[lxc-users] Enabling real time support in containers

Peter Steele pwsteele at gmail.com
Fri Mar 31 17:16:55 UTC 2017


On 03/28/2017 07:55 AM, Serge E. Hallyn wrote:
> Is this using a user namespace or not?

I am not using a user namespace. This in intended to be a privileged 
container with everything running as root. Although I am planning on 
using a custom CentOS template I've created, I can reproduce the problem 
with the stock "centos" template provided by LXC. I created a container 
using the following steps:

lxc-create -n test1 -t centos
chroot /var/lib/lxc/test1/rootfs passwd
sed -i 's/lxcbr0/br0/' /var/lib/lxc/test1/config
sed -i 's/lxc.cap.drop = sys_nice/# lxc.cap.drop = sys_nice/' 
/usr/share/lxc/config/centos.common.conf
lxc-start -n test1
lxc-attach -n test1

At this point I can get my container's DHCP assigned IP address and copy 
my real-time test app to the container. The strace command shows the 
following:

# lxc-attach -n test1
[root at test1 ~]# strace ./rttest
execve("./rttest", ["./rttest"], [/* 25 vars */]) = 0
brk(0)                                  = 0x825000
...
sched_setscheduler(285, SCHED_FIFO, { 92 }) = -1 EPERM (Operation not 
permitted)
tgkill(284, 285, SIGRTMIN)              = 0
write(1, "Unable to start rt thread, rc=1\n", 32Unable to start rt 
thread, rc=1
) = 32
futex(0x7ff9f1a47908, FUTEX_WAIT_PRIVATE, 2, NULL) = 0
futex(0x7ff9f1a47908, FUTEX_WAKE_PRIVATE, 1) = 0
exit_group(0)                           = ?
+++ exited with 0 +++

As you can see, the sched_setscheduler() call fails with an EPERM error. 
This same app runs fine on the host.

Ultimately I expect this app to fail when run under my container since I 
have not given the container any real time bandwidth. I had hoped the option

lxc.cgroup.cpu.rt_runtime_us = 475000

would do the trick but this option is rejected with anything other than 
"0". So presumably this isn't the correct way to give a container real 
time bandwidth.

I have more experience with the libvirt-lxc framework and I have been 
able to enable real time support for containers under libvirt. The 
approach used in this case involves explicitly setting cgroup 
parameters, specifically

/sys/fs/cgroup/cpu/machine.slice/cpu.rt_runtime_us

under the host and

/sys/fs/cgroup/cpu/cpu.rt_runtime_us

under the container. For example, I might do something like this:

echo 500000 >/sys/fs/cgroup/cpu/machine.slice/cpu.rt_runtime_us      --> 
on the host
echo 25000 >/sys/fs/cgroup/cpu/cpu.rt_runtime_us      --> on a container

These do not work for LXC based containers though.

Peter



More information about the lxc-users mailing list