Merge pull request #5806 from hashicorp/b-systemd-cgroups-path

drivers/exec: use an independent name=systemd cgroup path
2019-06-11 13:00:44 -04:00 · 2019-06-11 13:00:44 -04:00 · 79698489dc
parent d16f9df59b 5734c8a648
commit 79698489dc
3 changed files with 57 additions and 4 deletions
--- a/drivers/exec/driver_test.go
+++ b/drivers/exec/driver_test.go
@ -434,9 +434,9 @@ func TestExecDriver_HandlerExec(t *testing.T) {
 		if line == "" {
 			continue
 		}
-		// Skip systemd and rdma cgroups; rdma was added in most recent kernels and libcontainer/docker
-		// don't isolate them by default.
-		if strings.HasPrefix(line, "1:name=systemd") || strings.Contains(line, ":rdma:") {
+		// Skip rdma subsystem; rdma was added in most recent kernels and libcontainer/docker
+		// don't isolate it by default.
+		if strings.Contains(line, ":rdma:") {
 			continue
 		}
 		if !strings.Contains(line, ":/nomad/") {
--- a/drivers/shared/executor/executor_linux.go
+++ b/drivers/shared/executor/executor_linux.go
@ -684,7 +684,7 @@ func configureCgroups(cfg *lconfigs.Config, command *ExecCommand) error {
 	}

 	id := uuid.Generate()
-	cfg.Cgroups.Path = filepath.Join(defaultCgroupParent, id)
+	cfg.Cgroups.Path = filepath.Join("/", defaultCgroupParent, id)

 	if command.Resources == nil || command.Resources.NomadResources == nil {
 		return nil
--- a/drivers/shared/executor/executor_linux_test.go
+++ b/drivers/shared/executor/executor_linux_test.go
@ -164,6 +164,59 @@ passwd`
 	}, func(err error) { t.Error(err) })
 }

+// TestExecutor_CgroupPaths asserts that process starts with independent cgroups
+// hierarchy created for this process
+func TestExecutor_CgroupPaths(t *testing.T) {
+	t.Parallel()
+	require := require.New(t)
+	testutil.ExecCompatible(t)
+
+	testExecCmd := testExecutorCommandWithChroot(t)
+	execCmd, allocDir := testExecCmd.command, testExecCmd.allocDir
+	execCmd.Cmd = "/bin/bash"
+	execCmd.Args = []string{"-c", "sleep 0.2; cat /proc/self/cgroup"}
+	defer allocDir.Destroy()
+
+	execCmd.ResourceLimits = true
+
+	executor := NewExecutorWithIsolation(testlog.HCLogger(t))
+	defer executor.Shutdown("SIGKILL", 0)
+
+	ps, err := executor.Launch(execCmd)
+	require.NoError(err)
+	require.NotZero(ps.Pid)
+
+	state, err := executor.Wait(context.Background())
+	require.NoError(err)
+	require.Zero(state.ExitCode)
+
+	tu.WaitForResult(func() (bool, error) {
+		output := strings.TrimSpace(testExecCmd.stdout.String())
+		// sanity check that we got some cgroups
+		if !strings.Contains(output, ":devices:") {
+			return false, fmt.Errorf("was expected cgroup files but found:\n%v", output)
+		}
+		lines := strings.Split(output, "\n")
+		for _, line := range lines {
+			// Every cgroup entry should be /nomad/$ALLOC_ID
+			if line == "" {
+				continue
+			}
+
+			// Skip rdma subsystem; rdma was added in most recent kernels and libcontainer/docker
+			// don't isolate it by default.
+			if strings.Contains(line, ":rdma:") {
+				continue
+			}
+
+			if !strings.Contains(line, ":/nomad/") {
+				return false, fmt.Errorf("Not a member of the alloc's cgroup: expected=...:/nomad/... -- found=%q", line)
+			}
+		}
+		return true, nil
+	}, func(err error) { t.Error(err) })
+}
+
 func TestUniversalExecutor_LookupTaskBin(t *testing.T) {
 	t.Parallel()
 	require := require.New(t)