Skip to content

rootless: support --exec-opt native.cgroupdriver=systemd#40486

Merged
cpuguy83 merged 1 commit intomoby:masterfrom
AkihiroSuda:rootless-cgroup2-systemd
Mar 3, 2020
Merged

rootless: support --exec-opt native.cgroupdriver=systemd#40486
cpuguy83 merged 1 commit intomoby:masterfrom
AkihiroSuda:rootless-cgroup2-systemd

Conversation

@AkihiroSuda
Copy link
Member

@AkihiroSuda AkihiroSuda commented Feb 10, 2020
edited
Loading

- What I did

Support rootless cgroup.

Requires cgroup v2 host with crun.
Tested with Ubuntu 19.10 (kernel 5.3, systemd 242), crun v0.12.1.

- How I did it

Using systemd.

- How to verify it

  • Install Ubuntu 19.10
  • Install containerd master
  • Install crun v0.12.1
  • Add systemd.unified_cgroup_hierarchy=1 to the kernel cmdline
  • (Optional) To enable the CPU controller:
$ cat > /etc/systemd/system/[email protected]/foo.conf << EOF
[Service]
# default: Delegate=pids memory
Delegate=pids memory cpu
EOF

Start a daemon:

$ dockerd-rootless.sh \
  --experimental \
  --exec-opt native.cgroupdriver=systemd \
  --add-runtime crun=crun \
  --default-runtime=crun

Verify:

$ export DOCKER_HOST=unix:///run/user/1001/docker.sock

$ docker  run -d --memory 32M --cpus 0.5 nginx:alpine
71500664473ea71aff8360ba31db7eaee4b11fba19c4fdd467ceaa49c2fef7e0


$ cat /sys/fs/cgroup/user.slice/user-1001.slice/[email protected]/user.slice/docker-71500664473ea71aff8360ba31db7eaee4b11fba19c4fdd467ceaa49c2fef7e0.scope/memory.max 
33554432

$ cat /sys/fs/cgroup/user.slice/user-1001.slice/[email protected]/user.slice/docker-71500664473ea71aff8360ba31db7eaee4b11fba19c4fdd467ceaa49c2fef7e0.scope/cpu.max 
50000 100000

- Description for the changelog

rootless: support --exec-opt native.cgroupdriver=systemd

- A picture of a cute animal (not mandatory but encouraged)
🐧

This was referenced Feb 10, 2020
Closed
Closed
@AkihiroSuda AkihiroSuda added area/rootless Rootless Mode impact/changelog kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. labels Feb 10, 2020
@AkihiroSuda
Copy link
Member Author

AkihiroSuda commented Feb 10, 2020

cc @giuseppe FYI for Podman compatibility

AkihiroSuda
AkihiroSuda commented Feb 10, 2020
View reviewed changes
@AkihiroSuda AkihiroSuda mentioned this pull request Feb 10, 2020
Closed
@AkihiroSuda AkihiroSuda force-pushed the rootless-cgroup2-systemd branch from 805d1cb to c94f869 Compare February 14, 2020 06:28
@AkihiroSuda
rootless: support --exec-opt native.cgroupdriver=systemd
ca4b518 
Support cgroup as in Rootless Podman.

Requires cgroup v2 host with crun.
Tested with Ubuntu 19.10 (kernel 5.3, systemd 242), crun v0.12.1.

Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda AkihiroSuda force-pushed the rootless-cgroup2-systemd branch from c94f869 to ca4b518 Compare February 14, 2020 06:32
@AkihiroSuda AkihiroSuda requested a review from tianon as a code owner February 14, 2020 06:32
@AkihiroSuda
Copy link
Member Author

AkihiroSuda commented Feb 18, 2020

@tonistiigi PTAL?

tonistiigi
tonistiigi reviewed Feb 18, 2020
View reviewed changes
Copy link
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM

@AkihiroSuda
Copy link
Member Author

AkihiroSuda commented Feb 24, 2020

@thaJeztah PTAL?

cpuguy83
cpuguy83 approved these changes Feb 25, 2020
View reviewed changes
Copy link
Member

@cpuguy83 cpuguy83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@AkihiroSuda
Copy link
Member Author

AkihiroSuda commented Mar 2, 2020

@tonistiigi LGTY?

@cpuguy83 cpuguy83 merged commit 76e3a49 into moby:master Mar 3, 2020
@AkihiroSuda
Copy link
Member Author

AkihiroSuda commented Apr 1, 2020

PR for runc: opencontainers/runc#2281

@thaJeztah thaJeztah added this to the 20.03.0 milestone Apr 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

@cpuguy83 cpuguy83 cpuguy83 approved these changes

@tianon tianon Awaiting requested review from tianon tianon is a code owner

Assignees

No one assigned

Labels

area/rootless Rootless Mode impact/changelog kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. status/2-code-review

Projects

None yet

Milestone

20.10.0

Development

Successfully merging this pull request may close these issues.

4 participants

@AkihiroSuda @tonistiigi @cpuguy83 @thaJeztah