this commit fixes a potential race condition that prevented the tests to succeed
when running in a github workflow.
Basically the thread id was not actually available before
writing it on the file, resulting in a thread id equals to 0 written in it.
So, when the tests were trying to retrieve the thread id to use it to send
the WM_QUIT signal, they failed.
This patch adds a check on the thread id before writing
it on the file. Now, if the thread id is 0, it keeps calling winquit to
retrieve it. If, after 10 secs, there is no success it returns an error.
Signed-off-by: lstocchi <lstocchi@redhat.com>
The previous fix was not working as expected, as the ssh go code will
close the underlying connection when there's a failure.
This was causing the retries for CreateBastion() to fail, as after the
first failure it would try to use a closed connection.
This commit recreates the connection each time before calling
CreateBastion() to fix this. This also simplifies the code.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
When using podman-machine with applehv, sometimes gvproxy would die
shortly after being started.
The following happens:
- podman starts gvproxy with --listen-vfkit
- gvproxy starts and waits for vfkit to create a network connection
- podman starts vfkit
- vfkit creates the VM and connects to gvproxy
- gvproxy resumes its execution, and tries to create the ssh forwards
podman asked for on the command line
- gvproxy fails to create the ssh forward and exits
This happens because setupProxy fails in (*Bastion).reconnect with
"ssh: handshake failed: EOF". This is related to
https://www.man7.org/linux/man-pages/man8/systemd-user-sessions.8.html
even if it's possible to create a TCP connection to the ssh port,
sshd/pam won't necessarily allow you to connect at the ssh level.
This commit fixes this bug by adding a retry to the calls to
CreateBastion() to complement the retries already present in
initialConnection().
CreateBastion now returns *Bastion instead of Bastion as the latter type
is not `comparable` which is required by the generic `retry` function.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
initialConnection retries multiple times to establish the TCP connection
which will be used for ssh communication.
This commit adds a generic helper to handle the retry which will be
useful in the next commits.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Some channel/connection implementations may signal EOF to parallel
readers before tasks related to the CloseWrite (shutdown) have
completed progressing. This creates the potential for a race with
a parallel Close(), leading to a premature abort of certain activies
(cancelling the send of buffered data).
This change ensures that the two goroutines copying each direction
of the stream wait until CloseWrite has completed in both directions
before fully closing.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
With this PR expose API can handle npipe as a protocol which is used
in windows to expose socket to named pipe.
Following is now working. (Tested with CRC)
```
--- captured from the VM ---
$ curl http://host.crc.testing:7777/services/forwarder/all | jq .
[
{
"local": "127.0.0.1:2222",
"remote": "192.168.127.2:22",
"protocol": "tcp"
},
{
"local": "127.0.0.1:9090",
"remote": "192.168.127.2:9090",
"protocol": "tcp"
},
{
"local": "\\\\.\\pipe\\crc-podman",
"remote": "ssh-tunnel://core@192.168.127.2:22/run/podman/podman.sock?key=C%3A%5CUsers%5Cprkumar%5C.crc%5Cmachines%5Ccrc%5Cid_ecdsa",
"protocol": "npipe"
}
]
\\.\pipe\crc-http - - [23/Feb/2022:10:38:20 +0530] "POST
/network/services/forwarder/expose HTTP/1.1" 200 0
INFO Listening on: \\.\pipe\crc-podman
> $Env:DOCKER_HOST = "npipe:////./pipe/crc-podman"
> .\docker.exe info
Client:
Context: default
Debug Mode: false
Server:
Containers: 1
Running: 1
Paused: 0
Server Version: 3.4.4
Storage Driver: overlay
Backing Filesystem: xfs
Supports d_type: true
```
Signed-off-by: Praveen Kumar <kumarpraveen.nitdgp@gmail.com>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Also:
- Introduce cleanup mechanism for unexpose
- Minor enhancement to bastion/forwarder to support tunnel only operation
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
