We do this aim two goals:
- don't fail when some subsystems are not mounted (devices cgroup
is an exception because it will cause secirity issues).
- fail hard instead of ignoring the error when a user specifies
an option and we are unable to fulfill the request.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Add join function so we can reduce duplicate code, and we can
call Set api in fs cgroup, that can reduce sync work on fs side
and systemd side.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
As reported in #477 the test scope may not be cleaned up between runs.
In order to fix this we must be polite and remove the scope after we
have done our test and attempt to remove an existing scope if it exists.
This way we can guarantee our test will run.
Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
on systemd v208 in Centos7 and Fedora20 error is not:
"org.freedesktop.DBus.Error.PropertyReadOnly"
but:
"property.org.freedesktop.DBus.Error.PropertyReadOnly"
so check failes and in Docker we get:
Docker daemon: System error: Cannot set property DefaultDependencies, or
unknown property
Fix for commit:
99233fde8c
Signed-off-by: Pavel Tikhomirov <ptikhomirov@parallels.com>
The name `Set` would be used to do dymanic changes of resource configs
in the future. For now, `Apply` also makes more sense.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
The root problem this fixes is the docker daemon uses DefaulDependencies
for all of its scopes which means that the containers get killed by
systemd before the docker daemon is notified to shutdown. This means
that a docker run in a service file won't get ordered properly on
shutdown! This has affected many CoreOS users and is documented in
systemd as so:
"Unless DefaultDependencies=false is used, scope units will implicitly
have dependencies of type Conflicts= and Before= on shutdown.target."
Unfortunately, systemd didn't allow setting DefaultDependencies=false on
transient units until today:
systemd-run --scope --property="DefaultDependencies=false" /usr/bin/sleep 50000
Unknown assignment DefaultDependencies=false.
Failed to create message: Invalid argument
Fixed here:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=261420ba2a20305ad271b6f5f380aa74c5c9dd50
Discussion with systemd upstream:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026313.htmlhttp://lists.freedesktop.org/archives/systemd-devel/2015-February/027890.html
Tested with docker and systemd master as of today and it work for me.
Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
Change the various config structs into one package and have a flatter
structure for easier use.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Currently if we don't use --cpuset, the cpuset cgroup is not
created, it's bad if we want to modify cpuset config subsequently,
change the behavior to make it right.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
There is no reason to have a special type returned from the cgroups
Apply function for getting the paths and cleanup. With access to the
paths we can just delete what we need.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Because we are using the paths that are created when we initially setup
cgroups for a container we no longer have to dynamically generates them
when a user requests stats. This allows us to fully use the fs stats
code without having system create it's paths.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
For our work on adding dynamic device support to Docker we needed to be
able to call this to update the list of allowed devices. This works for
both systemd and fs based cgroups implementations.
Co-Authored-By: Chris Alfonso <calfonso@redhat.com> (github: calfonso)
Docker-DCO-1.1-Signed-off-by: Ian Main <imain@redhat.com> (github: imain)
Ma Shimiao
Victor Marmol
Qiang Huang
Andrey Vagin
Alexander Morozov
Michael Crosby
bin liu
Shishir Mahajan
Brandon Philips
Pavel Tikhomirov
Alexander Morozov
Michael Crosby
Lei Jitang
Ian Main
Michael Crosby