Add an undocumented general "run with RPC service"#6675
Add an undocumented general "run with RPC service"#6675nalind wants to merge 1 commit intocontainers:mainfrom
Conversation
dosubot
bot
added
the
size:XL
|
/packit rebuild-failed |
Add an undocumented general "run this with an RPC service" command, which right now doesn't do much. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
Rebased. |
|
@nalind how will this be used? Do you already have any use case in mind? I am playing with something similar in container-libs/storage to allow copying a layer while preserving reflinks (containers/container-libs#651) and @cgwalters suggested json-rpc for that. Would it make sense to unify on the protocol (and dependencies)? @cgwalters would grpc work for composefs? |
|
IPC protocols, always a fun topic. Obviously a lot of usage of gRPC in the ecosystem, though https://github.com/containerd/ttrpc is notable - and particularly containerd/ttrpc#75 gRPC (like base json-rpc) doesn't have any defined way to pass fds, though I'm sure we could invent one as the containerd folks were trying. conmon-rs is using capnproto and then of course there's varlink for which I think systemd is still doing a lot with, but not sure about wider industry adoption. And DBus (which supports fd passing) but that's not cool anymore. Then of course we have REST for the Docker protocol as implemented by podman too... Of course json-rpc(+fdpass) doesn't have to be used for everything! One option is to negotiate its use over a side channel. (Though negotating that side channel is ugly in the general case, but I guess the simplest is "two fds", in a typical case probably each a socketpair()) Anyways I think whatever we do for a low level API in this space has to handle fd passing. |
|
I'm kind of just repeating bootc-dev/bootc#522 here - and it looks like that hyper bug with HTTP over unix domain is still unfixed 😢 Basically gRPC over non-TCP|UDP is just not widely used (because really HTTP-over-non-IP is not widely used) But it could be fixed of course. The appeal of jsonrpc is its bare-bones simplicity. For local communication a lot of the arguments for a binary protocol are lesser (same argument varlink makes for why JSON). |
|
OK this data is Key takeaways:
IPC Library Binary Size ComparisonContext: evaluating IPC options for buildah PR #6675 Go: jsonrpc-fdpass-go vs ttrpc vs gRPC
Rust: jsonrpc-fdpass vs tonicAll builds: release mode with LTO.
Why existing projects absorb gRPC cheaplyIn buildah and podman, the marginal cost of gRPC is small because
In Rust, composefs-rs has no existing gRPC dependency, so tonic's fd passing
Go dependencies
Rust dependencies
|
I would elaborate on that slightly, see composefs/composefs-rs#228 (comment) So I think a really key decision here is "IPC for container-libs" - and right now it's I think just the indirect dependency
pulling gRPC in there (which honestly...is anyone using that?) |
|
I also did bootc-dev/jsonrpc-fdpass#4 |
Yes. There are build APIs which we'll need to provide for compose use cases, and they're expected to be exposed via grpc. As you've noted, podman gained a listener with a no-op handler in its server, but we'll need to be able to test anything that we provide for it to hook up to that listener. |
|
Based on some research, gRPC + fd passing is just fundamentally in conflict (mostly due to HTTP/2's arbitrary interleaving of messages). There's so many layers to that abstraction. But it's not fatal: again we can use gRPC for most things, and negotiate say jsonrpc-fdpass over a separate socket. BTW something also to consider here (and I definitely thought about when working on https://github.com/cgwalters/cstor-dist ) is that it would be I think a quite straightforward thing to have containers-storage implement the registry HTTP protocol - with extensions. I almost did that for the skopeo proxy but the thing I disliked the most is that HTTP/1.1 has head-of-line blocking which is bad for container image fetches, and HTTP/2 is basically starting to head towards gRPC anyways. Anyways, also it looks like containerd is using grpc for snapshotters, so that's an argument for it. So:
(Here's an idea for the latter: if the very first content received on a grpc channel starts with say a NUL byte, that signals that that message should have an attached fd where we can also speak jsonrpc-fdpass) ? |
|
I don't think this pull request is the place to have a wide-ranging conversation about IPC. |
|
Fair, but where do you think we should have it? Or do you think we should just ignore the fact that one person is working on something related to IPC for containers in one format and there's a different one here? |
|
@giuseppe After digging into this I think if we go gRPC for containers-libs/storage (which I'm OK with) by far the simplest thing is to have a separate jsonrpc-fdpass interface which is basically:
WDYT? |
I am fine either way. the json-rpc protocol, as you said, is much simpler and maybe works better for low level functionalities. We can workaround that if we have grpc. @nalind is there any plan/desire to move the grpc server down to container-libs? |
I have no such plan or desire. |
|
OK let's move then the discussion about the RPC need for reflink copies over to containers/container-libs#144 for now, and maybe anyone who is interested in sharing ideas/code for RPC in projects in containers/ space can join, and people who aren't can ignore it. |
4 participants
What type of PR is this?
/kind feature
What this PR does / why we need it:
Add an undocumented general "run this with an RPC service" command, which right now doesn't do much, but provides some of the scaffolding we'll need should we want to expose any APIs that way.
How to verify it
New integration test!
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?