[lxc-devel] [lxd/master] Fix LXD on CGroupV2-only systems
stgraber on Github
lxc-bot at linuxcontainers.org
Mon Sep 24 21:41:53 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180924/c921eb7e/attachment.bin>
-------------- next part --------------
From 00e6bfb1c8bbb2b68cc562cd25da1844ea69c536 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 24 Sep 2018 13:34:14 -0400
Subject: [PATCH 1/2] Makefile: Set LDFLAGS for dqlite
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 415f52a566..cec6a61421 100644
--- a/Makefile
+++ b/Makefile
@@ -52,7 +52,7 @@ deps:
cd "$(GOPATH)/deps/dqlite" && \
autoreconf -i && \
PKG_CONFIG_PATH="$(GOPATH)/deps/sqlite/" ./configure && \
- make CFLAGS="-I$(GOPATH)/deps/sqlite/"
+ make CFLAGS="-I$(GOPATH)/deps/sqlite/" LDFLAGS="-L$(GOPATH)/deps/sqlite/.libs/"
# environment
@echo ""
From 445d57ac50efa9a51cb60526de29cc048217cf9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 24 Sep 2018 14:43:04 -0400
Subject: [PATCH 2/2] lxd: Fix handling of CGroup-V2 systems
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #4557
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/container_lxc.go | 34 +++++++++++++++++++++++-----------
lxd/container_state.go | 8 ++++++++
lxd/sys/cgroup.go | 2 ++
lxd/sys/os.go | 1 +
4 files changed, 34 insertions(+), 11 deletions(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 90f6c124aa..73f9f7764d 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -2741,7 +2741,7 @@ func (c *containerLXC) Stop(stateful bool) error {
if c.state.OS.CGroupPidsController {
// Attempt to disable forking new processes
c.CGroupSet("pids.max", "0")
- } else {
+ } else if c.state.OS.CGroupFreezerController {
// Attempt to freeze the container
freezer := make(chan bool, 1)
go func() {
@@ -2937,16 +2937,22 @@ func (c *containerLXC) Freeze() error {
"ephemeral": c.ephemeral,
"used": c.lastUsedDate}
- // Check that we're not already frozen
- if c.IsFrozen() {
- return fmt.Errorf("The container is already frozen")
- }
-
// Check that we're running
if !c.IsRunning() {
return fmt.Errorf("The container isn't running")
}
+ // Check if the CGroup is available
+ if !c.state.OS.CGroupFreezerController {
+ logger.Info("Unable to freeze container (lack of kernel support)", ctxMap)
+ return nil
+ }
+
+ // Check that we're not already frozen
+ if c.IsFrozen() {
+ return fmt.Errorf("The container is already frozen")
+ }
+
logger.Info("Freezing container", ctxMap)
// Load the go-lxc struct
@@ -2977,16 +2983,22 @@ func (c *containerLXC) Unfreeze() error {
"ephemeral": c.ephemeral,
"used": c.lastUsedDate}
- // Check that we're frozen
- if !c.IsFrozen() {
- return fmt.Errorf("The container is already running")
- }
-
// Check that we're running
if !c.IsRunning() {
return fmt.Errorf("The container isn't running")
}
+ // Check if the CGroup is available
+ if !c.state.OS.CGroupFreezerController {
+ logger.Info("Unable to unfreeze container (lack of kernel support)", ctxMap)
+ return nil
+ }
+
+ // Check that we're frozen
+ if !c.IsFrozen() {
+ return fmt.Errorf("The container is already running")
+ }
+
logger.Info("Unfreezing container", ctxMap)
// Load the go-lxc struct
diff --git a/lxd/container_state.go b/lxd/container_state.go
index 50dfd5a19d..884b03c3fb 100644
--- a/lxd/container_state.go
+++ b/lxd/container_state.go
@@ -172,12 +172,20 @@ func containerStatePut(d *Daemon, r *http.Request) Response {
return nil
}
case shared.Freeze:
+ if !d.os.CGroupDevicesController {
+ return BadRequest(fmt.Errorf("This system doesn't support freezing containers"))
+ }
+
opType = db.OperationContainerFreeze
do = func(op *operation) error {
c.SetOperation(op)
return c.Freeze()
}
case shared.Unfreeze:
+ if !d.os.CGroupDevicesController {
+ return BadRequest(fmt.Errorf("This system doesn't support unfreezing containers"))
+ }
+
opType = db.OperationContainerUnfreeze
do = func(op *operation) error {
c.SetOperation(op)
diff --git a/lxd/sys/cgroup.go b/lxd/sys/cgroup.go
index 52cb2f9775..d1dbd8243d 100644
--- a/lxd/sys/cgroup.go
+++ b/lxd/sys/cgroup.go
@@ -15,6 +15,7 @@ func (s *OS) initCGroup() {
&s.CGroupCPUacctController,
&s.CGroupCPUsetController,
&s.CGroupDevicesController,
+ &s.CGroupFreezerController,
&s.CGroupMemoryController,
&s.CGroupNetPrioController,
&s.CGroupPidsController,
@@ -45,6 +46,7 @@ var cGroups = []struct {
{"cpuacct", cGroupMissing("CPUacct controller", "CPU accounting will not be available")},
{"cpuset", cGroupMissing("CPUset controller", "CPU pinning will be ignored")},
{"devices", cGroupMissing("devices controller", "device access control won't work")},
+ {"freezer", cGroupMissing("freezer controller", "pausing/resuming containers won't work")},
{"memory", cGroupMissing("memory controller", "memory limits will be ignored")},
{"net_prio", cGroupMissing("network class controller", "network limits will be ignored")},
{"pids", cGroupMissing("pids controller", "process limits will be ignored")},
diff --git a/lxd/sys/os.go b/lxd/sys/os.go
index 98f9b2f88f..9e93da327a 100644
--- a/lxd/sys/os.go
+++ b/lxd/sys/os.go
@@ -52,6 +52,7 @@ type OS struct {
CGroupCPUacctController bool
CGroupCPUsetController bool
CGroupDevicesController bool
+ CGroupFreezerController bool
CGroupMemoryController bool
CGroupNetPrioController bool
CGroupPidsController bool
More information about the lxc-devel
mailing list