-
Notifications
You must be signed in to change notification settings - Fork 61
OTA-2536: Preconfigure IpUptaneSecondary with IP address #1183
Conversation
This pull request introduces 1 alert when merging f5b19d3 into 99bfcf9 - view on LGTM.com new alerts:
Comment posted by LGTM.com |
f5b19d3
to
87325ea
Compare
Codecov Report
@@ Coverage Diff @@
## master #1183 +/- ##
=========================================
- Coverage 77.91% 77.12% -0.8%
=========================================
Files 170 173 +3
Lines 10003 10114 +111
=========================================
+ Hits 7794 7800 +6
- Misses 2209 2314 +105
Continue to review full report at Codecov.
|
This pull request introduces 1 alert when merging 87325ea into 99bfcf9 - view on LGTM.com new alerts:
Comment posted by LGTM.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks pretty good so far. I haven't reviewed everything carefully yet, and the ASN1 stuff I'm too unfamiliar with to offer any substantial advice on.
src/aktualizr_primary/secondary.cc
Outdated
using SecondaryFactoryRegistry = | ||
std::unordered_map<std::string, std::function<std::shared_ptr<Uptane::SecondaryInterface>(const SecondaryConfig&)>>; | ||
|
||
static SecondaryFactoryRegistry sec_factory_regisrty = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo: sec_factory_registry
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
AKDiscoveryReqMes ::= SEQUENCE { | ||
port INTEGER(0..65535), | ||
... | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not critical at all, but the indenting here is inconsistent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure if I see it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you look at the surrounding lines on github, it is more apparent. I think it's a tab vs. spaces thing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, a tab is used for indentation here while my editor inserts spaces on tap pressing.
explicit IpUptaneSecondary(const sockaddr_in& sock_addr, EcuSerial serial, HardwareIdentifier hw_id, | ||
PublicKey pub_key); | ||
|
||
// what this method for ? Looks like should be removed out of SecondaryInterface |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's used by ManagedSecondary
. It's possible that it could be merged into the constructor, but I think there used to be a good reason it was necessary before. It may not be necessary now. Not priority, though. We can look into that further once more of the refactoring is done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok.
void Initialize() override{}; | ||
|
||
// It looks more natural to return const EcuSerial& and const Uptane::HardwareIdentifier& | ||
// and they should be 'const' methods |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You might be right. In the past we didn't do that in case system calls or other non-const-friendly operations were required to implement these. We can re-evaluate that again soon.
@@ -37,16 +37,18 @@ class SecondaryConfig { | |||
std::string ecu_public_key; | |||
KeyType key_type{KeyType::kRSA2048}; | |||
|
|||
// FIXME: secondary config contains secondary specific params | |||
// so introduction of any new type of secondary will require changes here/libaktualizr | |||
// what we would like to avoid |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, this is not ideal. It might be a necessary evil for now, but we should try to remove them if possible. Not the top priority, though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK
@@ -20,21 +20,32 @@ namespace Uptane { | |||
|
|||
class SecondaryInterface { | |||
public: | |||
// This ctor should be removed as the secondary configuration SecondaryConfig | |||
// is the secondaries's specific, see SecondaryConfig declaration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are probably right. I think a lot of this was done to make SecondaryFactory
work smoothly, and since we are removing that, we can get rid of some of the associated cruft along with it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK. I can try it in the next PRs since it leads to to many changes across the source code.
virtual void Initialize(){}; // optional step, called after device registration | ||
// should be pure virtual, since the current implementation reads from the secondaries specific config |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that makes sense.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll try in the next PR.
virtual Uptane::HardwareIdentifier getHwId() { return Uptane::HardwareIdentifier(sconfig.ecu_hardware_id); } | ||
virtual PublicKey getPublicKey() = 0; | ||
|
||
// getSerial(), getHwId() and getPublicKey() can be moved to seperate interface | ||
// since their usage pattern differ from the following methods' one |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Separate interface? What do you mean?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, serial, hw_id and pub_key are constant properties of a secondary and can be determined/obtained before or during a secondary object instantiation, while all other methods represent RPC calls that actually transfer messages between Primary and Secondary. I don't think, that there is any practical need/benefit in breaking the current interface into two parts because of the aforementioned, but it might appear in the future.
87325ea
to
6aa63eb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few more thoughts after I had more time to review. Still looking pretty good on the whole, I think.
@@ -42,6 +43,7 @@ bpo::variables_map parse_options(int argc, char *argv[]) { | |||
("primary-ecu-serial", bpo::value<std::string>(), "serial number of primary ecu") | |||
("primary-ecu-hardware-id", bpo::value<std::string>(), "hardware ID of primary ecu") | |||
("secondary-configs-dir", bpo::value<boost::filesystem::path>(), "directory containing secondary ECU configuration files") | |||
("secondary-config-file", bpo::value<boost::filesystem::path>(), "secondary ECUs configuration file") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just noting that we should get rid of secondary-configs-dir
once we are able to. I think we have to leave both for now, but we should eventually convert virtual secondaries (and anything else still depending on the old factory mechanism) to use the new secondary-config-file
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, fully agree.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could be helpful to have more different naming and avoid confusion in the meantime (haven't had a great idea though). Would it also make sense to disallow using both options at once?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll remove secondary-configs-dir soon (in one of the following PRs)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok. I haven't had time to look the details in depth but is the new format really providing the old functionality?
In particular, can virtual secondaries be still used? Some docs refer to them and they are used by qa and more for testing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The plan is to adjust virtual secondaries implementation to the new configuration approach.
|
||
if (sec_cfg_factory_registry_.find(secondary_type) == sec_cfg_factory_registry_.end()) { | ||
LOG_ERROR << "Unsupported type of sescondary config was found: `" << secondary_type | ||
<< "`. Ingoring it and continue with parsing of other secondary configs"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo: "Ignoring". And actually "continuing" would be better than "continue".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure.
if (socket_fd < 0) { | ||
throw std::system_error(errno, std::system_category(), "socket"); | ||
} | ||
// what's the point in usage of SocketHandle |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have no idea.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll get rid of it in the next PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess it automatically closes the socket, once it's out of scope.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, your're right. Normally, such RAII objects imply object initialization/creation and deinitialization/deletion at ctor and dtor correspondingly. Also, the dtor's part should include shutdown and preferably verification if a socket was actually opened.
Asn1Message::Ptr Asn1Rpc(const Asn1Message::Ptr& tx, const struct sockaddr_storage& client) { | ||
int socket_fd = socket(AF_INET6, SOCK_STREAM, 0); | ||
Asn1Message::Ptr Asn1Rpc(const Asn1Message::Ptr& tx, const struct sockaddr_in& server_sock_addr) { | ||
int socket_fd = socket(AF_INET, SOCK_STREAM, 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AF_INET6
is no good?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Benefit of ipv6 usage is questionable in this case (local network within a car).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What are the drawbacks?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well,
- people get used to IPv4 addresses, so easier to edit a configuration file (::1 instead of 127.0.0.1 and IPv6 slightly longer
- At the kernel level (IP stack implementation) slightly more work for packets processing
We consider IPUptaneSecondary as a reference implementation, so I tend to make it simple, unless there is a requirement to support IPv6
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I actually have no strong feelings here. I'm fine with keeping it simple for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't really buy the performance considerations if not tied to a specific platform/system architecture. Disabling v6 support also seems easier than adding it after the fact to a v4 only code base.
That said, I would have hoped that we wouldn't have to worry about either v4 or v6 by using dual stack sockets. If that's not the case and makes development harder, then ok for dropping it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's worth keeping in mind this whole functionality is just meant to be a reference and demonstration; so it is perfectly acceptable to make a semi-arbitrary choice and just roll with it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair point, I forgot that it will actually support both AF_INET and AF_INET6. Then I'm for leaving it as it was before :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@patrickvacek sure, sounds reasonable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The previous version supported only AF_INET6 and it's used the 'discovery' mechanism to get IPv6 addresses. Since, we are going to remove the 'discovery' mechanism and input IP addresses in the config file then there is no need to stay with IPv6.
I prefer to choose either IPv4 or IPv6, adding support of both will require additional effort, but I am fine with either choices.
|
||
req->present(AKIpUptaneMes_PR_publicKeyReq); | ||
EcuSerial serial{"serial"}; | ||
HardwareIdentifier hw_id{"hw_id"}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest initializing these to empty strings. Otherwise it might be confusing in error conditions. Especially for testing, we often use dummy values that might be easily confused with these defaults.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried, but there is an input string length verification in EcuSerial ctor what doesn't allow me to specify an empty string.
Can I remove it as someone removed it for HardwareIdentifier ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I remember running into that before, and somehow I was able to work around it. That seems less possible here. We'd need to do a quick check that removing that restriction won't open up any holes, but it's probably fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like remove it is fine, at least tests passes on my local env.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was fairly sure the tests would pass, but I mean we should look at where EcuSerials are instantiated and check if we need to add any new checks for non-emptiness in those places.
|
||
for (auto& config : secondary_configs) { | ||
try { | ||
LOG_INFO << "Creating Secondary of type: " << config->type(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"\n"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually LOG_XXX adds "\n" to the end of a message, so I am removing "\n" I added in other places.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
huh, good to know
@@ -61,6 +61,15 @@ void SocketServer::HandleOneConnection(int socket) { | |||
// Figure out what to do with the message | |||
Asn1Message::Ptr resp = Asn1Message::Empty(); | |||
switch (msg->present()) { | |||
case AKIpUptaneMes_PR_getInfoReq: { | |||
std::cout << ">>>>>>>>>>>> Got Info request"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Debug leftover?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes.
Signed-off-by: Mike Sul <[email protected]>
6aa63eb
to
e37947f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this looks fine unless there's still something you wanted to clean up in this PR.
No, I am fine with it. |
Signed-off-by: Mike Sul [email protected]