RFR: 8264482: container info misleads on non-container environment

David Holmes david.holmes at oracle.com
Wed Mar 31 13:10:07 UTC 2021 

On 31/03/2021 7:51 pm, Yasumasa Suenaga wrote:
> hs_err log and `VM.info` dcmd shows cgroup information as container information even though the process run on non-container environment as following.
> 
> container (cgroup) information:
> container_type: cgroupv2
> cpu_cpuset_cpus: not supported
> cpu_memory_nodes: not supported
> active_processor_count: 4
> cpu_quota: not supported
> cpu_period: not supported
> cpu_shares: not supported
> memory_limit_in_bytes: unlimited
> memory_and_swap_limit_in_bytes: unlimited
> memory_soft_limit_in_bytes: unlimited
> memory_usage_in_bytes: 164163584
> memory_max_usage_in_bytes: not supported
> 
> We can use cgroup outside of container, so it is useful to show. However cgroup is different from container. We should distinguish them.
> And also it is useful if we can see container runtime in this section. So I added it. We can see following contents in this section after this change.
> 
> cgroup information:
> cgroup_type: cgroupv2
> container runtime: podman
> cpu_cpuset_cpus: not supported
> cpu_memory_nodes: not supported
> active_processor_count: 4
> cpu_quota: not supported
> cpu_period: not supported
> cpu_shares: not supported
> memory_limit_in_bytes: unlimited
> memory_and_swap_limit_in_bytes: unlimited
> memory_soft_limit_in_bytes: unlimited
> memory_usage_in_bytes: 256176128
> memory_max_usage_in_bytes: not supported
> 
> In case of systemd, it checks PID (PID 1 or not) and `$container` in PID 1. We should check them to know the JVM runs on the container or not.
> 
> https://github.com/systemd/systemd/blob/68337e55f62cf49b7bdfb73dc5662e23b0ea17fa/src/basic/virt.c#L619

Our container support is based around cgroups. The actual containers are 
still too ad-hoc to reliably interact with. I would not want to see this 
additional code added at startup up time, but rather the container 
environment should be interrogated when the information is desired. It 
really bugs me that there are no (even informally) standardized API's 
around containers and we have to provide custom support to deal with 
each of them.

David
-----

> -------------
> 
> Commit messages:
>   - 8264482: container info misleads on non-container environment
> 
> Changes: https://git.openjdk.java.net/jdk/pull/3280/files
>   Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=3280&range=00
>    Issue: https://bugs.openjdk.java.net/browse/JDK-8264482
>    Stats: 44 lines in 3 files changed: 34 ins; 0 del; 10 mod
>    Patch: https://git.openjdk.java.net/jdk/pull/3280.diff
>    Fetch: git fetch https://git.openjdk.java.net/jdk pull/3280/head:pull/3280
> 
> PR: https://git.openjdk.java.net/jdk/pull/3280
>

More information about the hotspot-runtime-dev mailing list