Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libct/devices: move config to libct/cg/devices/config #4577

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Jan 4, 2025

This is the next step to facilitate separation of libct/cgroups as per https://github.com/opencontainers/tob/blob/main/proposals/cgroups.md

Currently, libcontainer/devices contains two things:

  1. Device-related configuration data structures and accompanying
    methods. Those are used by runc itself, mostly by libct/cgroups.

  2. A few functions (HostDevices, DeviceFromPath, GetDevices).
    Those are not used by runc directly, but have some external users
    (cri-o, microsoft/hcsshim), and they also have a few forks
    (containerd/pkg/oci, podman/pkg/util).

This commit moves (1) to a new separate package, config (under
libcontainer/cgroups/devices), adding a backward-compatible aliases
(marked as deprecated so we will be able to remove those later).

(As for (2), I think something like moby/sys#181 should be done)

Currently, libcontainer/devices contains two things:

1. Device-related configuration data structures and accompanying
   methods. Those are used by runc itself, mostly by libct/cgroups.

2. A few functions (HostDevices, DeviceFromPath, GetDevices).
   Those are not used by runc directly, but have some external users
   (cri-o, microsoft/hcsshim), and they also have a few forks
   (containerd/pkg/oci, podman/pkg/util).

This commit moves (1) to a new separate package, config (under
libcontainer/cgroups/devices), adding a backward-compatible aliases
(marked as deprecated so we will be able to remove those later).

Alas it's not possible to move this to libcontainer/cgroups directly
because some IDs (Type, Rule, Permissions) are too generic, and renaming
them (to DeviceType, DeviceRule, DevicePermissions) will break backward
compatibility (mostly due to Rule being embedded into Device).

Signed-off-by: Kir Kolyshkin <[email protected]>
Use the old package name as an alias to minimize the patch.

No functional change; this just eliminates a bunch of deprecation
warnings.

Signed-off-by: Kir Kolyshkin <[email protected]>
@kolyshkin
Copy link
Contributor Author

So,

  1. this CAN NOT be moved to libcontainer/cgroups (like we did with the rest of cgroups-related configs in libct/configs: move cgroup configs to libct/cgroups #4472) because some IDs (Type, Rule, Permissions) are too generic, and renaming them (to DeviceType, DeviceRule, DevicePermissions) will break backward compatibility (mostly due to Rulebeing embedded intoDevice`);
  2. this CAN NOT be moved to libcontainer/cgroups/devices as it is a special package (importing it enables cgroup managers to manage devices (see https://github.com/opencontainers/runc/blob/main/libcontainer/cgroups/devices/devices.go) and makes binaries larger due to more dependencies like cilium/ebpf);
  3. this CAN be moved to any other new package under libct/cgroups, e.g. libcontainer/cgroups/devconfig or something like this) -- please let me know it it's better than devices/config;
  4. this COULD HAVE BEEN moved to libcontainer/cgroups/configs but in libct/configs: move cgroup configs to libct/cgroups #4472 we've decided to go without this package (although I should have thought about devices at that time, and I missed it).

So, it's either the way it is now in this PR, or we can break the backward compatibility and go with 1, or we go with 3.

WDYT @thaJeztah ?

@kolyshkin
Copy link
Contributor Author

I want libcontainer/cgroups to be moved to https://github.com/opencontainers/cgroups before we hit v1.3.0, and this is a necessary step. PTAL @opencontainers/runc-maintainers 🙏

@@ -19,13 +19,6 @@ var (
osReadDir = os.ReadDir
)

func mkDev(d *Rule) (uint64, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just only a question, in fact, it seems that all things in this file are not used by runc after we moved this function to another place, maybe we can mark the whole package deprecated? But maybe they are used by some other projects, so we need to keep these unneeded codes here?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because of the above reason, I suggest to move all this file to ‘github.com/opencontainers/runc/libcontainer/cgroups/devices/config’, the other reason is that if someone wants to use these functions besides with ‘github.com/opencontainers/runc/libcontainer/cgroups/devices/config’, he needs to import these two packages, it will make us confused. WDYT?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems that all things in this file are not used by runc after we moved this function to another place, maybe we can mark the whole package deprecated?

We could, but usually while doing so, you have to suggest a replacement. Alas, I can't suggest any replacement at this time. As noted in this PR description, there are forks of this code (in containerd/pkg/oci and podman/pkg/util) but they are not a direct replacement.

But maybe they are used by some other projects, so we need to keep these unneeded codes here?

Exactly. As noted in description:

  1. A few functions (HostDevices, DeviceFromPath, GetDevices).
    Those are not used by runc directly, but have some external users
    (cri-o, microsoft/hcsshim)

So,

  • we can't remove this;
  • we can't mark them deprecated (as we can't offer an alternative);

The long-term plan for this is also in the description:

(As for (2), I think something like moby/sys#181 should be done)

Now,

Because of the above reason, I suggest to move all this file to ‘github.com/opencontainers/runc/libcontainer/cgroups/devices/config’

So, these two things (1 and 2 in the description) are really not related. 1 is used by runc (in particular, by libcontainer/cgroups) and this is why this PR moves it there. 2 has some external users, and the long term plan is to move it to moby (see moby/sys#181).

The big picture here is, we want to move libcontainer/cgroups to a separate repository (see https://github.com/opencontainers/tob/blob/main/proposals/cgroups.md), and for that we need to make it as self-contained as possible. For this, (1) from the description goes to libcontainer/cgroups, and (2) stays where it is.

Let me know if I can clarify this further.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I got it now, thanks your explanation, it seems that the current solution is the best decision at this time.

lifubang
lifubang previously approved these changes Jan 16, 2025
@lifubang lifubang dismissed their stale review January 16, 2025 17:11

Needs more change

Copy link
Member

@rata rata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks! Great to have progress on this front to separate the repo!

I'm slowly coming back and catching up!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants