fix: Add used port check for publish flag #2190
Conversation
| @@ -1,3 +1,4 @@ | |||
| /* | |||
vsiravar
force-pushed
the
vsiravar/fix-2179
branch
from
8c29e4f to
ed7a153
Compare
pkg/portutil/portutil.go
Outdated
| if err != nil { | ||
| return nil, err | ||
| } | ||
| if usedPorts[startHostPort] { |
There was a problem hiding this comment.
why checking only startHostPort ? why not testing all the range ?
There was a problem hiding this comment.
Good point, updated.
| @@ -302,6 +302,50 @@ func TestUniqueHostPortAssignement(t *testing.T) { | |||
| } | |||
| } | |||
|
|
|||
| func TestHostPortAlreadyInUse(t *testing.T) { | |||
| if rootlessutil.IsRootless() { | |||
| t.Skip("Auto port assign is not supported rootless mode yet") | |||
There was a problem hiding this comment.
it is not an auto port assign here, we explicit set port, right ?
There was a problem hiding this comment.
Updated, it was leftover from copying code from TestUniqueHostPortAssignement.
vsiravar
force-pushed
the
vsiravar/fix-2179
branch
from
ed7a153 to
6dbac87
Compare
vsiravar
force-pushed
the
vsiravar/fix-2179
branch
3 times, most recently
from
879bea2 to
3442f88
Compare
| if protocol == "tcp" || protocol == "udp" { | ||
| netprocData, err := procnet.ReadStatsFileData(protocol) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| netprocItems = append(netprocItems, procnet.Parse(netprocData)...) | ||
| } |
There was a problem hiding this comment.
It appears that the SCTP protocol is currently unsupported, therefore no further processing is required.
There was a problem hiding this comment.
I could be wrong but from this line https://github.com/containerd/nerdctl/blob/main/pkg/portutil/portutil.go#L61, it seems like users could use sctp. There is also a test to check the parsing of sctp https://github.com/containerd/nerdctl/blob/main/pkg/portutil/portutil_test.go#L348.
There was a problem hiding this comment.
I only checkd in https://github.com/containerd/nerdctl/blob/main/pkg/portutil/procnet/procnet_linux.go#L38 , Let me check it.
There was a problem hiding this comment.
I carefully checked the code and did not find an implementation that supports the SCTP protocol. The line just supports parsing command line arguments.
There was a problem hiding this comment.
I carefully checked the code and did not find an implementation that supports the SCTP protocol. The line just supports parsing command line arguments.
Additionally there a unit test that checks the parsing of "sctp" https://github.com/containerd/nerdctl/blob/main/pkg/portutil/portutil_test.go#L348, so without the protocol check below, the unit test fails.
if protocol == "tcp" || protocol == "udp" {
netprocData, err := procnet.ReadStatsFileData(protocol)
if err != nil {
return nil, err
}
netprocItems = append(netprocItems, procnet.Parse(netprocData)...)
}
As a side note, if sctp is not supported then why do we support parsing it in the ParseFlagP ?
There was a problem hiding this comment.
I quickly checked, it looks like SCTP is not supported but it is but it is not blocking either. IMHO, we have to add a comment here to highlight this point ( It's misleading without a comment)
vsiravar
force-pushed
the
vsiravar/fix-2179
branch
from
3442f88 to
7c3703c
Compare
|
Test failed https://github.com/containerd/nerdctl/actions/runs/4814951537/jobs/8573169644?pr=2190#step:6:982 |
This is a test seems is testing |
|
Can you test this case locally? It seems different from what was expected? $ sudo nerdctl run -p 8080:80 --name=test -d nginx
7f4a2be3bd30eba9d9b5c45ea83213af9728fa456bd3b23783a3352282afc078
$ sudo nerdctl stop test
test
$ sudo nerdctl run -p 8080:80 -d nginx
FATA[0000] failed to load networking flags: bind for :8080 failed: port is already allocated |
pkg/portutil/port_allocate_linux.go
Outdated
| @@ -39,27 +39,60 @@ func filter(ss []procnet.NetworkDetail, filterFunc func(detail procnet.NetworkDe | |||
| } | |||
|
|
|||
| func portAllocate(protocol string, ip string, count uint64) (uint64, uint64, error) { | |||
| netprocData, err := procnet.ReadStatsFileData(protocol) | |||
| usedPort, err := getUsedPorts(ip, protocol) | |||
|
|
|||
There was a problem hiding this comment.
I don't quite understand this point? When the user does not specify the host port, we still want to bind an unused port from the host to the container port.
There was a problem hiding this comment.
My bad :(, updated.
| if protocol == "tcp" || protocol == "udp" { | ||
| netprocData, err := procnet.ReadStatsFileData(protocol) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| netprocItems = append(netprocItems, procnet.Parse(netprocData)...) | ||
| } |
There was a problem hiding this comment.
I quickly checked, it looks like SCTP is not supported but it is but it is not blocking either. IMHO, we have to add a comment here to highlight this point ( It's misleading without a comment)
| }, | ||
| { | ||
| hostPort: "5000", | ||
| containerPort: "80/udp", |
There was a problem hiding this comment.
may be adding a case for SCTP to controller support/behavior of SCTP
Not related. It is a flaky test |
|
@vsiravar Could you confirm this? |
Sorry I have been a bit busy. I will have all the comments addressed this weekend.
I think this is because nerdctl stop does not clean up the network unlike nerdctl remove . I can make a follow up PR to fix this, if it's the behavior we want. cc @junnplus Edit: Tagged Jun for feeback. |
vsiravar
force-pushed
the
vsiravar/fix-2179
branch
2 times, most recently
from
b86c6ba to
f63c2ba
Compare
vsiravar
force-pushed
the
vsiravar/fix-2179
branch
from
f63c2ba to
984ffc5
Compare
| } | ||
| } | ||
|
|
||
| func TestHostPortAlreadyInUseForSctp(t *testing.T) { |
There was a problem hiding this comment.
TestHostPortAlreadyInUseForSctp can simply be added as a case in TestHostPortAlreadyInUse
There was a problem hiding this comment.
Updated, note though that sctp does not work in rootless mode. Error message failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: time="2023-05-29T21:35:05Z" level=fatal msg="failed to expose ports in rootless mode: spec was not validated?".
There was a problem hiding this comment.
so, we have to skip the sctp case in rootless environnement
There was a problem hiding this comment.
so, we have to skip the sctp case in rootless environnement
Yeah I was just calling out the behavior, it's already skipped in this test in rootless mode
.
vsiravar
force-pushed
the
vsiravar/fix-2179
branch
2 times, most recently
from
eded758 to
aa8e13d
Compare
Signed-off-by: Vishwas Siravara <vsiravara@gmail.com>
vsiravar
force-pushed
the
vsiravar/fix-2179
branch
from
aa8e13d to
afd1cee
Compare
LGTM it is the |
|
@junnplus LGTY? |
I apologize for just seeing the new update, thank you for your hard work, I will review it this week. |
I concur with it, but hold reservations about merging this PR. I believe we should first have nerdctl stop manage the release of ports. The rest LGTM. |
cc vsiravar, could you please fix the |
Sure, I'll work on it in the next couple of weeks. |
Sure. I will have a PR out this week. Cheers! |
|
What's the current status of this? |
I think this PR is good. I am still working on the PR to fix the |
|
@junnplus PTAL |
|
Sorry, needs rebase |
|
We ran into the same issue with finch runfinch/finch#1333. @vsiravar I noticed this PR has the approvals but needs a rebase. Are you still working on this fix? |
|
@vsiravar please rebase this PR |
|
@swagatbora90 can you help take this forward. I'm not available this week. |
|
I have rebased and opened a new PR here #4097. |
Add check for used ports while allocating host port in
-p/--publishto make it compatible with docker.Fixes: #2179