Test host_regexp against all PTR records instead of only one#37827
Test host_regexp against all PTR records instead of only one#37827tavplubix merged 31 commits intoClickHouse:masterfrom
Conversation
robot-ch-test-poll
added
pr-feature
alexey-milovidov
added
the
can be tested
|
Most likely it needs to be added to docker/test/fasttest. |
|
|
Just updated it to use https url. Can you re-approve the run @alexey-milovidov? In the meantime, I am working on the fasttest local setup so I can iterate quicker without having to push changes to try things out, even tho this might be the last necessary change for fasttest... |
|
Kind reminder for CI re-run @alexey-milovidov |
|
Just fixed style case and DNS error message. Kind ping for CI re-run. @alexey-milovidov |
|
Hi. I checked the CI failures and it seems like it's not related to the changes in this PR. Plus, checking other recent merged PRs, same failure was present. I believe it's ready for review, please let me know if there is anything else missing. |
|
Kind ping, is there anything missing here? @alexey-milovidov |
|
Just resolved conflicts |
|
Someone should take it for review. I did not review it yet. |
rschu1ze
left a comment
rschu1ze
left a comment
There was a problem hiding this comment.
Looks good overall, thanks a lot. I added just some minor comments after which we can merge.
src/Common/DNSResolver.cpp
Outdated
There was a problem hiding this comment.
Hm, why do we need "async DNS resolver" if the only place where it's used actually works synchronously?
Also I don't like the namespace name YukiWorkshop.
Can we get rid of cpp-dns library?
There was a problem hiding this comment.
We need a library that returns multiple PTR records for a given ip address. The problem is that most libraries return only one, including getnameinfo. I am also not a big fan of the namespace, but that's the only working library I could find.
The easiest path is to keep cpp-dns, but I believe we could get rid of it if we implemented something similar, it'll just take more time.
There was a problem hiding this comment.
We need a library that returns multiple PTR records for a given ip address.
Yes, and udns does the job, cpp-dns looks like useless wrapper. Am I missing something?
There was a problem hiding this comment.
I wouldn't consider it to be useless. It's much more idiomatic and easier to use than libudns. libudns is cryptic and hard to use, I believe that we need a wrapper. The question is if we want to build a wrapper or use an existing one.
There was a problem hiding this comment.
If you want, I can implement the wrapper myself and get rid of cpp-dns. Would that be enough?
There was a problem hiding this comment.
Sorry, I mean ares_gethostbyaddr, not ares_getnameinfo
There was a problem hiding this comment.
Ok, I just tested ares_gethostbyaddr and it indeed works. I will build the wrapper around it then, ok?
There was a problem hiding this comment.
Ok, so both udns and c-ares support multiple PTR records and work fine. But c-ares looks more popular, does not look abandoned and its interface is quite similar to system functions. So I think yes, we should use c-ares library.
Also there's alive c-ares repo on GitHub. I've created a fork in ClickHouse organization (just in case we will need change something a bit): https://github.com/ClickHouse/c-ares
There was a problem hiding this comment.
ClickHouse already builds c-ares because grpc depends on it. I believe that whenever -DENABLE_GRPC is set to ON, c-ares is built as well. Adding c-ares as a submodule as it is fails because it tries to add yet another target called c-ares and it conflicts with the one built by grpc. Based on that, I see a couple of paths forward:
- Build c-ares as a submodule and link grpc against it. Requires changes in grpc, which is not in the scope of this PR, but it would be necessary.
- Link clickhouse_common_io against c-ares built by grpc. If c-ares target doesn't exist because grpc wasn't built, build c-ares submodule. Dependecy graph becomes a bit messy and not clear, but leaves grpc untouched.
- Build c-ares as a submodule, but with different name. I don't see this one as a good option, but leaving it on the table.
Which one do you guys prefer and what do you suggest?
Btw, I have a draft implementation of a c-ares wrapper and already tested it on clickhouse with approach #2 (without the conditional build, tho). It worked!
There was a problem hiding this comment.
Cool, so we don't need to add extra libraries! The first option is the best, it makes sense to try it first.
arthurpassos
force-pushed
the
host_regexp_multiple_domains
branch
from
b1f6747 to
5c00dcd
Compare
|
CI run was all green: https://github.com/ClickHouse/ClickHouse/actions/runs/2666225397, aside from style check, which I just pushed a fix for. I'll see what I can do about the integ tests. I might reach out for help since it's my first time looking at integ tests code. |
|
Alright, that took some effort :). Just published integ tests, please let me know if you want to change anything @tavplubix . |
|
I see three failures:
Kind ping for review and re-run @tavplubix |
|
I restarted it. I'm trying to dig into the issue with a rerun This particular time the behavior is valid, the ci has status Cancelled, and we don't restart it automatically intentionally. |
|
I have the style fix ready, but will wait until CI run is finished to avoid yet another long run. Btw, I am curious, are you satisfied with the integ tests or you haven't had a chance to review it yet? |
|
Tests look fine, thanks! |
|
Just pushed what I believe to have fixed the style check, couldn't confirm it since I don't know how to run it locally. |
|
Style Check (actions) — Style check success |
| # Force use of c-ares inet_net_pton instead of libresolv one | ||
| set(HAVE_INET_NET_PTON OFF CACHE BOOL "" FORCE) | ||
|
|
||
| add_subdirectory("../c-ares/" "../c-ares/") |
There was a problem hiding this comment.
We don't allow reusing third-party CMake files.
|
@tavplubix You've merged prematurally. Need to revert or fix it quickly. |
| add_contrib (sqlite-cmake sqlite-amalgamation) | ||
| add_contrib (s2geometry-cmake s2geometry) | ||
| add_contrib (base-x-cmake base-x) | ||
| add_contrib(c-ares-cmake c-ares) |
|
Yes, and sorry for missing that, I have not looked at the latest versions of this PR. Looking at contrib/cares/CMakeLists.txt, there is some complexity but nothing impossible. The MS Win build and the build of "tools" can be omitted. The file "lib/ares_config.h" can be generated by running the original build system on Linux (x86 + ARM + PPC LE), FreeBSD and Mac and checking in the result below "contrib/c-ares-cmake/" (see contrib/vectorscan-cmake/x86_64/config.h for a similar situation). |
|
@alexey-milovidov, we already reuse third-party cmake files for grpc, our "own" cmake file simply calls it: Seems like we had our own cmake files for grpc, but it was changed back to third-party cmakes in #15491, cc: @vitlibar Before this PR I will fix style inconsistency and remove |
7 participants
Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
In #17202 was reported that host_regexp was being tested against only one of the possible PTR responses. This PR makes the necessary changes so that host_regexp is applied against all possible PTR responses and validate if any matches.
c-aresis being used because the vanillagetnameinfois limited to one PTR.Integration tests for this feature seemed to be an overkill because of the amount of effort required. It would require setting up a DNS server with the necessary resolutions and tweak clickhouse node host DNS settings so it points to the DNS server so it can finally be tested.
I have tested it locally using a setup similar to the gist provided by the OP in the issue. The scenario is:
Previously, it would fail to auth. With the changes in this PR, it allows the request.
Closes #17202