Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

OHAI-551 #287

Closed
wants to merge 8 commits into
from

Conversation

Projects
None yet
4 participants
Contributor

atomic-penguin commented Feb 7, 2014

Add LXC guest hint, and unit test to virtualization.

atomic-penguin added some commits Feb 8, 2014

@atomic-penguin atomic-penguin OHAI-551
Add LXC guest hint, and unit test to virtualization.
84eb297
@atomic-penguin atomic-penguin OHAI-551
Add LXC notes, and full-content cgroup unit tests for LXC.

Change /proc/1/cgroup to /proc/self/cgroup, more consistent
with kernel documentation
[here](https://www.kernel.org/doc/Documentation/cgroups/).

Full-content examples of cgroups in OHAI-551 ticket
[here](https://tickets.opscode.com/browse/OHAI-551?focusedCommentId=47513&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-47513).
0e12854
@atomic-penguin atomic-penguin Add coverage for arbitrarily named cgroups
* Not all platforms may call a cgroup /lxc.
* For example, in the kernel documentation, 'Charlie' is used as an arbitrary cgroup name.
b860e8a
@atomic-penguin atomic-penguin Add lxc host support
* Added regex anchors (^|$) for specificity.
* lxc hosts should match pattern: '<digit>:<subsystem:/' in /proc/self/cgroup
65bd309
@atomic-penguin atomic-penguin Change \w+ to .+, since cgroup names could include dashes d725727

container id is not hexadecimal, it's just Docker using hexadecimal LXC names, for pure LXC it's the lxc name:

inside container:

# cat /proc/self/cgroup 
8:perf_event:/lxc/white
7:memory:/lxc/white
6:freezer:/lxc/white
5:devices:/lxc/white
4:cpuset:/lxc/white
3:cpuacct:/lxc/white
2:cpu:/lxc/white
1:blkio:/lxc/white

in the host:

# lxc-ls --fancy
NAME    STATE    IPV4                        IPV6  
-------------------------------------------------
dragon  STOPPED  -                           -     
sshd    STOPPED  -                           -     
test    STOPPED  -                           -     
white   RUNNING  192.168.2.7  -     
Owner

atomic-penguin replied Mar 6, 2014

Thanks, I saw this on the OHAI-551 ticket, and updated accordingly.

atomic-penguin added some commits Mar 6, 2014

@atomic-penguin atomic-penguin Check specifically for /lxc/ cgroup
* If cgroup is named lxc, with a container name (hex/alpha/digit/dashes), then its an lxc guest.
* If cgroup is named arbitrarily, then its not necessarily an lxc guest.
* If cgroup capabilities exist, and the cgroup is root (/), then its an lxc host.
2dd71b0
@atomic-penguin atomic-penguin OHAI-551
* Add /docker/ LXC guest coverage for docker-0.9.0-master
02d1a30

if that regexp is supposed to match this line:
4:cpuacct,cpu:/docker/9c2adaa4c391ec0d3bf994

then perhaps use non-greedy option instead (knowing that separator is :):
%r{^\d+:[^:]+:/(lxc|docker)/.+$}

as you could otherwise match FP: 4:cpuacct,cpu:/whatever/whatever/docker/foo

It doesn't match the '4:cpuacct,cpu:/whatever/whatever/docker/foo' string. Because the ':/(lxc|docker)/' match is non-greedy. The matched pattern would have to be ':/lxc/' or ':/docker/'

':/(lxc|docker)/' !~ ':/whatever/'

Although you're option would be slightly less greedy, by excluding the literal : from the prior field set. I don't think that is a bad idea, will change it.

but .+ is greedy

Right, and I'm not arguing otherwise. I agree with your suggestion, and applied the change to the OHAI-551 branch.

@atomic-penguin atomic-penguin Use less greedy inverse set match.
Rather than using a greedy wildcard like so:

* `%r{^\d+:.+:/(lxc|docker)/.+$}`

Use a less greedy inverse set, which excludes literal colon:

* `%r{^\d+:[^:]+:/(lxc|docker)/.+$}`

Discussion, atomic-penguin@02d1a30#diff-725858488c1235840f3a62b4eb7a575fR149
aa188d6
Contributor

atomic-penguin commented Apr 1, 2014

Closing, merged. Trivial change for docker-0.9.0-master support in opscode#307

adamedx commented on aa188d6 Apr 1, 2014

If the following pr gets merged, that should fix this, correct? (opscode#307)

Owner

atomic-penguin replied Apr 1, 2014

Yes, I just rebased against master with the two additional commits

Thanks, rebase appreciated, we'll do a little validation and then merge.

@atomic-penguin @adamedx This regex wont work on boot2docker/dvm vm running containers with ohai 7.0.4

Privileged output:

[kitchen@851ec609c2a4 ~]$ /opt/chef/embedded/bin/irb
irb(main):001:0> File.read("/proc/self/cgroup") =~ %r{^\d+:[^:]+:/(lxc|docker)/.+$}
=> nil
irb(main):002:0> ^D
[kitchen@851ec609c2a4 ~]$ cat /proc/self/cgroup
9:blkio:/
8:net_cls:/
7:freezer:/
6:devices:/
5:memory:/
4:cpu,cpuacct:/
3:cpuset:/
2:name=systemd:/system.slice/docker-851ec609c2a4e6b9c407ae8f44331f90c33366f161667cd81bcfdd8b233691f0.scope

Unprivileged:


[kitchen@93b2c18cd379 ~]$ /opt/chef/embedded/bin/irb
irb(main):001:0>  File.read("/proc/self/cgroup") =~ %r{^\d+:[^:]+:/(lxc|docker)/.+$}
=> nil
irb(main):002:0> ^D
[kitchen@93b2c18cd379 ~]$ cat /proc/self/cgroup
9:blkio:/
8:net_cls:/
7:freezer:/
6:devices:/system.slice/docker-93b2c18cd37904d1e93bc5d77f3fcdc2417da7e822f577266559dd7320fd01ef.scope
5:memory:/
4:cpu,cpuacct:/
3:cpuset:/
2:name=systemd:/system.slice/docker-93b2c18cd37904d1e93bc5d77f3fcdc2417da7e822f577266559dd7320fd01ef.scope
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment