common: remove Cgroups v1 support (podman6) #387
Conversation
|
✅ A new PR has been created in buildah to vendor these changes: containers/buildah#6423 |
|
@containers/container-libs-maintainers I think it'd be nice to have a podman6 or cgv1 or some such label here as well. Mind creating one please? |
lsm5
changed the title
|
ah if it's manual merges here, then no need I guess. |
Luap99
added
the
podman 6
|
yeah manual merge, keep the PR as draft until we branched. Still a label to track all the things is still a good idea so I added the "podman 6" label. |
common/pkg/cgroups/cgroups_linux.go
Outdated
| // Load loads an existing cgroup control. | ||
| func Load(path string) (*CgroupControl, error) { | ||
| cgroup2, err := IsCgroup2UnifiedMode() | ||
| _, err := IsCgroup2UnifiedMode() |
There was a problem hiding this comment.
There are several other callers of this, and quite a few code paths that could potentially be deleted if this never returns false, nil. Do we want to update those as well? If not, what’s the exact scope of changes we do want to make?
Assuming we do change all of the callers to expect (_, err) or (true, nil), should wereplace the IsCgroup2UnifiedMode function by a function with some other name (IsProcCgroupMounted???), or perhaps remove it entirely?
But then again, note that non-Linux code is hard-coded to return (false, nil). Is that still what we want?
There was a problem hiding this comment.
On #podman-dev matrix , there seemed to be agreement on having a single check for v1/v2 in main and removing everything else. Would that suffice for the common library too? So, basically remove all cgroup conditionals and v1 logic from the library and let the library users handle this via a single check (?).
|
Looks like a good start to me @lsm5 |
|
Packit jobs failed. @containers/packit-build please check. |
3 similar comments
|
Packit jobs failed. @containers/packit-build please check. |
|
Packit jobs failed. @containers/packit-build please check. |
|
Packit jobs failed. @containers/packit-build please check. |
|
@containers/container-libs-maintainers Now that podman v5.7 is branched, when can we start merging v6 stuff in container-libs? I can remove draft status on this whenever we're ready to review/merge. |
Removes all conditionals for IsCgroup2UnifiedMode and cgroupv2.Enabled and assumes Cgroups v2. Also removes `cgroup2` and `additionalControllers` from CgroupControl struct and all the conditionals resulting from it. pkg/cgroups.IsCgroup2UnifiedMode is being retained as it will be used in the dependent tools as a single check for v1/v2. Fixes: RUN-3567 (partly) Signed-off-by: Lokesh Mandvekar <[email protected]>
|
Only remaining question is whether we wait for the 6.0.0-dev bump... I think that's not really necessary though. Should be fine to un-draft |
|
@containers/container-libs-maintainers PTAL |
|
buildah PR: containers/buildah#6424 |
| return false, nil | ||
| } | ||
| return ctr.createCgroupDirectory(Blkio) | ||
| return false, nil |
There was a problem hiding this comment.
if this function does nothing it should be removed
There was a problem hiding this comment.
That might not be possible with the controllerHandler abstraction… but then all Destroy callbacks do something with a getCgroupv1Path, so there might be more opportunities to simplify.
After this PR, don’t all the Apply calls do exatly the same fs2.NewManager().Set() call? Does that do anything (well, does that do anything beneficial) to call that repeatedly?
I’m starting to have a vague impression that all of pkg/cgroups would be best replaced by direct calls of opencontainers/cgroups/fs2 — but I did not research that, and this is not the PR to do that. (It might not even be the PR to drop the controllerHandler abstraction, I have no opinion on that part.)
| return false, nil | ||
| } | ||
| return ctr.createCgroupDirectory(CPU) | ||
| return false, nil |
There was a problem hiding this comment.
here as well it seem like we can remove this function
| return false, nil | ||
| } | ||
| return ctr.createCgroupDirectory(Memory) | ||
| return false, nil |
| } | ||
| enabled, err := cgroupv2.Enabled() | ||
| if err == nil && !enabled && unshare.IsRootless() { | ||
| if unshare.IsRootless() { |
There was a problem hiding this comment.
That seem wrong, the condition was if cgroupv1 && rootless I think, now it is just rootless which means we default to cgroupfs which sounds wrong and I would expect test failures because of that. I would assume this entire branch should just be deleted
| sysInfo.cgroupCPUInfo = checkCgroupCPU(cgMounts, quiet) | ||
| sysInfo.cgroupBlkioInfo = checkCgroupBlkioInfo(cgMounts, quiet) | ||
| sysInfo.cgroupCpusetInfo = checkCgroupCpusetInfo(cgMounts, quiet) | ||
| sysInfo.cgroupPids = checkCgroupPids(cgMounts, quiet) |
There was a problem hiding this comment.
isn't this removing PidsLimit: true which was set before when cgroupv2 is used?
There was a problem hiding this comment.
well, lint didn't complain about it earlier. Looks like it can be removed. So, just to confirm, should GetDefaultPidsLimit assume PidsLimit: true and just return 4096?`
There was a problem hiding this comment.
Just a local review looking at the package.
I’d find refactoring easier to review (and much safer to later find bugs in, via git bisect) if they were split into smaller commits, one idea at a time) — at least, please do so if you follow up on some of the newly available options pointed out below.
I’m overall unclear on the error handling — do we need to worry about e.g. /sys not being mounted at all, and IsCgroup2UnifiedMode returning (false, error) in such a situation — and that the reported errors are reasonable even after we remove the IsCgroup2UnifiedMode calls? Or is that something that we don’t care about (or perhaps something that can never happen)?
| name: name, | ||
| symlink: !fileInfo.IsDir(), | ||
| name: controllerName, | ||
| symlink: false, |
There was a problem hiding this comment.
symlink is always false (and never read?)
… and then I think the only remaining caller only extracts the name field, so maybe the whole controller type can be removed.
| } | ||
|
|
||
| // AddPid moves the specified pid to the cgroup. | ||
| func (c *CgroupControl) AddPid(pid int) error { |
There was a problem hiding this comment.
pid is not used, how does this work?! (I can’t see a Podman caller)
| } else { | ||
| ioString = "BlockIOAccounting" | ||
| } | ||
| ioString := "IOAccounting" |
There was a problem hiding this comment.
This can be inlined into the only user.
(Some similar opportunities exist elsewhere.)
| } | ||
|
|
||
| uMap, sMap, bMap, iMap, structMap, err := resourcesToProps(resources, v2) | ||
| uMap, sMap, bMap, iMap, structMap, err := resourcesToProps(resources, true) |
There was a problem hiding this comment.
This is the only caller, the v2 parameter can removed and the function simplified.
| } | ||
|
|
||
| cgroupNS := "host" | ||
| if cgroup2, _ := cgroupv2.Enabled(); cgroup2 { |
There was a problem hiding this comment.
cgroupv2.Enabled seems to be exactly the same code as cgroup.IsCgroup2UnifiedMode. Can one of the two be entirely removed?
| if cgroup2, _ := cgroupv2.Enabled(); cgroup2 { | ||
| cgroupNS = "private" | ||
| } | ||
| cgroupNS := "private" |
There was a problem hiding this comment.
This can be inlined into the only user.
I think I could do that even for the existing stuff. Will reorganize this soon. |
6 participants
Resolves: RUN-3567 (partly)