Merge pull request #289 from mrunalp/cgroup_config

Add support cgroup config and systemd cgroups
2016-12-20 09:26:07 +01:00 · 2016-12-20 09:26:07 +01:00 · 50a3958e5a
commit 50a3958e5a
parent a7190853b6 6df58df215
8 changed files with 69 additions and 26 deletions
--- a/cmd/server/config.go
+++ b/cmd/server/config.go
@ -16,6 +16,7 @@ const (
 	pausePath           = "/usr/libexec/ocid/pause"
 	seccompProfilePath  = "/etc/ocid/seccomp.json"
 	apparmorProfileName = "ocid-default"
 	cgroupManager       = "cgroupfs"
 )
 var commentedConfigTemplate = template.Must(template.New("config").Parse(`
@ -69,6 +70,10 @@ seccomp_profile = "{{ .SeccompProfile }}"
 # default for the runtime.
 apparmor_profile = "{{ .ApparmorProfile }}"
 # cgroup_manager is the cgroup management implementation to be used
 # for the runtime.
 cgroup_manager = "{{ .CgroupManager }}"
 # The "ocid.image" table contains settings pertaining to the
 # management of OCI images.
 [ocid.image]
@ -102,6 +107,7 @@ func DefaultConfig() *server.Config {
 			SELinux:         selinux.SelinuxEnabled(),
 			SeccompProfile:  seccompProfilePath,
 			ApparmorProfile: apparmorProfileName,
 			CgroupManager:   cgroupManager,
 		},
 		ImageConfig: server.ImageConfig{
 			Pause:    pausePath,
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@ -63,6 +63,9 @@ func mergeConfig(config *server.Config, ctx *cli.Context) error {
 	if ctx.GlobalIsSet("apparmor-profile") {
 		config.ApparmorProfile = ctx.GlobalString("apparmor-profile")
 	}
 	if ctx.GlobalIsSet("cgroup-manager") {
 		config.CgroupManager = ctx.GlobalString("cgroup-manager")
 	}
 	return nil
 }
@ -150,6 +153,10 @@ func main() {
 			Name:  "selinux",
 			Usage: "enable selinux support",
 		},
 		cli.StringFlag{
 			Name:  "cgroup-manager",
 			Usage: "cgroup manager (cgroupfs or systemd)",
 		},
 	}
 	// remove once https://github.com/urfave/cli/pull/544 lands
--- a/conmon/conmon.c
+++ b/conmon/conmon.c
@ -48,8 +48,15 @@ static inline void closep(int *fd)
 	*fd = -1;
 }
 static inline void gstring_free_cleanup(GString **string)
 {
 	if (*string)
 		g_string_free(*string, TRUE);
 }
 #define _cleanup_free_ _cleanup_(freep)
 #define _cleanup_close_ _cleanup_(closep)
 #define _cleanup_gstring_ _cleanup_(gstring_free_cleanup)
 struct termios tty_orig;
@ -68,6 +75,7 @@ static char *cid = NULL;
 static char *runtime_path = NULL;
 static char *bundle_path = NULL;
 static char *pid_file = NULL;
 static bool systemd_cgroup = false;
 static GOptionEntry entries[] =
 {
  { "terminal", 't', 0, G_OPTION_ARG_NONE, &terminal, "Terminal", NULL },
@ -75,13 +83,13 @@ static GOptionEntry entries[] =
  { "runtime", 'r', 0, G_OPTION_ARG_STRING, &runtime_path, "Runtime path", NULL },
  { "bundle", 'b', 0, G_OPTION_ARG_STRING, &bundle_path, "Bundle path", NULL },
  { "pidfile", 'p', 0, G_OPTION_ARG_STRING, &pid_file, "PID file", NULL },
  { "systemd-cgroup", 's', 0, G_OPTION_ARG_NONE, &systemd_cgroup, "Enable systemd cgroup manager", NULL },
  { NULL }
 };
 int main(int argc, char *argv[])
 {
 	int ret;
 	char cmd[CMD_SIZE];
 	char cwd[PATH_MAX];
 	char default_pid_file[PATH_MAX];
 	GError *err = NULL;
@ -102,6 +110,7 @@ int main(int argc, char *argv[])
 	int len;
 	GError *error = NULL;
 	GOptionContext *context;
 	_cleanup_gstring_ GString *cmd = NULL;
 	/* Command line parameters */
 	context = g_option_context_new ("- conmon utility");
@ -176,15 +185,16 @@ int main(int argc, char *argv[])
 	}
 	/* Create the container */
-	if (terminal) {
+	cmd = g_string_new(runtime_path);
-		snprintf(cmd, CMD_SIZE,
+	if (systemd_cgroup) {
-			 "%s create %s --bundle %s --pid-file %s --console %s",
+		g_string_append_printf(cmd, " --systemd-cgroup");
 			 runtime_path, cid, bundle_path, pid_file, slname);
 	} else {
 		snprintf(cmd, CMD_SIZE, "%s create %s --bundle %s --pid-file %s",
 			 runtime_path, cid, bundle_path, pid_file);
 	}
-	ret = system(cmd);
+	g_string_append_printf(cmd, " create %s --bundle %s --pid-file %s",
 			       cid, bundle_path, pid_file);
 	if (terminal) {
 		g_string_append_printf(cmd, " --console %s", slname);
 	}
 	ret = system(cmd->str);
 	if (ret != 0) {
 		nexit("Failed to create container");
 	}
--- a/oci/oci.go
+++ b/oci/oci.go
@ -34,24 +34,26 @@ const (
 )
 // New creates a new Runtime with options provided
-func New(runtimePath string, containerDir string, conmonPath string, conmonEnv []string) (*Runtime, error) {
+func New(runtimePath string, containerDir string, conmonPath string, conmonEnv []string, cgroupManager string) (*Runtime, error) {
 	r := &Runtime{
-		name:         filepath.Base(runtimePath),
+		name:          filepath.Base(runtimePath),
-		path:         runtimePath,
+		path:          runtimePath,
-		containerDir: containerDir,
+		containerDir:  containerDir,
-		conmonPath:   conmonPath,
+		conmonPath:    conmonPath,
-		conmonEnv:    conmonEnv,
+		conmonEnv:     conmonEnv,
 		cgroupManager: cgroupManager,
 	}
 	return r, nil
 }
 // Runtime stores the information about a oci runtime
 type Runtime struct {
-	name         string
+	name          string
-	path         string
+	path          string
-	containerDir string
+	containerDir  string
-	conmonPath   string
+	conmonPath    string
-	conmonEnv    []string
+	conmonEnv     []string
 	cgroupManager string
 }
 // syncInfo is used to return data from monitor process to daemon
@ -102,7 +104,11 @@ func (r *Runtime) CreateContainer(c *Container) error {
 	}
 	defer parentPipe.Close()
-	args := []string{"-c", c.name}
+	var args []string
 	if r.cgroupManager == "systemd" {
 		args = append(args, "-s")
 	}
 	args = append(args, "-c", c.name)
 	args = append(args, "-r", r.path)
 	args = append(args, "-b", c.bundlePath)
 	args = append(args, "-p", filepath.Join(c.bundlePath, "pidfile"))
--- a/server/config.go
+++ b/server/config.go
@ -72,6 +72,10 @@ type RuntimeConfig struct {
 	// ApparmorProfile is the apparmor profile name which is used as the
 	// default for the runtime.
 	ApparmorProfile string `toml:"apparmor_profile"`
 	// CgroupManager is the manager implementation name which is used to
 	// handle cgroups for containers.
 	CgroupManager string `toml:"cgroup_manager"`
 }
 // ImageConfig represents the "ocid.image" TOML config table.
--- a/server/container_create.go
+++ b/server/container_create.go
@ -252,8 +252,12 @@ func (s *Server) createSandboxContainer(containerID string, containerName string
 		}
 		if sb.cgroupParent != "" {
-			// NOTE: we only support cgroupfs for now, discussion happens in issue #270.
+			if s.config.CgroupManager == "systemd" {
-			specgen.SetLinuxCgroupsPath(sb.cgroupParent + "/" + containerID)
+				cgPath := sb.cgroupParent + ":" + "ocid" + ":" + containerID
 				specgen.SetLinuxCgroupsPath(cgPath)
 			} else {
 				specgen.SetLinuxCgroupsPath(sb.cgroupParent + "/" + containerID)
 			}
 		}
 		capabilities := linux.GetSecurityContext().GetCapabilities()
--- a/server/sandbox_run.go
+++ b/server/sandbox_run.go
@ -245,8 +245,14 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 	// setup cgroup settings
 	cgroupParent := req.GetConfig().GetLinux().GetCgroupParent()
 	if cgroupParent != "" {
-		// NOTE: we only support cgroupfs for now, discussion happens in issue #270.
+		if s.config.CgroupManager == "systemd" {
-		g.SetLinuxCgroupsPath(cgroupParent + "/" + containerID)
+			cgPath := sb.cgroupParent + ":" + "ocid" + ":" + containerID
 			g.SetLinuxCgroupsPath(cgPath)
 		} else {
 			g.SetLinuxCgroupsPath(sb.cgroupParent + "/" + containerID)
 		}
 		sb.cgroupParent = cgroupParent
 	}
--- a/server/server.go
+++ b/server/server.go
@ -304,7 +304,7 @@ func New(config *Config) (*Server, error) {
 		return nil, err
 	}
-	r, err := oci.New(config.Runtime, config.ContainerDir, config.Conmon, config.ConmonEnv)
+	r, err := oci.New(config.Runtime, config.ContainerDir, config.Conmon, config.ConmonEnv, config.CgroupManager)
 	if err != nil {
 		return nil, err
 	}