Please review this enhancement to the container detection code which allows it
to figure out whether the JVM is actually running inside a container (`podman`,
`docker`, `crio`), or with some other means that enforces memory/cpu limits by
means of the cgroup filesystem. If neither of those conditions hold, the JVM
runs in not containerized mode, addressing the issue described in the JBS
tracker. For example, on my Linux system `is_containerized() == false" is being
indicated with the following trace log line:
[0.001s][debug][os,container] OSContainer::init: is_containerized() = false
because no cpu or memory limit is present
This state is being exposed by the Java `Metrics` API class using the new
(still JDK internal) `isContainerized()` method. Example:
java -XshowSettings:system --version
Operating System Metrics:
Provider: cgroupv1
System not containerized.
openjdk 23-internal 2024-09-17
OpenJDK Runtime Environment (fastdebug build 23-internal-adhoc.sgehwolf.jdk-jdk)
OpenJDK 64-Bit Server VM (fastdebug build 23-internal-adhoc.sgehwolf.jdk-jdk,
mixed mode, sharing)
The basic property this is being built on is the observation that the cgroup
controllers typically get mounted read only into containers. Note that the
current container tests assert that `OSContainer::is_containerized() == true`
in various tests. Therefore, using the heuristic of "is any memory or cpu limit
present" isn't sufficient. I had considered that in an earlier iteration, but
many container tests failed.
Overall, I think, with this patch we improve the current situation of claiming
a containerized system being present when it's actually just a regular Linux
system.
Testing:
- [x] GHA (risc-v failure seems infra related)
- [x] Container tests on Linux x86_64 of cgroups v1 and cgroups v2 (including
gtests)
- [x] Some manual testing using cri-o
Thoughts?
-------------
Commit messages:
- jcheck fixes
- Fix tests
- Implement Metrics.isContainerized()
- Some clean-up
- Drop cgroups testing on plain Linux
- Implement fall-back logic for non-ro controller mounts
- Make find_ro static and local to compilation unit
- 8261242: [Linux] OSContainer::is_containerized() returns true
Changes: https://git.openjdk.org/jdk/pull/18201/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=18201&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8261242
Stats: 360 lines in 20 files changed: 258 ins; 78 del; 24 mod
Patch: https://git.openjdk.org/jdk/pull/18201.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/18201/head:pull/18201
PR: https://git.openjdk.org/jdk/pull/18201
