One proxy per vm#483
Conversation
|
Blocked on clearcontainers/proxy#167. |
| } | ||
|
|
||
| // Start the proxy | ||
| err = p.createProxyProcess() |
There was a problem hiding this comment.
You should move that into p.startVM(netNsPath) function, so that we don't expand too much CreatePod() and RunPod().
There was a problem hiding this comment.
()Funnily enough, it was there originally, but I moved it out for clarity since startVM wasn't just starting the VM so the name was confusing. Also, it matched more closely how we handle the shims (p.startShims()).
On the topic of CreatePod() and RunPod(), I've just raised #486 to remove the duplication so how about we land that first and I can then rebase this PR and there won't be any duplication.
| return nil, err | ||
| } | ||
|
|
||
| err = p.waitForProxy() |
There was a problem hiding this comment.
Similar to createProxyProcess(), I think this should be moved to stopVM().
| // cannot fail on Linux | ||
| proc, _ := os.FindProcess(pid) | ||
|
|
||
| _, err := proc.Wait() |
There was a problem hiding this comment.
We should add a timeout here.
There was a problem hiding this comment.
Good call.
Looking at this again, the code actually won't work as we can't guarantee the calling process (now) owns the cc-proxy instance (it's likely to have been reparented to PID 1).
Do we already have BKM code somewhere for a (deep breath) pid or/proc/$pid-sniffing loop? I'm pretty sure we used to a long time ago but can't find it atm.
|
|
||
| // waitForProxy waits for the proxy process to finish | ||
| func (p *Pod) waitForProxy() error { | ||
| pid := p.proxyProcess.Pid |
There was a problem hiding this comment.
I don't see any place where you save this info about the proxy PID. When DeletePod() will be called, I think that p.proxyProcess is going to be empty.
There was a problem hiding this comment.
Good catch - fixing...
|
clearcontainers/proxy#167 has been merged, there is no blocker left for this PR. |
|
|
||
| // construct the socket path the proxy instance will use | ||
| socketPath := filepath.Join(runStoragePath, pod.id, "proxy.sock") | ||
| uri := fmt.Sprintf("unix://%s", socketPath) |
There was a problem hiding this comment.
I wonder if we have to ensure proxy's socket mode is 600
There was a problem hiding this comment.
This is just constructing a path to give to the proxy. The proxy itself creates the socket (with perms 0660) here:
| } | ||
|
|
||
| // Start the proxy | ||
| err = p.createProxyProcess() |
There was a problem hiding this comment.
Nit: Could we call that one startProxy() for consistency with the shim part?
There was a problem hiding this comment.
Good call - fixing...
|
|
||
| p.proxyProcess = newProcess("", pid) | ||
|
|
||
| p.Logger().WithField("proxy-pid", pid).Debug("proxy started") |
There was a problem hiding this comment.
I'd add the pod ID as part of the log here.
There was a problem hiding this comment.
Actually, Logger() will already add that for us ;)
| socketPath := filepath.Join(runStoragePath, pod.id, "proxy.sock") | ||
| uri := fmt.Sprintf("unix://%s", socketPath) | ||
|
|
||
| args := []string{config.Path, "-uri", uri} |
There was a problem hiding this comment.
Maybe we could modify the process comm here by using something like "proxy-%s", pod.ID.
There was a problem hiding this comment.
We already have pod.id in the path as the socket is placed into the pod-specific directory. We could also add the pod ID to the socket name, but if we do, we'd be getting very close to the 107 byte socket name limit.
jodh-intel
force-pushed
the
one-proxy-per-vm
branch
from
c3211e3 to
7f7c404
Compare
|
Branch updated with some simplifications... and more tests! 😄 |
|
CI is failing due to the API breakage introduced by this PR ( |
|
@jodh-intel then you have to submit the PR on the runtime and point this PR in your commit message. |
Quote the url values in the error for maximum clarity if a url is blank. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Change the log message in startShims() to avoid a confusing "shim-count: 0" log entry. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Change "defaultCCProxyURL" to use a Clear Containers 3.x path, rather than a 2.x one. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
jodh-intel
force-pushed
the
one-proxy-per-vm
branch
from
7f7c404 to
f21bd67
Compare
Test re-vendor for containers/virtcontainers#483. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Update the runtime based on containers/virtcontainers#483, and accompanying changes for the virtcontainers API changes. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Test re-vendor for containers/virtcontainers#483. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Update the runtime based on containers/virtcontainers#483, and accompanying changes for the virtcontainers API changes. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
jodh-intel
force-pushed
the
one-proxy-per-vm
branch
from
f21bd67 to
1d9d48d
Compare
jodh-intel
force-pushed
the
one-proxy-per-vm
branch
from
1d9d48d to
65e3d91
Compare
Update the runtime based on containers/virtcontainers#483, and accompanying changes for the virtcontainers API changes. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
jodh-intel
force-pushed
the
one-proxy-per-vm
branch
from
65e3d91 to
ebc46d7
Compare
|
Hi @sboeuf - please can you take another look? |
|
@jodh-intel yes sure, let me check that right now |
Create a proxy instance for each pod (virtual machine). Since the proxy is now launched by virtcontainers, it is necessary to specify the path to the proxy binary in the pod configuration. Depends-on: github.com/clearcontainers/runtime#833 Fixes containers#478. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Update the runtime based on containers/virtcontainers#483, and accompanying changes for the virtcontainers API changes. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
jodh-intel
force-pushed
the
one-proxy-per-vm
branch
from
ebc46d7 to
148b06a
Compare
|
@sboeuf - branch updated again. |
|
@jodh-intel thx, let me take a look ! |
|
LGTM |
|
Thanks for the PR @jodh-intel, everything looks good now. |
|
LGTM
|
4 participants
proxy: Launch one proxy instance per pod
Create a proxy instance for each pod (virtual machine).
Since the proxy is now launched by virtcontainers, it is necessary to specify the path to the proxy binary
in the pod configuration.
Fixes #478.