forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
util_linux.go
100 lines (89 loc) · 3.23 KB
/
util_linux.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
// +build linux
package builder
import (
"errors"
"fmt"
"os"
"strconv"
"github.com/google/cadvisor/container/crio"
crioclient "github.com/kubernetes-incubator/cri-o/client"
"github.com/kubernetes-incubator/cri-o/pkg/annotations"
"github.com/opencontainers/runc/libcontainer/cgroups"
s2iapi "github.com/openshift/source-to-image/pkg/api"
)
// getContainerNetworkConfig determines whether the builder is running as a container
// by examining /proc/self/cgroup. This context is then passed to source-to-image.
// It returns a suitable argument for NetworkMode. If the container platform is
// CRI-O, it also returns a path for /etc/resolv.conf, suitable for bindmounting.
func getContainerNetworkConfig() (string, string, error) {
file, err := os.Open("/proc/self/cgroup")
if err != nil {
return "", "", err
}
defer file.Close()
if id, containerType := readNetClsCGroup(file); id != "" {
glog.V(5).Infof("container type=%s", containerType)
if containerType != "crio" {
return s2iapi.DockerNetworkModeContainerPrefix + id, "", nil
}
crioClient, err := crioclient.New(crio.CrioSocket)
if err != nil {
return "", "", err
}
info, err := crioClient.ContainerInfo(id)
if err != nil {
return "", "", err
}
pid := strconv.Itoa(info.Pid)
resolvConfHostPath := info.CrioAnnotations[annotations.ResolvPath]
if len(resolvConfHostPath) == 0 {
return "", "", errors.New("/etc/resolv.conf hostpath is empty")
}
return fmt.Sprintf("netns:/proc/%s/ns/net", pid), resolvConfHostPath, nil
}
return "", "", nil
}
// GetCGroupLimits returns a struct populated with cgroup limit values gathered
// from the local /sys/fs/cgroup filesystem. Overflow values are set to
// math.MaxInt64.
func GetCGroupLimits() (*s2iapi.CGroupLimits, error) {
byteLimit, err := readInt64("/sys/fs/cgroup/memory/memory.limit_in_bytes")
if err != nil {
// for systems without cgroups builds should succeed
if _, err := os.Stat("/sys/fs/cgroup"); os.IsNotExist(err) {
return &s2iapi.CGroupLimits{}, nil
}
return nil, fmt.Errorf("cannot determine cgroup limits: %v", err)
}
// math.MaxInt64 seems to give cgroups trouble, this value is
// still 92 terabytes, so it ought to be sufficiently large for
// our purposes.
if byteLimit > 92233720368547 {
byteLimit = 92233720368547
}
parent, err := getCgroupParent()
if err != nil {
return nil, fmt.Errorf("read cgroup parent: %v", err)
}
return &s2iapi.CGroupLimits{
// Though we are capped on memory and cpu at the cgroup parent level,
// some build containers care what their memory limit is so they can
// adapt, thus we need to set the memory limit at the container level
// too, so that information is available to them.
MemoryLimitBytes: byteLimit,
// Set memoryswap==memorylimit, this ensures no swapping occurs.
// see: https://docs.docker.com/engine/reference/run/#runtime-constraints-on-cpu-and-memory
MemorySwap: byteLimit,
Parent: parent,
}, nil
}
// getCgroupParent determines the parent cgroup for a container from
// within that container.
func getCgroupParent() (string, error) {
cgMap, err := cgroups.ParseCgroupFile("/proc/self/cgroup")
if err != nil {
return "", err
}
glog.V(6).Infof("found cgroup values map: %v", cgMap)
return extractParentFromCgroupMap(cgMap)
}