-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add pprof to runc-shim #10242
base: main
Are you sure you want to change the base?
Add pprof to runc-shim #10242
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One minor nit, overall LGTM
@@ -449,6 +454,13 @@ func serve(ctx context.Context, server *ttrpc.Server, signals chan os.Signal, sh | |||
log.G(ctx).WithError(err).Fatal("containerd-shim: ttrpc server failure") | |||
} | |||
}() | |||
|
|||
if debugFlag { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To enable pprof, we'd need to specify both -debug
and -debug-socket
here, right?
Possibly we can simplify this and enable when -debug-socket != ""
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How is debug-socket
flag getting passed down to the shim call?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The unix socket address is generated by sha256.Sum256
.
[root@devnode1 containerd]# ctr c ls
CONTAINER IMAGE RUNTIME
mydemo docker.io/library/nginx:latest io.containerd.runc.v2
[root@devnode1 containerd]# ls /run/containerd/s/
0b6efc3510d8ebcb7d27d04dfe4444511fcb6a1fb95411e15b50888cdec86dc3
12bede06714e38de587a8a27a83b967a4a5263ff48c6186a4ec274927a8bc692
[root@devnode1 containerd]# echo -n /run/containerd/containerd.sock/default/mydemo | sha256sum
0b6efc3510d8ebcb7d27d04dfe4444511fcb6a1fb95411e15b50888cdec86dc3 -
[root@devnode1 containerd]# echo -n /run/containerd/containerd.sock/default/mydemo/debug | sha256sum
12bede06714e38de587a8a27a83b967a4a5263ff48c6186a4ec274927a8bc692 -
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes the debug-socket
is not used or passed down in regular case, where the shim is spawned by containerd.
I created this cmd option for two reasons:
- By following the existing pattern in shim where the
socket
cmd option is optionally passed in and used as the socket for all shim requests. Similarly when shim is spawned by containerd thesocket
option is not used, and the socket addr is generated in the format ofcontainerd-sock/ns/container-id
; - IMO both
socket
anddebug-socket
would be useful when debugging the shim standalone (manual launch instead of spawned by containerd). In this case a user can specify a well-known socket addr.
|
||
cmd.ExtraFiles = append(cmd.ExtraFiles, f) | ||
if opts.Debug { | ||
s, err = newShimSocket(ctx, opts.Address, grouping, true) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will create a new debug socket for pprof, which results in shim creating two sockets. Is it prossible to use just one socket instead?
[root@devnode1 containerd]# ls /run/containerd/s/
[root@devnode1 containerd]# ctr run -d docker.io/library/nginx:latest mydemo
[root@devnode1 containerd]# ls /run/containerd/s/
0b6efc3510d8ebcb7d27d04dfe4444511fcb6a1fb95411e15b50888cdec86dc3
12bede06714e38de587a8a27a83b967a4a5263ff48c6186a4ec274927a8bc692
[root@devnode1 containerd]# ctr shim --id mydemo pprof goroutines > goroutines.prof
[root@devnode1 containerd]#
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have to create a separate socket for pprof because
- The regular endpoint and pprof endpoint do not share protocols (ttrpc vs http)
- A number of pprof command could potentially block the socket for a long period of time. e.g. the
trace
command can take asecond
parameter and trace the program for an arbitrary timeframe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your explanation, I understand now.
LGTM |
cmd/ctr/commands/shim/shim.go
Outdated
@@ -75,6 +75,7 @@ var Command = &cli.Command{ | |||
execCommand, | |||
startCommand, | |||
stateCommand, | |||
pporfCommand, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor nit: "s/pporfCommand/pprofCommand/"
Signed-off-by: Henry Wang <henwang@amazon.com>
d := sha256.Sum256([]byte(filepath.Join(socketPath, ns, id))) | ||
path := filepath.Join(socketPath, ns, id) | ||
if debug { | ||
path = filepath.Join(path, "debug") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is is required to add debug
here? If I understand it correctly, the pprof is using different socket address.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The socket address used by pprof in shim is created in the Start
routine by passing in the debug=true
flag here.
Both regular service socket and the new debug socket addresses are created by this function, based on the socketPath
argument. In both cases, the value of this argument is the containerd's listening socket address - /run/containerd/containerd.sock
(Also see the observation here).
So we need to append the debug
string at the end to distinguish it from the regular service socket.
Adding pprof capability to containerd-runc-shim-v2.
This makes the shim to expose an additional debugging endpoint when running in DEBUG mode. And users can capture pprof data via ctr:
e.g. To capture the heap profile for the shim hosting container "test":