feat: add --no-stdin flag to container attach #4176
Conversation
|
|
||
| testCase.Setup = func(data test.Data, helpers test.Helpers) { | ||
| cmd := helpers.Command("run", "-it", "--detach-keys=ctrl-p,ctrl-q", "--name", data.Identifier(), | ||
| testutil.CommonImage, "sh", "-c", "sleep 1; echo 'after cat'; sleep 1") |
There was a problem hiding this comment.
We're using detach-keys here specifically to immediately detachment after attach. hence there is no need for passing in env variables.
|
Please squash the commits |
subashkotha
force-pushed
the
add_attach_options
branch
from
cae7965 to
bfb53ae
Compare
subashkotha
changed the title
subashkotha
force-pushed
the
add_attach_options
branch
2 times, most recently
from
9e09568 to
a0d226e
Compare
|
Hi @apostasie , @AkihiroSuda I have updated the PR addressing comments, can you please take a look. |
|
Thanks a lot @subashkotha Issues on the CI are AFAIK:
I am bit concerned about rootless old getting to timeout at 45 mins+ (clearly getting stuck in container tests). Suggestion would be that we first merge a raft of fixes for the CI (pending), and then you could rebase on top of main to get a cleaner run. Does that work for you? |
|
Sure, @apostasie |
|
@subashkotha thanks. |
|
Could you try rebasing? |
|
This does not feel right. EL8 does not get past the new test. |
| cmd := helpers.Command("attach", "--no-stdin", data.Identifier()) | ||
| cmd.WithPseudoTTY() | ||
| cmd.WithFeeder(func() io.Reader { | ||
| for { |
There was a problem hiding this comment.
Does the loop serve a purpose here?
If I am reading this correctly, we attach to the container, and we will not return until the sleep 5 has lapsed.
Once it has elapsed, we are guaranteed to have "ready" in the log, right?
There was a problem hiding this comment.
Yes, I tried removing the loop, but the test failed because it couldn't reliably assert "ready" in the logs (example failure). The loop ensures we wait until the container is actually ready before feeding input — without it, the test becomes racy.
subashkotha
force-pushed
the
add_attach_options
branch
2 times, most recently
from
518708f to
df77a10
Compare
|
Thanks for keeping up with this @subashkotha Docker Hub is now flipping a 429 on us (<- this is rate limiting from Docker Hub) - unfortunately there is nothing to do about that but wait for it to chill (@AkihiroSuda so tired of this - need to act) Let's give it a minute then we will re-run. |
subashkotha
force-pushed
the
add_attach_options
branch
from
df77a10 to
ae61a20
Compare
|
Could you rebase to see if passes the CI? |
subashkotha
force-pushed
the
add_attach_options
branch
from
ae61a20 to
a7ef3d6
Compare
|
Seems hanging up on almalinux-8 (cgroup v1) |
Reading tea-leaves: we get stuck in the While tigron does drop the main command after 3 minutes, we might still be waiting (too politely) on the ioGroup (which is dead looping): Maybe I could add a reasonable timeout of the ioGroup Wait to deal with these conditions. @subashkotha so, beside the problem in tigron ^ that prevents this from timeouting (I will deal with that), could you add a counter in your loop waiting for UPDATE: Tigron issue tracked in #4231 |
Signed-off-by: Subash Kotha <subash.kotha2@gmail.com>
subashkotha
force-pushed
the
add_attach_options
branch
from
a7ef3d6 to
13e738c
Compare
|
Latest push:
Confirmed that on EL8, you never see |
|
@fahedouch Then detach (ctrl+p ctrl+q). Then we Do you have an intuition on this? Could it be a bug in logging with detach? |
| testutil.CommonImage, "sh", "-c", `echo ready; sleep 5`) | ||
| cmd.WithPseudoTTY() | ||
| time.Sleep(1 * time.Second) | ||
| cmd.Feed(bytes.NewReader([]byte{16, 17})) // Ctrl-p, Ctrl-q to detach (https://en.wikipedia.org/wiki/C0_and_C1_control_codes) |
There was a problem hiding this comment.
@subashkotha let's test my hypothesis that there is a bug in logging.
So, instead of sending cmd.Feed(bytes.NewReader([]byte{16, 17})) after one second, instead do your logs / wait on ready BEFORE sending the escape sequence.
eg:
cmd.Feeder(func()io.Reader{
for {
out := helpers.Capture("logs", data.Identifier())
if strings.Contains(out, "ready") {
break
}
}
return bytes.NewReader([]byte{16, 17})
}
)There was a problem hiding this comment.
Pseudo-code ^ just add back the sleep and make this proper - thanks a lot! :-)
There was a problem hiding this comment.
Thanks, let me try this out.
|
Looks indeed like a log bug: #4233 @subashkotha suggested change above should allow you to work-around it. |
Summary
This PR adds support for a new flag in the nerdctl container attach command:
Notes
We are not adding
--sig-proxyin this PR due to a limitation in nerdctl: attach only works for containers started with-itref - #2108When
-itis used, signals like Ctrl+C (SIGINT) are sent directly to the container process by the TTY, bypassing nerdctl.As a result,
--sig-proxy=falsehas no effect in such cases and cannot be used/tested reliably under current constraints.Testing