RFR: 8264482: container info misleads on non-container environment
Yasumasa Suenaga
ysuenaga at openjdk.java.net
Wed Mar 31 14:08:14 UTC 2021
On Wed, 31 Mar 2021 11:57:40 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
>> hs_err log and `VM.info` dcmd shows cgroup information as container information even though the process run on non-container environment as following.
>>
>> container (cgroup) information:
>> container_type: cgroupv2
>> cpu_cpuset_cpus: not supported
>> cpu_memory_nodes: not supported
>> active_processor_count: 4
>> cpu_quota: not supported
>> cpu_period: not supported
>> cpu_shares: not supported
>> memory_limit_in_bytes: unlimited
>> memory_and_swap_limit_in_bytes: unlimited
>> memory_soft_limit_in_bytes: unlimited
>> memory_usage_in_bytes: 164163584
>> memory_max_usage_in_bytes: not supported
>>
>> We can use cgroup outside of container, so it is useful to show. However cgroup is different from container. We should distinguish them.
>> And also it is useful if we can see container runtime in this section. So I added it. We can see following contents in this section after this change.
>>
>> cgroup information:
>> cgroup_type: cgroupv2
>> container runtime: podman
>> cpu_cpuset_cpus: not supported
>> cpu_memory_nodes: not supported
>> active_processor_count: 4
>> cpu_quota: not supported
>> cpu_period: not supported
>> cpu_shares: not supported
>> memory_limit_in_bytes: unlimited
>> memory_and_swap_limit_in_bytes: unlimited
>> memory_soft_limit_in_bytes: unlimited
>> memory_usage_in_bytes: 256176128
>> memory_max_usage_in_bytes: not supported
>>
>> In case of systemd, it checks PID (PID 1 or not) and `$container` in PID 1. We should check them to know the JVM runs on the container or not.
>>
>> https://github.com/systemd/systemd/blob/68337e55f62cf49b7bdfb73dc5662e23b0ea17fa/src/basic/virt.c#L619
>
> I'm a bit nervous about the container_runtime addition. Can this be done in a separate bug, please? What testing has been done? Has this been tested with docker and podman? Did you run tests in `test/hotspot/jtreg/containers` ?
Thanks @jerboaa and @dholmes-ora for the comment!
I haven't aware JDK-8261242, so I will remove the code to set container runtime name.
The reason why I sent this PR is I found "container_type" in hs_err log even though I did not run JVM on the container. It was confising. I agree to check cgroups configuration, but we should not use "container" for them. cgroups is not only for containers.
> Did you run tests in test/hotspot/jtreg/containers ?
I haven't run them yet. I attempted to fix `OSContainer::is_containerized()` as JDK-8261242 said, but I do not have environment to run test/hotspot/jtreg/containers test. So I fixed UL output only, and confirmed it does not affect their tests.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3280
More information about the hotspot-runtime-dev
mailing list