From: Ilya Maximets <i.maximets@ovn.org>
To: "Marc-André Lureau" <marcandre.lureau@gmail.com>,
"Ilya Maximets" <i.maximets@ovn.org>
Cc: Stefan Hajnoczi <stefanha@redhat.com>,
Maxime Coquelin <maxime.coquelin@redhat.com>,
Chenbo Xia <chenbo.xia@intel.com>,
dev@dpdk.org, Adrian Moreno <amorenoz@redhat.com>,
Julia Suvorova <jusual@redhat.com>,
Daniel Berrange <berrange@redhat.com>
Subject: Re: [dpdk-dev] [RFC 0/4] SocketPair Broker support for vhost and virtio-user.
Date: Fri, 19 Mar 2021 12:25:52 +0100 [thread overview]
Message-ID: <93ab22c3-0fe6-39af-d559-be60a96a53a0@ovn.org> (raw)
In-Reply-To: <CAJ+F1CKJ0oVw3-9WbaQPXBdUn34DQ0i=x2hL53QySxC8E9=mNw@mail.gmail.com>
On 3/19/21 9:51 AM, Marc-André Lureau wrote:
> Hi
>
> On Thu, Mar 18, 2021 at 11:47 PM Ilya Maximets <i.maximets@ovn.org <mailto:i.maximets@ovn.org>> wrote:
>
> On 3/18/21 6:52 PM, Stefan Hajnoczi wrote:
> > On Wed, Mar 17, 2021 at 09:25:26PM +0100, Ilya Maximets wrote:
> > Hi,
> > Some questions to understand the problems that SocketPair Broker solves:
> >
> >> Even more configuration tricks required in order to share some sockets
> >> between different containers and not only with the host, e.g. to
> >> create service chains.
> >
> > How does SocketPair Broker solve this? I guess the idea is that
> > SocketPair Broker must be started before other containers. That way
> > applications don't need to sleep and reconnect when a socket isn't
> > available yet.
> >
> > On the other hand, the SocketPair Broker might be unavailable (OOM
> > killer, crash, etc), so applications still need to sleep and reconnect
> > to the broker itself. I'm not sure the problem has actually been solved
> > unless there is a reason why the broker is always guaranteed to be
> > available?
>
> Hi, Stefan. Thanks for your feedback!
>
> The idea is to have the SocketPair Broker running right from the
> boot of the host. If it will use a systemd socket-based service
> activation, the socket should persist while systemd is alive, IIUC.
> OOM, crash and restart of the broker should not affect existence
> of the socket and systemd will spawn a service if it's not running
> for any reason without loosing incoming connections.
>
>
> Since the solution relies on systemd, why not use DBus to perform authentication, service discovery and setup the socketpair between peers? You don't need an extra service broker in this case.
>
> When the org.foo service shows up, call org.foo.Connect() to return the fd of the client end (or throw an error etc)
Yes, that's a possible solution. And I even thought about running
SocketPair Broker as a dbus service (it's in a 'todo' list with
a question mark). However, there are few issues with DBus-based
solution:
1. I'd like to not bind the solution to systemd just because it's
not always required. There are cases where you don't really
need a persistent and never-changing socket file. For example,
dpdk implementation for vhost and virtio-user in this patch set
will work just fine, i.e. will re-connect as soon as socket is
available.
Also, socket-based activation is a cool feature, but it's not the
only solution on how to make socket file appear before starting
a certain application.
2. It should be easier for a developer of an existing client-server
application to just use a different socket in compare to learning
how to use DBus and how to integrate it into application.
Especially, it's much easier to use another socket if they want
to keep traditional way of connection as alternative to connection
with a SocketPair Broker.
3. Unclear security implication. I tried to research how to use
host DBus from the container and I didn't find a good convenient
way to do that. Please, point me to a correct documentation if
I missed something. Solution that I managed to google includes
mounting of a /run/user/<user-id> or dbus sessions directory into
the container and copying a dbus configuration files.
Some articles also points out that communication is only possible
from a privileged containers. To be clear, I know very little
about DBus, so any pointers on how to use it in a convenient way
from the inside of a container will be appreciated.
>
> I don't think establishing socketpair connection between process peers sharing some ID, without any other context, is going to be so useful. The relation is usually not symmetrical, and you usually have associated setup/configuration details.
There is an "operation mode" that user can specify in a GET_PAIR
request to the SocketPair Broker. It might be NONE, CLIENT or
SERVER. Broker will pair users that provided NONE together as
they likely want to have a symmetrical connection. And it will
pair users that declared themselves as CLIENTs with users that
specified SEVER. This is to ensure that in asymmetrical connections
there will be no two "clients" or two "servers".
See:
https://github.com/igsilya/one-socket/blob/main/doc/socketpair-broker-proto-spec.rst
If you have any idea what else could be added to the protocol to
make it better, I'd love to hear.
Best regards, Ilya Maximets.
next prev parent reply other threads:[~2021-03-19 11:25 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-17 20:25 Ilya Maximets
2021-03-17 20:25 ` [dpdk-dev] [PATCH 1/4] net/virtio: fix interrupt unregistering for listening socket Ilya Maximets
2021-03-25 8:32 ` Maxime Coquelin
2021-04-07 7:21 ` Xia, Chenbo
2021-03-17 20:25 ` [dpdk-dev] [RFC 2/4] vhost: add support for SocketPair Broker Ilya Maximets
2021-03-17 20:25 ` [dpdk-dev] [RFC 3/4] net/vhost: " Ilya Maximets
2021-03-17 20:25 ` [dpdk-dev] [RFC 4/4] net/virtio: " Ilya Maximets
2021-03-18 17:52 ` [dpdk-dev] [RFC 0/4] SocketPair Broker support for vhost and virtio-user Stefan Hajnoczi
2021-03-18 19:47 ` Ilya Maximets
2021-03-18 20:14 ` Ilya Maximets
2021-03-19 14:16 ` Stefan Hajnoczi
2021-03-19 15:37 ` Ilya Maximets
2021-03-19 16:01 ` Stefan Hajnoczi
2021-03-19 16:02 ` Marc-André Lureau
2021-03-19 8:51 ` Marc-André Lureau
2021-03-19 11:25 ` Ilya Maximets [this message]
2021-03-19 14:05 ` Stefan Hajnoczi
2021-03-19 15:29 ` Ilya Maximets
2021-03-19 17:21 ` Stefan Hajnoczi
2021-03-23 17:57 ` Adrian Moreno
2021-03-23 18:27 ` Ilya Maximets
2021-03-23 20:54 ` Billy McFall
2021-03-24 12:05 ` Stefan Hajnoczi
2021-03-24 13:11 ` Ilya Maximets
2021-03-24 15:07 ` Stefan Hajnoczi
2021-03-25 9:35 ` Stefan Hajnoczi
2021-03-25 11:00 ` Ilya Maximets
2021-03-25 16:43 ` Stefan Hajnoczi
2021-03-25 17:58 ` Ilya Maximets
2021-03-30 15:01 ` Stefan Hajnoczi
2021-03-19 14:39 ` Stefan Hajnoczi
2021-03-19 16:11 ` Ilya Maximets
2021-03-19 16:45 ` Ilya Maximets
2021-03-24 20:56 ` Maxime Coquelin
2021-03-24 21:39 ` Ilya Maximets
2021-03-24 21:51 ` Maxime Coquelin
2021-03-24 22:17 ` Ilya Maximets
2023-06-30 3:45 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=93ab22c3-0fe6-39af-d559-be60a96a53a0@ovn.org \
--to=i.maximets@ovn.org \
--cc=amorenoz@redhat.com \
--cc=berrange@redhat.com \
--cc=chenbo.xia@intel.com \
--cc=dev@dpdk.org \
--cc=jusual@redhat.com \
--cc=marcandre.lureau@gmail.com \
--cc=maxime.coquelin@redhat.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).