jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

new-api: implement fs and systemd cgroup managers 

Signed-off-by: Andrey Vagin <avagin@openvz.org>
This commit is contained in:
Andrey Vagin 2015-01-13 00:54:00 +03:00 committed by Andrew Vagin
parent a7ab930d8d
commit 6dd7552537
10 changed files with 144 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
cgroup_manager.go
View File

@ -1,30 +0,0 @@
package libcontainer
import (
"github.com/docker/libcontainer/cgroups"
)
// TODO(vmarmol): Move this to cgroups and rename to Manager.
type CgroupManager interface {
GetPids() ([]int, error)
GetStats() (*cgroups.Stats, error)
}
func NewCgroupManager() CgroupManager {
return &fsManager{}
}
type fsManager struct {
}
func (m *fsManager) GetPids() ([]int, error) {
// TODO(vmarmol): Implement
//return fs.GetPids(config)
panic("not implemented")
}
func (m *fsManager) GetStats() (*cgroups.Stats, error) {
// TODO(vmarmol): Implement
//return fs.GetStats(config)
panic("not implemented")
}

11
cgroups/cgroups.go
View File

@ -6,6 +6,17 @@ import (
"github.com/docker/libcontainer/devices" "github.com/docker/libcontainer/devices"
) )
type Manager interface {
Apply(pid int) error
GetPids() ([]int, error)
GetStats() (*Stats, error)
RemovePaths() error
GetPaths() map[string]string
SetPaths(map[string]string)
}
type FreezerState string type FreezerState string
const ( const (

43
cgroups/fs/apply_raw.go
View File

@ -24,6 +24,11 @@ var (
CgroupProcesses = "cgroup.procs" CgroupProcesses = "cgroup.procs"
) )
type Manager struct {
Cgroups *cgroups.Cgroup
paths map[string]string
}
// The absolute path to the root of the cgroup hierarchies. // The absolute path to the root of the cgroup hierarchies.
var cgroupRoot string var cgroupRoot string
@ -57,10 +62,14 @@ type data struct {
pid int pid int
} }
func Apply(c *cgroups.Cgroup, pid int) (map[string]string, error) { func (m *Manager) Apply(pid int) error {
d, err := getCgroupData(c, pid) if m.Cgroups == nil {
return nil
}
d, err := getCgroupData(m.Cgroups, pid)
if err != nil { if err != nil {
return nil, err return err
} }
paths := make(map[string]string) paths := make(map[string]string)
@ -71,7 +80,7 @@ func Apply(c *cgroups.Cgroup, pid int) (map[string]string, error) {
}() }()
for name, sys := range subsystems { for name, sys := range subsystems {
if err := sys.Set(d); err != nil { if err := sys.Set(d); err != nil {
return nil, err return err
} }
// FIXME: Apply should, ideally, be reentrant or be broken up into a separate // FIXME: Apply should, ideally, be reentrant or be broken up into a separate
// create and join phase so that the cgroup hierarchy for a container can be // create and join phase so that the cgroup hierarchy for a container can be
@ -81,11 +90,25 @@ func Apply(c *cgroups.Cgroup, pid int) (map[string]string, error) {
if cgroups.IsNotFound(err) { if cgroups.IsNotFound(err) {
continue continue
} }
return nil, err return err
} }
paths[name] = p paths[name] = p
} }
return paths, nil m.paths = paths
return nil
}
func (m *Manager) RemovePaths() error {
return cgroups.RemovePaths(m.paths)
}
func (m *Manager) GetPaths() map[string]string {
return m.paths
}
func (m *Manager) SetPaths(paths map[string]string) {
m.paths = paths
} }
// Symmetrical public function to update device based cgroups. Also available // Symmetrical public function to update device based cgroups. Also available
@ -101,9 +124,9 @@ func ApplyDevices(c *cgroups.Cgroup, pid int) error {
return devices.Set(d) return devices.Set(d)
} }
func GetStats(systemPaths map[string]string) (*cgroups.Stats, error) { func (m *Manager) GetStats() (*cgroups.Stats, error) {
stats := cgroups.NewStats() stats := cgroups.NewStats()
for name, path := range systemPaths { for name, path := range m.paths {
sys, ok := subsystems[name] sys, ok := subsystems[name]
if !ok { if !ok {
continue continue
@ -131,8 +154,8 @@ func Freeze(c *cgroups.Cgroup, state cgroups.FreezerState) error {
return freezer.Set(d) return freezer.Set(d)
} }
func GetPids(c *cgroups.Cgroup) ([]int, error) { func (m *Manager) GetPids() ([]int, error) {
d, err := getCgroupData(c, 0) d, err := getCgroupData(m.Cgroups, 0)
if err != nil { if err != nil {
return nil, err return nil, err
} }

19
cgroups/manager/manager.go Normal file
View File

@ -0,0 +1,19 @@
package manager
import (
"github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/cgroups/fs"
"github.com/docker/libcontainer/cgroups/systemd"
)
func NewCgroupManager(cgroups *cgroups.Cgroup) cgroups.Manager {
if systemd.UseSystemd() {
return &systemd.Manager{
Cgroups: cgroups,
}
}
return &fs.Manager{
Cgroups: cgroups,
}
}

23
cgroups/systemd/apply_nosystemd.go
View File

@ -8,15 +8,34 @@ import (
"github.com/docker/libcontainer/cgroups" "github.com/docker/libcontainer/cgroups"
) )
type Manager struct {
Cgroups *cgroups.Cgroup
}
func UseSystemd() bool { func UseSystemd() bool {
return false return false
} }
func Apply(c *cgroups.Cgroup, pid int) (map[string]string, error) { func (m *Manager) Apply(pid int) error {
return fmt.Errorf("Systemd not supported")
}
func (m *Manager) GetPids() ([]int, error) {
return nil, fmt.Errorf("Systemd not supported") return nil, fmt.Errorf("Systemd not supported")
} }
func GetPids(c *cgroups.Cgroup) ([]int, error) { func (m *Manager) RemovePaths() error {
return fmt.Errorf("Systemd not supported")
}
func (m *Manager) GetPaths() map[string]string {
return nil
}
func (m *Manager) SetPaths(paths map[string]string) {
}
func (m *Manager) GetStats() (*cgroups.Stats, error) {
return nil, fmt.Errorf("Systemd not supported") return nil, fmt.Errorf("Systemd not supported")
} }

50
cgroups/systemd/apply_systemd.go
View File

@ -19,8 +19,9 @@ import (
"github.com/godbus/dbus" "github.com/godbus/dbus"
) )
type systemdCgroup struct { type Manager struct {
cgroup *cgroups.Cgroup Cgroups *cgroups.Cgroup
paths map[string]string
} }
type subsystem interface { type subsystem interface {
@ -81,16 +82,14 @@ func getIfaceForUnit(unitName string) string {
return "Unit" return "Unit"
} }
func Apply(c *cgroups.Cgroup, pid int) (map[string]string, error) { func (m *Manager) Apply(pid int) error {
var ( var (
c = m.Cgroups
unitName = getUnitName(c) unitName = getUnitName(c)
slice = "system.slice" slice = "system.slice"
properties []systemd.Property properties []systemd.Property
res = &systemdCgroup{}
) )
res.cgroup = c
if c.Slice != "" { if c.Slice != "" {
slice = c.Slice slice = c.Slice
} }
@ -120,19 +119,19 @@ func Apply(c *cgroups.Cgroup, pid int) (map[string]string, error) {
} }
if _, err := theConn.StartTransientUnit(unitName, "replace", properties...); err != nil { if _, err := theConn.StartTransientUnit(unitName, "replace", properties...); err != nil {
return nil, err return err
} }
if !c.AllowAllDevices { if !c.AllowAllDevices {
if err := joinDevices(c, pid); err != nil { if err := joinDevices(c, pid); err != nil {
return nil, err return err
} }
} }
// -1 disables memorySwap // -1 disables memorySwap
if c.MemorySwap >= 0 && (c.Memory != 0 || c.MemorySwap > 0) { if c.MemorySwap >= 0 && (c.Memory != 0 || c.MemorySwap > 0) {
if err := joinMemory(c, pid); err != nil { if err := joinMemory(c, pid); err != nil {
return nil, err return err
} }
} }
@ -140,11 +139,11 @@ func Apply(c *cgroups.Cgroup, pid int) (map[string]string, error) {
// we need to manually join the freezer and cpuset cgroup in systemd // we need to manually join the freezer and cpuset cgroup in systemd
// because it does not currently support it via the dbus api. // because it does not currently support it via the dbus api.
if err := joinFreezer(c, pid); err != nil { if err := joinFreezer(c, pid); err != nil {
return nil, err return err
} }
if err := joinCpuset(c, pid); err != nil { if err := joinCpuset(c, pid); err != nil {
return nil, err return err
} }
paths := make(map[string]string) paths := make(map[string]string)
@ -158,17 +157,32 @@ func Apply(c *cgroups.Cgroup, pid int) (map[string]string, error) {
"perf_event", "perf_event",
"freezer", "freezer",
} { } {
subsystemPath, err := getSubsystemPath(res.cgroup, sysname) subsystemPath, err := getSubsystemPath(m.Cgroups, sysname)
if err != nil { if err != nil {
// Don't fail if a cgroup hierarchy was not found, just skip this subsystem // Don't fail if a cgroup hierarchy was not found, just skip this subsystem
if cgroups.IsNotFound(err) { if cgroups.IsNotFound(err) {
continue continue
} }
return nil, err return err
} }
paths[sysname] = subsystemPath paths[sysname] = subsystemPath
} }
return paths, nil
m.paths = paths
return nil
}
func (m *Manager) RemovePaths() error {
return cgroups.RemovePaths(m.paths)
}
func (m *Manager) GetPaths() map[string]string {
return m.paths
}
func (m *Manager) SetPaths(paths map[string]string) {
m.paths = paths
} }
func writeFile(dir, file, data string) error { func writeFile(dir, file, data string) error {
@ -229,8 +243,8 @@ func Freeze(c *cgroups.Cgroup, state cgroups.FreezerState) error {
return nil return nil
} }
func GetPids(c *cgroups.Cgroup) ([]int, error) { func (m *Manager) GetPids() ([]int, error) {
path, err := getSubsystemPath(c, "cpu") path, err := getSubsystemPath(m.Cgroups, "cpu")
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -238,6 +252,10 @@ func GetPids(c *cgroups.Cgroup) ([]int, error) {
return cgroups.ReadProcsFile(path) return cgroups.ReadProcsFile(path)
} }
func (m *Manager) GetStats() (*cgroups.Stats, error) {
panic("not implemented")
}
func getUnitName(c *cgroups.Cgroup) string { func getUnitName(c *cgroups.Cgroup) string {
return fmt.Sprintf("%s-%s.scope", c.Parent, c.Name) return fmt.Sprintf("%s-%s.scope", c.Parent, c.Name)
} }

5
linux_container.go
View File

@ -10,6 +10,7 @@ import (
"path/filepath" "path/filepath"
"syscall" "syscall"
"github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/configs" "github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/namespaces" "github.com/docker/libcontainer/namespaces"
"github.com/docker/libcontainer/network" "github.com/docker/libcontainer/network"
@ -21,7 +22,7 @@ type linuxContainer struct {
root string root string
config *configs.Config config *configs.Config
state *configs.State state *configs.State
cgroupManager CgroupManager cgroupManager cgroups.Manager
initArgs []string initArgs []string
} }
@ -133,7 +134,7 @@ func (c *linuxContainer) updateStateFile() error {
} }
func (c *linuxContainer) startInitProcess(cmd *exec.Cmd, config *ProcessConfig) error { func (c *linuxContainer) startInitProcess(cmd *exec.Cmd, config *ProcessConfig) error {
err := namespaces.Exec(config.Args, config.Env, cmd, c.config, c.state) err := namespaces.Exec(config.Args, config.Env, cmd, c.config, c.cgroupManager, c.state)
if err != nil { if err != nil {
return err return err
} }

15
linux_container_test.go
View File

@ -22,6 +22,21 @@ func (m *mockCgroupManager) GetStats() (*cgroups.Stats, error) {
return m.stats, nil return m.stats, nil
} }
func (m *mockCgroupManager) Apply(pid int) error {
return nil
}
func (m *mockCgroupManager) RemovePaths() error {
return nil
}
func (m *mockCgroupManager) GetPaths() map[string]string {
return nil
}
func (m *mockCgroupManager) SetPaths(map[string]string) {
}
func TestGetContainerPids(t *testing.T) { func TestGetContainerPids(t *testing.T) {
container := &linuxContainer{ container := &linuxContainer{
id: "myid", id: "myid",

6
linux_factory.go
View File

@ -11,6 +11,7 @@ import (
"github.com/golang/glog" "github.com/golang/glog"
cgroups "github.com/docker/libcontainer/cgroups/manager"
"github.com/docker/libcontainer/configs" "github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/namespaces" "github.com/docker/libcontainer/namespaces"
) )
@ -88,7 +89,7 @@ func (l *linuxFactory) Create(id string, config *configs.Config) (Container, err
return nil, newGenericError(err, SystemError) return nil, newGenericError(err, SystemError)
} }
cgroupManager := NewCgroupManager() cgroupManager := cgroups.NewCgroupManager(config.Cgroups)
return &linuxContainer{ return &linuxContainer{
id: id, id: id,
root: containerRoot, root: containerRoot,
@ -116,7 +117,8 @@ func (l *linuxFactory) Load(id string) (Container, error) {
return nil, err return nil, err
} }
cgroupManager := NewCgroupManager() cgroupManager := cgroups.NewCgroupManager(config.Cgroups)
cgroupManager.SetPaths(state.CgroupPaths)
glog.Infof("using %s as cgroup manager", cgroupManager) glog.Infof("using %s as cgroup manager", cgroupManager)
return &linuxContainer{ return &linuxContainer{
id: id, id: id,

23
namespaces/exec.go
View File

@ -10,8 +10,6 @@ import (
"syscall" "syscall"
"github.com/docker/libcontainer/cgroups" "github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/cgroups/fs"
"github.com/docker/libcontainer/cgroups/systemd"
"github.com/docker/libcontainer/configs" "github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/network" "github.com/docker/libcontainer/network"
"github.com/docker/libcontainer/system" "github.com/docker/libcontainer/system"
@ -21,7 +19,7 @@ import (
// Move this to libcontainer package. // Move this to libcontainer package.
// Exec performs setup outside of a namespace so that a container can be // Exec performs setup outside of a namespace so that a container can be
// executed. Exec is a high level function for working with container namespaces. // executed. Exec is a high level function for working with container namespaces.
func Exec(args []string, env []string, command *exec.Cmd, container *configs.Config, state *configs.State) error { func Exec(args []string, env []string, command *exec.Cmd, container *configs.Config, cgroupManager cgroups.Manager, state *configs.State) error {
var err error var err error
// create a pipe so that we can syncronize with the namespaced process and // create a pipe so that we can syncronize with the namespaced process and
@ -70,11 +68,11 @@ func Exec(args []string, env []string, command *exec.Cmd, container *configs.Con
// Do this before syncing with child so that no children // Do this before syncing with child so that no children
// can escape the cgroup // can escape the cgroup
cgroupPaths, err := SetupCgroups(container, command.Process.Pid) err = cgroupManager.Apply(command.Process.Pid)
if err != nil { if err != nil {
return terminate(err) return terminate(err)
} }
defer cgroups.RemovePaths(cgroupPaths) defer cgroupManager.RemovePaths()
var networkState network.NetworkState var networkState network.NetworkState
if err := InitializeNetworking(container, command.Process.Pid, &networkState); err != nil { if err := InitializeNetworking(container, command.Process.Pid, &networkState); err != nil {
@ -102,7 +100,7 @@ func Exec(args []string, env []string, command *exec.Cmd, container *configs.Con
state.InitPid = command.Process.Pid state.InitPid = command.Process.Pid
state.InitStartTime = started state.InitStartTime = started
state.NetworkState = networkState state.NetworkState = networkState
state.CgroupPaths = cgroupPaths state.CgroupPaths = cgroupManager.GetPaths()
return nil return nil
} }
@ -140,19 +138,6 @@ func DefaultCreateCommand(container *configs.Config, console, dataPath, init str
return command return command
} }
// SetupCgroups applies the cgroup restrictions to the process running in the container based
// on the container's configuration
func SetupCgroups(container *configs.Config, nspid int) (map[string]string, error) {
if container.Cgroups != nil {
c := container.Cgroups
if systemd.UseSystemd() {
return systemd.Apply(c, nspid)
}
return fs.Apply(c, nspid)
}
return map[string]string{}, nil
}
// InitializeNetworking creates the container's network stack outside of the namespace and moves // InitializeNetworking creates the container's network stack outside of the namespace and moves
// interfaces into the container's net namespaces if necessary // interfaces into the container's net namespaces if necessary
func InitializeNetworking(container *configs.Config, nspid int, networkState *network.NetworkState) error { func InitializeNetworking(container *configs.Config, nspid int, networkState *network.NetworkState) error {