close engine connection when ping fails (#569)

DuodenumL · web-flow · commit 43bd0173ce99 · 2022-04-02T10:29:07.000+08:00
* close engine connection when ping fails

* reuse http client
diff --git a/engine/docker/docker.go b/engine/docker/docker.go
@@ -2,18 +2,16 @@ package docker
 
 import (
 	"context"
-	"fmt"
-	"io/ioutil"
 	"net/http"
-	"os"
+	"strings"
 
 	"github.com/projecteru2/core/engine"
 	enginetypes "github.com/projecteru2/core/engine/types"
 	"github.com/projecteru2/core/log"
 	coretypes "github.com/projecteru2/core/types"
+	"github.com/projecteru2/core/utils"
 
 	dockerapi "github.com/docker/docker/client"
-	"github.com/docker/go-connections/tlsconfig"
 )
 
 const (
@@ -34,44 +32,19 @@ type Engine struct {
 // MakeClient make docker cli
 func MakeClient(ctx context.Context, config coretypes.Config, nodename, endpoint, ca, cert, key string) (engine.API, error) {
 	var client *http.Client
-	if config.CertPath != "" && ca != "" && cert != "" && key != "" { // nolint
-		caFile, err := ioutil.TempFile(config.CertPath, fmt.Sprintf("ca-%s", nodename))
+	var err error
+	if strings.HasPrefix(endpoint, "unix://") {
+		client = utils.GetUnixSockClient()
+	} else {
+		client, err = utils.GetHTTPSClient(ctx, config.CertPath, nodename, ca, cert, key)
 		if err != nil {
+			log.Errorf(ctx, "[MakeClient] GetHTTPSClient for %s %s error: %v", nodename, endpoint, err)
 			return nil, err
 		}
-		certFile, err := ioutil.TempFile(config.CertPath, fmt.Sprintf("cert-%s", nodename))
-		if err != nil {
-			return nil, err
-		}
-		keyFile, err := ioutil.TempFile(config.CertPath, fmt.Sprintf("key-%s", nodename))
-		if err != nil {
-			return nil, err
-		}
-		if err = dumpFromString(ctx, caFile, certFile, keyFile, ca, cert, key); err != nil {
-			return nil, err
-		}
-		options := tlsconfig.Options{
-			CAFile:             caFile.Name(),
-			CertFile:           certFile.Name(),
-			KeyFile:            keyFile.Name(),
-			InsecureSkipVerify: true,
-		}
-		defer os.Remove(caFile.Name())
-		defer os.Remove(certFile.Name())
-		defer os.Remove(keyFile.Name())
-		tlsc, err := tlsconfig.Client(options)
-		if err != nil {
-			return nil, err
-		}
-		client = &http.Client{
-			Transport: &http.Transport{
-				TLSClientConfig: tlsc,
-			},
-		}
 	}
 
 	log.Debugf(ctx, "[MakeDockerEngine] Create new http.Client for %s, %s", endpoint, config.Docker.APIVersion)
-	return makeRawClient(ctx, config, client, endpoint)
+	return makeDockerClient(ctx, config, client, endpoint)
 }
 
 // Info show node info
@@ -96,3 +69,8 @@ func (e *Engine) Ping(ctx context.Context) error {
 	_, err := e.client.Ping(ctx)
 	return err
 }
+
+// CloseConn close connection
+func (e *Engine) CloseConn() error {
+	return e.client.Close()
+}
diff --git a/engine/docker/helper.go b/engine/docker/helper.go
@@ -257,7 +257,7 @@ func GetIP(ctx context.Context, daemonHost string) string {
 	return u.Hostname()
 }
 
-func makeRawClient(_ context.Context, config coretypes.Config, client *http.Client, endpoint string) (engine.API, error) {
+func makeDockerClient(_ context.Context, config coretypes.Config, client *http.Client, endpoint string) (engine.API, error) {
 	cli, err := dockerapi.NewClientWithOpts(
 		dockerapi.WithHost(endpoint),
 		dockerapi.WithVersion(config.Docker.APIVersion),
@@ -268,24 +268,6 @@ func makeRawClient(_ context.Context, config coretypes.Config, client *http.Clie
 	return &Engine{cli, config}, nil
 }
 
-func dumpFromString(ctx context.Context, ca, cert, key *os.File, caStr, certStr, keyStr string) error {
-	files := []*os.File{ca, cert, key}
-	data := []string{caStr, certStr, keyStr}
-	for i := 0; i < 3; i++ {
-		if _, err := files[i].WriteString(data[i]); err != nil {
-			return err
-		}
-		if err := files[i].Chmod(0444); err != nil {
-			return err
-		}
-		if err := files[i].Close(); err != nil {
-			return err
-		}
-	}
-	log.Debug(ctx, "[dumpFromString] Dump ca.pem, cert.pem, key.pem from string")
-	return nil
-}
-
 func useCNI(labels map[string]string) bool {
 	for k, v := range labels {
 		if k == "cni" && v == "1" {
diff --git a/engine/engine.go b/engine/engine.go
@@ -13,6 +13,7 @@ import (
 type API interface {
 	Info(ctx context.Context) (*enginetypes.Info, error)
 	Ping(ctx context.Context) error
+	CloseConn() error
 
 	Execute(ctx context.Context, ID string, config *enginetypes.ExecConfig) (result string, stdout, stderr io.ReadCloser, stdin io.WriteCloser, err error)
 	ExecResize(ctx context.Context, ID, result string, height, width uint) (err error)
diff --git a/engine/factory/factory.go b/engine/factory/factory.go
@@ -8,6 +8,7 @@ import (
 	"unsafe"
 
 	"github.com/cornelk/hashmap"
+
 	"github.com/projecteru2/core/engine"
 	"github.com/projecteru2/core/engine/docker"
 	"github.com/projecteru2/core/engine/fake"
diff --git a/engine/fake/fake.go b/engine/fake/fake.go
@@ -24,6 +24,11 @@ func (f *Engine) Ping(ctx context.Context) error {
 	return f.DefaultErr
 }
 
+// CloseConn .
+func (f *Engine) CloseConn() error {
+	return nil
+}
+
 // Execute .
 func (f *Engine) Execute(ctx context.Context, ID string, config *enginetypes.ExecConfig) (result string, stdout, stderr io.ReadCloser, stdin io.WriteCloser, err error) {
 	return "", nil, nil, nil, f.DefaultErr
diff --git a/engine/mocks/API.go b/engine/mocks/API.go
diff --git a/engine/virt/virt.go b/engine/virt/virt.go
@@ -83,6 +83,11 @@ func (v *Virt) Ping(ctx context.Context) error {
 	return err
 }
 
+// CloseConn closes the connection.
+func (v *Virt) CloseConn() error {
+	return v.client.Close()
+}
+
 // Execute executes a command in vm
 func (v *Virt) Execute(ctx context.Context, ID string, config *enginetypes.ExecConfig) (pid string, stdout, stderr io.ReadCloser, stdin io.WriteCloser, err error) {
 	if config.Tty {
diff --git a/utils/http.go b/utils/http.go
@@ -0,0 +1,140 @@
+package utils
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"os"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/cornelk/hashmap"
+	"github.com/docker/go-connections/tlsconfig"
+
+	"github.com/projecteru2/core/log"
+)
+
+var defaultHTTPClient = &http.Client{
+	CheckRedirect: checkRedirect,
+	Transport:     getDefaultTransport(),
+}
+
+var defaultUnixSockClient = &http.Client{
+	Transport: getDefaultUnixSockTransport(),
+}
+
+var httpsClientCache = hashmap.New(32)
+
+// GetHTTPClient returns a HTTP client
+func GetHTTPClient() *http.Client {
+	return defaultHTTPClient
+}
+
+// GetUnixSockClient .
+func GetUnixSockClient() *http.Client {
+	return defaultUnixSockClient
+}
+
+// GetHTTPSClient returns an HTTPS client
+// if cert_path/ca/cert/key is empty, it returns an HTTP client instead
+func GetHTTPSClient(ctx context.Context, certPath, name, ca, cert, key string) (client *http.Client, err error) {
+	if certPath == "" || ca == "" || cert == "" || key == "" {
+		return GetHTTPClient(), nil
+	}
+
+	cacheKey := name + SHA256(fmt.Sprintf("%s-%s-%s-%s-%s", certPath, name, ca, cert, key))[:8]
+	if httpsClient, ok := httpsClientCache.Get(cacheKey); ok {
+		return httpsClient.(*http.Client), nil
+	}
+
+	caFile, err := ioutil.TempFile(certPath, fmt.Sprintf("ca-%s", name))
+	if err != nil {
+		return nil, err
+	}
+	certFile, err := ioutil.TempFile(certPath, fmt.Sprintf("cert-%s", name))
+	if err != nil {
+		return nil, err
+	}
+	keyFile, err := ioutil.TempFile(certPath, fmt.Sprintf("key-%s", name))
+	if err != nil {
+		return nil, err
+	}
+	if err = dumpFromString(ctx, caFile, certFile, keyFile, ca, cert, key); err != nil {
+		return nil, err
+	}
+	options := tlsconfig.Options{
+		CAFile:             caFile.Name(),
+		CertFile:           certFile.Name(),
+		KeyFile:            keyFile.Name(),
+		InsecureSkipVerify: true,
+	}
+	defer os.Remove(caFile.Name())
+	defer os.Remove(certFile.Name())
+	defer os.Remove(keyFile.Name())
+	tlsc, err := tlsconfig.Client(options)
+	if err != nil {
+		return nil, err
+	}
+	transport := getDefaultTransport()
+	transport.TLSClientConfig = tlsc
+
+	client = &http.Client{
+		CheckRedirect: checkRedirect,
+		Transport:     transport,
+	}
+	httpsClientCache.Set(cacheKey, client)
+	return client, nil
+}
+
+func getDefaultTransport() *http.Transport {
+	return &http.Transport{
+		DialContext: (&net.Dialer{
+			KeepAlive: time.Second * 30,
+			Timeout:   time.Second * 30,
+		}).DialContext,
+
+		IdleConnTimeout:     time.Second * 90,
+		MaxIdleConnsPerHost: runtime.GOMAXPROCS(0) + 1,
+		Proxy:               http.ProxyFromEnvironment,
+	}
+}
+
+func getDefaultUnixSockTransport() *http.Transport {
+	return &http.Transport{
+		DialContext: func(_ context.Context, _, addr string) (net.Conn, error) {
+			return net.DialTimeout("unix", strings.Split(addr, ":")[0], time.Second*30)
+		},
+
+		IdleConnTimeout:     time.Second * 90,
+		MaxIdleConnsPerHost: runtime.GOMAXPROCS(0) + 1,
+		DisableCompression:  true,
+	}
+}
+
+func dumpFromString(ctx context.Context, ca, cert, key *os.File, caStr, certStr, keyStr string) error {
+	files := []*os.File{ca, cert, key}
+	data := []string{caStr, certStr, keyStr}
+	for i := 0; i < 3; i++ {
+		if _, err := files[i].WriteString(data[i]); err != nil {
+			return err
+		}
+		if err := files[i].Chmod(0444); err != nil {
+			return err
+		}
+		if err := files[i].Close(); err != nil {
+			return err
+		}
+	}
+	log.Debug(ctx, "[dumpFromString] Dump ca.pem, cert.pem, key.pem from string")
+	return nil
+}
+
+func checkRedirect(req *http.Request, via []*http.Request) error {
+	if via[0].Method == http.MethodGet {
+		return http.ErrUseLastResponse
+	}
+	return fmt.Errorf("unexpected redirect")
+}
