[extension/cgroupruntime] Be aware of ECS task and CPU limits #36920
Conversation
| @@ -220,6 +257,13 @@ func TestCgroupV2SudoIntegration(t *testing.T) { | |||
| }) | |||
| require.NoError(t, err) | |||
|
|
|||
| if test.setECSMetadataURI { | |||
| server := startMockECSServer() | |||
| defer server.Close() | |||
There was a problem hiding this comment.
Wdyt if we move this defer calls to the t.Cleanup function? That way is aligned with the other resources rollback strategy, and we are also safe on panics.
There was a problem hiding this comment.
I am unsure how to implement it as I see multiple options. I need to clean only if test.setECSMetadataURI is true. Because I find it handy to start the mock http server only if this same bool is true.
There was a problem hiding this comment.
Makes sense to me, I think you could append the cleanup function inside the conditional. Something like:
if test.setECSMetadataURI {
server := startMockECSServer()
os.Setenv("ECS_CONTAINER_METADATA_URI_V4", server.URL)
t.Cleanup(func() {
server.Close()
os.Unsetenv("ECS_CONTAINER_METADATA_URI_V4")
})
}There was a problem hiding this comment.
Should be resolved with latest commit 6212bde
| @@ -63,6 +66,21 @@ func cgroupMaxCpu(filename string) (quota int64, period uint64, err error) { | |||
| return quota, period, err | |||
| } | |||
|
|
|||
| func startMockECSServer() *httptest.Server { | |||
There was a problem hiding this comment.
Does the integration test interact with this server? Is it a dependency for gomaxecs.IsECS()?
There was a problem hiding this comment.
For the gomaxecs library yes, it is making a http call to the ECS metadata uri.
Does it truly interacts ? I am not sure even for the github action CI, see my comment in the integration test PR.
Commands launched in Github action CI:
gotestsum --rerun-fails=1 --packages="./..." -- -race -timeout 360s -parallel 4 -skip Sudo -tags=integration,""
gotestsum --rerun-fails=1 --packages="./..." -- -race -timeout 360s -parallel 4 -skip Sudo -exec sudo -run Sudo -tags=integration,""On my local workstation it is Skipped, compared to the github ci, I removed the -skip Sudo flag, the output:
$ cd extension/cgroupruntimeextension
$ ../../.tools/gotestsum --rerun-fails=1 --packages="./..." -- -race -timeout 360s -parallel 4 -tags=integration,""
∅ internal/metadata
✓ . (1.056s)
=== Skipped
=== SKIP: . TestCgroupV2SudoIntegration (0.00s)
integration_test.go:48: System running in hybrid or cgroupv1 mode
DONE 15 tests, 1 skipped in 5.366s
I could run the tests in a docker container with some cgroups, open to any suggestion for making the integration test pass.
There was a problem hiding this comment.
Could you help me identify where the gomaxecs library does the http call to the ECS metadata URI? I quickly checked the IsECS method and brought me to this GetECSMetadataURI method, which just looks for the environment variable.
I could run the tests in a docker container with some cgroups, open to any suggestion for making the integration test pass.
Nice catch, just pushed this small fix to make them run #36941
It seems that a changelog file is missing (make ch-new) and the linting CI is complaining. Could you please take a look?
Thanks!
There was a problem hiding this comment.
Hi
- I rebased the main branch
- Added a changelog entry
The http call is not made using IsECS() but within gomaxecs.Set() function call.
I am wondering to revert the current integration test proposition because it is bad implementation.
Proposition is to create a dedicated integration test because it needs to make the http call mocked in order to do a proper integration test. Let me know, multiple options available.
There was a problem hiding this comment.
Maybe adding a few more test cases (e.g. no container CPU limit defined) would help to understand the behavior, but this approach already looks good to me. Looks very similar to what gomaxecs is currently doing: https://github.com/rdforte/gomaxecs/blob/main/internal/task/task_test.go#L455
Signed-off-by: Romain Dauby <[email protected]>
Signed-off-by: Romain Dauby <[email protected]>
r0mdau
force-pushed
the
gomaxecs-procs
branch
from
ca7a668 to
0831dfa
Compare
|
@rogercoll writing my local setup for executing the integration test, let me know if I write it in the README or somewhere else. Inside the extension folder, start a privileged docker container and share the code cd extension/cgroupruntimeextension
docker run -ti --privileged --cgroupns=host -v $(pwd):/workspace -w /workspace debian:bookworm-slimInstall Go and gcc to run the integration test apt update && apt install -y wget sudo gcc && wget https://go.dev/dl/go1.23.4.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.23.4.linux-amd64.tar.gz && export PATH=$PATH:/usr/local/go/bin && go version && rm go1.23.4.linux-amd64.tar.gzRun the integration test CGO_ENABLED=1 go test -v -exec sudo -race -timeout 360s -parallel 4 -tags=integration,"" |
Description
Allow the cgroupruntime extension to set GOMAXPROCS based on AWS ECS metadata. See related issue for detailed informations.
Link to tracking issue
Fixes #36814
Testing
Added integration test with
httptestfor the ECS metadata endpoint.Something to clarify: #36617 (comment)
Documentation
Added extension name and link in the README.