From 537672b0587dafa2767af19f45b7fb1e74fc05dc Mon Sep 17 00:00:00 2001 From: Manuel Alejandro de Brito Fontes Date: Sat, 4 Dec 2021 09:10:15 -0300 Subject: [PATCH] Enable experimentalNetwork by default --- .../gitpod-protocol/data/gitpod-schema.json | 2 +- components/gitpod-protocol/src/protocol.ts | 2 +- .../server/src/workspace/workspace-starter.ts | 7 -- components/workspacekit/cmd/rings.go | 69 ++++++++----------- 4 files changed, 32 insertions(+), 48 deletions(-) diff --git a/components/gitpod-protocol/data/gitpod-schema.json b/components/gitpod-protocol/data/gitpod-schema.json index 3bce76c655d0eb..a449f4469aa646 100644 --- a/components/gitpod-protocol/data/gitpod-schema.json +++ b/components/gitpod-protocol/data/gitpod-schema.json @@ -209,7 +209,7 @@ }, "experimentalNetwork": { "type": "boolean", - "description": "Experimental network configuration in workspaces" + "description": "Experimental network configuration in workspaces (deprecated). Enabled by default" } }, "additionalProperties": false diff --git a/components/gitpod-protocol/src/protocol.ts b/components/gitpod-protocol/src/protocol.ts index 048606d09c66e6..b2b56eb53adcf3 100644 --- a/components/gitpod-protocol/src/protocol.ts +++ b/components/gitpod-protocol/src/protocol.ts @@ -558,7 +558,7 @@ export interface WorkspaceConfig { github?: GithubAppConfig; vscode?: VSCodeConfig; - /** tailscale demo */ + /** deprecated. Enabled by default **/ experimentalNetwork?: boolean; /** diff --git a/components/server/src/workspace/workspace-starter.ts b/components/server/src/workspace/workspace-starter.ts index d4c1cf3e101dda..2a175f11aeea60 100644 --- a/components/server/src/workspace/workspace-starter.ts +++ b/components/server/src/workspace/workspace-starter.ts @@ -654,13 +654,6 @@ export class WorkspaceStarter { vsxRegistryUrl.setValue(this.config.vsxRegistryUrl); envvars.push(vsxRegistryUrl); - if (workspace.config.experimentalNetwork) { - const useNetnsVar = new EnvironmentVariable(); - useNetnsVar.setName("WORKSPACEKIT_USE_NETNS"); - useNetnsVar.setValue("true"); - envvars.push(useNetnsVar); - } - const createGitpodTokenPromise = (async () => { const scopes = this.createDefaultGitpodAPITokenScopes(workspace, instance); const token = crypto.randomBytes(30).toString('hex'); diff --git a/components/workspacekit/cmd/rings.go b/components/workspacekit/cmd/rings.go index eb27dc8d2d0e1d..385e195c19162b 100644 --- a/components/workspacekit/cmd/rings.go +++ b/components/workspacekit/cmd/rings.go @@ -250,7 +250,6 @@ var ring1Cmd = &cobra.Command{ } var ( - wrapNetns = os.Getenv("WORKSPACEKIT_USE_NETNS") == "true" slirp4netnsSocket string ) @@ -308,17 +307,15 @@ var ring1Cmd = &cobra.Command{ ) } - if wrapNetns { - f, err := ioutil.TempDir("", "wskit-slirp4netns") - if err != nil { - log.WithError(err).Error("cannot create slirp4netns socket tempdir") - return - } - - slirp4netnsSocket = filepath.Join(f, "slirp4netns.sock") - mnts = append(mnts, mnte{Target: "/.supervisor/slirp4netns.sock", Source: f, Flags: unix.MS_BIND | unix.MS_REC}) + f, err := ioutil.TempDir("", "wskit-slirp4netns") + if err != nil { + log.WithError(err).Error("cannot create slirp4netns socket tempdir") + return } + slirp4netnsSocket = filepath.Join(f, "slirp4netns.sock") + mnts = append(mnts, mnte{Target: "/.supervisor/slirp4netns.sock", Source: f, Flags: unix.MS_BIND | unix.MS_REC}) + for _, m := range mnts { dst := filepath.Join(ring2Root, m.Target) _ = os.MkdirAll(dst, 0644) @@ -358,9 +355,8 @@ var ring1Cmd = &cobra.Command{ } env = append(env, e) } - if wrapNetns { - env = append(env, "WORKSPACEKIT_WRAP_NETNS=true") - } + + env = append(env, "WORKSPACEKIT_WRAP_NETNS=true") socketFN := filepath.Join(os.TempDir(), fmt.Sprintf("workspacekit-ring1-%d.unix", time.Now().UnixNano())) skt, err := net.Listen("unix", socketFN) @@ -371,11 +367,8 @@ var ring1Cmd = &cobra.Command{ defer skt.Close() var ( - cloneFlags uintptr = syscall.CLONE_NEWNS | syscall.CLONE_NEWPID + cloneFlags uintptr = syscall.CLONE_NEWNS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET ) - if wrapNetns { - cloneFlags = cloneFlags | syscall.CLONE_NEWNET - } cmd := exec.Command("/proc/self/exe", "ring2", socketFN) cmd.SysProcAttr = &syscall.SysProcAttr{ @@ -463,30 +456,28 @@ var ring1Cmd = &cobra.Command{ return } - if wrapNetns { - slirpCmd := exec.Command(filepath.Join(filepath.Dir(ring2Opts.SupervisorPath), "slirp4netns"), - "--configure", - "--mtu=65520", - "--disable-host-loopback", - "--api-socket", slirp4netnsSocket, - strconv.Itoa(cmd.Process.Pid), - "tap0", - ) - slirpCmd.SysProcAttr = &syscall.SysProcAttr{ - Pdeathsig: syscall.SIGKILL, - } - slirpCmd.Stdin = os.Stdin - slirpCmd.Stdout = os.Stdout - slirpCmd.Stderr = os.Stderr + slirpCmd := exec.Command(filepath.Join(filepath.Dir(ring2Opts.SupervisorPath), "slirp4netns"), + "--configure", + "--mtu=65520", + "--disable-host-loopback", + "--api-socket", slirp4netnsSocket, + strconv.Itoa(cmd.Process.Pid), + "tap0", + ) + slirpCmd.SysProcAttr = &syscall.SysProcAttr{ + Pdeathsig: syscall.SIGKILL, + } + slirpCmd.Stdin = os.Stdin + slirpCmd.Stdout = os.Stdout + slirpCmd.Stderr = os.Stderr - err = slirpCmd.Start() - if err != nil { - log.WithError(err).Error("cannot start slirp4netns") - return - } - //nolint:errcheck - defer slirpCmd.Process.Kill() + err = slirpCmd.Start() + if err != nil { + log.WithError(err).Error("cannot start slirp4netns") + return } + //nolint:errcheck + defer slirpCmd.Process.Kill() log.Info("signaling to child process") _, err = msgutil.MarshalToWriter(ring2Conn, ringSyncMsg{