RFR: 8193710 - jcmd -l and jps commands do not list Java processes running in Docker containers
Bob Vandette
bob.vandette at oracle.com
Mon Jan 22 17:20:17 UTC 2018
Please review this change that resolves the detection of Java processes that are running in cgroup
based containers.
This latest (and hopefully final) update of this fix addresses comments from David Holmes and Mandy Chung.
Bug:
https://bugs.openjdk.java.net/browse/JDK-8193710
Webrev:
http://cr.openjdk.java.net/~bobv/8193710/webrev.02/
Summary:
This changeset enables the ability to use jcmd and jps running on a Host to
list the java processes that are running in docker (cgroup based) containers.
I’ve tested this change by examining processes running as root on both host and in
docker containers as well as under my userid using “jps and jcmd -l”.
I’ve also tested updates to the getFile functions with a small example program that I wrote.
Here are some implementation details that I’ve added to the Linux specific implementation class:
src/jdk.internal.jvmstat/linux/classes/sun/jvmstat/PlatformSupportImpl.java
/* Implementation Details:
*
* Java processes that run in docker containers are typically running
* under cgroups with separate pid namespaces which means that pids
* within the container are different that the pid which is visible
* from the host. The container pids typically start with 1 and
* increase. The java process running in the container will use these
* pids when creating the hsperfdata files. In order to locate java
* processes that are running in containers, we take advantage of
* the Linux proc file system which maps the containers tmp directory
* to the hosts under /proc/{hostpid}/root/tmp. We use the /proc status
* file /proc/{hostpid}/status to determine the containers pid and
* then access the hsperfdata file. The status file contains an
* entry "NSPid:" which shows the mapping from the hostpid to the
* containers pid.
*
* Example:
*
* NSPid: 24345 11
*
* In this example process 24345 is visible from the host,
* is running under the PID namespace and has a container specific
* pid of 11.
*
* The search for Java processes is done by first looking in the
* traditional /tmp for host process hsperfdata files and then
* the search will container in every /proc/*/root/tmp directory.
* There are of course added complications to this search that
* need to be taken into account.
*
* 1. duplication of tmp directories
*
* /proc/{hostpid}/root/tmp directories exist for many processes
* that are running on a Linux kernel that has cgroups enabled even
* if they are not running in a container. To avoid this duplication,
* we compare the inode of the /proc tmp directories to /tmp and
* skip these duplicated directories.
*
* 2. Containerized processes without PID namespaces being enabled.
*
* If a container is running a Java process without namespaces being
* enabled, an hsperfdata file will only be located at
* /proc/{hostpid}/root/tmp/{hostpid}. This is handled by
* checking the last component in the path for both the hostpid
* and potential namespacepids (if one exists).
*/
Bob.
More information about the core-libs-dev
mailing list