[v9] Make proxy routing and session control logic reusable#18923
Merged
rosstimothy merged 4 commits intobranch/v9from Dec 7, 2022
Merged
[v9] Make proxy routing and session control logic reusable#18923rosstimothy merged 4 commits intobranch/v9from
rosstimothy merged 4 commits intobranch/v9from
Conversation
rosstimothy
force-pushed
the
tross/backport-resusable-components/v9
branch
2 times, most recently
from
fe4f0ed to
6174404
Compare
Contributor
Author
|
PTAL @fspmarshall @zmb3 |
zmb3
approved these changes
Dec 3, 2022
fspmarshall
approved these changes
Dec 6, 2022
Routing logic existed within an unexported handler of ssh subsystem requests, which prevented it from being reused by other components within the proxy, like the webapi server. This causes significant latency issues for web sessions because the web apiserver is required to dial the proxy ssh server to determine how to route to the host. Since the web apiserver and the proxy ssh server exist in the same process this is an entirely unnecesarry step that could be avoided if the routing and ability to established connections were shared throughout the proxy. A new `proxy.Router` object is introduced which contains all the logic that used to exist in `regular.proxySubsys` for determining how to connect to servers and clusters. All routing within the `regular.proxySubsys` now leverages the `proxy.Router` to dial the target. This is step 1 in addressing #15167. Now that the `proxy.Router` exists `web.APIServer` will be able to make use of it to avoid dialing the same process to establish connections.
rosstimothy
force-pushed
the
tross/backport-resusable-components/v9
branch
from
6174404 to
f0a1868
Compare
Session control logic existed within `HandleNewConn` of `srv/regular.Server`. This prevented any of it from being used by other components that also needed to enforce session control. All the logic from within `HandleNewConn` was refactored to a new `srv.SessionController` object which the `regular.Server` now uses to perform session control. There were a few additional changes needed to accomadate that session control now exists outside the server and to make tests easier to write. Namely, altering `srv.ComputLockTargets` to not take a `Server` as a parameter and leveraging a clock within `services.SemaphoreLock`. This is step 2 in addressing #15167. Before the web apiserver can leverage the newly introduced proxy.Router and bypass making ssh connections to the proxy ssh server it needs to be able to perfrom session control.
rosstimothy
force-pushed
the
tross/backport-resusable-components/v9
branch
from
36b05c9 to
d2039f6
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport #18370 and #18565 to branch/v9
This also includes
lib/utils/proxyconn.goandlib/utils/proxyconn_test.gofrom #13455 which wasn't backported to v9.