Add synchronization around endpoint modification on RS1-RS4#556
Add synchronization around endpoint modification on RS1-RS4#556thaJeztah wants to merge 1 commit intomicrosoft:mainfrom
Conversation
|
Created this, as I commented on moby/moby#39018 (comment) |
internal/hns/hnsendpoint.go
Outdated
| // HNSEndpointRequest makes a HNS call to modify/query a network endpoint | ||
| func HNSEndpointRequest(method, path, request string) (*HNSEndpoint, error) { | ||
| endpoint := &HNSEndpoint{} | ||
| if windowsBuild == osversion.RS1 { |
There was a problem hiding this comment.
Wondering; does this apply to RS2 as well, or is that completely obsolete?
There was a problem hiding this comment.
That is obsolete. Also, RS2 is not a LTSC or SAC branch.
Our expectation is customers are on RS1 (server2016) or RS5 (server 2019) or the latest (semi-annual channel) branch.
There was a problem hiding this comment.
Main reason for asking was if we should be defensive and, e.g. change this to
if windowsBuild < osversion.RS3 {or
if windowsBuild < osversion.RS5 {There was a problem hiding this comment.
@pradipd Unfortunately.... I think < RS5 would be more prudent. There are at least plenty of docker users still using RS3 and RS4 :/ And when they switch to using containerd as a runtime, I think we need to be more defensive. (That said, hopefully soon we can disable the use of RS3 and RS4 entirely).
There was a problem hiding this comment.
Updated to use
if windowsBuild < osversion.RS5 {And updated the commit message, and comment accordingly PTAL
| endpointMu.Lock() | ||
| defer endpointMu.Unlock() | ||
| } | ||
| return hnsCall("POST", "/endpoints/"+endpoint.Id+"/detach", string(jsonString), &response) |
There was a problem hiding this comment.
Is concurrent attach / detach allowed? If so, these are not needed (thought I'd open this PR so that this approach can be discussed, and to make hcsshim the "source of truth" as to what is supported for each Windows version and what not, instead of putting that burden on consumers of this library 😅
There was a problem hiding this comment.
so this looks ok (as in; yes: we should protect these endpoints as well), correct?
Would other endpoints need patching as well? (if they're not supported on RS1, they should probably produce an error?);
On a side-note; wondering if os-version checks should be added to (e.g.)
HotAttachEndpoint(), which (I think) is not supported on older versions
There was a problem hiding this comment.
@madhanrm Do we need to add version check around HotAttachEndpoint()?
58d0062 to
bde32e6
Compare
bde32e6 to
b6bede0
Compare
|
@thaJeztah Do we still want/care about this? Was looking into cleaning up all of the dangling hcsshim prs that have been sitting for ages. |
|
@dcantah I think it would still be good if consumers of this shim wouldn't need the internal knowledge about what' supported/needed and what not for different versions of Windows. But please make sure that the changes I made are correct, as I'm not well familiar with the Windows internals! 🤗 😅 Let me at least rebase this PR to get it back in a mergeable state, and replace hcsshim/osversion/osversion_windows.go Lines 34 to 36 in 58f7ef4 |
b6bede0 to
30eaa67
Compare
thaJeztah
left a comment
There was a problem hiding this comment.
👍 rebased and changed osversion.Get().Build to osversion.Build()
| "strings" | ||
| "sync" |
There was a problem hiding this comment.
"conflict" before rebasing was here (adjacent line changed)
Agreed on this, didn't know if there was any other context I was missing surrounding this issue in the last two years 😆 |
|
@thaJeztah Thanks for this! I'll try and take a peek later today |
|
Thank you! I also opened #996 for a minor cleanup (but left a comment in the PR description for possible adding / replacing some intermediate build numbers) |
30eaa67 to
c0e8255
Compare
|
Rebased to get a fresh run of CI |
Server versions before 2019 (RS5), including Server 2016 (RS1) do not support concurrent add/delete of endpoints. Therefore, we need to use a mutex to serialize the add/delete of endpoints on those versions. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
c0e8255 to
f1eb7b7
Compare
| if windowsBuild < osversion.RS5 { | ||
| switch method { | ||
| case "GET": | ||
| endpointMu.RLock() | ||
| defer endpointMu.RUnlock() | ||
| case "DELETE", "POST": | ||
| endpointMu.Lock() | ||
| defer endpointMu.Unlock() | ||
| } | ||
| } |
There was a problem hiding this comment.
The only thing that comes to mind for this PR is a conundrum we ran into by calling osversion in another exposed API, namely that retrofitting these APIs with osversion means the caller now has to manifest to get the "new" behavior. The new behavior here if they don't manifest boils down to slower execution as we need to lock/unlock and they lose concurrent creates even if they're on a host that supports it, as osversion will return windows 8's build number if not manifested which will satisfy if windowsBuild < osversion.RS5.
For moby this doesn't matter as it's manifested and I'd say an overwhelming majority of uses of hcsshim is in containerd and moby, but something to think of. @jterry75 and I had played around with the thought of possibly having a fallback for osversion, where we'd parse cmd /c ver's output if we find the program isn't manifested. That is a bit hacky though 😆
|
This is for older versions of OS which are no longer supported. |
Server versions before 2019 (RS5), including Server 2016 (RS1) do not support concurrent add/delete of endpoints. Therefore, we need to use a mutex to serialize the add/delete of endpoints on those versions.
This is based on changes in moby/libnetwork#2356, but doing this check inside hcsshim itself.
Note that
RWMutexinstead of aMutex, but happy to change if that doesn't make sense.HNSListEndpointRequest()will take a read-lock, as well as some other calls in libnetwork.On a side-note; wondering if os-version checks should be added to (e.g.)
HotAttachEndpoint(), which (I think) is not supported on older versions