enable compatibility with Nomad in cgroups.v2 mode (#133)

This PR updates the containerd driver to support changes in how Nomad manages cgroups when running on a machine using cgroups.v2 - The namespace is now set to "nomad.slice", which containerd uses as the cgroup parent. - The container name is re-oriented to the new naming convention, i.e. "<allocID>.<taskName>.scope". This is necessary for Nomad to be able to manage the cpuset resource.
2022-05-09 13:22:38 -05:00 · 2022-05-09 13:22:38 -05:00 · d8c2c2fad2
commit d8c2c2fad2
parent 589e162efc
2 changed files with 17 additions and 2 deletions
--- a/containerd/driver.go
+++ b/containerd/driver.go
@ -37,6 +37,7 @@ import (
 	"github.com/hashicorp/nomad/plugins/drivers"
 	"github.com/hashicorp/nomad/plugins/shared/hclspec"
 	"github.com/hashicorp/nomad/plugins/shared/structs"
+	"github.com/opencontainers/runc/libcontainer/cgroups"
 )

 const (
@ -259,7 +260,13 @@ func NewPlugin(logger log.Logger) drivers.DriverPlugin {
 	// Calls to containerd API are namespaced.
 	// "nomad" is the namespace that will be used for all nomad-driver-containerd
 	// related containerd API calls.
-	ctxContainerd := namespaces.WithNamespace(context.Background(), "nomad")
+	namespace := "nomad"
+	// Unless we are operating in cgroups.v2 mode, in which case we use the
+	// name "nomad.slice", which ends up being the cgroup parent.
+	if cgroups.IsCgroup2UnifiedMode() {
+		namespace = "nomad.slice"
+	}
+	ctxContainerd := namespaces.WithNamespace(context.Background(), namespace)

 	return &Driver{
 		eventer:        eventer.NewEventer(ctx, logger),
@ -428,8 +435,13 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
 	handle := drivers.NewTaskHandle(taskHandleVersion)
 	handle.Config = cfg

+	// Use Nomad's docker naming convention for the container name
 	// https://www.nomadproject.io/docs/drivers/docker#container-name
 	containerName := cfg.Name + "-" + cfg.AllocID
+	if cgroups.IsCgroup2UnifiedMode() {
+		// In cgroup.v2 mode, the name is slightly different.
+		containerName = fmt.Sprintf("%s.%s.scope", cfg.AllocID, cfg.Name)
+	}
 	containerConfig.ContainerName = containerName

 	var err error
--- a/go.mod
+++ b/go.mod
@ -12,6 +12,7 @@ require (
 	github.com/hashicorp/go-hclog v0.14.1
 	github.com/hashicorp/go-uuid v1.0.2
 	github.com/hashicorp/nomad v1.1.12
+	github.com/opencontainers/runc v1.1.0
 	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
 	github.com/spf13/cobra v1.1.3
 )
@ -28,12 +29,15 @@ require (
 	github.com/containerd/continuity v0.2.2 // indirect
 	github.com/containerd/fifo v1.0.0 // indirect
 	github.com/containerd/ttrpc v1.1.0 // indirect
+	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/libnetwork v0.8.0-dev.2.0.20200612180813-9e99af28df21 // indirect
 	github.com/fatih/color v1.9.0 // indirect
 	github.com/go-ole/go-ole v1.2.4 // indirect
+	github.com/godbus/dbus/v5 v5.0.6 // indirect
 	github.com/gogo/googleapis v1.4.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@ -79,7 +83,6 @@ require (
 	github.com/oklog/run v1.0.1-0.20180308005104-6934b124db28 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5 // indirect
-	github.com/opencontainers/runc v1.1.0 // indirect
 	github.com/opencontainers/selinux v1.10.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect