Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8230305

Cgroups v2: Container awareness

    Details

    • Type: Enhancement
    • Status: In Progress
    • Priority: P4
    • Resolution: Unresolved
    • Affects Version/s: 8u221, 11, 13, 14
    • Fix Version/s: tbd
    • Component/s: hotspot
    • Subcomponent:
    • Understanding:
      Fix Understood
    • CPU:
      generic
    • OS:
      linux

      Description

      JDK-8146115 added Hotspot runtime support for JVMs running in Docker containers. At the time Docker used cgroups v1 and, hence, runtime support only includes cgroup v1 controllers.

      This enhancement will extend functionality of JDK-8146115 to also detect cgroups v2. That is iff cgroups v2 unified hierarchy is available only, use the cgroups v2 backend. Otherwise fall back to existing cgroups v1 container support.

      Fedora 31 plans to switch to the unified hierarchy by default[1] and will be used as a test system for the cgroups v2 backend. At this point, podman and crun have sufficient support for a cgroups v2 only OS for this work to be possible to start at the JVM level.

      Controllers supported for cgroups v2 are: memory, cpu, cpuset

      memory controller:
      ------------------------------------------------------------------------
      https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#memory

      $ podman --runtime=/usr/bin/crun run --memory=300M -ti fedora:30 /bin/bash
      [root@18bac3504b35 /]# cat /sys/fs/cgroup$(cat /proc/self/cgroup | cut -d':' -f3)/memory.max
      314572800

      cpu controller:
      ------------------------------------------------------------------------
      https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#cpu

      $ podman --runtime=/usr/bin/crun run --memory=300M --cpu-quota=10000 --cpu-period=10000 -ti fedora:30 /bin/bash
      [root@c6561b50c547 /]# cat /sys/fs/cgroup$(cat /proc/self/cgroup | cut -d':' -f3)/cpu.max
      10000 10000

      OR using --cpu-shares:

      $ podman --runtime=/usr/bin/crun run --memory=300M --cpu-shares=1024 -ti fedora:30 /bin/bash
      [root@e18f01fca65a /]# cat /sys/fs/cgroup$(cat /proc/self/cgroup | cut -d':' -f3)/cpu.weight
      39

      Note that with Cgroups V2, there are certain transformations being done as
      the OCI spec has been done with Cgroups V1 in mind. See:
      https://github.com/containers/crun/blob/master/crun.1.md#cpu-controller

      cpuset controller:
      ------------------------------------------------------------------------
      https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#cpuset

      $ podman --runtime=/usr/bin/crun run --memory=300M --cpuset-cpus=0,1 -ti fedora:30 /bin/bash
      [root@c6e8caa8f25b /]# cat /sys/fs/cgroup$(cat /proc/self/cgroup | cut -d':' -f3)/cpuset.cpus
      0-1
      [root@c6e8caa8f25b /]# cat /sys/fs/cgroup$(cat /proc/self/cgroup | cut -d':' -f3)/cpuset.cpus.effective
      0-1

      On a cgroup v2 only system the current container detection bails with "Required cgroup memory subsystem not found". The below example is for JDK 11, but it's equally valid for JDK 14:

      $ podman --runtime=/usr/bin/crun run --memory=300M -ti fedora:30 /bin/bash
      [root@a81e632b9aa4 /]# dnf install java-11-openjdk
      [...]
      [root@a81e632b9aa4 /]# java -Xlog:os+container=trace -version
      [0.002s][trace][os,container] OSContainer::init: Initializing Container Support
      [0.003s][debug][os,container] Required cgroup memory subsystem not found
      openjdk version "11.0.4" 2019-07-16
      OpenJDK Runtime Environment 18.9 (build 11.0.4+11)
      OpenJDK 64-Bit Server VM 18.9 (build 11.0.4+11, mixed mode, sharing)


      [1] https://fedoraproject.org/wiki/Changes/CGroupsV2

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sgehwolf Severin Gehwolf
                Reporter:
                sgehwolf Severin Gehwolf
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: