Skip to content

cgroup: add support for more systemd properties #1574

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Oct 17, 2024
Merged

cgroup: add support for more systemd properties #1574

merged 12 commits into from
Oct 17, 2024

Conversation

giuseppe
Copy link
Member

@giuseppe giuseppe commented Oct 11, 2024
edited
Loading

Closes: #1576

@giuseppe
cgroup: special handle value "max"
af034b9 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
cgroup: rename function
b29ccd7 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
kolyshkin
kolyshkin approved these changes Oct 11, 2024
View reviewed changes
Copy link
Collaborator

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

PS you can see which props runc translates in https://github.com/opencontainers/runc/blob/main/docs/systemd.md#cgroup-v2

@giuseppe
Copy link
Member Author

Thanks for the review and the hint!

I've done some fixes to handle MemoryLow (so now memory->reservation is honored) and added a patch to handle cpu.idle.

@giuseppe
cgroup: use macro to refactor common pattern
8d90eb3 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
cgroup: specify MemoryLow|MemoryHigh|MemoryMin to systemd
1a04566 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
cgroup: specify MemorySwapMax to systemd
f6d8373 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
cgroup: specify TasksMax to systemd
335d8cf 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
Copy link
Member Author

giuseppe commented Oct 14, 2024
edited
Loading

I've added basic support for devices management as well (barely tested though!). Pushed to trigger the CI

@giuseppe giuseppe force-pushed the more-systemd-props branch 4 times, most recently from 20a568b to 5e5527e Compare October 14, 2024 13:28
@kolyshkin
Copy link
Collaborator

One thing runc does is it checks systemd version to make sure we only set properties that this version of systemd can understand. For example, MemoryZSwapMax is only available since systemd v253 and it should not be set if we're running an older version.

This gets more complicated for distros which backports some systemd stuff, and I haven't found an easy solution to that. Theoretically, we can list all properties of whatever uint and see if the one we're about to set is among them, but as far as I remember I played with it only to realize this is costly (even when done once per container start).

@giuseppe
Copy link
Member Author

One thing runc does is it checks systemd version to make sure we only set properties that this version of systemd can understand. For example, MemoryZSwapMax is only available since systemd v253 and it should not be set if we're running an older version.

This gets more complicated for distros which backports some systemd stuff, and I haven't found an easy solution to that. Theoretically, we can list all properties of whatever uint and see if the one we're about to set is among them, but as far as I remember I played with it only to realize this is costly (even when done once per container start).

I've added a mechanism to detect unsupported properties and cache the result.

@packit-as-a-service Packit-as-a-Service
Copy link

Ephemeral COPR build failed. @containers/packit-build please check.

@giuseppe
cgroup: move standard devs definition in a common place
667442e 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
cgroup: specify devices rules to systemd
01fa499 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
cgroup, systemd: honor memory.zswap.max
80d9677 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
linux: pass down state_root to the cgroup handler
5f64da6 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
cgroup, systemd: honor cpu.idle
500cf80 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe giuseppe force-pushed the more-systemd-props branch 2 times, most recently from 9464296 to 400a63c Compare October 16, 2024 14:15
@giuseppe
cgroup systemd: ignore unsupported properties
d55194b 
introduce a mechanism to detect and register the properties systemd doesn't
support so that we don't attempt to set them next time.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@sohankunkerkar
Copy link
Member

LGTM from the CRI-O side (k8s e2e tests looks green).

@giuseppe
Copy link
Member Author

@rhatdan @flouthoc PTAL

flouthoc
flouthoc approved these changes Oct 17, 2024
View reviewed changes
Copy link
Collaborator

@flouthoc flouthoc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@flouthoc flouthoc merged commit e9c9294 into containers:main Oct 17, 2024
57 checks passed
@giuseppe giuseppe mentioned this pull request Oct 17, 2024
Merged
@hswong3i hswong3i mentioned this pull request Oct 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kolyshkin kolyshkin kolyshkin approved these changes

@flouthoc flouthoc flouthoc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

use systemd d-bus interface to set limits

4 participants

@giuseppe @kolyshkin @sohankunkerkar @flouthoc