allow customized cgroup-parent for runcexecutor
Signed-off-by: Anda Xu <anda.xu@docker.com>docker-18.09
parent
277037a77f
commit
b0677e7ef1
|
@ -3,6 +3,8 @@ package containerdexecutor
|
|||
import (
|
||||
"context"
|
||||
"io"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
|
@ -26,13 +28,15 @@ type containerdExecutor struct {
|
|||
client *containerd.Client
|
||||
root string
|
||||
networkProviders map[pb.NetMode]network.Provider
|
||||
cgroupParent string
|
||||
}
|
||||
|
||||
func New(client *containerd.Client, root string, networkProviders map[pb.NetMode]network.Provider) executor.Executor {
|
||||
func New(client *containerd.Client, root, cgroup string, networkProviders map[pb.NetMode]network.Provider) executor.Executor {
|
||||
return containerdExecutor{
|
||||
client: client,
|
||||
root: root,
|
||||
networkProviders: networkProviders,
|
||||
cgroupParent: cgroup,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -100,6 +104,16 @@ func (w containerdExecutor) Exec(ctx context.Context, meta executor.Meta, root c
|
|||
if system.SeccompSupported() {
|
||||
opts = append(opts, seccomp.WithDefaultProfile())
|
||||
}
|
||||
if w.cgroupParent != "" {
|
||||
var cgroupsPath string
|
||||
lastSeparator := w.cgroupParent[len(w.cgroupParent)-1:]
|
||||
if strings.Contains(w.cgroupParent, ".slice") && lastSeparator == ":" {
|
||||
cgroupsPath = w.cgroupParent + id
|
||||
} else {
|
||||
cgroupsPath = filepath.Join("/", w.cgroupParent, "buildkit", id)
|
||||
}
|
||||
opts = append(opts, containerdoci.WithCgroup(cgroupsPath))
|
||||
}
|
||||
spec, cleanup, err := oci.GenerateSpec(ctx, meta, mounts, id, resolvConf, hostsFile, namespace, opts...)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
@ -36,6 +36,8 @@ type Opt struct {
|
|||
CommandCandidates []string
|
||||
// without root privileges (has nothing to do with Opt.Root directory)
|
||||
Rootless bool
|
||||
// DefaultCgroupParent is the cgroup-parent name for executor
|
||||
DefaultCgroupParent string
|
||||
}
|
||||
|
||||
var defaultCommandCandidates = []string{"buildkit-runc", "runc"}
|
||||
|
@ -44,6 +46,7 @@ type runcExecutor struct {
|
|||
runc *runc.Runc
|
||||
root string
|
||||
cmd string
|
||||
cgroupParent string
|
||||
rootless bool
|
||||
networkProviders map[pb.NetMode]network.Provider
|
||||
}
|
||||
|
@ -94,6 +97,7 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex
|
|||
w := &runcExecutor{
|
||||
runc: runtime,
|
||||
root: root,
|
||||
cgroupParent: opt.DefaultCgroupParent,
|
||||
rootless: opt.Rootless,
|
||||
networkProviders: networkProviders,
|
||||
}
|
||||
|
@ -173,6 +177,17 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
|
|||
if meta.ReadonlyRootFS {
|
||||
opts = append(opts, containerdoci.WithRootFSReadonly())
|
||||
}
|
||||
|
||||
if w.cgroupParent != "" {
|
||||
var cgroupsPath string
|
||||
lastSeparator := w.cgroupParent[len(w.cgroupParent)-1:]
|
||||
if strings.Contains(w.cgroupParent, ".slice") && lastSeparator == ":" {
|
||||
cgroupsPath = w.cgroupParent + id
|
||||
} else {
|
||||
cgroupsPath = filepath.Join("/", w.cgroupParent, "buildkit", id)
|
||||
}
|
||||
opts = append(opts, containerdoci.WithCgroup(cgroupsPath))
|
||||
}
|
||||
spec, cleanup, err := oci.GenerateSpec(ctx, meta, mounts, id, resolvConf, hostsFile, namespace, opts...)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
@ -108,7 +108,7 @@ func newContainerd(root string, client *containerd.Client, snapshotterName strin
|
|||
ID: id,
|
||||
Labels: xlabels,
|
||||
MetadataStore: md,
|
||||
Executor: containerdexecutor.New(client, root, network.Default()),
|
||||
Executor: containerdexecutor.New(client, root, "", network.Default()),
|
||||
Snapshotter: containerdsnapshot.NewSnapshotter(client.SnapshotService(snapshotterName), cs, md, "buildkit", gc),
|
||||
ContentStore: cs,
|
||||
Applier: winlayers.NewFileSystemApplierWithWindows(cs, df),
|
||||
|
|
Loading…
Reference in New Issue