Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HvSocket support for containers #2353

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

HvSocket support for containers #2353

wants to merge 1 commit into from
+142 −2

Conversation

anmaxvl
Copy link
Contributor

@anmaxvl anmaxvl commented Jan 13, 2025

Applications connecting from the host into the container should use
container-specific VMID. This ID will need to be the same as the
container's VMID inside the guest, which is calculated by HCS/GCS
like it's done in this PR by HCSIDToGUID.

To allow the container ID to work with HvSocket on the host, we
need to set up an AddressInfo mapping to tell HvSocket to redirect
the call into the UVM, which is done in this PR by default for
all WCOW containers.

@anmaxvl anmaxvl requested a review from a team as a code owner January 13, 2025 18:56
@anmaxvl anmaxvl force-pushed the hvsocket-for-containers branch from 4d40dbd to caf030c Compare January 13, 2025 19:46
helsaawy
helsaawy reviewed Jan 15, 2025
View reviewed changes
Copy link
Contributor

@helsaawy helsaawy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does the address info ioctl have to go through before the container is created?
if not, then we could probably remove the HCSIDToGUID code and instead add the call to CreateAddressInfo in hcsoci.Create after the system is created and we have its GUID from HCS (so we don't rely on their internal logic for generating the GUID):

func CreateContainer(/* ... */) (_ cow.Container, _ *resources.Resources, err error) {
	// ...
	if gcsDocument != nil {
		c, err := coi.HostingSystem.CreateContainer(ctx, coi.actualID, gcsDocument)
		if err != nil {
			return nil, r, err
		}

		if p, err := c.PropertiesV2(ctx); err != nil {
			return nil, r, fmt.Errorf("retrieve created container compute system properties: %w", err)
		}
		hvsockAI, err := hvsocket.CreateAddressInfo(p.RuntimeId, coi.HostingSystem.RuntimeID(), true)
		if err != nil {
			return nil, r, fmt.Errorf("exposing container Hyper-V socket: %w", err)
		}
		r.Add(hvsockAI)

		return c, r, nil
	}
}

internal/hvsocket/hvsocket.go Outdated Show resolved Hide resolved
internal/hvsocket/hvsocket.go Outdated Show resolved Hide resolved
@helsaawy
Copy link
Contributor

on a side note, how are users expected to get the runtime ID of the container for creating hv sockets?
are they expected to query HCS? or replicate the logic in HCSIDToGUID?

@apurv15
Copy link
Contributor

apurv15 commented Jan 18, 2025

What is the use case here? Is user expected to connect to inside the UVM using the containerId?
Can this be not satisfied through shimdiag exec into the UVM using the PodId?

@kevpar @anmaxvl
HvSocket support for containers
774f1a4 
Applications connecting from the host into the container should use
container-specific VMID. This ID will need to be the same as the
container's VMID inside the guest, which is calculated by HCS/GCS
like it's done in this PR by `HCSIDToGUID`.

To allow the container ID to work with HvSocket on the host, we
need to set up an AddressInfo mapping to tell HvSocket to redirect
the call into the UVM, which is done in this PR by default for
all WCOW containers.

Add `hvsocketaddr.exe` that clients can use to generate VM ID for
container.

Signed-off-by: Maksim An <[email protected]>
@anmaxvl anmaxvl force-pushed the hvsocket-for-containers branch from caf030c to 774f1a4 Compare January 23, 2025 23:30
@anmaxvl
Copy link
Contributor Author

anmaxvl commented Jan 23, 2025

does the address info ioctl have to go through before the container is created? if not, then we could probably remove the HCSIDToGUID code and instead add the call to CreateAddressInfo in hcsoci.Create after the system is created and we have its GUID from HCS (so we don't rely on their internal logic for generating the GUID):

func CreateContainer(/* ... */) (_ cow.Container, _ *resources.Resources, err error) {
	// ...
	if gcsDocument != nil {
		c, err := coi.HostingSystem.CreateContainer(ctx, coi.actualID, gcsDocument)
		if err != nil {
			return nil, r, err
		}

		if p, err := c.PropertiesV2(ctx); err != nil {
			return nil, r, fmt.Errorf("retrieve created container compute system properties: %w", err)
		}
		hvsockAI, err := hvsocket.CreateAddressInfo(p.RuntimeId, coi.HostingSystem.RuntimeID(), true)
		if err != nil {
			return nil, r, fmt.Errorf("exposing container Hyper-V socket: %w", err)
		}
		r.Add(hvsockAI)

		return c, r, nil
	}
}

turned out RuntimeID is empty... I had to update the schema and explicitly ask for systemID, which is what we need.

@anmaxvl
Copy link
Contributor Author

anmaxvl commented Jan 23, 2025

What is the use case here? Is user expected to connect to inside the UVM using the containerId? Can this be not satisfied through shimdiag exec into the UVM using the PodId?

The use case is a client/server application running on containerd host and server/client (respectively) running in a Xenon container communicating via HvSocket. shimdiag wouldn't be able to provide this type of communication.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@helsaawy helsaawy helsaawy left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@ambarve ambarve

@apurv15 apurv15

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@anmaxvl @helsaawy @apurv15 @ambarve @kevpar