blurb-of-testing

.github/workflows/test.yaml

@@ -13,6 +13,47 @@ on:
   workflow_dispatch:
 
 jobs:
+  dummy:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: "1"
+        run: |
+          # container_id=$(docker run -d -p 5901:5901 --security-opt seccomp=unconfined quay.io/consideratio/test:turbo vncserver -xstartup /opt/install/jupyter_remote_desktop_proxy/share/xstartup -verbose -fg -geometry 1680x1050 -SecurityTypes None -rfbport 5901)
+          container_id=$(docker run -d -p 5901:5901 -v $(pwd):/mnt/test --security-opt seccomp=unconfined quay.io/consideratio/test:turbo python /mnt/test/dummy-tcp-server.py)
+          sleep 3
+
+          # echo "::group::Installing netcat (inside container)"
+          # docker exec --user root $container_id bash -c '
+          #   apt update
+          #   apt install -y netcat
+          # '
+          # echo "::endgroup::"
+
+          echo "::group::Testing vncserver with netcat (inside container)"
+          docker exec $container_id bash -c 'timeout --preserve-status 1 nc -v localhost 5901' 2>&1 | tee output-inside.txt
+          cat output-inside.txt  | grep --quiet RFB && echo "Passed inside test"  || { echo "Failed inside test" && TEST_OK=false; }
+          echo "::endgroup::"
+
+          echo "::group::Testing vncserver with netcat (outside container)"
+          timeout --preserve-status 1 nc -v localhost 5901 2>&1 | tee output-outside.txt
+          cat output-outside.txt | grep --quiet RFB && echo "Passed outside test" || { echo "Failed outside test" && TEST_OK=false; }
+          echo "::endgroup::"
+
+          # echo "::group::vncserver logs"
+          # docker exec $container_id bash -c "cat ~/.vnc/*.log"
+          # echo "::endgroup::"
+
+          docker logs $container_id
+          docker stop $container_id > /dev/null
+          if [ "$TEST_OK" == "false" ]; then
+              echo "One or more tests failed!"
+              exit 1
+          fi
+      # - name: 2
+      #   run: |
+
+
+
   container:
     runs-on: ubuntu-22.04
     timeout-minutes: 10
@@ -64,7 +105,7 @@ jobs:
         if: always()
         run: |
           container_id=$(docker run -d -p 5901:5901 --security-opt seccomp=unconfined ${{ matrix.image }} vncserver -xstartup /opt/install/jupyter_remote_desktop_proxy/share/xstartup -verbose -fg -geometry 1680x1050 -SecurityTypes None -rfbport 5901)
-          sleep 5
+          sleep 1
 
           # echo "::group::Installing netcat (inside container)"
           # docker exec --user root $container_id bash -c '
@@ -108,12 +149,12 @@ jobs:
           # echo "::endgroup::"
 
           echo "::group::Testing websockify'ed vncserver with websocat (inside container)"
-          docker exec $container_id bash -c 'websocat -vv --no-async-stdio --binary --one-message --exit-on-eof "ws://localhost:5901/"' 2>&1 | tee output-inside.txt
+          docker exec $container_id bash -c 'websocat --binary --one-message --exit-on-eof "ws://localhost:5901/"' 2>&1 | tee output-inside.txt
           cat output-inside.txt  | grep --quiet RFB && echo "Passed inside test"  || { echo "Failed inside test" && TEST_OK=false; }
           echo "::endgroup::"
 
           echo "::group::Testing websockify'ed vncserver with websocat (outside container)"
-          websocat -vv --no-async-stdio --binary --one-message --exit-on-eof "ws://localhost:5901/" 2>&1 | tee output-outside.txt
+          websocat --binary --one-message --exit-on-eof "ws://localhost:5901/" 2>&1 | tee output-outside.txt
           cat output-outside.txt | grep --quiet RFB && echo "Passed outside test" || { echo "Failed outside test" && TEST_OK=false; }
           echo "::endgroup::"
 
@@ -146,8 +187,8 @@ jobs:
           echo "::endgroup::"
 
           echo "::group::Testing /desktop-websockify/ to return a vncserver typical response, accepting one initial test failure"
-          websocat --no-async-stdio --binary --one-message --exit-on-eof 'ws://localhost:8888/desktop-websockify/?token=secret' | grep --quiet RFB && echo "Passed initial websocket test" || { \
-            echo "Failed initial websocket test" && sleep 3 && websocat -vv --no-async-stdio --binary --one-message --exit-on-eof 'ws://localhost:8888/desktop-websockify/?token=secret' | tee /dev/tty | grep --quiet RFB && echo "Passed second websocket test" || { echo "Failed second websocket test" && TEST_OK=false; } \
+          websocat --binary --one-message --exit-on-eof 'ws://localhost:8888/desktop-websockify/?token=secret' | grep --quiet RFB && echo "Passed initial websocket test" || { \
+            echo "Failed initial websocket test" && sleep 3 && websocat --binary --one-message --exit-on-eof 'ws://localhost:8888/desktop-websockify/?token=secret' | tee /dev/tty | grep --quiet RFB && echo "Passed second websocket test" || { echo "Failed second websocket test" && TEST_OK=false; } \
           }
           echo "::endgroup::"
 

1.sh

@@ -1,5 +1,6 @@
-container_id=$(docker run -d -p 5901:5901 --security-opt seccomp=unconfined quay.io/consideratio/test:turbo vncserver -xstartup /opt/install/jupyter_remote_desktop_proxy/share/xstartup -verbose -fg -geometry 1680x1050 -SecurityTypes None -rfbport 5901)
-sleep 5
+# container_id=$(docker run -d -p 5901:5901 --security-opt seccomp=unconfined quay.io/consideratio/test:turbo vncserver -xstartup /opt/install/jupyter_remote_desktop_proxy/share/xstartup -verbose -fg -geometry 1680x1050 -SecurityTypes None -rfbport 5901)
+container_id=$(docker run -d -p 5901:5901 -v $(pwd):/mnt/test --security-opt seccomp=unconfined quay.io/consideratio/test:turbo python /mnt/test/dummy-tcp-server.py)
+sleep 3
 
 # echo "::group::Installing netcat (inside container)"
 # docker exec --user root $container_id bash -c '
@@ -22,8 +23,9 @@ echo "::endgroup::"
 # docker exec $container_id bash -c "cat ~/.vnc/*.log"
 # echo "::endgroup::"
 
+docker logs $container_id
 docker stop $container_id > /dev/null
 if [ "$TEST_OK" == "false" ]; then
     echo "One or more tests failed!"
     exit 1
-fi
+fi

2.sh

@@ -1,4 +1,5 @@
-container_id=$(docker run -d -p 5901:5901 --security-opt seccomp=unconfined quay.io/consideratio/test:turbo websockify --verbose --log-file=/tmp/websockify.log --heartbeat=30 5901 -- vncserver -xstartup /opt/install/jupyter_remote_desktop_proxy/share/xstartup -verbose -fg -geometry 1680x1050 -SecurityTypes None -rfbport 5901)
+# container_id=$(docker run -d -p 5901:5901 --security-opt seccomp=unconfined quay.io/consideratio/test:turbo websockify --verbose --log-file=/tmp/websockify.log --heartbeat=30 5901 -- vncserver -xstartup /opt/install/jupyter_remote_desktop_proxy/share/xstartup -verbose -fg -geometry 1680x1050 -SecurityTypes None -rfbport 5901)
+container_id=$(docker run -d -p 5901:5901 -v $(pwd):/mnt/test --security-opt seccomp=unconfined quay.io/consideratio/test:turbo websockify --verbose --log-file=/tmp/websockify.log --heartbeat=30 5901 -- python /mnt/test/dummy-tcp-server.py)
 sleep 3
 
 # echo "::group::Installing websocat (inside container)"
@@ -10,12 +11,12 @@ sleep 3
 # echo "::endgroup::"
 
 echo "::group::Testing websockify'ed vncserver with websocat (inside container)"
-docker exec $container_id bash -c 'websocat -vv --no-async-stdio --binary --one-message --exit-on-eof "ws://localhost:5901/"' 2>&1 | tee output-inside.txt
+docker exec $container_id bash -c 'websocat --binary --one-message --exit-on-eof "ws://localhost:5901/"' 2>&1 | tee output-inside.txt
 cat output-inside.txt  | grep --quiet RFB && echo "Passed inside test"  || { echo "Failed inside test" && TEST_OK=false; }
 echo "::endgroup::"
 
 echo "::group::Testing websockify'ed vncserver with websocat (outside container)"
-websocat -vv --no-async-stdio --binary --one-message --exit-on-eof "ws://localhost:5901/" 2>&1 | tee output-outside.txt
+websocat --binary --one-message --exit-on-eof "ws://localhost:5901/" 2>&1 | tee output-outside.txt
 cat output-outside.txt | grep --quiet RFB && echo "Passed outside test" || { echo "Failed outside test" && TEST_OK=false; }
 echo "::endgroup::"
 

3.sh

@@ -10,8 +10,8 @@ curl --silent --fail 'http://localhost:8888/desktop/static/dist/viewer.js?token=
 echo "::endgroup::"
 
 echo "::group::Testing /desktop-websockify/ to return a vncserver typical response, accepting one initial test failure"
-websocat --no-async-stdio --binary --one-message --exit-on-eof 'ws://localhost:8888/desktop-websockify/?token=secret' | grep --quiet RFB && echo "Passed initial websocket test" || { \
-    echo "Failed initial websocket test" && sleep 3 && websocat -vv --no-async-stdio --binary --one-message --exit-on-eof 'ws://localhost:8888/desktop-websockify/?token=secret' | tee /dev/tty | grep --quiet RFB && echo "Passed second websocket test" || { echo "Failed second websocket test" && TEST_OK=false; } \
+websocat --binary --one-message --exit-on-eof 'ws://localhost:8888/desktop-websockify/?token=secret' | grep --quiet RFB && echo "Passed initial websocket test" || { \
+    echo "Failed initial websocket test" && sleep 3 && websocat --binary --one-message --exit-on-eof 'ws://localhost:8888/desktop-websockify/?token=secret' | tee /dev/tty | grep --quiet RFB && echo "Passed second websocket test" || { echo "Failed second websocket test" && TEST_OK=false; } \
 }
 echo "::endgroup::"
 

findings.md

@@ -0,0 +1,15 @@
+Findings:
+- Listens to either localhost or public by default
+- Different flags needs to be used
+  - Tiger's default from local can be changed with "-localhost no --I-KNOW-THIS-IS-INSECURE"
+  - Turbo's default from public can be changed with "-localhost"
+- Connecting from inside a container is to connect from 127.0.0.1, but outside
+  is to connect from 172 at least on my computer's docker network, which means
+  that we can be influenced by this when testing.
+- When websockify is involved, it becomes complicated to either connect from
+  within or outside an container. I don't understand the details yet, but it
+  seems that configuring what it listens to has an impact to pass inside and/or
+  outside.
+- Connecting via jupyter-server-proxy often require a second attempt, likely due
+  to https://github.com/jupyterhub/jupyter-server-proxy/issues/459 and letting a
+  websocket handshake finalize before its finalized against the proxied backend.