Skip to content

Use cached state instead of runc state.#3711

Merged
crosbymichael merged 1 commit intocontainerd:masterfrom
Random-Liu:avoid-unnecessary-runc-state
Oct 4, 2019
Merged

Use cached state instead of runc state.#3711
crosbymichael merged 1 commit intocontainerd:masterfrom
Random-Liu:avoid-unnecessary-runc-state

Conversation

@Random-Liu
Copy link
Copy Markdown
Member

@Random-Liu Random-Liu commented Oct 3, 2019
edited
Loading

See kubernetes/kubernetes#82440 and moby/moby#39102

I think we should cherry-pick this into 1.2 and 1.3.

In Kubernetes, we observed that exec in containerd is fair expensive. With Docker 18.09, for each exec process, 8 runc state processes will be spawned.

The followings are results of sudo strace -f -p SHIM_PID -e execve when we simply run a crictl exec CONTAINER_ID echo hello.

  • Containerd with containerd-shim (I believe most people are still using this):
$ cat result | grep execve
[pid 229037] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "174c9870fbd569c79d7e8d706323134a"...], 0xc000059000 /* 6 vars */) = 0
[pid 229043] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "174c9870fbd569c79d7e8d706323134a"...], 0xc0001393c0 /* 6 vars */) = 0
[pid 229049] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "174c9870fbd569c79d7e8d706323134a"...], 0xc000059080 /* 6 vars */) = 0
[pid 229055] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "exec", "--process", "/tmp/runc-process270233118", "--detach", "--pid-file", "/run/containerd/io.containerd.ru"..., "174c9870fbd569c79d7e8d706323134a"...], 0xc000059140 /* 6 vars */) = 0
[pid 229062] execve("/proc/self/exe", ["runc", "init"], 0xc000058500 /* 6 vars */) = 0
[pid 229066] execve("/bin/echo", ["echo", "hello"], 0xc00007d0c0 /* 3 vars */ <unfinished ...>
[pid 229066] <... execve resumed> )     = 0
[pid 229073] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "174c9870fbd569c79d7e8d706323134a"...], 0xc000059340 /* 6 vars */) = 0
[pid 229074] execve("/usr/local/bin/containerd", ["/usr/local/bin/containerd", "--address", "/run/containerd/containerd.sock", "publish", "--topic", "/tasks/exit", "--namespace", "k8s.io"], 0xc0002d0540 /* 6 vars */) = 0
[pid 229080] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "174c9870fbd569c79d7e8d706323134a"...], 0xc0002d0a40 /* 6 vars */) = 0
[pid 229091] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "174c9870fbd569c79d7e8d706323134a"...], 0xc0000593c0 /* 6 vars */) = 0
[pid 229099] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "174c9870fbd569c79d7e8d706323134a"...], 0xc000059480 /* 6 vars */) = 0
[pid 229105] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "174c9870fbd569c79d7e8d706323134a"...], 0xc0002d17c0 /* 6 vars */) = 0
[pid 229111] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "174c9870fbd569c79d7e8d706323134a"...], 0xc000059940 /* 6 vars */) = 0

$ cat result | grep execve
[pid 225273] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc.v1/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "9d7dfbb4ce08f1ed732ad9683d6ab09b"...], 0xc000290040 /* 7 vars */) = 0
[pid 225280] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc.v1/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "exec", "--process", "/tmp/runc-process475686972", "--detach", "--pid-file", "/run/containerd/io.containerd.ru"..., "9d7dfbb4ce08f1ed732ad9683d6ab09b"...], 0xc000290380 /* 7 vars */) = 0
[pid 225286] execve("/proc/self/exe", ["runc", "init"], 0xc00005a200 /* 6 vars */) = 0
[pid 225290] execve("/bin/echo", ["echo", "hello"], 0xc00007d0c0 /* 3 vars */ <unfinished ...>
[pid 225290] <... execve resumed> )     = 0
[pid 225297] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc.v1/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "9d7dfbb4ce08f1ed732ad9683d6ab09b"...], 0xc000290880 /* 7 vars */) = 0
[pid 225303] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc.v1/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "state", "9d7dfbb4ce08f1ed732ad9683d6ab09b"...], 0xc000290980 /* 7 vars */) = 0
  • Containerd with containerd-shim with this change (no runc state anymore):
$ cat result | grep execve
[pid 220550] execve("/usr/local/sbin/runc", ["runc", "--root", "/run/containerd/runc/k8s.io", "--log", "/run/containerd/io.containerd.ru"..., "--log-format", "json", "exec", "--process", "/tmp/runc-process002244826", "--detach", "--pid-file", "/run/containerd/io.containerd.ru"..., "1821a71464ad289dc60f6fd6a2d1a2cd"...], 0xc00007e200 /* 6 vars */) = 0
[pid 220556] execve("/proc/self/exe", ["runc", "init"], 0xc000058300 /* 6 vars */) = 0
[pid 220560] execve("/bin/echo", ["echo", "hello"], 0xc00007d0c0 /* 3 vars */ <unfinished ...>
[pid 220560] <... execve resumed> )     = 0
[pid 220568] execve("/usr/local/bin/containerd", ["/usr/local/bin/containerd", "--address", "/run/containerd/containerd.sock", "publish", "--topic", "/tasks/exit", "--namespace", "k8s.io"], 0xc00007f000 /* 6 vars */) = 0

Signed-off-by: Lantao Liu lantaol@google.com

@Random-Liu Random-Liu mentioned this pull request Oct 3, 2019
Open
@Random-Liu
Copy link
Copy Markdown
Member Author

Random-Liu commented Oct 3, 2019

@crosbymichael Do you see any problem with using the cached state instead of invoking runc state?

@theopenlab-ci
Copy link
Copy Markdown

theopenlab-ci bot commented Oct 3, 2019

Build succeeded.

@codecov-io
Copy link
Copy Markdown

codecov-io commented Oct 3, 2019
edited
Loading

Codecov Report

Merging #3711 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff           @@
##           master   #3711   +/-   ##
======================================
  Coverage    42.1%   42.1%           
======================================
  Files         129     129           
  Lines       14307   14307           
======================================
  Hits         6024    6024           
  Misses       7383    7383           
  Partials      900     900
Flag Coverage Δ
#linux 45.61% <ø> (ø) ⬆️
#windows 37.05% <ø> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a83ae30...d3dc6cb. Read the comment docs.

@crosbymichael
Copy link
Copy Markdown
Member

crosbymichael commented Oct 3, 2019

LGTM

@Random-Liu Random-Liu force-pushed the avoid-unnecessary-runc-state branch from d3dc6cb to 907914c Compare October 3, 2019 17:49
@Random-Liu
Copy link
Copy Markdown
Member Author

Random-Liu commented Oct 3, 2019
edited
Loading

@crosbymichael I updated the pausing implementation a little bit. In the previous implementation, it is possible that the container goes from pausing to running state after pausing boolean is reset but not transition into paused state yet.

And let's test this change in HEAD for several days before cherry-picking. The Status function will need the shim lock after this change. I don't think it will cause any issue, but let's see.

@Random-Liu Random-Liu force-pushed the avoid-unnecessary-runc-state branch from 907914c to 117421f Compare October 3, 2019 17:52
@Random-Liu
Use cached state instead of runc state.
18be6e3 
Signed-off-by: Lantao Liu <lantaol@google.com>
@Random-Liu Random-Liu force-pushed the avoid-unnecessary-runc-state branch from 117421f to 18be6e3 Compare October 3, 2019 17:53
@theopenlab-ci
Copy link
Copy Markdown

theopenlab-ci bot commented Oct 3, 2019

Build succeeded.

@crosbymichael
Copy link
Copy Markdown
Member

crosbymichael commented Oct 3, 2019

Yes, it needs to be in HEAD to make sure that this does not introduce any races or incorrect state changes

@Random-Liu Random-Liu mentioned this pull request Oct 3, 2019
Open
jterry75
jterry75 reviewed Oct 3, 2019
View reviewed changes
pkg/process/utils.go
s.Unlock()
}

type atomicBool int32
Copy link
Copy Markdown
Contributor

@jterry75 jterry75 Oct 3, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this not locked by p.mu yes this a atomic so its thread safe but it still enables the race conditions between a status and pause call.

Copy link
Copy Markdown
Member Author

@Random-Liu Random-Liu Oct 3, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because pausing only makes sense outside of p.mu. Within the lock, there are only running and paused state.

Copy link
Copy Markdown
Contributor

@jterry75 jterry75 Oct 3, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. I'll take your word for it :)

@Random-Liu
Copy link
Copy Markdown
Member Author

Random-Liu commented Oct 4, 2019

Can we get this in sooner so that we can start soaking?

This is affecting both Kubernetes and Docker users now. :)

@crosbymichael
Copy link
Copy Markdown
Member

crosbymichael commented Oct 4, 2019

LGTM

mxpv
mxpv approved these changes Oct 4, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@mxpv mxpv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@crosbymichael crosbymichael merged commit 38a0013 into containerd:master Oct 4, 2019
@Random-Liu Random-Liu deleted the avoid-unnecessary-runc-state branch October 4, 2019 20:11
This was referenced Oct 4, 2019
Merged
Open
Closed
This was referenced Oct 14, 2019
Merged
Merged
Closed
jterry75 added a commit to jterry75/containerd that referenced this pull request Dec 3, 2019
@jterry75
Merge tag 'v1.3.2' into publish-cri
0befcc9 
containerd 1.3.2

Welcome to the v1.3.2 release of containerd!

The second patch release for `containerd` 1.3 includes a fix for a race condition
related to the reported pid on exit when called from Docker.

### Runtime

* Fix containerd pid race condition [containerd#3857](containerd#3857)
* Use cached process state to reduce exec cost [containerd#3711](containerd#3711)

### CRI

* Added `insecure_skip_verify` option in the registry tls config to allow skipping registry certificate verification [containerd#3847](containerd#3847)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Lantao Liu
* Derek McGowan
* Michael Crosby
* Phil Estes
* Maksym Pavlenko

### Changes

* [`ff48f57fc8`](containerd@ff48f57) Merge pull request  [containerd#3866](containerd#3866) from dmcgowan/prepare-1.3.2
* [`99005c2647`](containerd@99005c2) Add release notes for v1.3.2
* [`e987ea3cac`](containerd@e987ea3) Merge pull request  [containerd#3864](containerd#3864) from Random-Liu/update-cri-release-1.3
* [`8bbd71e560`](containerd@8bbd71e) Update cri to b1bef15fbeb6c6f0569b67322acfa74ca3597755.
* [`070c27205c`](containerd@070c272) Merge pull request  [containerd#3863](containerd#3863) from Random-Liu/cherrypick-#3857-release-1.3
* [`306d6d4b55`](containerd@306d6d4) Fix container pid.
* [`5028701f1a`](containerd@5028701) Merge pull request  [containerd#3753](containerd#3753) from thaJeztah/1.3_backport_avoid_unnecessary_runc_state
* [`e3d2b608cc`](containerd@e3d2b60) Merge pull request  [containerd#3855](containerd#3855) from fuweid/cp-3853
* [`04fbb97ad0`](containerd@04fbb97) Fix cleanup error on content client test
* [`be24f39454`](containerd@be24f39) Merge pull request  [containerd#3840](containerd#3840) from ameyag/1.3_backport_log_file_win
* [`333679343b`](containerd@3336793) Add `--log-file` flag for windows service.
* [`9abfc70043`](containerd@9abfc70) Use cached state instead of `runc state`.

### Changes from containerd/cri

* [`b1bef15f`](containerd/cri@b1bef15) Merge pull request  [containerd#1346](containerd/cri#1346) from Random-Liu/cherrypick-#1345-release-1.3
* [`27edfa06`](containerd/cri@27edfa0) Add insecure_skip_verify option.
* [`e5dd8053`](containerd/cri@e5dd805) Merge pull request  [containerd#1322](containerd/cri#1322) from Random-Liu/cherrypick-#1319-release-1.3
* [`c0dee957`](containerd/cri@c0dee95) Fix containerd build, use `libbtrfs-dev` when available.
* [`1fb415d2`](containerd/cri@1fb415d) Merge pull request  [containerd#1314](containerd/cri#1314) from Random-Liu/cherrypick-#1312-release-1.3
* [`0973459d`](containerd/cri@0973459) Update based on default xenial distro.
* [`a46f6baf`](containerd/cri@a46f6ba) Configure golangci-lint

### Dependency Changes

Previous release can be found at [v1.3.1](https://github.com/containerd/containerd/releases/tag/v1.3.1)

* **github.com/containerd/cri**  5d49e7e51b43e36a6b9c4386257c7d08c602237f -> b1bef15fbeb6c6f0569b67322acfa74ca3597755

# gpg: directory '/c/Users/juterry/.gnupg' created
# gpg: keybox '/c/Users/juterry/.gnupg/pubring.kbx' created
# gpg: Signature made Tue Dec  3 11:09:10 2019 PST
# gpg:                using RSA key 8C7A111C21105794B0E8A27BF58C5D0A4405ACDB
# gpg: Can't check signature: No public key
@tao12345666333 tao12345666333 mentioned this pull request Dec 8, 2019
Merged
@thaJeztah thaJeztah mentioned this pull request Jan 30, 2020
Merged
@thaJeztah thaJeztah mentioned this pull request Jan 30, 2020
Merged
@ianlewis ianlewis mentioned this pull request Jul 17, 2020
Open
@msau42 msau42 mentioned this pull request Sep 22, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jterry75 jterry75 jterry75 left review comments

@mxpv mxpv mxpv approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@Random-Liu @codecov-io @crosbymichael @mxpv @jterry75 @AkihiroSuda