Fix setting swaplimit=true without checking memory.swap.max by jmguzik · Pull Request #42071 · moby/moby

jmguzik · 2021-02-24T23:26:44Z

- What I did
fixes #41926

- How I did it
Added one condition to moby/pkg/sysinfo/cgroup2_linux.go

- How to verify it
Actually, I wanted to create unit tests for this one. The problem is certain files must be present on FS, so I see 2 solutions:

use mocks (of os.Stat for example)
since part of the path is passed as an argument, choose a different dir for tests (eg /tmp?)

I do not know what is the common practice in the project (1st PR), so I decided just to simply open a PR and ask.

- Description for the changelog

Fixes setting swaplimit=true without checking memory.swap.max

- A picture of a cute animal (not mandatory but encouraged)
Another time :)

jmguzik · 2021-02-24T23:28:28Z

cc @AkihiroSuda as issue author

AkihiroSuda

Please see the comment

AkihiroSuda

Thanks, but we need to support dind case (g="/", in a cgroup namespace)

AkihiroSuda

LGTM, thanks

jmguzik · 2021-03-01T21:43:02Z

I feel ci problems are not related to this issue, but anyway, rebase?

thaJeztah · 2021-03-02T17:10:14Z

restarted CI

jmguzik · 2021-03-16T22:25:03Z

@thaJeztah @AkihiroSuda how the situation looks like with this change? CI failures are unrelated.

AkihiroSuda · 2021-04-07T04:54:54Z

@thaJeztah PTAL?

AkihiroSuda · 2021-04-27T08:03:47Z

ping @thaJeztah @tiborvass @cpuguy83

cpuguy83

LGTM

AkihiroSuda · 2021-05-28T17:30:28Z

s390x failures are unrelated.
Merging.
https://ci-next.docker.com/public/blue/organizations/jenkins/moby/detail/PR-42071/16/tests

AkihiroSuda · 2021-05-28T17:31:44Z

CI seems to have to be green 😞

@thaJeztah Can we relax "Merging is blocked" restriction?

AkihiroSuda · 2021-06-01T10:08:01Z

@jmguzik Could you rebase? It will perhaps make Ci green.

Signed-off-by: Jakub Guzik <[email protected]>

thaJeztah · 2021-06-05T12:33:23Z

I kicked CI

Failures:

TestConcurrencyNoWait tracked by #42458

=== RUN   TestConcurrencyNoWait
--- FAIL: TestConcurrencyNoWait (0.13s)
    iptables_test.go:217:  (iptables failed: iptables -t nat -A DOCKEREST -p tcp -d 192.168.1.1 --dport 1234 -j DNAT --to-destination 172.17.0.1:4321 ! -i lo: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
         (exit status 4))

TestNetworkDBIslands tracked by #42459

=== RUN   TestNetworkDBIslands
...
networkdb_test.go:864: timeout hit after 2m0s: node5:Waiting for all nodes to cleanly leave, left: 2, failed nodes: 1

TestPortMappingV6Config: created tracking issue #42468

=== RUN   TestPortMappingV6Config
time="2021-06-04T05:10:59Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: , error: exec: \"modprobe\": executable file not found in $PATH"
time="2021-06-04T05:10:59Z" level=warning msg="running inside docker container, ignoring missing kernel params: open /proc/sys/net/bridge/bridge-nf-call-iptables: no such file or directory"
time="2021-06-04T05:10:59Z" level=warning msg="bridge store not initialized. kv object docker/network/v1.0/bridge/dummy/ is not added to the store"
time="2021-06-04T05:10:59Z" level=warning msg="bridge store not initialized. kv object docker/network/v1.0/bridge-endpoint/ep1/ is not added to the store"
time="2021-06-04T05:11:00Z" level=warning msg="bridge store not initialized. kv object docker/network/v1.0/bridge-endpoint/ep1/ is not added to the store"
--- FAIL: TestPortMappingV6Config (0.92s)
    port_mapping_test.go:157: Failed to store the port bindings into the sandbox info. Found: [{udp 172.19.0.11 400 0.0.0.0 54000 54000} {tcp 172.19.0.11 500 0.0.0.0 65000 65000} {sctp 172.19.0.11 500 0.0.0.0 65000 65000}]

thaJeztah

LGTM (sorry, looks like I forgot to submit)

I created #42452 to discuss/track follow-ups on the libcontainer/cgroups discussion

thaJeztah · 2021-06-05T15:01:31Z

All green, except for the TestNetworkDBIslands test, which is known to be flaky; merging this one; thanks!

AkihiroSuda · 2021-06-07T08:29:09Z

Cherry-pick: #42479

AkihiroSuda reviewed Feb 25, 2021

View reviewed changes