Skip to content

Commit

Permalink
Cgroups v2 support
Browse files Browse the repository at this point in the history
- Bumped runc to 1.2.3
- In new runc default list of devices was changed (/dev/net/tun is
  removed) - opencontainers/runc#3468
- Switched to containerd config v2. v1 is deprecated.
- There are no subsystems in cgroup v2. If Tag is provided cgroup2 is
  mounted to /tmp/cgroup-N/unified (for N parallel tests). If Tag is not
  provided garden cgroup is in format /sys/fs/cgroup/garden.
- CPU shares are now replaced with CPU weight.
- In cgroups v2 kernel throws an error when large number is provided for
  CPU weight. In cgroup v1 kernel accepts the number for CPU shares and
  saves as MAX_SHARES. This behavior is replicated in the
  SharesBalancer.
- CPUCgrouper is manually enabling cgroup controllers since bad cgroup
  folder is manually created.
- CPU usage is read from cpu.stat file for cgroup v2.
- In cgroup v2 only leaf cgroups can have processes. Cgroup for
  containerd garden-init is moved from /sys/fs/cgroup/garden/handle to
  /sys/fs/cgroup/garden/handle/init since /sys/fs/cgroup/garden/handle
  will contain pea cgroups and can not be leaf. Cgroup resources are
  manually set on /sys/fs/cgroup/garden/handle and this folder is
  manually cleaned up.
- Switched to updated cloudfoundry docker images from unsupported
  cfgarden docker images.
  • Loading branch information
mariash committed Jan 9, 2025
1 parent 44c698f commit 1c18161
Show file tree
Hide file tree
Showing 314 changed files with 16,269 additions and 10,494 deletions.
36 changes: 18 additions & 18 deletions cmd/dadoo/dadoo_linux_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ var _ = Describe("Dadoo", func() {
Describe("running dadoo", func() {
var (
processDir string
runcCmd *exec.Cmd
runcLogFile *os.File
runcLogFilePath string
stdinPipe, stdoutPipe, stderrPipe, exitPipe string
Expand Down Expand Up @@ -559,17 +560,30 @@ var _ = Describe("Dadoo", func() {
})
})

}

Describe("exec", func() {
BeforeEach(func() {
mode = "exec"

runcCmd = exec.Command("runc", "create", "--no-new-keyring", "--bundle", bundlePath, filepath.Base(bundlePath))
})

JustBeforeEach(func() {
// hangs if GinkgoWriter is attached
Expect(runcCmd.Run()).To(Succeed())
})

itRunsRunc()

Context("when the -runc-root flag is passed", func() {
BeforeEach(func() {
var err error
runcRoot, err = os.MkdirTemp("", "")
Expect(err).NotTo(HaveOccurred())
})

JustBeforeEach(func() {
// hangs if GinkgoWriter is attached
cmd := exec.Command("runc", "--root", runcRoot, "create", "--no-new-keyring", "--bundle", bundlePath, filepath.Base(bundlePath))
Expect(cmd.Run()).To(Succeed())
runcCmd = exec.Command("runc", "--root", runcRoot, "create", "--no-new-keyring", "--bundle", bundlePath, filepath.Base(bundlePath))
})

AfterEach(func() {
Expand Down Expand Up @@ -601,20 +615,6 @@ var _ = Describe("Dadoo", func() {
Eventually(sess).Should(gexec.Exit(0))
})
})
}

Describe("exec", func() {
BeforeEach(func() {
mode = "exec"
})

JustBeforeEach(func() {
// hangs if GinkgoWriter is attached
cmd := exec.Command("runc", "create", "--no-new-keyring", "--bundle", bundlePath, filepath.Base(bundlePath))
Expect(cmd.Run()).To(Succeed())
})

itRunsRunc()
})

Describe("run", func() {
Expand Down
8 changes: 7 additions & 1 deletion cmd/dadoo/dadoo_suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,11 @@ import (
"syscall"
"testing"

gardencgroups "code.cloudfoundry.org/guardian/rundmc/cgroups"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
"github.com/onsi/gomega/gexec"
"github.com/opencontainers/runc/libcontainer/cgroups"
)

var (
Expand Down Expand Up @@ -76,7 +78,11 @@ func TestDadoo(t *testing.T) {
}
}

Expect(syscall.Unmount(cgroupsRoot, 0)).To(Succeed())
if cgroups.IsCgroup2UnifiedMode() {
Expect(syscall.Unmount(filepath.Join(cgroupsRoot, gardencgroups.Unified), 0)).To(Succeed())
} else {
Expect(syscall.Unmount(cgroupsRoot, 0)).To(Succeed())
}
Expect(os.Remove(cgroupsRoot)).To(Succeed())
})

Expand Down
2 changes: 1 addition & 1 deletion cmd/dadoo/main_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,7 @@ func setupTTYSocket(stdin io.Reader, stdout io.Writer, winszFifo io.Reader, pidF
defer socket.Close()

// Get the master file descriptor from runC.
master, err := cmsg.RecvFd(socket)
master, err := cmsg.RecvFile(socket)
if err != nil {
return
}
Expand Down
13 changes: 6 additions & 7 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ replace (
// TODO: when bumping to containerd 2.0, remove these pins
github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.11.7
github.com/containerd/go-runc => github.com/containerd/go-runc v1.0.0
github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.14
)

require (
Expand All @@ -25,6 +24,7 @@ require (
github.com/BurntSushi/toml v1.4.0
github.com/cloudfoundry/dropsonde v1.1.0
github.com/cloudfoundry/gosigar v1.3.83
github.com/containerd/cgroups/v3 v3.0.3
github.com/containerd/containerd v1.7.24
github.com/containerd/containerd/api v1.8.0
github.com/containerd/errdefs v1.0.0
Expand All @@ -36,6 +36,7 @@ require (
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0
github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1
github.com/mitchellh/copystructure v1.2.0
github.com/moby/sys/user v0.3.0
github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
github.com/onsi/ginkgo/v2 v2.22.2
github.com/onsi/gomega v1.36.2
Expand Down Expand Up @@ -65,13 +66,12 @@ require (
github.com/bmizerany/pat v0.0.0-20210406213842-e4b6760bdd6f // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/checkpoint-restore/go-criu/v5 v5.3.0 // indirect
github.com/cilium/ebpf v0.11.0 // indirect
github.com/checkpoint-restore/go-criu/v6 v6.3.0 // indirect
github.com/cilium/ebpf v0.16.0 // indirect
github.com/cloudfoundry/sonde-go v0.0.0-20250107093625-3b887caf8df2 // indirect
github.com/containerd/aufs v1.0.0 // indirect
github.com/containerd/btrfs/v2 v2.0.0 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
github.com/containerd/cgroups/v3 v3.0.3 // indirect
github.com/containerd/console v1.0.4 // indirect
github.com/containerd/continuity v0.4.5 // indirect
github.com/containerd/fifo v1.1.0 // indirect
Expand Down Expand Up @@ -128,7 +128,6 @@ require (
github.com/moby/sys/sequential v0.6.0 // indirect
github.com/moby/sys/signal v0.7.1 // indirect
github.com/moby/sys/symlink v0.2.0 // indirect
github.com/moby/sys/user v0.3.0 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
Expand All @@ -142,13 +141,13 @@ require (
github.com/prometheus/common v0.48.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 // indirect
github.com/seccomp/libseccomp-golang v0.10.0 // indirect
github.com/smallstep/pkcs7 v0.1.1 // indirect
github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
github.com/tchap/go-patricia/v2 v2.3.1 // indirect
github.com/tedsuo/rata v1.0.0 // indirect
github.com/urfave/cli v1.22.15 // indirect
github.com/urfave/cli v1.22.16 // indirect
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
go.etcd.io/bbolt v1.3.10 // indirect
go.opencensus.io v0.24.0 // indirect
Expand Down
Loading

0 comments on commit 1c18161

Please sign in to comment.