allow customized cgroup-parent for runcexecutor

Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-08-18 23:05:26 -07:00 · 2018-08-18 23:05:26 -07:00 · b0677e7ef1
parent 277037a77f
commit b0677e7ef1
3 changed files with 31 additions and 2 deletions
--- a/executor/containerdexecutor/executor.go
+++ b/executor/containerdexecutor/executor.go
@ -3,6 +3,8 @@ package containerdexecutor
 import (
 	"context"
 	"io"
+	"path/filepath"
+	"strings"
 	"syscall"
 	"time"

@ -26,13 +28,15 @@ type containerdExecutor struct {
 	client           *containerd.Client
 	root             string
 	networkProviders map[pb.NetMode]network.Provider
+	cgroupParent     string
 }

-func New(client *containerd.Client, root string, networkProviders map[pb.NetMode]network.Provider) executor.Executor {
+func New(client *containerd.Client, root, cgroup string, networkProviders map[pb.NetMode]network.Provider) executor.Executor {
 	return containerdExecutor{
 		client:           client,
 		root:             root,
 		networkProviders: networkProviders,
+		cgroupParent:     cgroup,
 	}
 }

@ -100,6 +104,16 @@ func (w containerdExecutor) Exec(ctx context.Context, meta executor.Meta, root c
 	if system.SeccompSupported() {
 		opts = append(opts, seccomp.WithDefaultProfile())
 	}
+	if w.cgroupParent != "" {
+		var cgroupsPath string
+		lastSeparator := w.cgroupParent[len(w.cgroupParent)-1:]
+		if strings.Contains(w.cgroupParent, ".slice") && lastSeparator == ":" {
+			cgroupsPath = w.cgroupParent + id
+		} else {
+			cgroupsPath = filepath.Join("/", w.cgroupParent, "buildkit", id)
+		}
+		opts = append(opts, containerdoci.WithCgroup(cgroupsPath))
+	}
 	spec, cleanup, err := oci.GenerateSpec(ctx, meta, mounts, id, resolvConf, hostsFile, namespace, opts...)
 	if err != nil {
 		return err
--- a/executor/runcexecutor/executor.go
+++ b/executor/runcexecutor/executor.go
@ -36,6 +36,8 @@ type Opt struct {
 	CommandCandidates []string
 	// without root privileges (has nothing to do with Opt.Root directory)
 	Rootless bool
+	// DefaultCgroupParent is the cgroup-parent name for executor
+	DefaultCgroupParent string
 }

 var defaultCommandCandidates = []string{"buildkit-runc", "runc"}
@ -44,6 +46,7 @@ type runcExecutor struct {
 	runc             *runc.Runc
 	root             string
 	cmd              string
+	cgroupParent     string
 	rootless         bool
 	networkProviders map[pb.NetMode]network.Provider
 }
@ -94,6 +97,7 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex
 	w := &runcExecutor{
 		runc:             runtime,
 		root:             root,
+		cgroupParent:     opt.DefaultCgroupParent,
 		rootless:         opt.Rootless,
 		networkProviders: networkProviders,
 	}
@ -173,6 +177,17 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
 	if meta.ReadonlyRootFS {
 		opts = append(opts, containerdoci.WithRootFSReadonly())
 	}
+
+	if w.cgroupParent != "" {
+		var cgroupsPath string
+		lastSeparator := w.cgroupParent[len(w.cgroupParent)-1:]
+		if strings.Contains(w.cgroupParent, ".slice") && lastSeparator == ":" {
+			cgroupsPath = w.cgroupParent + id
+		} else {
+			cgroupsPath = filepath.Join("/", w.cgroupParent, "buildkit", id)
+		}
+		opts = append(opts, containerdoci.WithCgroup(cgroupsPath))
+	}
 	spec, cleanup, err := oci.GenerateSpec(ctx, meta, mounts, id, resolvConf, hostsFile, namespace, opts...)
 	if err != nil {
 		return err
--- a/worker/containerd/containerd.go
+++ b/worker/containerd/containerd.go
@ -108,7 +108,7 @@ func newContainerd(root string, client *containerd.Client, snapshotterName strin
 		ID:            id,
 		Labels:        xlabels,
 		MetadataStore: md,
-		Executor:      containerdexecutor.New(client, root, network.Default()),
+		Executor:      containerdexecutor.New(client, root, "", network.Default()),
 		Snapshotter:   containerdsnapshot.NewSnapshotter(client.SnapshotService(snapshotterName), cs, md, "buildkit", gc),
 		ContentStore:  cs,
 		Applier:       winlayers.NewFileSystemApplierWithWindows(cs, df),