diff --git a/api/server/router/system/system_routes.go b/api/server/router/system/system_routes.go index d25d92204c..44f80dba5f 100644 --- a/api/server/router/system/system_routes.go +++ b/api/server/router/system/system_routes.go @@ -51,7 +51,8 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht info.Warnings = append(info.Warnings, info.Swarm.Warnings...) } - if versions.LessThan(httputils.VersionFromContext(ctx), "1.25") { + version := httputils.VersionFromContext(ctx) + if versions.LessThan(version, "1.25") { // TODO: handle this conversion in engine-api type oldInfo struct { *types.Info @@ -72,7 +73,7 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht old.SecurityOptions = nameOnlySecurityOptions return httputils.WriteJSON(w, http.StatusOK, old) } - if versions.LessThan(httputils.VersionFromContext(ctx), "1.39") { + if versions.LessThan(version, "1.39") { if info.KernelVersion == "" { info.KernelVersion = "" } @@ -80,6 +81,9 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht info.OperatingSystem = "" } } + if versions.GreaterThanOrEqualTo(version, "1.42") { + info.KernelMemory = false + } return httputils.WriteJSON(w, http.StatusOK, info) } diff --git a/api/swagger.yaml b/api/swagger.yaml index 897be13090..0164e37b67 100644 --- a/api/swagger.yaml +++ b/api/swagger.yaml @@ -4648,7 +4648,8 @@ definitions: example: true KernelMemoryTCP: description: | - Indicates if the host has kernel memory TCP limit support enabled. + Indicates if the host has kernel memory TCP limit support enabled. This + field is omitted if not supported. Kernel memory TCP limits are not supported when using cgroups v2, which does not support the corresponding `memory.kmem.tcp.limit_in_bytes` cgroup. diff --git a/api/types/types.go b/api/types/types.go index 1afc4bf9d3..c5a3fe52e7 100644 --- a/api/types/types.go +++ b/api/types/types.go @@ -239,8 +239,8 @@ type Info struct { Plugins PluginsInfo MemoryLimit bool SwapLimit bool - KernelMemory bool // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes - KernelMemoryTCP bool + KernelMemory bool `json:",omitempty"` // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes + KernelMemoryTCP bool `json:",omitempty"` // KernelMemoryTCP is not supported on cgroups v2. CPUCfsPeriod bool `json:"CpuCfsPeriod"` CPUCfsQuota bool `json:"CpuCfsQuota"` CPUShares bool diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go index f2b6979d2b..a92c675c8f 100644 --- a/daemon/daemon_unix.go +++ b/daemon/daemon_unix.go @@ -449,7 +449,7 @@ func verifyPlatformContainerResources(resources *containertypes.Resources, sysIn warnings = append(warnings, "Your kernel does not support kernel memory limit capabilities or the cgroup is not mounted. Limitation discarded.") resources.KernelMemory = 0 } - if resources.KernelMemory < linuxMinMemory { + if resources.KernelMemory > 0 && resources.KernelMemory < linuxMinMemory { return warnings, fmt.Errorf("Minimum kernel memory limit allowed is 6MB") } if !kernel.CheckKernelVersion(4, 0, 0) { diff --git a/docs/api/version-history.md b/docs/api/version-history.md index 09b1fab4ce..c0d45d27e1 100644 --- a/docs/api/version-history.md +++ b/docs/api/version-history.md @@ -43,8 +43,11 @@ keywords: "API, Docker, rcli, REST, documentation" * The `POST /containers/{id}/wait` endpoint now returns a `400` status code if an invalid `condition` is provided (on API 1.30 and up). * Removed the `KernelMemory` field from the `POST /containers/create` and - `POST /containers/{id}/update` endpoints, any value it is set to will be ignored. - This field has been deprecated in `v1.41`. + `POST /containers/{id}/update` endpoints, any value it is set to will be ignored + on API version `v1.42` and up. Older API versions still accept this field, but + may take no effect, depending on the kernel version and OCI runtime in use. +* `GET /info` now omits the `KernelMemory` and `KernelMemoryTCP` if they are not + supported by the host or host's configuration (if cgroups v2 are in use). ## v1.41 API changes diff --git a/pkg/sysinfo/sysinfo.go b/pkg/sysinfo/sysinfo.go index ac8a417581..3078ecef36 100644 --- a/pkg/sysinfo/sysinfo.go +++ b/pkg/sysinfo/sysinfo.go @@ -71,10 +71,14 @@ type cgroupMemInfo struct { // Whether memory swappiness is supported or not MemorySwappiness bool - // Whether kernel memory limit is supported or not + // Whether kernel memory limit is supported or not. This option is used to + // detect support for kernel-memory limits on API < v1.42. Kernel memory + // limit (`kmem.limit_in_bytes`) is not supported on cgroups v2, and has been + // removed in kernel 5.4. KernelMemory bool - // Whether kernel memory TCP limit is supported or not + // Whether kernel memory TCP limit is supported or not. Kernel memory TCP + // limit (`memory.kmem.tcp.limit_in_bytes`) is not supported on cgroups v2. KernelMemoryTCP bool } diff --git a/pkg/sysinfo/sysinfo_linux.go b/pkg/sysinfo/sysinfo_linux.go index 492f6247df..910ce2d442 100644 --- a/pkg/sysinfo/sysinfo_linux.go +++ b/pkg/sysinfo/sysinfo_linux.go @@ -149,10 +149,15 @@ func applyMemoryCgroupInfo(info *SysInfo) { if !info.MemorySwappiness { info.Warnings = append(info.Warnings, "Your kernel does not support memory swappiness") } + + // Option is deprecated, but still accepted on API < v1.42 with cgroups v1, + // so setting the field to allow feature detection. + info.KernelMemory = cgroupEnabled(mountPoint, "memory.kmem.limit_in_bytes") + + // Option is deprecated in runc, but still accepted in our API, so setting + // the field to allow feature detection, but don't warn if it's missing, to + // make the daemon logs a bit less noisy. info.KernelMemoryTCP = cgroupEnabled(mountPoint, "memory.kmem.tcp.limit_in_bytes") - if !info.KernelMemoryTCP { - info.Warnings = append(info.Warnings, "Your kernel does not support kernel memory TCP limit") - } } // applyCPUCgroupInfo adds the cpu cgroup controller information to the info.