Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add TCP half-close broken pipe to common errors #6203

Merged
merged 1 commit into from
Jul 25, 2019
Merged

Conversation

mikemorris
Copy link
Contributor

@mikemorris mikemorris commented Jul 23, 2019

Adds an entry to common-errors.html.md describing the context for a broken pipe error when attempting to close a snapshot RPC connection.

This was previously noted in relation to Docker support in consul-containers.html.md, but that page is no longer accessible in the public website documentation.

// Our RPC protocol requires support for a half-close in order to signal
// the other side that they are done reading the stream, since we don't
// know the size in advance. This saves us from having to buffer just to
// calculate the size.
if hc != nil {
if err := hc.CloseWrite(); err != nil {
return nil, fmt.Errorf("failed to half close snapshot connection: %v", err)
}
} else {
return nil, fmt.Errorf("snapshot connection requires half-close support")
}

Questions

  • Should this note be more specific about this behavior occurring during RPC calls from a non-RAFT-leader snapshot leader to the RAFT leader?
  • Should this note mention using tcpdump or Wireshark for further insight into the actual TCP messages sent and received?

@hashicorp-cla
Copy link

hashicorp-cla commented Jul 23, 2019

CLA assistant check
All committers have signed the CLA.

@mikemorris mikemorris requested a review from a team July 24, 2019 18:39
Copy link
Member

@banks banks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch and update - I'm not sure I even knew we had a "common errors" page!

Should this note be more specific about this behavior occurring during RPC calls from a non-RAFT-leader snapshot leader to the RAFT leader?

I think this is OK as is but we could mention that it will only appear on servers. In practice people are likely only here if they've seen it already and it does a good job of explaining to them what is happening and that it's fine.

Should this note mention using tcpdump or Wireshark for further insight into the actual TCP messages sent and received?

I'd suggest not - in production it will all be encrypted anyway and if it's not then you are going to see the entire contents of the state store on the wire as the snapshot is sent. It's hard to know what they could learn from that that we haven't said here.

@mikemorris
Copy link
Contributor Author

mikemorris commented Jul 25, 2019

I think this is OK as is but we could mention that it will only appear on servers.

It seems like it could occur on a non-server agent if consul snapshot agent happens to be running there and obtain snapshot leadership? (Guessing this might not be a recommended setup?)

It's hard to know what they could learn from that that we haven't said here.

It would primarily be to observe TCP headers and see the response to an initial FIN from server - whether client ACKs or immediately FIN and close in response, but agree this is likely unnecessary to include here.

@mikemorris mikemorris merged commit 34984e4 into master Jul 25, 2019
@mikemorris mikemorris deleted the half-close branch July 25, 2019 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants