Getting rid of nsenter and socat #691
Conversation
|
@abhi Can we remove socat as well? I think we just need a goroutine to a tcp connection to the port and forward traffic. |
|
@Random-Liu yes. Just raising the PR for e2e. |
|
@abhi I see. Will review it when it is ready. :) |
abhi
changed the title
pkg/server/sandbox_portforward.go
Outdated
| nsenter, err := exec.LookPath("nsenter") | ||
| if err != nil { | ||
| return errors.Wrap(err, "failed to find nsenter") | ||
| if s.NetNS == nil { |
There was a problem hiding this comment.
thats already checked by netns.Do
There was a problem hiding this comment.
Our Closed is different https://github.com/containerd/cri/blob/master/pkg/store/sandbox/netns.go#L108.
We have the restore support.
pkg/server/sandbox_portforward.go
Outdated
| wg.Done() | ||
| }() | ||
| wg.Wait() | ||
| logrus.Infof("Finish copy port forward input for %q port %d: %v", id, port) |
There was a problem hiding this comment.
Add a log for both input copy and output copy, and move them into goroutine?
pkg/server/sandbox_portforward.go
Outdated
| go func() { | ||
| if _, err := io.Copy(client, stream); err != nil { | ||
| logrus.WithError(err).Errorf("Failed to copy port forward input from %q port %d", id, port) | ||
| } |
There was a problem hiding this comment.
I have added a defer on top
pkg/server/sandbox_portforward.go
Outdated
| logrus.WithError(err).Errorf("Failed to copy port forward output for %q port %d", id, port) | ||
| } | ||
| wg.Done() | ||
| }() |
There was a problem hiding this comment.
stream.Close()?
Are these 2 Close() are necessary?
If dst is closed, src is open, but there is no new input, will io.Copy stop?
- If it does, we don't need the 2
Close(). - If it doesn't, I think we'll probably need them.
| @@ -17,24 +17,22 @@ limitations under the License. | |||
| package server | |||
There was a problem hiding this comment.
Update dependencies in README.md and travis.
abhi
force-pushed
the
socat
branch
3 times, most recently
from
19eb7a6 to
57790c7
Compare
|
@Random-Liu done. |
|
@abhi We need to start 2 goroutines to copy stream. However, the 2 goroutines may not be in the same network namespace. We are not sure whether it will work or not. The test result shows that it works, but we need to double check with the golang team. I don't think we have time to figure that out before the coming |
|
@Random-Liu yes I am of the same opinion as well. I will remove the socat commits. |
|
@abhi also pointed me to another potential issue containernetworking/plugins#98. Given so, let's move this issue to next release, so that we have more time to investigate this. It is safe to move this PR to next release, because there is no actual functionality change, we just get rid of 2 binary dependencies |
|
We plan to cut an early |
|
@abhi Here is a piece of code: package main
import (
"fmt"
"io"
"os"
"sync"
"time"
)
func main() {
f, err := os.OpenFile("io", os.O_RDWR|os.O_CREATE, 0666)
if err != nil {
panic(err)
}
var wg sync.WaitGroup
wg.Add(2)
go func() {
io.Copy(os.Stdout, f)
fmt.Println("file -> stdout done")
wg.Done()
}()
go func() {
io.Copy(f, os.Stdin)
fmt.Println("stdin -> file done")
wg.Done()
}()
time.Sleep(5 * time.Second)
f.Close()
wg.Wait()
fmt.Println("all done")
}You will see, after 5 seconds, the program won't exit even though So basically To fix this, we should explicitly close input of the other |
This commit removes the usage of nsenter and uses netns to perform socat operation. Signed-off-by: abhi <[email protected]>
pkg/server/sandbox_portforward.go
Outdated
| nsenter, err := exec.LookPath("nsenter") | ||
| if err != nil { | ||
| return errors.Wrap(err, "failed to find nsenter") | ||
| if s.NetNS == nil { |
There was a problem hiding this comment.
Our Closed is different https://github.com/containerd/cri/blob/master/pkg/store/sandbox/netns.go#L108.
We have the restore support.
pkg/server/sandbox_portforward.go
Outdated
| if err != nil { | ||
| return errors.Wrap(err, "failed to find nsenter") | ||
| if s.NetNS == nil { | ||
| return errors.Errorf("failed to find network namespace fo sandbox %q in store", id) |
There was a problem hiding this comment.
network namespace for sandbox %q is closed
pkg/server/sandbox_portforward.go
Outdated
| var wg sync.WaitGroup | ||
| client, err := net.Dial("tcp4", fmt.Sprintf("localhost:%d", port)) | ||
| if err != nil { | ||
| return errors.Wrap(err, "failed to dial") |
There was a problem hiding this comment.
nit: "failed to dial %q", port
pkg/server/sandbox_portforward.go
Outdated
| go func() { | ||
| defer client.Close() | ||
| if _, err := io.Copy(client, stream); err != nil { | ||
| logrus.WithError(err).Errorf("Failed to copy port forward input from %q port %d", id, port) |
pkg/server/sandbox_portforward.go
Outdated
| if _, err := io.Copy(client, stream); err != nil { | ||
| logrus.WithError(err).Errorf("Failed to copy port forward input from %q port %d", id, port) | ||
| } | ||
| logrus.Infof("Finish copy port forward input for %q port %d: %v", id, port) |
pkg/server/sandbox_portforward.go
Outdated
| if _, err := io.Copy(stream, client); err != nil { | ||
| logrus.WithError(err).Errorf("Failed to copy port forward output for %q port %d", id, port) | ||
| } | ||
| logrus.Infof("Finish copy port forward output for %q port %d: %v", id, port) |
Signed-off-by: abhi <[email protected]>
Signed-off-by: abhi <[email protected]>
Signed-off-by: abhi <[email protected]>
|
/lgtm |
This commit removes the usage of nsenter and uses netns
to perform socat operation.
Fixes #144
Signed-off-by: abhi [email protected]