github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-25 18:53:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #5154 from Yuan-Zhuo/main

Browse Source 
agent: support systemd cgroup for kata agent.
This commit is contained in:
Bin Liu
2022-11-28 18:40:10 +08:00
committed by GitHub
parent 74531114c3 d7bb4b5512
commit 6af037d379
31 changed files with 4542 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/runtime/virtcontainers/kata_agent.go
View File

@@ -23,7 +23,6 @@ import (
"github.com/kata-containers/kata-containers/src/runtime/pkg/device/config"
volume "github.com/kata-containers/kata-containers/src/runtime/pkg/direct-volume"
"github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/katatrace"
resCtrl "github.com/kata-containers/kata-containers/src/runtime/pkg/resourcecontrol"
"github.com/kata-containers/kata-containers/src/runtime/pkg/uuid"
persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols"
@@ -927,18 +926,19 @@ func (k *kataAgent) constrainGRPCSpec(grpcSpec *grpc.Spec, passSeccomp bool, str
grpcSpec.Linux.Resources.CPU.Mems = ""
}
// We need agent systemd cgroup now.
// There are three main reasons to do not apply systemd cgroups in the VM
// - Initrd image doesn't have systemd.
// - Nobody will be able to modify the resources of a specific container by using systemctl set-property.
// - docker is not running in the VM.
if resCtrl.IsSystemdCgroup(grpcSpec.Linux.CgroupsPath) {
// Convert systemd cgroup to cgroupfs
slice := strings.Split(grpcSpec.Linux.CgroupsPath, ":")
// 0 - slice: system.slice
// 1 - prefix: docker
// 2 - name: abc123
grpcSpec.Linux.CgroupsPath = filepath.Join("/", slice[1], slice[2])
}
// if resCtrl.IsSystemdCgroup(grpcSpec.Linux.CgroupsPath) {
// // Convert systemd cgroup to cgroupfs
// slice := strings.Split(grpcSpec.Linux.CgroupsPath, ":")
// // 0 - slice: system.slice
// // 1 - prefix: docker
// // 2 - name: abc123
// grpcSpec.Linux.CgroupsPath = filepath.Join("/", slice[1], slice[2])
// }
// Disable network namespace since it is already handled on the host by
// virtcontainers. The network is a complex part which cannot be simply

2
src/runtime/virtcontainers/kata_agent_test.go
View File

@@ -573,7 +573,7 @@ func TestAppendVhostUserBlkDevices(t *testing.T) {
func TestConstrainGRPCSpec(t *testing.T) {
assert := assert.New(t)
expectedCgroupPath := "/foo/bar"
expectedCgroupPath := "system.slice:foo:bar"
g := &pb.Spec{
Hooks: &pb.Hooks{},