Google Git
Sign in
apache / mesos / refs/heads/master / . / src / slave / containerizer / mesos / isolators / cgroups2 / cgroups2.hpp
blob: 9d58b9e7f9fa6356c0b4810e942ce0e5be694f5d [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef __CGROUPS_V2_ISOLATOR_HPP__
#define __CGROUPS_V2_ISOLATOR_HPP__
#include <string>
#include <vector>
#include <process/future.hpp>
#include <process/owned.hpp>
#include <stout/nothing.hpp>
#include <stout/hashmap.hpp>
#include <stout/try.hpp>
#include "slave/containerizer/mesos/isolator.hpp"
#include "slave/containerizer/mesos/isolators/cgroups2/controller.hpp"
#include "slave/flags.hpp"
namespace mesos {
namespace internal {
namespace slave {
// Cgroups v2 Mesos isolator.
//
// Manages the cgroup v2 controllers that are used by containers. Each
// container is associated with two cgroups: a non-leaf cgroup whose control
// files are updated and a leaf cgroup where the container's processes lives.
// The container pid cannot live in the non-leaf cgroup because of the cgroups
// v2 internal process constraint:
//
// https://docs.kernel.org/admin-guide/cgroup-v2.html#no-internal-process-constraint // NOLINT
//
// Example cgroups:
// containerA non-leaf cgroup
// / \ / \
// processes containerB leaf cgroup non-leaf child cgroup
// | |
// processes leaf-cgroup
//
// TODO(dleamy): Nested containers are not yet supported.
class Cgroups2IsolatorProcess : public MesosIsolatorProcess
{
public:
static Try<mesos::slave::Isolator*> create(const Flags& flags);
~Cgroups2IsolatorProcess() override;
bool supportsNesting() override;
bool supportsStandalone() override;
process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
const ContainerID& containerId,
const mesos::slave::ContainerConfig& containerConfig) override;
process::Future<Nothing> recover(
const std::vector<mesos::slave::ContainerState>& states,
const hashset<ContainerID>& orphans) override;
process::Future<Nothing> isolate(
const ContainerID& containerId,
pid_t pid) override;
process::Future<Nothing> update(
const ContainerID& containerId,
const Resources& resourceRequests,
const google::protobuf::Map<
std::string, Value::Scalar>& resourceLimits = {}) override;
process::Future<ResourceStatistics> usage(
const ContainerID& containerId) override;
process::Future<ContainerStatus> status(
const ContainerID& containerId) override;
process::Future<Nothing> cleanup(const ContainerID& containerId) override;
private:
struct Info
{
Info(const ContainerID& containerId,
const std::string& cgroup,
const std::string& cgroup_leaf)
: containerId(containerId), cgroup(cgroup), cgroup_leaf(cgroup_leaf) {}
const ContainerID containerId;
// Non-leaf cgroup for the container. Control files in this cgroup are
// updated to set resource constraints on this and descendant
// containers. Processes should not be assigned to this cgroup.
const std::string cgroup;
const std::string cgroup_leaf;
// Names of the controllers which are prepared for the container.
hashset<std::string> controllers;
};
Cgroups2IsolatorProcess(
const Flags& flags,
const hashmap<std::string, process::Owned<Controller>>& controllers);
process::Future<Option<mesos::slave::ContainerLaunchInfo>> _prepare(
const ContainerID& containerId,
const mesos::slave::ContainerConfig& containerConfig,
const std::vector<process::Future<Nothing>>& futures);
process::Future<Option<mesos::slave::ContainerLaunchInfo>> __prepare(
const ContainerID& containerId,
const mesos::slave::ContainerConfig& containerConfig);
process::Future<Nothing> _recover(
const hashset<ContainerID>& orphans,
const std::vector<process::Future<Nothing>>& futures);
process::Future<Nothing> __recover(
const hashset<ContainerID>& unknownOrphans,
const std::vector<process::Future<Nothing>>& futures);
process::Future<Nothing> ___recover(
const ContainerID& containerId);
process::Future<Nothing> ____recover(
const ContainerID& containerId,
const hashset<std::string>& recoveredSubsystems,
const std::vector<process::Future<Nothing>>& futures);
process::Future<Nothing> _isolate(
const std::vector<process::Future<Nothing>>& futures,
const ContainerID& containerId,
pid_t pid);
process::Future<Nothing> _update(
const std::vector<process::Future<Nothing>>& futures);
process::Future<Nothing> _cleanup(
const ContainerID& containerId,
const std::vector<process::Future<Nothing>>& futures);
process::Future<Nothing> __cleanup(
const ContainerID& containerId,
const process::Future<Nothing>& future);
process::Owned<Cgroups2IsolatorProcess::Info> cgroupInfo(
const ContainerID& containerId) const;
Flags flags;
// Maps each controller to the `Controller` isolator that manages it.
hashmap<std::string, process::Owned<Controller>> controllers;
// Associates a container with the information to access its controllers.
hashmap<ContainerID, process::Owned<Info>> infos;
};
} // namespace slave {
} // namespace internal {
} // namespace mesos {
#endif