From 3721351324cefbb39d654738481bfeb4349b32b4 Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Thu, 11 Feb 2021 17:35:11 -0800 Subject: [PATCH] runtime: cpuset: when creating container, don't pass cpuset details Today we only clear out the cpuset details when doing an update call on existing container/pods. This works in the case of Kubernetes, but not in the case where we are explicitly setting the cpuset details at boot time. For example, if you are running a single container via docker ala: docker run --cpuset-cpus 0-3 -it alpine sh What would happen is the cpuset info would be passed in with the container spec for create container request to the agent. At that point in time, there'd only be the defualt number of CPUs available in the guest (1), so you'd be left with cpusets set to 0. Next, we'd hotplug the vCPUs, providing 0-4 CPUs in the guest, but the cpuset would never be updated, leaving the application tied to CPU 0. Ouch. Until the day we support cpusets in the guest, let's make sure that we start off clearing the cpuset fields. Fixes: #1405 Signed-off-by: Eric Ernst --- src/runtime/virtcontainers/kata_agent.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/runtime/virtcontainers/kata_agent.go b/src/runtime/virtcontainers/kata_agent.go index 0999e561e6..2bbdcef496 100644 --- a/src/runtime/virtcontainers/kata_agent.go +++ b/src/runtime/virtcontainers/kata_agent.go @@ -964,6 +964,10 @@ func (k *kataAgent) constraintGRPCSpec(grpcSpec *grpc.Spec, passSeccomp bool) { grpcSpec.Linux.Resources.BlockIO = nil grpcSpec.Linux.Resources.HugepageLimits = nil grpcSpec.Linux.Resources.Network = nil + if grpcSpec.Linux.Resources.CPU != nil { + grpcSpec.Linux.Resources.CPU.Cpus = "" + grpcSpec.Linux.Resources.CPU.Mems = "" + } // There are three main reasons to do not apply systemd cgroups in the VM // - Initrd image doesn't have systemd.