[lxc-users] Enabling real time support in containers
Peter Steele
pwsteele at gmail.com
Fri Mar 31 17:16:55 UTC 2017
On 03/28/2017 07:55 AM, Serge E. Hallyn wrote:
> Is this using a user namespace or not?
I am not using a user namespace. This in intended to be a privileged
container with everything running as root. Although I am planning on
using a custom CentOS template I've created, I can reproduce the problem
with the stock "centos" template provided by LXC. I created a container
using the following steps:
lxc-create -n test1 -t centos
chroot /var/lib/lxc/test1/rootfs passwd
sed -i 's/lxcbr0/br0/' /var/lib/lxc/test1/config
sed -i 's/lxc.cap.drop = sys_nice/# lxc.cap.drop = sys_nice/'
/usr/share/lxc/config/centos.common.conf
lxc-start -n test1
lxc-attach -n test1
At this point I can get my container's DHCP assigned IP address and copy
my real-time test app to the container. The strace command shows the
following:
# lxc-attach -n test1
[root at test1 ~]# strace ./rttest
execve("./rttest", ["./rttest"], [/* 25 vars */]) = 0
brk(0) = 0x825000
...
sched_setscheduler(285, SCHED_FIFO, { 92 }) = -1 EPERM (Operation not
permitted)
tgkill(284, 285, SIGRTMIN) = 0
write(1, "Unable to start rt thread, rc=1\n", 32Unable to start rt
thread, rc=1
) = 32
futex(0x7ff9f1a47908, FUTEX_WAIT_PRIVATE, 2, NULL) = 0
futex(0x7ff9f1a47908, FUTEX_WAKE_PRIVATE, 1) = 0
exit_group(0) = ?
+++ exited with 0 +++
As you can see, the sched_setscheduler() call fails with an EPERM error.
This same app runs fine on the host.
Ultimately I expect this app to fail when run under my container since I
have not given the container any real time bandwidth. I had hoped the option
lxc.cgroup.cpu.rt_runtime_us = 475000
would do the trick but this option is rejected with anything other than
"0". So presumably this isn't the correct way to give a container real
time bandwidth.
I have more experience with the libvirt-lxc framework and I have been
able to enable real time support for containers under libvirt. The
approach used in this case involves explicitly setting cgroup
parameters, specifically
/sys/fs/cgroup/cpu/machine.slice/cpu.rt_runtime_us
under the host and
/sys/fs/cgroup/cpu/cpu.rt_runtime_us
under the container. For example, I might do something like this:
echo 500000 >/sys/fs/cgroup/cpu/machine.slice/cpu.rt_runtime_us -->
on the host
echo 25000 >/sys/fs/cgroup/cpu/cpu.rt_runtime_us --> on a container
These do not work for LXC based containers though.
Peter
More information about the lxc-users
mailing list