| Author |
Message |
gerd
|
|
Post subject: Kernel + LXC
 Posted: 27.07.2011, 19:48
|
|
Joined: 2010-09-13
Posts: 94
Status: Offline
|
|
The output from lxc-checkconfig
Code:
Cgroup namespace: missing
Cgroup memory controller: missing
+ many enabled things
I'm not sure if that is a must (need further tests), but it is possible to enable or add both features to aptosid kernel? |
|
|
| |
|
|
|
 |
|
slh
|
|
|
Post subject: RE: Kernel + LXC
Posted: 27.07.2011, 19:53
|
|
Joined: 2010-08-25
Posts: 585
Status: Offline
|
|
|
Code:
$ zgrep CGROUP /proc/config.gz
CONFIG_CGROUPS=y
# CONFIG_CGROUP_DEBUG is not set
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_SCHED=y
CONFIG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_NET_CLS_CGROUP=y
...only if you tell me what exactly you're missing. |
|
|
| |
|
|
|
|
|
towo
|
|
|
Post subject: RE: Kernel + LXC
Posted: 27.07.2011, 19:58
|
|
Joined: 2010-09-13
Posts: 488
Location: Pößneck / Thüringen
Status: Offline
|
|
For lxc the following is needed:
Code:
CONFIG_GROUP_SCHED=y
CONFIG_FAIR_GROUP_SCHED=y
CONFIG_RT_GROUP_SCHED=y
CONFIG_CGROUP_SCHED=y
CONFIG_CGROUPS=y
CONFIG_CGROUP_NS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CPUSETS=y
CONFIG_PROC_PID_CPUSET=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_RESOURCE_COUNTERS=y
CONFIG_CGROUP_MEM_RES_CTLR=y
CONFIG_CGROUP_MEM_RES_CTLR_SWAP=y
CONFIG_MM_OWNER=y
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_NET_CLS_CGROUP=y
CONFIG_SECURITY_FILE_CAPABILITIES=y
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
|
|
|
| |
|
|
|
|
|
gerd
|
|
|
Post subject:
Posted: 27.07.2011, 20:00
|
|
Joined: 2010-09-13
Posts: 94
Status: Offline
|
|
I think
CONFIG_CGROUP_MEM_RES_CTLR=y
CONFIG_CGROUP_MEM_RES_CTLR_SWAP=y
CONFIG_NAMESPACES=y
could be the ones that are missing
edit: towo listed the needed ones already |
|
|
| |
|
|
|
|
|
slh
|
|
|
Post subject:
Posted: 27.07.2011, 22:50
|
|
Joined: 2010-08-25
Posts: 585
Status: Offline
|
|
| RESOURCE_COUNTERS is not without negative impacts on system performance, I will have give it some further testing before releasing a kernel with that setting. |
|
|
| |
|
|
|
|
|
slh
|
|
|
Post subject:
Posted: 01.08.2011, 00:26
|
|
Joined: 2010-08-25
Posts: 585
Status: Offline
|
|
| Please test linux-image-3.0-0.slh.5-aptosid-{686,amd64} 3.0-5. |
|
|
| |
|
|
|
|
|
gerd
|
|
|
Post subject:
Posted: 01.08.2011, 07:55
|
|
Joined: 2010-09-13
Posts: 94
Status: Offline
|
|
Better now, but one entry is still missing:
"Cgroup namespace: missing"
This entry helps:
CONFIG_CGROUP_NS=y
(i tested it. This is the entry to make lxc support complete) |
|
|
| |
|
|
|
|
|
slh
|
|
|
Post subject:
Posted: 01.08.2011, 11:31
|
|
Joined: 2010-08-25
Posts: 585
Status: Offline
|
|
| There is no CGROUP_NS in the whole kernel. |
|
|
| |
|
|
|
|
|
slh
|
|
|
Post subject:
Posted: 01.08.2011, 12:11
|
|
Joined: 2010-08-25
Posts: 585
Status: Offline
|
|
|
|
|
|
|
gerd
|
|
|
Post subject:
Posted: 01.08.2011, 13:18
|
|
Joined: 2010-09-13
Posts: 94
Status: Offline
|
|
thx for researching. So the lxc-tools are old, I hope that there aren't negative impacts.
A first test with a application sandbox was successful. Further tests will follow. If there are any problems i will tell. |
Last edited by gerd on 01.08.2011, 13:50; edited 1 time in total
|
| |
|
|
|
|
|
slh
|
|
|
Post subject:
Posted: 01.08.2011, 13:24
|
|
Joined: 2010-08-25
Posts: 585
Status: Offline
|
|
|
|
|
|
|
slh
|
|
|
Post subject:
Posted: 03.08.2011, 19:55
|
|
Joined: 2010-08-25
Posts: 585
Status: Offline
|
|
By the way, do you have cgroups mounted, e.g. below /sys/fs/cgroup/ ?
Code:
mount -t cgroup -o nodev,noexec,nosuid cgroup /sys/fs/cgroup
(I'm not sure if lxc or one of its dependencies needs this or if it does the mounting itself, but it would be worth checking) |
|
|
| |
|
|
|
|
|
gerd
|
|
|
Post subject:
Posted: 03.08.2011, 20:02
|
|
Joined: 2010-09-13
Posts: 94
Status: Offline
|
|
| Interestingly cgroups are mounted (/sys/fs/cgroup is full of entries) and active, but mount don't displays them. |
|
|
| |
|
|
|
|
|
slh
|
|
|
Post subject:
Posted: 03.08.2011, 20:05
|
|
Joined: 2010-08-25
Posts: 585
Status: Offline
|
|
| Maybe look at "cat /proc/mounts", mtab is everything but reliable (and its days are numbered); but that rules out my 'easy' suspicion. |
|
|
| |
|
|
|
|
|
gerd
|
|
|
Post subject:
Posted: 03.08.2011, 20:15
|
|
Joined: 2010-09-13
Posts: 94
Status: Offline
|
|
Thx for the hint. And you are right. The mounts are listed there
Code:
cat /proc/mounts | grep cgroup
cgroup /sys/fs/cgroup cgroup rw,relatime,cpu,clone_children 0 0
cgroup /sys/fs/cgroup/cpuacct cgroup rw,relatime,cpuacct 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,relatime,devices 0 0
|
|
|
| |
|
|
|
|
|
|
