config-linux: clarify cgroup requirements

[cyphar]

This helps clear up some of the vagueness around cgroupsPath in the spec. It's
loosely modeled on what runC does (as well as allowing for custom cgroup
managers in runtimes). I also updated the cgroup section to make it clear that
lazy cgroup setup (where you only attach to the bare minimum of requested
cgroups) is allowed under the spec. This all originated from an IRC discussion
on #opencontainers.

This possibly obsoletes #270 (although that has some renaming going on).

Signed-off-by: Aleksa Sarai [email protected]

/cc @opencontainers/runtime-spec-maintainers @wking

[vishh]

nit: What does resulting cgroup path mean in this context? Did you mean relative to the cgroups of the runtime process?

[cyphar]

I'm trying to make it not-too restrictive. There's no reason that a runtime has to make it relative to the cgroups of the runtime process. "Should be the suffix" means that it should be the last component in the path (but component is the wrong word since it can container /).

[wking]

On Wed, Jun 08, 2016 at 10:07:28PM -0700, Aleksa Sarai wrote:

+* ... a relative path (not starting with /), implementations SHOULD take the value to be the suffix of the resulting cgroup path.

I'm trying to make it not-too restrictive. There's no reason that a
runtime has to make it relative to the cgroups of the runtime
process. "Should be the suffix" means that it should be the last
component in the path (but component is the wrong word since it can
container /).

How about:

… MAY interpret the path relative to a runtime-determined location
in the cgroup hierarchy.

[cyphar]

I prefer SHOULD, since I believe a runtime should have a good reason for it to not do that way. But yes, I like that wording better.

[wking]

On Thu, Jun 09, 2016 at 05:42:57PM -0700, Aleksa Sarai wrote:

+* ... a relative path (not starting with /), implementations SHOULD take the value to be the suffix of the resulting cgroup path.

I prefer SHOULD, since I believe a runtime should have a good reason
for it to not do that way…

Is which leaf of a random runtime-generated directory you're at all
that important to you? I don't see a lot of space between MAY and
SHOULD here.

[wking]

Another thing worth clarifying about these relative paths is whether they always create a new leaf in the hierarchy. Given the uncertainty of the MAY/SHOULD wording for interpreting relative paths, I'd say that they MUST create a new leaf in the hierarchy (so folks who want to join an existing node MUST use an absolute cgroupsPath).

[cyphar]

But then you have the systemd cgroup manager, where you specify a slice (which may not be a new leaf). While this might all change in cgroupv2, currently I'm trying to allow for custom cgroup managers to be compliant as long as they allow "absolute paths mode".

[wking]

On Thu, Jun 09, 2016 at 10:23:11PM -0700, Aleksa Sarai wrote:

+* ... a relative path (not starting with /), implementations SHOULD take the value to be the suffix of the resulting cgroup path.

But then you have the systemd cgroup manager, where you specify a
slice (which may not be a new leaf).

Then maybe require a runtime servicing multiple ‘create’ calls with
identical cgroupsPaths to always join the same cgroups (regardless of
the absolute/relative/unset-ness)? That way folks using relative
paths for systemd (or whatever) have some idea of whether they'll be
joining an existing node or creating a new leaf in the hierarchy.

[cyphar]

I've tried to resolve this in the latest version (saying that it must be consistent if a value of cgroupsPath is specified). I don't like the wording though, maybe you could help me reword it?

[wking]

The old wording is “we don't support per-controller paths” for the reasons discussed in cgroup-v2.txt. It's not about limiting the cgroup version. Although you're now the second person I've heard interpret the old wording that way, so we probably want to adjust the wording. I think we do want to support v2 cgroups though, and it may be more clear than I thought if the runtime joins both v1 and v2 cgroups as needed to collect the controllers it wants to join (because a given controller can only be exposed in the v1 or v2 hierarchy, and not in both at once). So if you want to join the devices controller and that controller's in the v2 hierarchy, you join the appropriate v2 cgroup.

[crosbymichael]

is it important to have this? Even if it was supported there would be no changes to the spec and this is more of a runtime concern right?

[wking]

On Fri, Jun 10, 2016 at 11:45:55AM -0700, Michael Crosby wrote:

-The Spec does not support [split hierarchy][cgroup-v2].
+The Spec does not support the [unified or "default" hierarchy][cgroup-v2].

is it important to have this? Even if it was supported there would
be no changes to the spec and this is more of a runtime concern
right?

It was added to motivate a single cgroup-path property
vs. per-controller paths 1. I think it's useful to keep the
(informative) motivation documented here (although I think we can
clarify the wording).

[cyphar]

But the thing is that we do support split hierarchies (that's the default on any modern GNU/Linux system). The reason I made this change was because the link text was wrong (cgroupv2 is the exact opposite of a split hierarchy).

I understand the point (cgroupsPath is a single value), but there's something wrong about this sentence when I read it.

[wking]

On Fri, Jun 10, 2016 at 09:06:48PM -0700, Aleksa Sarai wrote:

I understand the point (cgroupsPath is a single value), but there's
something wrong about this sentence when I read it.

The wording could be improved. My suggestion is 1:

This specification does not support per-controller paths for the
reasons discussed in the [v2 cgroup docs][cgroup-v2].

[Mashimiao]

@cyphar any updates?

[cyphar]

@Mashimiao Thanks for pinging me, I completely forgot about this PR. 😉

@wking There, I've fixed up all of the things you mentioned. PTAL.

[wking]

I still think we want “fulfil” → “fulfill” (although it looks like that's UK vs. US spelling, so not a big deal) and “supported by the system“ → “”.

[cyphar]

ahem UK spelling is clearly superior. 😉

[cyphar]

@wking There, I've fixed up all of your concerns I think.

[wking]

“MUST create a new leaf” conflicts with the later “…MUST consistently attach to the same place …” (see also here). Now that we have the consistently-attach wording, I'm ok with weaker wording like this, and don't really care about MAY vs. SHOULD.

[cyphar]

What about something like:

* ... a relative path (not starting with `/`), the runtime MUST create a new leaf in the cgroup unless the same lexical path is used by another existing container [and MAY interpret the path relative to a runtime-determined location in the cgroup hierarchy].

Where "existing" means that it has been at least created. I'm not sure what wording to use there. I can drop the "must create a new leaf" -- but you're the one who suggested it and I do agree with the sentiment somewhat. But maybe we should drop it -- I think consistency is far more important than whether it's a new leaf.

[wking]

On Fri, Jul 22, 2016 at 02:15:25AM -0700, Aleksa Sarai wrote:

I can drop the "must create a new leaf" -- but you're the one who
suggested it and I do agree with the sentiment somewhat. But maybe
we should drop it -- I think consistency is far more important than
whether it's a new leaf.

I think we should drop the new-leaf wording. I'd suggested it before
we had the consistency wording.

[cyphar]

Sure. Fixed.

[wking]

“CAN” → “MAY”. RFC 2119 does not define CAN. And you probably want to drop the comma.

[cyphar]

@wking Addressed the rest of your comments.

[wking]

19c2a92 → 4ed839e looks good to me.

There's still a comma 1 and “supported by the system” 2 that I
think we don't need, but neither of those have semantic impact.

[cyphar]

/cc @opencontainers/runtime-spec-maintainers

[crosbymichael]

LGTM

[hqhq]

LGTM