Commit Graph

40 Commits

Author SHA1 Message Date
Stefan Weil 22270fb845 Replace 'an user' => 'a user'
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2021-10-24 22:27:39 +02:00
Giuseppe Scrivano 9042520cfd
cgroups: use cgroup.controllers to read controllers
use the cgroup.controllers file instead of cgroup.subtree_control to
read the list of controllers available in the current cgroup.

Closes: https://github.com/containers/podman/issues/11931

[NO TESTS NEEDED] we have disabled this test in the CI because it is
difficult to know what controllers are going to be enabled for
rootless under all conditions we test.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-10-12 12:24:20 +02:00
Aditya Rajan bd64039278 cgroup-info: check if user.slice is valid before accessing value
Prevent hitting `panic: runtime error: index out of range [1] with length 1`
while performing `podman info` when unexpected values for user.slice is found.

[NO TESTS NEEDED]

Signed-off-by: Aditya Rajan <arajan@redhat.com>
2021-09-07 00:59:21 +05:30
Daniel J Walsh 8469417040
Globally replace http:// with https://
[NO TESTS NEEDED] Hopefully existing tests will find issues.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-08-27 06:14:46 -04:00
zhangguanzhang fc9868e224 Fix panic condition in cgroups.getAvailableControllers
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
2021-06-15 09:22:37 +08:00
flouthoc 2f5552c32d Podman info add support for status of cgroup controllers
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
2021-05-24 16:55:23 +05:30
Giuseppe Scrivano ce747466a9
cgroups: force 64 bits to ParseUint
[NO TESTS NEEDED]

force bitsSize==64 so that the string is always parsed to a uint64
instead of using the native int size, that could be not big enough on
32 bits arches.

Closes: https://github.com/containers/podman/issues/9979

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-04-09 10:09:54 +02:00
OpenShift Merge Robot c69decc305
Merge pull request #9464 from giuseppe/fix-cgroupv1-stats
cgroup: change cgroup deletion logic on v1
2021-02-22 15:48:44 -05:00
Giuseppe Scrivano e87c5b6c16
cgroup: change cgroup deletion logic on v1
do not raise an error if the cgroup exists at least on one
controller.

Previously it expected the cgroup to exists under all the
controllers.

[NO TESTS NEEDED]

Closes: https://github.com/containers/podman/issues/9252

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-02-22 16:10:15 +01:00
Valentin Rothberg 5dded6fae7 bump go module to v3
We missed bumping the go module, so let's do it now :)

* Automated go code with github.com/sirkon/go-imports-rename
* Manually via `vgrep podman/v2` the rest

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-02-22 09:03:51 +01:00
Paul Holzinger 78c8a87362 Enable whitespace linter
Use the whitespace linter and fix the reported problems.

[NO TESTS NEEDED]

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2021-02-11 23:01:56 +01:00
Daniel J Walsh 89bb8a9b36
Don't fail if one of the cgroups is not setup
It is fairly common for certain cgroups controllers to
not be enabled on a system.  We should Warn when this happens
versus failing, when doing podman stats command.  This way users
can get information from the other controllers.

Fixes: https://github.com/containers/podman/issues/8588

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-27 15:16:24 -05:00
Josh Soref 4fa1fce930 Spelling
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-22 13:34:31 -05:00
Kir Kolyshkin d4aa89bb40 pkg/cgroups/createCgroupv2Path: nits
1. Check the path validity before trying to read the cgroup.controllers.

2. Do not hardcode "/sys/fs/cgroup".

3. Simplify creating the "+this +that" string.

4. Do not wrap ioutil.WriteFile error.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-10-05 15:57:57 -07:00
Kir Kolyshkin 4878dff3e2 Remove excessive error wrapping
In case os.Open[File], os.Mkdir[All], ioutil.ReadFile and the like
fails, the error message already contains the file name and the
operation that fails, so there is no need to wrap the error with
something like "open %s failed".

While at it

 - replace a few places with os.Open, ioutil.ReadAll with
   ioutil.ReadFile.

 - replace errors.Wrapf with errors.Wrap for cases where there
   are no %-style arguments.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-10-05 15:30:37 -07:00
Daniel J Walsh a5e37ad280
Switch all references to github.com/containers/libpod -> podman
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-07-28 08:23:45 -04:00
Valentin Rothberg 8489dc4345 move go module to v2
With the advent of Podman 2.0.0 we crossed the magical barrier of go
modules.  While we were able to continue importing all packages inside
of the project, the project could not be vendored anymore from the
outside.

Move the go module to new major version and change all imports to
`github.com/containers/libpod/v2`.  The renaming of the imports
was done via `gomove` [1].

[1] https://github.com/KSubedi/gomove

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2020-07-06 15:50:12 +02:00
Daniel J Walsh 200cfa41a4
Turn on More linters
- misspell
    - prealloc
    - unparam
    - nakedret

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-06-15 07:05:56 -04:00
Peter Hunt f4b59c74a7 cgroup: skip unified if we are using v1
There exists a chance for a node to be booted in v1, but have reminents of v2. An example is this CRI-O ci run: https://deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gcs/origin-federated-results/pr-logs/pull/cri-o_cri-o/3565/test_pull_request_crio_critest_fedora/11243/

We fail because we are incorrectly writing to the unified path, because we are v1. We should not write to the unified path if we are v1

Signed-off-by: Peter Hunt <pehunt@redhat.com>
2020-05-12 15:36:33 -04:00
Sascha Grunert a8192cd760
Fix invalid container path comparison for pid cgroup
This fixes the behavior to return nil for the PIDs cgroup if the
container path is empty.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-04-14 11:02:42 +02:00
Sascha Grunert 7864afd6b2
Do not error on pids.current stats if ctr.path is empty
If the ctr.path is empty, then we do not try to access
`/sys/fs/cgroup/pids/pids.current` any more because this path will be
wrong in any case. We now return and do not set the PIDs stats.

Refers to https://github.com/cri-o/cri-o/issues/3522

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-04-07 09:03:30 +02:00
Valentin Rothberg 450361fc64 update systemd & dbus dependencies
Update the outdated systemd and dbus dependencies which are now provided
as go modules.  This will further tighten our dependencies and releases
and pave the way for the upcoming auto-update feature.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2020-03-10 18:34:55 +01:00
Giuseppe Scrivano 510fa4ebc8
stats: add SystemUsage
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2020-02-12 11:58:29 +01:00
Sascha Grunert 2511b50800
Use cgroupv2 super magic from golang.org/x/sys/unix
We can use this constant from the already existing sys/unix package
instead of defining it by our own.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-01-21 16:08:29 +01:00
Valentin Rothberg 67165b7675 make lint: enable gocritic
`gocritic` is a powerful linter that helps in preventing certain kinds
of errors as well as enforcing a coding style.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2020-01-13 14:27:02 +01:00
Giuseppe Scrivano 2c9e907912
cgroups: read correctly the CPU stats
the two values were incorrectly switched.

Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
2019-11-01 20:51:24 +01:00
Giuseppe Scrivano afd0818326
rootless: automatically create a systemd scope
when running in rootless mode and using systemd as cgroup manager
create automatically a systemd scope when the user doesn't own the
current cgroup.

This solves a couple of issues:

on cgroup v2 it is necessary that a process before it can moved to a
different cgroup tree must be in a directory owned by the unprivileged
user.  This is not always true, e.g. when creating a session with su
-l.

Closes: https://github.com/containers/libpod/issues/3937

Also, for running systemd in a container it was before necessary to
specify "systemd-run --scope --user podman ...", now this is done
automatically as part of this PR.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-09-12 08:35:26 +02:00
Daniel J Walsh 539b7b6058
Fix error message on podman stats on cgroups v1 rootless environments
podman stats does not work in rootless environments with cgroups V1.
Fix error message and document this fact.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-08-19 07:41:50 -04:00
Giuseppe Scrivano 9873901469
pkg/cgroups: use DBUS session when rootless
use the DBUS user session when running in rootless mode.

Closes: https://github.com/containers/libpod/issues/3801

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-08-14 15:46:07 +02:00
baude db826d5d75 golangci-lint round #3
this is the third round of preparing to use the golangci-lint on our
code base.

Signed-off-by: baude <bbaude@redhat.com>
2019-07-21 14:22:39 -05:00
OpenShift Merge Robot c59d08bc77
Merge pull request #3564 from giuseppe/cgroupsv2-no-controllers-last-path
cgroupsv2: do not enable controllers for the last component
2019-07-13 00:21:18 +02:00
Giuseppe Scrivano 6c8ceaf21e
cgroupsv2: do not enable controllers for the last component
do not automatically enable the controllers for the last path
component.  It is necessary as once there are enabled controllers in a
cgroup, it won't possible to add processes to it.

Fix conmon being moved to the correct cgroup path when using
--cgroup-manager cgroupfs.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-07-12 12:11:06 +02:00
Giuseppe Scrivano 7b75796a60
cgroups: fix a leak when using cgroupfs
be sure to load all the existing handlers, so that they can also be
freed in addition to the handlers we treat differently.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-07-11 18:07:49 +02:00
Giuseppe Scrivano 1601100b3e
cgroups: attempt a recursive rmdir
if the cgroup cannot be deleted, then attempt to delete all its
subdirectories and try again.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-07-11 18:07:48 +02:00
Giuseppe Scrivano b0c2bb9962
cgroups: skip not existing cpuacct files
if the cpuacct file doesn't exist, ignore it instead of erroring out.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1728242

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-07-10 10:54:36 +02:00
Giuseppe Scrivano bbe03e61a3
cgroups: support creating cgroupsv2 paths
drop the limitation of not supporting creating new cgroups v2 paths.
Every controller enabled /sys/fs/cgroup will be propagated down to the
created path.  This won't work for rootless cgroupsv2, but it is not
an issue for now, as this code is used only by CRI-O.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-07-10 10:54:35 +02:00
Giuseppe Scrivano 7423426f73
cgroups: fix times conversion
convert the time we read in microseconds to nanoseconds.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-07-02 12:59:26 +02:00
Giuseppe Scrivano 1778bfa5fe
pkg, cgroups: add initial support for cgroup v2
This is an initial implementation of cgroup v2 support for
pkg/cgroups.  It currently works with crun, with this patch:
https://github.com/giuseppe/crun/pull/49).

It adds the pieces for:

- set PID limit to 1
- retrieve stats so that "podman stats" work.

the only missing part is the support for reading per
CPU stats (that is cpuacct.usage_percpu on cgroup v1), so for now it
always returns an empty result.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-06-26 13:17:05 +02:00
Giuseppe Scrivano 72cf0c81e8
libpod: use pkg/cgroups instead of containerd/cgroups
use the new implementation for dealing with cgroups.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-06-26 13:17:02 +02:00
Giuseppe Scrivano fa18693813
pkg: new package cgroups
provide a package for managing cgroups.  This is not supposed to be a
complete implementation with all the features supported by cgroups,
but it is a minimal implementation designed around what libpod needs
and it is currently using.

For example, it is currently possible to Apply only the pids limit,
as it is used by libpod for stopping containers, any other Apply will
just fail.

The main goal here is to have a minimal library where we have full
control, so we can start playing with cgroup v2.

When the need arises, we can add more features.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-06-26 13:17:01 +02:00