Add cgroup v2 support while maintaining v1 compatibility#2632
Add cgroup v2 support while maintaining v1 compatibility#2632jiechen0826 wants to merge 3 commits intomicrosoft:mainfrom
Conversation
tools.go
Outdated
There was a problem hiding this comment.
we already have these in go.mod via tool directives.
also, why do we need the "github.com/containerd/containerd/v2/pkg/oci" import? it doest look like its being used anywhere
| func TestCgroupManagerInterface_Compatibility(t *testing.T) { | ||
| // Test that both managers implement the CgroupManager interface | ||
| var v1mgr CgroupManager = &V1Manager{} | ||
| var v2mgr CgroupManager = &V2Manager{path: "/test/path"} | ||
|
|
||
| // Test that both managers implement the interface | ||
| _ = v1mgr | ||
| _ = v2mgr | ||
| } |
There was a problem hiding this comment.
in main.go:
var _ CgroupManager = &V1Manager{}
var _ CgroupManager = &V2Manager{}
| return false | ||
| } | ||
|
|
||
| // CgroupManager provides a unified interface for cgroup v1 and v2 operations |
There was a problem hiding this comment.
probably best to move the CgroupManager code to internal/guest/cgroup (or something similarly named)
| } | ||
|
|
||
| // Try mounting cgroup v2 to see if it works | ||
| bool is_cgroup_v2_available() { |
There was a problem hiding this comment.
| bool is_cgroup_v2_available() { | |
| bool try_init_cgroups_v2() { |
so that way we can remove void init_cgroups_v2()
| #ifdef DEBUG | ||
| printf("init_cgroups\n"); | ||
| #endif | ||
| dmesgInfo("Microsoft.hcsshim init: cgroup migration version starting\n"); |
There was a problem hiding this comment.
is this log needed? we already get cgroup info from init_cgroups
| func isCgroupV2() bool { | ||
| // Check if cgroup v2 was disabled via kernel parameter | ||
| if isCgroupV2DisabledByKernel() { | ||
| return false | ||
| } | ||
|
|
||
| _, err := os.Stat("/sys/fs/cgroup/cgroup.controllers") | ||
| return err == nil | ||
| } |
There was a problem hiding this comment.
semiduplicated by isCgroupV2 in internal/guest/runtime/hcsv2/container.go
| } | ||
|
|
||
| // convertV2StatsToV1Stats converts cgroup v2 stats to v1 stats format | ||
| func convertV2StatsToV1Stats(v2Stats *cgroups2stats.Metrics) *cgroups1stats.Metrics { |
There was a problem hiding this comment.
(semi?) duplicated by convertV2StatsToV1 in internal/guest/runtime/hcsv2/container.go
| NetworkNamespace string | ||
| CgroupPath string | ||
| CgroupControl cgroups.Cgroup | ||
| CgroupControl interface{} // Can be either cgroups.Cgroup (v1) or *cgroups2.Manager (v2) |
There was a problem hiding this comment.
we already have the CgroupManager defined in cmd/gcs/main.go (which we probably should extract and move elsewhere)
can we just rely on that here and for virtualPodsCgroupParent so we dont need to recreate and reimplement all the same manager creation and stat code?
| _, err := os.Stat("/sys/fs/cgroup/cgroup.controllers") | ||
| return err == nil |
There was a problem hiding this comment.
"github.com/containerd/cgroups/v3".Mode() == "github.com/containerd/cgroups/v3".Unified
(probably also want to return true for hybrid cgroup mode)
jiechen0826
force-pushed
the
cgroup-v2-clean
branch
from
3e6e5cd to
9f85d63
Compare
- Change go:generate from 'go tool' to 'go run' syntax for mkwinsyscall calls - This fixes CI failures in the 'go-gen' job where external tools cannot be invoked with 'go tool' syntax - All mkwinsyscall calls now use proper 'go run' syntax that works with vendored dependencies - Addresses PR microsoft#2632 CI pipeline failures Files updated: - computestorage/storage.go - hcn/hcn.go - hcsshim.go - internal/hns/hns.go - internal/interop/interop.go - internal/regstate/regstate.go
jiechen0826
force-pushed
the
cgroup-v2-clean
branch
from
da130ab to
c51e88a
Compare
jiechen0826
force-pushed
the
cgroup-v2-clean
branch
from
c51e88a to
fb65d11
Compare
4 participants
This pull request introduces comprehensive improvements to cgroup (control group) initialization and management, especially around supporting both cgroup v1 and v2, and adds extensive testing for cgroup resource handling and memory event monitoring. It also updates several dependencies to newer versions for improved compatibility and stability.
Cgroup Initialization and Detection Improvements:
init/init.cto robustly detect and initialize cgroup v1 or v2 at boot. The system now checks for kernel parameters disabling cgroup v2, attempts a test mount to verify v2 availability, and mounts tmpfs for v1 only if needed. This ensures correct cgroup setup based on the environment, with improved logging for troubleshooting.Cross-distribution compatibility:
cgroup_no_v2=allkernel parameter to force cgroup v1 usage, which is properly detected and respectedTesting Enhancements for Cgroup Management:
cmd/gcs/cgroup_manager_test.gowith tests covering interface compatibility, resource conversion, cgroup version detection, error handling for invalid paths and permissions, and edge cases for resource limits and stats conversion.cmd/gcs/memory_event_test.gowith tests for cgroup v2 memory event monitoring, OOM event file descriptors, memory threshold detection, error handling, and resource creation scenarios.Dependency and Compatibility Updates:
go.modto newer versions of several dependencies, includingcontainerd/cgroups,containerd/containerd,opencontainers/runtime-spec,urfave/cli/v2, and others, improving compatibility with recent upstream changes and bug fixes.internal/guest/runtime/hcsv2/container.goto support the new functionality.Other Codebase Improvements:
<dirent.h>ininit/init.cfor directory operations.init/init.cfor better maintainability.These changes collectively improve the reliability and test coverage of cgroup management, ensure compatibility with modern Linux systems, and lay the groundwork for future enhancements.