containerd
Support direct editing of the intelRdt config
This PR adds support for directly adjusting the intelRdt object of the container config.
Previously, we have the concept of RDT class, which provides indirect manipulation of the intelRdt.closID field. There the higher level runtime (containerd, cri-o) registers a resolver function which the NRI adaptation uses to translate the provided "RDT class" to actual closID (which is basically the resctrl group in the Linux resctrl filesystem).
The API extensions in this PR provides direct control of the relevant fields of the intelRdt object. The PR also includes a sample plugin to test/demonstrate the functionality (including deployment files and CI integration to build/publish images)
REFS:
- https://github.com/opencontainers/runtime-spec/pull/1230
- https://github.com/opencontainers/runtime-spec/pull/1287
NOTES:
- Depends/stacks on #212. That could be merged separately
- The "pkg/adaptation: support new RDT fields" commit borrows some snippets from #118. Let's get that one in first.
- There is currently no runtime implementation (runc or crun) that would support all the functionality
closID: supported by runc and crunschemata- runc: not supported (PR: https://github.com/opencontainers/runc/pull/4830)
- crun: supported (https://github.com/containers/crun/pull/1748)
enableMonitoring:- runc: not supported (PR: https://github.com/opencontainers/runc/pull/4832)
- crun: not supported, no PR open (afaik)
OPEN QUESTION/TODO:
In this PR there is no mechanism for removing the intelRdt object from the config. That is probably a desirable feature.
nit: typo in the body of commit message for 'api: add rdt': repeated 'the' in "... the the IntelRdt message is sepate from LinuxResources. This is to ..."
@marquiz @mikebrow @chrishenzie This overall LGTM. My biggest question is the timeline for tagging a new opencontainers/runtime-spec so that bits we rely on here become available via a tagged release.
My biggest question is the timeline for tagging a new opencontainers/runtime-spec so that bits we rely on here become available via a tagged release.
I'm on the same side. I think there's no immediate hurry with this, especially because even the runc/crun implementation(s) are not there, yet. I've been working on this area so I wanted to get this one off my shoulders. That said, I think this is ready for review. I could've submitted this as a draft, but decided not to because from my perspective this is complete.
I just recalled that there's actually one aspect/feature missing from the new extensions: ability to remove the linux.intelRdt from the container config (set it to nil/null). Suggestions for how to implement this are warmly welcome.
I couldn't come up with any nice solutions, I played with two alternatives but didn't commit either of them:
- Have a separate field (like
drop) in the NRI API - Have a well documented, otherwise invalid value for the
closIDfield in the NRI API (e.g.-/) that causes the config to be dropped
I just recalled that there's actually one aspect/feature missing from the new extensions: ability to remove the
linux.intelRdtfrom the container config (set it to nil/null). Suggestions for how to implement this are warmly welcome.I couldn't come up with any nice solutions, I played with two alternatives but didn't commit either of them:
- Have a separate field (like
drop) in the NRI API- Have a well documented, otherwise invalid value for the
closIDfield in the NRI API (e.g.-/) that causes the config to be dropped
@marquiz I'd vote with a mild bias for 2 above (because it's how we handle other similar cases where removal is supported). But with the addition that on the wire-protocol this is the convention we use, but in the user-facing API we provide explicit functions for clearing any LinuxRdt, with something along the lines of this:
func (a *ContainerAdjustment) RemoveLinuxRDT() {
a.initLinux()
a.Linux.Rdt = &LinuxRdt{
ClosId = MarkForRemoval("") // or MarkForRemoval("/") if you think that's better
}
}
And then have the corresponding handling for this in intermediate result-calculation and final Spec generation.
@klihub thanks for the feedback. The MarkForRemoval thingie was a good hint, I didn't have that in my early prototype. I'll cook up something along the lines you suggested and then we can mull over that.
Updated:
- rebased (on top of the containerized-protobuild commit)
- added unit test for pkg/runtime-tools
- small change in pkg/adaptation/result.go (rely on
initAdjustRdt()in initializingContainer.Linux.Rdt) - fixed commit message
- added support for removing RDT config (as a separate commit)
nit: typo in the body of commit message for 'api: add rdt': repeated 'the' in "... the the IntelRdt message is sepate from LinuxResources. This is to ..."
Thx for spotting this. Fixed
I'd vote with a mild bias for 2 above (because it's how we handle other similar cases where removal is supported). But with the addition that on the wire-protocol this is the convention we use, but in the user-facing API we provide explicit functions for clearing any LinuxRdt,
I ended up with adding a separate field. I implemented both variants and the "prefix closid with -/" variant was an ugly fragile mess tbh. So much cleaner to just have a separate field for this purpose. For envs and other guys it's a bit different when we're updating a map or slice and you selectively remove some items. But here we're managing the whole object. (if interested, I have the still lying around at https://github.com/marquiz/nri/commits/devel/rdt-remove-2/)
I'd vote with a mild bias for 2 above (because it's how we handle other similar cases where removal is supported). But with the addition that on the wire-protocol this is the convention we use, but in the user-facing API we provide explicit functions for clearing any LinuxRdt,
I ended up with adding a separate field. I implemented both variants and the "prefix closid with
-/" variant was an ugly fragile mess tbh. So much cleaner to just have a separate field for this purpose. For envs and other guys it's a bit different when we're updating a map or slice and you selectively remove some items. But here we're managing the whole object.
@marquiz Yes, and sorry about the long sidetrack in our offline discussion earlier. I was in the totally wrong mental model, associated with most of the existing bits (slices and maps). You were absolutely right that we can't reasonably handle removal with an inline notation, because then it would not be possible to indicate a removal prior to an addition to avoiding conflict with an earlier plugin. I agree a separate dedicated field in the wire-protocol is the way to go here.
Rebased, marked ready-for-review. Stacked on top of #212 @klihub @mikebrow @chrishenzie
nit: typo/missing 'be' in commit message of 'api: add rdt': "Also note that the Rdt object cannot modified on container"
As a purely theoretical question related to your notes in the commit log of 'api: add rdt'.
In the (I am adraid highly unlikely) situation where runc/crun/OCI compatible runtimes would gain the ability to update RDT for a running container, what would be the best way for us to model/handle that. Would we add a corresponding &LinuxRdt{} to LinuxContainerUpdate{} ?
nit: typo/missing 'be' in commit message of 'api: add rdt': "Also note that the Rdt object cannot modified on container"
Thx for spotting this. Fixed
In the (I am adraid highly unlikely) situation where runc/crun/OCI compatible runtimes would gain the ability to update RDT for a running container, what would be the best way for us to model/handle that. Would we add a corresponding
&LinuxRdt{}toLinuxContainerUpdate{}
Yes, I think that would likely be the place (with the usual reservations of predicting the future, how this would be implemented in runc).
@klihub @mikebrow @chrishenzie it would be nice to get #118 in before this. I'll then rebase