Merge pull request #289 from mrunalp/cgroup_config
Add support cgroup config and systemd cgroups
This commit is contained in:
		
						commit
						50a3958e5a
					
				
					 8 changed files with 69 additions and 26 deletions
				
			
		|  | @ -16,6 +16,7 @@ const ( | ||||||
| 	pausePath           = "/usr/libexec/ocid/pause" | 	pausePath           = "/usr/libexec/ocid/pause" | ||||||
| 	seccompProfilePath  = "/etc/ocid/seccomp.json" | 	seccompProfilePath  = "/etc/ocid/seccomp.json" | ||||||
| 	apparmorProfileName = "ocid-default" | 	apparmorProfileName = "ocid-default" | ||||||
|  | 	cgroupManager       = "cgroupfs" | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| var commentedConfigTemplate = template.Must(template.New("config").Parse(` | var commentedConfigTemplate = template.Must(template.New("config").Parse(` | ||||||
|  | @ -69,6 +70,10 @@ seccomp_profile = "{{ .SeccompProfile }}" | ||||||
| # default for the runtime. | # default for the runtime. | ||||||
| apparmor_profile = "{{ .ApparmorProfile }}" | apparmor_profile = "{{ .ApparmorProfile }}" | ||||||
| 
 | 
 | ||||||
|  | # cgroup_manager is the cgroup management implementation to be used | ||||||
|  | # for the runtime. | ||||||
|  | cgroup_manager = "{{ .CgroupManager }}" | ||||||
|  | 
 | ||||||
| # The "ocid.image" table contains settings pertaining to the | # The "ocid.image" table contains settings pertaining to the | ||||||
| # management of OCI images. | # management of OCI images. | ||||||
| [ocid.image] | [ocid.image] | ||||||
|  | @ -102,6 +107,7 @@ func DefaultConfig() *server.Config { | ||||||
| 			SELinux:         selinux.SelinuxEnabled(), | 			SELinux:         selinux.SelinuxEnabled(), | ||||||
| 			SeccompProfile:  seccompProfilePath, | 			SeccompProfile:  seccompProfilePath, | ||||||
| 			ApparmorProfile: apparmorProfileName, | 			ApparmorProfile: apparmorProfileName, | ||||||
|  | 			CgroupManager:   cgroupManager, | ||||||
| 		}, | 		}, | ||||||
| 		ImageConfig: server.ImageConfig{ | 		ImageConfig: server.ImageConfig{ | ||||||
| 			Pause:    pausePath, | 			Pause:    pausePath, | ||||||
|  |  | ||||||
|  | @ -63,6 +63,9 @@ func mergeConfig(config *server.Config, ctx *cli.Context) error { | ||||||
| 	if ctx.GlobalIsSet("apparmor-profile") { | 	if ctx.GlobalIsSet("apparmor-profile") { | ||||||
| 		config.ApparmorProfile = ctx.GlobalString("apparmor-profile") | 		config.ApparmorProfile = ctx.GlobalString("apparmor-profile") | ||||||
| 	} | 	} | ||||||
|  | 	if ctx.GlobalIsSet("cgroup-manager") { | ||||||
|  | 		config.CgroupManager = ctx.GlobalString("cgroup-manager") | ||||||
|  | 	} | ||||||
| 	return nil | 	return nil | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | @ -150,6 +153,10 @@ func main() { | ||||||
| 			Name:  "selinux", | 			Name:  "selinux", | ||||||
| 			Usage: "enable selinux support", | 			Usage: "enable selinux support", | ||||||
| 		}, | 		}, | ||||||
|  | 		cli.StringFlag{ | ||||||
|  | 			Name:  "cgroup-manager", | ||||||
|  | 			Usage: "cgroup manager (cgroupfs or systemd)", | ||||||
|  | 		}, | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	// remove once https://github.com/urfave/cli/pull/544 lands | 	// remove once https://github.com/urfave/cli/pull/544 lands | ||||||
|  |  | ||||||
|  | @ -48,8 +48,15 @@ static inline void closep(int *fd) | ||||||
| 	*fd = -1; | 	*fd = -1; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | static inline void gstring_free_cleanup(GString **string) | ||||||
|  | { | ||||||
|  | 	if (*string) | ||||||
|  | 		g_string_free(*string, TRUE); | ||||||
|  | } | ||||||
|  | 
 | ||||||
| #define _cleanup_free_ _cleanup_(freep) | #define _cleanup_free_ _cleanup_(freep) | ||||||
| #define _cleanup_close_ _cleanup_(closep) | #define _cleanup_close_ _cleanup_(closep) | ||||||
|  | #define _cleanup_gstring_ _cleanup_(gstring_free_cleanup) | ||||||
| 
 | 
 | ||||||
| struct termios tty_orig; | struct termios tty_orig; | ||||||
| 
 | 
 | ||||||
|  | @ -68,6 +75,7 @@ static char *cid = NULL; | ||||||
| static char *runtime_path = NULL; | static char *runtime_path = NULL; | ||||||
| static char *bundle_path = NULL; | static char *bundle_path = NULL; | ||||||
| static char *pid_file = NULL; | static char *pid_file = NULL; | ||||||
|  | static bool systemd_cgroup = false; | ||||||
| static GOptionEntry entries[] = | static GOptionEntry entries[] = | ||||||
| { | { | ||||||
|   { "terminal", 't', 0, G_OPTION_ARG_NONE, &terminal, "Terminal", NULL }, |   { "terminal", 't', 0, G_OPTION_ARG_NONE, &terminal, "Terminal", NULL }, | ||||||
|  | @ -75,13 +83,13 @@ static GOptionEntry entries[] = | ||||||
|   { "runtime", 'r', 0, G_OPTION_ARG_STRING, &runtime_path, "Runtime path", NULL }, |   { "runtime", 'r', 0, G_OPTION_ARG_STRING, &runtime_path, "Runtime path", NULL }, | ||||||
|   { "bundle", 'b', 0, G_OPTION_ARG_STRING, &bundle_path, "Bundle path", NULL }, |   { "bundle", 'b', 0, G_OPTION_ARG_STRING, &bundle_path, "Bundle path", NULL }, | ||||||
|   { "pidfile", 'p', 0, G_OPTION_ARG_STRING, &pid_file, "PID file", NULL }, |   { "pidfile", 'p', 0, G_OPTION_ARG_STRING, &pid_file, "PID file", NULL }, | ||||||
|  |   { "systemd-cgroup", 's', 0, G_OPTION_ARG_NONE, &systemd_cgroup, "Enable systemd cgroup manager", NULL }, | ||||||
|   { NULL } |   { NULL } | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| int main(int argc, char *argv[]) | int main(int argc, char *argv[]) | ||||||
| { | { | ||||||
| 	int ret; | 	int ret; | ||||||
| 	char cmd[CMD_SIZE]; |  | ||||||
| 	char cwd[PATH_MAX]; | 	char cwd[PATH_MAX]; | ||||||
| 	char default_pid_file[PATH_MAX]; | 	char default_pid_file[PATH_MAX]; | ||||||
| 	GError *err = NULL; | 	GError *err = NULL; | ||||||
|  | @ -102,6 +110,7 @@ int main(int argc, char *argv[]) | ||||||
| 	int len; | 	int len; | ||||||
| 	GError *error = NULL; | 	GError *error = NULL; | ||||||
| 	GOptionContext *context; | 	GOptionContext *context; | ||||||
|  | 	_cleanup_gstring_ GString *cmd = NULL; | ||||||
| 
 | 
 | ||||||
| 	/* Command line parameters */ | 	/* Command line parameters */ | ||||||
| 	context = g_option_context_new ("- conmon utility"); | 	context = g_option_context_new ("- conmon utility"); | ||||||
|  | @ -176,15 +185,16 @@ int main(int argc, char *argv[]) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	/* Create the container */ | 	/* Create the container */ | ||||||
| 	if (terminal) { | 	cmd = g_string_new(runtime_path); | ||||||
| 		snprintf(cmd, CMD_SIZE, | 	if (systemd_cgroup) { | ||||||
| 			 "%s create %s --bundle %s --pid-file %s --console %s", | 		g_string_append_printf(cmd, " --systemd-cgroup"); | ||||||
| 			 runtime_path, cid, bundle_path, pid_file, slname); |  | ||||||
| 	} else { |  | ||||||
| 		snprintf(cmd, CMD_SIZE, "%s create %s --bundle %s --pid-file %s", |  | ||||||
| 			 runtime_path, cid, bundle_path, pid_file); |  | ||||||
| 	} | 	} | ||||||
| 	ret = system(cmd); | 	g_string_append_printf(cmd, " create %s --bundle %s --pid-file %s", | ||||||
|  | 			       cid, bundle_path, pid_file); | ||||||
|  | 	if (terminal) { | ||||||
|  | 		g_string_append_printf(cmd, " --console %s", slname); | ||||||
|  | 	} | ||||||
|  | 	ret = system(cmd->str); | ||||||
| 	if (ret != 0) { | 	if (ret != 0) { | ||||||
| 		nexit("Failed to create container"); | 		nexit("Failed to create container"); | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
							
								
								
									
										30
									
								
								oci/oci.go
									
										
									
									
									
								
							
							
						
						
									
										30
									
								
								oci/oci.go
									
										
									
									
									
								
							|  | @ -34,24 +34,26 @@ const ( | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| // New creates a new Runtime with options provided | // New creates a new Runtime with options provided | ||||||
| func New(runtimePath string, containerDir string, conmonPath string, conmonEnv []string) (*Runtime, error) { | func New(runtimePath string, containerDir string, conmonPath string, conmonEnv []string, cgroupManager string) (*Runtime, error) { | ||||||
| 	r := &Runtime{ | 	r := &Runtime{ | ||||||
| 		name:         filepath.Base(runtimePath), | 		name:          filepath.Base(runtimePath), | ||||||
| 		path:         runtimePath, | 		path:          runtimePath, | ||||||
| 		containerDir: containerDir, | 		containerDir:  containerDir, | ||||||
| 		conmonPath:   conmonPath, | 		conmonPath:    conmonPath, | ||||||
| 		conmonEnv:    conmonEnv, | 		conmonEnv:     conmonEnv, | ||||||
|  | 		cgroupManager: cgroupManager, | ||||||
| 	} | 	} | ||||||
| 	return r, nil | 	return r, nil | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| // Runtime stores the information about a oci runtime | // Runtime stores the information about a oci runtime | ||||||
| type Runtime struct { | type Runtime struct { | ||||||
| 	name         string | 	name          string | ||||||
| 	path         string | 	path          string | ||||||
| 	containerDir string | 	containerDir  string | ||||||
| 	conmonPath   string | 	conmonPath    string | ||||||
| 	conmonEnv    []string | 	conmonEnv     []string | ||||||
|  | 	cgroupManager string | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| // syncInfo is used to return data from monitor process to daemon | // syncInfo is used to return data from monitor process to daemon | ||||||
|  | @ -102,7 +104,11 @@ func (r *Runtime) CreateContainer(c *Container) error { | ||||||
| 	} | 	} | ||||||
| 	defer parentPipe.Close() | 	defer parentPipe.Close() | ||||||
| 
 | 
 | ||||||
| 	args := []string{"-c", c.name} | 	var args []string | ||||||
|  | 	if r.cgroupManager == "systemd" { | ||||||
|  | 		args = append(args, "-s") | ||||||
|  | 	} | ||||||
|  | 	args = append(args, "-c", c.name) | ||||||
| 	args = append(args, "-r", r.path) | 	args = append(args, "-r", r.path) | ||||||
| 	args = append(args, "-b", c.bundlePath) | 	args = append(args, "-b", c.bundlePath) | ||||||
| 	args = append(args, "-p", filepath.Join(c.bundlePath, "pidfile")) | 	args = append(args, "-p", filepath.Join(c.bundlePath, "pidfile")) | ||||||
|  |  | ||||||
|  | @ -72,6 +72,10 @@ type RuntimeConfig struct { | ||||||
| 	// ApparmorProfile is the apparmor profile name which is used as the | 	// ApparmorProfile is the apparmor profile name which is used as the | ||||||
| 	// default for the runtime. | 	// default for the runtime. | ||||||
| 	ApparmorProfile string `toml:"apparmor_profile"` | 	ApparmorProfile string `toml:"apparmor_profile"` | ||||||
|  | 
 | ||||||
|  | 	// CgroupManager is the manager implementation name which is used to | ||||||
|  | 	// handle cgroups for containers. | ||||||
|  | 	CgroupManager string `toml:"cgroup_manager"` | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| // ImageConfig represents the "ocid.image" TOML config table. | // ImageConfig represents the "ocid.image" TOML config table. | ||||||
|  |  | ||||||
|  | @ -252,8 +252,12 @@ func (s *Server) createSandboxContainer(containerID string, containerName string | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 		if sb.cgroupParent != "" { | 		if sb.cgroupParent != "" { | ||||||
| 			// NOTE: we only support cgroupfs for now, discussion happens in issue #270. | 			if s.config.CgroupManager == "systemd" { | ||||||
| 			specgen.SetLinuxCgroupsPath(sb.cgroupParent + "/" + containerID) | 				cgPath := sb.cgroupParent + ":" + "ocid" + ":" + containerID | ||||||
|  | 				specgen.SetLinuxCgroupsPath(cgPath) | ||||||
|  | 			} else { | ||||||
|  | 				specgen.SetLinuxCgroupsPath(sb.cgroupParent + "/" + containerID) | ||||||
|  | 			} | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 		capabilities := linux.GetSecurityContext().GetCapabilities() | 		capabilities := linux.GetSecurityContext().GetCapabilities() | ||||||
|  |  | ||||||
|  | @ -245,8 +245,14 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest | ||||||
| 	// setup cgroup settings | 	// setup cgroup settings | ||||||
| 	cgroupParent := req.GetConfig().GetLinux().GetCgroupParent() | 	cgroupParent := req.GetConfig().GetLinux().GetCgroupParent() | ||||||
| 	if cgroupParent != "" { | 	if cgroupParent != "" { | ||||||
| 		// NOTE: we only support cgroupfs for now, discussion happens in issue #270. | 		if s.config.CgroupManager == "systemd" { | ||||||
| 		g.SetLinuxCgroupsPath(cgroupParent + "/" + containerID) | 			cgPath := sb.cgroupParent + ":" + "ocid" + ":" + containerID | ||||||
|  | 			g.SetLinuxCgroupsPath(cgPath) | ||||||
|  | 
 | ||||||
|  | 		} else { | ||||||
|  | 			g.SetLinuxCgroupsPath(sb.cgroupParent + "/" + containerID) | ||||||
|  | 
 | ||||||
|  | 		} | ||||||
| 		sb.cgroupParent = cgroupParent | 		sb.cgroupParent = cgroupParent | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -304,7 +304,7 @@ func New(config *Config) (*Server, error) { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	r, err := oci.New(config.Runtime, config.ContainerDir, config.Conmon, config.ConmonEnv) | 	r, err := oci.New(config.Runtime, config.ContainerDir, config.Conmon, config.ConmonEnv, config.CgroupManager) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue