-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[extension/cgroupruntime] Be aware of ECS task and CPU limits #36920
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding this, the code lgtm, just left a couple of nits/question.
@@ -220,6 +257,13 @@ func TestCgroupV2SudoIntegration(t *testing.T) { | |||
}) | |||
require.NoError(t, err) | |||
|
|||
if test.setECSMetadataURI { | |||
server := startMockECSServer() | |||
defer server.Close() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wdyt if we move this defer calls to the t.Cleanup function? That way is aligned with the other resources rollback strategy, and we are also safe on panics.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am unsure how to implement it as I see multiple options. I need to clean only if test.setECSMetadataURI
is true
. Because I find it handy to start the mock http server only if this same bool is true.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense to me, I think you could append the cleanup function inside the conditional. Something like:
if test.setECSMetadataURI {
server := startMockECSServer()
os.Setenv("ECS_CONTAINER_METADATA_URI_V4", server.URL)
t.Cleanup(func() {
server.Close()
os.Unsetenv("ECS_CONTAINER_METADATA_URI_V4")
})
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be resolved with latest commit 6212bde
@@ -63,6 +66,21 @@ func cgroupMaxCpu(filename string) (quota int64, period uint64, err error) { | |||
return quota, period, err | |||
} | |||
|
|||
func startMockECSServer() *httptest.Server { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does the integration test interact with this server? Is it a dependency for gomaxecs.IsECS()
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the gomaxecs library yes, it is making a http call to the ECS metadata uri.
Does it truly interacts ? I am not sure even for the github action CI, see my comment in the integration test PR.
Commands launched in Github action CI:
gotestsum --rerun-fails=1 --packages="./..." -- -race -timeout 360s -parallel 4 -skip Sudo -tags=integration,""
gotestsum --rerun-fails=1 --packages="./..." -- -race -timeout 360s -parallel 4 -skip Sudo -exec sudo -run Sudo -tags=integration,""
On my local workstation it is Skipped, compared to the github ci, I removed the -skip Sudo
flag, the output:
$ cd extension/cgroupruntimeextension
$ ../../.tools/gotestsum --rerun-fails=1 --packages="./..." -- -race -timeout 360s -parallel 4 -tags=integration,""
∅ internal/metadata
✓ . (1.056s)
=== Skipped
=== SKIP: . TestCgroupV2SudoIntegration (0.00s)
integration_test.go:48: System running in hybrid or cgroupv1 mode
DONE 15 tests, 1 skipped in 5.366s
I could run the tests in a docker container with some cgroups, open to any suggestion for making the integration test pass.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you help me identify where the gomaxecs library does the http call to the ECS metadata URI? I quickly checked the IsECS
method and brought me to this GetECSMetadataURI method, which just looks for the environment variable.
I could run the tests in a docker container with some cgroups, open to any suggestion for making the integration test pass.
Nice catch, just pushed this small fix to make them run #36941
It seems that a changelog file is missing (make ch-new
) and the linting CI is complaining. Could you please take a look?
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi
- I rebased the main branch
- Added a changelog entry
The http call is not made using IsECS()
but within gomaxecs.Set()
function call.
I am wondering to revert the current integration test proposition because it is bad implementation.
Proposition is to create a dedicated integration test because it needs to make the http call mocked in order to do a proper integration test. Let me know, multiple options available.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe adding a few more test cases (e.g. no container CPU limit defined) would help to understand the behavior, but this approach already looks good to me. Looks very similar to what gomaxecs
is currently doing: https://github.com/rdforte/gomaxecs/blob/main/internal/task/task_test.go#L455
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just pushed a change 6212bde
Signed-off-by: Romain Dauby <[email protected]>
Signed-off-by: Romain Dauby <[email protected]>
ca7a668
to
0831dfa
Compare
@rogercoll writing my local setup for executing the integration test, let me know if I write it in the README or somewhere else. Inside the extension folder, start a privileged docker container and share the code cd extension/cgroupruntimeextension
docker run -ti --privileged --cgroupns=host -v $(pwd):/workspace -w /workspace debian:bookworm-slim Install Go and gcc to run the integration test apt update && apt install -y wget sudo gcc && wget https://go.dev/dl/go1.23.4.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.23.4.linux-amd64.tar.gz && export PATH=$PATH:/usr/local/go/bin && go version && rm go1.23.4.linux-amd64.tar.gz Run the integration test CGO_ENABLED=1 go test -v -exec sudo -race -timeout 360s -parallel 4 -tags=integration,"" |
That would be more than welcomed, feel free to update the README (in this or a follow-up PR). Thanks! |
@@ -144,6 +168,71 @@ func TestCgroupV2SudoIntegration(t *testing.T) { | |||
// 134217728 * 0.1 | |||
expectedGoMemLimit: 13421772, | |||
}, | |||
{ | |||
name: "AWS ECS 90% the max cgroup memory and 12 GOMAXPROCS", | |||
cgroupCpuQuota: pointerInt64(100000), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wdyt of using the cgroupCpuQuoata
variable to set the task/container CPU limits? (instead of expectedGoMaxProcs*1024
)? That way is more aligned to other test cases.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Discussion continuing here: #36920 (comment)
// to get the Cgroup CPU quota from the httptest server | ||
cleanECS := func() {} | ||
if test.setECSMetadataURI { | ||
server := testServerECSMetadata(t, test.expectedGoMaxProcs*1024, test.expectedGoMaxProcs*1024) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Related to the comment above, maybe using cgroupCpuQuota
might be more appropriate here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The cgroup2 manager.update()
is still applying the settings. I would even prefer in the ECS tests to put values in cgroupCpuQuota
and cgroupCpuPeriod
that have nothing to do with the expectedGoMaxProcs
value. To prove the code fetched the value from the HTTP endpoint.
Because if IsECS() == true
whatever you set in the cgroup, the lib will make a http call to the ECS metadata uri and set GOMAXPROCS
.
So I see 3 viable options:
- Keep as is
- Only change the
cgroupCpuQuota
.. not aligned withexpectedGoMaxProcs
to prove the HTTP call is happening and working - Move the ECS tests into a new func next to
func TestCgroupV2SudoIntegration(t *testing.T) {}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Taking into account that cgroupCpuQuota
and cgroupCpuPeriod
won't be taken into consideration if IsECS() == true
, I would go with option 3. It seems to me that having a new TestECSCgroupV2SudoIntegration
will provide a cleaner testing interface.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Proposition: 12db2c1
I moved some redundant code into functions in order to make it cleaner and that's debatable.
Proposition to start a CONTRIBUTING page: a510187 |
|
||
## Testing | ||
|
||
To run the integration tests locally for this extension, you can follow theses steps in a Linux environment. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that some Linux distributions already run systemd under cgroupv2, in that case, integration tests can be run without the docker workaround.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Notice added 12acc97
// to get the Cgroup CPU quota from the httptest server | ||
cleanECS := func() {} | ||
if test.setECSMetadataURI { | ||
server := testServerECSMetadata(t, test.expectedGoMaxProcs*1024, test.expectedGoMaxProcs*1024) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Taking into account that cgroupCpuQuota
and cgroupCpuPeriod
won't be taken into consideration if IsECS() == true
, I would go with option 3. It seems to me that having a new TestECSCgroupV2SudoIntegration
will provide a cleaner testing interface.
Description
Allow the cgroupruntime extension to set GOMAXPROCS based on AWS ECS metadata. See related issue for detailed informations.
Link to tracking issue
Fixes #36814
Testing
Added integration test with
httptest
for the ECS metadata endpoint.Something to clarify: #36617 (comment)
Documentation
Added extension name and link in the README.