Support for containerized plugins #959
Conversation
aamohd
force-pushed
the
aamohd/containerized-plugins
branch
from
27f419c to
68efa03
Compare
Signed-off-by: Aisha M <[email protected]>
aamohd
force-pushed
the
aamohd/containerized-plugins
branch
from
68efa03 to
cade3d1
Compare
| @@ -168,16 +168,25 @@ impl<P: Plugin> PluginService for PluginServer<P> { | |||
| ) -> QueryResult<Resp<Self::InitiateQueryProtocolStream>> { | |||
| let rx = req.into_inner(); | |||
| // TODO: - make channel size configurable | |||
| let (tx, out_rx) = mpsc::channel::<QueryResult<InitiateQueryProtocolResp>>(10); | |||
| let (tx, out_rx) = mpsc::channel::<QueryResult<InitiateQueryProtocolResp>>(100); | |||
There was a problem hiding this comment.
Why the increase to the channel size?
There was a problem hiding this comment.
When I ran it with a channel size of 10, I would sometimes get an error that the channel closed abruptly. I increased it by a factor of 10 but if there's another recommended size I should change it to, let me know
| @@ -40,7 +40,7 @@ impl<P: Plugin> PluginServer<P> { | |||
| /// Run the plugin server on the provided port. | |||
| pub async fn listen(self, port: u16) -> Result<()> { | |||
| let service = PluginServiceServer::new(self); | |||
| let host = format!("127.0.0.1:{}", port).parse().unwrap(); | |||
| let host = format!("0.0.0.0:{}", port).parse().unwrap(); | |||
There was a problem hiding this comment.
I'm not sure this change is valid when running outside of a container; did you try it? If it's not, we may need to expose an SDK setting for what host to listen on, perhaps something like:
enum Host {
// 127.0.0.1
Loopback,
// 0.0.0.0.0
Any,
// Any other IP address.
Other(Ipv4Addr),
}There was a problem hiding this comment.
I just tried running normally with the 0.0.0.0 address and it was successful, but I can try to rework this so it isn't at 0.0.0.0 by default
There was a problem hiding this comment.
The question is whether we should be concerned about listening on all network interfaces and potentially enabling a remote process to connect to the plugin first and surreptitiously pose as hipcheck core.
There was a problem hiding this comment.
Right, 0.0.0.0 inside a container is less concerning because what really matters on the host is the port bindings that the container runtime does. But for plugins running outside of the container we really ought to use the loopback address.
| on arch="aarch64-apple-darwin" "activity-container-deploy.sh" | ||
| on arch="x86_64-apple-darwin" "activity-container-deploy.sh" | ||
| on arch="x86_64-unknown-linux-gnu" "activity-container-deploy.sh" | ||
| on arch="x86_64-pc-windows-msvc" "activity-container-deploy.sh" |
There was a problem hiding this comment.
Is Windows able to run this shell script? You may need to also have a PowerShell script for Windows specifically.
No description provided.