Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lxcfs: per instance configuration #638

Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

lxcfs: per instance configuration #638

wants to merge 17 commits into from

Conversation

mihalicyn
Copy link
Member

@mihalicyn mihalicyn commented Apr 29, 2024
edited
Loading

This adds ability to set per-container configuration parameters (boolean).

This can be very useful in some workloads if system administrator (or container administrator) want's to have some specific LXCFS configuration in some instances, while having defaults on the other ones.

Change is forward compatible and LXCFS can be updated with live reload. Nothing will crash. Obviously, to make new configuration sub-tree accessible full daemon reload is required.

@mihalicyn mihalicyn requested review from stgraber, brauner and a team April 29, 2024 12:09
@HorlogeSkynet HorlogeSkynet mentioned this pull request May 1, 2024
Closed
@mihalicyn mihalicyn force-pushed the lxcfs_per_inst_config branch 4 times, most recently from ab6ec5e to 7d47c99 Compare May 8, 2024 12:31
@mihalicyn mihalicyn force-pushed the lxcfs_per_inst_config branch 2 times, most recently from df815c2 to e2b98ef Compare June 10, 2024 14:36
@mihalicyn
lxcfs: use macro to generate liblxcfs call helpers
61642ee 
Let's reduce code duplication by using macro for this.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/bindings: hold pidns_hash_table references in the main object
7f40001 
Let's allocate pidns_hash_table memory dynamically and hold
pointers to it from a new lxcfs_data structure.

Previously, pidns_hash_table was a statically allocated in liblxcfs,
which means that it won't survive across liblxcfs reloads.

Let's introduce a versionized lxcfs_data structure to keep persistent
data that should survive reloads.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/bindings: make struct pidns_store versionized
eda9b1c 
It's necessary as we want to be able to easily extend it
and use live reloads update mechanism.

This change does not break compatibility, because struct pidns_store
lifetime is limited to liblxcfs lifetime. But we'll make pidns_store
lifetime bigger that's why we need to start versionizing it.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/bindings: add keep_on_reload field to struct pidns_store
e0c105c 
Let's add keep_on_reload field to struct pidns_store.
The idea behind it is that if this flag is set to true, then
pidns_store entry won't be considered as a cache item which can
be dropped. But instead, it will be kept across liblxcfs reloads
and droped only if a pid namespace it refers die.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/bindings: introduce free_initpid() helper
272448f 
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/bindings: prevent duplicate entries in the pid hash table from ap…
82bf622 
…pear

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/bindings: introduce a lookup_verify_pidns_entry helper
732c809 
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/bindings: introduce a get_pidns_ino helper
92571a8 
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/bindings: add iter_initpid_store helper
d77fdd5 
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/bindings: add features bitmask to struct pidns_store
231ceda 
This bitmask can be used to represent a per-instance (technically,
per pid namespace) features configuration (toggle-like).

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
lxcfs: add libcap-(dev|devel) build-time dependency
275d704 
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/utils: add proc_has_capability_in helper
8e27c60 
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/utils: fix in_same_namespace helper
04197f8 
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
lxcfs: introduce a new "lxcfs" subtree
d9b23ce 
Like we have "cgroup", "sys", "proc" subtrees,
let's introduce the "lxcfs" subtree which will
contain LXCFS filesystem-related data and will
be used as an interface to interact and configure
LXCFS in runtime.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/bindings: add features list
148a29d 
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
proc_fuse: add disable_uptime feature
bf557ec 
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@mihalicyn
src/lxcfsctl_fuse: add implementation of lxcfs config subtree
78f2fd3 
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
@stgraber
Copy link
Member

I did a first pass on this, basically looking at the various commits and what's being modified.
General change seems fine but I'll take a closer look later.

For now, a few things I think that should be done:

  • Split off all the bugfixes/refactor/cleanup changes and send those through a separate PR as we'll want to backport them to stable
  • Rebase that branch which should then basically just be the per-instance config stuff
  • Try to find a way to have this be tested by GH actions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stgraber stgraber Awaiting requested review from stgraber

@brauner brauner Awaiting requested review from brauner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mihalicyn @stgraber