From ef514090c169fe00d2011e9ad14a5e0d8de12928 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Wed, 12 Jul 2017 15:02:15 -0700 Subject: [PATCH] config-linux: Move 'disableOOMKiller' under 'memory' It's backed by memory.oom_control, so this commit moves it in with the rest of the memory-controller config. Looking at the history, the initial request landing a setting for this in the Docker/OCI ecosystem seems to be [1], which added Cgroup.OomKillDisable. That commit was carried from libcontainer into runC [2] where it is now Resources.OomKillDisable [3]. From runC it was carried into this repo (with some renaming) in [4]. Subsequent early doc updates landed in [5,6]. In none of those can I find discussion about why the setting is not already under memory. I expect the reason is that the runC structures are flat, so "under memory" is not a thing there. But in this spec, resources has per-controller sub-properties. The fact that disableOOMKiller belonged to the memory controller may have been overlooked in [4] and never revisited until now. [1]: https://github.com/docker/libcontainer/pull/417 Subject: cgroups: add support for oom control [2]: https://github.com/opencontainers/runc/commit/295c70865d10d7c57ba13cbef45c1d276ebfa83e Subject: cgroups: add support for oom control [3]: https://github.com/opencontainers/runc/blob/v1.0.0-rc3/libcontainer/configs/cgroup_unix.go#L113-L114 [4]: https://github.com/opencontainers/runtime-spec/pull/51 Subject: Add Go types for specification [5]: https://github.com/opencontainers/runtime-spec/pull/137 Subject: Adding cgroups path to the Spec. [6]: https://github.com/opencontainers/runtime-spec/pull/199 Subject: runtime: config: linux: add cgroups informations Signed-off-by: W. Trevor King --- config-linux.md | 26 +++++++---------------- config.md | 6 +++--- schema/config-linux.json | 8 +++---- schema/test/config/good/spec-example.json | 4 ++-- specs-go/config.go | 4 ++-- 5 files changed, 19 insertions(+), 29 deletions(-) diff --git a/config-linux.md b/config-linux.md index daf0ad9bd..9a1223927 100644 --- a/config-linux.md +++ b/config-linux.md @@ -253,22 +253,6 @@ Each entry has the following structure: ] ``` -### Disable out-of-memory killer - -`disableOOMKiller` contains a boolean (`true` or `false`) that enables or disables the Out of Memory killer for a cgroup. -If enabled (`false`), tasks that attempt to consume more memory than they are allowed are immediately killed by the OOM killer. -The OOM killer is enabled by default in every cgroup using the `memory` subsystem. -To disable it, specify a value of `true`. -For more information, see the kernel cgroups documentation about [memory][cgroup-v1-memory]. - -* **`disableOOMKiller`** *(bool, OPTIONAL)* - enables or disables the OOM killer - -#### Example - -```json - "disableOOMKiller": false -``` - ### Memory **`memory`** (object, OPTIONAL) represents the cgroup subsystem `memory` and it's used to set limits on the container's memory usage. @@ -282,9 +266,14 @@ Values for memory specify the limit in bytes, or `-1` for unlimited memory. * **`kernel`** *(int64, OPTIONAL)* - sets hard limit for kernel memory * **`kernelTCP`** *(int64, OPTIONAL)* - sets hard limit for kernel TCP buffer memory -For `swappiness` the values are from 0 to 100. Higher means more swappy. +The following properties do not specify memory limits, but are covered by the `memory` controller: * **`swappiness`** *(uint64, OPTIONAL)* - sets swappiness parameter of vmscan (See sysctl's vm.swappiness) + The values are from 0 to 100. Higher means more swappy. +* **`disableOOMKiller`** *(bool, OPTIONAL)* - enables or disables the OOM killer. + If enabled (`false`), tasks that attempt to consume more memory than they are allowed are immediately killed by the OOM killer. + The OOM killer is enabled by default in every cgroup using the `memory` subsystem. + To disable it, specify a value of `true`. #### Example @@ -295,7 +284,8 @@ For `swappiness` the values are from 0 to 100. Higher means more swappy. "swap": 536870912, "kernel": -1, "kernelTCP": -1, - "swappiness": 0 + "swappiness": 0, + "disableOOMKiller": false } ``` diff --git a/config.md b/config.md index fb33ff566..bee008f09 100644 --- a/config.md +++ b/config.md @@ -202,7 +202,7 @@ For Linux-based systems, the `process` object supports the following process-spe If `oomScoreAdj` is set, the runtime MUST set `oom_score_adj` to the given value. If `oomScoreAdj` is not set, the runtime MUST NOT change the value of `oom_score_adj`. - This is a per-process setting, where as [`disableOOMKiller`](config-linux.md#disable-out-of-memory-killer) is scoped for a memory cgroup. + This is a per-process setting, where as [`disableOOMKiller`](config-linux.md#memory) is scoped for a memory cgroup. For more information on how these two settings work together, see [the memory cgroup documentation section 10. OOM Contol][cgroup-v1-memory_2]. * **`selinuxLabel`** (string, OPTIONAL) specifies the SELinux label for the process. For more information about SELinux, see [SELinux documentation][selinux]. @@ -710,7 +710,8 @@ Here is a full example `config.json` for reference. "swap": 536870912, "kernel": -1, "kernelTCP": -1, - "swappiness": 0 + "swappiness": 0, + "disableOOMKiller": false }, "cpu": { "shares": 1024, @@ -721,7 +722,6 @@ Here is a full example `config.json` for reference. "cpus": "2-3", "mems": "0-7" }, - "disableOOMKiller": false, "devices": [ { "allow": false, diff --git a/schema/config-linux.json b/schema/config-linux.json index 53bc06c51..c2e863bec 100644 --- a/schema/config-linux.json +++ b/schema/config-linux.json @@ -143,10 +143,6 @@ } } }, - "disableOOMKiller": { - "id": "https://opencontainers.org/schema/bundle/linux/resources/disableOOMKiller", - "type": "boolean" - }, "hugepageLimits": { "id": "https://opencontainers.org/schema/bundle/linux/resources/hugepageLimits", "type": "array", @@ -193,6 +189,10 @@ "swappiness": { "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/swappiness", "$ref": "defs.json#/definitions/uint64" + }, + "disableOOMKiller": { + "id": "https://opencontainers.org/schema/bundle/linux/resources/memory/disableOOMKiller", + "type": "boolean" } } }, diff --git a/schema/test/config/good/spec-example.json b/schema/test/config/good/spec-example.json index 50fdbbe8e..c7db729bd 100644 --- a/schema/test/config/good/spec-example.json +++ b/schema/test/config/good/spec-example.json @@ -241,7 +241,8 @@ "swap": 536870912, "kernel": -1, "kernelTCP": -1, - "swappiness": 0 + "swappiness": 0, + "disableOOMKiller": false }, "cpu": { "shares": 1024, @@ -252,7 +253,6 @@ "cpus": "2-3", "mems": "0-7" }, - "disableOOMKiller": false, "devices": [ { "allow": false, diff --git a/specs-go/config.go b/specs-go/config.go index 6436a34b6..f3f37d42d 100644 --- a/specs-go/config.go +++ b/specs-go/config.go @@ -284,6 +284,8 @@ type LinuxMemory struct { KernelTCP *int64 `json:"kernelTCP,omitempty"` // How aggressive the kernel will swap memory pages. Swappiness *uint64 `json:"swappiness,omitempty"` + // DisableOOMKiller disables the OOM killer for out of memory conditions + DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"` } // LinuxCPU for Linux cgroup 'cpu' resource management @@ -322,8 +324,6 @@ type LinuxNetwork struct { type LinuxResources struct { // Devices configures the device whitelist. Devices []LinuxDeviceCgroup `json:"devices,omitempty"` - // DisableOOMKiller disables the OOM killer for out of memory conditions - DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"` // Memory restriction configuration Memory *LinuxMemory `json:"memory,omitempty"` // CPU resource restriction configuration