New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
runtime-rs: fix interoperability issues between runtime-rs and cri-o #8986
runtime-rs: fix interoperability issues between runtime-rs and cri-o #8986
Conversation
@littlejawa @gkurz @fidencio please take a look |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks @pmores !
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks @pmores !
nit: in the commit message of your second commit: |
cd5f960
to
d03c916
Compare
It appears that under the shim v2 protocol, a shim has no use of its own for the -address value, it just passes it back to container runtime's (mostly containerd or cri-o) event-publishing binary. Since the -address value only flows through the shim, being passed to the shim by a container runtime and then essentially passed back by shim to the container runtime, it seems inappropriate for a shim to validate the value that is fully owned and only used by the container runtime. This commit removes such validation from runtime-rs. Doing so, it solves (part of) an interoperability problem between runtime-rs and cri-o. cri-o seems to intentionally choose not to implement the event-publishing part of the shim v2 protocol and thus it has no value it could pass to runtime-rs for -address. As a result, it sends an empty string which has been failing the excessive validation performed by runtime-rs so far. Signed-off-by: Pavel Mores <pmores@redhat.com>
d03c916
to
e0afbee
Compare
Pushed a new version to address flaws pointed out above, including the tests to stand a chance of CI passing. |
/test |
@studychao @amshinde @justxuewei this PR already has 2 approvals and CI passed but I'd still like to hear from you and make sure this won't break the runtime-rs experience with containerd. My current goal is to merge this tomorrow. Please provide feeback ASAP. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but one small nit
For what it's worth, I launch runtime-rs both from cri-o and containerd and haven't run into any problems as far as I can tell. |
Since cri-o doesn't seem to use address for event publishing as mentioned in the previous commit it will not send it. However, the exact way of not sending it is unfortunately different from what is assumed by runtime-rs. Due to an implementation detail of cri-o which uses containerd libraries for some low-level tasks, TTRPC_ADDRESS will not be missing from environment as assumed, instead it will be present with an empty value. This commit contains a small adjustment to account for that and use LogForwarder even if TTRPC_ADDRESS is present, but with an empty value. Fixes kata-containers#8985 Signed-off-by: Pavel Mores <pmores@redhat.com>
e0afbee
to
6346e04
Compare
Thanks @pmores. The motivations behind my question are:
|
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lgtm, thanks!
/retest-arm-unit |
runtime-rs cannot currently be launched by cri-o since cri-o passes an empty value for -address which runtime-rs incorrectly rejects due to an excessive -address value validation. This PR fixes this along with a different but related problem of incorrect handling of the shim v2 protocol
TTRPC_ADDRESS
environment variable.This also makes runtime-rs consistent with the go runtime which correctly tolerates an empty -address value passed by cri-o.
Thanks to @littlejawa for insights in cri-o implementation!