From lfbm.andamentos at gmail.com Sat Aug 8 15:20:17 2020 From: lfbm.andamentos at gmail.com (Luis Felipe Marzagao) Date: Sat, 8 Aug 2020 12:20:17 -0300 Subject: [lxc-users] No swap space inside containers In-Reply-To: References: Message-ID: <1dd41003-f5fd-85ee-db7a-43ae6c0d964b@gmail.com> Swap is ok on the host: manager at andromeda:~$ sudo swapon --show NAME TYPE SIZE USED PRIO /dev/zram0 partition 2G 256K 5 /dev/zram1 partition 2G 256K 5 /dev/zram2 partition 2G 256K 5 /dev/zram3 partition 2G 0B 5 /swapfile file 2G 0B -2 manager at andromeda:~$ free -h total used free shared buff/cache available Mem: 15G 11G 809M 53M 3.0G 3.5G Swap: 9.8G 768K 9.8G But there is no swap inside containers: manager at andromeda:~$ lxc exec pbx -- free -h total used free shared buff/cache available Mem: 15G 546M 14G 50M 187M 14G Swap: 0B 0B 0B manager at andromeda:~$ lxc exec sombrero -- free -h total used free shared buff/cache available Mem: 15G 630M 14G 164K 102M 14G Swap: 0B 0B 0B I didn´t change any settings regarding swap or memory. This is a pretty standard ubuntu + lxd installation. manager at andromeda:~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.4 LTS" manager at andromeda:~$ snap list Name Version Rev Tracking Publisher Notes core 16-2.45.2 9665 latest/stable canonical✓ core core18 20200724 1885 latest/stable canonical✓ base lxd 4.4 16530 latest/stable canonical✓ - Any pointers? Thanks a lot. From cornelis.bos at gmail.com Sat Aug 8 16:11:01 2020 From: cornelis.bos at gmail.com (Kees Bos) Date: Sat, 08 Aug 2020 18:11:01 +0200 Subject: [lxc-users] No swap space inside containers In-Reply-To: <1dd41003-f5fd-85ee-db7a-43ae6c0d964b@gmail.com> References: <1dd41003-f5fd-85ee-db7a-43ae6c0d964b@gmail.com> Message-ID: <621babc3cc743e3934ebb60c9beed5c83a3eeeff.camel@gmail.com> On Sat, 2020-08-08 at 12:20 -0300, Luis Felipe Marzagao wrote: > > Any pointers? > https://discuss.linuxcontainers.org/t/invalid-swaptotal-in-proc-meminfo-swaptotal-0/8231/17 From harald.dunkel at aixigo.com Thu Aug 13 07:02:30 2020 From: harald.dunkel at aixigo.com (Harald Dunkel) Date: Thu, 13 Aug 2020 09:02:30 +0200 Subject: [lxc-users] ghost services on LXC containers Message-ID: Hi folks, using Debian 10 and lxc 4.0.2 (or 4.0.4) I found ghost services in my containers. Sample: # cat /sys/fs/cgroup/unified/system.slice/cron.service/cgroup.procs 50 0 # cat /sys/fs/cgroup/unified/system.slice/dbus.service/cgroup.procs 48 0 # cat /sys/fs/cgroup/unified/system.slice/zabbix-agent.service/cgroup.procs 0 0 0 0 0 0 PID 0 is not valid here, AFAICT. And zabbix-agent isn't even installed in my container. Its installed on the host only. Can anybody reproduce this? See also https://lists.freedesktop.org/archives/systemd-devel/2020-August/044999.html https://bugs.debian.org/968049 Every insightful comment is highly appreciated Harri From harald.dunkel at aixigo.com Thu Aug 13 10:23:36 2020 From: harald.dunkel at aixigo.com (Harald Dunkel) Date: Thu, 13 Aug 2020 12:23:36 +0200 Subject: [lxc-users] ghost services on LXC containers In-Reply-To: References: Message-ID: <95e2f232-ce67-80b6-a34a-1529e16679f7@aixigo.com> On 8/13/20 9:02 AM, Harald Dunkel wrote: > > # cat /sys/fs/cgroup/unified/system.slice/zabbix-agent.service/cgroup.procs > 0 > 0 > 0 > 0 > 0 > 0 > > > PID 0 is not valid here, AFAICT. And zabbix-agent isn't even installed > in my container. Its installed on the host only. > PS: Lennart Pottering wrote about this: Is it possible the container and the host run in the very same cgroup hierarchy? If that's the case (and it looks like it): this is not supported. Please file a bug against LXC, it's very clearly broken. (https://lists.freedesktop.org/archives/systemd-devel/2020-August/045022.html) I would be highly interested in your thoughts about this. Harri From list at fajar.net Thu Aug 13 10:32:54 2020 From: list at fajar.net (Fajar A. Nugraha) Date: Thu, 13 Aug 2020 17:32:54 +0700 Subject: [lxc-users] ghost services on LXC containers In-Reply-To: <95e2f232-ce67-80b6-a34a-1529e16679f7@aixigo.com> References: <95e2f232-ce67-80b6-a34a-1529e16679f7@aixigo.com> Message-ID: On Thu, Aug 13, 2020 at 5:23 PM Harald Dunkel wrote: > > On 8/13/20 9:02 AM, Harald Dunkel wrote: > > > > # cat /sys/fs/cgroup/unified/system.slice/zabbix-agent.service/cgroup.procs > > 0 > > 0 > > 0 > > 0 > > 0 > > 0 > > > > > > PID 0 is not valid here, AFAICT. And zabbix-agent isn't even installed > > in my container. Its installed on the host only. > > > > PS: > Lennart Pottering wrote about this: > > Is it possible the container and the host run in the very same cgroup > hierarchy? > > If that's the case (and it looks like it): this is not > supported. Please file a bug against LXC, it's very clearly broken. > > (https://lists.freedesktop.org/archives/systemd-devel/2020-August/045022.html) > > > I would be highly interested in your thoughts about this. Try (two times, once inside the container, once inside the host): - cat /proc/self/cgroup - ls -la /proc/self/ns -- Fajar From harald.dunkel at aixigo.com Thu Aug 13 10:47:41 2020 From: harald.dunkel at aixigo.com (Harald Dunkel) Date: Thu, 13 Aug 2020 12:47:41 +0200 Subject: [lxc-users] ghost services on LXC containers In-Reply-To: References: <95e2f232-ce67-80b6-a34a-1529e16679f7@aixigo.com> Message-ID: <40dc5afe-ec66-cadc-8559-c1c78319b59f@aixigo.com> On 8/13/20 12:32 PM, Fajar A. Nugraha wrote: > Try (two times, once inside the container, once inside the host): > - cat /proc/self/cgroup > - ls -la /proc/self/ns On the host: root at il08:~# cat /proc/self/cgroup 13:name=systemd:/ 12:rdma:/ 11:pids:/ 10:perf_event:/ 9:net_prio:/ 8:net_cls:/ 7:memory:/ 6:freezer:/ 5:devices:/ 4:cpuset:/ 3:cpuacct:/ 2:cpu:/ 1:blkio:/ 0::/ root at il08:~# ls -la /proc/self/ns total 0 dr-x--x--x 2 root root 0 Aug 13 12:40 . dr-xr-xr-x 9 root root 0 Aug 13 12:40 .. lrwxrwxrwx 1 root root 0 Aug 13 12:40 cgroup -> 'cgroup:[4026531835]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 ipc -> 'ipc:[4026531839]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 mnt -> 'mnt:[4026531840]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 net -> 'net:[4026531992]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 pid -> 'pid:[4026531836]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 pid_for_children -> 'pid:[4026531836]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 time -> 'time:[4026531834]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 time_for_children -> 'time:[4026531834]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 user -> 'user:[4026531837]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 uts -> 'uts:[4026531838]' Entering the container: root at il08:~# lxc-attach -n il02 root at il02:~# cat /proc/self/cgroup 13:name=systemd:/ 12:rdma:/ 11:pids:/ 10:perf_event:/ 9:net_prio:/ 8:net_cls:/ 7:memory:/ 6:freezer:/ 5:devices:/ 4:cpuset:/ 3:cpuacct:/ 2:cpu:/ 1:blkio:/ 0::/ root at il02:~# ls -la /proc/self/ns total 0 dr-x--x--x 2 root root 0 Aug 13 12:42 . dr-xr-xr-x 9 root root 0 Aug 13 12:42 .. lrwxrwxrwx 1 root root 0 Aug 13 12:42 cgroup -> 'cgroup:[4026532376]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 ipc -> 'ipc:[4026532313]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 mnt -> 'mnt:[4026532311]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 net -> 'net:[4026532316]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 pid -> 'pid:[4026532314]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 pid_for_children -> 'pid:[4026532314]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 time -> 'time:[4026531834]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 time_for_children -> 'time:[4026531834]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 user -> 'user:[4026531837]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 uts -> 'uts:[4026532312]' I am not sure what this is trying to tell me, though. Is this the same hierarchy? And would you agree that this is really a bad thing to do? Harri