runtime: config: linux: add cgroups informations #199
Conversation
runcom
force-pushed
the
rework-runtime-config-linux
branch
2 times, most recently
from
8e6ac74 to
7ca9693
Compare
| * **`mount`** the container will have an isolated mount table | ||
| * **`ipc`** processes inside the container will only be able to communicate to other processes inside the same container via system level IPC | ||
| * **`uts`** the container will be able to have its own hostname and domain name | ||
| * **`user`** the container will be able to remap user and group IDs from the host to local users and groups within the container |
There was a problem hiding this comment.
I'd consider just echoing the “isolates” column of namespaces(7) for these entries. For example:
- ipc isolates System V IPC, POSIX message queues
There was a problem hiding this comment.
Ah, I see this is cut/pasted/reformatted from below. In that case, it's probably best to leave the text as it stands ;).
|
I left a number of minor copy-edit suggestion, but overall this looks On Wed, Sep 23, 2015 at 06:01:17AM -0700, Antonio Murdaca wrote:
This would be good to get right ;). I haven't dug through the kernel |
it's wrong, mistake |
runcom
force-pushed
the
rework-runtime-config-linux
branch
3 times, most recently
from
6f3600e to
7e4de1b
Compare
| ```json | ||
| "disableOOMKiller": false | ||
| ``` | ||
|
|
||
| #### Memory | ||
|
|
||
| `memory` represents the cgroup subsystem `memory` and it's used to set limits on the container's memory use. |
runcom
force-pushed
the
rework-runtime-config-linux
branch
from
7e4de1b to
c7bc89c
Compare
|
LGTM |
|
@vishh you want to take a look? |
|
|
||
| * **`gid`** *(uint32, optional)* - gid of device owner | ||
|
|
||
| **`fileMode`**, **`uid`** and **`gid`** are required if **`path`** is given, otherwise not allowed |
There was a problem hiding this comment.
This line needs at least a trailing period, and maybe an end like “and are otherwise not allowed.”
|
There are a few ‘cfq’ → ‘CFS’ changes, but those aren't the same thing |
|
Yeah, for block it should be CFQ. |
sorry I mixed both valules, will fix |
runcom
force-pushed
the
rework-runtime-config-linux
branch
from
c7bc89c to
55f4b81
Compare
- add information to cgroup resources controllers with examples - add pids cgroup information and example - reflect kernel types Signed-off-by: Antonio Murdaca <runcom@linux.com>
runcom
force-pushed
the
rework-runtime-config-linux
branch
from
55f4b81 to
2ce2c86
Compare
|
Updated PTAL |
|
2ce2c86 looks good to me.
|
|
is there anything missing here? |
|
LGTM |
runtime: config: linux: add cgroups informations
| // Total memory usage (memory + swap); set `-1' to disable swap | ||
| Swap int64 `json:"swap"` | ||
| Swap uint64 `json:"swap"` |
There was a problem hiding this comment.
Why uint64 here? How can we set it to -1? I'd much rather retain int64 since negative values have special meaning in the kernel for some of these fields.
There was a problem hiding this comment.
I will send a PR to clean this up.
There was a problem hiding this comment.
@vishh Pretty sure I went thou the kernel source and checked this can't be negative, but maybe I made some mistakes checking, thanks
There was a problem hiding this comment.
definitely made a mistake based on the comment :)
It's backed by memory.oom_control, so this commit moves it in with the rest of the memory-controller config. Looking at the history, the initial request landing a setting for this in the Docker/OCI ecosystem seems to be [1], which added Cgroup.OomKillDisable. That commit was carried from libcontainer into runC [2] where it is now Resources.OomKillDisable [3]. From runC it was carried into this repo (with some renaming) in [4]. Subsequent early doc updates landed in [5,6]. In none of those can I find discussion about why the setting is not already under memory. I expect the reason is that the runC structures are flat, so "under memory" is not a thing there. But in this spec, resources has per-controller sub-properties. The fact that disableOOMKiller belonged to the memory controller may have been overlooked in [4] and never revisited until now. [1]: docker-archive/libcontainer#417 Subject: cgroups: add support for oom control [2]: opencontainers/runc@295c708 Subject: cgroups: add support for oom control [3]: https://github.com/opencontainers/runc/blob/v1.0.0-rc3/libcontainer/configs/cgroup_unix.go#L113-L114 [4]: opencontainers#51 Subject: Add Go types for specification [5]: opencontainers#137 Subject: Adding cgroups path to the Spec. [6]: opencontainers#199 Subject: runtime: config: linux: add cgroups informations Signed-off-by: W. Trevor King <wking@tremily.us>
I'm submitting this as a first iteration of specifying structures here in the specs so any help/ideas are well accepted for subsequent PRs
Signed-off-by: Antonio Murdaca runcom@linux.com