This allows you to set certian configuration options such as what cgroup
implementation to use on the factory at create time.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
The root problem this fixes is the docker daemon uses DefaulDependencies
for all of its scopes which means that the containers get killed by
systemd before the docker daemon is notified to shutdown. This means
that a docker run in a service file won't get ordered properly on
shutdown! This has affected many CoreOS users and is documented in
systemd as so:
"Unless DefaultDependencies=false is used, scope units will implicitly
have dependencies of type Conflicts= and Before= on shutdown.target."
Unfortunately, systemd didn't allow setting DefaultDependencies=false on
transient units until today:
systemd-run --scope --property="DefaultDependencies=false" /usr/bin/sleep 50000
Unknown assignment DefaultDependencies=false.
Failed to create message: Invalid argument
Fixed here:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=261420ba2a20305ad271b6f5f380aa74c5c9dd50
Discussion with systemd upstream:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026313.htmlhttp://lists.freedesktop.org/archives/systemd-devel/2015-February/027890.html
Tested with docker and systemd master as of today and it work for me.
Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
Change the various config structs into one package and have a flatter
structure for easier use.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
My previous patch moved the setting of the freezer state after the Set()
command. It's wrong, because this command uses it, so we need to set the
freezer state before the command and rollback it in an error case.
Fixes: 13a5703 ("cgroups: don't change a freezer state if an operation failed")
Signed-off-by: Andrey Vagin <avagin@openvz.org>
My previous patch moved the setting of the freezer state after the Set()
command. It's wrong, because this command uses it, so we need to set the
freezer state before the command and rollback it in an error case.
Fixes: 13a5703d85 ("cgroups: don't change a freezer state if an operation failed")
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Now there is function NotifyOnOOM in libcontainer package, which
receives *libcontainer.State as argument.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Currently if we don't use --cpuset, the cpuset cgroup is not
created, it's bad if we want to modify cpuset config subsequently,
change the behavior to make it right.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
There is no reason to have a special type returned from the cgroups
Apply function for getting the paths and cleanup. With access to the
paths we can just delete what we need.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Because we are using the paths that are created when we initially setup
cgroups for a container we no longer have to dynamically generates them
when a user requests stats. This allows us to fully use the fs stats
code without having system create it's paths.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Currently github.com/docker/libcontainer/cgroups/fs.GetStats does not provide the following metrics:
blkio.io_wait_time, blkio.io_service_time, blkio.io_merged, and blkio.time.
This commits add these four metrics. The descriptions of the metrics are here: https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt.
It also modifies blkio_test and stats_util_test to ensure that the metrics are parsed.
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
For our work on adding dynamic device support to Docker we needed to be
able to call this to update the list of allowed devices. This works for
both systemd and fs based cgroups implementations.
Co-Authored-By: Chris Alfonso <calfonso@redhat.com> (github: calfonso)
Docker-DCO-1.1-Signed-off-by: Ian Main <imain@redhat.com> (github: imain)
This is needed for the libvirt exec driver.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
We calculate this on every cgroup call. It comprised of 30%+ of the CPU
usage in cAdvisor.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Sampling should be done by higher layer in configurable intervals. This
change removes the percentage stat as sampling is required for this.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
This makes blkio's GetStats try to read blkio.io_serviced_recursive
first and fall back to read the stats from blkio.throttle in case it
can't. blkio.io_serviced_recursive seems to be available across all
kernels with CFQ enabled.
This closes#165
Signed-off-by: Johannes 'fish' Ziemke <github@freigeist.org>
The current paths for the different systemd cgroup subsystems that
systemd manages and that we have to manage are very inconsistent. This
patch cleans up those differences and allows consistent paths to be
used.
Signed-off-by: Michael Crosby <michael@docker.com>
Previous logic divided a uint64 by a uint64 losing precision before multiplying by clock ticks and cpus
This fix maintains precision before converting back to uint64
Docker-DCO-1.1-Signed-off-by: Nicholas Weaver <lynxbat@gmail.com> (github: lynxbat)
Docker does not require RunIn API. Hence that API has been removed.
nsinit CLI has been modified to work around the nsenter changes.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
This prevents the testing package flags from leaking into the
flagsets of binaries that import libcontainer.
Docker-DCO-1.1-Signed-off-by: Peter Bourgon <peter@bourgon.org> (github: peterbourgon)
in cgroups.Cgroup is absolute. This is required to get stats of other containers while running inside a docker container.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
They are really freezer state and we'll move them through another
interface.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Although it has some overlap with nsinit utility, it is useful to test
cgroup functinality directly and try out new or internal features not
exposed through nsinit.
It still needs some work as I haven't added enough systemd support yet.
I also need to expose an enter method.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
standalone cgroup test util. systemd does auto cleanup on empty, so
doesn't need an extra interface.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
This lists all currently mounted cgroups and all supported cgroup
subsystems on the machine.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
These PR does a few things. It ensures that the freezer cgroup is
joined in the systemd driver. It also provides a public api for setting
the freezer state via the cgroups package.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
The systemd support for the devices cgroup lacks two required features:
* Support for wildcards to allow mknod on any device
* Support for wildcards to allow /dev/pts support
The second is available in more recent systemd as "char-pts", but not in e.g. v208 which is in wide use.
Additionally, the current approach of letting systemd set up the devices cgroup and then adding
some devices to it doesn't work, because some times systemd (at least v208) re-initializes
the devices cgroup, overwriting our custom devices. See https://github.com/dotcloud/docker/issues/6009
for the details.
When wildcarded mknod support is available in systemd we should implement a pure systemd version,
but we need to keep the old one around for backwards compat.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This also makes sure that devices are pointers to avoid copies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
We now have one place that keeps track of (most) devices that are allowed and created within the container. That place is pkg/libcontainer/devices/devices.go
This fixes several inconsistencies between which devices were created in the lxc backend and the native backend. It also fixes inconsistencies between wich devices were created and which were allowed. For example, /dev/full was being created but it was not allowed within the cgroup. It also declares the file modes and permissions of the default devices, rather than copying them from the host. This is in line with docker's philosphy of not being host dependent.
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
Remove old Stats interface in libcontainers cgroups package.
Changed Stats to use unit64 instead of int64 to prevent integer overflow issues.
Updated unit tests.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
Without this any container startup fails:
2014/05/20 09:20:36 setup mount namespace copy additional dev nodes mknod fuse operation not permitted
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Michael Crosby
Lei Jitang
Victor Marmol
Brandon Philips
Andrey Vagin
Qiang Huang
Michael Crosby
Alexander Morozov
Mrunal Patel
Donald Huang
Abin Shahab
Ian Main
Alexander Larsson
Vishnu Kannan
Johannes 'fish' Ziemke
Michael Crosby
Alexandr Morozov
Nicholas Weaver
Peter Bourgon
Jimmi Dyson
Rohit Jnagal
Rohit Jnagal
Bernerd Schaefer
Michael Crosby
Victor Vieux
unclejack
Timothy Hobbs