runtime-spec icon indicating copy to clipboard operation
runtime-spec copied to clipboard
verified publisher icon opencontainers

Suggest adding UseHierarchy to LinuxMemory

Open Callisto13 opened this issue 7 years ago • 3 comments

Hi!

We would like to ensure that a process inherits memory limits from the parent if the parent cgroup has limits set. This would involve writing 1 to memory.use_hierarchy in the parent cgroup, and we plan to submit a PR to runc which does this if a boolean property is set on the spec. We suggest adding the following property to the LinuxMemory type in specs-go/config.go.

// LinuxMemory for Linux cgroup 'memory' resource management
type LinuxMemory struct {
  // Memory limit (in bytes).
  Limit *int64 `json:"limit,omitempty"`
  ...
  // Use Hierarchy for children to inherit parent memory limits
  UseHierarchy bool `json:"useHierarchy,omitempty"`
}

Interested to hear your thoughts! Thanks :)

cc @ostenbom

Callisto13 avatar Aug 16 '18 15:08 Callisto13

When you say, writing 1 to the "parent", do you mean the container's cgroup or the container's parent's cgroup?

crosbymichael avatar Aug 20 '18 19:08 crosbymichael

We're essentially asking for a way to enable use_hierarchy for a container's cgroup via the runtime spec, so that containers we create later that use child cgroups share memory limits (context below). We currently manually enable this property in the cgroup after creating a container.

The broader context of what we're trying to achieve is using sidecar containers. We'd like a sidecar container's memory cgroup to be a child of a container cgroup (we call the "main" container the sandbox) - and for those containers to share a memory limit.

We have achieved this in the past by simply having both containers share the same memory cgroup. We recently moved to optionally using containerd as our container backend rather than runc directly, and it seems that when we ask containerd to Delete a container, containerd will invoke runc kill --all, and runc considers --all to be "all processes found in the container's device cgroup.procs.

So we want to share memory limits between two containers in a way that won't cause containerd to kill the "sandbox" container when we Delete the "sidecar" container.

BooleanCat avatar Aug 21 '18 09:08 BooleanCat

Sound good to me. As long as we are setting it in the container's cgroup and not walking out to the parent to set this.

crosbymichael avatar Aug 21 '18 14:08 crosbymichael

Completed in https://github.com/opencontainers/runtime-spec/pull/985

AkihiroSuda avatar Feb 01 '23 10:02 AkihiroSuda