8000 stage1/kvm: Avoid writing misleading subcgroup by euank · Pull Request #3107 · rkt/rkt · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Feb 24, 2020. It is now read-only.

stage1/kvm: Avoid writing misleading subcgroup #3107

Merged
merged 1 commit into from
Aug 30, 2016
Merged

stage1/kvm: Avoid writing misleading subcgroup #3107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions Documentation/devel/stage1-implementors-guide.md
View file
Open in desktop
8000
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,12 @@ Stage1 implementors have two options for doing so; only one must be implemented:
* `/var/lib/rkt/pods/run/$uuid/pid`: the PID of the process that will be given to the "enter" entrypoint.
* `/var/lib/rkt/pods/run/$uuid/ppid`: the PID of the parent of the process that will be given to the "enter" entrypoint. That parent process must have exactly one child process.

The entrypoint of a stage1 may also optionally inform rkt of the "pod cgroup", the `name=systemd` cgroup the pod's applications are expected to reside under, via the `subcgroup` file. If this file is written, it must be written before the `pid` or `ppid` files are written. This information is useful for any external monitoring system that wishes to reliably link a given cgroup to its associated rkt pod. The file should be written in the pod directory at `/var/lib/rkt/pods/run/$uuid/subcgroup`.

The file's contents should be a text string, for example of the form `machine-rkt\xuuid.scope`, which will match the control in the cgroup hierarchy of the `ppid` or `pid` of the pod.

Any stage1 that supports and expects machined registration to occur will likely want to write such a file.
Copy link
Member
@lucab lucab Aug 24, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I remember correctly, this is also used for cgroup GC. Perhaps we should also mention that here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is, I'll work that into this.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, on second thought, the fact that it's used for gc is an internal detail of the stage1 gc entrypoint is why I didn't include it. The rkt stage0 has no knowledge nor use of this, so that detail isn't something to document here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough.


#### Arguments

* `--debug` to activate debugging
Expand Down
23 changes: 15 additions & 8 deletions stage1/init/init.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,8 +215,9 @@ func installAssets() error {
return proj2aci.PrepareAssets(assets, "./stage1/rootfs/", nil)
}

// getArgsEnv returns the nspawn or lkvm args and env according to the flavor used
func getArgsEnv(p *stage1commontypes.Pod, flavor string, debug bool, n *networking.Networking, insecureOptions stage1initcommon.Stage1InsecureOptions) ([]string, []string, error) {
// getArgsEnv returns the nspawn or lkvm args and env according to the flavor
// as the first two return values respectively.
func getArgsEnv(p *stage1commontypes.Pod, flavor string, canMachinedRegister bool, debug bool, n *networking.Networking, insecureOptions stage1initcommon.Stage1InsecureOptions) ([]string, []string, error) {
var args []string
env := os.Environ()

Expand Down Expand Up @@ -298,7 +299,7 @@ func getArgsEnv(p *stage1commontypes.Pod, flavor string, debug bool, n *networki
args = append(args, fmt.Sprintf("-L%s", context))
}

if machinedRegister() {
if canMachinedRegister {
args = append(args, fmt.Sprintf("--register=true"))
} else {
args = append(args, fmt.Sprintf("--register=false"))
Expand All @@ -320,7 +321,7 @@ func getArgsEnv(p *stage1commontypes.Pod, flavor string, debug bool, n *networki
args = append(args, fmt.Sprintf("-L%s", context))
}

if machinedRegister() {
if canMachinedRegister {
args = append(args, fmt.Sprintf("--register=true"))
} else {
args = append(args, fmt.Sprintf("--register=false"))
Expand Down Expand Up @@ -581,7 +582,12 @@ func stage1() int {
return 1
}

args, env, err := getArgsEnv(p, flavor, debug, n, insecureOptions)
canMachinedRegister := false
if flavor != "kvm" {
Copy link
Member
@lucab lucab Aug 24, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does fly fit into this PR? Should it be taken into account here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fly neither writes a file nor does machined registration (this init.go code is not called for it and there is no analogue in the stage1_fly/run/run.go code).

// kvm doesn't register with systemd right now, see #2664.
canMachinedRegister = machinedRegister()
}
args, env, err := getArgsEnv(p, flavor, canMachinedRegister, debug, n, insecureOptions)
if err != nil {
log.Error(err)
return 1
Expand Down Expand Up @@ -622,13 +628,14 @@ func stage1() int {
}
s1Root := common.Stage1RootfsPath(p.Root)
machineID := stage1initcommon.GetMachineID(p)
subcgroup, err := getContainerSubCgroup(machineID)
subcgroup, err := getContainerSubCgroup(machineID, canMachinedRegister)
if err == nil {
if err := ioutil.WriteFile(filepath.Join(p.Root, "subcgroup"),
[]byte(fmt.Sprintf("%s", subcgroup)), 0644); err != nil {
log.FatalE("cannot write subcgroup file", err)
return 1
}

if err := mountContainerCgroups(s1Root, enabledCgroups, subcgroup, serviceNames); err != nil {
log.PrintE("couldn't mount the container cgroups", err)
return 1
Expand Down Expand Up @@ -720,7 +727,7 @@ func mountContainerCgroups(s1Root string, enabledCgroups map[int][]string, subcg
return nil
}

func getContainerSubCgroup(machineID string) (string, error) {
func getContainerSubCgroup(machineID string, canMachinedRegister bool) (string, error) {
var subcgroup string
fromUnit, err := util.RunningFromSystemService()
if err != nil {
Expand All @@ -743,7 +750,7 @@ func getContainerSubCgroup(machineID string) (string, error) {
} else {
escapedmID := strings.Replace(machineID, "-", "\\x2d", -1)
machineDir := "machine-" + escapedmID + ".scope"
if machinedRegister() {
if canMachinedRegister {
// we are not in the final cgroup yet: systemd-nspawn will move us
// to the correct cgroup later during registration so we can't
// look it up in /proc/self/cgroup
Expand Down
0