Enable memory monitoring in CS #391
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yawangwang
force-pushed
the
memory-monitoring
branch
2 times, most recently
from
6ca4484 to
8f89e86
Compare
yawangwang
force-pushed
the
memory-monitoring
branch
4 times, most recently
from
d9dd1d9 to
798579f
Compare
jkl73
reviewed
Nov 20, 2023
launcher/container_runner.go
Outdated
| } | ||
| r.logger.Println("node-problem-detector.service successfully started.") | ||
| } else { | ||
| r.logger.Println("node-problem-detector.service disabled.") |
There was a problem hiding this comment.
"MemoryMonitoring is disabled" to be consistent
| // a problem daemon in node-problem-detector that collects pre-defined health-related metrics from different system components. | ||
| // For now we only consider collecting memory related metrics. | ||
| // View the comprehensive configuration details on https://github.com/kubernetes/node-problem-detector/tree/master/pkg/systemstatsmonitor#detailed-configuration-options | ||
| type SystemStatsConfig struct { |
There was a problem hiding this comment.
I'm not sure about this configuration here, I thought system-stats-monitor-cs.json already have the needed configuration?
There was a problem hiding this comment.
Yes, your understanding is right - this systemstats_config.go is not used anywhere for now, but the value of having this is for future proof: if customers want to enable other monitoring options in the future (cpu, disk, os etc.,), this file will allow them to override the system-stats-monitor.json on the run time instead of image build time.
| progress := make(chan string, 1) | ||
|
|
||
| // Run systemd command in "replace" mode to start the unit and its dependencies, | ||
| // possibly replacing already queued jobs that conflict w∏ith this. |
yawangwang
force-pushed
the
memory-monitoring
branch
from
798579f to
f002347
Compare
|
@jkl73 Added three another config files in addition to |
jkl73
approved these changes
Nov 22, 2023
| return fmt.Errorf("failed to run systemctl [%s] for unit [%s]: %v", cmd, unit, err) | ||
| } | ||
|
|
||
| if result := <-progress; result != "done" { |
There was a problem hiding this comment.
This will block, do you know the timeout for those dbus function?
Also probably should log something in container_runner.go to indicate it is trying to do some systemctl operation.
There was a problem hiding this comment.
dbus will call the underlying C library. You can check the timeout definitions at https://dbus.freedesktop.org/doc/api/html/group__DBusTimeout.html. The dbus config file usually locates at /usr/share/dbus-1/system.conf with a default timeout 25s.
Added systemctl loggings to container_runner.go.
yawangwang
force-pushed
the
memory-monitoring
branch
from
f002347 to
f08ba4b
Compare
alexmwu
added a commit
to alexmwu/go-tpm-tools
that referenced
this pull request
Feb 22, 2024
New Features: [launcher] Add TEE server IPC implementation google#367 [launcher] Enable memory monitoring in CS google#391 Use TDX quote provider to attest and verify google#405 Integrate nonce verification as part of the TDX quote validation procedure. google#395 Add RISC V support google#407 [launcher] Use resizable integrity-fs with in-memory tags google#412 Bug Fixes: [launcher] Fix launcher exit code google#384 [launcher] Handle exit code checking during deferral evaluation google#392 [cmd] Skip tests that call setGCEAKTemplate google#402 [launcher] Fix teeserver context reset issue & add container signature cache google#397 Set all unused parameters as _ to fix CI lint failure google#411 [launcher] Make customtoken test sleep to mitigate clock skew google#413 Other Changes: Add eventlog parse logics for memory monitoring google#404 [launcher]: Add memory monitor measurement logics google#408 Update go-tdx-guest version to v0.3.1 google#414 New Contributors: @KeithMoyer in google#392 @vbalain in google#405 @aimixsaka in google#407
Merged
alexmwu
added a commit
that referenced
this pull request
Feb 22, 2024
New Features: [launcher] Add TEE server IPC implementation #367 [launcher] Enable memory monitoring in CS #391 Use TDX quote provider to attest and verify #405 Integrate nonce verification as part of the TDX quote validation procedure. #395 Add RISC V support #407 [launcher] Use resizable integrity-fs with in-memory tags #412 Bug Fixes: [launcher] Fix launcher exit code #384 [launcher] Handle exit code checking during deferral evaluation #392 [cmd] Skip tests that call setGCEAKTemplate #402 [launcher] Fix teeserver context reset issue & add container signature cache #397 Set all unused parameters as _ to fix CI lint failure #411 [launcher] Make customtoken test sleep to mitigate clock skew #413 Other Changes: Add eventlog parse logics for memory monitoring #404 [launcher]: Add memory monitor measurement logics #408 Update go-tdx-guest version to v0.3.1 #414 New Contributors: @KeithMoyer in #392 @vbalain in #405 @aimixsaka in #407
alexmwu
added a commit
to alexmwu/go-tpm-tools
that referenced
this pull request
Mar 29, 2024
New Features: [launcher] Add TEE server IPC implementation google#367 [launcher] Enable memory monitoring in CS google#391 Use TDX quote provider to attest and verify google#405 Integrate nonce verification as part of the TDX quote validation procedure. google#395 Add RISC V support google#407 [launcher] Use resizable integrity-fs with in-memory tags google#412 Bug Fixes: [launcher] Fix launcher exit code google#384 [launcher] Handle exit code checking during deferral evaluation google#392 [cmd] Skip tests that call setGCEAKTemplate google#402 [launcher] Fix teeserver context reset issue & add container signature cache google#397 Set all unused parameters as _ to fix CI lint failure google#411 [launcher] Make customtoken test sleep to mitigate clock skew google#413 Other Changes: Add eventlog parse logics for memory monitoring google#404 [launcher]: Add memory monitor measurement logics google#408 Update go-tdx-guest version to v0.3.1 google#414 New Contributors: @KeithMoyer in google#392 @vbalain in google#405 @aimixsaka in google#407
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Enable memory monitoring in CS (see go/monitoring-enablement-in-hardened-image-1-pager).
This PR includes changes to:
systemctlto use dbus API to startnode-problem-detector.service.tee.launch_policy.monitoring_memory_allowto launch policy andtee-monitoring-memory-enableto launchSpec.nodeproblemdetectorwhich provides methods to override node-problem-detector configurations. This library will not be used for now, but will be used in the future if operators want to opt-in more metrics monitoring options: cpu, disk, etc.