dial-stdio: handle connections which lack CloseRead method. #1718
Conversation
Codecov Report
@@ Coverage Diff @@
## master #1718 +/- ##
=========================================
Coverage ? 56.13%
=========================================
Files ? 306
Lines ? 21035
Branches ? 0
=========================================
Hits ? 11807
Misses ? 8373
Partials ? 855 |
|
ping @AkihiroSuda @tonistiigi PTAL |
|
looks good |
- Update docker/cli is now pointing to chris-crone/cli. The change needs the merge of docker/cli#1718 and docker/cli#1690 - Fix issues relative paths in Jenkinsfile and Jenkinsfile.baguette - Avoid using '--config' in favor of env variable 'DOCKER_CONFIG' Signed-off-by: Ulysses Souza <[email protected]>
- Update docker/cli is now pointing to chris-crone/cli. The change needs the merge of docker/cli#1718 and docker/cli#1690 - Fix issues relative paths in Jenkinsfile and Jenkinsfile.baguette - Avoid using '--config' in favor of env variable 'DOCKER_CONFIG' Signed-off-by: Ulysses Souza <[email protected]>
|
Is this (or #1710) ready to be merged? I don't think the change is unit testable hence the coverage result. |
|
Why not add a CloseRead to the pipe implementation? |
|
Doing nothing on |
|
Not really directly related to theses changes, but it looks like that |
I lack the necessary Windows background to make that happen. /cc @jstarks who added
This was @AkihiroSuda's suggestion in #1710 (comment), it seemed reasonable to me for objects which didn't support #1710 has now been merged so my immediate problem is solved, I'm happy to bump this and address review around this basic premise etc but I'm unlikely to implement |
ijc
force-pushed
the
dial-stdio-npipe-on-windows
branch
from
3feab88 to
ecd8d86
Compare
|
It turns out that $ ./build/docker-linux-amd64 -D -H tcp://18.197.174.153:443 --tls --tlscacert /tmp/tmp.TDp4Lrmnc1/ca.pem system dial-stdio
DEBU[0000] conn is a *tls.Conn
DEBU[0000] conn is a halfReadCloser: false
DEBU[0000] conn is a halfWriteCloser: true
the raw stream connection does not implement halfCloserThis PR helps with that too. |
|
Perhaps |
|
Go 1.11 should have CloseRead now for tls, as I recall. |
Not according to https://golang.org/pkg/crypto/tls/, nor the test shown above which was with g1.11.
Not sure about that, since I don't have enough insight into what all the actual underlying objects might actually be. OTOH -- shouldn't there be a |
| @@ -34,10 +34,17 @@ func runDialStdio(dockerCli command.Cli) error { | |||
| if err != nil { | |||
| return errors.Wrap(err, "failed to open the raw stream connection") | |||
| } | |||
| connHalfCloser, ok := conn.(halfCloser) | |||
| if !ok { | |||
|
|
|||
There was a problem hiding this comment.
defer conn.Close here?
There was a problem hiding this comment.
Seems plausible and WFM in my simple cases, so I've pushed. I think this was just a preexisting leak, but it also help allay concerns about the nopCloseReader here too.
Would be good to get this tested with your ssh:// use case though.
This happens on Windows when dialing a named pipe (a path which is used by CLI
plugins), in that case some debugging shows:
DEBU[0000] conn is a *winio.win32MessageBytePipe
DEBU[0000] conn is a halfReadCloser: false
DEBU[0000] conn is a halfWriteCloser: true
the raw stream connection does not implement halfCloser
In such cases we can simply wrap with a nop function since closing for read
isn't too critical.
Signed-off-by: Ian Campbell <[email protected]>
This was leaking the fd. Signed-off-by: Ian Campbell <[email protected]>
This reverts commit c41c238. This case is now handled due to the previous commit. Signed-off-by: Ian Campbell <[email protected]>
ijc
force-pushed
the
dial-stdio-npipe-on-windows
branch
from
ecd8d86 to
0449ad8
Compare
|
Oh that was CloseWrite that was added.
I suppose it seems ok to just close when the reader is done.
Brian Goff
… On Mar 12, 2019, at 06:53, Ian Campbell ***@***.***> wrote:
Go 1.11 should have CloseRead now, as I recall.
Not according to https://golang.org/pkg/crypto/tls/, nor the test shown above which was with g1.11.
Perhaps Close() should be called when both CloseRead() and CloseWrite() are called
Not sure about that, since I don't have enough insight into what all the actual underlying objects might actually be.
OTOH -- shouldn't there be a conn.Close somewhere (perhaps deferred) in this function somewhere? Otherwise what is closing the conn in the end? Are we leaking an fd?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Let's merged 👍 |
So far we've had problems with it not working on Windows (npipe lacked the `ReadClose` method) and problems with using tcp with tls (the tls connection also lacks `ReadClose`). Both of these were workedaround in docker#1718 which added a nop `ReadClose` method. However I am now seeing hangs (on Windows) where the `system dial-stdio` subprocess is not exiting (I'm unsure why so far). I think the 3rd problem found with this is an indication that `dial-stdio` is not ready for primetime outside of its initial usecase (support for `ssh://` URLs to connect to remote daemons). This change simply disables the `dial-stdio` path for all plugins. However I've left in a trap door environment variable so that those who want to experiment with this mode have an easier path do doing so. Signed-off-by: Ian Campbell <[email protected]>
Since docker#1654 so far we've had problems with it not working on Windows (npipe lacked the `ReadClose` method) and problems with using tcp with tls (the tls connection also lacks `ReadClose`). Both of these were workedaround in docker#1718 which added a nop `ReadClose` method. However I am now seeing hangs (on Windows) where the `system dial-stdio` subprocess is not exiting (I'm unsure why so far). I think the 3rd problem found with this is an indication that `dial-stdio` is not quite ready for wider use outside of its initial usecase (support for `ssh://` URLs to connect to remote daemons). This change simply disables the `dial-stdio` path for all plugins. However rather than completely reverting 891b3d9 ("cli-plugins: use `docker system dial-stdio` to call the daemon") I've just disabled the functionality at the point of use and left in a trap door environment variable so that those who want to experiment with this mode (and perhaps fully debug it) have an easier path do doing so. Signed-off-by: Ian Campbell <[email protected]>
Since docker#1654 so far we've had problems with it not working on Windows (npipe lacked the `CloseRead` method) and problems with using tcp with tls (the tls connection also lacks `CloseRead`). Both of these were workedaround in docker#1718 which added a nop `CloseRead` method. However I am now seeing hangs (on Windows) where the `system dial-stdio` subprocess is not exiting (I'm unsure why so far). I think the 3rd problem found with this is an indication that `dial-stdio` is not quite ready for wider use outside of its initial usecase (support for `ssh://` URLs to connect to remote daemons). This change simply disables the `dial-stdio` path for all plugins. However rather than completely reverting 891b3d9 ("cli-plugins: use `docker system dial-stdio` to call the daemon") I've just disabled the functionality at the point of use and left in a trap door environment variable so that those who want to experiment with this mode (and perhaps fully debug it) have an easier path do doing so. Signed-off-by: Ian Campbell <[email protected]>
Since docker#1654 so far we've had problems with it not working on Windows (npipe lacked the `CloseRead` method) and problems with using tcp with tls (the tls connection also lacks `CloseRead`). Both of these were workedaround in docker#1718 which added a nop `CloseRead` method. However I am now seeing hangs (on Windows) where the `system dial-stdio` subprocess is not exiting (I'm unsure why so far). I think the 3rd problem found with this is an indication that `dial-stdio` is not quite ready for wider use outside of its initial usecase (support for `ssh://` URLs to connect to remote daemons). This change simply disables the `dial-stdio` path for all plugins. However rather than completely reverting 891b3d9 ("cli-plugins: use `docker system dial-stdio` to call the daemon") I've just disabled the functionality at the point of use and left in a trap door environment variable so that those who want to experiment with this mode (and perhaps fully debug it) have an easier path do doing so. The e2e test for this case is disabled unless the trap door envvar is set. I also renamed the test to clarify that it is about cli plugins. Signed-off-by: Ian Campbell <[email protected]>
This happens on Windows when dialing a named pipe (a path which is used by CLI
plugins), in that case some debugging shows:
In such cases we can simply wrap with a nop function since closing for read
isn't too critical.
Signed-off-by: Ian Campbell [email protected]
My testing on Windows s is limited to
Which failed previously.
This is a replacement/alternative for #1710.