Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stop using /bin/sh for OVS commands #5364

Merged

Conversation

antoninbas
Copy link
Contributor

We are currently using the shell (/bin/sh) to run ovs-appctl and ovs-ofctl commands, but there does not seem to be a reason to do so.

Instead, we can invoke the binary directly with exec.Command and pass the arguments as a slice.

Before this change, ovsVSwitchdUDS would return
"/var/run/openvswitch/ovs-vswitchd.*.ctl" as a fallback value in case the PID of ovs-vswitchd could not be determined. The shell would then expand the wildcard patterns. I now believe that it is better to return an error in that case. We want to make sure that we use a valid file always (and returning the glob pattern would cause an error if multiple files match). If we run into issues because of this approach, we can update the code to expand the glob pattern programmatically and, if a single path matches, we can return that path.

@antoninbas
Copy link
Contributor Author

We can probably remove usage of RunOfctlCmd altogether (use libOpenflow instead), but that's a bigger scope than this PR.

@antoninbas antoninbas added the action/backport Indicates a PR that requires backports. label Aug 7, 2023
@antoninbas antoninbas requested a review from tnqn August 7, 2023 23:33
tnqn
tnqn previously approved these changes Aug 8, 2023
Copy link
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

We are currently using the shell (/bin/sh) to run ovs-appctl and
ovs-ofctl commands, but there does not seem to be a reason to do so.

Instead, we can invoke the binary directly with exec.Command and pass
the arguments as a slice.

Before this change, ovsVSwitchdUDS would return
"/var/run/openvswitch/ovs-vswitchd.*.ctl" as a fallback value in case
the PID of ovs-vswitchd could not be determined. The shell would then
expand the wildcard patterns. I now believe that it is better to return
an error in that case. We want to make sure that we use a valid file
always (and returning the glob pattern would cause an error if multiple
files match). If we run into issues because of this approach, we can
update the code to expand the glob pattern programmatically and, if a
single path matches, we can return that path.

Signed-off-by: Antonin Bas <abas@vmware.com>
Signed-off-by: Antonin Bas <abas@vmware.com>
@antoninbas antoninbas force-pushed the stop-using-shell-for-ovs-commands branch from f0cae62 to 9857700 Compare August 8, 2023 17:07
@antoninbas
Copy link
Contributor Author

/test-all

@antoninbas antoninbas requested a review from tnqn August 8, 2023 21:45
@antoninbas
Copy link
Contributor Author

@tnqn sorry I need a new approval, I had a typo in the ovs-appctl command name (second commit)

Copy link
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@antoninbas antoninbas merged commit 2302cfe into antrea-io:main Aug 9, 2023
@antoninbas antoninbas deleted the stop-using-shell-for-ovs-commands branch August 9, 2023 04:48
@antoninbas antoninbas added the action/release-note Indicates a PR that should be included in release notes. label Aug 9, 2023
antoninbas added a commit that referenced this pull request Aug 9, 2023
…5374)

We are currently using the shell (/bin/sh) to run ovs-appctl and
ovs-ofctl commands, but there does not seem to be a reason to do so.

Instead, we can invoke the binary directly with exec.Command and pass
the arguments as a slice.

Before this change, ovsVSwitchdUDS would return
"/var/run/openvswitch/ovs-vswitchd.*.ctl" as a fallback value in case
the PID of ovs-vswitchd could not be determined. The shell would then
expand the wildcard patterns. I now believe that it is better to return
an error in that case. We want to make sure that we use a valid file
always (and returning the glob pattern would cause an error if multiple
files match). If we run into issues because of this approach, we can
update the code to expand the glob pattern programmatically and, if a
single path matches, we can return that path.

Signed-off-by: Antonin Bas <abas@vmware.com>
antoninbas added a commit that referenced this pull request Aug 9, 2023
…5372)

We are currently using the shell (/bin/sh) to run ovs-appctl and
ovs-ofctl commands, but there does not seem to be a reason to do so.

Instead, we can invoke the binary directly with exec.Command and pass
the arguments as a slice.

Before this change, ovsVSwitchdUDS would return
"/var/run/openvswitch/ovs-vswitchd.*.ctl" as a fallback value in case
the PID of ovs-vswitchd could not be determined. The shell would then
expand the wildcard patterns. I now believe that it is better to return
an error in that case. We want to make sure that we use a valid file
always (and returning the glob pattern would cause an error if multiple
files match). If we run into issues because of this approach, we can
update the code to expand the glob pattern programmatically and, if a
single path matches, we can return that path.

Signed-off-by: Antonin Bas <abas@vmware.com>
antoninbas added a commit that referenced this pull request Aug 9, 2023
…5373)

We are currently using the shell (/bin/sh) to run ovs-appctl and
ovs-ofctl commands, but there does not seem to be a reason to do so.

Instead, we can invoke the binary directly with exec.Command and pass
the arguments as a slice.

Before this change, ovsVSwitchdUDS would return
"/var/run/openvswitch/ovs-vswitchd.*.ctl" as a fallback value in case
the PID of ovs-vswitchd could not be determined. The shell would then
expand the wildcard patterns. I now believe that it is better to return
an error in that case. We want to make sure that we use a valid file
always (and returning the glob pattern would cause an error if multiple
files match). If we run into issues because of this approach, we can
update the code to expand the glob pattern programmatically and, if a
single path matches, we can return that path.

Signed-off-by: Antonin Bas <abas@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
action/backport Indicates a PR that requires backports. action/release-note Indicates a PR that should be included in release notes.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants