Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add resource validation after delete #654

Merged
merged 2 commits into from
Oct 10, 2018

Conversation

zhouhao3
Copy link

@zhouhao3 zhouhao3 commented Jul 2, 2018

DeleteResImplement: Deleting a container MUST delete the resources that were created during the create step.
DeleteOnlyCreatedRes: Note that resources associated with the container, but not created by this container, MUST NOT be deleted.

At present, DeleteResImplement is implemented, but it is not yet clear how to implement DeleteOnlyCreatedRes. (Write the container id to the existing cgroup tasks?)
@liangchenye @dongsupark @wking WDYT?

Signed-off-by: Zhou Hao [email protected]

@dongsupark
Copy link
Contributor

From a quick look, this PR looks good.
About DeleteOnlyCreatedRes, could it be maybe written like this?

  • Create a cgroup cgrouptest
  • Run a container that joins the cgroup, by writing its PID to /sys/fs/cgroup/pids/cgrouptest/tasks.
  • Delete the container
  • See if the cgroup stays, without being deleted.

I've not tried it on my own though.
See also the cgroups document in the Linux kernel.

@zhouhao3 zhouhao3 force-pushed the resources-validation branch from 1626388 to 6c943e8 Compare July 4, 2018 02:17
@zhouhao3 zhouhao3 changed the title [WIP] add resource validation after delete add resource validation after delete Jul 4, 2018
@zhouhao3
Copy link
Author

zhouhao3 commented Jul 4, 2018

@dongsupark thanks for your suggestion.
Currently both have been implemented. @liangchenye PTAL.

util.Fatal(err)
}
// Add the container to the cgroup
ioutil.WriteFile(filepath.Join(pidsPath, "cgrouptset/tasks"), []byte(strconv.Itoa(state.Pid)), 0644)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: "cgrouptset" != "cgrouptest" from line 26. You could check the return value of ioutil.WriteFile and use a constant for that directory.

// Create a cgroup
cgPath := "/sys/fs/cgroup"
pidsPath := filepath.Join(cgPath, "pids")
os.Mkdir(filepath.Join(pidsPath, "cgrouptest"), 0755)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test should cleanup (rmdir) that directory after the test is completed.


// Create a cgroup
cgPath := "/sys/fs/cgroup"
pidsPath := filepath.Join(cgPath, "pids")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will not work with cgroup-v2 because the paths are different but that's a larger in OCI.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know much about cgroup-v2, so should we do validation here in two different cases?

I will learn about cgroup-v2 later. There is still much work to be done about cgroup-v2 in the runtime-tool.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A lot about the spec is cgroup-v1 only. I don't think we can do add support for v1 and v2 everywhere at once. So I don't think this should block this PR.

@@ -0,0 +1,84 @@
package main
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typos in the filename:

validation/deleate_only_create_resources/delte_only_create_resources.go
            ^^^^^                        ^^^^^

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated, thanks.

@zhouhao3 zhouhao3 force-pushed the resources-validation branch from 041521f to caa32a1 Compare July 26, 2018 06:39
@zhouhao3
Copy link
Author

zhouhao3 commented Sep 5, 2018

The two commit have resolved the remaining issues in specerror. @liangchenye @mrunalp PTAL

@zhouhao3
Copy link
Author

ping @liangchenye @mrunalp

@zhouhao3
Copy link
Author

zhouhao3 commented Oct 4, 2018

@liangchenye @vbatts @mrunalp PTAL

@dongsupark
Copy link
Contributor

I've tested it, it works well.
LGTM. (but I'm not a maintainer)

@vbatts
Copy link
Member

vbatts commented Oct 9, 2018

LGTM

Approved with PullApprove

@zhouhao3 zhouhao3 merged commit 0ace550 into opencontainers:master Oct 10, 2018
@zhouhao3 zhouhao3 deleted the resources-validation branch October 10, 2018 01:04
@zhouhao3 zhouhao3 mentioned this pull request Oct 10, 2018
44 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants