<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Hi, </span><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
I've a Centos 6 server with custom kernel 3.3.6 compiled (config from centos) that contains about 40 <span class="il" style="background-color:rgb(255,255,204)">lxc</span>.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">I have compiled the kernel to resolve (unsuccessfully) an OOM issue. With:</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.memory.limit_in_bytes = 500M</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.memory.memsw.limit_in_bytes = 500M</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.memory.oom_control = 0</font></div></div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">when the memory rises above the limit the OOM-Killer sometimes (often) kill processes outside the container that triggered the limit.</span><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">To bypass that issue I have configured the containers like the following:<div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.utsname = test_oom</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.tty = 1</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.pts = 1024</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.rootfs = /<span class="il" style="background-color:rgb(255,255,204)">lxc</span>/containers/test_oom</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.mount = /conf/<span class="il" style="background-color:rgb(255,255,204)">lxc</span>/test_oom/fstab</font></div>
<div><font face="courier new, monospace">#networking</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.network.type = veth</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.network.flags = up</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.network.link = br0</font></div><div><font face="courier new, monospace"><a href="http://lxc.network.name/" target="_blank" style="color:rgb(17,85,204)"><span class="il" style="background-color:rgb(255,255,204);color:rgb(34,34,34);background-repeat:initial initial">lxc</span>.network.name</a> = eth0</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.network.mtu = 1500</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.network.ipv4 = X.X.X.X/27</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.network.hwaddr = xx:xx:xx:xx:xx:xx</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.network.veth.pair = veth-xxx</font></div>
<div><font face="courier new, monospace">#cgroups</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.deny = a</font></div><div><font face="courier new, monospace"># /dev/null and zero</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.allow = c 1:3 rwm</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.allow = c 1:5 rwm</font></div>
<div><font face="courier new, monospace"># consoles</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.allow = c 5:1 rwm</font></div><div>
<font face="courier new, monospace"># tty</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.allow = c 5:0 rwm</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.allow = c 4:0 rwm</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.allow = c 4:1 rwm</font></div><div><font face="courier new, monospace"># /dev/{,u}random</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.allow = c 1:9 rwm</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.allow = c 1:8 rwm</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.allow = c 136:* rwm</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.allow = c 5:2 rwm</font></div>
<div><font face="courier new, monospace"># rtc</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.devices.allow = c 254:0 rwm</font></div><div>
<font face="courier new, monospace"># cpu</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.cpuset.cpus = 3</font></div><div><font face="courier new, monospace">#mem</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.memory.limit_in_bytes = 500M</font></div><div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.memory.memsw.limit_in_bytes = 500M</font></div>
<div><font face="courier new, monospace"><b><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cgroup.memory.oom_control = 1</b></font></div><div><font face="courier new, monospace">#capabilities</font></div>
<div><font face="courier new, monospace"><span class="il" style="background-color:rgb(255,255,204)">lxc</span>.cap.drop = sys_module mac_override mac_admin</font></div></div><div><br></div><div>and I've created mine OOM-killer, using eventfd, cgroup.event_control, cgroup.procs, memory.oom_control, etc..</div>
<div>That program works great, killing right processes, but now I've a SLAB cache problem.</div><div><br></div><div>Often, after some hours, the containers occupy a lot of SLAB cache (over 100~200MB), specially dentry and ext3_inode_cache. So the kernel doesn't reclaim the cache like with OOM-killer.</div>
<div>This decreases the limit unpredictably, that become useless! </div><div><br></div><div><div>Each containers has own filesystem in a LV like this:</div><div><font face="courier new, monospace">/dev/mapper/lxcbox--01.mmfg.it--vg-test_oom on /<span class="il" style="background-color:rgb(255,255,204)">lxc</span>/containers/test_oom type ext3 (rw)</font></div>
</div><div><br></div><div>and is a development server with init, rsyslog, mingetty, apache, ssh and crontab.</div><div><br></div><div>Someone can help me to understand what I am mistaking or where is the problem with slab cache unreclaimed?</div>
<div><br></div><div>Thank you!</div></div>