Add content for SCTP

[jboxman]

• https://issues.redhat.com/browse/OSDOCS-929

[openshift-docs-preview-bot]

The preview will be available shortly at:

• https://OSDOCS-929--ocpdocs.netlify.com/

[vishnoianil]

"you can load and enable blacklisted SCTP Kernel module"

[vishnoianil]

This command is to run the sctp server, we need example that shows how to launch deployment with one pod from where user can fire sctp client to connect to this server. @danwinship @trozet do you have instructions to start pod and run sctp sample application, otherwise i will dig into the ci tests to find something.

[weliang1]

I found a good example which can fire both sctp server pod and sctp client in https://bugzilla.redhat.com/show_bug.cgi?id=1796157, the configuration steps are from @fedepaol who can comment on this

[fedepaol]

The instructions on the bz are fine. They were for the default namespace but they can be modified to apply to a custom namespace.

[jboxman]

@vishnoianil @fedepaol

Should a customer install an image from quay.io? Or is there a different image that makes sense?

Should this be done in a different namespace than default?

Thanks!

[jboxman]

I asked @sferich888, and we can't use the quay.io image for this -- Is there a different way to validate that uses a Red Hat supported image?

[fedepaol]

Sorry for the late reply.
Just plain fedora is fine I think. It is what I used in the kba.

[fedepaol]

Or any other image that has installed lskctp-tools.

[jboxman]

@fedepaol, do you know how to find images that might include lskctp-tools? Fedora isn't permissible, either.

Could I just log in to a node and confirm sctp is loaded in by running lsmod?

[fedepaol]

@jboxman this needs to be changed I think. Once you have the server pod running, you need to spin up a new pod (client) to which you bash into and try to connect to the server (as described in https://bugzilla.redhat.com/show_bug.cgi?id=1796157 )
The pod description is the one named sctpclient. Client connection instructions in:
5. Connect to the client pod and launch sctp_test in client mode, using the server pod's address:

[jboxman]

@fedepaol, okay, I didn't realize a second Pod was still necessary for this.

[danwinship]

The docs don't expand "TCP" and "UDP", so I wouldn't expand "SCTP" either. People always just refer to it by the acronym. (I am sure that most of our customers who have demanded SCTP support could not actually tell you what "SCTP" stands for. I'm not sure I would have guessed correctly if I hadn't just read it... I might have gone with "Sequence" rather than "Stream"...)

[jboxman]

@danwinship, that makes sense; I may have been overzealous in expanding acronyms. But for SCTP, I think it may be valuable for search engine traffic.

[danwinship]

(We don't expand "IP" anywhere else in the docs either.)

The customers who actually need SCTP support already know exactly what it is, so it might be useful to aim this description at people who don't need SCTP support, to assure them that they don't need to care about it and can just skip this section. eg, maybe add something about "it is not widely used except in the telecom industry".

[jboxman]

@fedepaol, to get this merged for 4.4, I'm going to omit the verification steps for now and revisit them in a separate PR.

[fedepaol]

@fedepaol, to get this merged for 4.4, I'm going to omit the verification steps for now and revisit them in a separate PR.

Sorry I missed your reply. That is fine. Can you list what images are allowed? Ubi8 would be fine as well, but it is more tricky to get the subscription manager right from there.

[jboxman]

@fedepaol, images from https://catalog.redhat.com/software/containers/explore are okay.

[jboxman]

@openshift/team-documentation, this currently excludes modules/nw-sctp-verifying.adoc pending validation steps that are permissible to include.

[fedepaol]

@jboxman just did a quick try with ubi8 and it works.

Pod definition:

apiVersion: v1
kind: Pod
metadata:
  name: sctpserver
  labels:
    app: sctpserver
spec:
  containers:
    - name: sctpserver
      image: registry.access.redhat.com/ubi8/ubi
      command: ["/bin/sh", "-c"]
      args:
        ["dnf install -y lksctp-tools && sctp_test -H localhost -P 30100 -l"]
      ports:
        - containerPort: 30100
          name: sctpserver
          protocol: SCTP

[sferich888]

Is lkctp-tools in the ubi repo? If not the dnf install will fail.
@xltian do we have a test case for this?

[fedepaol]

Is lkctp-tools in the ubi repo? If not the dnf install will fail.
@xltian do we have a test case for this?

@sferich888 I tried that pod before posting it.

[fedepaol]

Pod logs:

oc logs sctpserver
Updating Subscription Management repositories.
Unable to read consumer identity
Subscription Manager is operating in container mode.
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Red Hat Universal Base Image 8 (RPMs) - BaseOS  145 kB/s | 761 kB     00:05    
Red Hat Universal Base Image 8 (RPMs) - AppStre 6.3 MB/s | 3.4 MB     00:00    
Red Hat Universal Base Image 8 (RPMs) - CodeRea  63 kB/s | 9.1 kB     00:00    
Dependencies resolved.
================================================================================
 Package            Architecture Version               Repository          Size
================================================================================
Installing:
 lksctp-tools       x86_64       1.0.18-3.el8          ubi-8-baseos       100 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 100 k
Installed size: 251 k
Downloading Packages:
lksctp-tools-1.0.18-3.el8.x86_64.rpm            831 kB/s | 100 kB     00:00    
--------------------------------------------------------------------------------
Total                                           816 kB/s | 100 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : lksctp-tools-1.0.18-3.el8.x86_64                       1/1 
  Running scriptlet: lksctp-tools-1.0.18-3.el8.x86_64                       1/1 
  Verifying        : lksctp-tools-1.0.18-3.el8.x86_64                       1/1 
Installed products updated.

Installed:
  lksctp-tools-1.0.18-3.el8.x86_64                                              

Complete!
local:addr=::1, port=rwp, family=10
seed = 1585034107

Starting tests...
	socket(SOCK_SEQPACKET, IPPROTO_SCTP)  ->  sk=3
	bind(sk=3, [a:::1,p:rwp])  --  attempt 1/10
	listen(sk=3,backlog=100)
Server: Receiving packets.
	recvmsg(sk=3) %                                 

[fedepaol]

So, together with @weliang1 we had some fun in debugging sctp_tool not working.
Looks like the latest version is not working, whereas for example nc is.

For this reason, I think the following are more suitable for docs:

kind: Pod
metadata:
  name: sctpclient
  labels:
    app: sctpclient
spec:
  containers:
    - name: sctpclient
      image: registry.access.redhat.com/ubi8/ubi
      command: ["/bin/sh", "-c"]
      args:
        ["dnf install -y nc && sleep inf"]

apiVersion: v1
kind: Pod
metadata:
  name: sctpserver
  labels:
    app: sctpserver
spec:
  containers:
    - name: sctpserver
      image: registry.access.redhat.com/ubi8/ubi
      command: ["/bin/sh", "-c"]
      args:
        ["dnf install -y nc && sleep inf"]
      ports:
        - containerPort: 30102
          name: sctpserver
          protocol: SCTP

apiVersion: v1
kind: Service
metadata:
  name: sctpservice
  labels:
    app: sctpserver
spec:
  type: NodePort
  selector:
    app: sctpserver
  ports:
    - name: sctpserver
      protocol: SCTP
      port: 30102
      targetPort: 30102

Together with using nc:

On client side:
nc 10.129.2.24 30102 --sctp

On server side:
nc -l 30102 --sctp

[jboxman]

@fedepaol, thanks, I'll make those changes.

[jboxman]

@fedepaol @weliang1

I've made the suggested changes; How does it look now? Thanks for your patience!

[jboxman]

@weliang1, I updated the PR with your suggestions. Thanks!

[weliang1]

/LGTM

[kalexand-rh]

Just a few picks and questions, and it LGTM.

[kalexand-rh]

On {op-system-first},

Can you add a little more context about why it's blacklisted or what that means for the user?

[jboxman]

@kalexand-rh, it's due to an oversight. Perhaps blacklisted is too harsh. (Although that's the technical term, as the kernel cannot load the SCTP module until it is removed from the blacklist.) Not sure how to diplomatically say "sorry, our bad."

Could say

On {op-system-first}, the SCTP module is disabled by default.

[kalexand-rh]

Is the nc package available by default to RHEL? Support's filed several tickets asking that I purge 'jq' commands from the collection because the package isn't always available, so it might be worth checking before we publish this method.

[jboxman]

@kalexand-rh, I wondered that myself. The UBI image used for the verification pods includes nc.

[openshift-ci-robot]

New changes are detected. LGTM label has been removed.

[jboxman]

/cherry-pick enterprise-4.4

[openshift-cherrypick-robot]

@jboxman: new pull request created: #21237

Details

In response to this:

/cherry-pick enterprise-4.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.