Add support for cgroups managed by systemd

containers · Jun 2, 2021 · 79108b3 · 79108b3
1 parent 2d342c0
commit 79108b3
Show file tree

Hide file tree

Showing 7 changed files with 151 additions and 13 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -22,3 +22,4 @@ once_cell = "1.6.0"
 futures = { version = "0.3", features = ["thread-pool"] }
 regex = "1.5"
 oci_spec = { version = "0.1.0", path = "./oci_spec" }
+systemd = "0.8.2"
diff --git a/src/cgroups/common.rs b/src/cgroups/common.rs
@@ -10,6 +10,7 @@ use anyhow::{bail, Result};
 use nix::unistd::Pid;
 use oci_spec::LinuxResources;
 use procfs::process::Process;
+use systemd::daemon::booted;
 
 use crate::cgroups::v1;
 use crate::cgroups::v2;
@@ -50,7 +51,17 @@ pub fn write_cgroup_file<P: AsRef<Path>>(path: P, data: &str) -> Result<()> {
  Ok(())
 }
 
-pub fn create_cgroup_manager<P: Into<PathBuf>>(cgroup_path: P) -> Result<Box<dyn CgroupManager>> {
+pub fn create_cgroup_manager<P: Into<PathBuf>>(
+ cgroup_path: P,
+ systemd_cgroup: bool,
+) -> Result<Box<dyn CgroupManager>> {
+ if systemd_cgroup {
+ if !booted()? {
+ bail!("systemd cgroup flag passed, but systemd support for managing cgroups is not available");
+ }
+ log::info!("systemd cgroup manager will be used");
+ return Ok(Box::new(v1::SystemDCGroupManager::new(cgroup_path.into())?));
+ }
  let cgroup_mount = Process::myself()?
  .mountinfo()?
  .into_iter()
@@ -84,7 +95,7 @@ pub fn create_cgroup_manager<P: Into<PathBuf>>(cgroup_path: P) -> Result<Box<dyn
  )?))
  }
  _ => Ok(Box::new(v1::manager::Manager::new(cgroup_path.into())?)),
- } 
+ }
  }
  _ => bail!("could not find cgroup filesystem"),
  }

diff --git a/src/cgroups/v2/mod.rs b/src/cgroups/v2/mod.rs
@@ -7,3 +7,5 @@ mod io;
 pub mod manager;
 mod memory;
 mod pids;
+pub mod systemd_manager;
+pub use systemd_manager::SystemDCGroupManager;
diff --git a/src/cgroups/v2/systemd_manager.rs b/src/cgroups/v2/systemd_manager.rs
@@ -0,0 +1,24 @@
+use anyhow::Result;
+use nix::unistd::Pid;
+use oci_spec::LinuxResources;
+use std::path::PathBuf;
+
+use crate::cgroups::common::CgroupManager;
+
+pub struct SystemDCGroupManager {}
+
+impl SystemDCGroupManager {
+ pub fn new(cgroup_path: PathBuf) -> Result<Self> {
+ Ok(SystemDCGroupManager {})
+ }
+}
+
+impl CgroupManager for SystemDCGroupManager {
+ fn apply(&self, linux_resources: &LinuxResources, pid: Pid) -> Result<()> {
+ Ok(())
+ }
+
+ fn remove(&self) -> Result<()> {
+ Ok(())
+ }
+}
diff --git a/src/create.rs b/src/create.rs
@@ -31,7 +31,12 @@ pub struct Create {
 }
 
 impl Create {
- pub fn exec(&self, root_path: PathBuf, command: impl Command) -> Result<()> {
+ pub fn exec(
+ &self,
+ root_path: PathBuf,
+ systemd_cgroup: bool,
+ command: impl Command,
+ ) -> Result<()> {
  let bundle_canonicalized = fs::canonicalize(&self.bundle)
  .unwrap_or_else(|_| panic!("failed to canonicalied {:?}", &self.bundle));
  let container_dir = root_path.join(&self.container_id);
@@ -80,6 +85,7 @@ impl Create {
  rootfs,
  spec,
  csocketfd,
+ systemd_cgroup,
  container,
  command,
  )?;
@@ -96,6 +102,7 @@ fn run_container<P: AsRef<Path>>(
  rootfs: PathBuf,
  spec: oci_spec::Spec,
  csocketfd: Option<FileDescriptor>,
+ systemd_cgroup: bool,
  container: Container,
  command: impl Command,
 ) -> Result<Process> {
@@ -104,7 +111,7 @@ fn run_container<P: AsRef<Path>>(
  let namespaces: Namespaces = linux.namespaces.clone().into();
 
  let cgroups_path = utils::get_cgroup_path(&linux.cgroups_path, container.id());
- let cmanager = cgroups::common::create_cgroup_manager(&cgroups_path)?;
+ let cmanager = cgroups::common::create_cgroup_manager(&cgroups_path, systemd_cgroup)?;
 
  match fork::fork_first(
  pid_file,

diff --git a/src/main.rs b/src/main.rs
@@ -15,9 +15,8 @@ use youki::create;
 use youki::signal;
 use youki::start;
 
-use youki::utils;
 use youki::cgroups;
-
+use youki::utils;
 
 /// High-level commandline option definition
 /// This takes global options as well as individual commands as specified in [OCI runtime-spec](https://github.com/opencontainers/runtime-spec/blob/master/runtime.md)
@@ -32,6 +31,9 @@ struct Opts {
  log: Option<PathBuf>,
  #[clap(long)]
  log_format: Option<String>,
+ /// Enable systemd cgroup manager, rather then use the cgroupfs directly.
+ #[clap(short, long)]
+ systemd_cgroup: bool,
  /// command to actually manage container
  #[clap(subcommand)]
  subcmd: SubCommand,
@@ -81,8 +83,10 @@ fn main() -> Result<()> {
  let root_path = PathBuf::from(&opts.root);
  fs::create_dir_all(&root_path)?;
 
+ let systemd_cgroup = opts.systemd_cgroup;
+
  match opts.subcmd {
- SubCommand::Create(create) => create.exec(root_path, LinuxCommand),
+ SubCommand::Create(create) => create.exec(root_path, systemd_cgroup, LinuxCommand),
  SubCommand::Start(start) => start.exec(root_path),
  SubCommand::Kill(kill) => {
  // resolves relative paths, symbolic links etc. and get complete path
@@ -144,7 +148,8 @@ fn main() -> Result<()> {
  // remove the cgroup created for the container
  // check https://man7.org/linux/man-pages/man7/cgroups.7.html
  // creating and removing cgroups section for more information on cgroups
- let cmanager = cgroups::common::create_cgroup_manager(cgroups_path)?;
+ let cmanager =
+ cgroups::common::create_cgroup_manager(cgroups_path, systemd_cgroup)?;
  cmanager.remove()?;
  }
  std::process::exit(0)