[prev in list] [next in list] [prev in thread] [next in thread]
List: mesos-commits
Subject: (mesos) branch master updated: [cgroups2] Introduce cgroups v2 isolator process.
From: bmahler () apache ! org
Date: 2024-03-26 21:48:51
Message-ID: 171148973181.348126.14610443029223792360 () gitbox2-he-fi ! apache ! org
[Download RAW message or body]
This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
The following commit(s) were added to refs/heads/master by this push:
new 4837d745a [cgroups2] Introduce cgroups v2 isolator process.
4837d745a is described below
commit 4837d745ad9823a4b5fa5d66153db2eb08d6f8f0
Author: Devin Leamy <dleamy@twitter.com>
AuthorDate: Mon Mar 25 21:31:33 2024 +0000
[cgroups2] Introduce cgroups v2 isolator process.
Introduces `Cgroups2IsolatorProcess`, a new isolator process which
uses cgroups v2. Cgroups v2 equivalent of `CgroupsIsolatorProcess`.
We introduce a new class, rather than adapting the existing
`CgroupsIsolatorProcess`, because the two isolators need to behave
markedly differently.
Specifically, the v1 isolator:
- Maintains a mapping from the cgroup hierarchy where a controller is
mounted to the `Subsystem` that manages it.
- Mounts cgroups hierarchies for subsystems, as they are required.
- Performs (virtually) all cgroups operations taking into account which
hierarchy a subsystem and container is a member of.
all of which are not relevant in the context of cgroups v2's unified
hierarchy.
---
src/Makefile.am | 4 +-
.../mesos/isolators/cgroups2/cgroups2.cpp | 65 ++++++++++++++++++++++
.../mesos/isolators/cgroups2/cgroups2.hpp | 59 ++++++++++++++++++++
3 files changed, 127 insertions(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 6135a2864..d11fb8aa8 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1494,7 +1494,9 @@ MESOS_LINUX_FILES += \
linux/cgroups2.cpp \
linux/cgroups2.hpp \
linux/ebpf.cpp \
- linux/ebpf.hpp
+ linux/ebpf.hpp \
+ slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp \
+ slave/containerizer/mesos/isolators/cgroups2/cgroups2.hpp
endif
if ENABLE_SECCOMP_ISOLATOR
diff --git a/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp \
b/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp new file mode 100644
index 000000000..2e8a80a51
--- /dev/null
+++ b/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp
@@ -0,0 +1,65 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "slave/containerizer/mesos/isolators/cgroups2/cgroups2.hpp"
+
+#include <string>
+
+#include <process/id.hpp>
+
+using mesos::slave::Isolator;
+
+using process::Owned;
+
+using std::string;
+
+namespace mesos {
+namespace internal {
+namespace slave {
+
+Cgroups2IsolatorProcess::Cgroups2IsolatorProcess(
+ const hashmap<string, Owned<Subsystem>>& _subsystems)
+ : ProcessBase(process::ID::generate("cgroups2-isolator")),
+ subsystems(_subsystems) {}
+
+
+Cgroups2IsolatorProcess::~Cgroups2IsolatorProcess() {}
+
+
+Try<Isolator*> Cgroups2IsolatorProcess::create(const Flags& flags)
+{
+ hashmap<string, Owned<Subsystem>> subsystems;
+
+ Owned<MesosIsolatorProcess> process(new Cgroups2IsolatorProcess(subsystems));
+ return new MesosIsolator(process);
+}
+
+
+bool Cgroups2IsolatorProcess::supportsNesting()
+{
+ // TODO(dleamy): Update this once cgroups v2 supports nested containers.
+ return false;
+}
+
+
+bool Cgroups2IsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+} // namespace slave {
+} // namespace internal {
+} // namespace mesos {
diff --git a/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.hpp \
b/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.hpp new file mode 100644
index 000000000..54d18a484
--- /dev/null
+++ b/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.hpp
@@ -0,0 +1,59 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __CGROUPS_V2_ISOLATOR_HPP__
+#define __CGROUPS_V2_ISOLATOR_HPP__
+
+#include <string>
+
+#include <process/owned.hpp>
+
+#include <stout/hashmap.hpp>
+#include <stout/hashset.hpp>
+#include <stout/try.hpp>
+
+#include "slave/containerizer/mesos/isolator.hpp"
+#include "slave/containerizer/mesos/isolators/cgroups/subsystem.hpp"
+#include "slave/flags.hpp"
+
+namespace mesos {
+namespace internal {
+namespace slave {
+
+class Cgroups2IsolatorProcess : public MesosIsolatorProcess
+{
+public:
+ static Try<mesos::slave::Isolator*> create(const Flags& flags);
+
+ ~Cgroups2IsolatorProcess() override;
+
+ bool supportsNesting() override;
+
+ bool supportsStandalone() override;
+
+private:
+ Cgroups2IsolatorProcess(
+ const hashmap<std::string, process::Owned<Subsystem>>& _subsystems);
+
+ // Maps each subsystems to the `Subsystem` isolator that manages it.
+ const hashmap<std::string, process::Owned<Subsystem>> subsystems;
+};
+
+} // namespace slave {
+} // namespace internal {
+} // namespace mesos {
+
+#endif
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic