Various improvements to the SNMP forwarding/proxying container setup #2637
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This ensures that the remote socat process is torn down when the
forwarding container exits. Before this change, the socat process would
linger forever, causing the forwarding port to stay bound forever on the
remote hop-host. Any subsequent attempts to restart the forwarding
container would just result in an error that looked like this:
```
socat[10092] E bind(5, {AF=2 0.0.0.0:10000}, 16): Address already in use
```
Using the `-tt` option to ssh forces SSH to allocate a pseudo-terminal,
even if the controlling process isn't attached to a real terminal.
Using the pseudo-terminal ensures that signals are propagated from the
ssh process to the socat process started on the remote, so when the SSH
session dies, socat will also.
We also drop the `-f` option, since that would cause the SSH process to
send the termination signal as soon as it forks and exits. This uses
the shell to background the ssh process instead.
This factors out the setup of the local socat tunnel to a function, backgrounds it and waits for all backgrounded processes to terminate.
This ensures the whole process group, and thereby the forwarding container itself, dies if any of the forwarding subprocesses exit. This should be a very explicit failure signal to the developer using this forwarding container.
It's nice to know what's going on, even if -x isn't used.
For some weird reason, my SSH connection will not be properly established unless I add an explicit ConnectTimout option.
This ensures a remote IPv6 SNMP agent can be reached also, even if the local address is still IPv4.
Rebuilding much of the docker image just because the shell script is changing is tiresome. This ensures the last thing that happpens is the copying of the shell script.
|
Kudos, SonarCloud Quality Gate passed!
|
Codecov Report
@@ Coverage Diff @@
## master #2637 +/- ##
=======================================
Coverage 54.52% 54.52%
=======================================
Files 558 558
Lines 40644 40644
=======================================
Hits 22160 22160
Misses 18484 18484 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The SNMP forwarder container setup had three main drawbacks that this PR aims to fix:
socatprocess on the hop-host was never terminated, keeping the forwarding port bound indefinitely, causing every subsequent attempt to start the forwarding container to fail with "address already in use" errors.Docs are also slighty updated to clarify on what host the problem resides when the "address already in use" error appears.