Initial addition of 9p code to Podman #20358
Conversation
openshift-ci
bot
added
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
WIP as I am still trying to actually get things running reliably on Windows. Test situation is suboptimal, as we need a Podman with my changes inside the |
mheon
force-pushed
the
9p
branch
2 times, most recently
from
fce45d6 to
8e6063e
Compare
There was a problem hiding this comment.
Just some small comments for the cli.
Also can we move these commands under podman machine? I feel like this makes more sense logicically and in case we ever decide to split out machine into a separate repo.
The core podman experience has no need for these commands.
cmd/podman/system/9client.go
Outdated
| var ( | ||
| client9Command = &cobra.Command{ | ||
| Args: cobra.ExactArgs(2), | ||
| Use: "client9 <port> <dir>", |
There was a problem hiding this comment.
| Use: "client9 <port> <dir>", | |
| Use: "client9 PORT DIR", |
for consistency with other podman usage lines
cmd/podman/system/9server.go
Outdated
| var ( | ||
| server9Command = &cobra.Command{ | ||
| Args: cobra.ExactArgs(1), | ||
| Use: "server9 [options] <PID>", |
There was a problem hiding this comment.
| Use: "server9 [options] <PID>", | |
| Use: "server9 [options] PID", |
same here
cmd/podman/system/9server.go
Outdated
| @@ -0,0 +1,84 @@ | |||
| package system | |||
There was a problem hiding this comment.
should this have a windows build tag? I don't think we should include this in non windows builds since it is not used on the other OSes?
cmd/podman/system/9client.go
Outdated
| @@ -0,0 +1,43 @@ | |||
| package system | |||
There was a problem hiding this comment.
here also I think it is simpler to just set the linux tag here then you do not need to implement stubs.
|
Moving commands to machine SGTM, don't know why I didn't think of that before. |
mheon
force-pushed
the
9p
branch
5 times, most recently
from
4a626c0 to
62dcb0c
Compare
|
Ephemeral COPR build failed. @containers/packit-build please check. |
mheon
force-pushed
the
9p
branch
4 times, most recently
from
2c6c695 to
a8a484b
Compare
|
|
mheon
added
the
bloat_approved
|
This seems to work, but I'm going to hold off on removing WIP until I can retest tomorrow to verify. |
mheon
force-pushed
the
9p
branch
2 times, most recently
from
b18c8cf to
edca82b
Compare
mheon
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
Dropping WIP |
cmd/podman/machine/9client.go
Outdated
|
|
||
| err := cmd.Run() | ||
| logrus.Debugf("Mount stdout: %s", stdout.String()) | ||
| if err != nil { |
There was a problem hiding this comment.
should this condition be inverted?
openshift-merge-robot
added
the
needs-rebase
|
Man page changes? |
pkg/machine/hyperv/machine.go
Outdated
| homedir, err := os.UserHomeDir() | ||
| if err != nil { | ||
| return "", 0, fmt.Errorf("obtain user home dir: %w", err) | ||
| } | ||
| gvproxyLog, err := os.Create(filepath.Join(homedir, "gvproxy.log")) | ||
| if err != nil { | ||
| return "", 0, fmt.Errorf("create log file: %w", err) | ||
| } | ||
| defer gvproxyLog.Close() | ||
|
|
||
| c.Stdout = gvproxyLog | ||
| c.Stderr = gvproxyLog |
There was a problem hiding this comment.
Can I just say that I hate having applications write directly into the home dir. Shouldn't this be but into the machine dir itself? At the very least so it gets removed when you remove the machine but also so it doesn't conflict if we can ever start more than one machine at once.
Second because you duplicate the same code twice can you split this into a function and please add a log line that says logging output from X to file Y. I have no idea how much these programs will write but I can imagine someone running out of disk space if they are not aware of this.
There was a problem hiding this comment.
What gets logged here? For CRC we have a similar log file and this can be a lot. We get a NTP (UDP) timeout a few times once in a while. This causes our log to balloon to several megabytes for a day.
|
Can you squash the commits so that they make logically sense once merged. Bug fixes for things added in a prior commit should always just be squashed into it and not added as extra commit. Otherwise you may break an easy git bisect. Also I see no reason for a extra commit to move the commands to the machine subcommand, that should also be just squashed. |
cmd/podman/machine/client9p.go
Outdated
| logrus.Errorf("Error mounting directory %s. Mount stderr: %s", mountPath, stderr.String()) | ||
| } | ||
|
|
||
| errChan <- err |
There was a problem hiding this comment.
This is logging the error and passing it back via channel, thus it will be logged twice.
Instead of logging this just return this as fmt.Errorf()
There was a problem hiding this comment.
It's not logging the error, it's logging stderr from the command - actual error is the exit code of the command.
There was a problem hiding this comment.
Yes which means the real error returned by the podman command is a useless exit status X and the useful message is just logged on stderr above. And both lines log the same error condition!
IMO the right things is take that message and append that to a actual error with fmt.Errorf() and then return the error.
| p, err := psutil.NewProcess(int32(pid)) | ||
| if err != nil { | ||
| return fmt.Errorf("opening gvproxy PID: %w", err) | ||
| } | ||
| for { | ||
| running, err := p.IsRunning() | ||
| if err != nil { | ||
| return fmt.Errorf("checking is gvproxy is dead: %w", err) | ||
| } | ||
| if !running { | ||
| break | ||
| } | ||
|
|
||
| time.Sleep(1 * time.Second) | ||
| } |
There was a problem hiding this comment.
I am not quite sure why this is needed? There seems to be a WaitForExit() call in windows which unlike linux should also work if the process you are waiting for is not a child. Are you something like https://stackoverflow.com/questions/37664015/os-process-wait-after-os-findprocesspid-works-on-windows-not-on-linux does not work and we really need such a big dep?
Alternative why can't we just use the same logic as for gvproxy stop and let the machine commands kill this process and let it sleep forever here instead of this busy loop.
There was a problem hiding this comment.
The WaitForExit call is not accessible via Golang's standard library without DLL loading shenanigans and then calling untyped functions (well, the function itself is, but the ability to get the handle that it requires to work is not) - so this is a lot cleaner, even if it's technically gross.
I don't have objections to using a PID file and terminating on machine stop, though. @baude You have strong feelings on this?
There was a problem hiding this comment.
Further, I'm strongly in favor of keeping the dep even if we drop this code. The things we were doing with Go's native os.Process code to do things like check for process exit just did not work - I solved 2 separate bugs elsewhere in the code by replacing our custom-rolled Windows/Linux process code with this library.
There was a problem hiding this comment.
I you think it is needed sure, not like I tested it on windows. I just cannot believe that the go std lib wouldn't suffice for that use case but if it is like that then sure.
There was a problem hiding this comment.
From what I can see, the standard library is fine on basically any POSIX-compliant system, but it starts to fall apart on Windows - things are sufficiently different that the abstractions can't handle it.
There was a problem hiding this comment.
I agree here, the stdlib on Windows does not provide the same functionality as you have on Posix-compliant systems. I think this is acceptable for now, as we might spin this code out at a later time.
cmd/podman/machine/client9p.go
Outdated
| cmd.Stdout = &stdout | ||
| cmd.Stderr = &stderr | ||
| cmd.ExtraFiles = []*os.File{vsock} | ||
|
|
||
| err := cmd.Run() |
There was a problem hiding this comment.
Wouldn't it be simpler to just use cmd.CombinedOutput() instead? I doubt anybody needs to care about the stdout of mount
|
Squashed down, comments addressed |
mheon
force-pushed
the
9p
branch
4 times, most recently
from
b9ecbfa to
c4ba756
Compare
|
@baude PTAL |
cmd/podman/machine/client9p.go
Outdated
| err := cmd.Run() | ||
| output, outErr := cmd.CombinedOutput() |
There was a problem hiding this comment.
This is not right CombinedOutput() already calls Run() for you so you should not call Run() before that.
This includes two new hidden commands: a 9p server, `podman machine server9p`, and a 9p client, `podman machine client9p` with `server9p` currently only configured to run on Windows and serve 9p via HyperV vsock, and `client9p` only configured to run on Linux. The server is run by `podman machine start` and has the same lifespan as gvproxy (waits for the gvproxy PID to die before shutting down). The client is run inside the VM, also by `podman machine start`, and mounts uses kernel 9p mount code to complete the mount. It's unfortunately not possible to use mount directly without the wrapper; we need to set up the vsock and pass it to mount as an FD. In theory this can be generalized so that the server can run anywhere and over almost any transport, but I haven't done this here as I don't think we have a usecase other than HyperV right now. [NO NEW TESTS NEEDED] This requires changes to Podman in the VM, so we need to wait until a build with this lands in FCOS to test. Signed-off-by: Matthew Heon <[email protected]>
Instead of trying to write out own code to do basic process operations (e.g. checking if a PID is still running in a multi-OS friendly manner), use shirou/gopsutil, a multi-platform library that should abstract all the complexity away. Unlike our previous approach on Windows, this one should actually work. Signed-off-by: Matt Heon <[email protected]>
Logging to os.Stdout and os.Stderr does not seem to work in Powershell. I am not entirely certain why. Logfiles are the best alternative I can think of. Signed-off-by: Matt Heon <[email protected]>
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
@cevich the scan for secret leaks and changes test is failing with: " Error: unrecognized namespace mode keep-id:uid=1000,gid=1000 passed I'm not sure where that's being thrown from, do you? |
Yes I'm on top of it. A fix PR was just merged. A re-run might fix it (I'll try pushing the button), otherwise a force-push should. |
|
|
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
Should merge without it |
github-actions
bot
added
the
locked - please file new issue/PR
This includes two new hidden commands: a 9p server,
podman system server9, and a 9p client,podman system client9withserver9currently only configured to run on Windows and serve 9p via HyperV vsock, andclient9only configured to run on Linux. The server is run bypodman machine startand has the same lifespan as gvproxy (waits for the gvproxy PID to die before shutting down). The client is run inside the VM, also bypodman machine start, and mounts uses kernel 9p mount code to complete the mount. It's unfortunately not possible to use mount directly without the wrapper; we need to set up the vsock and pass it to mount as an FD.In theory this can be generalized so that the server can run anywhere and over almost any transport, but I haven't done this here as I don't think we have a usecase other than HyperV right now.
Does this PR introduce a user-facing change?