Hi,<br>I've a Centos 6 server with custom kernel 3.3.6 compiled (config from centos) that contains about 40 lxc.<br><br>I have compiled the kernel to resolve (unsuccessfully) an OOM issue. With:<br><font face="courier new, monospace">lxc.cgroup.memory.limit_in_bytes = 500M<br>
lxc.cgroup.memory.memsw.limit_in_bytes = 500M<br>lxc.cgroup.memory.oom_control = 0<br></font>when the memory rises above the limit the OOM-Killer sometimes (often) kill processes outside the container that triggered the limit.<br>
<br>To bypass that issue I have configured the containers like the following:<br><font face="courier new, monospace">lxc.utsname = test_oom<br>lxc.tty = 1<br>lxc.pts = 1024<br>lxc.rootfs = /lxc/containers/test_oom<br>lxc.mount = /conf/lxc/test_oom/fstab<br>
#networking<br>lxc.network.type = veth<br>lxc.network.flags = up<br>lxc.network.link = br0<br><a href="http://lxc.network.name">lxc.network.name</a> = eth0<br>lxc.network.mtu = 1500<br>lxc.network.ipv4 = X.X.X.X/27<br>lxc.network.hwaddr = xx:xx:xx:xx:xx:xx<br>
lxc.network.veth.pair = veth-xxx<br>#cgroups<br>lxc.cgroup.devices.deny = a<br># /dev/null and zero<br>lxc.cgroup.devices.allow = c 1:3 rwm<br>lxc.cgroup.devices.allow = c 1:5 rwm<br># consoles<br>lxc.cgroup.devices.allow = c 5:1 rwm<br>
# tty<br>lxc.cgroup.devices.allow = c 5:0 rwm<br>lxc.cgroup.devices.allow = c 4:0 rwm<br>lxc.cgroup.devices.allow = c 4:1 rwm<br># /dev/{,u}random<br>lxc.cgroup.devices.allow = c 1:9 rwm<br>lxc.cgroup.devices.allow = c 1:8 rwm<br>
lxc.cgroup.devices.allow = c 136:* rwm<br>lxc.cgroup.devices.allow = c 5:2 rwm<br># rtc<br>lxc.cgroup.devices.allow = c 254:0 rwm<br># cpu<br>lxc.cgroup.cpuset.cpus = 3<br>#mem<br>lxc.cgroup.memory.limit_in_bytes = 500M<br>
lxc.cgroup.memory.memsw.limit_in_bytes = 500M<br><b>lxc.cgroup.memory.oom_control = 1</b><br>#capabilities<br>lxc.cap.drop = sys_module mac_override mac_admin<br></font><br><div>and I've created mine OOM-killer, using eventfd, cgroup.event_control, cgroup.procs, memory.oom_control, etc..<br>
That program works great, killing right processes. I've also set up the maximum possible value for this sysctl parameter (<a href="http://www.linuxinsight.com/proc_sys_vm_vfs_cache_pressure.html">http://www.linuxinsight.com/proc_sys_vm_vfs_cache_pressure.html</a>) to bypass a SLAB cache problem.</div>
<div><br></div><div>But the issue with OOM continue, for example some minutes ago OOM-Killer has been executed, writing in syslog:</div><br><font face="courier new, monospace">kernel: Out of memory: Kill process 19981 (httpd) score 12 or sacrifice child<br>
kernel: Killed process 20859 (httpd) total-vm:1022216kB, anon-rss:416736kB, file-rss:124kB<br>kernel: httpd invoked oom-killer: gfp_mask=0x0, order=0, oom_adj=0, oom_score_adj=0<br>kernel: httpd cpuset=<container> mems_allowed=0<br>
kernel: Pid: 19987, comm: httpd Not tainted 3.3.6 #4<br>kernel: Call Trace:<br>kernel: [<ffffffff8110f07b>] dump_header+0x8b/0x1e0<br>kernel: [<ffffffff8110eb4f>] ? find_lock_task_mm+0x2f/0x80<br>kernel: [<ffffffff811f93c5>] ? security_capable_noaudit+0x15/0x20<br>
kernel: [<ffffffff8110f8b5>] oom_kill_process+0x85/0x170<br>kernel: [<ffffffff8110fa9f>] out_of_memory+0xff/0x210<br>kernel: [<ffffffff8110fc75>] pagefault_out_of_memory+0xc5/0x110<br>kernel: [<ffffffff81041cfc>] mm_fault_error+0xbc/0x1b0<br>
kernel: [<ffffffff81506873>] do_page_fault+0x3c3/0x460<br>kernel: [<ffffffff81171253>] ? sys_newfstat+0x33/0x40<br>kernel: [<ffffffff81503075>] page_fault+0x25/0x30</font><div><font face="courier new, monospace">...<br>
</font><br>and killing a process outside the container that has invoked it. But I've disable OOM-killer completely for containers processes!<br>I think this is a bug in kernel code.<br><div><br>Each containers has own filesystem in a LV like this:<br>
<font face="courier new, monospace">/dev/mapper/lxcbox--01.mmfg.it--vg-test_oom on /lxc/containers/test_oom type ext3 (rw)</font><br>and is a development server with init, rsyslog, mingetty, apache, ssh and crontab.<br><br>
Someone can help me to understand where is the problem with oom?<br><br>Thank you!<br clear="all"><div><br></div>-- <br><br>Davide Belloni<br>
</div></div>