Browse code
Merge pull request #5354 from alexlarsson/cgroups-systemd-fixes
cgroups: Update systemd to match fs backend
Guillaume J. Charmes authored on 2014/05/06 08:00:56Showing 4 changed files
- daemon/execdriver/native/configuration/parse.go
- pkg/cgroups/cgroups.go
- pkg/cgroups/systemd/apply_nosystemd.go
- pkg/cgroups/systemd/apply_systemd.go
| ... | ... |
@@ -28,6 +28,8 @@ var actions = map[string]Action{
|
| 28 | 28 |
"cgroups.memory_swap": memorySwap, // set the memory swap limit |
| 29 | 29 |
"cgroups.cpuset.cpus": cpusetCpus, // set the cpus used |
| 30 | 30 |
|
| 31 |
+ "systemd.slice": systemdSlice, // set parent Slice used for systemd unit |
|
| 32 |
+ |
|
| 31 | 33 |
"apparmor_profile": apparmorProfile, // set the apparmor profile to apply |
| 32 | 34 |
|
| 33 | 35 |
"fs.readonly": readonlyFs, // make the rootfs of the container read only |
| ... | ... |
@@ -42,6 +44,15 @@ func cpusetCpus(container *libcontainer.Container, context interface{}, value st
|
| 42 | 42 |
return nil |
| 43 | 43 |
} |
| 44 | 44 |
|
| 45 |
+func systemdSlice(container *libcontainer.Container, context interface{}, value string) error {
|
|
| 46 |
+ if container.Cgroups == nil {
|
|
| 47 |
+ return fmt.Errorf("cannot set slice when cgroups are disabled")
|
|
| 48 |
+ } |
|
| 49 |
+ container.Cgroups.Slice = value |
|
| 50 |
+ |
|
| 51 |
+ return nil |
|
| 52 |
+} |
|
| 53 |
+ |
|
| 45 | 54 |
func apparmorProfile(container *libcontainer.Container, context interface{}, value string) error {
|
| 46 | 55 |
container.Context["apparmor_profile"] = value |
| 47 | 56 |
return nil |
| ... | ... |
@@ -22,7 +22,7 @@ type Cgroup struct {
|
| 22 | 22 |
CpusetCpus string `json:"cpuset_cpus,omitempty"` // CPU to use |
| 23 | 23 |
Freezer string `json:"freezer,omitempty"` // set the freeze value for the process |
| 24 | 24 |
|
| 25 |
- UnitProperties [][2]string `json:"unit_properties,omitempty"` // systemd unit properties |
|
| 25 |
+ Slice string `json:"slice,omitempty"` // Parent slice to use for systemd |
|
| 26 | 26 |
} |
| 27 | 27 |
|
| 28 | 28 |
type ActiveCgroup interface {
|
| ... | ... |
@@ -3,9 +3,10 @@ |
| 3 | 3 |
package systemd |
| 4 | 4 |
|
| 5 | 5 |
import ( |
| 6 |
- "fmt" |
|
| 7 | 6 |
"io/ioutil" |
| 7 |
+ "os" |
|
| 8 | 8 |
"path/filepath" |
| 9 |
+ "strconv" |
|
| 9 | 10 |
"strings" |
| 10 | 11 |
"sync" |
| 11 | 12 |
|
| ... | ... |
@@ -16,6 +17,7 @@ import ( |
| 16 | 16 |
) |
| 17 | 17 |
|
| 18 | 18 |
type systemdCgroup struct {
|
| 19 |
+ cleanupDirs []string |
|
| 19 | 20 |
} |
| 20 | 21 |
|
| 21 | 22 |
type DeviceAllow struct {
|
| ... | ... |
@@ -69,20 +71,42 @@ func getIfaceForUnit(unitName string) string {
|
| 69 | 69 |
return "Unit" |
| 70 | 70 |
} |
| 71 | 71 |
|
| 72 |
+type cgroupArg struct {
|
|
| 73 |
+ File string |
|
| 74 |
+ Value string |
|
| 75 |
+} |
|
| 76 |
+ |
|
| 72 | 77 |
func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) {
|
| 73 | 78 |
var ( |
| 74 | 79 |
unitName = c.Parent + "-" + c.Name + ".scope" |
| 75 | 80 |
slice = "system.slice" |
| 76 | 81 |
properties []systemd1.Property |
| 82 |
+ cpuArgs []cgroupArg |
|
| 83 |
+ cpusetArgs []cgroupArg |
|
| 84 |
+ memoryArgs []cgroupArg |
|
| 85 |
+ res systemdCgroup |
|
| 77 | 86 |
) |
| 78 | 87 |
|
| 79 |
- for _, v := range c.UnitProperties {
|
|
| 80 |
- switch v[0] {
|
|
| 81 |
- case "Slice": |
|
| 82 |
- slice = v[1] |
|
| 83 |
- default: |
|
| 84 |
- return nil, fmt.Errorf("Unknown unit propery %s", v[0])
|
|
| 88 |
+ // First set up things not supported by systemd |
|
| 89 |
+ |
|
| 90 |
+ // -1 disables memorySwap |
|
| 91 |
+ if c.MemorySwap >= 0 && (c.Memory != 0 || c.MemorySwap > 0) {
|
|
| 92 |
+ memorySwap := c.MemorySwap |
|
| 93 |
+ |
|
| 94 |
+ if memorySwap == 0 {
|
|
| 95 |
+ // By default, MemorySwap is set to twice the size of RAM. |
|
| 96 |
+ memorySwap = c.Memory * 2 |
|
| 85 | 97 |
} |
| 98 |
+ |
|
| 99 |
+ memoryArgs = append(memoryArgs, cgroupArg{"memory.memsw.limit_in_bytes", strconv.FormatInt(memorySwap, 10)})
|
|
| 100 |
+ } |
|
| 101 |
+ |
|
| 102 |
+ if c.CpusetCpus != "" {
|
|
| 103 |
+ cpusetArgs = append(cpusetArgs, cgroupArg{"cpuset.cpus", c.CpusetCpus})
|
|
| 104 |
+ } |
|
| 105 |
+ |
|
| 106 |
+ if c.Slice != "" {
|
|
| 107 |
+ slice = c.Slice |
|
| 86 | 108 |
} |
| 87 | 109 |
|
| 88 | 110 |
properties = append(properties, |
| ... | ... |
@@ -111,11 +135,12 @@ func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) {
|
| 111 | 111 |
})}) |
| 112 | 112 |
} |
| 113 | 113 |
|
| 114 |
- // Always enable accounting, this gets us the same behaviour as the raw implementation, |
|
| 114 |
+ // Always enable accounting, this gets us the same behaviour as the fs implementation, |
|
| 115 | 115 |
// plus the kernel has some problems with joining the memory cgroup at a later time. |
| 116 | 116 |
properties = append(properties, |
| 117 | 117 |
systemd1.Property{"MemoryAccounting", dbus.MakeVariant(true)},
|
| 118 |
- systemd1.Property{"CPUAccounting", dbus.MakeVariant(true)})
|
|
| 118 |
+ systemd1.Property{"CPUAccounting", dbus.MakeVariant(true)},
|
|
| 119 |
+ systemd1.Property{"BlockIOAccounting", dbus.MakeVariant(true)})
|
|
| 119 | 120 |
|
| 120 | 121 |
if c.Memory != 0 {
|
| 121 | 122 |
properties = append(properties, |
| ... | ... |
@@ -162,10 +187,114 @@ func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) {
|
| 162 | 162 |
return nil, err |
| 163 | 163 |
} |
| 164 | 164 |
} |
| 165 |
- return &systemdCgroup{}, nil
|
|
| 165 |
+ |
|
| 166 |
+ if len(cpuArgs) != 0 {
|
|
| 167 |
+ mountpoint, err := cgroups.FindCgroupMountpoint("cpu")
|
|
| 168 |
+ if err != nil {
|
|
| 169 |
+ return nil, err |
|
| 170 |
+ } |
|
| 171 |
+ |
|
| 172 |
+ path := filepath.Join(mountpoint, cgroup) |
|
| 173 |
+ |
|
| 174 |
+ for _, arg := range cpuArgs {
|
|
| 175 |
+ if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil {
|
|
| 176 |
+ return nil, err |
|
| 177 |
+ } |
|
| 178 |
+ } |
|
| 179 |
+ } |
|
| 180 |
+ |
|
| 181 |
+ if len(memoryArgs) != 0 {
|
|
| 182 |
+ mountpoint, err := cgroups.FindCgroupMountpoint("memory")
|
|
| 183 |
+ if err != nil {
|
|
| 184 |
+ return nil, err |
|
| 185 |
+ } |
|
| 186 |
+ |
|
| 187 |
+ path := filepath.Join(mountpoint, cgroup) |
|
| 188 |
+ |
|
| 189 |
+ for _, arg := range memoryArgs {
|
|
| 190 |
+ if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil {
|
|
| 191 |
+ return nil, err |
|
| 192 |
+ } |
|
| 193 |
+ } |
|
| 194 |
+ } |
|
| 195 |
+ |
|
| 196 |
+ if len(cpusetArgs) != 0 {
|
|
| 197 |
+ // systemd does not atm set up the cpuset controller, so we must manually |
|
| 198 |
+ // join it. Additionally that is a very finicky controller where each |
|
| 199 |
+ // level must have a full setup as the default for a new directory is "no cpus", |
|
| 200 |
+ // so we avoid using any hierarchies here, creating a toplevel directory. |
|
| 201 |
+ mountpoint, err := cgroups.FindCgroupMountpoint("cpuset")
|
|
| 202 |
+ if err != nil {
|
|
| 203 |
+ return nil, err |
|
| 204 |
+ } |
|
| 205 |
+ initPath, err := cgroups.GetInitCgroupDir("cpuset")
|
|
| 206 |
+ if err != nil {
|
|
| 207 |
+ return nil, err |
|
| 208 |
+ } |
|
| 209 |
+ |
|
| 210 |
+ rootPath := filepath.Join(mountpoint, initPath) |
|
| 211 |
+ |
|
| 212 |
+ path := filepath.Join(mountpoint, initPath, c.Parent+"-"+c.Name) |
|
| 213 |
+ |
|
| 214 |
+ res.cleanupDirs = append(res.cleanupDirs, path) |
|
| 215 |
+ |
|
| 216 |
+ if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
|
|
| 217 |
+ return nil, err |
|
| 218 |
+ } |
|
| 219 |
+ |
|
| 220 |
+ foundCpus := false |
|
| 221 |
+ foundMems := false |
|
| 222 |
+ |
|
| 223 |
+ for _, arg := range cpusetArgs {
|
|
| 224 |
+ if arg.File == "cpuset.cpus" {
|
|
| 225 |
+ foundCpus = true |
|
| 226 |
+ } |
|
| 227 |
+ if arg.File == "cpuset.mems" {
|
|
| 228 |
+ foundMems = true |
|
| 229 |
+ } |
|
| 230 |
+ if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil {
|
|
| 231 |
+ return nil, err |
|
| 232 |
+ } |
|
| 233 |
+ } |
|
| 234 |
+ |
|
| 235 |
+ // These are required, if not specified inherit from parent |
|
| 236 |
+ if !foundCpus {
|
|
| 237 |
+ s, err := ioutil.ReadFile(filepath.Join(rootPath, "cpuset.cpus")) |
|
| 238 |
+ if err != nil {
|
|
| 239 |
+ return nil, err |
|
| 240 |
+ } |
|
| 241 |
+ |
|
| 242 |
+ if err := ioutil.WriteFile(filepath.Join(path, "cpuset.cpus"), s, 0700); err != nil {
|
|
| 243 |
+ return nil, err |
|
| 244 |
+ } |
|
| 245 |
+ } |
|
| 246 |
+ |
|
| 247 |
+ // These are required, if not specified inherit from parent |
|
| 248 |
+ if !foundMems {
|
|
| 249 |
+ s, err := ioutil.ReadFile(filepath.Join(rootPath, "cpuset.mems")) |
|
| 250 |
+ if err != nil {
|
|
| 251 |
+ return nil, err |
|
| 252 |
+ } |
|
| 253 |
+ |
|
| 254 |
+ if err := ioutil.WriteFile(filepath.Join(path, "cpuset.mems"), s, 0700); err != nil {
|
|
| 255 |
+ return nil, err |
|
| 256 |
+ } |
|
| 257 |
+ } |
|
| 258 |
+ |
|
| 259 |
+ if err := ioutil.WriteFile(filepath.Join(path, "cgroup.procs"), []byte(strconv.Itoa(pid)), 0700); err != nil {
|
|
| 260 |
+ return nil, err |
|
| 261 |
+ } |
|
| 262 |
+ } |
|
| 263 |
+ |
|
| 264 |
+ return &res, nil |
|
| 166 | 265 |
} |
| 167 | 266 |
|
| 168 | 267 |
func (c *systemdCgroup) Cleanup() error {
|
| 169 |
- // systemd cleans up, we don't need to do anything |
|
| 268 |
+ // systemd cleans up, we don't need to do much |
|
| 269 |
+ |
|
| 270 |
+ for _, path := range c.cleanupDirs {
|
|
| 271 |
+ os.RemoveAll(path) |
|
| 272 |
+ } |
|
| 273 |
+ |
|
| 170 | 274 |
return nil |
| 171 | 275 |
} |