[jira] [Created] (MESOS-9070) Support systemd and freezer cgroup subsystems bind mount for container with rootfs.

Gilbert Song (JIRA) Wed, 11 Jul 2018 14:36:46 -0700

Gilbert Song created MESOS-9070:
-----------------------------------

             Summary: Support systemd and freezer cgroup subsystems bind mount 
for container with rootfs.
                 Key: MESOS-9070
                 URL: https://issues.apache.org/jira/browse/MESOS-9070
             Project: Mesos
          Issue Type: Task
          Components: containerization
            Reporter: Gilbert Song



>From MESOS-8327, cgroup subsystems are bind mounted to the container's rootfs, 
>but systemd and freezer cgroup are not bind mounted yet since they are not 
>subsystems under the cgroup isolator but from the linux launcher.

Some applications (e.g., dockerd) may check the /proc/self/cgorup for enabled 
subsystems and check them at /proc/self/mountinfo to make sure there are those 
mounts. Here is an example:
{noformat}
➜  aws  dcos task exec --interactive test.bf2fad80-846b-11e8-b5a0-eaa1bec34306 
/bin/bash
cat /proc/self/cgroup
11:blkio:/mesos/87899f08-53e5-47bf-aba3-712c31c33543
10:perf_event:/mesos/87899f08-53e5-47bf-aba3-712c31c33543
9:cpuset:/mesos/87899f08-53e5-47bf-aba3-712c31c33543
8:memory:/mesos/87899f08-53e5-47bf-aba3-712c31c33543
7:pids:/mesos/87899f08-53e5-47bf-aba3-712c31c33543
6:devices:/mesos/87899f08-53e5-47bf-aba3-712c31c33543
5:cpu,cpuacct:/mesos/87899f08-53e5-47bf-aba3-712c31c33543
4:freezer:/mesos/87899f08-53e5-47bf-aba3-712c31c33543/mesos/12fde554-5262-473c-a20c-7dd201148b11
3:net_cls,net_prio:/mesos/87899f08-53e5-47bf-aba3-712c31c33543
2:hugetlb:/mesos/87899f08-53e5-47bf-aba3-712c31c33543
1:name=systemd:/mesos/87899f08-53e5-47bf-aba3-712c31c33543/mesos/12fde554-5262-473c-a20c-7dd201148b11
                    
cat /proc/self/mountinfo
388 387 202:9 / / rw,relatime master:1 - ext4 /dev/xvda9 
rw,seclabel,data=ordered
389 388 254:0 / /usr ro,relatime master:2 - ext4 /dev/mapper/usr 
ro,seclabel,block_validity,delalloc,barrier,user_xattr,acl
390 389 202:6 / /usr/share/oem rw,nodev,relatime master:32 - ext4 /dev/xvda6 
rw,seclabel,commit=600,data=ordered
391 388 0:6 / /dev rw,nosuid master:3 - devtmpfs devtmpfs 
rw,seclabel,size=8201844k,nr_inodes=2050461,mode=755
392 391 0:19 / /dev/shm rw,nosuid,nodev master:4 - tmpfs tmpfs rw,seclabel
393 391 0:20 / /dev/pts rw,nosuid,noexec,relatime master:5 - devpts devpts 
rw,seclabel,gid=5,mode=620,ptmxmode=000
394 391 0:15 / /dev/mqueue rw,relatime master:26 - mqueue mqueue rw,seclabel
395 391 0:37 / /dev/hugepages rw,relatime master:27 - hugetlbfs hugetlbfs 
rw,seclabel
396 388 0:4 / /proc rw,nosuid,nodev,noexec,relatime master:6 - proc proc rw
397 396 0:35 / /proc/sys/fs/binfmt_misc rw,relatime master:24 - autofs 
systemd-1 rw,fd=23,pgrp=0,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1017
398 396 0:40 / /proc/xen rw,relatime master:31 - xenfs xenfs rw
399 388 0:18 / /sys rw,nosuid,nodev,noexec,relatime master:7 - sysfs sysfs 
rw,seclabel
400 399 0:17 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:8 - 
securityfs securityfs rw
401 399 0:22 / /sys/fs/cgroup ro,nosuid,nodev,noexec master:9 - tmpfs tmpfs 
ro,seclabel,mode=755
402 401 0:23 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime master:10 
- cgroup cgroup 
rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
403 401 0:25 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime master:11 
- cgroup cgroup rw,hugetlb
404 401 0:26 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime 
master:12 - cgroup cgroup rw,net_cls,net_prio
405 401 0:27 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime master:13 
- cgroup cgroup rw,freezer
406 401 0:28 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime 
master:14 - cgroup cgroup rw,cpu,cpuacct
407 401 0:29 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime master:15 
- cgroup cgroup rw,devices
408 401 0:30 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime master:16 - 
cgroup cgroup rw,pids
409 401 0:31 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime master:17 
- cgroup cgroup rw,memory
410 401 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime master:18 
- cgroup cgroup rw,cpuset
411 401 0:33 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime 
master:19 - cgroup cgroup rw,perf_event
412 401 0:34 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime master:20 - 
cgroup cgroup rw,blkio
413 399 0:24 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:21 - 
pstore pstore rw,seclabel
414 399 0:16 / /sys/fs/selinux rw,relatime master:22 - selinuxfs selinuxfs rw
415 399 0:7 / /sys/kernel/debug rw,relatime master:29 - debugfs debugfs 
rw,seclabel
416 388 0:21 / /run rw,nosuid,nodev master:23 - tmpfs tmpfs rw,seclabel,mode=755
417 388 0:36 / /boot rw,relatime master:25 - autofs systemd-1 
rw,fd=33,pgrp=0,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=10774
418 417 202:1 / /boot rw,relatime master:33 - vfat /dev/xvda1 
rw,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro
419 388 0:38 / /media rw,nosuid,nodev,noexec,relatime master:28 - tmpfs tmpfs 
rw,seclabel
420 388 0:39 / /tmp rw,nosuid,nodev master:30 - tmpfs tmpfs rw,seclabel
421 388 202:16 / /var/lib rw,relatime master:218 - ext4 /dev/xvdb 
rw,seclabel,data=ordered
422 421 202:16 /docker/overlay /var/lib/docker/overlay rw,relatime - ext4 
/dev/xvdb rw,seclabel,data=ordered
423 421 202:16 
/mesos/slave/volumes/roles/kubernetes-role/b12a0508-c837-4d89-b1e3-d1400355833c 
/var/lib/mesos/slave/slaves/cbb0007d-bcc7-4fe8-b47d-3d67604a2eb2-S0/frameworks/cbb0007d-bcc7-4fe8-b47d-3d67604a2eb2-0002/executors/kubernetes__etcd__465602c0-ad54-4f46-960e-3a5e8e18f3e8/runs/300d07e7-319d-4642-b9c9-63b9293765fd/data-dir
 rw,relatime master:218 - ext4 /dev/xvdb rw,seclabel,data=ordered
424 421 202:16 
/mesos/slave/volumes/roles/kubernetes-role/a60b4165-e5ee-4847-8437-2a7f78f38c5d 
/var/lib/mesos/slave/slaves/cbb0007d-bcc7-4fe8-b47d-3d67604a2eb2-S0/frameworks/cbb0007d-bcc7-4fe8-b47d-3d67604a2eb2-0002/executors/kubernetes__etcd__465602c0-ad54-4f46-960e-3a5e8e18f3e8/runs/300d07e7-319d-4642-b9c9-63b9293765fd/wal-pv
 rw,relatime master:218 - ext4 /dev/xvdb rw,seclabel,data=ordered
426 396 0:51 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
427 421 0:52 / 
/var/lib/mesos/slave/slaves/cbb0007d-bcc7-4fe8-b47d-3d67604a2eb2-S0/frameworks/cbb0007d-bcc7-4fe8-b47d-3d67604a2eb2-0001/executors/test.bf2fad80-846b-11e8-b5a0-eaa1bec34306/runs/87899f08-53e5-47bf-aba3-712c31c33543/.secret-113d83da-d9ce-4a5f-9565-9179ed8bd94a
 rw,relatime - ramfs ramfs rw


➜  aws  dcos task exec --interactive 
debian.6c333651-846c-11e8-b5a0-eaa1bec34306 /bin/bash
cat /proc/self/cgroup
11:freezer:/mesos/66896178-3726-439f-ac45-6eb025b944fc/mesos/e69b6a82-4c4a-4758-99c8-6afac41ae1a5
10:devices:/mesos/66896178-3726-439f-ac45-6eb025b944fc
9:hugetlb:/mesos/66896178-3726-439f-ac45-6eb025b944fc
8:blkio:/mesos/66896178-3726-439f-ac45-6eb025b944fc
7:cpuset:/mesos/66896178-3726-439f-ac45-6eb025b944fc
6:pids:/mesos/66896178-3726-439f-ac45-6eb025b944fc
5:perf_event:/mesos/66896178-3726-439f-ac45-6eb025b944fc
4:cpu,cpuacct:/mesos/66896178-3726-439f-ac45-6eb025b944fc
3:memory:/mesos/66896178-3726-439f-ac45-6eb025b944fc
2:net_cls,net_prio:/mesos/66896178-3726-439f-ac45-6eb025b944fc
1:name=systemd:/mesos/66896178-3726-439f-ac45-6eb025b944fc/mesos/e69b6a82-4c4a-4758-99c8-6afac41ae1a5

cat /proc/self/mountinfo
466 423 0:51 / / rw,relatime master:148 - overlay overlay 
rw,lowerdir=/tmp/xRzx5s/1:/tmp/xRzx5s/0,upperdir=/var/lib/mesos/slave/provisioner/containers/66896178-3726-439f-ac45-6eb025b944fc/backends/overlay/scratch/704eebdc-1862-4054-9245-2025563a1919/upperdir,workdir=/var/lib/mesos/slave/provisioner/containers/66896178-3726-439f-ac45-6eb025b944fc/backends/overlay/scratch/704eebdc-1862-4054-9245-2025563a1919/workdir
467 466 202:9 /etc/resolv.conf//deleted /etc/resolv.conf 
ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/xvda9 
rw,seclabel,data=ordered
468 466 202:9 /etc/hostname /etc/hostname ro,nosuid,nodev,noexec,relatime 
master:1 - ext4 /dev/xvda9 rw,seclabel,data=ordered
469 466 202:9 /etc/hosts /etc/hosts ro,nosuid,nodev,noexec,relatime master:1 - 
ext4 /dev/xvda9 rw,seclabel,data=ordered
470 466 202:16 
/mesos/slave/slaves/cbb0007d-bcc7-4fe8-b47d-3d67604a2eb2-S1/frameworks/cbb0007d-bcc7-4fe8-b47d-3d67604a2eb2-0001/executors/debian.6c333651-846c-11e8-b5a0-eaa1bec34306/runs/66896178-3726-439f-ac45-6eb025b944fc
 /mnt/mesos/sandbox rw,relatime master:218 - ext4 /dev/xvdb 
rw,seclabel,data=ordered
471 466 0:52 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
472 471 0:52 /bus /proc/bus ro,nosuid,nodev,noexec,relatime - proc proc rw
473 471 0:52 /fs /proc/fs ro,nosuid,nodev,noexec,relatime - proc proc rw
474 471 0:52 /irq /proc/irq ro,nosuid,nodev,noexec,relatime - proc proc rw
475 471 0:52 /sys /proc/sys ro,nosuid,nodev,noexec,relatime - proc proc rw
476 471 0:52 /sysrq-trigger /proc/sysrq-trigger ro,nosuid,nodev,noexec,relatime 
- proc proc rw
477 466 0:18 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs rw,seclabel
478 477 0:54 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs 
rw,seclabel,mode=755
479 466 0:55 / /dev rw,nosuid,noexec - tmpfs tmpfs rw,seclabel,mode=755
480 479 0:56 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts 
rw,seclabel,mode=600,ptmxmode=666
481 479 0:57 / /dev/shm rw,nosuid,nodev - tmpfs tmpfs rw,seclabel
482 478 0:31 /mesos/66896178-3726-439f-ac45-6eb025b944fc /sys/fs/cgroup/blkio 
rw,nosuid,nodev,noexec,relatime master:17 - cgroup cgroup rw,blkio
483 478 0:27 /mesos/66896178-3726-439f-ac45-6eb025b944fc 
/sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime master:13 - cgroup 
cgroup rw,cpu,cpuacct
484 478 0:30 /mesos/66896178-3726-439f-ac45-6eb025b944fc /sys/fs/cgroup/cpuset 
rw,nosuid,nodev,noexec,relatime master:16 - cgroup cgroup rw,cpuset
485 478 0:33 /mesos/66896178-3726-439f-ac45-6eb025b944fc /sys/fs/cgroup/devices 
rw,nosuid,nodev,noexec,relatime master:19 - cgroup cgroup rw,devices
486 478 0:32 /mesos/66896178-3726-439f-ac45-6eb025b944fc /sys/fs/cgroup/hugetlb 
rw,nosuid,nodev,noexec,relatime master:18 - cgroup cgroup rw,hugetlb
487 478 0:26 /mesos/66896178-3726-439f-ac45-6eb025b944fc /sys/fs/cgroup/memory 
rw,nosuid,nodev,noexec,relatime master:12 - cgroup cgroup rw,memory
488 478 0:25 /mesos/66896178-3726-439f-ac45-6eb025b944fc 
/sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime master:11 - 
cgroup cgroup rw,net_cls,net_prio
489 478 0:28 /mesos/66896178-3726-439f-ac45-6eb025b944fc 
/sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime master:14 - cgroup 
cgroup rw,perf_event
490 478 0:29 /mesos/66896178-3726-439f-ac45-6eb025b944fc /sys/fs/cgroup/pids 
rw,nosuid,nodev,noexec,relatime master:15 - cgroup cgroup rw,pids
{noformat}

The first one is a task without image, the second one is a task using debian 
image. So any app relies on systemd and freezer cgroup would may fail:
{noformat}
returned error: cgroups: cannot find cgroup mount destination: unknown 
./docker/docker: Error response from daemon: cgroups: cannot find cgroup mount 
destination: unknown.
{noformal}

So, we should consider add systemd and freezer cgroup bind mount at the cgroup 
isolator and make a *NOTE* for this behavior.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (MESOS-9070) Support systemd and freezer cgroup subsystems bind mount for container with rootfs.

Reply via email to