2019-10-26 05:24:14 +08:00
|
|
|
// +build linux
|
2014-05-15 06:21:44 +08:00
|
|
|
|
|
|
|
|
package systemd
|
|
|
|
|
|
|
|
|
|
import (
|
2015-10-17 02:32:19 +08:00
|
|
|
"errors"
|
2014-05-22 04:48:06 +08:00
|
|
|
"fmt"
|
2019-01-10 18:21:46 +08:00
|
|
|
"io/ioutil"
|
2018-05-23 11:39:19 +08:00
|
|
|
"math"
|
2014-05-15 06:21:44 +08:00
|
|
|
"os"
|
|
|
|
|
"path/filepath"
|
|
|
|
|
"strings"
|
|
|
|
|
"sync"
|
2014-06-04 08:25:07 +08:00
|
|
|
"time"
|
2014-05-15 06:21:44 +08:00
|
|
|
|
2020-03-01 21:52:48 +08:00
|
|
|
systemdDbus "github.com/coreos/go-systemd/v22/dbus"
|
|
|
|
|
dbus "github.com/godbus/dbus/v5"
|
2015-06-22 10:29:59 +08:00
|
|
|
"github.com/opencontainers/runc/libcontainer/cgroups"
|
|
|
|
|
"github.com/opencontainers/runc/libcontainer/cgroups/fs"
|
|
|
|
|
"github.com/opencontainers/runc/libcontainer/configs"
|
2018-03-07 13:31:41 +08:00
|
|
|
"github.com/sirupsen/logrus"
|
2014-05-15 06:21:44 +08:00
|
|
|
)
|
|
|
|
|
|
2019-09-02 17:09:55 +08:00
|
|
|
type LegacyManager struct {
|
2015-05-26 02:29:09 +08:00
|
|
|
mu sync.Mutex
|
2015-02-01 11:56:27 +08:00
|
|
|
Cgroups *configs.Cgroup
|
2015-01-14 23:47:26 +08:00
|
|
|
Paths map[string]string
|
2014-05-15 06:21:44 +08:00
|
|
|
}
|
|
|
|
|
|
2014-06-20 21:13:56 +08:00
|
|
|
type subsystem interface {
|
2015-10-17 02:32:19 +08:00
|
|
|
// Name returns the name of the subsystem.
|
|
|
|
|
Name() string
|
2015-02-25 17:20:01 +08:00
|
|
|
// Returns the stats, as 'stats', corresponding to the cgroup under 'path'.
|
|
|
|
|
GetStats(path string, stats *cgroups.Stats) error
|
|
|
|
|
// Set the cgroup represented by cgroup.
|
|
|
|
|
Set(path string, cgroup *configs.Cgroup) error
|
2014-06-20 21:13:56 +08:00
|
|
|
}
|
|
|
|
|
|
2015-10-17 02:32:19 +08:00
|
|
|
var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist")
|
|
|
|
|
|
|
|
|
|
type subsystemSet []subsystem
|
|
|
|
|
|
|
|
|
|
func (s subsystemSet) Get(name string) (subsystem, error) {
|
|
|
|
|
for _, ss := range s {
|
|
|
|
|
if ss.Name() == name {
|
|
|
|
|
return ss, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil, errSubsystemDoesNotExist
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-02 17:09:55 +08:00
|
|
|
var legacySubsystems = subsystemSet{
|
2015-10-17 02:32:19 +08:00
|
|
|
&fs.CpusetGroup{},
|
|
|
|
|
&fs.DevicesGroup{},
|
|
|
|
|
&fs.MemoryGroup{},
|
|
|
|
|
&fs.CpuGroup{},
|
|
|
|
|
&fs.CpuacctGroup{},
|
2015-12-14 21:33:56 +08:00
|
|
|
&fs.PidsGroup{},
|
2015-10-17 02:32:19 +08:00
|
|
|
&fs.BlkioGroup{},
|
|
|
|
|
&fs.HugetlbGroup{},
|
|
|
|
|
&fs.PerfEventGroup{},
|
|
|
|
|
&fs.FreezerGroup{},
|
|
|
|
|
&fs.NetPrioGroup{},
|
|
|
|
|
&fs.NetClsGroup{},
|
|
|
|
|
&fs.NameGroup{GroupName: "name=systemd"},
|
2015-03-03 06:36:09 +08:00
|
|
|
}
|
|
|
|
|
|
2015-03-25 08:41:17 +08:00
|
|
|
const (
|
|
|
|
|
testScopeWait = 4
|
2016-09-28 04:01:03 +08:00
|
|
|
testSliceWait = 4
|
2015-03-25 08:41:17 +08:00
|
|
|
)
|
|
|
|
|
|
2014-05-15 06:21:44 +08:00
|
|
|
var (
|
2020-03-28 06:01:36 +08:00
|
|
|
connOnce sync.Once
|
|
|
|
|
connDbus *systemdDbus.Conn
|
|
|
|
|
connErr error
|
2014-05-15 06:21:44 +08:00
|
|
|
)
|
|
|
|
|
|
2015-07-25 07:35:48 +08:00
|
|
|
func newProp(name string, units interface{}) systemdDbus.Property {
|
|
|
|
|
return systemdDbus.Property{
|
2014-11-06 00:56:47 +08:00
|
|
|
Name: name,
|
|
|
|
|
Value: dbus.MakeVariant(units),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-23 12:07:24 +08:00
|
|
|
// NOTE: This function comes from package github.com/coreos/go-systemd/util
|
|
|
|
|
// It was borrowed here to avoid a dependency on cgo.
|
|
|
|
|
//
|
|
|
|
|
// IsRunningSystemd checks whether the host was booted with systemd as its init
|
|
|
|
|
// system. This functions similarly to systemd's `sd_booted(3)`: internally, it
|
|
|
|
|
// checks whether /run/systemd/system/ exists and is a directory.
|
|
|
|
|
// http://www.freedesktop.org/software/systemd/man/sd_booted.html
|
2020-03-28 05:59:46 +08:00
|
|
|
func IsRunningSystemd() bool {
|
2019-08-23 12:07:24 +08:00
|
|
|
fi, err := os.Lstat("/run/systemd/system")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
return fi.IsDir()
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-28 06:01:36 +08:00
|
|
|
// getDbusConnection lazy initializes systemd dbus connection
|
|
|
|
|
// and returns it
|
|
|
|
|
func getDbusConnection() (*systemdDbus.Conn, error) {
|
|
|
|
|
connOnce.Do(func() {
|
|
|
|
|
connDbus, connErr = systemdDbus.New()
|
|
|
|
|
})
|
|
|
|
|
return connDbus, connErr
|
2014-05-15 06:21:44 +08:00
|
|
|
}
|
|
|
|
|
|
2019-05-02 04:22:19 +08:00
|
|
|
func NewSystemdCgroupsManager() (func(config *configs.Cgroup, paths map[string]string) cgroups.Manager, error) {
|
2020-03-28 05:59:46 +08:00
|
|
|
if !IsRunningSystemd() {
|
2019-05-02 04:22:19 +08:00
|
|
|
return nil, fmt.Errorf("systemd not running on this host, can't use systemd as a cgroups.Manager")
|
|
|
|
|
}
|
2019-09-02 17:10:52 +08:00
|
|
|
if cgroups.IsCgroup2UnifiedMode() {
|
|
|
|
|
return func(config *configs.Cgroup, paths map[string]string) cgroups.Manager {
|
|
|
|
|
return &UnifiedManager{
|
|
|
|
|
Cgroups: config,
|
|
|
|
|
Paths: paths,
|
|
|
|
|
}
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
2019-05-02 04:22:19 +08:00
|
|
|
return func(config *configs.Cgroup, paths map[string]string) cgroups.Manager {
|
2019-09-02 17:09:55 +08:00
|
|
|
return &LegacyManager{
|
2019-05-02 04:22:19 +08:00
|
|
|
Cgroups: config,
|
|
|
|
|
Paths: paths,
|
|
|
|
|
}
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-02 17:09:55 +08:00
|
|
|
func (m *LegacyManager) Apply(pid int) error {
|
2014-05-15 06:21:44 +08:00
|
|
|
var (
|
2015-01-13 05:54:00 +08:00
|
|
|
c = m.Cgroups
|
2014-05-22 04:48:06 +08:00
|
|
|
unitName = getUnitName(c)
|
2014-05-15 06:21:44 +08:00
|
|
|
slice = "system.slice"
|
2015-07-25 07:35:48 +08:00
|
|
|
properties []systemdDbus.Property
|
2014-05-15 06:21:44 +08:00
|
|
|
)
|
|
|
|
|
|
2016-01-12 05:12:51 +08:00
|
|
|
if c.Paths != nil {
|
|
|
|
|
paths := make(map[string]string)
|
|
|
|
|
for name, path := range c.Paths {
|
|
|
|
|
_, err := getSubsystemPath(m.Cgroups, name)
|
|
|
|
|
if err != nil {
|
|
|
|
|
// Don't fail if a cgroup hierarchy was not found, just skip this subsystem
|
|
|
|
|
if cgroups.IsNotFound(err) {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
paths[name] = path
|
|
|
|
|
}
|
|
|
|
|
m.Paths = paths
|
|
|
|
|
return cgroups.EnterPid(m.Paths, pid)
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-03 12:57:02 +08:00
|
|
|
if c.Parent != "" {
|
|
|
|
|
slice = c.Parent
|
2014-05-15 06:21:44 +08:00
|
|
|
}
|
|
|
|
|
|
2016-09-28 04:01:03 +08:00
|
|
|
properties = append(properties, systemdDbus.PropDescription("libcontainer container "+c.Name))
|
|
|
|
|
|
|
|
|
|
// if we create a slice, the parent is defined via a Wants=
|
|
|
|
|
if strings.HasSuffix(unitName, ".slice") {
|
|
|
|
|
properties = append(properties, systemdDbus.PropWants(slice))
|
|
|
|
|
} else {
|
|
|
|
|
// otherwise, we use Slice=
|
|
|
|
|
properties = append(properties, systemdDbus.PropSlice(slice))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// only add pid if its valid, -1 is used w/ general slice creation.
|
|
|
|
|
if pid != -1 {
|
|
|
|
|
properties = append(properties, newProp("PIDs", []uint32{uint32(pid)}))
|
|
|
|
|
}
|
2014-05-15 06:21:44 +08:00
|
|
|
|
2018-04-07 01:26:08 +08:00
|
|
|
// Check if we can delegate. This is only supported on systemd versions 218 and above.
|
2019-08-23 12:53:24 +08:00
|
|
|
if !strings.HasSuffix(unitName, ".slice") {
|
2019-02-12 08:05:37 +08:00
|
|
|
// Assume scopes always support delegation.
|
|
|
|
|
properties = append(properties, newProp("Delegate", true))
|
2016-06-01 19:26:12 +08:00
|
|
|
}
|
|
|
|
|
|
2014-05-15 06:21:44 +08:00
|
|
|
// Always enable accounting, this gets us the same behaviour as the fs implementation,
|
|
|
|
|
// plus the kernel has some problems with joining the memory cgroup at a later time.
|
|
|
|
|
properties = append(properties,
|
2014-11-06 00:56:47 +08:00
|
|
|
newProp("MemoryAccounting", true),
|
|
|
|
|
newProp("CPUAccounting", true),
|
|
|
|
|
newProp("BlockIOAccounting", true))
|
2014-05-15 06:21:44 +08:00
|
|
|
|
2019-02-12 08:05:37 +08:00
|
|
|
// Assume DefaultDependencies= will always work (the check for it was previously broken.)
|
|
|
|
|
properties = append(properties,
|
|
|
|
|
newProp("DefaultDependencies", false))
|
2015-02-04 09:43:21 +08:00
|
|
|
|
2015-12-15 08:26:29 +08:00
|
|
|
if c.Resources.Memory != 0 {
|
2014-05-15 06:21:44 +08:00
|
|
|
properties = append(properties,
|
2017-08-25 13:14:16 +08:00
|
|
|
newProp("MemoryLimit", uint64(c.Resources.Memory)))
|
2014-05-15 06:21:44 +08:00
|
|
|
}
|
|
|
|
|
|
2015-12-15 08:26:29 +08:00
|
|
|
if c.Resources.CpuShares != 0 {
|
2014-05-15 06:21:44 +08:00
|
|
|
properties = append(properties,
|
2017-03-20 18:51:39 +08:00
|
|
|
newProp("CPUShares", c.Resources.CpuShares))
|
2014-05-15 06:21:44 +08:00
|
|
|
}
|
|
|
|
|
|
2017-02-24 17:44:02 +08:00
|
|
|
// cpu.cfs_quota_us and cpu.cfs_period_us are controlled by systemd.
|
|
|
|
|
if c.Resources.CpuQuota != 0 && c.Resources.CpuPeriod != 0 {
|
2018-05-23 11:39:19 +08:00
|
|
|
// corresponds to USEC_INFINITY in systemd
|
|
|
|
|
// if USEC_INFINITY is provided, CPUQuota is left unbound by systemd
|
|
|
|
|
// always setting a property value ensures we can apply a quota and remove it later
|
|
|
|
|
cpuQuotaPerSecUSec := uint64(math.MaxUint64)
|
|
|
|
|
if c.Resources.CpuQuota > 0 {
|
|
|
|
|
// systemd converts CPUQuotaPerSecUSec (microseconds per CPU second) to CPUQuota
|
|
|
|
|
// (integer percentage of CPU) internally. This means that if a fractional percent of
|
|
|
|
|
// CPU is indicated by Resources.CpuQuota, we need to round up to the nearest
|
|
|
|
|
// 10ms (1% of a second) such that child cgroups can set the cpu.cfs_quota_us they expect.
|
|
|
|
|
cpuQuotaPerSecUSec = uint64(c.Resources.CpuQuota*1000000) / c.Resources.CpuPeriod
|
|
|
|
|
if cpuQuotaPerSecUSec%10000 != 0 {
|
|
|
|
|
cpuQuotaPerSecUSec = ((cpuQuotaPerSecUSec / 10000) + 1) * 10000
|
|
|
|
|
}
|
2017-11-16 04:32:32 +08:00
|
|
|
}
|
2017-02-24 17:44:02 +08:00
|
|
|
properties = append(properties,
|
2017-03-20 18:51:39 +08:00
|
|
|
newProp("CPUQuotaPerSecUSec", cpuQuotaPerSecUSec))
|
2017-02-24 17:44:02 +08:00
|
|
|
}
|
|
|
|
|
|
2015-12-15 08:26:29 +08:00
|
|
|
if c.Resources.BlkioWeight != 0 {
|
2015-01-27 20:54:19 +08:00
|
|
|
properties = append(properties,
|
2015-12-15 08:26:29 +08:00
|
|
|
newProp("BlockIOWeight", uint64(c.Resources.BlkioWeight)))
|
2015-01-27 20:54:19 +08:00
|
|
|
}
|
|
|
|
|
|
2018-10-24 23:20:27 +08:00
|
|
|
if c.Resources.PidsLimit > 0 {
|
|
|
|
|
properties = append(properties,
|
|
|
|
|
newProp("TasksAccounting", true),
|
|
|
|
|
newProp("TasksMax", uint64(c.Resources.PidsLimit)))
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-29 01:49:29 +08:00
|
|
|
// We have to set kernel memory here, as we can't change it once
|
|
|
|
|
// processes have been attached to the cgroup.
|
|
|
|
|
if c.Resources.KernelMemory != 0 {
|
2015-06-18 15:44:30 +08:00
|
|
|
if err := setKernelMemory(c); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Support for setting systemd properties via annotations
In case systemd is used to set cgroups for the container,
it creates a scope unit dedicated to it (usually named
`runc-$ID.scope`).
This patch adds an ability to set arbitrary systemd properties
for the systemd unit via runtime spec annotations.
Initially this was developed as an ability to specify the
`TimeoutStopUSec` property, but later generalized to work with
arbitrary ones.
Example usage: add the following to runtime spec (config.json):
```
"annotations": {
"org.systemd.property.TimeoutStopUSec": "uint64 123456789",
"org.systemd.property.CollectMode":"'inactive-or-failed'"
},
```
and start the container (e.g. `runc --systemd-cgroup run $ID`).
The above will set the following systemd parameters:
* `TimeoutStopSec` to 2 minutes and 3 seconds,
* `CollectMode` to "inactive-or-failed".
The values are in the gvariant format (see [1]). To figure out
which type systemd expects for a particular parameter, see
systemd sources.
In particular, parameters with `USec` suffix require an `uint64`
typed argument, while gvariant assumes int32 for a numeric values,
therefore the explicit type is required.
NOTE that systemd receives the time-typed parameters as *USec
but shows them (in `systemctl show`) as *Sec. For example,
the stop timeout should be set as `TimeoutStopUSec` but
is shown as `TimeoutStopSec`.
[1] https://developer.gnome.org/glib/stable/gvariant-text.html
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-02-07 12:26:06 +08:00
|
|
|
properties = append(properties, c.SystemdProps...)
|
|
|
|
|
|
2020-03-28 06:01:36 +08:00
|
|
|
dbusConnection, err := getDbusConnection()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2018-04-14 14:35:52 +08:00
|
|
|
statusChan := make(chan string, 1)
|
2020-03-28 06:01:36 +08:00
|
|
|
if _, err := dbusConnection.StartTransientUnit(unitName, "replace", properties, statusChan); err == nil {
|
2018-03-31 15:35:20 +08:00
|
|
|
select {
|
|
|
|
|
case <-statusChan:
|
|
|
|
|
case <-time.After(time.Second):
|
|
|
|
|
logrus.Warnf("Timed out while waiting for StartTransientUnit(%s) completion signal from dbus. Continuing...", unitName)
|
|
|
|
|
}
|
|
|
|
|
} else if !isUnitExists(err) {
|
2015-01-13 05:54:00 +08:00
|
|
|
return err
|
2014-05-15 06:21:44 +08:00
|
|
|
}
|
|
|
|
|
|
2016-02-15 15:56:59 +08:00
|
|
|
if err := joinCgroups(c, pid); err != nil {
|
2015-04-08 14:11:29 +08:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-14 07:25:18 +08:00
|
|
|
paths := make(map[string]string)
|
2019-09-02 17:09:55 +08:00
|
|
|
for _, s := range legacySubsystems {
|
2015-10-17 02:32:19 +08:00
|
|
|
subsystemPath, err := getSubsystemPath(m.Cgroups, s.Name())
|
2014-08-14 07:25:18 +08:00
|
|
|
if err != nil {
|
|
|
|
|
// Don't fail if a cgroup hierarchy was not found, just skip this subsystem
|
2014-08-21 01:32:01 +08:00
|
|
|
if cgroups.IsNotFound(err) {
|
2014-08-14 07:25:18 +08:00
|
|
|
continue
|
|
|
|
|
}
|
2015-01-13 05:54:00 +08:00
|
|
|
return err
|
2014-08-14 07:25:18 +08:00
|
|
|
}
|
2015-10-17 02:32:19 +08:00
|
|
|
paths[s.Name()] = subsystemPath
|
2014-08-14 07:25:18 +08:00
|
|
|
}
|
2015-01-14 23:47:26 +08:00
|
|
|
m.Paths = paths
|
2015-01-13 05:54:00 +08:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-02 17:09:55 +08:00
|
|
|
func (m *LegacyManager) Destroy() error {
|
2016-01-12 05:12:51 +08:00
|
|
|
if m.Cgroups.Paths != nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2015-05-26 02:29:09 +08:00
|
|
|
m.mu.Lock()
|
|
|
|
|
defer m.mu.Unlock()
|
2020-03-28 06:01:36 +08:00
|
|
|
|
|
|
|
|
dbusConnection, err := getDbusConnection()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dbusConnection.StopUnit(getUnitName(m.Cgroups), "replace", nil)
|
2015-05-26 02:29:09 +08:00
|
|
|
if err := cgroups.RemovePaths(m.Paths); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
m.Paths = make(map[string]string)
|
|
|
|
|
return nil
|
2015-01-13 05:54:00 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-02 17:09:55 +08:00
|
|
|
func (m *LegacyManager) GetPaths() map[string]string {
|
2015-05-26 02:29:09 +08:00
|
|
|
m.mu.Lock()
|
|
|
|
|
paths := m.Paths
|
|
|
|
|
m.mu.Unlock()
|
|
|
|
|
return paths
|
2014-08-13 14:18:55 +08:00
|
|
|
}
|
|
|
|
|
|
2019-10-19 00:40:46 +08:00
|
|
|
func (m *LegacyManager) GetUnifiedPath() (string, error) {
|
|
|
|
|
return "", errors.New("unified path is only supported when running in unified mode")
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-02 11:00:35 +08:00
|
|
|
func join(c *configs.Cgroup, subsystem string, pid int) (string, error) {
|
|
|
|
|
path, err := getSubsystemPath(c, subsystem)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
2019-09-02 17:09:55 +08:00
|
|
|
|
Simplify and fix os.MkdirAll() usage
TL;DR: check for IsExist(err) after a failed MkdirAll() is both
redundant and wrong -- so two reasons to remove it.
Quoting MkdirAll documentation:
> MkdirAll creates a directory named path, along with any necessary
> parents, and returns nil, or else returns an error. If path
> is already a directory, MkdirAll does nothing and returns nil.
This means two things:
1. If a directory to be created already exists, no error is
returned.
2. If the error returned is IsExist (EEXIST), it means there exists
a non-directory with the same name as MkdirAll need to use for
directory. Example: we want to MkdirAll("a/b"), but file "a"
(or "a/b") already exists, so MkdirAll fails.
The above is a theory, based on quoted documentation and my UNIX
knowledge.
3. In practice, though, current MkdirAll implementation [1] returns
ENOTDIR in most of cases described in #2, with the exception when
there is a race between MkdirAll and someone else creating the
last component of MkdirAll argument as a file. In this very case
MkdirAll() will indeed return EEXIST.
Because of #1, IsExist check after MkdirAll is not needed.
Because of #2 and #3, ignoring IsExist error is just plain wrong,
as directory we require is not created. It's cleaner to report
the error now.
Note this error is all over the tree, I guess due to copy-paste,
or trying to follow the same usage pattern as for Mkdir(),
or some not quite correct examples on the Internet.
[1] https://github.com/golang/go/blob/f9ed2f75/src/os/path.go
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
2015-07-30 09:01:41 +08:00
|
|
|
if err := os.MkdirAll(path, 0755); err != nil {
|
2015-04-02 11:00:35 +08:00
|
|
|
return "", err
|
|
|
|
|
}
|
2016-09-28 04:01:03 +08:00
|
|
|
if err := cgroups.WriteCgroupProc(path, pid); err != nil {
|
2015-04-02 11:00:35 +08:00
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
return path, nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-15 15:56:59 +08:00
|
|
|
func joinCgroups(c *configs.Cgroup, pid int) error {
|
2019-09-02 17:09:55 +08:00
|
|
|
for _, sys := range legacySubsystems {
|
2016-02-15 15:56:59 +08:00
|
|
|
name := sys.Name()
|
|
|
|
|
switch name {
|
|
|
|
|
case "name=systemd":
|
|
|
|
|
// let systemd handle this
|
|
|
|
|
case "cpuset":
|
|
|
|
|
path, err := getSubsystemPath(c, name)
|
|
|
|
|
if err != nil && !cgroups.IsNotFound(err) {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
s := &fs.CpusetGroup{}
|
|
|
|
|
if err := s.ApplyDir(path, c, pid); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
_, err := join(c, name, pid)
|
|
|
|
|
if err != nil {
|
|
|
|
|
// Even if it's `not found` error, we'll return err
|
|
|
|
|
// because devices cgroup is hard requirement for
|
|
|
|
|
// container security.
|
|
|
|
|
if name == "devices" {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
// For other subsystems, omit the `not found` error
|
|
|
|
|
// because they are optional.
|
|
|
|
|
if !cgroups.IsNotFound(err) {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-05-14 09:09:14 +08:00
|
|
|
}
|
2015-12-14 21:33:56 +08:00
|
|
|
|
2015-12-20 19:30:35 +08:00
|
|
|
return nil
|
2015-12-14 21:33:56 +08:00
|
|
|
}
|
|
|
|
|
|
2016-10-12 07:22:48 +08:00
|
|
|
// systemd represents slice hierarchy using `-`, so we need to follow suit when
|
2016-01-25 19:34:48 +08:00
|
|
|
// generating the path of slice. Essentially, test-a-b.slice becomes
|
2018-02-19 09:54:46 +08:00
|
|
|
// /test.slice/test-a.slice/test-a-b.slice.
|
2016-09-28 04:01:03 +08:00
|
|
|
func ExpandSlice(slice string) (string, error) {
|
2016-01-25 19:34:48 +08:00
|
|
|
suffix := ".slice"
|
2016-01-27 16:00:52 +08:00
|
|
|
// Name has to end with ".slice", but can't be just ".slice".
|
|
|
|
|
if len(slice) < len(suffix) || !strings.HasSuffix(slice, suffix) {
|
|
|
|
|
return "", fmt.Errorf("invalid slice name: %s", slice)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Path-separators are not allowed.
|
|
|
|
|
if strings.Contains(slice, "/") {
|
|
|
|
|
return "", fmt.Errorf("invalid slice name: %s", slice)
|
|
|
|
|
}
|
2016-01-25 19:34:48 +08:00
|
|
|
|
|
|
|
|
var path, prefix string
|
2016-01-27 16:00:52 +08:00
|
|
|
sliceName := strings.TrimSuffix(slice, suffix)
|
2016-09-28 04:01:03 +08:00
|
|
|
// if input was -.slice, we should just return root now
|
|
|
|
|
if sliceName == "-" {
|
|
|
|
|
return "/", nil
|
|
|
|
|
}
|
2016-01-25 19:34:48 +08:00
|
|
|
for _, component := range strings.Split(sliceName, "-") {
|
|
|
|
|
// test--a.slice isn't permitted, nor is -test.slice.
|
|
|
|
|
if component == "" {
|
|
|
|
|
return "", fmt.Errorf("invalid slice name: %s", slice)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Append the component to the path and to the prefix.
|
2018-02-19 09:54:46 +08:00
|
|
|
path += "/" + prefix + component + suffix
|
2016-01-25 19:34:48 +08:00
|
|
|
prefix += component + "-"
|
|
|
|
|
}
|
|
|
|
|
return path, nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-01 11:56:27 +08:00
|
|
|
func getSubsystemPath(c *configs.Cgroup, subsystem string) (string, error) {
|
2018-08-17 23:18:18 +08:00
|
|
|
mountpoint, err := cgroups.FindCgroupMountpoint(c.Path, subsystem)
|
2014-05-31 06:09:07 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-26 00:19:39 +08:00
|
|
|
initPath, err := cgroups.GetInitCgroup(subsystem)
|
2014-05-31 06:09:07 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
2016-07-27 09:57:38 +08:00
|
|
|
// if pid 1 is systemd 226 or later, it will be in init.scope, not the root
|
|
|
|
|
initPath = strings.TrimSuffix(filepath.Clean(initPath), "init.scope")
|
2014-05-31 06:09:07 +08:00
|
|
|
|
2014-06-20 21:13:56 +08:00
|
|
|
slice := "system.slice"
|
2015-12-03 12:57:02 +08:00
|
|
|
if c.Parent != "" {
|
|
|
|
|
slice = c.Parent
|
2014-06-20 21:13:56 +08:00
|
|
|
}
|
2014-05-31 06:09:07 +08:00
|
|
|
|
2016-09-28 04:01:03 +08:00
|
|
|
slice, err = ExpandSlice(slice)
|
2016-01-25 19:34:48 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-20 21:13:56 +08:00
|
|
|
return filepath.Join(mountpoint, initPath, slice, getUnitName(c)), nil
|
2014-05-31 06:09:07 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-02 17:09:55 +08:00
|
|
|
func (m *LegacyManager) Freeze(state configs.FreezerState) error {
|
2015-01-13 19:52:14 +08:00
|
|
|
path, err := getSubsystemPath(m.Cgroups, "freezer")
|
2014-05-31 06:09:07 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-12-15 08:26:29 +08:00
|
|
|
prevState := m.Cgroups.Resources.Freezer
|
|
|
|
|
m.Cgroups.Resources.Freezer = state
|
2019-09-02 17:10:52 +08:00
|
|
|
freezer, err := legacySubsystems.Get("freezer")
|
2015-10-17 02:32:19 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-04-02 10:22:38 +08:00
|
|
|
err = freezer.Set(path, m.Cgroups)
|
|
|
|
|
if err != nil {
|
2015-12-15 08:26:29 +08:00
|
|
|
m.Cgroups.Resources.Freezer = prevState
|
2014-06-04 08:25:07 +08:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
return nil
|
2014-05-31 06:09:07 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-02 17:09:55 +08:00
|
|
|
func (m *LegacyManager) GetPids() ([]int, error) {
|
2015-10-13 05:28:31 +08:00
|
|
|
path, err := getSubsystemPath(m.Cgroups, "devices")
|
2014-05-22 04:48:06 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2015-10-13 05:28:31 +08:00
|
|
|
return cgroups.GetPids(path)
|
2014-05-22 04:48:06 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-02 17:09:55 +08:00
|
|
|
func (m *LegacyManager) GetAllPids() ([]int, error) {
|
2016-01-09 03:37:18 +08:00
|
|
|
path, err := getSubsystemPath(m.Cgroups, "devices")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return cgroups.GetAllPids(path)
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-02 17:09:55 +08:00
|
|
|
func (m *LegacyManager) GetStats() (*cgroups.Stats, error) {
|
2015-05-26 02:29:09 +08:00
|
|
|
m.mu.Lock()
|
|
|
|
|
defer m.mu.Unlock()
|
2015-03-03 06:36:09 +08:00
|
|
|
stats := cgroups.NewStats()
|
|
|
|
|
for name, path := range m.Paths {
|
2019-09-02 17:10:52 +08:00
|
|
|
sys, err := legacySubsystems.Get(name)
|
2015-10-17 02:32:19 +08:00
|
|
|
if err == errSubsystemDoesNotExist || !cgroups.PathExists(path) {
|
2015-03-03 06:36:09 +08:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
if err := sys.GetStats(path, stats); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return stats, nil
|
2015-01-13 05:54:00 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-02 17:09:55 +08:00
|
|
|
func (m *LegacyManager) Set(container *configs.Config) error {
|
2016-03-03 03:35:52 +08:00
|
|
|
// If Paths are set, then we are just joining cgroups paths
|
|
|
|
|
// and there is no need to set any values.
|
|
|
|
|
if m.Cgroups.Paths != nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2019-09-02 17:09:55 +08:00
|
|
|
for _, sys := range legacySubsystems {
|
2015-12-17 17:13:06 +08:00
|
|
|
// Get the subsystem path, but don't error out for not found cgroups.
|
|
|
|
|
path, err := getSubsystemPath(container.Cgroups, sys.Name())
|
|
|
|
|
if err != nil && !cgroups.IsNotFound(err) {
|
|
|
|
|
return err
|
2015-12-17 16:20:58 +08:00
|
|
|
}
|
2015-12-17 17:13:06 +08:00
|
|
|
|
2015-04-02 09:57:04 +08:00
|
|
|
if err := sys.Set(path, container.Cgroups); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-20 19:30:35 +08:00
|
|
|
if m.Paths["cpu"] != "" {
|
|
|
|
|
if err := fs.CheckCpushares(m.Paths["cpu"], container.Cgroups.Resources.CpuShares); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-04-02 09:57:04 +08:00
|
|
|
return nil
|
2015-02-25 17:20:01 +08:00
|
|
|
}
|
|
|
|
|
|
2015-02-01 11:56:27 +08:00
|
|
|
func getUnitName(c *configs.Cgroup) string {
|
2016-09-28 04:01:03 +08:00
|
|
|
// by default, we create a scope unless the user explicitly asks for a slice.
|
|
|
|
|
if !strings.HasSuffix(c.Name, ".slice") {
|
|
|
|
|
return fmt.Sprintf("%s-%s.scope", c.ScopePrefix, c.Name)
|
|
|
|
|
}
|
|
|
|
|
return c.Name
|
2014-05-22 04:48:06 +08:00
|
|
|
}
|
2014-06-20 21:13:56 +08:00
|
|
|
|
2015-06-18 15:44:30 +08:00
|
|
|
func setKernelMemory(c *configs.Cgroup) error {
|
2014-08-14 09:00:15 +08:00
|
|
|
path, err := getSubsystemPath(c, "memory")
|
2015-04-22 10:18:22 +08:00
|
|
|
if err != nil && !cgroups.IsNotFound(err) {
|
2014-08-14 09:00:15 +08:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-23 08:04:37 +08:00
|
|
|
if err := os.MkdirAll(path, 0755); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2019-01-10 18:21:46 +08:00
|
|
|
// do not try to enable the kernel memory if we already have
|
|
|
|
|
// tasks in the cgroup.
|
|
|
|
|
content, err := ioutil.ReadFile(filepath.Join(path, "tasks"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if len(content) > 0 {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2016-07-23 08:04:37 +08:00
|
|
|
return fs.EnableKernelMemoryAccounting(path)
|
2015-06-18 15:44:30 +08:00
|
|
|
}
|
2016-10-19 05:49:14 +08:00
|
|
|
|
|
|
|
|
// isUnitExists returns true if the error is that a systemd unit already exists.
|
|
|
|
|
func isUnitExists(err error) bool {
|
|
|
|
|
if err != nil {
|
|
|
|
|
if dbusError, ok := err.(dbus.Error); ok {
|
|
|
|
|
return strings.Contains(dbusError.Name, "org.freedesktop.systemd1.UnitExists")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
2019-12-06 23:43:08 +08:00
|
|
|
|
|
|
|
|
func (m *LegacyManager) GetCgroups() (*configs.Cgroup, error) {
|
|
|
|
|
return m.Cgroups, nil
|
|
|
|
|
}
|
