diff --git a/hack/.golint_failures b/hack/.golint_failures index b4734a30b62..66156e16d5d 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -296,14 +296,11 @@ pkg/util/mount pkg/util/netsh/testing pkg/util/normalizer pkg/util/oom -pkg/util/parsers pkg/util/procfs pkg/util/removeall pkg/util/rlimit pkg/util/selinux -pkg/util/sysctl pkg/util/sysctl/testing -pkg/util/system pkg/util/taints pkg/util/tolerations pkg/version/verflag diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go index a1f7ff1cc7e..92575867560 100644 --- a/pkg/kubelet/cm/container_manager_linux.go +++ b/pkg/kubelet/cm/container_manager_linux.go @@ -360,8 +360,8 @@ const ( // depending upon the specified option, it will either warn, error, or modify the kernel tunable flags func setupKernelTunables(option KernelTunableBehavior) error { desiredState := map[string]int{ - utilsysctl.VmOvercommitMemory: utilsysctl.VmOvercommitMemoryAlways, - utilsysctl.VmPanicOnOOM: utilsysctl.VmPanicOnOOMInvokeOOMKiller, + utilsysctl.VMOvercommitMemory: utilsysctl.VMOvercommitMemoryAlways, + utilsysctl.VMPanicOnOOM: utilsysctl.VMPanicOnOOMInvokeOOMKiller, utilsysctl.KernelPanic: utilsysctl.KernelPanicRebootTimeout, utilsysctl.KernelPanicOnOops: utilsysctl.KernelPanicOnOopsAlways, utilsysctl.RootMaxKeys: utilsysctl.RootMaxKeysSetting, diff --git a/pkg/util/parsers/parsers.go b/pkg/util/parsers/parsers.go index be35da7ccc1..a6d97043d49 100644 --- a/pkg/util/parsers/parsers.go +++ b/pkg/util/parsers/parsers.go @@ -27,6 +27,7 @@ import ( ) const ( + // DefaultImageTag is the default tag for docker image. DefaultImageTag = "latest" ) diff --git a/pkg/util/sysctl/sysctl.go b/pkg/util/sysctl/sysctl.go index 5c01dd88e7b..311212c1faf 100644 --- a/pkg/util/sysctl/sysctl.go +++ b/pkg/util/sysctl/sysctl.go @@ -24,25 +24,47 @@ import ( ) const ( - sysctlBase = "/proc/sys" - VmOvercommitMemory = "vm/overcommit_memory" - VmPanicOnOOM = "vm/panic_on_oom" - KernelPanic = "kernel/panic" - KernelPanicOnOops = "kernel/panic_on_oops" - RootMaxKeys = "kernel/keys/root_maxkeys" - RootMaxBytes = "kernel/keys/root_maxbytes" + sysctlBase = "/proc/sys" + // VMOvercommitMemory refers to the sysctl variable responsible for defining + // the memory over-commit policy used by kernel. + VMOvercommitMemory = "vm/overcommit_memory" + // VMPanicOnOOM refers to the sysctl variable responsible for defining + // the OOM behavior used by kernel. + VMPanicOnOOM = "vm/panic_on_oom" + // KernelPanic refers to the sysctl variable responsible for defining + // the timeout after a panic for the kernel to reboot. + KernelPanic = "kernel/panic" + // KernelPanicOnOops refers to the sysctl variable responsible for defining + // the kernel behavior when an oops or BUG is encountered. + KernelPanicOnOops = "kernel/panic_on_oops" + // RootMaxKeys refers to the sysctl variable responsible for defining + // the maximum number of keys that the root user (UID 0 in the root user namespace) may own. + RootMaxKeys = "kernel/keys/root_maxkeys" + // RootMaxBytes refers to the sysctl variable responsible for defining + // the maximum number of bytes of data that the root user (UID 0 in the root user namespace) + // can hold in the payloads of the keys owned by root. + RootMaxBytes = "kernel/keys/root_maxbytes" - VmOvercommitMemoryAlways = 1 // kernel performs no memory over-commit handling - VmPanicOnOOMInvokeOOMKiller = 0 // kernel calls the oom_killer function when OOM occurs + // VMOvercommitMemoryAlways represents that kernel performs no memory over-commit handling. + VMOvercommitMemoryAlways = 1 + // VMPanicOnOOMInvokeOOMKiller represents that kernel calls the oom_killer function when OOM occurs. + VMPanicOnOOMInvokeOOMKiller = 0 - KernelPanicOnOopsAlways = 1 // kernel panics on kernel oops - KernelPanicRebootTimeout = 10 // seconds after a panic for the kernel to reboot + // KernelPanicOnOopsAlways represents that kernel panics on kernel oops. + KernelPanicOnOopsAlways = 1 + // KernelPanicRebootTimeout is the timeout seconds after a panic for the kernel to reboot. + KernelPanicRebootTimeout = 10 - RootMaxKeysSetting = 1000000 // Needed since docker creates a new key per container - RootMaxBytesSetting = RootMaxKeysSetting * 25 // allocate 25 bytes per key * number of MaxKeys + // RootMaxKeysSetting is the maximum number of keys that the root user (UID 0 in the root user namespace) may own. + // Needed since docker creates a new key per container. + RootMaxKeysSetting = 1000000 + // RootMaxBytesSetting is the maximum number of bytes of data that the root user (UID 0 in the root user namespace) + // can hold in the payloads of the keys owned by root. + // Allocate 25 bytes per key * number of MaxKeys. + RootMaxBytesSetting = RootMaxKeysSetting * 25 ) -// An injectable interface for running sysctl commands. +// Interface is an injectable interface for running sysctl commands. type Interface interface { // GetSysctl returns the value for the specified sysctl setting GetSysctl(sysctl string) (int, error) @@ -60,7 +82,7 @@ type procSysctl struct { } // GetSysctl returns the value for the specified sysctl setting -func (_ *procSysctl) GetSysctl(sysctl string) (int, error) { +func (*procSysctl) GetSysctl(sysctl string) (int, error) { data, err := ioutil.ReadFile(path.Join(sysctlBase, sysctl)) if err != nil { return -1, err @@ -73,6 +95,6 @@ func (_ *procSysctl) GetSysctl(sysctl string) (int, error) { } // SetSysctl modifies the specified sysctl flag to the new value -func (_ *procSysctl) SetSysctl(sysctl string, newVal int) error { +func (*procSysctl) SetSysctl(sysctl string, newVal int) error { return ioutil.WriteFile(path.Join(sysctlBase, sysctl), []byte(strconv.Itoa(newVal)), 0640) } diff --git a/pkg/util/system/system_utils.go b/pkg/util/system/system_utils.go index bf1a024b50b..61832d95bc5 100644 --- a/pkg/util/system/system_utils.go +++ b/pkg/util/system/system_utils.go @@ -20,6 +20,7 @@ import ( "strings" ) +// IsMasterNode returns true if given node is a registered master. // TODO: find a better way of figuring out if given node is a registered master. func IsMasterNode(nodeName string) bool { // We are trying to capture "master(-...)?$" regexp.