Conversation
.travis.yml
Outdated
| - sudo apt-get install -y -qq automake | ||
|
|
||
| install: | ||
| - cd ${TRAVIS_BUILD_DIR} |
There was a problem hiding this comment.
Nit: for consistency with the script section below, you could do this on one line using &&.
| go build proxy.go | ||
| make -C test | ||
|
|
||
| test: all |
There was a problem hiding this comment.
This is slightly unusual in that it's the "other way round" to normal (atleast in my mind ;). It might be clearer to have:
all: build test
build:
go build proxy.go
test:
make -C test test
There was a problem hiding this comment.
I would prefer make command w/o arguments to just build the project rather than running tests altogether. That is also how most Makefiles work.
There was a problem hiding this comment.
Ah - yes, sorry. It hadn't registered that all is the default rule. I guess it's fine as-is or you could make it:
default: build
all: default test
| @@ -0,0 +1,10 @@ | |||
| all: | |||
There was a problem hiding this comment.
Just a general comment - could you add standard copyright headers to all the files? I've just noticed that https://github.com/clearcontainers/proxy/blob/master/Makefile is actually missing one, but it should really match the comment header here for example: https://github.com/clearcontainers/runtime/blob/master/Makefile.
There was a problem hiding this comment.
Do we need to have apache 2 licensing statement in every file? There is already an apche LICENSE file in the top directory and I don't think we will use other licenses in the project, right?
OTOH, if it is an Intel open source project policy, I'm willing to follow it.
There was a problem hiding this comment.
To add to that - I'll note that we are looking at using 'SPDX' style license headers for these new projects - a much smaller and cleaner method than placing the full or part license text in each file.
For reference:
https://github.com/kata-containers/ksm-throttler/pull/1/files#diff-360cbfd0e0c83e21065226e59696f652R5
https://spdx.org/using-spdx
There was a problem hiding this comment.
SPDX sounds good to me.
proxy.go
Outdated
| "github.com/hashicorp/yamux" | ||
| ) | ||
|
|
||
| // @channel is the unix socket address we want to multiplex |
There was a problem hiding this comment.
Looks like this comment might have become detached from the variable it describes (in main()?)
There was a problem hiding this comment.
Yep, it was left over from previous versions. I'll just drop it.
proxy.go
Outdated
| "net" | ||
| "sync" | ||
|
|
||
| "github.com/golang/glog" |
There was a problem hiding this comment.
It might be worth looking at https://github.com/sirupsen/logrus as a very powerful alternative to glog which we're using in all projects currently.
There was a problem hiding this comment.
All hyper projects use glog instead. We should make a decision on which log system to use for kata and migrate to it.
There was a problem hiding this comment.
Agreed. What's your view @sameo, @grahamwhaley? Do we need to document this somewhere maybe?
There was a problem hiding this comment.
I've taken the question to the slack channel. Let's discuss it there.
proxy.go
Outdated
|
|
||
| func main() { | ||
| channel := flag.String("s", "/tmp/target.sock", "unix socket to multiplex on") | ||
| proxyAddr := flag.String("l", "/tmp/proxy.sock", "unix socket to listen at") |
There was a problem hiding this comment.
Do we need these default paths? Also, it would be useful if the options accepted full URIs here (unix:///foo/bar.sock).
There was a problem hiding this comment.
Good point, I'll add URI support here. And I agree that default paths are useless.
test/test-cmd.sh
Outdated
| pkill server | ||
| pkill proxy | ||
|
|
||
| rm -f /tmp/proxy.sock /tmp/target.sock |
There was a problem hiding this comment.
It might be better to define a variable for these sockets to avoid the duplication.
test/test-cmd.sh
Outdated
| pkill proxy | ||
|
|
||
| rm -f /tmp/proxy.sock /tmp/target.sock | ||
| echo test result is $? |
There was a problem hiding this comment.
I think this line is redundant as it will only return the value of the rm?
There was a problem hiding this comment.
I was using it as a indicator that the test is done because otherwise there is no output. But you do have a valid point that $? is redundant here.
test/test-cmd.sh
Outdated
| # start server | ||
| ./server & | ||
| # sleep a bit to let server spin up | ||
| sleep 2 |
There was a problem hiding this comment.
This should certainly be sufficient time for the server to start but at some point, it would be better long-term if we had a shell function that performs a check repeatedly (but with a timeout) here (and below).
There was a problem hiding this comment.
I tend to think that busy pulling with a timeout is a bit over-skill just for this little test script.
There was a problem hiding this comment.
Yes, it's a very simple script at present, so I don't think this is a "blocker" to get this landed. It's just something we need to think about going forward as the script grows to avoid odd failures on (very ;) slow systems.
There was a problem hiding this comment.
Overall the proxy program will be very simple & small. But yeah, who knows ;)
There was a problem hiding this comment.
Yeah, we have seen problems with fixed timeouts (even quite large timeouts) when running CI tests on cloud based VM machines - so we've become wary of fixed timeouts and try to avoid them when we can. Flaky CI failures can become the bane of our lives otherwise :-)
test/test-cmd.sh
Outdated
| output=$(./client -f ${f}) | ||
| result=$(echo ${output}|grep SUCCESS 2>/dev/null || true) | ||
| if [ x"${result}" == "x" ]; then | ||
| echo test failed with ${output} |
There was a problem hiding this comment.
Maybe add >&2 to denote an error message?
There was a problem hiding this comment.
The error message from grep is useless. We just need to know if grep succeeds or not.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Signed-off-by: Peng Tao <bergwolf@gmail.com>
bergwolf
force-pushed
the
proxy
branch
3 times, most recently
from
5dab6ae to
1234db5
Compare
|
updated and CI green. @jodh-intel @grahamwhaley PTAL. |
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Signed-off-by: Peng Tao <bergwolf@gmail.com>
|
@bergwolf I assume you're going to rebase this PR based on the final gRPC definition? Or do you want us to give it a final review and merge it without gRPC support first? |
|
@sameo please review it as is. The proxy does not rely on gRPC support. |
|
@bergwolf ah right, your implementation copies all frames coming from the shim into the yamux endpoint, so it's not a gRPC server itself. I guess doing otherwise would be more secure but also much more complex. |
sameo
left a comment
sameo
left a comment
There was a problem hiding this comment.
Overall, this looks pretty good. I just have a few minor comments.
One missing piece here are unit tests. The 2 test programs could be implemented as unit tests, which would be easier to use and CI.
Gopkg.toml
Outdated
| name = "github.com/golang/glog" | ||
|
|
||
| [[constraint]] | ||
| branch = "master" |
There was a problem hiding this comment.
Could we stick to a specific revision/SHA1?
proxy.go
Outdated
|
|
||
| func main() { | ||
| var channel, proxyAddr string | ||
| flag.StringVar(&channel, "s", "", "unix socket to multiplex on") |
There was a problem hiding this comment.
Could we give a clearer name for that option? -mux-socket for example.
proxy.go
Outdated
| func main() { | ||
| var channel, proxyAddr string | ||
| flag.StringVar(&channel, "s", "", "unix socket to multiplex on") | ||
| flag.StringVar(&proxyAddr, "l", "", "unix socket to listen on") |
proxy.go
Outdated
| "github.com/hashicorp/yamux" | ||
| ) | ||
|
|
||
| func serv(servConn io.ReadWriteCloser, proto, addr string) error { |
| glog.Error("channel and proxy address must be set") | ||
| return | ||
| } | ||
|
|
There was a problem hiding this comment.
This block should be the first check we run (before the prefix/scheme ones).
| if strings.HasPrefix(proxyAddr, unixURI) { | ||
| proxyAddr = proxyAddr[len(unixURI):] | ||
| } | ||
|
|
There was a problem hiding this comment.
I think you want to use the net/url to safely parse (url.Parse()) the URI you get as an input and verify that we either have a unix scheme or no scheme at all.
proxy.go
Outdated
| glog.Errorf("fail to accept new connection: %s", err) | ||
| return err | ||
| } | ||
| stream, err := session.Open() |
There was a problem hiding this comment.
Could you please put the whole stream opening, stream copy and sync logic into a dedicated function and call a go routine on it for each accept? I think this would make the code more readable.
|
Oh, please, logrus 👍 I can see some glog lost log problems due to it's buffer/cache, prefer "logrus" much more |
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Replace test dir with go testing UT. Signed-off-by: Peng Tao <bergwolf@gmail.com>
In future we'll use a wrapper above logrus to print glog format logs. Signed-off-by: Peng Tao <bergwolf@gmail.com>
Signed-off-by: Peng Tao <bergwolf@gmail.com>
|
updated to address @sameo's comments and added unit tests. glog is also replaced with logrus. We'll add a wrapper above logrus to print glog format logs when need. |
|
@bergwolf Thanks for the update. |
do no merge - only to check move to go 1.10 works note: make issue number Fixes: kata-containers#1 Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
do no merge - only to check move to go 1.10 works note: make issue number Fixes: kata-containers#1 Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
do no merge - only to check move to go 1.10 works note: make issue number Fixes: kata-containers#1 Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Fixes: kata-containers#57 Signed-off-by: Kaly Xin <Kaly.Xin@arm.com>
Fixes kata-containers#57 Signed-off-by: Kaly Xin <Kaly.Xin@arm.com>
Add a fake fixes line as well ;-) Fixes: kata-containers#1 Signed-off-by: Graham Whaley <graham.whaley@intel.com>
5 participants
No description provided.