Commit Graph

4443 Commits

Author SHA1 Message Date
Aleksa Sarai 0fa097fc37
merge branch 'pr-2481'
Tianjia Zhang (1):
  nsenter: fix repeat close() operations

LGTMs: @kolyshkin @cyphar
Closes #2481
2020-06-20 12:18:31 +10:00
Kir Kolyshkin dff7685c18
Merge pull request #2459 from tedyu/linux-cont-set-cfg
Set configs back when intelrdt configs cannot be set

LGTMS: @AkihiroSuda @kolyshkin
2020-06-19 12:57:53 -07:00
Kir Kolyshkin e643db6e0f
Merge pull request #2479 from haircommander/fix-systemd-version
systemd: parse systemdVersion when only an int is returned

LGTMS: @mrunalp @kolyshkin
2020-06-19 12:19:16 -07:00
Tianjia Zhang 04806abd39 nsenter: fix repeat close() operations
It is obvious that the loop at the first place executes at least
twice, and the close() call after the first time always returns
an EBADF error, so move these operations outside the loop that
do not need to be repeated.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
2020-06-19 19:28:39 +08:00
Akihiro Suda 9748b48742
Merge pull request #2229 from RenaudWasTaken/create-container
Add CreateRuntime, CreateContainer and StartContainer Hooks
2020-06-19 12:27:51 +09:00
Renaud Gaubert 861afa7509 Add integration tests for the new runc hooks
This patch adds a test based on real world usage of runc hooks
(libnvidia-container). We verify that mounting a library inside
a container and running ldconfig succeeds.

Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2020-06-19 02:39:20 +00:00
Renaud Gaubert 2f7bdf9d3b Tests the new Hook
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2020-06-19 02:39:20 +00:00
Peter Hunt 6a0f64e7c9 systemd: add unit tests for systemdVersion
Signed-off-by: Peter Hunt <pehunt@redhat.com>
2020-06-18 22:30:50 -04:00
Peter Hunt 6369e38871 systemd: parse systemdVersion in more situations
there have been cases observed where instead of `v$VER.0-$OS` the systemdVersion returned is just `$VER`, or `$VER-1`.
handle these cases

Signed-off-by: Peter Hunt <pehunt@redhat.com>
2020-06-18 22:30:50 -04:00
Mrunal Patel 819c40b34f
Merge pull request #2478 from kolyshkin/get-pids
libct/cgroups/readProcsFile: return an error if read failed
2020-06-18 16:02:08 -07:00
Kir Kolyshkin 89516d17dd libct/cgroups/readProcsFile: ret errorr if scan failed
Not sure why but the errors from scanner were ignored. Such errors
can happen if open(2) has succeeded but the subsequent read(2) fails.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-17 12:33:01 -07:00
Mrunal Patel 406298fdf0
Merge pull request #2466 from kolyshkin/systemd-cpu-quota-period
cgroups/systemd: add setting CPUQuotaPeriod prop
2020-06-17 12:03:30 -07:00
Mrunal Patel 12a7c8fc2b
Merge pull request #2411 from kolyshkin/v1-specific
libct/cgroups/utils: fix/separate cgroupv1 code
2020-06-17 06:45:19 -07:00
Renaud Gaubert ccdd75760c Add the CreateRuntime, CreateContainer and StartContainer Hooks
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2020-06-17 02:10:00 +00:00
Kir Kolyshkin e751a168dc cgroups/systemd: add setting CPUQuotaPeriod prop
For some reason, runc systemd drivers (both v1 and v2) never set
systemd unit property named `CPUQuotaPeriod` (known as
`CPUQuotaPeriodUSec` on dbus and in `systemctl show` output).

Set it, and add a check to all the integration tests. The check is less
than trivial because, when not set, the value is shown as "infinity" but
when set to the same (default) value, shown as "100ms", so in case we
expect 100ms (period = 100000 us), we have to _also_ check for
"infinity".

[v2: add systemd version checks since CPUQuotaPeriod requires v242+]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 15:48:06 -07:00
Kir Kolyshkin 8c5a19f79b libct/cgroups/fs: rename some files
no changes, just a few git renames

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 12:45:54 -07:00
Kir Kolyshkin cec5ae7c2d libct/cgroupv1/getCgroupMountsHelper: minor nit
It is easy to just use TrimPrefix which does nothing in case the prefix
does not exist.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 12:45:50 -07:00
Kir Kolyshkin 0626c150c1 libct/cgroupv1: fix TestGetCgroupMounts test cases
When testing GetCgroupMounts, the map data is supposed to be obtained
from /proc/self/cgroup, but since we're mocking things, we provide
our own map.

Unfortunately, not all controllers existing in mountinfos were listed.
Also, "name=systemd" needs special handling, so add it.

The controllers added were:

 * for fedoraMountinfo case: name=systemd
 * for systemdMountinfo case: name=systemd, net_prio
 * for bedrockMountinfo case: name=systemd, net_prio, pids

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 12:45:30 -07:00
Kir Kolyshkin 0681d456fc libct/cgroups/utils: move cgroup v1 code to separate file
In most project, "utils" is a big mess, and this is not an exception.
Try to clean it up a bit by moving cgroup v1 specific code to a separate
source file.

There are no code changes in this commit, just moving it from one file
to another.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 12:45:07 -07:00
Kir Kolyshkin 7db2d3e146 libcontainer/cgroups: rm FindCgroupMountpointDir
This function is cgroupv1-specific, is only used once, and its name
is very close to the name of another function, FindCgroupMountpoint.

Inline it into the (only) caller.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 12:40:15 -07:00
Kir Kolyshkin d244b4058e libct/cgroups: improve ParseCgroupFile docs
In particular, state that for cgroup v2 the result is very different.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 12:40:08 -07:00
Kir Kolyshkin 5785aabc13 libct/cgroups: make isSubsystemAvailable v1-specific
This function is only called from cgroupv1 code, so there is no need
for it to implement cgroupv2 stuff.

Make it v1-specific, and panic if it is called from v2 code (since this
is an internal function, the panic would mean incorrect runc code).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 12:40:04 -07:00
Kir Kolyshkin d5c57dcea6 libct/criuApplyCgroups: don't set cgroup paths for v2
There is no need to have cgroupv1-specific controller paths on restore
in case of cgroupv2.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 12:40:02 -07:00
Kir Kolyshkin 52b56bc28e libc/criuSwrk: remove applyCgroups param
Its value can be easily deduced from the request type.

While at it, simplify the call logic.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 12:40:01 -07:00
Kir Kolyshkin 142d0f2d5d libct/cgroups/utils: make FindCgroupMountpoint* v1-specific
It's bad and wrong to use these functions for any cgroupv2 code,
and there are no existing users (in runc, at least).

Make them return an error in such case.

Also, remove the cgroupv2-specific handling from
findCgroupMountpointAndRootFromReader().

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 12:39:58 -07:00
Kir Kolyshkin 44b75e760e libct/cgroups: separate getCgroupMountsV1
This function should not really be used for cgroupv2 code.
Currently it is used in kubernetes code, so we can't remove
the v2 case yet.

Add a TODO item to remove v2 code once kubernetes is converted
to not use it, and separate out v1 code.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-16 12:39:06 -07:00
Mrunal Patel 82d2fa4eb0
Merge pull request #2453 from AkihiroSuda/vagrant-centos7
CI: add CentOS 7 (kernel 3.10, systemd 219)
2020-06-15 21:09:43 -07:00
Kir Kolyshkin 3834222d88 libct/cgroups/utils: getControllerPath return err for v2
This function is not used and were never used in any cgroupv2 code.

To have it stay that way, let it return error in case it's called
for v2.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-15 20:23:59 -07:00
Mrunal Patel 55c77cb9f3
Merge pull request #2472 from kolyshkin/paths-nits
Paths nits
2020-06-15 19:03:04 -07:00
Kir Kolyshkin dd2426d067 libct/cgroups: fix m.paths map access
This fixes a few cases of accessing m.paths map directly without holding
the mutex lock.

Fixes: 9087f2e82
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-15 18:30:16 -07:00
Kir Kolyshkin a77d7b1d0f libct: don't use GetPaths
Since commit 714c91e9f7, method GetPaths() should only be used
for saving container state. For other uses, we have a new method,
Path(), which is cleaner.

Fix GetPaths() usage introduced by recent commits 859a780d6f and 9087f2e82.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-15 18:27:34 -07:00
Kir Kolyshkin 5b247e739c
Merge pull request #2338 from lifubang/systemdcgroupv2
fix path error in systemd when stopped

LGTMs: @mrunalp @AkihiroSuda
2020-06-15 18:01:13 -07:00
Akihiro Suda c76af1d2ac
Merge pull request #2470 from katarzyna-z/kk-fix-numa-stats
Fix #2469 omit memory.numa_stat when not available
2020-06-16 09:32:49 +09:00
Akihiro Suda 601fa557c0
Merge pull request #2414 from kolyshkin/criu-notif
use lazy-pages ready notification for criu >= 3.15
2020-06-16 09:31:12 +09:00
Katarzyna Kujawa 71e63de4a3 Fix #2469 omit memory.numa_stat when not available
Signed-off-by: Katarzyna Kujawa <katarzyna.kujawa@intel.com>
2020-06-15 11:39:34 +02:00
Akihiro Suda fdc48376d1
Merge pull request #2458 from kolyshkin/cpu-quota-II
Cpu quota fixes, try II
2020-06-12 07:46:56 +09:00
Kir Kolyshkin 3ddb913a8b
Merge pull request #2467 from mrunalp/save_state_atomic
Write state.json atomically
2020-06-11 15:07:40 -07:00
Mrunal Patel ed9d93e290
Merge pull request #2455 from AkihiroSuda/docs-cgroup2
add cgroup v2 documentation
2020-06-11 12:32:20 -07:00
Mrunal Patel a4a306d2a2 Write state.json atomically
We want to make sure that the state file is syned and cannot be
read partially or truncated.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2020-06-10 20:21:04 -07:00
Akihiro Suda 499357d61a
add Vagrantfile.centos7
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-06-10 13:19:09 +09:00
Akihiro Suda 262ef5631a
update.bats: support systemd <= 226
The infinity value was changed in systemd 227.

systemd >= 227: "infinity"
systemd <= 226: 18446744073709551615

e.g. 03a7b521e3 (diff-423c8c1eeb2ef5b08849c3c30b7e53aeR558)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-06-10 13:19:08 +09:00
Akihiro Suda 1f366c6a01
tests/rootless.sh: fix executing bats in non-root PATH
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-06-10 13:19:07 +09:00
Akihiro Suda 6246bb1110
spec.bats: avoid using `git -C`
`git -C` is not present in git 1.8.3.1 shipped in CentOS 7

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-06-10 13:19:07 +09:00
Akihiro Suda bd236e50a5
integration: skip checkpoint tests if criu binary not found
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-06-10 13:18:58 +09:00
Mrunal Patel b2163040db
Merge pull request #2454 from AkihiroSuda/ci-fix-rt
test "update rt period and runtime": fix up runtime and period
2020-06-09 21:17:37 -07:00
Kir Kolyshkin 1b03e72554 tests/int/update: more cpu period/quota cases
Add four "corner case" tests that check that the CPU period/quota
can be set/updated even in case neither CPU quota nor CPU period
(were previously) set.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-09 17:38:24 -07:00
Kir Kolyshkin a92b0327ce cgroups/systemd: fix set CPU quota if period is unset
systemd drivers ignore --cpu-quota during update if the CPU
period was not set earlier.

Fixed by adding the default for the period.

The test will be added by the following commit.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-09 17:32:17 -07:00
Kir Kolyshkin 1832bf0b88 tests/int/update: add cpu-quota -1 tests
Check that resetting cpu quota works.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-09 17:17:13 -07:00
Kir Kolyshkin 7c2b23497e tests/integration/update: enable cpu quota for v2
Also, enable tests of setting quota and period separately in case
systemd cgroup driver is used, as commit 32746fb334
("update: do not overwrite old cpu quota/period") made it possible
to do so.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-09 17:16:47 -07:00
Kir Kolyshkin 32746fb334 update: do not overwrite old cpu quota/period
Seting CPU quota and period independently does not make much sense,
but historically runc allowed it and this needs to be supported
to not break compatibility.

For systemd cgroup drivers to set CPU quota/period correctly,
it needs to know both values. For fs2 cgroup driver to be compatible
with the fs driver, it also needs to know both values.

Here in update, previously set values are available from config.
If only one of {quota,period} is set and the other is not, leave
the unset parameter at the old value (don't overwrite config).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-06-09 17:15:56 -07:00