shm: Create shared /dev/shm#357
Conversation
amshinde
force-pushed
the
handle-shared-shm
branch
2 times, most recently
from
cda7583 to
ed1746d
Compare
|
@bergwolf PTAL. Let me know what you think about the approach. I am planning to add a new Storage in the kata agent with driver "shm" that will create a tmpfs based storage. |
| grpcSpec.Mounts[idx].Type = "tmpfs" | ||
| grpcSpec.Mounts[idx].Source = "shm" | ||
| grpcSpec.Mounts[idx].Options = []string{"noexec", "nosuid", "nodev", "mode=1777", "size=65536k"} | ||
| grpcSpec.Mounts[idx].Options = []string{"noexec", "nosuid", "nodev", "mode=1777", sizeOption} |
There was a problem hiding this comment.
It might be worth adding a log call to show the requested size for debugging purposes.
There was a problem hiding this comment.
I have added log calls for the shm size.
| continue | ||
| } | ||
|
|
||
| shmSize = vc.DefaultShmSize |
There was a problem hiding this comment.
Why is this set inside the loop? Can't you just initialize shmSize to this value as currently if there is no host mount this function will return 0?
There was a problem hiding this comment.
@jodh-intel I have added a break here. If no shm mount is found, then the shmSize will be zero, hence it is initialized to zero. In case host shm is to be used, this will be set to DefaultShmSize.
|
@amshinde Can you reuse kata-containers/agent/pull/236 and base your change on top of #307? shm is just a special case of tmpfs and tmpfs is handled as ephemeral storage in #307. |
|
@bergwolf Maybe we can create a new general storage type in kata-agent, for supporting the case that sharing a volume among containers in pod, but not share it with host? |
|
@WeiZhang555 Sharing a volume within the guest is already supported, by letting different containers bind mount the same volume source at the sandbox level. Each container can mount the referenced volume to its own namespace. |
amshinde
force-pushed
the
handle-shared-shm
branch
from
ed1746d to
e5e498e
Compare
|
@bergwolf I have changed this PR to use |
amshinde
force-pushed
the
handle-shared-shm
branch
from
e5e498e to
233f964
Compare
| shmStorage := &grpc.Storage{ | ||
| Driver: kataEphemeralDevType, | ||
| MountPoint: path, | ||
| Source: "shm", |
There was a problem hiding this comment.
@bergwolf I just realised that the source in case of /dev/shm is set to shm and not tmpfs, various for ephemeral volumes it is tmpfs .
$ sudo docker run -it --runtime=runc debian sh -c "mount | grep shm"
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
This source field would need to be changed to tmpfs to use the ephemeral storage. I know shm is a special case of tmpfs, but I havent looked into the implications of doing this, do you think it is ok to use tmpfs instead of shm.
I would prefer to introduce a new storage type for shm to be consistent with runc behaviour.
There was a problem hiding this comment.
@amshinde for ephemeral storage, the source actually does not matter. You can set it as shm or tmpfs or whatever, and it will be shown as such inside the container. Do you mean that kata-agent would only accept tmpfs source for ephemeral storage? If so, we need to fix it in kata-agent side.
There was a problem hiding this comment.
@bergwolf Yes, you are right. I set this to shm and tested it.
amshinde
force-pushed
the
handle-shared-shm
branch
from
233f964 to
105dd1e
Compare
|
LTGM! Thanks @amshinde ! My only concern is that we are mounting all these volumes under |
|
/cc @grahamwhaley for the 9p comment. lgtm although the CI doesn't look very happy. |
amshinde
force-pushed
the
handle-shared-shm
branch
from
105dd1e to
6dd6c10
Compare
|
PSS Measurement: Memory inside container: |
amshinde
force-pushed
the
handle-shared-shm
branch
from
6dd6c10 to
4e8ec27
Compare
|
PSS Measurement: Memory inside container: |
amshinde
force-pushed
the
handle-shared-shm
branch
from
4e8ec27 to
ddd6bf8
Compare
|
PSS Measurement: Memory inside container: |
amshinde
force-pushed
the
handle-shared-shm
branch
from
ddd6bf8 to
9d793f6
Compare
|
PSS Measurement: Memory inside container: |
Codecov Report
@@ Coverage Diff @@
## master #357 +/- ##
=========================================
+ Coverage 63.79% 63.8% +<.01%
=========================================
Files 87 87
Lines 8765 8807 +42
=========================================
+ Hits 5592 5619 +27
- Misses 2574 2586 +12
- Partials 599 602 +3
Continue to review full report at Codecov.
|
|
@jodh-intel I am no longer using |
|
Hi @amshinde - ok. codecov is complaining, but I think if you create a unit test for |
amshinde
force-pushed
the
handle-shared-shm
branch
2 times, most recently
from
ccc752e to
abf82b4
Compare
This commit checks the size of "/dev/shm" for the sandbox container which is then used to create the shared memory inside the guest. kata agent then uses this size to set up a sandbox level ephemeral storage for shm. The containers then simply bind mount this sandbox level shm. With this, we will now be able to support docker --shm-size option as well have a shared shm within containers in a pod, since they are supposed to be in the same IPC namespace. Fixes kata-containers#356 Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
amshinde
force-pushed
the
handle-shared-shm
branch
from
abf82b4 to
4d470e5
Compare
|
PSS Measurement: Memory inside container: |
6 participants
This commit checks the size of "/dev/shm" for the sandbox container
which is then used to create the shared memory inside the guest.
kata agent then uses this size to set up a sandbox level shm
storage. The containers then simply bind mount this sandbox level
shm.
With this, we will now be able to support docker --shm-size option
as well have a shared shm within containers in a pod, since they are
supposed to be in the same IPC namespace.
Fixed #356
Signed-off-by: Archana Shinde archana.m.shinde@intel.com