Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

--cpu-rt-runtime option doesn't look to work #15666

Closed
sstosh opened this issue Sep 7, 2022 · 5 comments
Closed

--cpu-rt-runtime option doesn't look to work #15666

sstosh opened this issue Sep 7, 2022 · 5 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@sstosh
Copy link
Contributor

sstosh commented Sep 7, 2022

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Steps to reproduce the issue:

According to the man page, this option isn't supported on cgroupsV2.
However, error messages are not printed if we use runc.

cgroupsV2
  • crun
# podman run --cpu-rt-runtime=1 --runtime crun quay.io/libpod/testimage:20220615
Error: OCI runtime error: crun: realtime runtime not supported on cgroupv2
  • runc
# podman run --cpu-rt-runtime=1 --runtime runc quay.io/libpod/testimage:20220615
This container is intended for podman CI testing

This option should be worked on cgroupsV1 rootful.
However, this option doesn't look to work.

cgroupsV1
  • crun
# podman run --cpu-rt-runtime=1 --runtime=crun quay.io/libpod/testimage:20220615
Error: crun: opening file `cpu.rt_runtime_us` for writing: No such file or directory: OCI runtime attempted to invoke a command that was not found
  • runc
# podman run --cpu-rt-runtime=1 --runtime=runc quay.io/libpod/testimage:20220615
Error: runc: runc create failed: unable to start container process: error during container init: error setting cgroup config for procHooks process: openat2 /sys/fs/cgroup/cpu,cpuacct/machine.slice/libpod-056d621812023b9068976239e6c740381afcb30a25a2e780509b19831df0dced.scope/cpu.rt_runtime_us: no such file or directory: OCI runtime attempted to invoke a command that was not found

Describe the results you received:

See above.

Describe the results you expected:

--cpu-rt-runtime should be worked on cgroupsV1 rootful.
In any other environment, podman should print warning or error message.

Output of podman info:

cgroupsV2
host:
  arch: amd64
  buildahVersion: 1.27.0
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.0-2.fc36.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.0, commit: '
  cpuUtilization:
    idlePercent: 99.84
    systemPercent: 0.04
    userPercent: 0.11
  cpus: 12
  distribution:
    distribution: fedora
    variant: server
    version: "36"
  eventLogger: journald
  hostname: fedora36
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.18.11-200.fc36.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 734347264
  memTotal: 8326582272
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun-1.5-1.fc36.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.5
      commit: 54ebb8ca8bf7e6ddae2eb919f5b82d1d96863dea
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-0.2.beta.0.fc36.x86_64
    version: |-
      slirp4netns version 1.2.0-beta.0
      commit: 477db14a24ff1a3de3a705e51ca2c4c1fe3dda64
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 8315203584
  swapTotal: 8325689344
  uptime: 151h 41m 58.00s (Approximately 6.29 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 6
    paused: 0
    running: 0
    stopped: 6
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 106285760512
  graphRootUsed: 29079826432
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.3.0-dev
  Built: 1662462575
  BuiltTime: Tue Sep  6 20:09:35 2022
  GitCommit: fd978acdb733ce000c0f41f0283623d20a9f95b2
  GoVersion: go1.18.3
  Os: linux
  OsArch: linux/amd64
  Version: 4.3.0-dev
cgroupsV1
host:
  arch: amd64
  buildahVersion: 1.27.0
  cgroupControllers:
  - cpuset
  - cpu
  - cpuacct
  - blkio
  - memory
  - devices
  - freezer
  - net_cls
  - perf_event
  - net_prio
  - hugetlb
  - pids
  - misc
  cgroupManager: systemd
  cgroupVersion: v1
  conmon:
    package: conmon-2.1.0-2.fc36.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.0, commit: '
  cpuUtilization:
    idlePercent: 99.98
    systemPercent: 0.01
    userPercent: 0.01
  cpus: 12
  distribution:
    distribution: fedora
    variant: server
    version: "36"
  eventLogger: journald
  hostname: fedora36-v1
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.18.11-200.fc36.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 3198504960
  memTotal: 8326590464
  networkBackend: netavark
  ociRuntime:
    name: runc
    package: containerd.io-1.6.6-3.1.fc36.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.1.2
      commit: v1.1.2-0-ga916309
      spec: 1.0.2-dev
      go: go1.17.11
      libseccomp: 2.5.3
  os: linux
  remoteSocket:
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-0.2.beta.0.fc36.x86_64
    version: |-
      slirp4netns version 1.2.0-beta.0
      commit: 477db14a24ff1a3de3a705e51ca2c4c1fe3dda64
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 8325689344
  swapTotal: 8325689344
  uptime: 151h 42m 7.00s (Approximately 6.29 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 9
    paused: 0
    running: 0
    stopped: 9
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 106285760512
  graphRootUsed: 26717450240
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 2
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.3.0-dev
  Built: 1662535743
  BuiltTime: Wed Sep  7 16:29:03 2022
  GitCommit: ea3e7ef0733dfc010606fdc8fc631e1d17866349
  GoVersion: go1.18.3
  Os: linux
  OsArch: linux/amd64
  Version: 4.3.0-dev

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):
Fedora36, KVM

@openshift-ci openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Sep 7, 2022
@vrothberg
Copy link
Member

Thanks for reaching out, @sstosh!

@giuseppe WDYT?

@giuseppe
Copy link
Member

giuseppe commented Sep 7, 2022

what exactly is the issue you are seeing on cgroupv1?

Are you using a realtime kernel?

Also keep in mind that Podman doesn't change the system configuration, so you will need to manually set cpu.rt_runtime_us in the parent cgroups.

@giuseppe
Copy link
Member

giuseppe commented Sep 7, 2022

e.g., you may need something like echo 950000 > /sys/fs/cgroup/cpu,cpuacct/machine.slice/cpu.rt_runtime_us

@sstosh
Copy link
Contributor Author

sstosh commented Sep 8, 2022

Thank you for your reply.
I'm sorry, I misunderstood...

There is no cpu.rt_... files in my Fedora cgroupsV1 environment.
Therefore, this option doesn't work.

On the other hand, my RHEL cgroupsV1 environment has cpu.rt_... files.
I checked the --cpu-rt-runtime option works when I manually setted cpu.rt_runtime_us in the parent cgroups.

# echo 950000 > /sys/fs/cgroup/cpu,cpuacct/machine.slice/cpu.rt_runtime_us
# podman run --rm --cpu-rt-runtime=10000 quay.io/libpod/testimage:20220615 cat /sys/fs/cgroup/cpu/cpu.rt_runtime_us
10000

@giuseppe
Copy link
Member

giuseppe commented Sep 8, 2022

thanks for confirming it

@giuseppe giuseppe closed this as completed Sep 8, 2022
sstosh added a commit to sstosh/podman that referenced this issue Sep 9, 2022
`--cpu-rt-period` and `--cpu-rt-runtime` options are only
supported on cgroups V1 rootful systems.

Therefore, podman prints an warning message and ignores these
options when we use cgroups V2 systems.

Related to: containers#15666

Signed-off-by: Toshiki Sonoda <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 16, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 16, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

No branches or pull requests

3 participants