Skip to content

Allow disabling fsync on log rotate and pod shutdown #8363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Aug 15, 2024
Merged

Allow disabling fsync on log rotate and pod shutdown #8363

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5a2e10e
Allow disabling fsync on log rotate and pod shutdown
rtreffer Jul 9, 2024
6e3685c
Update manpage for --no-sync-log
rtreffer Jul 10, 2024
8eed3d8
Update crio.conf manpage for no_sync_log
rtreffer Jul 10, 2024
b8d9714
Fix "data loss" description of no_sync_log setting
rtreffer Jul 11, 2024
3d778ed
Rework no_sync_log to be a runtimes.runtime setting
rtreffer Jul 27, 2024
a048e15
Fix trailing whitespace in docs
rtreffer Jul 28, 2024
9ee9157
Move config warning for NoSyncLog
rtreffer Aug 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions docs/crio.conf.5.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -364,6 +364,10 @@ The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes. Th
**platform_runtime_paths**={}
A mapping of platforms to the corresponding runtime executable paths for the runtime handler.

**no_sync_log**=false
If set to true, the runtime will not sync the log file on rotate or container exit. This option is only valid for the 'oci'
runtime type. Setting this option to true can cause data loss, e.g. when a machine crash happens.

### CRIO.RUNTIME.WORKLOADS TABLE
The "crio.runtime.workloads" table defines a list of workloads - a way to customize the behavior of a pod and container.
A workload is chosen for a pod based on whether the workload's **activation_annotation** is an annotation on the pod.
Expand Down
3 changes: 3 additions & 0 deletions internal/oci/runtime_oci.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,9 @@ func (r *runtimeOCI) CreateContainer(ctx context.Context, c *Container, cgroupPa
if r.config.LogSizeMax >= 0 {
args = append(args, "--log-size-max", strconv.FormatInt(r.config.LogSizeMax, 10))
}
if r.handler.NoSyncLog {
args = append(args, "--no-sync-log")
}
if r.config.LogToJournald {
args = append(args, "--log-path", "journald:")
}
Expand Down
21 changes: 21 additions & 0 deletions pkg/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,10 @@ type RuntimeHandler struct {
// ContainerMinMemory is the minimum memory that must be set for a container.
ContainerMinMemory string `toml:"container_min_memory,omitempty"`

// NoSyncLog if enabled will disable fsync on log rotation and container exit.
// This can improve performance but may result in data loss on hard system crashes.
NoSyncLog bool `toml:"no_sync_log"`

// Output of the "features" subcommand.
// This is populated dynamically and not read from config.
features runtimeHandlerFeatures
Expand Down Expand Up @@ -1567,6 +1571,9 @@ func (r *RuntimeHandler) Validate(name string) error {
if err := r.ValidateRuntimeAllowedAnnotations(); err != nil {
return err
}
if err := r.ValidateNoSyncLog(); err != nil {
return err
}
return r.ValidateRuntimeType(name)
}

Expand Down Expand Up @@ -1647,6 +1654,20 @@ func (r *RuntimeHandler) ValidateRuntimeAllowedAnnotations() error {
return nil
}

// ValidateNoSyncLog checks if the `NoSyncLog` is used with the correct `RuntimeType` ('oci').
func (r *RuntimeHandler) ValidateNoSyncLog() error {
if !r.NoSyncLog {
return nil
}
// no_sync_log can only be used with the 'oci' runtime type.
// This means that the runtime type must be set to 'oci' or left empty
if r.RuntimeType == DefaultRuntimeType || r.RuntimeType == "" {
logrus.Warn("NoSyncLog is enabled. This can lead to lost log data")
return nil
}
return fmt.Errorf("no_sync_log is only allowed with runtime type 'oci', runtime type is '%s'", r.RuntimeType)
}

// SetContainerMinMemory sets the minimum container memory for a given runtime.
// assigns defaultContainerMinMemory if no container_min_memory provided.
func (r *RuntimeHandler) SetContainerMinMemory() (int64, error) {
Expand Down
37 changes: 37 additions & 0 deletions pkg/config/config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,43 @@ var _ = t.Describe("Config", func() {
Expect(sut.Runtimes["runc"].AllowedAnnotations).To(ContainElement(crioann.DevicesAnnotation))
Expect(sut.Runtimes["runc"].DisallowedAnnotations).NotTo(ContainElement(crioann.DevicesAnnotation))
})

It("should allow no_sync_log for implicit default runtime", func() {
sut.Runtimes["runc"] = &config.RuntimeHandler{
RuntimePath: validFilePath,
}
sut.Runtimes["runc"].NoSyncLog = true

err := sut.Runtimes["runc"].Validate("runc")

Expect(err).ToNot(HaveOccurred())
Expect(sut.Runtimes["runc"].NoSyncLog).To(BeTrue())
})

It("should allow no_sync_log for the 'oci' runtime", func() {
sut.Runtimes["runc"] = &config.RuntimeHandler{
RuntimePath: validFilePath,
RuntimeType: "oci",
}
sut.Runtimes["runc"].NoSyncLog = true

err := sut.Runtimes["runc"].Validate("runc")

Expect(err).ToNot(HaveOccurred())
Expect(sut.Runtimes["runc"].NoSyncLog).To(BeTrue())
})

It("should disallow no_sync_log for the 'vm' runtime", func() {
sut.Runtimes["kata"] = &config.RuntimeHandler{
RuntimePath: "containerd-shim-kata-qemu-v2", RuntimeType: config.RuntimeTypeVM,
}
sut.Runtimes["kata"].NoSyncLog = true

err := sut.Runtimes["kata"].ValidateNoSyncLog()

Expect(err).To(HaveOccurred())
Expect(err).To(MatchError("no_sync_log is only allowed with runtime type 'oci', runtime type is 'vm'"))
})
})

t.Describe("ValidateConmonPath", func() {
Expand Down
4 changes: 4 additions & 0 deletions pkg/config/template.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1238,6 +1238,7 @@ const templateStringCrioRuntimeRuntimesRuntimeHandler = `# The "crio.runtime.run
# privileged_without_host_devices = false
# allowed_annotations = []
# platform_runtime_paths = { "os/arch" = "/path/to/binary" }
# no_sync_log = false
# Where:
# - runtime-handler: Name used to identify the runtime.
# - runtime_path (optional, string): Absolute path to the runtime executable in
Expand Down Expand Up @@ -1284,6 +1285,9 @@ const templateStringCrioRuntimeRuntimesRuntimeHandler = `# The "crio.runtime.run
# - container_min_memory (optional, string): The minimum memory that must be set for a container.
# This value can be used to override the currently set global value for a specific runtime. If not set,
# a global default value of "12 MiB" will be used.
# - no_sync_log (optional, bool): If set to true, the runtime will not sync the log file on rotate or container exit.
# This option is only valid for the 'oci' runtime type. Setting this option to true can cause data loss, e.g.
# when a machine crash happens.
#
# Using the seccomp notifier feature:
#
Expand Down