RFR: 8264482: container info misleads on non-container environment

Severin Gehwolf sgehwolf at openjdk.java.net
Wed Mar 31 12:25:20 UTC 2021 

On Wed, 31 Mar 2021 06:24:06 GMT, Yasumasa Suenaga <ysuenaga at openjdk.org> wrote:

> hs_err log and `VM.info` dcmd shows cgroup information as container information even though the process run on non-container environment as following.
> 
> container (cgroup) information:
> container_type: cgroupv2
> cpu_cpuset_cpus: not supported
> cpu_memory_nodes: not supported
> active_processor_count: 4
> cpu_quota: not supported
> cpu_period: not supported
> cpu_shares: not supported
> memory_limit_in_bytes: unlimited
> memory_and_swap_limit_in_bytes: unlimited
> memory_soft_limit_in_bytes: unlimited
> memory_usage_in_bytes: 164163584
> memory_max_usage_in_bytes: not supported
> 
> We can use cgroup outside of container, so it is useful to show. However cgroup is different from container. We should distinguish them.
> And also it is useful if we can see container runtime in this section. So I added it. We can see following contents in this section after this change.
> 
> cgroup information:
> cgroup_type: cgroupv2
> container runtime: podman
> cpu_cpuset_cpus: not supported
> cpu_memory_nodes: not supported
> active_processor_count: 4
> cpu_quota: not supported
> cpu_period: not supported
> cpu_shares: not supported
> memory_limit_in_bytes: unlimited
> memory_and_swap_limit_in_bytes: unlimited
> memory_soft_limit_in_bytes: unlimited
> memory_usage_in_bytes: 256176128
> memory_max_usage_in_bytes: not supported
> 
> In case of systemd, it checks PID (PID 1 or not) and `$container` in PID 1. We should check them to know the JVM runs on the container or not.
> 
> https://github.com/systemd/systemd/blob/68337e55f62cf49b7bdfb73dc5662e23b0ea17fa/src/basic/virt.c#L619

src/hotspot/os/linux/osContainer_linux.cpp line 75:

> 73:   if (getpid() == 1) {
> 74:     // This process is in container
> 75:     _runtime = os::strdup_check_oom(getenv("container"));

In my testing this shows `oci`:

$ podman run --rm -ti fedora:33
[root at 2322a30ef7cd /]# echo $container
oci

So I'm not sure this will be very helpful. Systemd does some fairly involved translation:
https://github.com/systemd/systemd/blob/68337e55f62cf49b7bdfb73dc5662e23b0ea17fa/src/basic/virt.c#L677

Those heuristics will involve a partial implementation of https://bugs.openjdk.java.net/browse/JDK-8261242

Also consider that there are multiple container runtimes when podman is in use (I don't know about docker). For example `crun` and `runc`. In a way, container runtime then becomes ambiguous too.

-------------

PR: https://git.openjdk.java.net/jdk/pull/3280

More information about the hotspot-runtime-dev mailing list