[lxc-devel] [RFC] cgmanager and lxc: handle unified hierarchy
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Jun 30 15:23:17 UTC 2015
Quoting Serge Hallyn (serge.hallyn at ubuntu.com):
> Hi,
>
> following are two patches which enable cgmanager and lxc to run on top of
> the unified cgroup hierarchy.
>
> So far cgmanager and lxc (as most userspace software) has only supported the
> legacy hierarchy. Here each controller can be mounted in separate hierarchies
> or co-mounted as desired (so for instance memory controller can be administered
> per-uid, while cpuset could be administered per-application indepedent of
> uids). Tasks may be added to any cgroup. When a new cgroup is created, it
> automatically is setup to use the co-mounted controllers.
>
> With the unified hierarchy, there is only one hierarchy. That's not really
> a problem for cgmanager and lxc, though it may be for some users. More
> importantly, (a) newly created cgroups have no enabled controllers until
> they are manually enabled using the cgroup.subtree_control file, and (b) tasks
> may only exist in leaf nodes with no controllers enabled.
>
> This patchset updates cgmanager to offer the existing (legacy-based) API
> over both legacy and unified hierarchies. (This leaves us free to (soon)
> offer a v2 API (alongside the v1 API) which is less filesystem-like and
> a more general resource limit API.) When a v1 API call is made with the
> unified hierarchy mounted, cgmanager will emulate the legacy API. Any
> Create call will create a cgroup with all controllers enabled, while a
> MovePid will create a private leaf node called ".cgm_leaf" with no controllers
> enabled, and move tasks there. SetValue will set the requested value to
> both the cgroup and, if it exists, the leaf directory.
>
> The current patches allow both privileged and unprivileged containers to
> be started. It should also allow lxc in containers running older releases
> (with minimal, SRU-able changes) to be run on future hosts with the
> unified hierarchy, i.e. Ubuntu 16.04.
Hi,
It would be really swell if people could do some reviewing of and
experimentation with these patches. I'd like to get this handled
by default asap, so we can look toward the next step - a more
abstract cgroup API offered by cgmanager (and maybe, here's hoping,
shared with systemd).
More information about the lxc-devel
mailing list