Add pprof to runc-shim #10242

henry118 · 2024-05-17T18:39:01Z

Adding pprof capability to containerd-runc-shim-v2.

This makes the shim to expose an additional debugging endpoint when running in DEBUG mode. And users can capture pprof data via ctr:

NAME:
   ctr shim pprof - Provide golang pprof outputs for containerd-shim

USAGE:
   ctr shim pprof command [command options] 

COMMANDS:
   block         Goroutine blocking profile
   goroutines    Dump goroutine stack dump
   heap          Dump heap profile
   profile       CPU profile
   threadcreate  Goroutine thread creating profile
   trace         Collect execution trace
   help, h       Shows a list of commands or help for one command

OPTIONS:
   --help, -h  Show help (default: false)

e.g. To capture the heap profile for the shim hosting container "test":

ctr shim --id test pprof heap >heap.prof

mxpv

One minor nit, overall LGTM

mxpv · 2024-05-21T21:17:06Z

pkg/shim/shim.go

@@ -449,6 +454,13 @@ func serve(ctx context.Context, server *ttrpc.Server, signals chan os.Signal, sh
 			log.G(ctx).WithError(err).Fatal("containerd-shim: ttrpc server failure")
 		}
 	}()
+
+	if debugFlag {


To enable pprof, we'd need to specify both -debug and -debug-socket here, right?
Possibly we can simplify this and enable when -debug-socket != "" ?

How is debug-socket flag getting passed down to the shim call?

I have analyzed the code.
@mxpv Only the -debug flag is needed to enable pprof.
@dmcgowan The -debug-socket is not necessary. If -debug-socket is not passed, shim calls os.NewFile(4, 'socket') to obtain the fd passed by containerd.
@henry118 Is my understanding correct?

The unix socket address is generated by sha256.Sum256.

[root@devnode1 containerd]# ctr c ls CONTAINER IMAGE RUNTIME mydemo docker.io/library/nginx:latest io.containerd.runc.v2 [root@devnode1 containerd]# ls /run/containerd/s/ 0b6efc3510d8ebcb7d27d04dfe4444511fcb6a1fb95411e15b50888cdec86dc3 12bede06714e38de587a8a27a83b967a4a5263ff48c6186a4ec274927a8bc692 [root@devnode1 containerd]# echo -n /run/containerd/containerd.sock/default/mydemo | sha256sum 0b6efc3510d8ebcb7d27d04dfe4444511fcb6a1fb95411e15b50888cdec86dc3 - [root@devnode1 containerd]# echo -n /run/containerd/containerd.sock/default/mydemo/debug | sha256sum 12bede06714e38de587a8a27a83b967a4a5263ff48c6186a4ec274927a8bc692 -

Yes the debug-socket is not used or passed down in regular case, where the shim is spawned by containerd.

I created this cmd option for two reasons:

By following the existing pattern in shim where the socket cmd option is optionally passed in and used as the socket for all shim requests. Similarly when shim is spawned by containerd the socket option is not used, and the socket addr is generated in the format of containerd-sock/ns/container-id;

IMO both socket and debug-socket would be useful when debugging the shim standalone (manual launch instead of spawned by containerd). In this case a user can specify a well-known socket addr.

ZhangShuaiyi · 2024-05-22T11:31:40Z

cmd/containerd-shim-runc-v2/manager/manager_linux.go


-	cmd.ExtraFiles = append(cmd.ExtraFiles, f)
+	if opts.Debug {
+		s, err = newShimSocket(ctx, opts.Address, grouping, true)


This will create a new debug socket for pprof, which results in shim creating two sockets. Is it prossible to use just one socket instead?

[root@devnode1 containerd]# ls /run/containerd/s/ [root@devnode1 containerd]# ctr run -d docker.io/library/nginx:latest mydemo [root@devnode1 containerd]# ls /run/containerd/s/ 0b6efc3510d8ebcb7d27d04dfe4444511fcb6a1fb95411e15b50888cdec86dc3 12bede06714e38de587a8a27a83b967a4a5263ff48c6186a4ec274927a8bc692 [root@devnode1 containerd]# ctr shim --id mydemo pprof goroutines > goroutines.prof [root@devnode1 containerd]#

We have to create a separate socket for pprof because

The regular endpoint and pprof endpoint do not share protocols (ttrpc vs http)

A number of pprof command could potentially block the socket for a long period of time. e.g. the trace command can take a second parameter and trace the program for an arbitrary timeframe.

Thank you for your explanation, I understand now.

ZhangShuaiyi · 2024-05-27T11:13:07Z

LGTM

estesp · 2024-05-28T16:44:49Z

cmd/ctr/commands/shim/shim.go

@@ -75,6 +75,7 @@ var Command = &cli.Command{
 		execCommand,
 		startCommand,
 		stateCommand,
+		pporfCommand,


minor nit: "s/pporfCommand/pprofCommand/"

cmd/ctr/commands/shim/pprof.go

Signed-off-by: Henry Wang <henwang@amazon.com>

henry118 · 2024-06-03T16:54:20Z

@mxpv @dmcgowan @estesp Mind taking another look? Feel free to let me know anything required to merge this. Thanks :)

fuweid · 2024-06-05T06:23:54Z

pkg/shim/util_unix.go

-	d := sha256.Sum256([]byte(filepath.Join(socketPath, ns, id)))
+	path := filepath.Join(socketPath, ns, id)
+	if debug {
+		path = filepath.Join(path, "debug")


is is required to add debug here? If I understand it correctly, the pprof is using different socket address.

The socket address used by pprof in shim is created in the Start routine by passing in the debug=true flag here.

Both regular service socket and the new debug socket addresses are created by this function, based on the socketPath argument. In both cases, the value of this argument is the containerd's listening socket address - /run/containerd/containerd.sock (Also see the observation here).

So we need to append the debug string at the end to distinguish it from the regular service socket.

k8s-ci-robot added the size/XL label May 17, 2024

henry118 force-pushed the shim-pprof branch from a3b1f6b to f5c01a9 Compare May 17, 2024 19:13

henry118 requested review from mxpv, dmcgowan and fuweid May 21, 2024 18:52

mxpv reviewed May 21, 2024

View reviewed changes

ZhangShuaiyi reviewed May 22, 2024

View reviewed changes

estesp reviewed May 28, 2024

View reviewed changes

cmd/ctr/commands/shim/pprof.go Outdated Show resolved Hide resolved

Add pprof to runc-shim

4df4afb

Signed-off-by: Henry Wang <henwang@amazon.com>

henry118 force-pushed the shim-pprof branch from f5c01a9 to 4df4afb Compare May 28, 2024 20:16

estesp approved these changes Jun 4, 2024

View reviewed changes

fuweid reviewed Jun 5, 2024

View reviewed changes

mxpv approved these changes Jun 12, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add pprof to runc-shim #10242

Add pprof to runc-shim #10242

henry118 commented May 17, 2024

mxpv left a comment

mxpv May 21, 2024

dmcgowan May 22, 2024

ZhangShuaiyi May 22, 2024

ZhangShuaiyi May 22, 2024

henry118 May 22, 2024

ZhangShuaiyi May 22, 2024

henry118 May 22, 2024

ZhangShuaiyi May 23, 2024

ZhangShuaiyi commented May 27, 2024

estesp May 28, 2024

henry118 commented Jun 3, 2024

fuweid Jun 5, 2024

henry118 Jun 5, 2024

Add pprof to runc-shim #10242

Are you sure you want to change the base?

Add pprof to runc-shim #10242

Conversation

henry118 commented May 17, 2024

mxpv left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

ZhangShuaiyi commented May 27, 2024

Choose a reason for hiding this comment

henry118 commented Jun 3, 2024

Choose a reason for hiding this comment

Choose a reason for hiding this comment