DERPMap.Regions {
+		for _, n := range d.Nodes {
+			u := n.HostName
+			if u == "" {
+				u = n.IPv4
+			}
+			urls = append(urls, u)
+		}
+	}
+	fmt.Println("=== CLIENT DERP MAP URLS: " + strings.Join(urls, ", "))
+
 	ip := tailnet.IP()
 	var header http.Header
 	if headerTransport, ok := c.HTTPClient.Transport.(*HeaderTransport); ok {

enterprise/cli/server.go

@@ -15,6 +15,7 @@ import (
 	"tailscale.com/types/key"
 
 	"github.com/coder/coder/v2/cli/clibase"
+	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/cryptorand"
 	"github.com/coder/coder/v2/enterprise/audit"
 	"github.com/coder/coder/v2/enterprise/audit/backends"
@@ -37,21 +38,41 @@ func (r *RootCmd) Server(_ func()) *clibase.Cmd {
 		}
 
 		options.DERPServer = derp.NewServer(key.NewNode(), tailnet.Logger(options.Logger.Named("derp")))
-		meshKey, err := options.Database.GetDERPMeshKey(ctx)
-		if err != nil {
+
+		var meshKey string
+		err := options.Database.InTx(func(tx database.Store) error {
+			// This will block until the lock is acquired, and will be
+			// automatically released when the transaction ends.
+			err := tx.AcquireLock(ctx, database.LockIDEnterpriseDeploymentSetup)
+			if err != nil {
+				return xerrors.Errorf("acquire lock: %w", err)
+			}
+
+			meshKey, err = tx.GetDERPMeshKey(ctx)
+			if err == nil {
+				return nil
+			}
 			if !errors.Is(err, sql.ErrNoRows) {
-				return nil, nil, xerrors.Errorf("get mesh key: %w", err)
+				return xerrors.Errorf("get DERP mesh key: %w", err)
 			}
 			meshKey, err = cryptorand.String(32)
 			if err != nil {
-				return nil, nil, xerrors.Errorf("generate mesh key: %w", err)
+				return xerrors.Errorf("generate DERP mesh key: %w", err)
 			}
-			err = options.Database.InsertDERPMeshKey(ctx, meshKey)
+			err = tx.InsertDERPMeshKey(ctx, meshKey)
 			if err != nil {
-				return nil, nil, xerrors.Errorf("insert mesh key: %w", err)
+				return xerrors.Errorf("insert DERP mesh key: %w", err)
 			}
+			return nil
+		}, nil)
+		if err != nil {
+			return nil, nil, err
+		}
+		if meshKey == "" {
+			return nil, nil, xerrors.New("mesh key is empty")
 		}
 		options.DERPServer.SetMeshKey(meshKey)
+
 		options.Auditor = audit.NewAuditor(
 			options.Database,
 			audit.DefaultFilter,