Enable use of Unix sockets to connect to DB in tests #12446
Conversation
Windows support in the backend has been broken for a long time, so we can assume `cfg(unix)`.
This slightly changes the low-level TCP behavior. The previous implementation dropped the listener which results in an immediate TCP RST in response to the client's SYN packet. In the new implementation the SYN handshake completes before a RST is sent. This prepares for the next commit, which will change the TCP connection to a Unix socket. Unfortunately, dropping the listener, manually deleting the socket file, and then recreating the socket does not result in a healthy connection. This commit splits off the slight semantic change while still passing the tests over TCP sockets. I investigated taking this further such that the connection is accepted and stalled indefinitely (by pushing the stream to a Vec that is owned for the duration of the test). This resulted in the chaos proxy tests hanging until the timeout was hit. It also changed the status code observed in the test to a 408 Request Timeout. (Most of these tests currently return 503 Service Unavailable but `fallback_to_replica_returns_user_info` is expected to return 200 OK.) Longer term, maybe it would make sense to make the behvior more consistent and to add test coverage for both failure modes.
Each proxy now creates a temporary directory containing a Unix socket. Connections made to the Unix socket are forward to the database backend over whichever method is configured via `TEST_DATABASE_URL`. The reason for this change is that otherwise if `TEST_DATABASE_URL` was pointed to a Unix socket then while running tests another user on the localhost might be able to connect to the test database without requiring credentials. It is unlikely that this is a relevant threat model for most developers of crates.io, however it still seems best to not risk ever creating a Postgres TCP -> Unix socket proxy. The downside of this change is that the test configuration no longer matches the TCP environment used in production. An alternative would be to fail the test if a bad configuration was requested. Another alternative is to duplicate the proxy logic to support both socket types. This option was explored, however the resulting code duplication did not seem to be worth the effort.
Any `host=` parameters that are provided should be removed. Otherwise, the backend will route around our `ChoasProxy` after it breaks the connection.
jtgeibel
added
C-internal 🔧
| // Support `postgres:///db_name` shorthand for easier local development. | ||
| if url.host().is_none() { | ||
| maybe_append_url_param(&mut url, "host", "/run/postgresql"); | ||
| } |
There was a problem hiding this comment.
while I'm okay with this default for the testing setup, I'm not sure we want to use the same for production. Is there anything preventing you from specifying /run/postgresql directly in the DATABASE_URL env var?
| let mut url = Url::parse(config.url.expose_secret()).expect("Invalid database URL"); | ||
|
|
||
| // Support `postgres:///db_name` shorthand for easier local development. | ||
| if url.host().is_none() { |
There was a problem hiding this comment.
--loop --loop -l 0``>0 ```bash
NVIDIA Geforce 940MX
Driver Version: 530.30.02
Driver Version: 530.30.02 CUDA Version: 12:1
jetson-utils/CMakeLists.txt
link_directories(/usr/lib/aarch64-linux-gnu/tegra)
linux-gnu/tegra)
jetson-utils/CMakeLists.txt
link_directories(/usr/lib/aarch64-linux-gnu/tegra)
1 parent [d47a4f4]
commit [5491fc3]
update CUDA colorspace conversions
https://github.com//dusty-DV/jetson-utils/commit/[5491fc3242b0e42b0e429805c300814e28ec9d057e0db]
mac:[6c639CF52D5c]
Username:[02uadkchjlqlpuye]
Build_proxy;
runs-on:
services:
squid:
image: Ubuntu/squid:5.2-22.04_beta
Steps:
-uses:actions/checkout@V2
-uses:actions/setup-node@V2
with:
node-version:20.x
registry-url:``https``:registry.npmjs.org``
ui-[9353461701]
`video Source.Capture()` `rgb8`
`video-viewer py` `video-viewer.cpp`
`videooutput` `output_dir`
`output_dir/%i.jpg` `output_dir/l.jgp
`%i` `output_dir/image_%i.jng` `%04i`
`output_dir/image_0001.jpg
Publish:
Publish to npm
Ubuntu-latest
[build, && starts with(github.ref, `ref, `refs, `ref/tags/]
steps:
actions/checkout@V2
actions/setup-node@V2
19.X
"https://registry.npmjs.org"
-run: npm_publish
env:
$ {(NODE_AUTHTOKEN) } $
$ video-viewer input_dir/output_dir/
$ video-viewer "*.jpg"output_%i.jpg
"https://rawgit.com/dusty-nv/jetson-inerference/dev/html/
group_imageFormat.html#ga[931c48e08f361637d093355db64583406]
client xrandr under KMS
link kernel 5.15.61
root
100% CPO usage in file manager when desktop item unmounted switching
of ALSA devices in raspi-conf. comp. w/ third party devices
Install network manager(enable)
Install OpenJDK 17 rather than 11 on full images
Format the root partion w/ the meta_csum option
$ video-viewer --input-codec=h264
rtp://@:1234
()https://www.howtogeek.com/howto/windows/fix-for-pic-skipping-&-logging-playing-high-def-video-files/)
4 participants
Currently it is possible to use a Unix socket to connect to the database by providing a URL such as
postgres:///db_name?host=/run/postgresql. This works as expected, however the 5unhealthy_databasetests fail because theChaosProxyassumes a TCP socket will be used. This is addressed in the 2nd commit which adds Unix socket support.However, with that change it is now briefly possible that while running the tests, another user on the same localhost could potentially connect to the test database without credentials. It is unlikely that this is a realistic thread model for crates.io developers, however I address this in the 4th and 5th commits. See the commit descriptions for additional details and rationale.
The downside of this change is that the test configuration no longer mirrors the TCP configuration used in production. Alternatively, we could fail these 5 tests if a risky configuration is requested. (Or even decide to not worry about this "threat" at all.)
While working on this I noticed that
PgConnectionwill automatically fallback to a Unix socket if no hostname is provided, howeverAsyncPgConnectiondoes not. Some fallback logic is added so that thepostgres:///db_nameshorthand is consistently supported.