runtime: add builtin proxy and shim capability#173
runtime: add builtin proxy and shim capability#173egernst merged 6 commits intokata-containers:masterfrom
Conversation
virtcontainers/hypervisor.go
Outdated
|
|
||
| const ( | ||
| CONSOLE_PROTO_UNIX = "unix" | ||
| CONSOLE_PROTO_PTY = "pty" |
virtcontainers/proxy.go
Outdated
| } | ||
| } | ||
|
|
||
| func isProxyBuiltin(pType ProxyType) bool { |
virtcontainers/kata_builtin_proxy.go
Outdated
| // This is a kata builtin proxy implementation of the proxy interface. Kata proxy | ||
| // functionality is implemented inside the virtcontainers library. | ||
| type kataBuiltinProxy struct { | ||
| podId string |
virtcontainers/kata_builtin_proxy.go
Outdated
|
|
||
| // This is a kata builtin proxy implementation of the proxy interface. Kata proxy | ||
| // functionality is implemented inside the virtcontainers library. | ||
| type kataBuiltinProxy struct { |
virtcontainers/kata_builtin_proxy.go
Outdated
| conn net.Conn | ||
| } | ||
|
|
||
| // register is the proxy start implementation for kata builtin proxy. |
virtcontainers/podlist.go
Outdated
| // globalPodlist tracks pods globally | ||
| var globalPodlist = podlist{pods: make(map[string]*Pod)} | ||
|
|
||
| func (pl *podlist) addPod(pod *Pod) (err error) { |
There was a problem hiding this comment.
func (p *podList) addPod(pod *Pod) (err error) {
virtcontainers/podlist.go
Outdated
| return err | ||
| } | ||
|
|
||
| func (pl *podlist) removePod(id string) error { |
There was a problem hiding this comment.
func (p *podList) removePod(podID string) error {
virtcontainers/podlist.go
Outdated
| return nil | ||
| } | ||
|
|
||
| func (pl *podlist) lookupPod(id string) (pod *Pod, err error) { |
There was a problem hiding this comment.
func (p *podList) lookupPod(podID string) (pod *Pod, err error) {
virtcontainers/podlist.go
Outdated
| return pod, err | ||
| } | ||
|
|
||
| func (pl *podlist) foreachPod(f func(*Pod) error) error { |
There was a problem hiding this comment.
Not used from your code here. Might be worth adding it only when it's gonna be called from some real code.
|
|
||
| func foreachPod(f func(*Pod) error) error { | ||
| return globalPodlist.foreachPod(f) | ||
| } |
There was a problem hiding this comment.
I would remove those:
func addPod(pod *Pod) error {
return globalPodlist.addPod(pod)
}
func removePod(id string) error {
return globalPodlist.removePod(id)
}
func lookupPod(id string) (*Pod, error) {
return globalPodlist.lookupPod(id)
}
func foreachPod(f func(*Pod) error) error {
return globalPodlist.foreachPod(f)
}I think they add more confusion where we can call directly from pod.go:
globalPodList.addPod(p)
...|
@sboeuf thanks for reviewing. changes applied and UT added. PTAL again. |
|
add |
| if err != nil { | ||
| return err | ||
| } | ||
| // TODO: add pty console support for kvmtools |
There was a problem hiding this comment.
Is there an open issue for this so we don't forget?
There was a problem hiding this comment.
This should be part of the work that introduces kvmtools hypervisor support.
virtcontainers/kata_builtin_proxy.go
Outdated
| go func() { | ||
| scanner = bufio.NewScanner(conn) | ||
| for scanner.Scan() { | ||
| fmt.Printf("[SB-%s] vmconsole: %s\n", p.podID, scanner.Text()) |
There was a problem hiding this comment.
SB == "scanner buffer"? Could that prefix be [pod %s] for clarity.
There was a problem hiding this comment.
The problem is that almost all other components use pod / pod-id I think?
There was a problem hiding this comment.
I thought we want to switch from pod to sandbox as agreed in the api design. But it can be done later.
There was a problem hiding this comment.
Yes I think the sandbox naming should be done in a separate PR, meaning that it makes more sense to stick with [POD-%s] for now.
There was a problem hiding this comment.
OK. I'll keep pod notion here and submit another PR to do the conversion.
virtcontainers/kata_builtin_proxy.go
Outdated
| if err == io.EOF { | ||
| logger.Info("console wather quits") | ||
| } else { | ||
| logger.Errorf("Failed reading agent logs from socket: %v", err) |
There was a problem hiding this comment.
How about:
logger.WithError(err).WithFields(logrus.Fields{
"console-protocol" : proto,
"console-socket" : console,
}).Error("Failed to read agent logs")
There was a problem hiding this comment.
Sure, I'll add it. Thanks!
dcb1287 to
60f7391
Compare
|
Dropping |
d3c920e to
dc11182
Compare
virtcontainers/kata_builtin_proxy.go
Outdated
| go func() { | ||
| scanner = bufio.NewScanner(conn) | ||
| for scanner.Scan() { | ||
| fmt.Printf("[SB-%s] vmconsole: %s\n", p.podID, scanner.Text()) |
There was a problem hiding this comment.
Yes I think the sandbox naming should be done in a separate PR, meaning that it makes more sense to stick with [POD-%s] for now.
| if err := k.connect(); err != nil { | ||
| return nil, err | ||
| } | ||
| defer k.disconnect() |
There was a problem hiding this comment.
Yes you're right but this should not be part of this PR. I think we should go first with what I proposed so that it properly covers the case of the builtin proxy, and later we can submit another PR covering the case of a long running runtime. This should be covered more neatly, by introducing a notion of short running vs long running IMO, and allowing the current use case to still use disconnect(). I don't like that we implicitly handle the disconnection because the process ends.
virtcontainers/podlist.go
Outdated
| p.lock.Lock() | ||
| defer p.lock.Unlock() | ||
| delete(p.pods, id) | ||
| return nil |
There was a problem hiding this comment.
No reason to return an error. Let's have this function returning nothing then.
| [[constraint]] | ||
| name = "github.com/kata-containers/agent" | ||
| revision = "a93071539feee29bfa22b6184380d3fd7c156ef7" | ||
| revision = "c8199f60759a1d52932df37a1af710cdeada8c81" |
There was a problem hiding this comment.
Please add the shortlog diff since the last vendoring of this dependency into your commit message. It helps tracking which patches are pulled through this vendoring.
There was a problem hiding this comment.
Good point! I'll add it. Thanks!
There was a problem hiding this comment.
Hey, sorry to be picky here, but we don't really need the merge commits. If you run the following command:
git log --no-merges --abbrev-commit --pretty=oneline a93071539feee29bfa22b6184380d3fd7c156ef7..origin/masterYou should only get the real commits.
There was a problem hiding this comment.
Taking notes and commit message updated. Thanks @sboeuf!
| func (p *podList) lookupPod(id string) (pod *Pod, err error) { | ||
| p.lock.RLock() | ||
| defer p.lock.RUnlock() | ||
| if p.pods[id] != nil { |
There was a problem hiding this comment.
I think this looks better
if p.pods[id] != nil {
return p.pods[id], nil
}
return nil, fmt.Errorf("pod %s does not exist", id)There was a problem hiding this comment.
Yup, I'll change it. Thanks!
To include the grpc yamux dialer.
Included kata agent git shortlog:
Archana Shinde (1):
mount: Correct error message with mount failure.
Eric Ernst (2):
Merge pull request kata-containers#196 from sboeuf/fix_rollback
Merge pull request kata-containers#201 from bergwolf/yamux_client
Graham whaley (1):
ci: lib: allow override of tests_repo
James O. D. Hunt (16):
mount: Log params and validate
device: Add validation and debug
tests: Move helper function
tests: Use root skip function
tests: Skip more tests if non-root
CI: Require pullapprove ack for protocol changes
agent: Add announce function
announce: Add standard fields when running as PID 1
announce: Add device and storage handlers
announce: Add total memory
Merge pull request kata-containers#180 from jodh-intel/add-announce-log-call
github: Add issue template
Merge pull request kata-containers#189 from grahamwhaley/20180322_tests_repo
Merge pull request kata-containers#187 from jodh-intel/github-issue-template
Merge pull request kata-containers#192 from sboeuf/fix_device
Merge pull request kata-containers#197 from amshinde/correct-err-msg
Lai Jiangshan (1):
Merge pull request kata-containers#176 from jodh-intel/pullapprove-for-grpc-changes
Peng Tao (3):
Merge pull request kata-containers#171 from jodh-intel/validate-mount-params
Merge pull request kata-containers#206 from sboeuf/fix_rollback
protocol: client: enable builtin yamux client support
Sebastien Boeuf (7):
Merge pull request kata-containers#178 from jodh-intel/skip-more-tests-if-not-root
Merge pull request kata-containers#173 from jodh-intel/add-device-debug
device: VmPath can be empty if an Id is provided
agent: Rollback properly when container creation fails
vendor: Update libcontainer vendoring
Merge pull request kata-containers#203 from sboeuf/revendor_libcontainer
agent: Fix container creation rollback
Signed-off-by: Peng Tao <bergwolf@gmail.com>
|
@devimc @jodh-intel @sboeuf PR updated. PTAL. |
14b8d21 to
f3c070b
Compare
|
Jenkins failed on #193 |
sboeuf
left a comment
There was a problem hiding this comment.
One comment about the shortlog from the vendoring commit, but other than that LGTM !
| [[constraint]] | ||
| name = "github.com/kata-containers/agent" | ||
| revision = "a93071539feee29bfa22b6184380d3fd7c156ef7" | ||
| revision = "c8199f60759a1d52932df37a1af710cdeada8c81" |
There was a problem hiding this comment.
Hey, sorry to be picky here, but we don't really need the merge commits. If you run the following command:
git log --no-merges --abbrev-commit --pretty=oneline a93071539feee29bfa22b6184380d3fd7c156ef7..origin/masterYou should only get the real commits.
|
Thx @bergwolf |
|
Jenkins failed on kata-containers/tests/issues/225 |
When specified, it does not spawn a new process to proxy kata grpc connections. Instead, the yamux multiplexing functionality is builtin in the kata agent dialer. Signed-off-by: Peng Tao <bergwolf@gmail.com>
To include the grpc yamux dialer. Included kata agent git log: e37feac protocol: client: enable builtin yamux client support a862fea agent: Fix container creation rollback 9602e11 vendor: Update libcontainer vendoring 92f87a1 agent: Rollback properly when container creation fails 128f87d mount: Correct error message with mount failure. 7a182a4 device: VmPath can be empty if an Id is provided 0275654 ci: lib: allow override of tests_repo 205a4d7 github: Add issue template 103aacd announce: Add total memory e277ec6 announce: Add device and storage handlers 5d7463f announce: Add standard fields when running as PID 1 4655950 agent: Add announce function 5e6c385 CI: Require pullapprove ack for protocol changes 5d40027 tests: Skip more tests if non-root 4ba8499 tests: Use root skip function 9a2da30 tests: Move helper function ae2be84 device: Add validation and debug 9e7b27c mount: Log params and validate Signed-off-by: Peng Tao <bergwolf@gmail.com>
It tracks all existing pods in the current runtime. If the runtime calls multiple APIs, it can reuse existing pod data structure instead of re-construct it in every API call. Signed-off-by: Peng Tao <bergwolf@gmail.com>
When set, the kata shim will not be created. Fixes: kata-containers#172 Signed-off-by: Peng Tao <bergwolf@gmail.com>
To test built-in proxy and shim types. Signed-off-by: Peng Tao <bergwolf@gmail.com>
|
@sboeuf rebased now. |
Otherwise there might be cached pod alive even if we remove all the config dirs etc. Signed-off-by: Peng Tao <bergwolf@gmail.com>
|
ping @kata-containers/runtime |
device: Add validation and debug
Add a new proxy type
KataProxyBuiltinTypeand a new shim typeKataBuiltinShimType. When they are specified, new proxy or shim processes will not be created. OTOH, the proxy and shim capabilities are provided by the kata runtime library directly.For proxy, a yamux grpc dialer is used to create connections to the kata agent. And a goroutine is created to watch guest's console.
For shim, sandbox relay APIs will be provided. They are left to future PRs though.
Unfortunately due to limitation of the
yamuxlibrary (at most one connection between client and server), this cannot be used with the kata runtime cli. So no cli change is included.Depends-on: kata-containers/agent/pull/201