-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
daemon: load and cache sysInfo on initialization #43130
Conversation
92faa25
to
d132750
Compare
This comment was marked as outdated.
This comment was marked as outdated.
d132750
to
697bdec
Compare
697bdec
to
0607e54
Compare
Seeing a lot of failures like this on Windows now 😞
|
win-2022;
unit-tests:
|
The `daemon.RawSysInfo()` function can be a heavy operation, as it collects information about all cgroups on the host, networking, AppArmor, Seccomp, etc. While looking at our code, I noticed that various parts in the code call this function, potentially even _multiple times_ per container, for example, it is called from: - `verifyPlatformContainerSettings()` - `oci.WithCgroups()` if the daemon has `cpu-rt-period` or `cpu-rt-runtime` configured - in `ContainerDecoder.DecodeConfig()`, which is called on boith `container create` and `container commit` Given that this information is not expected to change during the daemon's lifecycle, and various information coming from this (such as seccomp and apparmor status) was already cached, we may as well load it once, and cache the results in the daemon instance. This patch updates `daemon.RawSysInfo()` to use a `sync.Once()` so that it's only executed once for the daemon's lifecycle. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
0607e54
to
483aa62
Compare
Flakiness during build; looks like there may be some issues with the SUSE repositories
Interesting; somehow a test running where it doesn't support devicemapper? Or just some leftover state from a previous run?
|
Windows failure is a known flaky test (we need to look into that one) #43012
|
@AkihiroSuda ptal |
@AkihiroSuda ptal 🤗 |
@AkihiroSuda PTAL |
Thanks! (sorry for the repeated ping; had some other changes in this area that may conflict, so wanted to get this one in if possible) |
This may have caused a regression; first time the daemon is started,
Checking on the host shows the correct status; cat /proc/sys/net/ipv4/ip_forward
1
cat /proc/sys/net/bridge/bridge-nf-call-iptables
1
cat /proc/sys/net/bridge/bridge-nf-call-ip6tables
1 After restarting the service ( I suspect the reason for that is that the SystemInfo is read during daemon startup (and uses a For example;
|
The
daemon.RawSysInfo()
function can be a heavy operation, as it collectsinformation about all cgroups on the host, networking, AppArmor, Seccomp, etc.
While looking at our code, I noticed that various parts in the code call this
function, potentially even multiple times per container, for example, it is
called from:
verifyPlatformContainerSettings()
oci.WithCgroups()
if the daemon hascpu-rt-period
orcpu-rt-runtime
configuredContainerDecoder.DecodeConfig()
, which is called on boithcontainer create
andcontainer commit
Given that this information is not expected to change during the daemon's
lifecycle, and various information coming from this (such as seccomp and
apparmor status) was already cached, we may as well load it once, and cache
the results in the daemon instance.
This patch updates
daemon.RawSysInfo()
to use async.Once()
so thatit's only executed once for the daemon's lifecycle.
For sake of completenes: I considered updatingdaemon.RawSysInfo()
to use async.Once()
instead (to make this automatic on first use), but (for now) decided against it, as it could complicate some tests, and for regular use of the daemon, the daemon would be constructed usingdaemon.NewDaemon()
.- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)