diff --git a/virtcontainers/cgroups.go b/virtcontainers/cgroups.go index 46c46f0fb8..522f118c7e 100644 --- a/virtcontainers/cgroups.go +++ b/virtcontainers/cgroups.go @@ -143,7 +143,7 @@ func (s *Sandbox) updateCgroups() error { s.Logger().Warn("sandbox's cgroup won't be updated: cgroup path is empty") return nil } - + s.Logger().Info("DEBUG loading cgroup:", s.state.CgroupPath) cgroup, err := cgroupsLoadFunc(V1Constraints, cgroups.StaticPath(s.state.CgroupPath)) if err != nil { return fmt.Errorf("Could not load cgroup %v: %v", s.state.CgroupPath, err) @@ -221,31 +221,8 @@ func (s *Sandbox) constrainHypervisor(cgroup cgroups.Cgroup) error { return fmt.Errorf("Could not add hypervisor PID %d to cgroup %v: %v", pid, path, err) } - // when new container joins, new CPU could be hotplugged, so we - // have to query fresh vcpu info from hypervisor for every time. - tids, err := s.hypervisor.getThreadIDs() - if err != nil { - return fmt.Errorf("failed to get thread ids from hypervisor: %v", err) - } - if len(tids.vcpus) == 0 { - // If there's no tid returned from the hypervisor, this is not - // a bug. It simply means there is nothing to constrain, hence - // let's return without any error from here. - return nil - } - - // We are about to move just the vcpus (threads) into cgroups with constraints. - // Move whole hypervisor process whould be easier but the IO/network performance - // whould be impacted. - for _, i := range tids.vcpus { - // In contrast, AddTask will write thread id to `tasks` - // After this, vcpu threads are in "vcpu" sub-cgroup, other threads in - // qemu will be left in parent cgroup untouched. - if err := cgroup.AddTask(cgroups.Process{ - Pid: i, - }); err != nil { - return err - } + if err := cgroup.Add(cgroups.Process{Pid: pid}); err != nil { + return fmt.Errorf("Could not add hypervisor PID %d to cgroup %v: %v", pid, path, err) } return nil diff --git a/virtcontainers/sandbox.go b/virtcontainers/sandbox.go index 7f88973adc..dbf8cd4f09 100644 --- a/virtcontainers/sandbox.go +++ b/virtcontainers/sandbox.go @@ -12,9 +12,11 @@ import ( "io" "net" "os" + "path/filepath" "sync" "syscall" + "github.com/containerd/cgroups" "github.com/containernetworking/plugins/pkg/ns" specs "github.com/opencontainers/runtime-spec/specs-go" opentracing "github.com/opentracing/opentracing-go" @@ -1009,7 +1011,12 @@ func (s *Sandbox) addContainer(c *Container) error { ann := c.GetAnnotations() if ann[annotations.ContainerTypeKey] == string(PodSandbox) { - s.state.CgroupPath = c.state.CgroupPath + parent := filepath.Dir(c.state.CgroupPath) + sandboxCgroupPath := filepath.Join(parent, "/kata-sandbox") + s.state.CgroupPath = sandboxCgroupPath + if err := s.newCgroups(); err != nil { + return err + } return s.store.Store(store.State, s.state) } @@ -1713,3 +1720,29 @@ func (s *Sandbox) calculateSandboxCPUs() uint32 { } return utils.CalculateVCpusFromMilliCpus(mCPU) } + +// creates a new cgroup and return the cgroups path +func (s *Sandbox) newCgroups() error { + + var spec specs.Spec + + // https://github.com/kata-containers/runtime/issues/168 + resources := specs.LinuxResources{ + CPU: nil, + } + + resources.CPU = s.cpuResources() + + if spec.Linux != nil && spec.Linux.Resources != nil { + resources.CPU = validCPUResources(spec.Linux.Resources.CPU) + } + + s.state.CgroupPath = utils.ValidCgroupPath(s.state.CgroupPath) + _, err := cgroupsNewFunc(cgroups.V1, + cgroups.StaticPath(s.state.CgroupPath), &resources) + if err != nil { + return fmt.Errorf("Could not create cgroup for %v: %v", s.state.CgroupPath, err) + } + + return nil +}