This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
The following commit(s) were added to refs/heads/master by this push:
new 5d6d386a4 [cgroups2] Watch and respond to container limitations.
5d6d386a4 is described below
commit 5d6d386a4c383058643090d93101963b01c4434f
Author: Devin Leamy <[email protected]>
AuthorDate: Fri Apr 26 15:32:42 2024 -0400
[cgroups2] Watch and respond to container limitations.
Each `ControllerProcess` used by the cgroups v2 isolator
can optionally override `::watch` which is a future that
resolves when a container limitation (e.g. memory limit reached)
is detected.
Here we introduce listening and responding to these
container limitations, like is done in cgroups v1.
---
.../mesos/isolators/cgroups2/cgroups2.cpp | 40 ++++++++++++++++++++++
.../mesos/isolators/cgroups2/cgroups2.hpp | 11 ++++++
2 files changed, 51 insertions(+)
diff --git a/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp
b/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp
index a53e65cfb..d8ed7f002 100644
--- a/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp
+++ b/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp
@@ -41,6 +41,7 @@
using mesos::slave::ContainerClass;
using mesos::slave::ContainerConfig;
using mesos::slave::ContainerLaunchInfo;
+using mesos::slave::ContainerLimitation;
using mesos::slave::ContainerState;
using mesos::slave::Isolator;
@@ -623,6 +624,45 @@ Future<Nothing> Cgroups2IsolatorProcess::_isolate(
}
+Future<ContainerLimitation> Cgroups2IsolatorProcess::watch(
+ const ContainerID& containerId)
+{
+ // TODO(dleamy): Revisit this once nested containers are implemented. We
+ // may want to do what is done in cgroups v2 where we return a pending future
+ // for child containers that share cgroups with their ancestor.
+
+ foreachvalue (const Owned<Controller>& controller, controllers) {
+ if (infos[containerId]->controllers.contains(controller->name())) {
+ controller->watch(containerId, infos[containerId]->cgroup)
+ .onAny(defer(
+ PID<Cgroups2IsolatorProcess>(this),
+ &Cgroups2IsolatorProcess::_watch,
+ containerId,
+ lambda::_1));
+ }
+ }
+
+ return infos[containerId]->limitation.future();
+}
+
+
+void Cgroups2IsolatorProcess::_watch(
+ const ContainerID& containerId,
+ const Future<ContainerLimitation>& future)
+{
+ if (!infos.contains(containerId)) {
+ return;
+ }
+
+ if (future.isPending()) {
+ LOG(ERROR) << "Limitation future should be ready or failed";
+ return;
+ }
+
+ infos[containerId]->limitation.set(future);
+}
+
+
Future<Nothing> Cgroups2IsolatorProcess::update(
const ContainerID& containerId,
const Resources& resourceRequests,
diff --git a/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.hpp
b/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.hpp
index 9d58b9e7f..e193f3f1f 100644
--- a/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.hpp
+++ b/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.hpp
@@ -76,6 +76,9 @@ public:
const ContainerID& containerId,
pid_t pid) override;
+ process::Future<mesos::slave::ContainerLimitation> watch(
+ const ContainerID& containerId) override;
+
process::Future<Nothing> update(
const ContainerID& containerId,
const Resources& resourceRequests,
@@ -107,6 +110,10 @@ private:
// Names of the controllers which are prepared for the container.
hashset<std::string> controllers;
+
+ // Promise that will complete when a container is impacted by a resource
+ // limitation and should be terminated.
+ process::Promise<mesos::slave::ContainerLimitation> limitation;
};
Cgroups2IsolatorProcess(
@@ -143,6 +150,10 @@ private:
const ContainerID& containerId,
pid_t pid);
+ void _watch(
+ const ContainerID& containerId,
+ const process::Future<mesos::slave::ContainerLimitation>& future);
+
process::Future<Nothing> _update(
const std::vector<process::Future<Nothing>>& futures);
