1: | <?php |
2: | declare(strict_types=1); |
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: | |
15: | use Daphnie\Collector; |
16: | use Daphnie\Contracts\MetricProvider; |
17: | use Daphnie\Metric; |
18: | use Module\Skeleton\Contracts\Hookable; |
19: | use Module\Skeleton\Contracts\Tasking; |
20: | use Opcenter\Provisioning\Cgroup as CgroupProvisioning; |
21: | use Opcenter\SiteConfiguration; |
22: | use Opcenter\System\Cgroup; |
23: | |
24: | |
25: | |
26: | |
27: | |
28: | |
29: | class Cgroup_Module extends Module_Skeleton implements Hookable, Tasking |
30: | { |
31: | const CGROUP_LOCATION = Cgroup::CGROUP_HOME; |
32: | const DEPENDENCY_MAP = [ |
33: | 'siteinfo' |
34: | ]; |
35: | const DEFAULT_MEMORY = 512; |
36: | const DEFAULT_CPU = 10240; |
37: | |
38: | const MAX_PROCS = 25; |
39: | |
40: | const METRIC_ATTR_CPU_USAGE = [ |
41: | 'c-cpuacct-usage', |
42: | 'c-cpuacct-system', |
43: | 'c-cpuacct-user' |
44: | ]; |
45: | |
46: | protected $exportedFunctions = [ |
47: | '*' => PRIVILEGE_SITE | PRIVILEGE_USER | PRIVILEGE_ADMIN, |
48: | 'reset_peak_memory' => PRIVILEGE_SITE | PRIVILEGE_ADMIN, |
49: | 'frozen' => PRIVILEGE_ADMIN, |
50: | 'thaw' => PRIVILEGE_ADMIN, |
51: | 'freeze' => PRIVILEGE_ADMIN |
52: | ]; |
53: | |
54: | |
55: | |
56: | |
57: | |
58: | |
59: | |
60: | public function get_usage(string $controller) |
61: | { |
62: | if (!IS_CLI && posix_getuid()) { |
63: | return $this->query('cgroup_get_usage', $controller); |
64: | } |
65: | if (!in_array($controller, $this->get_controllers(), true)) { |
66: | return error("unknown controller `%s'", $controller); |
67: | } |
68: | |
69: | $method = '_get_' . $controller . '_usage'; |
70: | if (!method_exists($this, $method)) { |
71: | |
72: | return []; |
73: | } |
74: | |
75: | return $this->$method(); |
76: | } |
77: | |
78: | |
79: | |
80: | |
81: | |
82: | |
83: | public function get_controllers(): array |
84: | { |
85: | return CGROUP_CONTROLLERS; |
86: | } |
87: | |
88: | |
89: | |
90: | |
91: | |
92: | |
93: | public function get_cgroup(): ?string |
94: | { |
95: | if ($this->permission_level & (PRIVILEGE_SITE | PRIVILEGE_USER)) { |
96: | return (string)(new Cgroup\Group($this->site)); |
97: | } |
98: | |
99: | return null; |
100: | } |
101: | |
102: | |
103: | |
104: | |
105: | |
106: | |
107: | public function get_limits(): array |
108: | { |
109: | $limits = $this->getServiceValue('cgroup'); |
110: | if (!$limits['enabled']) { |
111: | return []; |
112: | } |
113: | |
114: | return array_except($limits, ['version', 'enabled']); |
115: | } |
116: | |
117: | |
118: | |
119: | |
120: | public function reset_peak_memory(): void |
121: | { |
122: | if (!IS_CLI) { |
123: | $this->query('cgroup_reset_peak_memory'); |
124: | return; |
125: | } |
126: | |
127: | $group = new \Opcenter\System\Cgroup\Group( |
128: | $this->site, |
129: | ); |
130: | |
131: | $controller = Cgroup\Controllers\Memory::make($group, null); |
132: | $controller->reset(); |
133: | } |
134: | |
135: | |
136: | |
137: | |
138: | |
139: | |
140: | public function enabled(): bool |
141: | { |
142: | return (bool)$this->getServiceValue('cgroup', 'enabled'); |
143: | } |
144: | |
145: | public function _verify_conf(\Opcenter\Service\ConfigurationContext $ctx): bool |
146: | { |
147: | return true; |
148: | } |
149: | |
150: | public function _create() |
151: | { } |
152: | |
153: | public function _delete() |
154: | { } |
155: | |
156: | public function _edit() |
157: | { } |
158: | |
159: | public function _create_user(string $user) |
160: | { |
161: | return true; |
162: | } |
163: | |
164: | public function _delete_user(string $user) |
165: | { |
166: | return true; |
167: | } |
168: | |
169: | public function _edit_user(string $userold, string $usernew, array $oldpwd) |
170: | { |
171: | return true; |
172: | } |
173: | |
174: | public function _housekeeping() |
175: | { |
176: | if (!($test = $this->get_controllers()[0] ?? null)) { |
177: | return; |
178: | } |
179: | if (!Cgroup::mounted($test)) { |
180: | return error("%s not mounted", FILESYSTEM_SHARED . "/cgroup"); |
181: | } |
182: | $webuser = $this->web_get_sys_user(); |
183: | foreach (\Opcenter\Account\Enumerate::sites() as $site) { |
184: | if (!Auth::get_admin_from_site_id((int)substr($site, 4))) { |
185: | continue; |
186: | } |
187: | $group = new \Opcenter\System\Cgroup\Group( |
188: | $site, |
189: | [ |
190: | 'task' => [ |
191: | 'uid' => 'root', |
192: | 'gid' => \Auth::get_group_from_site($site), |
193: | 'fperm' => 0660 |
194: | ] |
195: | ] |
196: | ); |
197: | $ctx = null; |
198: | foreach (Cgroup::getControllers() as $c) { |
199: | $controller = \Opcenter\System\Cgroup\Controller::make($group, $c, []); |
200: | if (Cgroup::exists($controller)) { |
201: | $controller->reset(); |
202: | continue; |
203: | } |
204: | |
205: | if (null === $ctx && null === ($ctx = \Auth::nullableContext(null, $site))) { |
206: | continue 2; |
207: | } |
208: | |
209: | $controller->import($ctx); |
210: | if (!$controller->getAttributes()) { |
211: | continue; |
212: | } |
213: | $controller->create(); |
214: | $group->add($controller); |
215: | } |
216: | |
217: | if ($group->getControllers()) { |
218: | report("Missed controller %(controller)s on %(group)s", |
219: | ['controller' => implode(', ', array_map(static fn($c) => $c->getName(), $group->getControllers())), 'group' => $group]); |
220: | |
221: | CgroupProvisioning::createControllerConfiguration(SiteConfiguration::shallow($ctx)); |
222: | } |
223: | } |
224: | |
225: | return true; |
226: | } |
227: | |
228: | |
229: | |
230: | |
231: | |
232: | |
233: | private function _get_memory_usage(): array |
234: | { |
235: | $stats['limit'] = self::DEFAULT_MEMORY; |
236: | $stats = Cgroup::memory_usage($this->get_cgroup()); |
237: | $sysMemory = \Opcenter\System\Memory::stats(); |
238: | $maxMemory = $sysMemory['memtotal'] * 1024; |
239: | if ($this->permission_level & PRIVILEGE_ADMIN || $stats['limit'] === null) { |
240: | $stats['limit'] = $maxMemory; |
241: | $stats['free'] = $sysMemory['memavailable']*1024; |
242: | } else { |
243: | $stats['limit'] = min($stats['limit'], $maxMemory); |
244: | $stats['free'] = $stats['limit'] - $stats['used']; |
245: | } |
246: | |
247: | return $stats; |
248: | } |
249: | |
250: | |
251: | |
252: | |
253: | |
254: | |
255: | |
256: | |
257: | private function _fillUsage(array $usage, array $defaults): array |
258: | { |
259: | foreach ($defaults as $k => $v) { |
260: | if (!isset($usage[$k])) { |
261: | $usage[$k] = $v; |
262: | } |
263: | } |
264: | |
265: | return $usage; |
266: | } |
267: | |
268: | private function _get_cpuacct_usage(): array |
269: | { |
270: | return []; |
271: | } |
272: | |
273: | private function _get_pids_usage(): array |
274: | { |
275: | |
276: | $maxprocs = self::MAX_PROCS; |
277: | if ($this->permission_level & PRIVILEGE_ADMIN) { |
278: | $maxprocs = 999; |
279: | } |
280: | |
281: | return $this->_fillUsage( |
282: | Cgroup::pid_usage($this->get_cgroup()), |
283: | [ |
284: | 'max' => $this->getServiceValue('cgroup', 'proclimit', $maxprocs) |
285: | ] |
286: | ); |
287: | } |
288: | |
289: | private function _get_cpu_usage(): array |
290: | { |
291: | $maxcpu = self::DEFAULT_CPU; |
292: | $maxprocs = self::MAX_PROCS; |
293: | if ($this->permission_level & PRIVILEGE_ADMIN) { |
294: | $maxcpu = NPROC * 86400; |
295: | $maxprocs = 999; |
296: | } |
297: | |
298: | $usage = Cgroup::cpu_usage($this->get_cgroup()); |
299: | if (($this->permission_level & PRIVILEGE_SITE) && TELEMETRY_ENABLED) { |
300: | $sum = $this->telemetry_range(self::METRIC_ATTR_CPU_USAGE, time()-86400, null, $this->site_id, true); |
301: | |
302: | |
303: | |
304: | |
305: | |
306: | $cumusage = ($sum['c-cpuacct-usage'] ?? 0)/100; |
307: | $usage['cumusage'] = $cumusage ?: $usage['used']; |
308: | $usage['used'] = $cumusage; |
309: | $usage['cumuser'] = $usage['user']; |
310: | $usage['cumsystem'] = $usage['system']; |
311: | $usage['system'] = ($sum['c-cpuacct-system'] ?? 0)/100 ; |
312: | $usage['user'] = ($sum['c-cpuacct-user'] ?? 0)/ 100; |
313: | } else { |
314: | |
315: | debug("Telemetry disabled. Approximating CPU usage for %s", $this->site); |
316: | $ctime = filectime(Cgroup\Controllers\Cpuacct::make( |
317: | new Cgroup\Group($this->site), null |
318: | )->getPath()); |
319: | $usage['used'] = $usage['used']/(microtime(true) - $ctime) * 86400; |
320: | } |
321: | $cpuLimit = $this->getServiceValue('cgroup', 'cpu', $maxcpu); |
322: | return $this->_fillUsage( |
323: | $usage, |
324: | [ |
325: | 'limit' => $cpuLimit, |
326: | 'maxprocs' => $this->getServiceValue('cgroup', 'proclimit', $maxprocs), |
327: | 'cumusage' => $usage['used'], |
328: | 'free' => $cpuLimit - $usage['used'] |
329: | ] |
330: | ); |
331: | } |
332: | |
333: | private function _get_io_usage(): array |
334: | { |
335: | return $this->_get_blkio_usage(); |
336: | } |
337: | |
338: | private function _get_blkio_usage(): array |
339: | { |
340: | return $this->_fillUsage( |
341: | Cgroup::io_usage($this->get_cgroup()), |
342: | [ |
343: | 'iops-read' => $this->getServiceValue('cgroup', 'readiops', 100), |
344: | 'iops-write' => $this->getServiceValue('cgroup', 'writeiops', 100), |
345: | 'bw-read' => $this->getServiceValue('cgroup', 'readbw', 100), |
346: | 'bw-write' => $this->getServiceValue('cgroup', 'writebw', 100) |
347: | ] |
348: | ); |
349: | } |
350: | |
351: | |
352: | |
353: | |
354: | |
355: | |
356: | |
357: | public function freeze(string $spec): bool |
358: | { |
359: | if (!IS_CLI) { |
360: | return $this->query('cgroup_freeze', $spec); |
361: | } |
362: | |
363: | if (Cgroup::version() === 1 && !in_array('freezer', Cgroup::getControllers(), true)) { |
364: | return error("%s cgroup must be enabled", 'freezer'); |
365: | } |
366: | |
367: | $sites = (array)Auth::get_site_id_from_anything($spec); |
368: | if (!$sites) { |
369: | return error("Unknown site spec `%s'", $spec); |
370: | } |
371: | |
372: | $frozen = true; |
373: | foreach ($sites as $siteid) { |
374: | $controller = Opcenter\System\Cgroup\Controllers\Freezer::make( |
375: | new \Opcenter\System\Cgroup\Group("site{$siteid}"), |
376: | null |
377: | ); |
378: | |
379: | if (!$controller->exists()) { |
380: | warn("Controller `%(controller)s' missing for `%(site)s'", ['controller' => 'freezer', 'site' => "site{$siteid}"]); |
381: | $frozen &= 0; |
382: | } |
383: | |
384: | $frozen &= $controller->createAttribute('state', Cgroup\Attributes\Freezer\State::STATE_FROZEN)->activate(); |
385: | } |
386: | |
387: | return (bool)$frozen; |
388: | } |
389: | |
390: | |
391: | |
392: | |
393: | |
394: | |
395: | |
396: | public function thaw(string $spec): bool |
397: | { |
398: | if (!IS_CLI) { |
399: | return $this->query('cgroup_thaw', $spec); |
400: | } |
401: | |
402: | if (Cgroup::version() === 1 && !in_array('freezer', Cgroup::getControllers(), true)) { |
403: | return error("%s cgroup must be enabled", 'freezer'); |
404: | } |
405: | |
406: | $sites = (array)Auth::get_site_id_from_anything($spec); |
407: | if (!$sites) { |
408: | return error("Unknown site spec `%s'", $spec); |
409: | } |
410: | |
411: | $thawed = true; |
412: | foreach ($sites as $siteid) { |
413: | $controller = Opcenter\System\Cgroup\Controllers\Freezer::make( |
414: | new \Opcenter\System\Cgroup\Group("site{$siteid}"), |
415: | null |
416: | ); |
417: | |
418: | if (!$controller->exists()) { |
419: | continue; |
420: | } |
421: | |
422: | $thawed &= $controller->createAttribute('state', |
423: | Cgroup\Attributes\Freezer\State::STATE_THAWED)->activate(); |
424: | } |
425: | |
426: | return (bool)$thawed; |
427: | } |
428: | |
429: | |
430: | |
431: | |
432: | |
433: | |
434: | |
435: | public function frozen(string $spec): bool |
436: | { |
437: | if (!IS_CLI) { |
438: | return $this->query('cgroup_frozen', $spec); |
439: | } |
440: | |
441: | if (Cgroup::version() === 1 && !in_array('freezer', Cgroup::getControllers(), true)) { |
442: | return error("%s cgroup must be enabled", 'freezer'); |
443: | } |
444: | |
445: | $sites = (array)Auth::get_site_id_from_anything($spec); |
446: | if (!$sites) { |
447: | return error("Unknown site spec `%s'", $spec); |
448: | } |
449: | if (count($sites) > 1) { |
450: | warn("Multiple sites queried with site spec `%s'", $spec); |
451: | } |
452: | |
453: | |
454: | $frozen = true; |
455: | foreach ($sites as $siteid) { |
456: | $controller = Opcenter\System\Cgroup\Controllers\Freezer::make( |
457: | new \Opcenter\System\Cgroup\Group("site{$siteid}"), |
458: | null |
459: | ); |
460: | |
461: | if (!$controller->exists()) { |
462: | $frozen = false; |
463: | continue; |
464: | } |
465: | |
466: | $frozen &= $controller->createAttribute('state', null)->frozen(); |
467: | } |
468: | |
469: | return (bool)$frozen; |
470: | } |
471: | |
472: | public function version(): int |
473: | { |
474: | return (int)Cgroup::version(); |
475: | } |
476: | |
477: | public function _cron(Cronus $cron) { |
478: | |
479: | if (CGROUP_RESET_PEAK > 0) { |
480: | $cron->schedule(CGROUP_RESET_PEAK, 'reset.max-memory', static function () { |
481: | $db = PostgreSQL::pdo(); |
482: | $sites = (new \Opcenter\Database\PostgreSQL\Opcenter($db))->readSitesFromSiteinfo(); |
483: | foreach (array_keys($sites) as $s) { |
484: | $s = "site{$s}"; |
485: | $group = new Cgroup\Group($s); |
486: | $controller = Cgroup\Controller::make($group, 'memory'); |
487: | if ($controller->exists()) { |
488: | $controller->reset(); |
489: | } |
490: | } |
491: | }); |
492: | } |
493: | |
494: | if (!TELEMETRY_ENABLED) { |
495: | return; |
496: | } |
497: | |
498: | $db = PostgreSQL::pdo(); |
499: | $collector = new Collector($db); |
500: | |
501: | $sites = (new \Opcenter\Database\PostgreSQL\Opcenter($db))->readSitesFromSiteinfo(); |
502: | $sites[] = null; |
503: | $controllers = $this->get_controllers(); |
504: | foreach (array_keys($sites) as $s) { |
505: | $s = "site{$s}"; |
506: | $siteId = (int)substr($s, 4) ?: null; |
507: | $ts = time(); |
508: | |
509: | |
510: | |
511: | |
512: | |
513: | |
514: | |
515: | $group = new Cgroup\Group($s); |
516: | $counters = []; |
517: | foreach ($controllers as $c) { |
518: | $controller = Cgroup\Controller::make($group, $c); |
519: | $attrs = (new Cgroup\MetricsLogging($controller))->getLoggableAttributes(); |
520: | $counters[$c] = $controller->readMetrics(array_keys($attrs)); |
521: | $reset = false; |
522: | foreach ($counters[$c] as $k => $v) { |
523: | if (!$reset && ((int)$v > Metric::FIELD_MAX_VALUE && |
524: | $controller->getMetricDataType($k) === MetricProvider::TYPE_MONOTONIC)) { |
525: | |
526: | |
527: | $reset = true; |
528: | } |
529: | $collector->add($attrs[$k], $siteId, (int)$v, $ts); |
530: | } |
531: | |
532: | if ($reset) { |
533: | $controller->reset(); |
534: | } |
535: | } |
536: | } |
537: | $collector = null; |
538: | |
539: | return true; |
540: | } |
541: | } |