If /sys/kernel/mm/transparent_hugepage/enabled=always, the shim process
will use huge pages, which will consume a lot of memory.
Just like this:
ps -efo pid,rss,comm | grep shim
PID RSS COMMAND
2614 7464 containerd-shim
I don't think shim needs to use huge pages, and if we turn off the huge
pages option, we can save a lot of memory resources.
After we set THP_DISABLE=true:
ps -efo pid,comm,rss
PID COMMAND RSS
1629841 containerd-shim 5648
containerd
|
|--shim1 --start
|
|--shim2 (this shim will on host)
|
|--runc create (when containerd send create request by ttrpc)
|
|--runc init (this is the pid 1 in container)
we should set thp_disabled=1 in shim1 --start, because if we set this
in shim 2, the huge page has been setted while func main() running,
we set thp_disabled cannot change the setted huge pages.
So We need to set thp_disabled=1 in shim1 so that shim2 inherits the
settings of the parent process shim1, and shim2 has closed the
hugepage when it starts.
For runc processes, we need to set thp_disabled='before' in shim2 after
fork() and before execve(). So we use cmd.pre_exec to do this.
The "read" side of container stdout/stderr fifo has been opened
by containerd and on the other hand "write" side is opened by
container process, which is a little different with golang shim.
If containerd shutdown and closed the read fd, container process
will receive EPIPE when writing to stdout/stderr and then be
killed by SIGPIPE signal. In this commit, the "read" side is
opened again by shim so that at least there is one opened "read"
side all the time.
Signed-off-by: Tianyang Zhang <burning9699@gmail.com>
Because the second invocation of the shim doesn't have the containerd pipe passed to it, a shim that wants to communicate over the pipe needs to parse the arguments its own. This makes it so the library pass all the arguments, which has already parsed the arguments allowing shims to use the containerd address.
Signed-off-by: James Sturtevant <jstur@microsoft.com>
use File::from_raw_fd() to create the tty io file, when the io copy
thread ends, it will drop the file object which will close the fd, but
as we made three file objects from the same fd, it will be closed
three times, if other opened files occupied this fd number, the
second or third drop of the file object may close the fds of other files.
Signed-off-by: Zhang Tianyang <burning9699@gmail.com>
The stdin fifo fd should be closed when containerd
calls close io, otherwise, runc-shim would hold
this fd and the copy console thread forever.
Signed-off-by: Zhang Tianyang <burning9699@gmail.com>
A pid file under bundle path will be created after
the exec process created, so it should also be deleted
before process deleted.
Signed-off-by: Zhang Tianyang <burning9699@gmail.com>
If an error is encountered when running the OCI command, shim process
should walk the OCI command logfile and retrieve the last error.
Signed-off-by: Zhang Tianyang <burning9699@gmail.com>
the dependent path-dedot crate updated to rust edition 2021, we have to
upgrade out toolchain version to compile
Signed-off-by: Feng Shaobao <fshb1988@gmail.com>
zhang yu 10307750
James Sturtevant
Maksym Pavlenko
Bryant Biggs
jiaxiao zhou
Tianyang Zhang
dependabot[bot]
utam0k
yuqitao
Feng Shaobao