moby/daemon/top_unix.go

205 lines
5 KiB
Go
Raw Permalink Normal View History

//go:build !windows
package daemon // import "github.com/docker/docker/daemon"
import (
"bytes"
"context"
Remove static errors from errors package. Moving all strings to the errors package wasn't a good idea after all. Our custom implementation of Go errors predates everything that's nice and good about working with errors in Go. Take as an example what we have to do to get an error message: ```go func GetErrorMessage(err error) string { switch err.(type) { case errcode.Error: e, _ := err.(errcode.Error) return e.Message case errcode.ErrorCode: ec, _ := err.(errcode.ErrorCode) return ec.Message() default: return err.Error() } } ``` This goes against every good practice for Go development. The language already provides a simple, intuitive and standard way to get error messages, that is calling the `Error()` method from an error. Reinventing the error interface is a mistake. Our custom implementation also makes very hard to reason about errors, another nice thing about Go. I found several (>10) error declarations that we don't use anywhere. This is a clear sign about how little we know about the errors we return. I also found several error usages where the number of arguments was different than the parameters declared in the error, another clear example of how difficult is to reason about errors. Moreover, our custom implementation didn't really make easier for people to return custom HTTP status code depending on the errors. Again, it's hard to reason about when to set custom codes and how. Take an example what we have to do to extract the message and status code from an error before returning a response from the API: ```go switch err.(type) { case errcode.ErrorCode: daError, _ := err.(errcode.ErrorCode) statusCode = daError.Descriptor().HTTPStatusCode errMsg = daError.Message() case errcode.Error: // For reference, if you're looking for a particular error // then you can do something like : // import ( derr "github.com/docker/docker/errors" ) // if daError.ErrorCode() == derr.ErrorCodeNoSuchContainer { ... } daError, _ := err.(errcode.Error) statusCode = daError.ErrorCode().Descriptor().HTTPStatusCode errMsg = daError.Message default: // This part of will be removed once we've // converted everything over to use the errcode package // FIXME: this is brittle and should not be necessary. // If we need to differentiate between different possible error types, // we should create appropriate error types with clearly defined meaning errStr := strings.ToLower(err.Error()) for keyword, status := range map[string]int{ "not found": http.StatusNotFound, "no such": http.StatusNotFound, "bad parameter": http.StatusBadRequest, "conflict": http.StatusConflict, "impossible": http.StatusNotAcceptable, "wrong login/password": http.StatusUnauthorized, "hasn't been activated": http.StatusForbidden, } { if strings.Contains(errStr, keyword) { statusCode = status break } } } ``` You can notice two things in that code: 1. We have to explain how errors work, because our implementation goes against how easy to use Go errors are. 2. At no moment we arrived to remove that `switch` statement that was the original reason to use our custom implementation. This change removes all our status errors from the errors package and puts them back in their specific contexts. IT puts the messages back with their contexts. That way, we know right away when errors used and how to generate their messages. It uses custom interfaces to reason about errors. Errors that need to response with a custom status code MUST implementent this simple interface: ```go type errorWithStatus interface { HTTPErrorStatusCode() int } ``` This interface is very straightforward to implement. It also preserves Go errors real behavior, getting the message is as simple as using the `Error()` method. I included helper functions to generate errors that use custom status code in `errors/errors.go`. By doing this, we remove the hard dependency we have eeverywhere to our custom errors package. Yes, you can use it as a helper to generate error, but it's still very easy to generate errors without it. Please, read this fantastic blog post about errors in Go: http://dave.cheney.net/2014/12/24/inspecting-errors Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-25 15:53:35 +00:00
"fmt"
"os/exec"
"regexp"
"strconv"
"strings"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/events"
"github.com/docker/docker/errdefs"
libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
"github.com/pkg/errors"
)
func validatePSArgs(psArgs string) error {
// NOTE: \\s does not detect unicode whitespaces.
// So we use fieldsASCII instead of strings.Fields in parsePSOutput.
// See https://github.com/docker/docker/pull/24358
//nolint: gosimple
re := regexp.MustCompile("\\s+([^\\s]*)=\\s*(PID[^\\s]*)")
for _, group := range re.FindAllStringSubmatch(psArgs, -1) {
if len(group) >= 3 {
k := group[1]
v := group[2]
if k != "pid" {
return fmt.Errorf(`specifying "%s=%s" is not allowed`, k, v)
}
}
}
return nil
}
// fieldsASCII is similar to strings.Fields but only allows ASCII whitespaces
func fieldsASCII(s string) []string {
fn := func(r rune) bool {
switch r {
case '\t', '\n', '\f', '\r', ' ':
return true
}
return false
}
return strings.FieldsFunc(s, fn)
}
func appendProcess2ProcList(procList *container.ContainerTopOKBody, fields []string) {
// Make sure number of fields equals number of header titles
// merging "overhanging" fields
process := fields[:len(procList.Titles)-1]
process = append(process, strings.Join(fields[len(procList.Titles)-1:], " "))
procList.Processes = append(procList.Processes, process)
}
func hasPid(procs []uint32, pid int) bool {
for _, p := range procs {
if int(p) == pid {
return true
}
}
return false
}
func parsePSOutput(output []byte, procs []uint32) (*container.ContainerTopOKBody, error) {
procList := &container.ContainerTopOKBody{}
lines := strings.Split(string(output), "\n")
procList.Titles = fieldsASCII(lines[0])
pidIndex := -1
for i, name := range procList.Titles {
if name == "PID" {
pidIndex = i
break
}
}
if pidIndex == -1 {
Remove static errors from errors package. Moving all strings to the errors package wasn't a good idea after all. Our custom implementation of Go errors predates everything that's nice and good about working with errors in Go. Take as an example what we have to do to get an error message: ```go func GetErrorMessage(err error) string { switch err.(type) { case errcode.Error: e, _ := err.(errcode.Error) return e.Message case errcode.ErrorCode: ec, _ := err.(errcode.ErrorCode) return ec.Message() default: return err.Error() } } ``` This goes against every good practice for Go development. The language already provides a simple, intuitive and standard way to get error messages, that is calling the `Error()` method from an error. Reinventing the error interface is a mistake. Our custom implementation also makes very hard to reason about errors, another nice thing about Go. I found several (>10) error declarations that we don't use anywhere. This is a clear sign about how little we know about the errors we return. I also found several error usages where the number of arguments was different than the parameters declared in the error, another clear example of how difficult is to reason about errors. Moreover, our custom implementation didn't really make easier for people to return custom HTTP status code depending on the errors. Again, it's hard to reason about when to set custom codes and how. Take an example what we have to do to extract the message and status code from an error before returning a response from the API: ```go switch err.(type) { case errcode.ErrorCode: daError, _ := err.(errcode.ErrorCode) statusCode = daError.Descriptor().HTTPStatusCode errMsg = daError.Message() case errcode.Error: // For reference, if you're looking for a particular error // then you can do something like : // import ( derr "github.com/docker/docker/errors" ) // if daError.ErrorCode() == derr.ErrorCodeNoSuchContainer { ... } daError, _ := err.(errcode.Error) statusCode = daError.ErrorCode().Descriptor().HTTPStatusCode errMsg = daError.Message default: // This part of will be removed once we've // converted everything over to use the errcode package // FIXME: this is brittle and should not be necessary. // If we need to differentiate between different possible error types, // we should create appropriate error types with clearly defined meaning errStr := strings.ToLower(err.Error()) for keyword, status := range map[string]int{ "not found": http.StatusNotFound, "no such": http.StatusNotFound, "bad parameter": http.StatusBadRequest, "conflict": http.StatusConflict, "impossible": http.StatusNotAcceptable, "wrong login/password": http.StatusUnauthorized, "hasn't been activated": http.StatusForbidden, } { if strings.Contains(errStr, keyword) { statusCode = status break } } } ``` You can notice two things in that code: 1. We have to explain how errors work, because our implementation goes against how easy to use Go errors are. 2. At no moment we arrived to remove that `switch` statement that was the original reason to use our custom implementation. This change removes all our status errors from the errors package and puts them back in their specific contexts. IT puts the messages back with their contexts. That way, we know right away when errors used and how to generate their messages. It uses custom interfaces to reason about errors. Errors that need to response with a custom status code MUST implementent this simple interface: ```go type errorWithStatus interface { HTTPErrorStatusCode() int } ``` This interface is very straightforward to implement. It also preserves Go errors real behavior, getting the message is as simple as using the `Error()` method. I included helper functions to generate errors that use custom status code in `errors/errors.go`. By doing this, we remove the hard dependency we have eeverywhere to our custom errors package. Yes, you can use it as a helper to generate error, but it's still very easy to generate errors without it. Please, read this fantastic blog post about errors in Go: http://dave.cheney.net/2014/12/24/inspecting-errors Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-25 15:53:35 +00:00
return nil, fmt.Errorf("Couldn't find PID field in ps output")
}
// loop through the output and extract the PID from each line
// fixing #30580, be able to display thread line also when "m" option used
// in "docker top" client command
preContainedPidFlag := false
for _, line := range lines[1:] {
if len(line) == 0 {
continue
}
fields := fieldsASCII(line)
var (
p int
err error
)
if fields[pidIndex] == "-" {
if preContainedPidFlag {
appendProcess2ProcList(procList, fields)
}
continue
}
p, err = strconv.Atoi(fields[pidIndex])
if err != nil {
Remove static errors from errors package. Moving all strings to the errors package wasn't a good idea after all. Our custom implementation of Go errors predates everything that's nice and good about working with errors in Go. Take as an example what we have to do to get an error message: ```go func GetErrorMessage(err error) string { switch err.(type) { case errcode.Error: e, _ := err.(errcode.Error) return e.Message case errcode.ErrorCode: ec, _ := err.(errcode.ErrorCode) return ec.Message() default: return err.Error() } } ``` This goes against every good practice for Go development. The language already provides a simple, intuitive and standard way to get error messages, that is calling the `Error()` method from an error. Reinventing the error interface is a mistake. Our custom implementation also makes very hard to reason about errors, another nice thing about Go. I found several (>10) error declarations that we don't use anywhere. This is a clear sign about how little we know about the errors we return. I also found several error usages where the number of arguments was different than the parameters declared in the error, another clear example of how difficult is to reason about errors. Moreover, our custom implementation didn't really make easier for people to return custom HTTP status code depending on the errors. Again, it's hard to reason about when to set custom codes and how. Take an example what we have to do to extract the message and status code from an error before returning a response from the API: ```go switch err.(type) { case errcode.ErrorCode: daError, _ := err.(errcode.ErrorCode) statusCode = daError.Descriptor().HTTPStatusCode errMsg = daError.Message() case errcode.Error: // For reference, if you're looking for a particular error // then you can do something like : // import ( derr "github.com/docker/docker/errors" ) // if daError.ErrorCode() == derr.ErrorCodeNoSuchContainer { ... } daError, _ := err.(errcode.Error) statusCode = daError.ErrorCode().Descriptor().HTTPStatusCode errMsg = daError.Message default: // This part of will be removed once we've // converted everything over to use the errcode package // FIXME: this is brittle and should not be necessary. // If we need to differentiate between different possible error types, // we should create appropriate error types with clearly defined meaning errStr := strings.ToLower(err.Error()) for keyword, status := range map[string]int{ "not found": http.StatusNotFound, "no such": http.StatusNotFound, "bad parameter": http.StatusBadRequest, "conflict": http.StatusConflict, "impossible": http.StatusNotAcceptable, "wrong login/password": http.StatusUnauthorized, "hasn't been activated": http.StatusForbidden, } { if strings.Contains(errStr, keyword) { statusCode = status break } } } ``` You can notice two things in that code: 1. We have to explain how errors work, because our implementation goes against how easy to use Go errors are. 2. At no moment we arrived to remove that `switch` statement that was the original reason to use our custom implementation. This change removes all our status errors from the errors package and puts them back in their specific contexts. IT puts the messages back with their contexts. That way, we know right away when errors used and how to generate their messages. It uses custom interfaces to reason about errors. Errors that need to response with a custom status code MUST implementent this simple interface: ```go type errorWithStatus interface { HTTPErrorStatusCode() int } ``` This interface is very straightforward to implement. It also preserves Go errors real behavior, getting the message is as simple as using the `Error()` method. I included helper functions to generate errors that use custom status code in `errors/errors.go`. By doing this, we remove the hard dependency we have eeverywhere to our custom errors package. Yes, you can use it as a helper to generate error, but it's still very easy to generate errors without it. Please, read this fantastic blog post about errors in Go: http://dave.cheney.net/2014/12/24/inspecting-errors Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-25 15:53:35 +00:00
return nil, fmt.Errorf("Unexpected pid '%s': %s", fields[pidIndex], err)
}
if hasPid(procs, p) {
preContainedPidFlag = true
appendProcess2ProcList(procList, fields)
continue
}
preContainedPidFlag = false
}
return procList, nil
}
ContainerTop: speed up Current ContainerTop (a.k.a. docker top) implementation uses "ps" to get the info about *all* running processes, then parses it, then filters the results to only contain PIDs used by the container. Collecting data only to throw most of it away is inefficient, especially on a system running many containers (or processes). For example, "docker top" on a container with a single process can take up to 0.5 seconds to execute (on a mostly idle system) which is noticeably slow. Since the containers PIDs are known beforehand, let's use ps's "-q" option to provide it with a list of PIDs we want info about. The problem with this approach is, some ps options can't be used with "-q" (the only one I'm aware of is "f" ("forest view") but there might be more). As the list of such options is not known, in case ps fails, it is executed again without "q" (retaining the old behavior). Next, the data produced by "ps" is filtered in the same way as before. The difference here is, in case "-q" worked, the list is much shorter. I ran some benchmarks on my laptop, with about 8000 "sleep" processes running to amplify the savings. The improvement in "docker top" execution times is 5x to 10x (roughly 0.05s vs 0.5s). The improvement in ContainerTop() execution time is up to 100x (roughly 3ms vs 300ms). I haven't measured the memory or the CPU time savings, guess those are not that critical. NOTE that busybox ps does not implement -q so the fallback is always used, but AFAIK it is not usable anyway and Docker expects a normal ps to be on the system (say the list of fields produced by "busybox ps -ef" differs from normal "ps -ef" etc.). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-05-22 23:26:30 +00:00
// psPidsArg converts a slice of PIDs to a string consisting
// of comma-separated list of PIDs prepended by "-q".
// For example, psPidsArg([]uint32{1,2,3}) returns "-q1,2,3".
func psPidsArg(pids []uint32) string {
b := []byte{'-', 'q'}
for i, p := range pids {
b = strconv.AppendUint(b, uint64(p), 10)
if i < len(pids)-1 {
b = append(b, ',')
}
}
return string(b)
}
// ContainerTop lists the processes running inside of the given
// container by calling ps with the given args, or with the flags
// "-ef" if no args are given. An error is returned if the container
// is not found, or is not running, or if there are any problems
// running ps, or parsing the output.
func (daemon *Daemon) ContainerTop(name string, psArgs string) (*container.ContainerTopOKBody, error) {
if psArgs == "" {
psArgs = "-ef"
}
if err := validatePSArgs(psArgs); err != nil {
return nil, err
}
ctr, err := daemon.GetContainer(name)
if err != nil {
return nil, err
}
tsk, err := func() (libcontainerdtypes.Task, error) {
ctr.Lock()
defer ctr.Unlock()
tsk, err := ctr.GetRunningTask()
if err != nil {
return nil, err
}
if ctr.Restarting {
return nil, errContainerIsRestarting(ctr.ID)
}
return tsk, nil
}()
if err != nil {
return nil, err
}
infos, err := tsk.Pids(context.Background())
if err != nil {
return nil, err
}
procs := make([]uint32, len(infos))
for i, p := range infos {
procs[i] = p.Pid
}
ContainerTop: speed up Current ContainerTop (a.k.a. docker top) implementation uses "ps" to get the info about *all* running processes, then parses it, then filters the results to only contain PIDs used by the container. Collecting data only to throw most of it away is inefficient, especially on a system running many containers (or processes). For example, "docker top" on a container with a single process can take up to 0.5 seconds to execute (on a mostly idle system) which is noticeably slow. Since the containers PIDs are known beforehand, let's use ps's "-q" option to provide it with a list of PIDs we want info about. The problem with this approach is, some ps options can't be used with "-q" (the only one I'm aware of is "f" ("forest view") but there might be more). As the list of such options is not known, in case ps fails, it is executed again without "q" (retaining the old behavior). Next, the data produced by "ps" is filtered in the same way as before. The difference here is, in case "-q" worked, the list is much shorter. I ran some benchmarks on my laptop, with about 8000 "sleep" processes running to amplify the savings. The improvement in "docker top" execution times is 5x to 10x (roughly 0.05s vs 0.5s). The improvement in ContainerTop() execution time is up to 100x (roughly 3ms vs 300ms). I haven't measured the memory or the CPU time savings, guess those are not that critical. NOTE that busybox ps does not implement -q so the fallback is always used, but AFAIK it is not usable anyway and Docker expects a normal ps to be on the system (say the list of fields produced by "busybox ps -ef" differs from normal "ps -ef" etc.). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-05-22 23:26:30 +00:00
args := strings.Split(psArgs, " ")
pids := psPidsArg(procs)
output, err := exec.Command("ps", append(args, pids)...).Output()
if err != nil {
ContainerTop: speed up Current ContainerTop (a.k.a. docker top) implementation uses "ps" to get the info about *all* running processes, then parses it, then filters the results to only contain PIDs used by the container. Collecting data only to throw most of it away is inefficient, especially on a system running many containers (or processes). For example, "docker top" on a container with a single process can take up to 0.5 seconds to execute (on a mostly idle system) which is noticeably slow. Since the containers PIDs are known beforehand, let's use ps's "-q" option to provide it with a list of PIDs we want info about. The problem with this approach is, some ps options can't be used with "-q" (the only one I'm aware of is "f" ("forest view") but there might be more). As the list of such options is not known, in case ps fails, it is executed again without "q" (retaining the old behavior). Next, the data produced by "ps" is filtered in the same way as before. The difference here is, in case "-q" worked, the list is much shorter. I ran some benchmarks on my laptop, with about 8000 "sleep" processes running to amplify the savings. The improvement in "docker top" execution times is 5x to 10x (roughly 0.05s vs 0.5s). The improvement in ContainerTop() execution time is up to 100x (roughly 3ms vs 300ms). I haven't measured the memory or the CPU time savings, guess those are not that critical. NOTE that busybox ps does not implement -q so the fallback is always used, but AFAIK it is not usable anyway and Docker expects a normal ps to be on the system (say the list of fields produced by "busybox ps -ef" differs from normal "ps -ef" etc.). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-05-22 23:26:30 +00:00
// some ps options (such as f) can't be used together with q,
// so retry without it
output, err = exec.Command("ps", args...).Output()
if err != nil {
if ee, ok := err.(*exec.ExitError); ok {
// first line of stderr shows why ps failed
line := bytes.SplitN(ee.Stderr, []byte{'\n'}, 2)
if len(line) > 0 && len(line[0]) > 0 {
err = errors.New(string(line[0]))
}
}
return nil, errdefs.System(errors.Wrap(err, "ps"))
ContainerTop: speed up Current ContainerTop (a.k.a. docker top) implementation uses "ps" to get the info about *all* running processes, then parses it, then filters the results to only contain PIDs used by the container. Collecting data only to throw most of it away is inefficient, especially on a system running many containers (or processes). For example, "docker top" on a container with a single process can take up to 0.5 seconds to execute (on a mostly idle system) which is noticeably slow. Since the containers PIDs are known beforehand, let's use ps's "-q" option to provide it with a list of PIDs we want info about. The problem with this approach is, some ps options can't be used with "-q" (the only one I'm aware of is "f" ("forest view") but there might be more). As the list of such options is not known, in case ps fails, it is executed again without "q" (retaining the old behavior). Next, the data produced by "ps" is filtered in the same way as before. The difference here is, in case "-q" worked, the list is much shorter. I ran some benchmarks on my laptop, with about 8000 "sleep" processes running to amplify the savings. The improvement in "docker top" execution times is 5x to 10x (roughly 0.05s vs 0.5s). The improvement in ContainerTop() execution time is up to 100x (roughly 3ms vs 300ms). I haven't measured the memory or the CPU time savings, guess those are not that critical. NOTE that busybox ps does not implement -q so the fallback is always used, but AFAIK it is not usable anyway and Docker expects a normal ps to be on the system (say the list of fields produced by "busybox ps -ef" differs from normal "ps -ef" etc.). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-05-22 23:26:30 +00:00
}
}
procList, err := parsePSOutput(output, procs)
if err != nil {
return nil, err
}
daemon.LogContainerEvent(ctr, events.ActionTop)
return procList, nil
}