New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add --cgroups parameter to jailer #2012
Conversation
8a5d979
to
69a7ebc
Compare
Hi, @christian7007! Thanks for the PR, we will take a closer look at it soon. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1st pass, mostly nits :D will review the functionality in depth a bit later
src/jailer/src/cgroup.rs
Outdated
}) | ||
} | ||
|
||
// This writes the cgroup value into the cgroup property file and attach the pid to the cgroup |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// This writes the cgroup value into the cgroup property file and attach the pid to the cgroup | |
// This writes the cgroup value into the cgroup property file and attaches the pid to the cgroup. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But does it attach the pid? It seems there is a different method that does this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, you're right. I forgot to change that comment, I'll update that.
Thanks for the feedback @ioanachirca. I've added all the changes. |
Hi @christian7007 we're not sure if we should downright remove the I am currently reaching out to some of our users to get some customer feedback and we will come back with a decision. |
Hello @acatangiu, No problem, if you need to proceed in a different way with the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR looks good overall. I have some concerns tho. How can we be sure that controllers separator, at the moment being comma, can be safely used? I noticed that using comma for separating multiple controllers does not fit when we have comma separated values. Have you looked on existing controllers properties values to see what can be safely used to separate controllers, but not interfere with values separators? We need to make sure that what is of interest for controlling the Firecracker process is fully supported.
CHANGELOG.md
Outdated
@@ -68,6 +70,9 @@ | |||
`403 BadRequest`. | |||
- Segregated MMDS documentation in MMDS design documentation and MMDS user | |||
guide documentation. | |||
- Jailer `--node` attribute has been replaced by `--cgroups`. In order to achieve the same | |||
functionality, `--cgroups` can be used like this: | |||
`--cgroups cpuset.mems=<node>,cpuset.cpus=$(cat /sys/devices/system/node/node<node>/cpulist)` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at the implementation, I see that controller.property=value
are separated by comma. I think we want to support comma separated values as well, for a property of a controller. An example is the case for cpuset.cpus
, where we can have multiple comma separated values. E.g: 0,2,8-15
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes @iulianbarbu, you are totally right. I didn't take that case into account. Probably it's better to use a different separator like a semicolon. I'll take a closer look on the supported values and I'll update the PR changing the separator.
Thanks for the feedback!
We decided to go with a deprecation mechanism here. For the purpose of this PR it is enough to keep both |
Hello @iulianbarbu and @acatangiu, sorry for the late reply I've been on vacation last days. I'll take care of submitting commits addressing both changes. The support for |
Cool! Let us know if you need any help or feedback. |
Hello @iulianbarbu, I've been thinking and making some test regarding changing the separator. I think that probably using
This way we use different arguments as separator, it seems cleaner to me. I've prepare a commit with a prototype for supporting this into the arg parser: christian7007@979873f What do you think about it? If you think this solution is good enough I can open a new PR with the parser changes and work over it. |
Hi, @christian7007. I just took a look at this thread, but I might still be missing some context sorry :D. Anyway, regarding the parser changes, I do not quite like being able to set multiple values for an argument by repeating that argument (but it is indeed a pretty subjective opinion). It would become confusing to allow both arguments with just a value (we do not overwrite, but return a Basically, you want to pass a list as value to the |
Yes, sure. I think a workaround for this would be to require escaping:
This might work. I do not have a strong preference for one or the other. As @lauralt pointed, we must make sure we handle properly cases which map to
I guess we want to give it some thought, and then align on it. Let me have it discussed inside the team. I'll come back with an update soon. |
Hello @lauralt, I agree that the best solution would be to use a separator, the problem here is that common used separator might interfere with the functionality (e.g it can be used by cgroups for something else or be interpreted by bash). That's why I'm trying to find a different approach.
You're right @iulianbarbu, but IMHO it doesn't look too clean, also these escapes could be a bit annoying when the command generation/execution is automated. I agree with the guidelines and with giving a thought to make sure that the interface we are defining is good enough to avoid future breaking changes. So, just let me know when you and the team have an update and I'll keep working on this. |
Hmm, could a " " separator be used by cgroups for something else? I would expect to not have spaces inside a key, value pair. |
I'm not sure if the " " is used for something else by cgroups (probably not, but I can try to find out). Anyway, in case we need to support that specific case we can try to find a workaround like:
or like:
And I guess that once we have read the entire string that shouldn't be a problem any more, as it will fit to the format |
4722a3d
to
47ea8c1
Compare
Hello @acatangiu, I've just pushed the commit restoring
With my current changes this is only done when a cgroup is set for a specific controller, so if only I don't know if we should take care of it too, and follow some deprecation mode for this specific behavior too. Regarding the CI tests, I'm not sure if the |
Hi, @christian7007 ! Let us know if we can help with anything. |
Hello @iulianbarbu, I've pushed a commit (5c5809c) with the requested changes. Please take a look at it when you have some time, if the changes looks good to you I'll squash all the commits in two. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Few nits and a suggestion for changing a comment.
Feel free to create the final two commits. I'll review each of them once more and then approve it if there is no other issue. Good job! 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Thanks. Feel free to compact the changes in those two commits.
Perfect! Thanks for the feedback. I'm running the tests locally after changing this: #2012 (comment) to make sure I haven't break anything (nice catch btw). I'll update the PR as soon as tests are OK. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please explicitly sign each commit:
git commit -s --amend
.
Done! |
@christian7007 looks like the PR is ready for merging. There's only a problem of solving a |
Sure, feel free to fix it. |
Reworded the commit since it mentioned ARM instead of AMD. |
It adds support for arguments which can appear multiple times (e.g jailer --feature f1 --feature f2). This is useful when multiple features of the same type needs to be set via CLI arguments. Signed-off-by: Christian González <cgonzalez@opennebula.io>
New --cgroup argument has been added to the jailer. It adds more flexibility on how cgroups are set by the jailer. - The Cgroup type has been redefined to wrap a cgroup to be set. - The test and documentation have been updated to reflect these changes Signed-off-by: Christian González <cgonzalez@opennebula.io>
Reason for This PR
Increase cgroups integration flexibility for the Jailer.
Fixes #1937
Fixes #1617
Description of Changes
New
--cgroups
argument have been added to the Jailer. This argument takes care of setting the passed cgroups generically and check that the expected value is correctly written.The
Cgroup
type have been modified in order to represent each of the cgroups passed by--cgroups
command line argument.rust-vmm
.License Acceptance
By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license.
PR Checklist
[Author TODO: Meet these criteria.]
[Reviewer TODO: Verify that these criteria are met. Request changes if not]
git commit -s
).unsafe
code is properly documented.firecracker/swagger.yaml
.CHANGELOG.md
.