Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to change cgroup root path (enhanced recording) #38066

Merged
merged 4 commits into from Feb 19, 2024
Merged

Add option to change cgroup root path (enhanced recording) #38066

merged 4 commits into from Feb 19, 2024

Conversation

gabrielcorado
Copy link
Contributor

Closes #36304. Enables users to configure the directory used to store cgroup sessions.

Example with multiple agents per node

Two services configured with:

# teleport-1.yaml
ssh_service:
  enabled: "yes"
  enhanced_recording:
    enabled: true
    root_path: /agent-1

# teleport-2.yaml
ssh_service:
  enabled: "yes"
  enhanced_recording:
    enabled: true
    root_path: /agent-2

The structure is different for each:

$ ls /cgroup/agent-1/
1441b074-e6c1-4918-9b4c-43f13864308b  cgroup.threads         cpu.stat         memory.events        memory.stat
cgroup.controllers                    cgroup.type            cpu.uclamp.max   memory.events.local  memory.swap.current
cgroup.events                         cpu.idle               cpu.uclamp.min   memory.high          memory.swap.events
cgroup.freeze                         cpu.max                cpu.weight       memory.low           memory.swap.high
cgroup.kill                           cpu.max.burst          cpu.weight.nice  memory.max           memory.swap.max
cgroup.max.depth                      cpu.pressure           io.max           memory.min           memory.zswap.current
cgroup.max.descendants                cpuset.cpus            io.pressure      memory.numa_stat     memory.zswap.max
cgroup.pressure                       cpuset.cpus.effective  io.prio.class    memory.oom.group     pids.current
cgroup.procs                          cpuset.cpus.partition  io.stat          memory.peak          pids.events
cgroup.stat                           cpuset.mems            io.weight        memory.pressure      pids.max
cgroup.subtree_control                cpuset.mems.effective  memory.current   memory.reclaim       pids.peak

$ ls /cgroup/agent-2/
7968061b-1f4a-40bd-abff-065acd783ae3  cgroup.type            cpu.uclamp.min                        memory.high          memory.swap.high
cgroup.controllers                    cpu.idle               cpu.weight                            memory.low           memory.swap.max
cgroup.events                         cpu.max                cpu.weight.nice                       memory.max           memory.zswap.current
cgroup.freeze                         cpu.max.burst          fc9a493b-aa66-4154-896a-99e80fa182e6  memory.min           memory.zswap.max
cgroup.kill                           cpu.pressure           io.max                                memory.numa_stat     pids.current
cgroup.max.depth                      cpuset.cpus            io.pressure                           memory.oom.group     pids.events
cgroup.max.descendants                cpuset.cpus.effective  io.prio.class                         memory.peak          pids.max
cgroup.pressure                       cpuset.cpus.partition  io.stat                               memory.pressure      pids.peak
cgroup.procs                          cpuset.mems            io.weight                             memory.reclaim
cgroup.stat                           cpuset.mems.effective  memory.current                        memory.stat
cgroup.subtree_control                cpu.stat               memory.events                         memory.swap.current
cgroup.threads                        cpu.uclamp.max         memory.events.local                   memory.swap.events

Check on the session itself:

# SSH using Agent 1
$ tsh ssh root@agent-1
$ cat /proc/$$/cgroup
0::/agent-1/1441b074-e6c1-4918-9b4c-43f13864308b/113e8528-ce12-46cf-b637-de2f200523d8

# SSH using Agent 2
$ tsh ssh root@agent-2
$ cat /proc/$$/cgroup
0::/agent-2/7968061b-1f4a-40bd-abff-065acd783ae3/82ba74f1-9413-4e9d-b276-bf4929d76a45

changelog: Add ssh_service.enhanced_recording.root_path configuration option to change the cgroup slice path used by the agent.

@gabrielcorado gabrielcorado self-assigned this Feb 10, 2024
@github-actions github-actions bot added bpf Used to bugs with bpf and enhanced session recording. size/sm labels Feb 10, 2024
zmb3
zmb3 approved these changes Feb 11, 2024
View reviewed changes
Copy link
Collaborator

@zmb3 zmb3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Don't forget docs updates.

lib/config/fileconf.go Show resolved Hide resolved
@gabrielcorado gabrielcorado added this pull request to the merge queue Feb 19, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 19, 2024
@gabrielcorado gabrielcorado added this pull request to the merge queue Feb 19, 2024
Merged via the queue into master with commit 28f8772 Feb 19, 2024
35 checks passed
@gabrielcorado gabrielcorado deleted the gabrielcorado/add-root-path-config-bpf branch February 19, 2024 17:26
@public-teleport-github-review-bot
Copy link

@gabrielcorado See the table below for backport results.

Branch Result
branch/v13 Create PR
branch/v14 Create PR
branch/v15 Create PR

This was referenced Feb 19, 2024
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmb3 zmb3 zmb3 approved these changes

@greedy52 greedy52 greedy52 approved these changes

Assignees

@gabrielcorado gabrielcorado

Labels
backport/branch/v13 backport/branch/v14 backport/branch/v15 bpf Used to bugs with bpf and enhanced session recording. size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow Configurability of cgroup Slice Path
4 participants
@gabrielcorado @zmb3 @greedy52 @r0mant