Run conmon under cgroups (systemd)
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
This commit is contained in:
parent
3195f45904
commit
8c0ff7d904
3 changed files with 19 additions and 5 deletions
16
oci/oci.go
16
oci/oci.go
|
@ -103,7 +103,7 @@ func getOCIVersion(name string, args ...string) (string, error) {
|
|||
}
|
||||
|
||||
// CreateContainer creates a container.
|
||||
func (r *Runtime) CreateContainer(c *Container) error {
|
||||
func (r *Runtime) CreateContainer(c *Container, cgroupParent string) error {
|
||||
parentPipe, childPipe, err := newPipe()
|
||||
if err != nil {
|
||||
return fmt.Errorf("error creating socket pair: %v", err)
|
||||
|
@ -143,6 +143,16 @@ func (r *Runtime) CreateContainer(c *Container) error {
|
|||
// We don't need childPipe on the parent side
|
||||
childPipe.Close()
|
||||
|
||||
// Move conmon to specified cgroup
|
||||
if cgroupParent != "" {
|
||||
if r.cgroupManager == "systemd" {
|
||||
logrus.Infof("Running conmon under slice %s and unitName %s", cgroupParent, createUnitName("ocid", c.name))
|
||||
if err := utils.RunUnderSystemdScope(cmd.Process.Pid, cgroupParent, createUnitName("ocid", c.name)); err != nil {
|
||||
logrus.Warnf("Failed to add conmon to sandbox cgroup: %v", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Wait to get container pid from conmon
|
||||
// TODO(mrunalp): Add a timeout here
|
||||
var si *syncInfo
|
||||
|
@ -153,6 +163,10 @@ func (r *Runtime) CreateContainer(c *Container) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func createUnitName(prefix string, name string) string {
|
||||
return fmt.Sprintf("%s-%s.scope", prefix, name)
|
||||
}
|
||||
|
||||
// StartContainer starts a container.
|
||||
func (r *Runtime) StartContainer(c *Container) error {
|
||||
c.opLock.Lock()
|
||||
|
|
|
@ -111,7 +111,7 @@ func (s *Server) CreateContainer(ctx context.Context, req *pb.CreateContainerReq
|
|||
}
|
||||
}()
|
||||
|
||||
if err = s.runtime.CreateContainer(container); err != nil {
|
||||
if err = s.runtime.CreateContainer(container, sb.cgroupParent); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
|
@ -43,8 +43,8 @@ func (s *Server) privilegedSandbox(req *pb.RunPodSandboxRequest) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
func (s *Server) runContainer(container *oci.Container) error {
|
||||
if err := s.runtime.CreateContainer(container); err != nil {
|
||||
func (s *Server) runContainer(container *oci.Container, cgroupParent string) error {
|
||||
if err := s.runtime.CreateContainer(container, cgroupParent); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
@ -389,7 +389,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
}
|
||||
}
|
||||
|
||||
if err = s.runContainer(container); err != nil {
|
||||
if err = s.runContainer(container, sb.cgroupParent); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue