Skip to content

Commit

Permalink
libct: reduce the delete delay
Browse files Browse the repository at this point in the history
When using unix.Kill to kill the container, we need a for loop to detect
the init process exited or not manually, we sleep 100ms each time in the
current, but for stopped containers or containers running in a low load
machine, we don't need to wait so long time. This change will reduce the
delete delay in some situations, especially for those pods with many
containers in.

Co-authored-by: Abel Feng <[email protected]>
Signed-off-by: lifubang <[email protected]>
  • Loading branch information
abel-von authored and lifubang committed Nov 9, 2024
1 parent b38f27f commit bcddc62
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 8 deletions.
21 changes: 13 additions & 8 deletions delete.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"path/filepath"

"github.com/opencontainers/runc/libcontainer"
"github.com/opencontainers/runc/libcontainer/configs"
"github.com/urfave/cli"
)

Expand Down Expand Up @@ -58,24 +59,28 @@ status of "ubuntu01" as "stopped" the following will delete resources held for
}
return err
}
// When --force is given, we kill all container processes and
// then destroy the container. This is done even for a stopped
// container, because (in case it does not have its own PID
// namespace) there may be some leftover processes in the
// container's cgroup.
if force {
return killContainer(container)
}

s, err := container.Status()
if err != nil {
return err
}
switch s {
case libcontainer.Stopped:
// For a stopped container, because (in case it does not have
// its own PID namespace) there may be some leftover processes
// in the container's cgroup.
if !container.Config().Namespaces.IsPrivate(configs.NEWPID) {
return killContainer(container)
}
return container.Destroy()
case libcontainer.Created:
return killContainer(container)
default:
// When --force is given, we kill all container processes and
// then destroy the container.
if force {
return killContainer(container)
}
return fmt.Errorf("cannot delete container %s that is not stopped: %s", id, s)
}
},
Expand Down
9 changes: 9 additions & 0 deletions libcontainer/container_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -473,6 +473,15 @@ func (c *Container) killViaPidfd() error {

func (c *Container) kill() error {
_ = c.Signal(unix.SIGKILL)

// For containers running in a low load machine, we only need to wait about 1ms.
time.Sleep(time.Millisecond)
if err := c.Signal(unix.Signal(0)); err != nil {
return nil
}

// For some containers in a heavy load machine, we need to wait more time.
logrus.Debugln("We need more time to wait the init process exit.")
for i := 0; i < 100; i++ {
time.Sleep(100 * time.Millisecond)
if err := c.Signal(unix.Signal(0)); err != nil {
Expand Down

0 comments on commit bcddc62

Please sign in to comment.