aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2022-01-17 12:57:20 +0100
committerGitHub <noreply@github.com>2022-01-17 12:57:20 +0100
commit8514ebd1827b12bae8b5d53d8f0e36244d1b3c3a (patch)
treed8ccbe18806a8d03ac1d89754d4f009103803c5e /pkg
parent26cf6c82c82cbf45afe5998e4a881b9f52202a01 (diff)
parent607cb80bf77642c02b80bff56aa4c3e396a91fa0 (diff)
downloadpodman-8514ebd1827b12bae8b5d53d8f0e36244d1b3c3a.tar.gz
podman-8514ebd1827b12bae8b5d53d8f0e36244d1b3c3a.tar.bz2
podman-8514ebd1827b12bae8b5d53d8f0e36244d1b3c3a.zip
Merge pull request #12860 from rhatdan/cgroups
Use CONTAINERS_CONF cgroups flag for remote API.
Diffstat (limited to 'pkg')
-rw-r--r--pkg/api/handlers/compat/containers_stats.go2
-rw-r--r--pkg/api/handlers/compat/info.go2
-rw-r--r--pkg/api/handlers/types.go2
-rw-r--r--pkg/domain/entities/engine.go2
-rw-r--r--pkg/domain/entities/pods.go10
-rw-r--r--pkg/domain/infra/abi/containers.go2
-rw-r--r--pkg/specgen/generate/container.go4
-rw-r--r--pkg/specgen/generate/oci.go6
-rw-r--r--pkg/specgen/podspecgen.go2
-rw-r--r--pkg/specgen/specgen.go6
-rw-r--r--pkg/specgenutil/specgen.go18
11 files changed, 35 insertions, 21 deletions
diff --git a/pkg/api/handlers/compat/containers_stats.go b/pkg/api/handlers/compat/containers_stats.go
index a92fe9fe0..ad91a3a8e 100644
--- a/pkg/api/handlers/compat/containers_stats.go
+++ b/pkg/api/handlers/compat/containers_stats.go
@@ -109,7 +109,7 @@ streamLabel: // A label to flatten the scope
return
}
// Cgroup stats
- cgroupPath, err := ctnr.CGroupPath()
+ cgroupPath, err := ctnr.CgroupPath()
if err != nil {
logrus.Errorf("Unable to get cgroup path of container: %v", err)
return
diff --git a/pkg/api/handlers/compat/info.go b/pkg/api/handlers/compat/info.go
index 777009f0a..dac1eb193 100644
--- a/pkg/api/handlers/compat/info.go
+++ b/pkg/api/handlers/compat/info.go
@@ -124,7 +124,7 @@ func GetInfo(w http.ResponseWriter, r *http.Request) {
BuildahVersion: infoData.Host.BuildahVersion,
CPURealtimePeriod: sysInfo.CPURealtimePeriod,
CPURealtimeRuntime: sysInfo.CPURealtimeRuntime,
- CgroupVersion: strings.TrimPrefix(infoData.Host.CGroupsVersion, "v"),
+ CgroupVersion: strings.TrimPrefix(infoData.Host.CgroupsVersion, "v"),
Rootless: rootless.IsRootless(),
SwapFree: infoData.Host.SwapFree,
SwapTotal: infoData.Host.SwapTotal,
diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go
index 3b821d9e7..d3a592bdf 100644
--- a/pkg/api/handlers/types.go
+++ b/pkg/api/handlers/types.go
@@ -148,7 +148,7 @@ type PodTopOKBody struct {
// swagger:model PodCreateConfig
type PodCreateConfig struct {
Name string `json:"name"`
- CGroupParent string `json:"cgroup-parent"`
+ CgroupParent string `json:"cgroup-parent"`
Hostname string `json:"hostname"`
Infra bool `json:"infra"`
InfraCommand string `json:"infra-command"`
diff --git a/pkg/domain/entities/engine.go b/pkg/domain/entities/engine.go
index 055af7ff9..32faa74af 100644
--- a/pkg/domain/entities/engine.go
+++ b/pkg/domain/entities/engine.go
@@ -33,7 +33,7 @@ type PodmanConfig struct {
*config.Config
*pflag.FlagSet
- CGroupUsage string // rootless code determines Usage message
+ CgroupUsage string // rootless code determines Usage message
ConmonPath string // --conmon flag will set Engine.ConmonPath
CPUProfile string // Hidden: Should CPU profile be taken
EngineMode EngineMode // ABI or Tunneling mode
diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index cc9476d79..60d171f86 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -118,7 +118,7 @@ type PodSpec struct {
// The JSON tags below are made to match the respective field in ContainerCreateOptions for the purpose of mapping.
// swagger:model PodCreateOptions
type PodCreateOptions struct {
- CGroupParent string `json:"cgroup_parent,omitempty"`
+ CgroupParent string `json:"cgroup_parent,omitempty"`
CreateCommand []string `json:"create_command,omitempty"`
Devices []string `json:"devices,omitempty"`
DeviceReadBPs []string `json:"device_read_bps,omitempty"`
@@ -159,8 +159,8 @@ type ContainerCreateOptions struct {
CapAdd []string
CapDrop []string
CgroupNS string
- CGroupsMode string
- CGroupParent string `json:"cgroup_parent,omitempty"`
+ CgroupsMode string
+ CgroupParent string `json:"cgroup_parent,omitempty"`
CIDFile string
ConmonPIDFile string `json:"container_conmon_pidfile,omitempty"`
CPUPeriod uint64
@@ -172,7 +172,7 @@ type ContainerCreateOptions struct {
CPUSetCPUs string `json:"cpuset_cpus,omitempty"`
CPUSetMems string
Devices []string `json:"devices,omitempty"`
- DeviceCGroupRule []string
+ DeviceCgroupRule []string
DeviceReadBPs []string `json:"device_read_bps,omitempty"`
DeviceReadIOPs []string
DeviceWriteBPs []string
@@ -345,7 +345,7 @@ func ToPodSpecGen(s specgen.PodSpecGenerator, p *PodCreateOptions) (*specgen.Pod
}
// Cgroup
- s.CgroupParent = p.CGroupParent
+ s.CgroupParent = p.CgroupParent
// Resource config
cpuDat := p.CPULimits()
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index afd25d313..cab4c3c9a 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -989,7 +989,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
report := entities.ContainerRunReport{Id: ctr.ID()}
if logrus.GetLevel() == logrus.DebugLevel {
- cgroupPath, err := ctr.CGroupPath()
+ cgroupPath, err := ctr.CgroupPath()
if err == nil {
logrus.Debugf("container %q has CgroupParent %q", ctr.ID(), cgroupPath)
}
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 2c7b3c091..7b55a0cb3 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -229,6 +229,10 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
}
}
+ if s.CgroupsMode == "" {
+ s.CgroupsMode = rtc.Cgroups()
+ }
+
// If caller did not specify Pids Limits load default
if s.ResourceLimits == nil || s.ResourceLimits.Pids == nil {
if s.CgroupsMode != "disabled" {
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index ee3a990fc..f72ffe80c 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -152,7 +152,7 @@ func canMountSys(isRootless, isNewUserns bool, s *specgen.SpecGenerator) bool {
return true
}
-func getCGroupPermissons(unmask []string) string {
+func getCgroupPermissons(unmask []string) string {
ro := "ro"
rw := "rw"
cgroup := "/sys/fs/cgroup"
@@ -176,7 +176,7 @@ func getCGroupPermissons(unmask []string) string {
// SpecGenToOCI returns the base configuration for the container.
func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *libimage.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string, compatibleOptions *libpod.InfraInherit) (*spec.Spec, error) {
- cgroupPerm := getCGroupPermissons(s.Unmask)
+ cgroupPerm := getCgroupPermissons(s.Unmask)
g, err := generate.New("linux")
if err != nil {
@@ -357,7 +357,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
// set the devices cgroup when not running in a user namespace
if !inUserNS && !s.Privileged {
g.AddLinuxResourcesDevice(false, "", nil, nil, "rwm")
- for _, dev := range s.DeviceCGroupRule {
+ for _, dev := range s.DeviceCgroupRule {
g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
}
}
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go
index b6f2d6bf0..62b4725a7 100644
--- a/pkg/specgen/podspecgen.go
+++ b/pkg/specgen/podspecgen.go
@@ -183,7 +183,7 @@ type PodStorageConfig struct {
// PodCgroupConfig contains configuration options about a pod's cgroups.
// This will be expanded in future updates to pods.
type PodCgroupConfig struct {
- // CgroupParent is the parent for the CGroup that the pod will create.
+ // CgroupParent is the parent for the Cgroup that the pod will create.
// This pod cgroup will, in turn, be the default cgroup parent for all
// containers in the pod.
// Optional.
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 82721ba92..750fc875d 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -264,9 +264,9 @@ type ContainerStorageConfig struct {
// Devices are devices that will be added to the container.
// Optional.
Devices []spec.LinuxDevice `json:"devices,omitempty"`
- // DeviceCGroupRule are device cgroup rules that allow containers
+ // DeviceCgroupRule are device cgroup rules that allow containers
// to use additional types of devices.
- DeviceCGroupRule []spec.LinuxDeviceCgroup `json:"device_cgroup_rule,omitempty"`
+ DeviceCgroupRule []spec.LinuxDeviceCgroup `json:"device_cgroup_rule,omitempty"`
// DevicesFrom is a way to ensure your container inherits device specific information from another container
DevicesFrom []string `json:"devices_from,omitempty"`
// HostDeviceList is used to recreate the mounted device on inherited containers
@@ -390,7 +390,7 @@ type ContainerCgroupConfig struct {
// CgroupsMode sets a policy for how cgroups will be created in the
// container, including the ability to disable creation entirely.
CgroupsMode string `json:"cgroups_mode,omitempty"`
- // CgroupParent is the container's CGroup parent.
+ // CgroupParent is the container's Cgroup parent.
// If not set, the default for the current cgroup driver will be used.
// Optional.
CgroupParent string `json:"cgroup_parent,omitempty"`
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index 8e43cc50e..59ac19c2c 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -8,6 +8,7 @@ import (
"strings"
"time"
+ "github.com/containers/common/pkg/config"
"github.com/containers/image/v5/manifest"
"github.com/containers/podman/v3/cmd/podman/parse"
"github.com/containers/podman/v3/libpod/define"
@@ -488,8 +489,17 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
if ld := c.LogDriver; len(ld) > 0 {
s.LogConfiguration.Driver = ld
}
- s.CgroupParent = c.CGroupParent
- s.CgroupsMode = c.CGroupsMode
+ s.CgroupParent = c.CgroupParent
+ s.CgroupsMode = c.CgroupsMode
+ if s.CgroupsMode == "" {
+ rtc, err := config.Default()
+ if err != nil {
+ return err
+ }
+
+ s.CgroupsMode = rtc.Cgroups()
+ }
+
s.Groups = c.GroupAdd
s.Hostname = c.Hostname
@@ -587,12 +597,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
s.Devices = append(s.Devices, specs.LinuxDevice{Path: dev})
}
- for _, rule := range c.DeviceCGroupRule {
+ for _, rule := range c.DeviceCgroupRule {
dev, err := parseLinuxResourcesDeviceAccess(rule)
if err != nil {
return err
}
- s.DeviceCGroupRule = append(s.DeviceCGroupRule, dev)
+ s.DeviceCgroupRule = append(s.DeviceCgroupRule, dev)
}
s.Init = c.Init