[Lxc-users] concurrent aptitude/dpkg runs in separate containers --> bork bork bork
Trent W. Buck
twb at cybersource.com.au
Fri Feb 4 00:41:42 UTC 2011
Wrapping eatmydata around dpkg "fixes" the problem; details below.
Trent Buck wrote (offlist):
> As I now understand it, the facts are these:
>
> - lucid's dpkg uses an fsync-per-file
>
> - lucid-security's dpkg uses a sync-per-rename, because fsync was
> slow (only on ext4/btrfs, I think).
>
> - Because containers share a kernel, sync causes ALL writes to ALL
> filesystems to be flushed to disk, and dpkg blocks while this
> takes place.
>
> - Because the syncs come in quick succession, and there are writes
> on other containers (e.g. postfix, syslog, mysql), this borks at
> least dpkg, and likely other stuff.
>
> - using ext3 instead of ext4 won't help significantly. Reducing the
> commit interval from 60 (ext4 default) to 5 (ext3 default) might
> help a little.
>
> We can work around this issue in a few ways:
>
> - disable lucid-security (at least for dpkg), which should ensure
> only fsync is used. Possibly switch to ext3 to avoid problems
> with ext4 vs. fsync.
>
> - backport patches from Debian's latest dpkg to lucid-security's
> dpkg. NOT FUN.
>
> - backport dpkg from a newer ubuntu release. NOT FUN.
>
> - use the EATMYDATA package to discard all fsync and sync calls from
> dpkg.
>
> Using eatmydata, worst case is that dpkg is running AND there is a
> power outage, then THAT FILESYSTEM (i.e. not other fses) gets
> corrupted. i.e. worst case you lose that container and have to
> rebuild it. Non-container filesystems like home, cyber, mail should
> be completely safe.
>
> Therefore, I'm aiming to have lxc-create wrap /usr/bin/dpkg with
> eatmydata in containers. Omega itself will still call sync() when you
> apply security updates to it, but that happens an order of magnitude
> less often than containers running dpkg.
This worked: placing an unmodified eatmydata .deb from sid in a local
apt repo, and running the following:
aptitude install eatmydata -yq
dpkg-divert --rename /usr/bin/dpkg
cat >/usr/bin/dpkg <<-EOT
#!/bin/sh
exec eatmydata /usr/bin/dpkg.distrib "\$@"
EOT
chmod +x /usr/bin/dpkg
Daniel Lezcano <daniel.lezcano at free.fr> writes:
> Assuming you have an ubuntu version on your host, I think the kernel is
> compiled with DETECT_HUNG_TASK, where a kernel stack trace is displayed
> if a task stays in the 'D' state indefinitively. Do you have such stack
> on your logs ?
That is the case, here are the entries I have:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tmp
Type: text/x-mail
Size: 18759 bytes
Desc: dmesg hung tasks
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110204/f8170f65/attachment.bin>
More information about the lxc-users
mailing list