Skip to content

oci_conmon: do not create a cgroup under systemd #4861

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 3 commits into from
Jan 22, 2020
Merged

oci_conmon: do not create a cgroup under systemd #4861

openshift-merge-robot merged 3 commits into from
Jan 22, 2020

Conversation

@giuseppe
Copy link
Member

@giuseppe giuseppe commented Jan 14, 2020
edited
Loading

Detect whether we are running under systemd (if the INVOCATION_ID is set). If Podman is running under a systemd service, we do not need to create a cgroup for conmon.

The variable is set only on new systemd versions (the version on RHEL8 seems fine and sets it), so for older versions add a --cgroups=no-conmon option to disable cgroups for conmon.

Closes: #4833

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

@openshift-ci-robot
Copy link
Collaborator

openshift-ci-robot commented Jan 14, 2020

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: giuseppe

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M labels Jan 14, 2020
mheon
mheon reviewed Jan 14, 2020
View reviewed changes
docs/source/markdown/podman-run.1.md Outdated
@@ -92,8 +92,9 @@ If the host uses cgroups v1, the default is set to **host**. On cgroups v2 the
**--cgroups**=*mode*

Determines whether the container will create CGroups.
Valid values are *enabled* and *disabled*, which the default being *enabled*.
Valid values are *enabled*, *disabled*, *disabled-conmon*, which the default being *enabled*.
Copy link
Member

@mheon mheon Jan 14, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think no-conmon would be a better name, but I'd like other folks to agree to that before we change it.

Copy link
Member Author

@giuseppe giuseppe Jan 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vrothberg do you have any preference on the naming?

Copy link
Member

@vrothberg vrothberg Jan 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have a preference.

mheon
mheon reviewed Jan 14, 2020
View reviewed changes
@giuseppe giuseppe requested a review from vrothberg January 15, 2020 10:36
@giuseppe
Copy link
Member Author

giuseppe commented Jan 15, 2020

how to move forward? I rename the new option to no-conmon and make it a string instead of a bool?

@vrothberg
Copy link
Member

vrothberg commented Jan 15, 2020

how to move forward? I rename the new option to no-conmon and make it a string instead of a bool?

SGTM

@giuseppe giuseppe force-pushed the add-cgroups-disabled-conmon branch from c912932 to ba1160c Compare January 15, 2020 14:34
@giuseppe giuseppe added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 15, 2020
@giuseppe giuseppe force-pushed the add-cgroups-disabled-conmon branch 2 times, most recently from 2db6dc1 to 0c270d7 Compare January 15, 2020 16:16
@rhatdan
Copy link
Member

rhatdan commented Jan 15, 2020

Can you add ("enabled"|"disabled"|"no-conmon") to the command line option? @edsantiago uses this for generation of the completion flags.

mheon
mheon reviewed Jan 15, 2020
View reviewed changes
mheon
mheon reviewed Jan 15, 2020
View reviewed changes
pkg/spec/namespaces.go Outdated
@@ -216,6 +216,9 @@ func (c *CgroupConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCre
if c.Cgroups == "disabled" {
Copy link
Member

@mheon mheon Jan 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO we should disable this and remove WithNoCgroups, and move everything to use WithCgroupsMode

Copy link
Member

@mheon mheon Jan 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll need to retain NoCgroups in the database and keep supporting it there for legacy reasons, but we should move all new containers over to use the new version

Copy link
Member

@rhatdan rhatdan Jan 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we are depracatng it, then remove it from the docs and hide the option. No reason for people to continue to use it.

Copy link
Member

@mheon mheon Jan 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should continue working - we're just changing the way we store it in the database

Copy link
Member

@rhatdan rhatdan Jan 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But I thought we were discouraging an option?

@giuseppe giuseppe force-pushed the add-cgroups-disabled-conmon branch from 0c270d7 to 7324b39 Compare January 15, 2020 19:29
@mheon
Copy link
Member

mheon commented Jan 15, 2020 via email

@giuseppe giuseppe force-pushed the add-cgroups-disabled-conmon branch 2 times, most recently from 5778fc3 to b71b77c Compare January 16, 2020 14:52
@rh-atomic-bot
Copy link
Collaborator

rh-atomic-bot commented Jan 16, 2020

☔ The latest upstream changes (presumably #4884) made this pull request unmergeable. Please resolve the merge conflicts.

@openshift-ci-robot openshift-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 16, 2020
@giuseppe
podman: add new option --cgroups=no-conmon
ba0a6f3 
it allows to disable cgroups creation only for the conmon process.

A new cgroup is created for the container payload.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe
systemdgen: specify --cgroups=disabled-conmon for --new
70236f5 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe giuseppe force-pushed the add-cgroups-disabled-conmon branch from b71b77c to 433a8c2 Compare January 16, 2020 17:59
@openshift-ci-robot openshift-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 16, 2020
@giuseppe
oci_conmon: do not create a cgroup under systemd
1951ff1 
Detect whether we are running under systemd (if the INVOCATION_ID is
set).  If Podman is running under a systemd service, we do not need to
create a cgroup for conmon.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe giuseppe force-pushed the add-cgroups-disabled-conmon branch from 433a8c2 to 1951ff1 Compare January 16, 2020 19:29
@giuseppe
Copy link
Member Author

giuseppe commented Jan 16, 2020

tests are passing

@rhatdan
Copy link
Member

rhatdan commented Jan 16, 2020

LGTM
But I thought that @mheon still has an issue?

@giuseppe
Copy link
Member Author

giuseppe commented Jan 17, 2020

But I thought that @mheon still has an issue?

I think I took care of all the comments. @mheon is there still anything pending?

@giuseppe
Copy link
Member Author

giuseppe commented Jan 20, 2020

@mheon are you fine with the current version?

@mheon
Copy link
Member

mheon commented Jan 20, 2020

Looking...

@mheon
Copy link
Member

mheon commented Jan 20, 2020

/lgtm

@mheon
Copy link
Member

mheon commented Jan 20, 2020

/hold cancel

@openshift-ci-robot openshift-ci-robot added lgtm Indicates that a PR is ready to be merged. and removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Jan 20, 2020
@rhatdan
Copy link
Member

rhatdan commented Jan 20, 2020

/test images

1 similar comment
@vrothberg
Copy link
Member

vrothberg commented Jan 21, 2020

/test images

@giuseppe
Copy link
Member Author

giuseppe commented Jan 22, 2020

/retest

@giuseppe
Copy link
Member Author

giuseppe commented Jan 22, 2020

/test images

@openshift-merge-robot openshift-merge-robot merged commit 9f146b1 into containers:master Jan 22, 2020
@cognition9144 cognition9144 mentioned this pull request Mar 25, 2020
Closed
@vrothberg vrothberg mentioned this pull request Jun 15, 2020
Closed
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 25, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@mheon mheon mheon left review comments

@rhatdan rhatdan Awaiting requested review from rhatdan

@TomSweeneyRedHat TomSweeneyRedHat Awaiting requested review from TomSweeneyRedHat

@vrothberg vrothberg Awaiting requested review from vrothberg

Assignees

@mheon mheon

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

rootless container - systemd user service fails on 1.7.0 but is working on 1.6.2

7 participants

@giuseppe @openshift-ci-robot @vrothberg @rhatdan @mheon @rh-atomic-bot @openshift-merge-robot