Skip to content

runc update: skip devices #2994

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kolyshkin merged 1 commit into from
Jun 4, 2021
Merged

runc update: skip devices #2994

kolyshkin merged 1 commit into from
Jun 4, 2021

Conversation

@kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Jun 3, 2021
edited
Loading

Since runc update CLI is not able to modify devices (and it is not clear
how to implement that properly), let's set SkipDevices=true,
so that a cgroup controller won't try to update devices cgroup.

This helps use cases when some other device management (NVIDIA GPUs)
applies its configuration on top of what runc does.

Make sure we do not save SkipDevices into state.json.

This is an alternative to #2988.

Proposed changelog entry

  • runc update no longer updates cgroup devices configuration.

@kolyshkin
runc update: skip devices
bf7492e 
The runc update CLI is not able to modify devices, so let's set SkipDevices
(so that a cgroup controller won't try to update devices cgroup).

This helps use cases when some other device management (NVIDIA GPUs)
applies its configuration on top of what runc does.

Make sure we do not save SkipDevices into state.json.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin mentioned this pull request Jun 3, 2021
Closed
@kolyshkin kolyshkin requested review from crosbymichael and cyphar June 3, 2021 17:48
cyphar
cyphar approved these changes Jun 4, 2021
View reviewed changes
Copy link
Member

@cyphar cyphar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I think dropping SkipDevices from the state is a good idea regardless of the original issue (and I prefer this to the other PR).

@cyphar
Copy link
Member

cyphar commented Jun 4, 2021
edited
Loading

Though it should be noted this pretty much invalidates the runc update test I added in #2951 -- now runc update no longer triggers the cgroupv2 devices re-apply. So maybe it'd be better to remove the test since it's a complete no-op now (we can add a Go-based integration test later).

@kolyshkin
Copy link
Contributor Author

kolyshkin commented Jun 4, 2021

Yes, I am going to remove the test and maybe try to add a unit test.

I'd rather do it separately from this PR though. Let's discuss it in there: #3000

@kolyshkin kolyshkin merged commit 2f8e8e9 into opencontainers:master Jun 4, 2021
@cyphar cyphar mentioned this pull request Jun 8, 2021
Closed
This was referenced Jun 9, 2021
Closed
Closed
Closed
@odinuge odinuge mentioned this pull request Jul 8, 2021
Closed
@kolyshkin kolyshkin mentioned this pull request Dec 16, 2021
Merged
vasiliy-ul referenced this pull request in kubevirt/kubevirt Jan 3, 2024
@vasiliy-ul
Add workaround for the issue with CPU manager
561af54 
CPU manager periodically updates cgroup settings via the container
runtime interface. Runc prior to version v1.0.0 drops all 'custom'
cgroup device rules on 'update' and that causes a race with live
migration when block volumes are hotplugged. Try to setup the test in a
way so that the VMI is migrated to a node without CPU manager.

Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de>
@kolyshkin kolyshkin mentioned this pull request Jul 8, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crosbymichael crosbymichael crosbymichael approved these changes

@cyphar cyphar cyphar approved these changes

Assignees

No one assigned

Labels

area/cgroupv1 area/cgroupv2 impact/changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kolyshkin @cyphar @crosbymichael