Merge pull request #476 from hqhq/hq_dont_fail_subsystem

vmarmol · vmarmol · commit a37b2a4f152e · 2015-05-11T09:29:59.000-07:00
don't fail when subsystem not mounted
diff --git a/cgroups/fs/apply_raw.go b/cgroups/fs/apply_raw.go
@@ -262,6 +262,11 @@ func (raw *data) join(subsystem string) (string, error) {
 }
 
 func writeFile(dir, file, data string) error {
+	// Normally dir should not be empty, one case is that cgroup subsystem
+	// is not mounted, we will get empty dir, and we want it fail here.
+	if dir == "" {
+		return fmt.Errorf("no such directory for %s.", file)
+	}
 	return ioutil.WriteFile(filepath.Join(dir, file), []byte(data), 0700)
 }
 
diff --git a/cgroups/fs/cpu.go b/cgroups/fs/cpu.go
@@ -17,7 +17,7 @@ func (s *CpuGroup) Apply(d *data) error {
 	// We always want to join the cpu group, to allow fair cpu scheduling
 	// on a container basis
 	dir, err := d.join("cpu")
-	if err != nil {
+	if err != nil && !cgroups.IsNotFound(err) {
 		return err
 	}
 
diff --git a/cgroups/fs/cpuset.go b/cgroups/fs/cpuset.go
@@ -16,7 +16,7 @@ type CpusetGroup struct {
 
 func (s *CpusetGroup) Apply(d *data) error {
 	dir, err := d.path("cpuset")
-	if err != nil {
+	if err != nil && !cgroups.IsNotFound(err) {
 		return err
 	}
 
@@ -48,6 +48,11 @@ func (s *CpusetGroup) GetStats(path string, stats *cgroups.Stats) error {
 }
 
 func (s *CpusetGroup) ApplyDir(dir string, cgroup *configs.Cgroup, pid int) error {
+	// This might happen if we have no cpuset cgroup mounted.
+	// Just do nothing and don't fail.
+	if dir == "" {
+		return nil
+	}
 	if err := s.ensureParent(dir); err != nil {
 		return err
 	}
diff --git a/cgroups/fs/devices.go b/cgroups/fs/devices.go
@@ -11,6 +11,8 @@ type DevicesGroup struct {
 func (s *DevicesGroup) Apply(d *data) error {
 	dir, err := d.join("devices")
 	if err != nil {
+		// We will return error even it's `not found` error, devices
+		// cgroup is hard requirement for container's security.
 		return err
 	}
 
diff --git a/cgroups/fs/memory.go b/cgroups/fs/memory.go
@@ -16,8 +16,7 @@ type MemoryGroup struct {
 
 func (s *MemoryGroup) Apply(d *data) error {
 	dir, err := d.join("memory")
-	// only return an error for memory if it was specified
-	if err != nil && (d.c.Memory != 0 || d.c.MemoryReservation != 0 || d.c.MemorySwap != 0) {
+	if err != nil && !cgroups.IsNotFound(err) {
 		return err
 	}
 	defer func() {
diff --git a/cgroups/systemd/apply_systemd.go b/cgroups/systemd/apply_systemd.go
@@ -256,6 +256,11 @@ func (m *Manager) GetPaths() map[string]string {
 }
 
 func writeFile(dir, file, data string) error {
+	// Normally dir should not be empty, one case is that cgroup subsystem
+	// is not mounted, we will get empty dir, and we want it fail here.
+	if dir == "" {
+		return fmt.Errorf("no such directory for %s.", file)
+	}
 	return ioutil.WriteFile(filepath.Join(dir, file), []byte(data), 0700)
 }
 
@@ -276,24 +281,24 @@ func join(c *configs.Cgroup, subsystem string, pid int) (string, error) {
 
 func joinCpu(c *configs.Cgroup, pid int) error {
 	path, err := getSubsystemPath(c, "cpu")
-	if err != nil {
+	if err != nil && !cgroups.IsNotFound(err) {
 		return err
 	}
 	if c.CpuQuota != 0 {
-		if err = ioutil.WriteFile(filepath.Join(path, "cpu.cfs_quota_us"), []byte(strconv.FormatInt(c.CpuQuota, 10)), 0700); err != nil {
+		if err = writeFile(path, "cpu.cfs_quota_us", strconv.FormatInt(c.CpuQuota, 10)); err != nil {
 			return err
 		}
 	}
 	if c.CpuPeriod != 0 {
-		if err = ioutil.WriteFile(filepath.Join(path, "cpu.cfs_period_us"), []byte(strconv.FormatInt(c.CpuPeriod, 10)), 0700); err != nil {
+		if err = writeFile(path, "cpu.cfs_period_us", strconv.FormatInt(c.CpuPeriod, 10)); err != nil {
 			return err
 		}
 	}
 	return nil
 }
 
 func joinFreezer(c *configs.Cgroup, pid int) error {
-	if _, err := join(c, "freezer", pid); err != nil {
+	if _, err := join(c, "freezer", pid); err != nil && !cgroups.IsNotFound(err) {
 		return err
 	}
 
@@ -393,6 +398,8 @@ func getUnitName(c *configs.Cgroup) string {
 // This happens at least for v208 when any sibling unit is started.
 func joinDevices(c *configs.Cgroup, pid int) error {
 	path, err := join(c, "devices", pid)
+	// Even if it's `not found` error, we'll return err because devices cgroup
+	// is hard requirement for container security.
 	if err != nil {
 		return err
 	}
@@ -410,19 +417,19 @@ func joinMemory(c *configs.Cgroup, pid int) error {
 	}
 
 	path, err := getSubsystemPath(c, "memory")
-	if err != nil {
+	if err != nil && !cgroups.IsNotFound(err) {
 		return err
 	}
 
-	return ioutil.WriteFile(filepath.Join(path, "memory.memsw.limit_in_bytes"), []byte(strconv.FormatInt(memorySwap, 10)), 0700)
+	return writeFile(path, "memory.memsw.limit_in_bytes", strconv.FormatInt(memorySwap, 10))
 }
 
 // systemd does not atm set up the cpuset controller, so we must manually
 // join it. Additionally that is a very finicky controller where each
 // level must have a full setup as the default for a new directory is "no cpus"
 func joinCpuset(c *configs.Cgroup, pid int) error {
 	path, err := getSubsystemPath(c, "cpuset")
-	if err != nil {
+	if err != nil && !cgroups.IsNotFound(err) {
 		return err
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -262,6 +262,11 @@ func (raw *data) join(subsystem string) (string, error) {`
`262`	`262`	`}`
`263`	`263`
`264`	`264`	`func writeFile(dir, file, data string) error {`
	`265`	`+ // Normally dir should not be empty, one case is that cgroup subsystem`
	`266`	`+ // is not mounted, we will get empty dir, and we want it fail here.`
	`267`	`+ if dir == "" {`
	`268`	`+ return fmt.Errorf("no such directory for %s.", file)`
	`269`	`+ }`
`265`	`270`	`return ioutil.WriteFile(filepath.Join(dir, file), []byte(data), 0700)`
`266`	`271`	`}`
`267`	`272`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ func (s CpuGroup) Apply(d data) error {`
`17`	`17`	`// We always want to join the cpu group, to allow fair cpu scheduling`
`18`	`18`	`// on a container basis`
`19`	`19`	`dir, err := d.join("cpu")`
`20`		`- if err != nil {`
	`20`	`+ if err != nil && !cgroups.IsNotFound(err) {`
`21`	`21`	`return err`
`22`	`22`	`}`
`23`	`23`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ type CpusetGroup struct {`
`16`	`16`
`17`	`17`	`func (s CpusetGroup) Apply(d data) error {`
`18`	`18`	`dir, err := d.path("cpuset")`
`19`		`- if err != nil {`
	`19`	`+ if err != nil && !cgroups.IsNotFound(err) {`
`20`	`20`	`return err`
`21`	`21`	`}`
`22`	`22`
`@@ -48,6 +48,11 @@ func (s CpusetGroup) GetStats(path string, stats cgroups.Stats) error {`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`func (s CpusetGroup) ApplyDir(dir string, cgroup configs.Cgroup, pid int) error {`
	`51`	`+ // This might happen if we have no cpuset cgroup mounted.`
	`52`	`+ // Just do nothing and don't fail.`
	`53`	`+ if dir == "" {`
	`54`	`+ return nil`
	`55`	`+ }`
`51`	`56`	`if err := s.ensureParent(dir); err != nil {`
`52`	`57`	`return err`
`53`	`58`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,8 @@ type DevicesGroup struct {`
`11`	`11`	`func (s DevicesGroup) Apply(d data) error {`
`12`	`12`	`dir, err := d.join("devices")`
`13`	`13`	`if err != nil {`
	`14`	+ // We will return error even it's `not found` error, devices
	`15`	`+ // cgroup is hard requirement for container's security.`
`14`	`16`	`return err`
`15`	`17`	`}`
`16`	`18`
Original file line number	Diff line number	Diff line change
`@@ -16,8 +16,7 @@ type MemoryGroup struct {`
`16`	`16`
`17`	`17`	`func (s MemoryGroup) Apply(d data) error {`
`18`	`18`	`dir, err := d.join("memory")`
`19`		`- // only return an error for memory if it was specified`
`20`		`- if err != nil && (d.c.Memory != 0 \|\| d.c.MemoryReservation != 0 \|\| d.c.MemorySwap != 0) {`
	`19`	`+ if err != nil && !cgroups.IsNotFound(err) {`
`21`	`20`	`return err`
`22`	`21`	`}`
`23`	`22`	`defer func() {`
Original file line number	Diff line number	Diff line change
`@@ -256,6 +256,11 @@ func (m *Manager) GetPaths() map[string]string {`
`256`	`256`	`}`
`257`	`257`
`258`	`258`	`func writeFile(dir, file, data string) error {`
	`259`	`+ // Normally dir should not be empty, one case is that cgroup subsystem`
	`260`	`+ // is not mounted, we will get empty dir, and we want it fail here.`
	`261`	`+ if dir == "" {`
	`262`	`+ return fmt.Errorf("no such directory for %s.", file)`
	`263`	`+ }`
`259`	`264`	`return ioutil.WriteFile(filepath.Join(dir, file), []byte(data), 0700)`
`260`	`265`	`}`
`261`	`266`
`@@ -276,24 +281,24 @@ func join(c *configs.Cgroup, subsystem string, pid int) (string, error) {`
`276`	`281`
`277`	`282`	`func joinCpu(c *configs.Cgroup, pid int) error {`
`278`	`283`	`path, err := getSubsystemPath(c, "cpu")`
`279`		`- if err != nil {`
	`284`	`+ if err != nil && !cgroups.IsNotFound(err) {`
`280`	`285`	`return err`
`281`	`286`	`}`
`282`	`287`	`if c.CpuQuota != 0 {`
`283`		`- if err = ioutil.WriteFile(filepath.Join(path, "cpu.cfs_quota_us"), []byte(strconv.FormatInt(c.CpuQuota, 10)), 0700); err != nil {`
	`288`	`+ if err = writeFile(path, "cpu.cfs_quota_us", strconv.FormatInt(c.CpuQuota, 10)); err != nil {`
`284`	`289`	`return err`
`285`	`290`	`}`
`286`	`291`	`}`
`287`	`292`	`if c.CpuPeriod != 0 {`
`288`		`- if err = ioutil.WriteFile(filepath.Join(path, "cpu.cfs_period_us"), []byte(strconv.FormatInt(c.CpuPeriod, 10)), 0700); err != nil {`
	`293`	`+ if err = writeFile(path, "cpu.cfs_period_us", strconv.FormatInt(c.CpuPeriod, 10)); err != nil {`
`289`	`294`	`return err`
`290`	`295`	`}`
`291`	`296`	`}`
`292`	`297`	`return nil`
`293`	`298`	`}`
`294`	`299`
`295`	`300`	`func joinFreezer(c *configs.Cgroup, pid int) error {`
`296`		`- if _, err := join(c, "freezer", pid); err != nil {`
	`301`	`+ if _, err := join(c, "freezer", pid); err != nil && !cgroups.IsNotFound(err) {`
`297`	`302`	`return err`
`298`	`303`	`}`
`299`	`304`
`@@ -393,6 +398,8 @@ func getUnitName(c *configs.Cgroup) string {`
`393`	`398`	`// This happens at least for v208 when any sibling unit is started.`
`394`	`399`	`func joinDevices(c *configs.Cgroup, pid int) error {`
`395`	`400`	`path, err := join(c, "devices", pid)`
	`401`	+ // Even if it's `not found` error, we'll return err because devices cgroup
	`402`	`+ // is hard requirement for container security.`
`396`	`403`	`if err != nil {`
`397`	`404`	`return err`
`398`	`405`	`}`
`@@ -410,19 +417,19 @@ func joinMemory(c *configs.Cgroup, pid int) error {`
`410`	`417`	`}`
`411`	`418`
`412`	`419`	`path, err := getSubsystemPath(c, "memory")`
`413`		`- if err != nil {`
	`420`	`+ if err != nil && !cgroups.IsNotFound(err) {`
`414`	`421`	`return err`
`415`	`422`	`}`
`416`	`423`
`417`		`- return ioutil.WriteFile(filepath.Join(path, "memory.memsw.limit_in_bytes"), []byte(strconv.FormatInt(memorySwap, 10)), 0700)`
	`424`	`+ return writeFile(path, "memory.memsw.limit_in_bytes", strconv.FormatInt(memorySwap, 10))`
`418`	`425`	`}`
`419`	`426`
`420`	`427`	`// systemd does not atm set up the cpuset controller, so we must manually`
`421`	`428`	`// join it. Additionally that is a very finicky controller where each`
`422`	`429`	`// level must have a full setup as the default for a new directory is "no cpus"`
`423`	`430`	`func joinCpuset(c *configs.Cgroup, pid int) error {`
`424`	`431`	`path, err := getSubsystemPath(c, "cpuset")`
`425`		`- if err != nil {`
	`432`	`+ if err != nil && !cgroups.IsNotFound(err) {`
`426`	`433`	`return err`
`427`	`434`	`}`
`428`	`435`