Podman info add support for status of standard available cgroup controllers

[flouthoc]

Following PR adds support for reflecting availability status of cgroup controllers to info. Patch attempts to resolve #10306

[rhatdan]

I think this would be better in a subgroup,

 CGroupInfo {
     CPUShares...
     MemoryLimit ...
     PidsLimit ...
}

And Alphabetized.

[flouthoc]

@rhatdan Sure makes sense, much cleaner i'll do the required changes.

[flouthoc]

@rhatdan This is resolved. But format might change as there is a discussion going below for CgroupControllers []string

[flouthoc]

@rhatdan Made some changes in latest commit , added CgroupControllers []string instead. Could you please review that.

[AkihiroSuda]

Wondering it may make more sense to just return CgroupControllers []string here.

(Docker-compatible REST API should emulate Docker REST API, though)

[flouthoc]

@AkihiroSuda docker info spits boolean for separate controllers so i tried keeping it same. But i guess a common string for all available controllers would be better. WDYT ?

[AkihiroSuda]

Yes, for Podman CLI, returning the common string slice SGTM.
Docker-compatible REST API should retain Docker-compatible booleans.

[flouthoc]

@AkihiroSuda I tried this but dumping all the available controllers is making info too noisy, for instance on my machine even single liner has too much content. I guess docker only prints standard controllers maybe because this is too verbose but i am cool with this.
On my machine info shows this

cgroupControllers:
  - blkio
  - cpu
  - cpu,cpuacct
  - cpuacct
  - cpuset
  - devices
  - freezer
  - hugetlb
  - memory
  - net_cls
  - net_cls,net_prio
  - net_prio
  - perf_event
  - pids
  - rdma
  - systemd
  - unified

[AkihiroSuda]

For cgroup v1, the right way is to parse /proc/cgroups

[flouthoc]

@AkihiroSuda Would still give the same output as i have all controllers enabled on v1

$ cat /proc/cgroups
#subsys_name	hierarchy	num_cgroups	enabled
cpuset	0	230	1
cpu	0	230	1
cpuacct	0	230	1
blkio	0	230	1
memory	0	230	1
devices	0	230	1
freezer	0	230	1
net_cls	0	230	1
perf_event	0	230	1
net_prio	0	230	1
hugetlb	0	230	1
pids	0	230	1
rdma	0	230	1

[AkihiroSuda]

not "same" :)

[flouthoc]

@AkihiroSuda ah i get it. So i guess logic for existing getAvailableControllers https://github.com/containers/podman/blob/master/pkg/cgroups/cgroups.go#L129 for cgroupv1 needs to be changed or i can add a new function but dont think redundant code for similar task is a good idea. @rhatdan @giuseppe @AkihiroSuda If we can mutually agree upon having CgroupControllers []string in info then i think we can proceed with removing old logic in master and use /proc/cgroups for cgroupv1

[giuseppe]

cgroupv1 is not really supported for rootless, even if manually chowned as the delegation is unsafe.

For root, we can parse /proc/cgroups or /proc/self/cgroup but for rootless we can just force every controller to be disabled.

[flouthoc]

@giuseppe @AkihiroSuda Thanks a lot . I have added changes, this is resolved in latest commit

[rhatdan]

Please update the man page with the new output.

[flouthoc]

@rhatdan Updated Man pages.

[AkihiroSuda]

IIUC the controllers there are not always available for rootless users.
Reading the cgorup.subtree_control of Podman process itself might be better (it is still not robust, either, but at least better...)

[AkihiroSuda]

cc @giuseppe @kolyshkin

[flouthoc]

We cant use subtree created by podman process as it wouldn't exist , if podman info is called prior to creating any container.

[flouthoc]

also i think podman cleans up its entries as soon as running container exits. Not sure.

[giuseppe]

yes the problem is that some controllers are not enabled for the rootless user (and we don't really know what controllers are enabled until we do the equivalent of systemd-run --scope --user with systemd). So I agree with @AkihiroSuda that reading the current enabled controllers is a best effort way of doing it, which should be fine in most cases

[flouthoc]

@giuseppe @AkihiroSuda Thanks a lot . I have added changes, this is resolved in latest commit

[flouthoc]

@giuseppe @AkihiroSuda @rhatdan I have addressed all the comments in latest commit. Could you guys please take a look.

[flouthoc]

Missing test is a flake i think.

[flouthoc]

It was a flake force push solved it. 😃

[flouthoc]

yay!!! thanks @AkihiroSuda waiting for @giuseppe and @rhatdan 's approval.

[mheon]

Restarted a single flake.
/approve
LGTM

[flouthoc]

@mheon Thanks 😄

[flouthoc]

@mheon How do we restart single flake ? There is still one check which has a flake.

[giuseppe]

LGTM

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AkihiroSuda, flouthoc, giuseppe, mheon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [giuseppe,mheon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[giuseppe]

/retest

[mheon]

/lgtm

@flouthoc I click the "Details" link on the test in question. The Github summary page it takes you to should have a "Retest" button if the test is red.