libct: speedup process.Env handling #4325
Conversation
| @@ -277,7 +278,7 @@ func (l *linuxStandardInit) Init() error { | |||
|
|
|||
| if l.dmzExe != nil { | |||
| l.config.Args[0] = name | |||
| return system.Fexecve(l.dmzExe.Fd(), l.config.Args, os.Environ()) | |||
| return system.Fexecve(l.dmzExe.Fd(), l.config.Args, l.config.Env) | |||
There was a problem hiding this comment.
Before we merge #4323 , maybe we should also need to include l.config.Env when running StartContainer hook.
There was a problem hiding this comment.
This is definitely something to think about. Maybe it makes sense to do it selectively (for those hooks that are run inside the container -- AFAIR not all of them are)
kolyshkin
force-pushed
the
opt-env
branch
2 times, most recently
from
9b67a06
to
b0512bc
Compare
Interesting; I didn't know about that discrepancy; sounds like something that wouldn't hurt to define in the OCI spec; given that all original implementations were in Go, and ISTR Docker also had its own code to remove duplicates, I'm inclined to describe that as the expected behavior (possibly recommend producers of the OCI config to handle duplicates themselves to prevent any ambiguity). |
I was not entirely correct here. Let me rephrase this:
On an unrelated note, I also took a look at crun and it seems it is following runc logic, calling |
|
PTAL @opencontainers/runc-maintainers |
LGTM, it’s a big step. |
There was a problem hiding this comment.
@kolyshkin left some comments, but seems great it makes a difference! This is marked for 1.3, though, but I guess you asking for reviews now means you want this for 1.2?
I'm fine with this in 1.2 or 1.3
Signed-off-by: Kir Kolyshkin <[email protected]>
Here's what it shows on my laptop (with -count 10 -benchtime 10s, summarized by benchstat): name time/op ExecInBigEnv-20 61.7ms ± 4% Signed-off-by: Kir Kolyshkin <[email protected]>
The current implementation sets all the environment variables passed in Process.Env in the current process, one by one, then uses os.Environ to read those back. As pointed out in [1], this is slow, as runc calls os.Setenv for every variable, and there may be a few thousands of those. Looking into how os.Setenv is implemented, it is indeed slow, especially when cgo is enabled. Looking into why it was implemented, I found commit 9744d72 and traced it to [2], which discusses the actual reasons. At the time were: - HOME is not passed into container as it is set in setupUser by os.Setenv and has no effect on config.Env; - there is no deduplication of environment variables. Yet it was decided to not go ahead with this patch, but later [3] was merged with the carry of this patch. Now, from what I see: 1. Passing environment to exec is way faster than using os.Setenv and os.Environ (tests show ~20x faster in simple Go test, and 2x faster in real-world test, see below). 2. Setting environment variables in the runc context can result is ugly side effects (think GODEBUG, LD_PRELOAD, or _LIBCONTAINER_*). 3. Nothing in runtime spec says that the environment needs to be deduplicated, or the order of preference (whether the first or the last value of a variable with the same name is to be used). We should stick to what we have in order to maintain backward compatibility. This patch: - switches to passing env directly to exec; - adds deduplication mechanism to retain backward compatibility; - sets PATH from process.Env in the current process; - adds HOME to process.Env if not set; - removes os.Clearenv call as it's no longer needed. The benchmark added by the previous commit shows 2x improvement: > name old time/op new time/op delta > ExecInBigEnv-20 61.7ms ± 4% 24.9ms ±14% -59.73% (p=0.000 n=10+10) The remaining questions are: - are there any potential regressions (for example, from not setting values from process.Env to the current process); - should deduplication show warnings (maybe promoted to errors later); - whether a default for PATH (e.g "/bin:/usr/bin" should be added, when PATH is not set (most software does that). [1]: opencontainers#1983 [2]: docker-archive/libcontainer#418 [3]: docker-archive/libcontainer#432 Signed-off-by: Kir Kolyshkin <[email protected]>
This is a rework/carry of #1983.
The current implementation sets all the environment variables passed in
Process.Envin the current process, one by one, then usesos.Environtoread those back.
As pointed out in 1, this is slow, as runc calls
os.Setenvforevery variable, and there may be a few thousands of those.
Looking into why it was implemented, I found commit 9744d72 and traced
it to 2, which discusses the actual reasons. At the time were:
os.Setenv and has no effect on config.Env;
Yet it was decided to not go ahead with this patch, but later 3 was
merged with the carry of this patch.
Now, from what I see:
os.Setenvandos.Environment()(tests show ~20x faster in simple Go test, and 2xfaster in real-world test, see below).
side effects (think
GODEBUG,LD_PRELOAD,_LIBCONTAINER_*).deduplicated, or the order of preference (whether the first or the
last value of a variable with the same name is to be used). In C
(Linux/glibc), the first value is used. In Go, it's the last one.
We should probably stick to what we have in order to maintain
backward compatibility.
This patch:
PATHfromprocess.Envin the current process (same as before);HOMEtoprocess.Envif not set (same as before);The benchmark added shows 2x improvement
for in-container exec with 5000 environment variables:
The remaining questions are:
values from
process.Envto the current process);PATH(e.g"/bin:/usr/bin"should be added,when
PATHis not set.