public inbox for pdm-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: "Proxmox Datacenter Manager development discussion"
	<pdm-devel@lists.proxmox.com>,
	"Fabian Grünbichler" <f.gruenbichler@proxmox.com>
Subject: Re: [pdm-devel] [PATCH 1/2] privileged api server: properly handle socket on reload
Date: Mon, 30 Dec 2024 16:00:11 +0100	[thread overview]
Message-ID: <127ba408-cf52-4c81-9c7b-f18b05c5c4eb@proxmox.com> (raw)
In-Reply-To: <94447d83-5116-47a6-b4b9-be0e2bfc1124@proxmox.com>

On 23/12/2024 17:16, Thomas Lamprecht wrote:
> On 23/12/2024 14:08, Fabian Grünbichler wrote:
>> the permission/ownership change fails during reload because the socket doesn't
>> exist on-disk anymore, it is only passed along as previously opened FD in that
>> case..
>>
> 
> something seems still off here, after a reload of the privileged daemon
> the unprivileged one cannot connect to it anymore. Restarts works fine.
> 

Should be fixed now. We really must not delete the socket file
unconditionally on daemon start, as it's used from the unprivileged, main
API daemon to proxy to on-demand. So, while on a fresh start it did not
matter as the socket including the file was newly created anyway, on a
reload the file is not newly created again, as there we just re-create the
UnixListener from the inherited FD, thus breaking the proxying completely.

I lost some time as I initially suspected the FD passing to be broken, which
would not matter for the TCP socket based PBS and thus explain why it "works"
there, but the socket FD passing actually works and is done quite elegantly,
so I finally saw the obvious: no socket file == not being able to connect.

To fix this I moved the removal into the bind fn from the impl of the
Listenable trait for the tokio::net::UnixListener type used here, that way
it's only done on fresh socket creation. As alternative we could keep the
proxy FD open and transparently reconnect to the new FD (e.g., comparing
inode with our cached one, or just opportunistically if the old one stops
accepting connections). 


_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel

  reply	other threads:[~2024-12-30 15:00 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-23 13:08 [pdm-devel] [PATCH 0/2] fix reload behaviour Fabian Grünbichler
2024-12-23 13:08 ` [pdm-devel] [PATCH 1/2] privileged api server: properly handle socket on reload Fabian Grünbichler
2024-12-23 16:16   ` Thomas Lamprecht
2024-12-30 15:00     ` Thomas Lamprecht [this message]
2024-12-23 13:08 ` [pdm-devel] [PATCH 2/2] build: properly reload services after upgrade Fabian Grünbichler
2024-12-23 15:39 ` [pdm-devel] applied: [PATCH 0/2] fix reload behaviour Thomas Lamprecht

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=127ba408-cf52-4c81-9c7b-f18b05c5c4eb@proxmox.com \
    --to=t.lamprecht@proxmox.com \
    --cc=f.gruenbichler@proxmox.com \
    --cc=pdm-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal