[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PATCH for discussion] doc: Define a standard URI syntax for NBD URIs.

On Sun, May 26, 2019 at 12:24 PM Richard W.M. Jones <rjones@redhat.com> wrote:
On Sun, May 26, 2019 at 10:00:18AM +0100, Richard W.M. Jones wrote:
> I intended to write a cover letter, got distracted while sending it
> and forgot ...
>
> Anyway I was going to say:
>
>  - There's no way to specify abstract Unix domain sockets. 

Isn't this enough?

    nbd+unix:///export?socket=%00/org/foo

>>> from urllib.parse import urlparse, parse_qs

>>> urlparse("nbd+unix:///export?socket=%00/org/foo")
ParseResult(scheme='nbd+unix', netloc='', path='/export', params='', query='socket=%00/org/foo', fragment='')

>>> parse_qs('socket=%00/org/foo')
{'socket': ['\x00/org/foo']}

Should
>    there be?  I'm not aware of any server that supports them.  Luckily
>    the common approach of using `@` at the beginning should work:
>    https://unix.stackexchange.com/questions/206386/what-does-the-symbol-denote-in-the-beginning-of-a-unix-domain-socket-path-in-l
>
>  - As Wouter already picked up in his review, should we allow a
>    default Unix domain socket?  The corollary to this is: Should we
>    make the authority mandatory for TCP/IP sockets?  Are there
>    sensible defaults for the authority (localhost:10809 probably).
>
>  - I notice that proto.md has a text symlink (proto.txt).  Would we
>    need one for url.txt -> url.md?

A few more things:

 - I wrote a libnbd implementation of NBD URIs last night:
   https://github.com/libguestfs/libnbd/commit/d2dfefcefdf64864acae7a75c30d3f54e9a63ea6
   Of course thisis based off the draft spec, but I can amend this
   implementation as we work towards a final spec.  One annoying thing
   is that libxml2 provides no support for parsing the query
   parameters, and doing it by hand in C is a PITA ...

 - libnbd supports `nbds+unix` (ie. require TLS over a Unix domain
   socket).  We use this for testing, and of course it's "useless" for
   real life, which is why I omitted it from the spec.  (QEMU doesn't
   support TLS over Unix domain sockets; nbd-server looks like it
   could support it, but I didn't test it).

 - On the subject of requiring TLS, I made `nbds` mean that TLS is
   required, while `nbd` means that TLS can be used opportunistically
   but is not required.  Not sure what people think about that.
   There's no "definitely don't use TLS" setting, but given we have
   observed a 10x slowdown when TLS is enabled on a Unix domain socket
   between libnbd & nbdkit[*] maybe there should be.

Rich.

[*] A slightly unrealistic test.  Most of the time is spent running
the ChaCha stream cipher, and the cost of that would be mostly hidden
by network latency if we were doing this over a TCP socket.

--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v
Reply to: