[lxc-users] using cgroups
Rob Edgerton
redgerhoo at yahoo.com.au
Thu Jun 30 02:39:37 UTC 2016
On Thursday, 30 June 2016, 11:36, Serge E. Hallyn <serge at hallyn.com> wrote:
On Thu, Jun 30, 2016 at 11:24:25AM +1000, Rob wrote:
> On 30/06/2016 10:36 AM, Serge E. Hallyn wrote:
> >Quoting Rob Edgerton (redgerhoo at yahoo.com.au):
> >> lxc-start 20160628155820.614 ERROR lxc_cgfsng - cgfsng.c:cgfsng_setup_limits:1662 - No such file or directory - Error setting cpuset.cpus to 1-3 for trusty_unp_ibvpn
> >ENOENT - that's unexpected...
> >
> >> lxc-start 20160628155820.615 ERROR lxc_start - start.c:lxc_spawn:1180 - failed to setup the cgroup limits for @virt-host:~$cgm --version
> >>0.29
> >Can you show 'dpkg -l | grep cgmanager' ?
> >
> >as well as cat /etc/*release
> >
> >Hi, For /proc/self/cgroup and /proc/self/mountinfo, we actually
> >need to see the contents. Can you show 'cat /proc/self/cgroup' and
> >'cat /proc/self/mountinfo'? -serge
> >_______________________________________________ lxc-users mailing
> >list lxc-users at lists.linuxcontainers.org
> >http://lists.linuxcontainers.org/listinfo/lxc-users
> hi Serge,
> here is the follow up info (note that I cut the msg above in order
> to reduce size)
>
> $ dpkg -l | grep cgmanager
> ii cgmanager 0.39-2ubuntu5 amd64
> Central cgroup manager daemon
> ii libcgmanager0:amd64 0.39-2ubuntu5
> amd64 Central cgroup manager daemon (client library)
>
> $ cat /etc/*release
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=16.04
> DISTRIB_CODENAME=xenial
> DISTRIB_DESCRIPTION="Ubuntu 16.04 LTS"
> NAME="Ubuntu"
> VERSION="16.04 LTS (Xenial Xerus)"
> ID=ubuntu
> ID_LIKE=debian
> PRETTY_NAME="Ubuntu 16.04 LTS"
> VERSION_ID="16.04"
> HOME_URL="http://www.ubuntu.com/"
> SUPPORT_URL="http://help.ubuntu.com/"
> BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
> UBUNTU_CODENAME=xenial
>
>
> $ cat /proc/self/cgroup
> 11:blkio:/user.slice
> 10:hugetlb:/
> 9:freezer:/user/redger/1
> 8:pids:/user.slice/user-1000.slice
> 7:perf_event:/
> 6:cpu,cpuacct:/user.slice
> 5:net_cls,net_prio:/
> 4:devices:/user.slice
> 3:memory:/user/redger/1
> 2:cpuset:/
Oh, ok. I'm sorry, this should have been obvious to me from the start.
You need to edit /etc/pam.d/common-session and change the line that's
something like
session optional pam_cgfs.so -c freezer,memory,name=systemd
to add ",cpuset" at the end, i.e.
session optional pam_cgfs.so -c freezer,memory,name=systemd,cpuset
It has been removed from the default because on systems which do a lot
of cpu hotplugging it can be a problem: with the legacy (non-unified)
cpuset hierarchy, when you unplug a cpu that is part of /user, it gets
removed, but when you re-plug it it does not get re-added.
hi Serge,thanks for the response.
I updated pam.d/common-session# ================= RE Changed ================= #
#session optional pam_cgfs.so -c freezer,memory,name=systemd
session optional pam_cgfs.so -c freezer,memory,name=systemd,cpuset
# ================= RE Changed ================= #
then restarted, with similar result. Further, the config contains auth for using USB devices too# USB devices
lxc.cgroup.devices.allow = c 10:200 rwm# CPU & Memory limits
lxc.cgroup.cpuset.cpus = 1-3
lxc.cgroup.cpu.shares = 256
lxc.cgroup.memory.limit_in_bytes = 4G
lxc.cgroup.blkio.weight = 500
Commenting out the first line still results in start failure, as do the other lines. Even just uncommenting the memory.limit lines leads to failure with$ lxc-start -n trusty_unp_ibvpn -F
lxc-start: cgfsng.c: cgfsng_setup_limits: 1645 No devices cgroup setup for trusty_unp_ibvpn
lxc-start: start.c: lxc_spawn: 1226 failed to setup the devices cgroup for 'trusty_unp_ibvpn'
lxc-start: start.c: __lxc_start: 1353 failed to spawn 'trusty_unp_ibvpn'
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.
here's a sample log sequence where ONLY "lxc.cgroup.memory.limit_in_bytes = 4G" was uncommented
lxc-start 20160630023739.583 INFO lxc_conf - conf.c:lxc_create_tty:3303 - tty's configured
lxc-start 20160630023739.583 INFO lxc_conf - conf.c:setup_tty:995 - 4 tty(s) has been setup
lxc-start 20160630023739.583 INFO lxc_conf - conf.c:setup_personality:1393 - set personality to '0x0'
lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2056 - drop capability 'mac_admin' (33)
lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2056 - drop capability 'mac_override' (32)
lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2056 - drop capability 'sys_time' (25)
lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2056 - drop capability 'sys_module' (16)
lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2056 - drop capability 'sys_rawio' (17)
lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2065 - capabilities have been setup
lxc-start 20160630023739.583 NOTICE lxc_conf - conf.c:lxc_setup:3839 - 'trusty_unp_ibvpn' is setup.
lxc-start 20160630123739.583 ERROR lxc_cgfsng - cgfsng.c:cgfsng_setup_limits:1645 - No devices cgroup setup for trusty_unp_ibvpn
lxc-start 20160630123739.583 ERROR lxc_start - start.c:lxc_spawn:1226 - failed to setup the devices cgroup for 'trusty_unp_ibvpn'
lxc-start 20160630123739.583 ERROR lxc_start - start.c:__lxc_start:1353 - failed to spawn 'trusty_unp_ibvpn'
lxc-start 20160630123739.633 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.reboot.hook' for container 'trusty_unp_ibvpn', config section 'lxc'
lxc-start 20160630123740.147 ERROR lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
lxc-start 20160630123740.147 ERROR lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160630/5379f026/attachment.html>
More information about the lxc-users
mailing list