Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/build: move http2 demo to GKE #23034

Closed
sbinet opened this issue Dec 7, 2017 · 6 comments
Closed

x/build: move http2 demo to GKE #23034

sbinet opened this issue Dec 7, 2017 · 6 comments
Labels
Builders x/build issues (builders, bots, dashboards) FrozenDueToAge
Milestone
Unreleased

Comments

@sbinet
Copy link
Member

sbinet commented Dec 7, 2017

hi there,

trying to show to a co-worker the nice performance improvements one could get with Go, HTTP/2 and https, I got this:

$> curl https://http2.golang.org/gophertiles
curl: (7) Failed to connect to http2.golang.org port 443: Connection refused

could this be reinstated?
(@bradfitz ?)
@bradfitz bradfitz self-assigned this Dec 7, 2017
@bradfitz
Copy link
Contributor

bradfitz commented Dec 7, 2017

Well, crap.

It looks like the CoreOS instance updated itself (currently 4.13.16-coreos-r2) and my systemd unit from my cloud-config was no longer recognized.

For the record, my user-data metadata on GCE is:

#cloud-config
coreos:
  units:
    - name: h2demo.service
      command: start
      content: |
        [Unit]
        Description=HTTP2 Demo
        
        [Service]
        ExecStartPre=/bin/bash -c 'mkdir -p /opt/bin && curl -s -o /opt/bin/h2demo http://storage.googleapis.com/http2-demo-server-tls/h2demo && chmod +x /opt/bin/h2demo'
        ExecStart=/opt/bin/h2demo --prod
        RestartSec=5s
        Restart=always
        Type=simple
        
        [Install]
        WantedBy=multi-user.target

ssh_authorized_keys:
    - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwks9dwWKlRC+73gRbvYtVg0vdCwDSuIlyt4z6xa/YU/jTDynM4R4W10hm2tPjy8iR1k8XhDv4/qdxe6m07NjG/By1tkmGpm1mGwho4Pr5kbAAy/Qg+NLCSdAYnnE00FQEcFOC15GFVMOW2AzDGKisReohwH9eIzHPzdYQNPRWXE= bradfitz@papag.bradfitz.com

That had worked for years, but today when I ran systemctl there was no mention of h2demo in the list of services.

To "fix" it, I did:

http2-demo bradfitz # systemctl enable /etc/systemd/system/h2demo.service
Created symlink /etc/systemd/system/multi-user.target.wants/h2demo.service → /etc/systemd/system/h2demo.service.
http2-demo bradfitz # systemctl start h2demo.service
http2-demo bradfitz # systemctl status h2demo.service
● h2demo.service - HTTP2 Demo
   Loaded: loaded (/etc/systemd/system/h2demo.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2017-12-07 18:28:35 UTC; 5s ago
  Process: 1019 ExecStartPre=/bin/bash -c mkdir -p /opt/bin && curl -s -o /opt/bin/h2demo http://storage.googleapis.com/http2-demo-server-tls/h2demo && chmod +x /opt/bin/h2demo (code=exited, status=0/SUCCESS)
 Main PID: 1024 (h2demo)
    Tasks: 4 (limit: 32768)
   Memory: 15.8M
      CPU: 74ms
   CGroup: /system.slice/h2demo.service
           └─1024 /opt/bin/h2demo --prod
Dec 07 18:28:35 http2-demo.c.symbolic-datum-552.internal systemd[1]: Starting HTTP2 Demo...
Dec 07 18:28:35 http2-demo.c.symbolic-datum-552.internal systemd[1]: Started HTTP2 Demo.

I can move this service to GKE along with our others, I suppose.

@bradfitz bradfitz changed the title http2: online demo not working anymore x/build: move http2 demo to GKE Dec 7, 2017
@gopherbot gopherbot added this to the Unreleased milestone Dec 7, 2017
@gopherbot gopherbot added the Builders x/build issues (builders, bots, dashboards) label Dec 7, 2017
@sbinet
Copy link
Member Author

sbinet commented Dec 7, 2017

Thanks for the speedy "fix" :)

@crawford
Copy link

crawford commented Dec 8, 2017

In case anyone is interested, the reason for the failure was a few malformed entries in authorized_keys coupled with a new implementation of update-ssh-keys (in Rust 😬). The old implementation of update-ssh-keys blindly concatenated the contents of ~/.ssh/authorized_keys.d into ~/.ssh/authorized_keys while the new implementation validates the correctness of the keys. One of coreos-cloudinit's first tasks is to update SSH keys, which it does by calling update-ssh-keys. Unfortunately, when update-ssh-keys failed as it encountered the malformed entries, it caused coreos-cloudinit to exit early without actually starting any of the services. This bug is a good illustration of the problems with the underlying design of coreos-cloudinit and it's worth noting that it has been deprecated in favor of Container Linux Configs and Ignition.

@bradfitz
Copy link
Contributor

bradfitz commented Dec 8, 2017

@crawford, are you changing update-ssh-keys to ignore those invalid entries? (which GKE added for itself, even though those are on unrelated VMs)

@crawford
Copy link

crawford commented Dec 8, 2017

@bradfitz Yeah, we are going to update it to throw warnings and skip invalid keys, but continue copying valid ones.

@sdemos sdemos mentioned this issue Dec 8, 2017
Closed
@gopherbot
Copy link

Change https://golang.org/cl/91495 mentions this issue: http2/h2demo: enable HTTP ACME challenges, move from CoreOS to Kubernetes

@golang golang locked and limited conversation to collaborators Feb 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Builders x/build issues (builders, bots, dashboards) FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@bradfitz @crawford @sbinet @gopherbot