From 6cb919b48979cac429c0f1089f1a4a79b3b3a694 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 17 Nov 2017 14:12:41 +0000 Subject: [PATCH] Add support for creating cgroups in runtime section Implements https://github.com/moby/tool/pull/181 Design for things like Kubernetes setup that requires some cgroups to exist when the service starts but it is not running in these, other services are, so there would be a race if they are not created in each. Essentially it is just a sugared `mkdir` in all the cgroup dirs. Signed-off-by: Justin Cormack --- Makefile | 2 +- pkg/init/cmd/service/prepare.go | 35 +++++++++++++++++++++++++++------ 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 17154ce1e..4495315b9 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ endif PREFIX?=/usr/local/ MOBY_REPO=https://github.com/moby/tool.git -MOBY_COMMIT=99480b5dd01b18ff2c80a2ce33ad46a436ccdb25 +MOBY_COMMIT=eceb6d11f8685f9da3660683d769659e3688457b MOBY_VERSION=0.0 bin/moby: tmp_moby_bin.tar | bin tar xf $< diff --git a/pkg/init/cmd/service/prepare.go b/pkg/init/cmd/service/prepare.go index 1981f07e3..e3857ed2e 100644 --- a/pkg/init/cmd/service/prepare.go +++ b/pkg/init/cmd/service/prepare.go @@ -14,15 +14,11 @@ import ( "golang.org/x/sys/unix" ) -const ( - wgPath = "/usr/bin/wg" - nsenterPath = "/usr/bin/nsenter-net" -) - // Note these definitions are from moby/tool/src/moby/config.go and should be kept in sync // Runtime is the type of config processed at runtime, not used to build the OCI spec type Runtime struct { + Cgroups []string `yaml:"cgroups" json:"cgroups,omitempty"` Mounts []specs.Mount `yaml:"mounts" json:"mounts,omitempty"` Mkdir []string `yaml:"mkdir" json:"mkdir,omitempty"` Interfaces []Interface `yaml:"interfaces" json:"interfaces,omitempty"` @@ -122,7 +118,27 @@ func parseMountOptions(options []string) (int, string) { return flag, strings.Join(data, ",") } -// prepareFilesystem sets up the mounts, before the container is created +// newCgroup creates a cgroup (ie directory) under all directories in /sys/fs/cgroup +// we could use github.com/containerd/cgroups but it has a lot of deps and this is just a sugary mkdir +func newCgroup(cgroup string) error { + dirs, err := ioutil.ReadDir("/sys/fs/cgroup") + if err != nil { + return err + } + + for _, dir := range dirs { + if !dir.IsDir() { + continue + } + if err := os.MkdirAll(filepath.Join("/sys/fs/cgroup", dir.Name(), cgroup), 0755); err != nil { + log.Printf("cgroup error: %v", err) + } + } + + return nil +} + +// prepareFilesystem sets up the mounts and cgroups, before the container is created func prepareFilesystem(path string, runtime Runtime) error { // execute the runtime config that should be done up front // we execute Mounts before Mkdir so you can make a directory under a mount @@ -157,6 +173,13 @@ func prepareFilesystem(path string, runtime Runtime) error { } } + for _, cgroup := range runtime.Cgroups { + // currently no way to specify resource limits on new cgroups at creation time + if err := newCgroup(cgroup); err != nil { + return fmt.Errorf("Cannot create cgroup %s: %v", cgroup, err) + } + } + return nil }