Run conmon under cgroups (systemd)

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-03-06 15:08:46 -08:00 · 2017-03-06 15:08:46 -08:00 · 8c0ff7d904
commit 8c0ff7d904
parent 3195f45904
3 changed files with 19 additions and 5 deletions
--- a/oci/oci.go
+++ b/oci/oci.go
@ -103,7 +103,7 @@ func getOCIVersion(name string, args ...string) (string, error) {
 }
 // CreateContainer creates a container.
-func (r *Runtime) CreateContainer(c *Container) error {
+func (r *Runtime) CreateContainer(c *Container, cgroupParent string) error {
 	parentPipe, childPipe, err := newPipe()
 	if err != nil {
 		return fmt.Errorf("error creating socket pair: %v", err)
@ -143,6 +143,16 @@ func (r *Runtime) CreateContainer(c *Container) error {
 	// We don't need childPipe on the parent side
 	childPipe.Close()
 	// Move conmon to specified cgroup
 	if cgroupParent != "" {
 		if r.cgroupManager == "systemd" {
 			logrus.Infof("Running conmon under slice %s and unitName %s", cgroupParent, createUnitName("ocid", c.name))
 			if err := utils.RunUnderSystemdScope(cmd.Process.Pid, cgroupParent, createUnitName("ocid", c.name)); err != nil {
 				logrus.Warnf("Failed to add conmon to sandbox cgroup: %v", err)
 			}
 		}
 	}
 	// Wait to get container pid from conmon
 	// TODO(mrunalp): Add a timeout here
 	var si *syncInfo
@ -153,6 +163,10 @@ func (r *Runtime) CreateContainer(c *Container) error {
 	return nil
 }
 func createUnitName(prefix string, name string) string {
 	return fmt.Sprintf("%s-%s.scope", prefix, name)
 }
 // StartContainer starts a container.
 func (r *Runtime) StartContainer(c *Container) error {
 	c.opLock.Lock()
--- a/server/container_create.go
+++ b/server/container_create.go
@ -111,7 +111,7 @@ func (s *Server) CreateContainer(ctx context.Context, req *pb.CreateContainerReq
 		}
 	}()
-	if err = s.runtime.CreateContainer(container); err != nil {
+	if err = s.runtime.CreateContainer(container, sb.cgroupParent); err != nil {
 		return nil, err
 	}
--- a/server/sandbox_run.go
+++ b/server/sandbox_run.go
@ -43,8 +43,8 @@ func (s *Server) privilegedSandbox(req *pb.RunPodSandboxRequest) bool {
 	return false
 }
-func (s *Server) runContainer(container *oci.Container) error {
+func (s *Server) runContainer(container *oci.Container, cgroupParent string) error {
-	if err := s.runtime.CreateContainer(container); err != nil {
+	if err := s.runtime.CreateContainer(container, cgroupParent); err != nil {
 		return err
 	}
@ -389,7 +389,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 		}
 	}
-	if err = s.runContainer(container); err != nil {
+	if err = s.runContainer(container, sb.cgroupParent); err != nil {
 		return nil, err
 	}