Commit Graph

43 Commits

Author SHA1 Message Date
Pavel Tikhomirov dc4bd4cece systemd: properly check DefaultDependencies is read only
on systemd v208 in Centos7 and Fedora20 error is not:
"org.freedesktop.DBus.Error.PropertyReadOnly"
but:
"property.org.freedesktop.DBus.Error.PropertyReadOnly"
so check failes and in Docker we get:
Docker daemon: System error: Cannot set property DefaultDependencies, or
unknown property

Fix for commit:
99233fde8c

Signed-off-by: Pavel Tikhomirov <ptikhomirov@parallels.com>
2015-03-23 09:44:15 +03:00
Qiang Huang 1db687f4f4 add Set api
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-03-04 08:42:35 +08:00
Qiang Huang cc524f1b72 add Set interface
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-03-04 08:42:04 +08:00
Qiang Huang 12a63757db rename Set to Apply
The name `Set` would be used to do dymanic changes of resource configs
in the future. For now, `Apply` also makes more sense.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-03-04 08:37:55 +08:00
Alexander Morozov dd5576b2b3 Implement stats for systemd
It looks weird but works and not crashes application.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-03-02 14:36:09 -08:00
Michael Crosby 22df5551ed Merge branch 'master' into api
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	cgroups/systemd/apply_systemd.go
2015-02-19 16:02:50 -08:00
Michael Crosby f4cf808a3d Merge branch 'master' into api
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	MAINTAINERS
	cgroups/cgroups.go
	cgroups/fs/apply_raw.go
	cgroups/fs/notify_linux.go
	cgroups/fs/notify_linux_test.go
	cgroups/systemd/apply_systemd.go
	config.go
	configs/config_test.go
	console/console.go
	integration/exec_test.go
	integration/init_test.go
	integration/template_test.go
	integration/utils_test.go
	linux_notify.go
	linux_notify_test.go
	mount/init.go
	mount/mount_config.go
	mount/pivotroot.go
	mount/ptmx.go
	namespaces/create.go
	namespaces/exec.go
	namespaces/execin.go
	namespaces/init.go
	namespaces/nsenter/nsenter.c
	namespaces/nsenter/nsenter.go
	namespaces/utils.go
	network/network.go
	network/types.go
	network/veth.go
	notify_linux.go
	notify_linux_test.go
	nsinit/exec.go
	nsinit/main.go
	nsinit/nsenter.go
	nsinit/oom.go
	sample_configs/host-pid.json
	sample_configs/userns.json
	security/capabilities/capabilities.go
	update-vendor.sh
2015-02-16 15:09:42 -08:00
Lei Jitang 29f5cb6b39 Add systemd support cpu.cfs_quota_us and cpu.cfs_period_us
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-02-13 14:33:03 +08:00
Brandon Philips 99233fde8c cgroups: systemd: set DefaultDependencies=false if possible
The root problem this fixes is the docker daemon uses DefaulDependencies
for all of its scopes which means that the containers get killed by
systemd before the docker daemon is notified to shutdown. This means
that a docker run in a service file won't get ordered properly on
shutdown! This has affected many CoreOS users and is documented in
systemd as so:

"Unless DefaultDependencies=false is used, scope units will implicitly
have dependencies of type Conflicts= and Before= on shutdown.target."

Unfortunately, systemd didn't allow setting DefaultDependencies=false on
transient units until today:

    systemd-run --scope --property="DefaultDependencies=false" /usr/bin/sleep 50000
    Unknown assignment DefaultDependencies=false.
    Failed to create message: Invalid argument

Fixed here:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=261420ba2a20305ad271b6f5f380aa74c5c9dd50

Discussion with systemd upstream:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026313.html
http://lists.freedesktop.org/archives/systemd-devel/2015-February/027890.html

Tested with docker and systemd master as of today and it work for me.

Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
2015-02-03 22:25:27 -05:00
Michael Crosby 935d81f23d Flatten configuration structs
Change the various config structs into one package and have a flatter
structure for easier use.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-01-31 19:56:27 -08:00
Andrey Vagin ca633b2f29 Merge remote-tracking branch 'origin/master' into api
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-28 14:37:40 +03:00
Qiang Huang 46573774a2 cgroups: simplify the join_memory check
If c.Memory=0, there is no point to set memoryswap.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-01-22 12:19:40 +08:00
Qiang Huang c4821b6f3e cgroups: always create device cgroup on systemd
This is the same behavior as fs does.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-01-22 09:53:30 +08:00
Andrey Vagin e79e87e426 cgroup/systemd: set config.Cgroups.Freezer
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-21 18:46:00 +03:00
Qiang Huang 54968f68bc add support for blkio.weight
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-01-19 14:33:48 +08:00
Andrey Vagin 083d91f8c3 cgroups: Add comments for methods of cgroup managers
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-15 01:45:49 +03:00
Andrey Vagin ee6e585e21 cgroups: replace SetPaths on LoadCgroupManager
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-15 00:44:14 +03:00
Andrey Vagin ba4257a146 new-api: add the Freezer method to cgroup.Manager
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-15 00:43:14 +03:00
Andrey Vagin 6dd7552537 new-api: implement fs and systemd cgroup managers
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-01-15 00:43:13 +03:00
Qiang Huang e3b14402eb cgroups: add support for cpuset.mems
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2014-12-05 17:37:24 -08:00
Qiang Huang 9c7bd7cd9e libcontainer: setup cpuset cgroup by default
Currently if we don't use --cpuset, the cpuset cgroup is not
created, it's bad if we want to modify cpuset config subsequently,
change the behavior to make it right.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2014-11-17 19:06:20 -08:00
Michael Crosby bc7efa6b81 Have cgroup.Apply return paths to setup cgroups
There is no reason to have a special type returned from the cgroups
Apply function for getting the paths and cleanup.  With access to the
paths we can just delete what we need.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-11-17 11:56:19 -08:00
Michael Crosby 5cacd48132 Remove systemd.GetStats
Because we are using the paths that are created when we initially setup
cgroups for a container we no longer have to dynamically generates them
when a user requests stats.  This allows us to fully use the fs stats
code without having system create it's paths.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-11-17 11:56:19 -08:00
Alexandr Morozov 7da5ab8130 Fix vet errors
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
2014-11-05 15:38:58 -08:00
Ian Main d67a27ee13 Create an ApplyDevices call.
For our work on adding dynamic device support to Docker we needed to be
able to call this to update the list of allowed devices.  This works for
both systemd and fs based cgroups implementations.

Co-Authored-By: Chris Alfonso <calfonso@redhat.com> (github: calfonso)
Docker-DCO-1.1-Signed-off-by: Ian Main <imain@redhat.com> (github: imain)
2014-10-15 11:59:26 -07:00
Michael Crosby 3cdf12b041 Change not found error to be typed with cgroup subsystem
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-20 10:32:01 -07:00
Alexandr Morozov 388d143d19
Remove dependency from docker/pkg/systemd
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
2014-08-19 20:16:39 +04:00
Michael Crosby 781855b62a Cleanup systemd cgroup code
The current paths for the different systemd cgroup subsystems that
systemd manages and that we have to manage are very inconsistent.  This
patch cleans up those differences and allows consistent paths to be
used.

Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-13 18:16:51 -07:00
Vishnu Kannan 97de9a45f9 Update cgroups paths in state to be a map with cgroup type as key and path as value.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-08-13 23:26:27 +00:00
Vishnu Kannan ad16526d7f Store all the cgroups paths as part of the state. This simplifies entering cgroups and will be useful for
cleanups too in the future.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-08-13 23:26:27 +00:00
Vishnu Kannan ae08910fde Enter cgroups as part of nsenter while using systemd.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-08-13 23:26:27 +00:00
Michael Crosby 4568ca76c8 Update imports for new docker location
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-24 14:28:49 -07:00
Michael Crosby 7e1cfc1f6a Dont fail on missing subsystem for systemd stats
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-11 12:05:59 -07:00
Michael Crosby 50106c7490 Fix nsinit function to get stats from systemd
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-07-11 12:00:27 -07:00
Jimmi Dyson cbd37fba86 Add systemd stats, reusing fs stats functionality
Docker-DCO-1.1-Signed-off-by: Jimmi Dyson <jimmidyson@gmail.com> (github: jimmidyson)
2014-07-11 11:43:08 -07:00
Michael Crosby 6ab3ef56f4 Update imports for new repository path 2014-06-10 08:14:16 -07:00
Victor Vieux 3e8849fa76 implement wait on freeze
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-06-04 02:21:10 +00:00
Michael Crosby 5d1ebaf4c3 Implement systemd support for freezer
These PR does a few things.  It ensures that the freezer cgroup is
joined in the systemd driver.  It also provides a public api for setting
the freezer state via the cgroups package.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-03 10:46:53 -07:00
Alexander Larsson 03044f6378 libcontainer/cgroup: Use raw access to set up and join the devices cgroup
The systemd support for the devices cgroup lacks two required features:
 * Support for wildcards to allow mknod on any device
 * Support for wildcards to allow /dev/pts support

The second is available in more recent systemd as "char-pts", but not in e.g. v208 which is in wide use.

Additionally, the current approach of letting systemd set up the devices cgroup and then adding
some devices to it doesn't work, because some times systemd (at least v208) re-initializes
the devices cgroup, overwriting our custom devices. See https://github.com/dotcloud/docker/issues/6009
for the details.

When wildcarded mknod support is available in systemd we should implement a pure systemd version,
but we need to keep the old one around for backwards compat.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-03 11:34:14 +02:00
Timothy Hobbs 18f6a5aaf4 Refactor device handling code
We now have one place that keeps track of (most) devices that are allowed and created within the container.  That place is pkg/libcontainer/devices/devices.go

This fixes several inconsistencies between which devices were created in the lxc backend and the native backend.  It also fixes inconsistencies between wich devices were created and which were allowed.  For example, /dev/full was being created but it was not allowed within the cgroup.  It also declares the file modes and permissions of the default devices, rather than copying them from the host.  This is in line with docker's philosphy of not being host dependent.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
2014-05-30 19:21:29 +00:00
Michael Crosby fc6d231773 Move get pid into cgroup implementation
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-21 21:14:07 +00:00
Alexander Larsson 6de35476ec cgroups: Allow mknod for any device in systemd cgroup backend
Without this any container startup fails:
2014/05/20 09:20:36 setup mount namespace copy additional dev nodes mknod fuse operation not permitted

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-05-20 09:29:32 +02:00
Michael Crosby 3ce347c35f Move cgroups package into libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-14 15:21:44 -07:00