github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-25 23:11:57 +00:00
Code Issues Projects Releases Wiki Activity

virtcontainers: reimplement setupSandboxCgroup

Browse Source 
Reimplement `setupSandboxCgroup` to support cgroupsV2 and systemd cgroups
using libcontainer instead of containerd/cgroups.
As an initial effort to support these cgroups, `sandbox_cgroup_only` must
be set to `true` in configuration file.

fixes #2350

Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit is contained in:
Julio Montes 2019-12-11 18:07:06 +00:00
parent 9949daf4dc
commit f372b85848
1 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
virtcontainers/sandbox.go
View File

@ -2033,32 +2033,51 @@ func (s *Sandbox) cpuResources() *specs.LinuxCPU {
// setupSandboxCgroup creates and joins sandbox cgroups for the sandbox config // setupSandboxCgroup creates and joins sandbox cgroups for the sandbox config
func (s *Sandbox) setupSandboxCgroup() error { func (s *Sandbox) setupSandboxCgroup() error {
var err error
spec := s.GetPatchedOCISpec() spec := s.GetPatchedOCISpec()
if spec == nil { if spec == nil {
return errorMissingOCISpec return errorMissingOCISpec
} }
if spec.Linux == nil { if spec.Linux == nil {
// Cgroup path is optional, though expected. If not defined, skip the setup
s.Logger().WithField("sandboxid", s.id).Warning("no cgroup path provided for pod sandbox, not creating sandbox cgroup") s.Logger().WithField("sandboxid", s.id).Warning("no cgroup path provided for pod sandbox, not creating sandbox cgroup")
return nil return nil
} }
validContainerCgroup := utils.ValidCgroupPath(spec.Linux.CgroupsPath)
// Create a Kata sandbox cgroup with the cgroup of the sandbox container as the parent s.state.CgroupPath, err = validCgroupPath(spec.Linux.CgroupsPath, s.config.SystemdCgroup)
s.state.CgroupPath = filepath.Join(filepath.Dir(validContainerCgroup), cgroupKataPrefix+"_"+s.id)
cgroup, err := cgroupsNewFunc(cgroups.V1, cgroups.StaticPath(s.state.CgroupPath), &specs.LinuxResources{})
if err != nil { if err != nil {
return fmt.Errorf("Could not create sandbox cgroup in %v: %v", s.state.CgroupPath, err) return fmt.Errorf("Invalid cgroup path: %v", err)
}
// Do not change current cgroup configuration.
// Create a spec without constraints
unconstraintSpec := specs.Spec{
Linux: &specs.Linux{
Resources: &specs.LinuxResources{},
CgroupsPath: s.state.CgroupPath,
},
}
cmgr, err := newCgroupManager(s.config.Cgroups, s.state.CgroupPaths, &unconstraintSpec)
if err != nil {
return fmt.Errorf("Could not create a new cgroup manager: %v", err)
} }
// Add the runtime to the Kata sandbox cgroup
runtimePid := os.Getpid() runtimePid := os.Getpid()
if err := cgroup.Add(cgroups.Process{Pid: runtimePid}); err != nil { // Add the runtime to the Kata sandbox cgroup
if err := cmgr.Apply(runtimePid); err != nil {
return fmt.Errorf("Could not add runtime PID %d to sandbox cgroup: %v", runtimePid, err) return fmt.Errorf("Could not add runtime PID %d to sandbox cgroup: %v", runtimePid, err)
} }
// `Apply` updates manager's Cgroups and CgroupPaths,
// they both need to be saved since are used to create
// or restore a cgroup managers.
if s.config.Cgroups, err = cmgr.GetCgroups(); err != nil {
return fmt.Errorf("Could not get cgroup configuration: %v", err)
}
s.state.CgroupPaths = cmgr.GetPaths()
return nil return nil
} }