<div dir="ltr">Hi,<div><br></div><div>thank you for your answer. It looks like the pxe preseed installation missed to add "swapaccount=1" to the kernel cmdline.</div><div><br></div><div>Regards,</div><div>Flo</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Apr 24, 2014 at 5:52 PM, S.Çağlar Onur <span dir="ltr"><<a href="mailto:caglar@10ur.org" target="_blank">caglar@10ur.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
On Thu, Apr 24, 2014 at 6:42 AM, Flo <<a href="mailto:florian.engelmann@gmail.com">florian.engelmann@gmail.com</a>> wrote:<br>
> Hi,<br>
><br>
> I just installed a fresh Ubuntu 14.04 amd64 and tried to start a container<br>
> with the following configuration:<br>
><br>
> # Common configuration<br>
> # Autostart the container after a host reboot<br>
> lxc.start.auto = 1<br>
><br>
> # Default pivot location<br>
> lxc.pivotdir = lxc_putold<br>
><br>
> # Default mount entries<br>
> lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0<br>
> lxc.mount.entry = sysfs sys sysfs defaults 0 0<br>
> lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none<br>
> bind,optional 0 0<br>
> lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0<br>
> lxc.mount.entry = /sys/kernel/security sys/kernel/security none<br>
> bind,optional 0 0<br>
> lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0<br>
><br>
> # Default console settings<br>
> lxc.devttydir = lxc<br>
> lxc.tty = 4<br>
> lxc.pts = 1024<br>
><br>
> # Default capabilities<br>
> lxc.cap.drop = sys_module mac_admin mac_override sys_time<br>
><br>
> # When using LXC with apparmor, the container will be confined by default.<br>
> # If you wish for it to instead run unconfined, copy the following line<br>
> # (uncommented) to the container's configuration file.<br>
> #lxc.aa_profile = unconfined<br>
><br>
> # To support container nesting on an Ubuntu host while retaining most of<br>
> # apparmor's added security, use the following two lines instead.<br>
> #lxc.aa_profile = lxc-container-default-with-nesting<br>
> #lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups<br>
><br>
> # Uncomment the following line to autodetect squid-deb-proxy configuration<br>
> on the<br>
> # host and forward it to the guest at start time.<br>
> #lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client<br>
><br>
> # If you wish to allow mounting block filesystems, then use the following<br>
> # line instead, and make sure to grant access to the block device and/or<br>
> loop<br>
> # devices below in lxc.cgroup.devices.allow.<br>
> #lxc.aa_profile = lxc-container-default-with-mounting<br>
><br>
> # Default cgroup limits<br>
> lxc.cgroup.devices.deny = a<br>
> ## Allow any mknod (but not using the node)<br>
> lxc.cgroup.devices.allow = c *:* m<br>
> lxc.cgroup.devices.allow = b *:* m<br>
> ## /dev/null and zero<br>
> lxc.cgroup.devices.allow = c 1:3 rwm<br>
> lxc.cgroup.devices.allow = c 1:5 rwm<br>
> ## consoles<br>
> lxc.cgroup.devices.allow = c 5:0 rwm<br>
> lxc.cgroup.devices.allow = c 5:1 rwm<br>
> ## /dev/{,u}random<br>
> lxc.cgroup.devices.allow = c 1:8 rwm<br>
> lxc.cgroup.devices.allow = c 1:9 rwm<br>
> ## /dev/pts/*<br>
> lxc.cgroup.devices.allow = c 5:2 rwm<br>
> lxc.cgroup.devices.allow = c 136:* rwm<br>
> ## rtc<br>
> lxc.cgroup.devices.allow = c 254:0 rm<br>
> ## fuse<br>
> lxc.cgroup.devices.allow = c 10:229 rwm<br>
> ## tun<br>
> lxc.cgroup.devices.allow = c 10:200 rwm<br>
> ## full<br>
> lxc.cgroup.devices.allow = c 1:7 rwm<br>
> ## hpet<br>
> lxc.cgroup.devices.allow = c 10:228 rwm<br>
> ## kvm<br>
> lxc.cgroup.devices.allow = c 10:232 rwm<br>
> ## To use loop devices, copy the following line to the container's<br>
> ## configuration file (uncommented).<br>
> #lxc.cgroup.devices.allow = b 7:* rwm<br>
><br>
> # Container specific configuration<br>
> lxc.rootfs = /dev/lxc1/app01-jobs2-prodm<br>
> lxc.mount = /var/lib/lxc/app01-xxx/fstab<br>
> lxc.utsname = app01-xxx<br>
> lxc.arch = amd64<br>
><br>
> # Network configuration<br>
> lxc.network.type = veth<br>
> lxc.network.link = prodf<br>
> lxc.network.flags = up<br>
> <a href="http://lxc.network.name" target="_blank">lxc.network.name</a> = front<br>
> lxc.network.hwaddr = 00:16:3f:6c:3b:28<br>
> lxc.network.type = veth<br>
> lxc.network.link = prodb<br>
> lxc.network.flags = up<br>
> <a href="http://lxc.network.name" target="_blank">lxc.network.name</a> = back<br>
> lxc.network.hwaddr = 00:16:3b:c3:8c:a5<br>
><br>
> #<br>
> #<br>
> # write console output to file<br>
> lxc.console = /var/lib/lxc/app01-xxx/console.out<br>
> #<br>
> # restrict CPU time (default=1024)<br>
> #lxc.cgroup.cpu.shares = 1024<br>
> # restrict IO weight (range 10-1000)<br>
> #lxc.cgroup.blkio.weight = 1000<br>
> # limit memory<br>
> lxc.cgroup.memory.limit_in_bytes = 16G<br>
> ##lxc.cgroup.memory.soft_limit_in_bytes = 15G<br>
> # memory + swap limit (20G - 16G = 4G SWAP)<br>
> lxc.cgroup.memory.memsw.limit_in_bytes = 20G<br>
><br>
> # enable cgroupd inside the container<br>
> lxc.mount.auto = cgroup:mixed<br>
><br>
> but starting the container failrs with:<br>
><br>
> lxc-start 1398334434.479 ERROR lxc_cgmanager - call to<br>
> cgmanager_set_value_sync failed: invalid request<br>
> lxc-start 1398334434.479 ERROR lxc_cgmanager - Error setting cgroup<br>
> memory.memsw.limit_in_bytes limit lxc/app01-jobs2-prodm<br>
> lxc-start 1398334434.479 ERROR lxc_cgmanager - Error setting<br>
> memory.memsw.limit_in_bytes to 20G for app01-xxx<br>
> lxc-start 1398334434.479 ERROR lxc_start - failed to setup the<br>
> cgroup limits for 'app01-xxx'<br>
> lxc-start 1398334434.603 ERROR lxc_start - failed to spawn<br>
> 'app01-xxx'<br>
> lxc-start 1398334434.603 ERROR lxc_commands - command get_cgroup<br>
> failed to receive response<br>
><br>
> Is that hack:<br>
><br>
> cat << EOFlxc > /etc/init/lxc-unpriv-cgroup.conf<br>
> #start on starting systemd-logind and started cgroup-lite<br>
> #<br>
> #script<br>
> # set +e<br>
> #<br>
> # echo 1 > /sys/fs/cgroup/memory/memory.use_hierarchy<br>
> #<br>
> # for entry in /sys/fs/cgroup/*/cgroup.clone_children; do<br>
> # echo 1 > $entry<br>
> ## done<br>
> #<br>
> # exit 0<br>
> #end script<br>
><br>
> still needed?<br>
<br>
No, it's not. The issue is swap+memory accounting needs to be<br>
activated via kernel parameter on trusty, please take a look at<br>
<a href="http://askubuntu.com/questions/417215/how-does-kernel-support-swap-limit" target="_blank">http://askubuntu.com/questions/417215/how-does-kernel-support-swap-limit</a><br>
for more information.<br>
<br>
><br>
> _______________________________________________<br>
> lxc-users mailing list<br>
> <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
> <a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
<br>
Best,<br>
<span class="HOEnZb"><font color="#888888">--<br>
S.Çağlar Onur <<a href="mailto:caglar@10ur.org">caglar@10ur.org</a>><br>
_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a></font></span></blockquote></div><br></div>