From aff3a6198e4a7fbca89996ddc4cb69b63f05121c Mon Sep 17 00:00:00 2001 From: utam0k Date: Tue, 19 Apr 2022 02:37:58 +0000 Subject: [PATCH 1/2] ws-daemon: align to decide if cgroup v2. --- components/ws-daemon/pkg/iws/iws.go | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/components/ws-daemon/pkg/iws/iws.go b/components/ws-daemon/pkg/iws/iws.go index deb2f7e4a82592..2c8d2f3cd3e030 100644 --- a/components/ws-daemon/pkg/iws/iws.go +++ b/components/ws-daemon/pkg/iws/iws.go @@ -19,7 +19,6 @@ import ( "syscall" "time" - "github.com/containerd/cgroups" "github.com/opentracing/opentracing-go" "golang.org/x/sys/unix" "golang.org/x/time/rate" @@ -28,6 +27,7 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + "github.com/gitpod-io/gitpod/common-go/cgroups" "github.com/gitpod-io/gitpod/common-go/log" "github.com/gitpod-io/gitpod/common-go/tracing" wsinit "github.com/gitpod-io/gitpod/content-service/pkg/initializer" @@ -287,7 +287,12 @@ func (wbs *InWorkspaceServiceServer) PrepareForUserNS(ctx context.Context, req * return nil, status.Errorf(codes.Internal, "cannot mount shiftfs mark") } - if cgroups.Mode() == cgroups.Unified { + unified, err := cgroups.IsUnifiedCgroupSetup() + if err != nil { + return nil, status.Errorf(codes.FailedPrecondition, "could not determine cgroup setup") + } + + if unified { cgroupBase, err := rt.ContainerCGroupPath(ctx, wscontainerID) if err != nil { log.WithError(err).WithFields(wbs.Session.OWI()).Error("cannot find workspace container CGroup path") @@ -889,7 +894,11 @@ func (wbs *InWorkspaceServiceServer) WriteIDMapping(ctx context.Context, req *ap // └── workspace drwxr-xr-x 5 gitpodUid gitpodGid // └── user drwxr-xr-x 5 gitpodUid gitpodGid func (wbs *InWorkspaceServiceServer) EvacuateCGroup(ctx context.Context, req *api.EvacuateCGroupRequest) (*api.EvacuateCGroupResponse, error) { - if cgroups.Mode() != cgroups.Unified { + unified, err := cgroups.IsUnifiedCgroupSetup() + if err != nil { + return nil, status.Errorf(codes.FailedPrecondition, "could not determine cgroup setup") + } + if unified { return &api.EvacuateCGroupResponse{}, nil } From 86f2c456a9e41cdb2ec365649da217dd91973bc4 Mon Sep 17 00:00:00 2001 From: Thomas Schubart Date: Tue, 19 Apr 2022 17:22:53 +0000 Subject: [PATCH 2/2] Evacuate cgroup with both shift methods --- components/ws-daemon/pkg/iws/iws.go | 58 ++++++++++++++++++++--------- 1 file changed, 41 insertions(+), 17 deletions(-) diff --git a/components/ws-daemon/pkg/iws/iws.go b/components/ws-daemon/pkg/iws/iws.go index 2c8d2f3cd3e030..54ae4f471c9a3a 100644 --- a/components/ws-daemon/pkg/iws/iws.go +++ b/components/ws-daemon/pkg/iws/iws.go @@ -263,6 +263,11 @@ func (wbs *InWorkspaceServiceServer) PrepareForUserNS(ctx context.Context, req * } log.WithFields(wbs.Session.OWI()).WithField("configuredShift", wbs.FSShift).WithField("fwb", wbs.Session.FullWorkspaceBackup).Info("fs-shift using fuse") + + if err := wbs.createWorkspaceCgroup(ctx, wscontainerID); err != nil { + return nil, err + } + return &api.PrepareForUserNSResponse{ FsShift: api.FSShiftMethod_FUSE, FullWorkspaceBackup: wbs.Session.FullWorkspaceBackup, @@ -287,29 +292,46 @@ func (wbs *InWorkspaceServiceServer) PrepareForUserNS(ctx context.Context, req * return nil, status.Errorf(codes.Internal, "cannot mount shiftfs mark") } + if err := wbs.createWorkspaceCgroup(ctx, wscontainerID); err != nil { + return nil, err + } + + return &api.PrepareForUserNSResponse{ + FsShift: api.FSShiftMethod_SHIFTFS, + FullWorkspaceBackup: wbs.Session.FullWorkspaceBackup, + }, nil +} + +func (wbs *InWorkspaceServiceServer) createWorkspaceCgroup(ctx context.Context, wscontainerID container.ID) error { + rt := wbs.Uidmapper.Runtime + if rt == nil { + return status.Errorf(codes.FailedPrecondition, "not connected to container runtime") + } + unified, err := cgroups.IsUnifiedCgroupSetup() if err != nil { - return nil, status.Errorf(codes.FailedPrecondition, "could not determine cgroup setup") + // log error and do not expose it to the user + log.WithError(err).Error("could not determine cgroup setup") + return status.Errorf(codes.FailedPrecondition, "could not determine cgroup setup") } - if unified { - cgroupBase, err := rt.ContainerCGroupPath(ctx, wscontainerID) - if err != nil { - log.WithError(err).WithFields(wbs.Session.OWI()).Error("cannot find workspace container CGroup path") - return nil, status.Errorf(codes.NotFound, "cannot find workspace container cgroup") - } + if !unified { + return nil + } - err = evacuateToCGroup(ctx, wbs.CGroupMountPoint, cgroupBase, "workspace") - if err != nil { - log.WithError(err).WithFields(wbs.Session.OWI()).Error("cannot create workspace cgroup") - return nil, status.Errorf(codes.FailedPrecondition, "cannot create workspace cgroup") - } + cgroupBase, err := rt.ContainerCGroupPath(ctx, wscontainerID) + if err != nil { + log.WithError(err).WithFields(wbs.Session.OWI()).Error("cannot find workspace container CGroup path") + return status.Errorf(codes.NotFound, "cannot find workspace container cgroup") } - return &api.PrepareForUserNSResponse{ - FsShift: api.FSShiftMethod_SHIFTFS, - FullWorkspaceBackup: wbs.Session.FullWorkspaceBackup, - }, nil + err = evacuateToCGroup(ctx, wbs.CGroupMountPoint, cgroupBase, "workspace") + if err != nil { + log.WithError(err).WithFields(wbs.Session.OWI()).Error("cannot create workspace cgroup") + return status.Errorf(codes.FailedPrecondition, "cannot create workspace cgroup") + } + + return nil } func (wbs *InWorkspaceServiceServer) SetupPairVeths(ctx context.Context, req *api.SetupPairVethsRequest) (*api.SetupPairVethsResponse, error) { @@ -896,9 +918,11 @@ func (wbs *InWorkspaceServiceServer) WriteIDMapping(ctx context.Context, req *ap func (wbs *InWorkspaceServiceServer) EvacuateCGroup(ctx context.Context, req *api.EvacuateCGroupRequest) (*api.EvacuateCGroupResponse, error) { unified, err := cgroups.IsUnifiedCgroupSetup() if err != nil { + // log error and do not expose it to the user + log.WithError(err).Error("could not determine cgroup setup") return nil, status.Errorf(codes.FailedPrecondition, "could not determine cgroup setup") } - if unified { + if !unified { return &api.EvacuateCGroupResponse{}, nil }