api_service: Return cgroup for running pods, add a new filter field to filter pods according to cgroup #2331
Conversation
rkt/pods.go
Outdated
| // Read the systemd cgroup. | ||
| // TODO(yifan): What if rkt runs on non-systemd system? | ||
| // Read the cgroup of 'ID == 1'? | ||
| if tuples[1] == "name=systemd" { |
There was a problem hiding this comment.
Using "name=systemd" is ok: we already do this in https://github.com/coreos/rkt/blob/master/stage1/init/init.go#L729
If "name=systemd" does not exist, it should not be fatal: in stage1() we just print a warning. So it works when systemd is not on the host.
I would move getCgroup in cgroup.go, rename it to GetCgroupPathByPid and it can probably share some code with GetOwnCgroupPath().
Then in getBasicPod(), you would just call cgroup.GetCgroupPathByPid(pid, "name=systemd")
There was a problem hiding this comment.
This will need to be reworked with unified hierarchy: #1757, but we will see at that time
| // If not empty, the pods that have all of the annotations will be returned. | ||
| repeated KeyValue annotations = 6; | ||
|
|
||
| // If not empty, the pods whose cgroup are listed will be returned. |
There was a problem hiding this comment.
Is there a use case for this reverse lookup?
There was a problem hiding this comment.
look up by cgroup? Cadvisor as it turns out, especially with systemd run rkt pods, that they can be wherever they want to be (i.e. can have their own slice defined....)
tests/rkt_api_service_test.go
Outdated
| defer conn.Close() | ||
|
|
||
| patches := []string{ | ||
| fmt.Sprintf("--exec=/inspect --serve-http=localhost:%d --serve-http-timeout=%d", testServerPort, testServerTimeout), |
There was a problem hiding this comment.
Do you use a http server only for synchronization purpose? To stop the app at the correct time?
If so, using --interactive and child.SendLine() like in TestInteractive might be easier.
There was a problem hiding this comment.
Then, you would not need to listen on port 3727 on the host net namespace (it might be used by someone else).
2c84a59 to
795219b
Compare
tests/rkt_api_service_test.go
Outdated
| } | ||
|
|
||
| if expectedCgroup != p.Cgroup { | ||
| t.Errorf("Exepcted %q, saw %q", expectedCgroup, p.Cgroup) |
|
Semaphore uses Ubuntu 14.04 without systemd and the test TestAPIServiceCroup now fails. You could use sd_util.IsRunningSystemd() in |
rkt/api_service.go
Outdated
| case Running: | ||
| pod.State = v1alpha.PodState_POD_STATE_RUNNING | ||
| pod.Networks = getNetworks(p) | ||
|
|
Why the suffix has |
systemd moves itself in init.scope since version v226 to support cgroup unified hierarchy. rkt does not support cgroup unified hierarchy yet, but systemd now uses init.scope unconditionally.
And NEWS:
That explains why the tests on Semaphore have different error messages depending whether it is build with the src flavor and systemd-v229, or with the coreos flavor and systemd-225. I guess the test will have to be smart enough to accept both. |
@alban Well, in thit case the response from api service should not contain So basically: if systemd version < v226, returns the cgroup of the container's PID1. |
|
But how do we know the version of the systemd inside the pod? |
Add Pod.Cgroup to indicate the cgroup of the pod.
If PodFilter.Cgroups is not empty, then only the pods whose cgroups are listed will be returned.
89a46e8 to
0745eb6
Compare
Test the cgroup should be returned for running pods. Test the cgroup filter should work for running pods.
|
@alban Updated the api service to trim any 'init.scope' suffix, also updated the tests |
| } | ||
| } | ||
|
|
||
| func TestAPIServiceCroup(t *testing.T) { |
|
After fixing the couple of typos, LGTM |
|
Thanks @yifan-gu! I will merge this and file a following PR for the couple of typos. |
Follow up to rkt#2331
Fix #2316
The last commit is the functional test I added. It:
@alban @iaguis @jonboulle @sjpotter