Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Feb 24, 2020. It is now read-only.

api_service: Return cgroup for running pods, add a new filter field to filter pods according to cgroup#2331

Merged
alban merged 4 commits intorkt:masterfrom
yifan-gu:cgroup_path
Mar 31, 2016
Merged

api_service: Return cgroup for running pods, add a new filter field to filter pods according to cgroup#2331
alban merged 4 commits intorkt:masterfrom
yifan-gu:cgroup_path

Conversation

@yifan-gu
Copy link
Contributor

@yifan-gu yifan-gu commented Mar 26, 2016

Fix #2316

The last commit is the functional test I added. It:

  • Run an http server pod on host network.
  • Check the pod's cgroup
  • Filter with the pod's cgroup
  • Terminate the pod
  • Check the pod's cgroup should be empty.

@alban @iaguis @jonboulle @sjpotter

@yifan-gu yifan-gu added this to the v1.3.0 milestone Mar 26, 2016
yifan-gu
yifan-gu reviewed Mar 26, 2016
View reviewed changes
rkt/pods.go Outdated
// Read the systemd cgroup.
// TODO(yifan): What if rkt runs on non-systemd system?
// Read the cgroup of 'ID == 1'?
if tuples[1] == "name=systemd" {
Copy link
Contributor Author

@yifan-gu yifan-gu Mar 26, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alban @iaguis Is this good enough? Or do we have better ideas here?

Copy link
Member

@alban alban Mar 29, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using "name=systemd" is ok: we already do this in https://github.com/coreos/rkt/blob/master/stage1/init/init.go#L729

If "name=systemd" does not exist, it should not be fatal: in stage1() we just print a warning. So it works when systemd is not on the host.

I would move getCgroup in cgroup.go, rename it to GetCgroupPathByPid and it can probably share some code with GetOwnCgroupPath().

Then in getBasicPod(), you would just call cgroup.GetCgroupPathByPid(pid, "name=systemd")

Copy link
Member

@alban alban Mar 29, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will need to be reworked with unified hierarchy: #1757, but we will see at that time

Copy link
Member

@iaguis iaguis Mar 29, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with @alban 👍

jonboulle
jonboulle reviewed Mar 26, 2016
View reviewed changes
api/v1alpha/api.proto
// If not empty, the pods that have all of the annotations will be returned.
repeated KeyValue annotations = 6;

// If not empty, the pods whose cgroup are listed will be returned.
Copy link
Contributor

@jonboulle jonboulle Mar 26, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a use case for this reverse lookup?

Copy link
Contributor

@sjpotter sjpotter Mar 27, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

look up by cgroup? Cadvisor as it turns out, especially with systemd run rkt pods, that they can be wherever they want to be (i.e. can have their own slice defined....)

alban
alban reviewed Mar 29, 2016
View reviewed changes
tests/rkt_api_service_test.go Outdated
defer conn.Close()

patches := []string{
fmt.Sprintf("--exec=/inspect --serve-http=localhost:%d --serve-http-timeout=%d", testServerPort, testServerTimeout),
Copy link
Member

@alban alban Mar 29, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you use a http server only for synchronization purpose? To stop the app at the correct time?

If so, using --interactive and child.SendLine() like in TestInteractive might be easier.

Copy link
Member

@alban alban Mar 29, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then, you would not need to listen on port 3727 on the host net namespace (it might be used by someone else).

Copy link
Contributor Author

@yifan-gu yifan-gu Mar 29, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cool. will do

@jonboulle jonboulle removed their assignment Mar 29, 2016
@yifan-gu yifan-gu force-pushed the cgroup_path branch 3 times, most recently from 2c84a59 to 795219b Compare March 29, 2016 19:28
alban
alban reviewed Mar 30, 2016
View reviewed changes
tests/rkt_api_service_test.go Outdated
}

if expectedCgroup != p.Cgroup {
t.Errorf("Exepcted %q, saw %q", expectedCgroup, p.Cgroup)
Copy link
Member

@alban alban Mar 30, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/Exepcted/Expected/

@alban
Copy link
Member

alban commented Mar 30, 2016

Semaphore uses Ubuntu 14.04 without systemd and the test TestAPIServiceCroup now fails.

    rkt_api_service_test.go:165: Exepcted
"/machine.slice/machine-rkt\\x2dc01ee887\\x2d538d\\x2d4af3\\x2d8130\\x2d78ae5582f7e5.scope", saw
"/user/1003.user/8.session/machine-rkt\\x2dc01ee887\\x2d538d\\x2d4af3\\x2d8130\\x2d78ae5582f7e5.scope/init.scope"

You could use sd_util.IsRunningSystemd() in checkPod() to detect if systemd is running, and possible use a less strict test with HasSuffix in that case.

alban
alban reviewed Mar 30, 2016
View reviewed changes
rkt/api_service.go Outdated
case Running:
pod.State = v1alpha.PodState_POD_STATE_RUNNING
pod.Networks = getNetworks(p)

Copy link
Member

@alban alban Mar 30, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no need for a new line

@yifan-gu
Copy link
Contributor Author

yifan-gu commented Mar 30, 2016

Semaphore uses Ubuntu 14.04 without systemd and the test TestAPIServiceCroup now fails.

Why the suffix has init.scope ? @alban

@alban
Copy link
Member

alban commented Mar 30, 2016

Why the suffix has init.scope ? @alban

systemd moves itself in init.scope since version v226 to support cgroup unified hierarchy. rkt does not support cgroup unified hierarchy yet, but systemd now uses init.scope unconditionally.

See systemd/systemd@efdb023:

This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup

And NEWS:

A new special scope unit "init.scope" has been introduced
that encapsulates PID 1 of the system. It may be used to
determine resource usage and enforce resource limits on PID
1 itself. PID 1 hence moved out of the root of the control
group tree.

That explains why the tests on Semaphore have different error messages depending whether it is build with the src flavor and systemd-v229, or with the coreos flavor and systemd-225.

I guess the test will have to be smart enough to accept both.

@yifan-gu
Copy link
Contributor Author

yifan-gu commented Mar 31, 2016

I guess the test will have to be smart enough to accept both.

@alban Well, in thit case the response from api service should not contain init.scope because it is expected to return the root cgroup of the pod, right?

So basically:

if systemd version < v226, returns the cgroup of the container's PID1.
if systemd version >= v226, returns the parent cgroup of the container's PID1.

@yifan-gu
Copy link
Contributor Author

yifan-gu commented Mar 31, 2016

But how do we know the version of the systemd inside the pod?

Yifan Gu and others added 2 commits March 31, 2016 01:14
@yifan-gu
api_service: Return cgroup in ListPods()/InspectPod().
fae673f 
Add Pod.Cgroup to indicate the cgroup of the pod.
@yifan-gu
api_service: Add cgroups in the pod filter.
b3a0850 
If PodFilter.Cgroups is not empty, then only the pods whose cgroups
are listed will be returned.
@yifan-gu yifan-gu force-pushed the cgroup_path branch 2 times, most recently from 89a46e8 to 0745eb6 Compare March 31, 2016 08:15
@yifan-gu
tests: Add tests for api service to test the cgroup.
fa65282 
Test the cgroup should be returned for running pods.
Test the cgroup filter should work for running pods.
@yifan-gu
Copy link
Contributor Author

yifan-gu commented Mar 31, 2016

@alban Updated the api service to trim any 'init.scope' suffix, also updated the tests

iaguis
iaguis reviewed Mar 31, 2016
View reviewed changes
tests/rkt_api_service_test.go
}
}

func TestAPIServiceCroup(t *testing.T) {
Copy link
Member

@iaguis iaguis Mar 31, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/Croup/Cgroup/

@alban
Copy link
Member

alban commented Mar 31, 2016

After fixing the couple of typos, LGTM

@alban
Copy link
Member

alban commented Mar 31, 2016

Thanks @yifan-gu! I will merge this and file a following PR for the couple of typos.

@alban alban merged commit 9322146 into rkt:master Mar 31, 2016
alban added a commit to kinvolk/rkt that referenced this pull request Mar 31, 2016
@alban
api_service: fix typos
0976e9e 
Follow up to rkt#2331
This was referenced Mar 31, 2016
Merged
Closed
@yifan-gu yifan-gu deleted the cgroup_path branch March 31, 2016 17:07
@alban alban mentioned this pull request Apr 5, 2016
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

area/api component/api server needs/review priority/P1

Projects

None yet

Milestone

v1.3.0

Development

Successfully merging this pull request may close these issues.

5 participants

@yifan-gu @alban @iaguis @sjpotter @jonboulle