cgroups

package
v4.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 19, 2025 License: BSD-3-Clause Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrUnitialized = errors.New("cgroups manager is not initialized")

Functions

func CanUseCgroups added in v4.1.0 

func CanUseCgroups(systemd bool, warn bool) bool

CanUseCgroups checks whether it's possible to use the cgroups manager. - Systemd cgroups management requires systemd running as init. - Host root can always use cgroups. - Rootless needs cgroups v2. - Rootless needs systemd manager. - Rootless needs DBUS_SESSION_BUS_ADDRESS and XDG_RUNTIME_DIR set properly. warn controls whether configuration problems preventing use of cgroups will be logged as warnings, or debug messages.

func DefaultPathForPid 

func DefaultPathForPid(systemd bool, pid int) (group string)

DefaultPathForPid returns a default cgroup path for a given PID.

func HasDbus added in v4.1.0 

func HasDbus() (bool, error)

HasDbus checks if DBUS_SESSION_BUS_ADDRESS is set, and sane. Logs unset var / non-existent target at DEBUG level.

func HasXDGRuntimeDir added in v4.1.0 

func HasXDGRuntimeDir() (bool, error)

HasXDGRuntimeDir checks if XDG_Runtime_Dir is set, and sane. Logs unset var / non-existent target at DEBUG level.

func Int64ptr 

func Int64ptr(i int) *int64

func LoadResources 

func LoadResources(path string) (spec specs.LinuxResources, err error)

LoadResources loads a cgroups config file into a LinuxResources struct

func SaveConfig 

func SaveConfig(config Config, confPath string) (err error)

SaveConfig saves a native cgroups.Config struct into a TOML file at confPath

func UnmarshalJSONResources 

func UnmarshalJSONResources(data string) (*specs.LinuxResources, error)

UnmarshalJSON unmarshals a JSON string into a LinuxResources struct

Types

type Config 

type Config struct {
	// Devices configures the device whitelist.
	Devices []LinuxDeviceCgroup `toml:"devices" json:"devices,omitempty"`
	// Memory restriction configuration
	Memory *LinuxMemory `toml:"memory" json:"memory,omitempty"`
	// CPU resource restriction configuration
	CPU *LinuxCPU `toml:"cpu" json:"cpu,omitempty"`
	// Task resource restriction configuration.
	Pids *LinuxPids `toml:"pids" json:"pids,omitempty"`
	// BlockIO restriction configuration
	BlockIO *LinuxBlockIO `toml:"blockIO" json:"blockIO,omitempty"`
	// Hugetlb limit (in bytes)
	HugepageLimits []LinuxHugepageLimit `toml:"hugepageLimits" json:"hugepageLimits,omitempty"`
	// Network restriction configuration
	Network *LinuxNetwork `toml:"network" json:"network,omitempty"`
	// Rdma resource restriction configuration.
	// Limits are a set of key value pairs that define RDMA resource limits,
	// where the key is device name and value is resource limits.
	Rdma map[string]LinuxRdma `toml:"rdma" json:"rdma,omitempty"`
	// Native cgroups v2 unified hierarchy resource limits.
	Unified map[string]string `toml:"unified" json:"unified,omitempty"`
}

Config has container runtime resource constraints

func LoadConfig 

func LoadConfig(confPath string) (config Config, err error)

LoadConfig loads a TOML cgroups config file into our native cgroups.Config struct

func (*Config) MarshalJSON 

func (c *Config) MarshalJSON() (string, error)

MarshalJSON marshals a cgroups.Config struct to a JSON string

type LinuxBlockIO 

type LinuxBlockIO struct {
	// Specifies per cgroup weight
	Weight *uint16 `toml:"weight" json:"weight,omitempty"`
	// Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, CFQ scheduler only
	LeafWeight *uint16 `toml:"leafWeight" json:"leafWeight,omitempty"`
	// Weight per cgroup per device, can override BlkioWeight
	WeightDevice []LinuxWeightDevice `toml:"weightDevice" json:"weightDevice,omitempty"`
	// IO read rate limit per cgroup per device, bytes per second
	ThrottleReadBpsDevice []LinuxThrottleDevice `toml:"throttleReadBpsDevice" json:"throttleReadBpsDevice,omitempty"`
	// IO write rate limit per cgroup per device, bytes per second
	ThrottleWriteBpsDevice []LinuxThrottleDevice `toml:"throttleWriteBpsDevice" json:"throttleWriteBpsDevice,omitempty"`
	// IO read rate limit per cgroup per device, IO per second
	ThrottleReadIOPSDevice []LinuxThrottleDevice `toml:"throttleReadIOPSDevice" json:"throttleReadIOPSDevice,omitempty"`
	// IO write rate limit per cgroup per device, IO per second
	ThrottleWriteIOPSDevice []LinuxThrottleDevice `toml:"throttleWriteIOPSDevice" json:"throttleWriteIOPSDevice,omitempty"`
}

LinuxBlockIO for Linux cgroup 'blkio' resource management

type LinuxCPU 

type LinuxCPU struct {
	// CPU shares (relative weight (ratio) vs. other cgroups with cpu shares).
	Shares *uint64 `toml:"shares" json:"shares,omitempty"`
	// CPU hardcap limit (in usecs). Allowed cpu time in a given period.
	Quota *int64 `toml:"quota" json:"quota,omitempty"`
	// CPU period to be used for hardcapping (in usecs).
	Period *uint64 `toml:"period" json:"period,omitempty"`
	// How much time realtime scheduling may use (in usecs).
	RealtimeRuntime *int64 `toml:"realtimeRuntime" json:"realtimeRuntime,omitempty"`
	// CPU period to be used for realtime scheduling (in usecs).
	RealtimePeriod *uint64 `toml:"realtimePeriod" json:"realtimePeriod,omitempty"`
	// CPUs to use within the cpuset. Default is to use any CPU available.
	Cpus string `toml:"cpus" json:"cpus,omitempty"`
	// List of memory nodes in the cpuset. Default is to use any available memory node.
	Mems string `toml:"mems" json:"mems,omitempty"`
}

LinuxCPU for Linux cgroup 'cpu' resource management

type LinuxDeviceCgroup 

type LinuxDeviceCgroup struct {
	// Allow or deny
	Allow bool `toml:"allow" json:"allow" comment:"test"`
	// Device type, block, char, etc.
	Type string `toml:"type" json:"type,omitempty"`
	// Major is the device's major number.
	Major *int64 `toml:"major" json:"major,omitempty"`
	// Minor is the device's minor number.
	Minor *int64 `toml:"minor" json:"minor,omitempty"`
	// Cgroup access permissions format, rwm.
	Access string `toml:"access" json:"access,omitempty"`
}

LinuxDeviceCgroup represents a device rule for the whitelist controller

type LinuxHugepageLimit 

type LinuxHugepageLimit struct {
	// Pagesize is the hugepage size
	Pagesize string `toml:"pageSize" json:"pageSize"`
	// Limit is the limit of "hugepagesize" hugetlb usage
	Limit uint64 `toml:"limit" json:"limit"`
}

LinuxHugepageLimit structure corresponds to limiting kernel hugepages

type LinuxInterfacePriority 

type LinuxInterfacePriority struct {
	// Name is the name of the network interface
	Name string `toml:"name" json:"name"`
	// Priority for the interface
	Priority uint32 `toml:"priority" json:"priority"`
}

LinuxInterfacePriority for network interfaces

type LinuxMemory 

type LinuxMemory struct {
	// Memory limit (in bytes).
	Limit *int64 `toml:"limit" json:"limit,omitempty"`
	// Memory reservation or soft_limit (in bytes).
	Reservation *int64 `toml:"reservation" json:"reservation,omitempty"`
	// Total memory limit (memory + swap).
	Swap *int64 `toml:"swap" json:"swap,omitempty"`
	// Kernel memory limit (in bytes).
	Kernel *int64 `toml:"kernel" json:"kernel,omitempty"`
	// Kernel memory limit for tcp (in bytes)
	KernelTCP *int64 `toml:"kernelTCP" json:"kernelTCP,omitempty"`
	// How aggressive the kernel will swap memory pages.
	Swappiness *uint64 `toml:"swappiness" json:"swappiness,omitempty"`
	// DisableOOMKiller disables the OOM killer for out of memory conditions
	DisableOOMKiller *bool `toml:"disableOOMKiller" json:"disableOOMKiller,omitempty"`
}

LinuxMemory for Linux cgroup 'memory' resource management

type LinuxNetwork 

type LinuxNetwork struct {
	// Set class identifier for container's network packets
	ClassID *uint32 `toml:"classID" json:"classID,omitempty"`
	// Set priority of network traffic for container
	Priorities []LinuxInterfacePriority `toml:"priorities" json:"priorities,omitempty"`
}

LinuxNetwork identification and priority configuration

type LinuxPids 

type LinuxPids struct {
	// Maximum number of PIDs. Default is "no limit".
	Limit int64 `toml:"limit" json:"limit"`
}

LinuxPids for Linux cgroup 'pids' resource management (Linux 4.3)

type LinuxRdma 

type LinuxRdma struct {
	// Maximum number of HCA handles that can be opened. Default is "no limit".
	HcaHandles *uint32 `toml:"hcaHandles" json:"hcaHandles,omitempty"`
	// Maximum number of HCA objects that can be created. Default is "no limit".
	HcaObjects *uint32 `toml:"hcaObjects" json:"hcaObjects,omitempty"`
}

LinuxRdma for Linux cgroup 'rdma' resource management (Linux 4.11)

type LinuxThrottleDevice 

type LinuxThrottleDevice struct {
	// Major is the device's major number.
	Major int64 `toml:"major" json:"major"`
	// Minor is the device's minor number.
	Minor int64 `toml:"minor" json:"minor"`
	// Rate is the IO rate limit per cgroup per device
	Rate uint64 `toml:"rate" json:"rate"`
}

LinuxThrottleDevice struct holds a `major:minor rate_per_second` pair

type LinuxWeightDevice 

type LinuxWeightDevice struct {
	// Major is the device's major number.
	Major int64 `toml:"major" json:"major"`
	// Minor is the device's minor number.
	Minor int64 `toml:"minor" json:"minor"`
	// Weight is the bandwidth rate for the device.
	Weight *uint16 `toml:"weight" json:"weight,omitempty"`
	// LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, CFQ scheduler only
	LeafWeight *uint16 `toml:"leafWeight" json:"leafWeight,omitempty"`
}

LinuxWeightDevice struct holds a `major:minor weight` pair for weightDevice

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager provides functions to modify, freeze, thaw, and destroy a cgroup. Singularity's cgroups.Manager is a wrapper around opencontainers/cgroups. The manager supports v1 cgroups, and v2 cgroups with a unified hierarchy. Resource specifications are handles in specs.LinuxResources format and translated to opencontainers/cgroups format internally.

func GetManagerForGroup 

func GetManagerForGroup(group string) (manager *Manager, err error)

GetManager returns a Manager for the provided cgroup name/path. It can only return a cgroupfs manager, as we aren't wiring back up to systemd through dbus etc.

Disable context check as it raises a warning throuch lcmanager.New, which is in a dependency we cannot modify to pass a context.

func GetManagerForPid 

func GetManagerForPid(pid int) (manager *Manager, err error)

GetManagerFromPid returns a Manager for the cgroup that pid is a member of. It can only return a cgroupfs manager, as we aren't wiring back up to systemd through dbus etc.

func NewManagerWithFile 

func NewManagerWithFile(specPath string, pid int, group string, systemd bool) (manager *Manager, err error)

NewManagerWithFile creates a Manager, applies the configuration at specPath, and adds pid to the cgroup. If a group name is supplied, it will be used by the manager. If group = "" then "/singularity/<pid>" is used as a default.

func NewManagerWithJSON 

func NewManagerWithJSON(jsonSpec string, pid int, group string, systemd bool) (manager *Manager, err error)

NewManagerWithJSON creates a Manager, applies the JSON configuration supplied, and adds pid to the cgroup. If a group name is supplied, it will be used by the manager. If group = "" then "/singularity/<pid>" is used as a default.

func NewManagerWithSpec 

func NewManagerWithSpec(spec *specs.LinuxResources, pid int, group string, systemd bool) (manager *Manager, err error)

NewManagerWithSpec creates a Manager, applies the configuration in spec, and adds pid to the cgroup. If a group name is supplied, it will be used by the manager. If group = "" then "/singularity/<pid>" is used as a default.

func (*Manager) AddProc 

func (m *Manager) AddProc(pid int) (err error)

AddProc adds the process with specified pid to the managed cgroup

Disable context check as it raises a warning throuch lcmanager.New, which is in a dependency we cannot modify to pass a context.

func (*Manager) Destroy 

func (m *Manager) Destroy() (err error)

Destroy deletes the managed cgroup.

func (*Manager) Freeze 

func (m *Manager) Freeze() (err error)

Freeze freezes processes in the managed cgroup.

func (*Manager) GetCgroupRelPath 

func (m *Manager) GetCgroupRelPath() (relPath string, err error)

GetCgroupRelPath returns the relative path of the cgroup under the mount point

func (*Manager) GetCgroupRootPath 

func (m *Manager) GetCgroupRootPath() (rootPath string, err error)

GetCgroupRootPath returns the cgroups mount root path, for the managed cgroup

func (*Manager) GetStats 

func (m *Manager) GetStats() (*lccgroups.Stats, error)

GetStats wraps the Manager.GetStats from runc

func (*Manager) Thaw 

func (m *Manager) Thaw() (err error)

Thaw unfreezes process in the managed cgroup.

func (*Manager) UpdateFromFile 

func (m *Manager) UpdateFromFile(path string) error

UpdateFromFile updates the existing managed cgroup using configuration from a toml file.

func (*Manager) UpdateFromSpec 

func (m *Manager) UpdateFromSpec(resources *specs.LinuxResources) (err error)

UpdateFromSpec updates the existing managed cgroup using configuration from an OCI LinuxResources spec struct.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.