Move daemon process into sub-cgroup #11412
Conversation
The daemon process is now moved into a new sub-cgroup called nix-daemon when the daemon starts. This is necessary to abide by the no-processes-in-inner-nodes rule, because the service cgroup becomes an inner node when the child cgroups for the build are created (see LocalDerivationGoal::startBuilder()). See NixOS#9675
|
This raises the question what happens when we're using cgroup-based resource control and we're not using the daemon. E.g. when running |
Static local initializers are atomic in C++.
|
@edolstra If I'm understanding things correctly, it's not really good practice to create cgroups except as a child of a cgroup that you yourself manage. We probably shouldn't be creating cgroups in the case where builds are run from a user shell. With systemd, typically only services would create cgroups, and you'd use One solution would be to just leave it up to the user to decide when to pass We could add a check in Perhaps the most user-friendly solution would be to add an option |
When `use-cgroups` is enabled, the nix daemon creates sub-cgroups for the build processes (and itself if NixOS/nix#11412 is merged, see NixOS/nix#9675). `Delegate` should be set to prevent systemd from messing with the nix service's cgroups (https://github.com/systemd/systemd/blob/main/docs/CGROUP_DELEGATION.md) and ensure the OOM killer only targets the offending derivation and not the entire service (NixOS/nix#10374).
|
We should ideally not be doing this and just allocate cgroups using the Systemd API. Then we don't need all these delegation shenanigans |
|
Do we want to create a hard dependency between nix-daemon and systemd? It might be worth looking at what docker and runc are doing since they face similar problems. |
|
I think we do. In cgroups V2 there is a single writer rule. That writer is systemd. Containerd and friends also depend on the systemd dbus API for managing cgroups. I think they support running in two modes. Either delegation where containerd creates the cgroups themselves and sets properties like memory and CPU, or containerd will create scope units through the We could do something similar where we support both. But it sounds complex. I don't know of any other cgroup management agents than Systemd and I haven't seen adoption of groupsv2 on non-systemd linuxes at all. So to be honest i think it makes sense to use dbus to create and edit cgroups. (Or varlink if they ever release that. Varlink we can implement without adding any new code dependencies to nix. As its just json over Unix domain sockets) Please see https://systemd.io/CONTROL_GROUP_INTERFACE/ for the rationale of why systemd needs to manage writes to cgroups centrally. Linuxes that are not systemd based can then disable the dbus dependency / cgroups feature with a meson flag and the groups feature will not be supported on those platforms. Or we can keep the mix of delegation and direct integration. Or we can only do delegation and keep managing cgroups ourselves |
|
Maybe we can keep delegation for now until clear usecase shows up on why the leaf cgroups should be Systemd managed. One usecase I can think of that is quite interesting: If a nix build is running a full OS, e.g. If we want to run lightweight nixos tests without kvm, we need to manually add code to delegate that cgroup down so the nested systemd running in the build doesn't run into issues. That might be complex? Whilst with systemd-managed cgroups we get it out of the box . (Just set Delegate=yes on the scope unit of the build) |
Motivation
Move the daemon process into its own sub-cgroup when using
--use-cgroups. This is necessary to abide by the no-processes-in-inner-nodes rule necessary for delegation of resource control (https://github.com/systemd/systemd/blob/main/docs/CGROUP_DELEGATION.md).Context
Closes: #9675
Priorities and Process
Add 👍 to pull requests you find important.
The Nix maintainer team uses a GitHub project board to schedule and track reviews.