Draft
Conversation
|
🌿 Preview your docs: https://nvidia-preview-pr-888.docs.buildwithfern.com/openshell |
Signed-off-by: Drew Newberry <anewberry@nvidia.com> # Conflicts: # architecture/gateway.md
Signed-off-by: Drew Newberry <anewberry@nvidia.com>
drew
force-pushed
the
drew/creating-a-docker-driver-like-the-vm-driver
branch
from
2f26563 to
8bf06db
Compare
- Preserve sandbox id suffix in container name when sandbox name is long, preventing collisions and confusing 'already exists' errors. - Use container id (not name) in delete_sandbox_inner so transient ContainerSummary entries without names still get cleaned up. - Subscribe to the watch broadcast before snapshotting so events that fire between snapshot and subscribe aren't missed by new watchers. - Apply exponential backoff to the Docker poll loop on consecutive failures, capping at 30s to avoid log floods on daemon outages. - Reject --docker-tls-* flags when the gRPC endpoint is plaintext http:// instead of silently discarding them. - Add e2e:docker mise task and e2e/rust/e2e-docker.sh harness that boots a standalone gateway with the docker driver and runs the existing smoke test against it.
…nects The docker compute driver mapped RUNNING containers to Ready=False with reason DependenciesNotReady indefinitely, so sandboxes never transitioned to the Ready phase and ExecSandbox was gated out behind a 180s timeout. Introduces a SupervisorReadiness trait that the driver polls on every watch tick. The gateway's SupervisorSessionRegistry implements it via a new is_connected(sandbox_id) method. When a ConnectSupervisor session is live for a sandbox, the driver emits Ready=True with reason SupervisorConnected; the condition falls back to DependenciesNotReady if the supervisor disconnects. Also: - Wires the registry through run_server/ServerState so the docker driver can be constructed before ServerState exists. - Adds a host.openshell.internal / host.docker.internal SAN to the e2e-docker.sh generated mTLS cert so supervisor TLS handshakes succeed. - Points the e2e harness at the community sandbox base image (which has the required 'sandbox' user) and preserves container logs on failure for post-mortem debugging. - Passes mise run e2e:docker end to end.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add a bundled Docker compute driver to the gateway on top of the supervisor-relay base. This lets the gateway provision sandboxes directly through the local Docker daemon without exposing sandbox ports or spawning a separate Docker driver binary.
Related Issue
N/A
Changes
dockeras a supported compute driver kindopenshell-serverusing Bollard/sandboxvolumeTesting
mise run pre-commitpassesmise run pre-commitcurrently fails inpython:protobecausegrpc_tools.protocis not installed in the local Python environment. Rust formatting and the touched crate test suites passed:cargo fmt --allcargo test -p openshell-server --libcargo test -p openshell-core --libChecklist