Merge pull request #1725 from Starnop/cri-stream-manager

refactor: Extract stream manager as the public part

Author: allencloud

cri/stream/config.go

@@ -0,0 +1,54 @@
+package stream
+
+import (
+	"net/url"
+	"time"
+
+	"github.com/alibaba/pouch/cri/stream/constant"
+)
+
+// Keep these constants consistent with the peers in official package:
+// k8s.io/kubernetes/pkg/kubelet/server.
+const (
+	// DefaultStreamIdleTimeout is the timeout for idle stream.
+	DefaultStreamIdleTimeout = 4 * time.Hour
+
+	// DefaultStreamCreationTimeout is the timeout for stream creation.
+	DefaultStreamCreationTimeout = 30 * time.Second
+)
+
+// TODO: StreamProtocolV2Name, StreamProtocolV3Name, StreamProtocolV4Name support.
+
+// SupportedStreamingProtocols is the streaming protocols which server supports.
+var SupportedStreamingProtocols = []string{constant.StreamProtocolV1Name, constant.StreamProtocolV2Name}
+
+// SupportedPortForwardProtocols is the portforward protocols which server supports.
+var SupportedPortForwardProtocols = []string{constant.PortForwardProtocolV1Name}
+
+// Config defines the options used for running the stream server.
+type Config struct {
+	// Address is the addr:port address the server will listen on.
+	Address string
+
+	// BaseURL is the optional base URL for constructing streaming URLs.
+	// If empty, the baseURL will be constructed from the serve address.
+	BaseURL *url.URL
+
+	// StreamIdleTimeout is how long to leave idle connections open for.
+	StreamIdleTimeout time.Duration
+	// StreamCreationTimeout is how long to wait for clients to create streams. Only used for SPDY streaming.
+	StreamCreationTimeout time.Duration
+
+	// SupportedStreamingProtocols is the streaming protocols which server supports.
+	SupportedRemoteCommandProtocols []string
+	// SupportedPortForwardProtocol is the portforward protocols which server supports.
+	SupportedPortForwardProtocols []string
+}
+
+// DefaultConfig provides default values for server Config.
+var DefaultConfig = Config{
+	StreamIdleTimeout:               DefaultStreamIdleTimeout,
+	StreamCreationTimeout:           DefaultStreamCreationTimeout,
+	SupportedRemoteCommandProtocols: SupportedStreamingProtocols,
+	SupportedPortForwardProtocols:   SupportedPortForwardProtocols,
+}

cri/stream/portforward/httpstream.go

@@ -1,6 +1,7 @@
 package portforward
 
 import (
+	gocontext "context"
 	"fmt"
 	"net/http"
 	"strconv"
@@ -48,7 +49,7 @@ func httpStreamReceived(streams chan httpstream.Stream) func(httpstream.Stream,
 	}
 }
 
-func handleHTTPStreams(w http.ResponseWriter, req *http.Request, portForwarder PortForwarder, podName string, idleTimeout, streamCreationTimeout time.Duration, supportedPortForwardProtocols []string) error {
+func handleHTTPStreams(goctx gocontext.Context, w http.ResponseWriter, req *http.Request, portForwarder PortForwarder, podName string, idleTimeout, streamCreationTimeout time.Duration, supportedPortForwardProtocols []string) error {
 	_, err := httpstream.Handshake(w, req, supportedPortForwardProtocols)
 	// Negotiated protocol isn't currently used server side, but could be in the future.
 	if err != nil {
@@ -76,7 +77,7 @@ func handleHTTPStreams(w http.ResponseWriter, req *http.Request, portForwarder P
 		pod:       podName,
 		forwarder: portForwarder,
 	}
-	h.run()
+	h.run(goctx)
 
 	return nil
 }
@@ -150,7 +151,7 @@ func (h *httpStreamHandler) requestID(stream httpstream.Stream) string {
 // run is the main loop for the httpStreamHandler. It process new streams,
 // invoking portForward for each complete stream pair. The loop exits
 // when the httpstream.Connection is closed.
-func (h *httpStreamHandler) run() {
+func (h *httpStreamHandler) run(goctx gocontext.Context) {
 	logrus.Infof("(conn=%p) waiting for port forward streams", h.conn)
 
 	for {
@@ -171,23 +172,23 @@ func (h *httpStreamHandler) run() {
 				msg := fmt.Sprintf("error processing stream for request %s: %v", requestID, err)
 				p.printError(msg)
 			} else if complete {
-				go h.portForward(p)
+				go h.portForward(goctx, p)
 			}
 		}
 	}
 }
 
 // portForward invokes the httpStreamHandler's forwarder.PortForward
 // function for the given stream pair.
-func (h *httpStreamHandler) portForward(p *httpStreamPair) {
+func (h *httpStreamHandler) portForward(goctx gocontext.Context, p *httpStreamPair) {
 	defer p.dataStream.Close()
 	defer p.errorStream.Close()
 
 	portString := p.dataStream.Headers().Get(constant.PortHeader)
 	port, _ := strconv.ParseInt(portString, 10, 32)
 
 	logrus.Infof("(conn=%p, request=%s) invoking forwarder.PortForward for port %s", h.conn, p.requestID, portString)
-	err := h.forwarder.PortForward(h.pod, int32(port), p.dataStream)
+	err := h.forwarder.PortForward(goctx, h.pod, int32(port), p.dataStream)
 	logrus.Infof("(conn=%p, request=%s) done invoking forwarder.PortForward for port %s", h.conn, p.requestID, portString)
 
 	if err != nil {

cri/stream/portforward/portforward.go

@@ -1,6 +1,7 @@
 package portforward
 
 import (
+	gocontext "context"
 	"io"
 	"net/http"
 	"time"
@@ -12,17 +13,17 @@ import (
 // in a pod.
 type PortForwarder interface {
 	// PortForwarder copies data between a data stream and a port in a pod.
-	PortForward(name string, port int32, stream io.ReadWriteCloser) error
+	PortForward(goctx gocontext.Context, name string, port int32, stream io.ReadWriteCloser) error
 }
 
 // ServePortForward handles a port forwarding request. A single request is
 // kept alive as long as the client is still alive and the connection has not
 // been timed out due to idleness. This function handles multiple forwarded
 // connections; i.e., multiple `curl http://localhost:8888/` requests will be
 // handled by a single invocation of ServePortForward.
-func ServePortForward(w http.ResponseWriter, req *http.Request, portForwarder PortForwarder, podName string, idleTimeout time.Duration, streamCreationTimeout time.Duration, supportedProtocols []string) {
+func ServePortForward(goctx gocontext.Context, w http.ResponseWriter, req *http.Request, portForwarder PortForwarder, podName string, idleTimeout time.Duration, streamCreationTimeout time.Duration, supportedProtocols []string) {
 	// TODO: support web socket stream.
-	err := handleHTTPStreams(w, req, portForwarder, podName, idleTimeout, streamCreationTimeout, supportedProtocols)
+	err := handleHTTPStreams(goctx, w, req, portForwarder, podName, idleTimeout, streamCreationTimeout, supportedProtocols)
 	if err != nil {
 		logrus.Errorf("failed to serve port forward: %v", err)
 		return

cri/stream/remotecommand/attach.go

@@ -1,6 +1,7 @@
 package remotecommand
 
 import (
+	gocontext "context"
 	"fmt"
 	"net/http"
 	"time"
@@ -9,20 +10,20 @@ import (
 // Attacher knows how to attach a running container in a pod.
 type Attacher interface {
 	// Attach attaches to the running container in the pod.
-	Attach(containerID string, streamOpts *Options, streams *Streams) error
+	Attach(goctx gocontext.Context, containerID string, streamOpts *Options, streams *Streams) error
 }
 
 // ServeAttach handles requests to attach to a container. After creating/receiving the required
 // streams, it delegates the actual attaching to attacher.
-func ServeAttach(w http.ResponseWriter, req *http.Request, attacher Attacher, container string, streamOpts *Options, idleTimeout, streamCreationTimeout time.Duration, supportedProtocols []string) {
+func ServeAttach(goctx gocontext.Context, w http.ResponseWriter, req *http.Request, attacher Attacher, container string, streamOpts *Options, idleTimeout, streamCreationTimeout time.Duration, supportedProtocols []string) {
 	ctx, ok := createStreams(w, req, streamOpts, supportedProtocols, idleTimeout, streamCreationTimeout)
 	if !ok {
 		// Error is handled by createStreams.
 		return
 	}
 	defer ctx.conn.Close()
 
-	err := attacher.Attach(container, streamOpts, &Streams{
+	err := attacher.Attach(goctx, container, streamOpts, &Streams{
 		StreamCh:     make(chan struct{}, 1),
 		StdinStream:  ctx.stdinStream,
 		StdoutStream: ctx.stdoutStream,

cri/stream/remotecommand/exec.go

@@ -1,6 +1,7 @@
 package remotecommand
 
 import (
+	gocontext "context"
 	"fmt"
 	"net/http"
 	"time"
@@ -9,21 +10,21 @@ import (
 // Executor knows how to execute a command in a container of the pod.
 type Executor interface {
 	// Exec executes a command in a container of the pod.
-	Exec(containerID string, cmd []string, streamOpts *Options, streams *Streams) (uint32, error)
+	Exec(goctx gocontext.Context, containerID string, cmd []string, streamOpts *Options, streams *Streams) (uint32, error)
 }
 
 // ServeExec handles requests to execute a command in a container. After
 // creating/receiving the required streams, it delegates the actual execution
 // to the executor.
-func ServeExec(w http.ResponseWriter, req *http.Request, executor Executor, container string, cmd []string, streamOpts *Options, supportedProtocols []string, idleTimeout time.Duration, streamCreationTimeout time.Duration) {
+func ServeExec(goctx gocontext.Context, w http.ResponseWriter, req *http.Request, executor Executor, container string, cmd []string, streamOpts *Options, supportedProtocols []string, idleTimeout time.Duration, streamCreationTimeout time.Duration) {
 	ctx, ok := createStreams(w, req, streamOpts, supportedProtocols, idleTimeout, streamCreationTimeout)
 	if !ok {
 		// Error is handled by createStreams.
 		return
 	}
 	defer ctx.conn.Close()
 
-	exitCode, err := executor.Exec(container, cmd, streamOpts, &Streams{
+	exitCode, err := executor.Exec(goctx, container, cmd, streamOpts, &Streams{
 		StdinStream:  ctx.stdinStream,
 		StdoutStream: ctx.stdoutStream,
 		StderrStream: ctx.stderrStream,

cri/stream/runtime.go

@@ -0,0 +1,162 @@
+package stream
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"os/exec"
+	"strings"
+	"time"
+
+	apitypes "github.com/alibaba/pouch/apis/types"
+	"github.com/alibaba/pouch/cri/stream/remotecommand"
+	"github.com/alibaba/pouch/daemon/mgr"
+
+	"github.com/sirupsen/logrus"
+)
+
+// Runtime is the interface to execute the commands and provide the streams.
+type Runtime interface {
+	// Exec executes the command in pod.
+	Exec(ctx context.Context, containerID string, cmd []string, streamOpts *remotecommand.Options, streams *remotecommand.Streams) (uint32, error)
+
+	// Attach attaches to pod.
+	Attach(ctx context.Context, containerID string, streamOpts *remotecommand.Options, streams *remotecommand.Streams) error
+
+	// PortForward forward port to pod.
+	PortForward(ctx context.Context, name string, port int32, stream io.ReadWriteCloser) error
+}
+
+type streamRuntime struct {
+	containerMgr mgr.ContainerMgr
+}
+
+// NewStreamRuntime creates a brand new stream runtime.
+func NewStreamRuntime(ctrMgr mgr.ContainerMgr) Runtime {
+	return &streamRuntime{containerMgr: ctrMgr}
+}
+
+// Exec executes a command inside the container.
+func (s *streamRuntime) Exec(ctx context.Context, containerID string, cmd []string, streamOpts *remotecommand.Options, streams *remotecommand.Streams) (uint32, error) {
+	createConfig := &apitypes.ExecCreateConfig{
+		Cmd:          cmd,
+		AttachStdin:  streamOpts.Stdin,
+		AttachStdout: streamOpts.Stdout,
+		AttachStderr: streamOpts.Stderr,
+		Tty:          streamOpts.TTY,
+	}
+
+	execid, err := s.containerMgr.CreateExec(ctx, containerID, createConfig)
+	if err != nil {
+		return 0, fmt.Errorf("failed to create exec for container %q: %v", containerID, err)
+	}
+
+	attachConfig := &mgr.AttachConfig{
+		Streams:     streams,
+		MuxDisabled: true,
+	}
+
+	err = s.containerMgr.StartExec(ctx, execid, attachConfig)
+	if err != nil {
+		return 0, fmt.Errorf("failed to start exec for container %q: %v", containerID, err)
+	}
+
+	// TODO Find a better way instead of the dead loop
+	var ei *apitypes.ContainerExecInspect
+	for {
+		ei, err = s.containerMgr.InspectExec(ctx, execid)
+		if err != nil {
+			return 0, fmt.Errorf("failed to inspect exec for container %q: %v", containerID, err)
+		}
+		// Loop until exec finished.
+		if !ei.Running {
+			break
+		}
+		time.Sleep(100 * time.Millisecond)
+	}
+
+	return uint32(ei.ExitCode), nil
+}
+
+// Attach attaches to a running container.
+func (s *streamRuntime) Attach(ctx context.Context, containerID string, streamOpts *remotecommand.Options, streams *remotecommand.Streams) error {
+	attachConfig := &mgr.AttachConfig{
+		Stdin:   streamOpts.Stdin,
+		Stdout:  streamOpts.Stdout,
+		Stderr:  streamOpts.Stderr,
+		Streams: streams,
+	}
+
+	err := s.containerMgr.Attach(ctx, containerID, attachConfig)
+	if err != nil {
+		return fmt.Errorf("failed to attach to container %q: %v", containerID, err)
+	}
+
+	<-streams.StreamCh
+
+	return nil
+}
+
+// PortForward forwards ports from a PodSandbox.
+func (s *streamRuntime) PortForward(ctx context.Context, id string, port int32, stream io.ReadWriteCloser) error {
+	sandbox, err := s.containerMgr.Get(ctx, id)
+	if err != nil {
+		return fmt.Errorf("failed to get metadata of sandbox %q: %v", id, err)
+	}
+	pid := sandbox.State.Pid
+
+	socat, err := exec.LookPath("socat")
+	if err != nil {
+		return fmt.Errorf("failed to find socat: %v", err)
+	}
+
+	// Check following links for meaning of the options:
+	// * socat: https://linux.die.net/man/1/socat
+	// * nsenter: http://man7.org/linux/man-pages/man1/nsenter.1.html
+	args := []string{"-t", fmt.Sprintf("%d", pid), "-n", socat,
+		"-", fmt.Sprintf("TCP4:localhost:%d", port)}
+
+	nsenter, err := exec.LookPath("nsenter")
+	if err != nil {
+		return fmt.Errorf("failed to find nsenter: %v", err)
+	}
+
+	logrus.Infof("Executing port forwarding command: %s %s", nsenter, strings.Join(args, " "))
+
+	cmd := exec.Command(nsenter, args...)
+	cmd.Stdout = stream
+
+	stderr := new(bytes.Buffer)
+	cmd.Stderr = stderr
+
+	// If we use Stdin, command.Run() won't return until the goroutine that's copying
+	// from stream finishes. Unfortunately, if you have a client like telnet connected
+	// via port forwarding, as long as the user's telnet client is connected to the user's
+	// local listener that port forwarding sets up, the telnet session never exits. This
+	// means that even if socat has finished running, command.Run() won't ever return
+	// (because the client still has the connection and stream open).
+	//
+	// The work around is to use StdinPipe(), as Wait() (called by Run()) closes the pipe
+	// when the command (socat) exits.
+	in, err := cmd.StdinPipe()
+	if err != nil {
+		return fmt.Errorf("failed to create stdin pipe: %v", err)
+	}
+	go func() {
+		if _, err := io.Copy(in, stream); err != nil {
+			logrus.Errorf("failed to copy port forward input for %q port %d: %v", id, port, err)
+		}
+		in.Close()
+		logrus.Infof("finish copy port forward input for %q port %d: %v", id, port, err)
+	}()
+
+	err = cmd.Run()
+	if err != nil {
+		return fmt.Errorf("nsenter command returns error: %v, stderr: %q", err, stderr.String())
+	}
+
+	logrus.Infof("finish port forwarding for %q port %d", id, port)
+
+	return nil
+}