From 32feb10331834c3ae3d7f0da5c66e375a0abc254 Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Thu, 11 Feb 2021 17:35:11 -0800 Subject: [PATCH] runtime: cpuset: when creating container, don't pass cpuset details Today we only clear out the cpuset details when doing an update call on existing container/pods. This works in the case of Kubernetes, but not in the case where we are explicitly setting the cpuset details at boot time. For example, if you are running a single container via docker ala: docker run --cpuset-cpus 0-3 -it alpine sh What would happen is the cpuset info would be passed in with the container spec for create container request to the agent. At that point in time, there'd only be the defualt number of CPUs available in the guest (1), so you'd be left with cpusets set to 0. Next, we'd hotplug the vCPUs, providing 0-4 CPUs in the guest, but the cpuset would never be updated, leaving the application tied to CPU 0. Ouch. Until the day we support cpusets in the guest, let's make sure that we start off clearing the cpuset fields. Fixes: #1405 Signed-off-by: Eric Ernst --- src/runtime/virtcontainers/kata_agent.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/runtime/virtcontainers/kata_agent.go b/src/runtime/virtcontainers/kata_agent.go index 5226567df7..26199c78b7 100644 --- a/src/runtime/virtcontainers/kata_agent.go +++ b/src/runtime/virtcontainers/kata_agent.go @@ -963,6 +963,10 @@ func (k *kataAgent) constraintGRPCSpec(grpcSpec *grpc.Spec, passSeccomp bool) { grpcSpec.Linux.Resources.BlockIO = nil grpcSpec.Linux.Resources.HugepageLimits = nil grpcSpec.Linux.Resources.Network = nil + if grpcSpec.Linux.Resources.CPU != nil { + grpcSpec.Linux.Resources.CPU.Cpus = "" + grpcSpec.Linux.Resources.CPU.Mems = "" + } // There are three main reasons to do not apply systemd cgroups in the VM // - Initrd image doesn't have systemd.