Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
gerdOffline
Post subject: Kernel + LXC  PostPosted: 27.07.2011, 19:48



Joined: 2010-09-13
Posts: 94

Status: Offline
The output from lxc-checkconfig
      Code:

Cgroup namespace: missing
Cgroup memory controller: missing

+ many enabled things


I'm not sure if that is a must (need further tests), but it is possible to enable or add both features to aptosid kernel?
 
 View user's profile Send private message  
Reply with quote Back to top
slhOffline
Post subject: RE: Kernel + LXC  PostPosted: 27.07.2011, 19:53



Joined: 2010-08-25
Posts: 761

Status: Offline
      Code:
$ zgrep CGROUP /proc/config.gz
CONFIG_CGROUPS=y
# CONFIG_CGROUP_DEBUG is not set
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_SCHED=y
CONFIG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_NET_CLS_CGROUP=y
...only if you tell me what exactly you're missing.
 
 View user's profile Send private message  
Reply with quote Back to top
towoOnline!
Post subject: RE: Kernel + LXC  PostPosted: 27.07.2011, 19:58



Joined: 2010-09-13
Posts: 500
Location: Pößneck / Thüringen
Status: Online!
For lxc the following is needed:
      Code:

CONFIG_GROUP_SCHED=y
CONFIG_FAIR_GROUP_SCHED=y
CONFIG_RT_GROUP_SCHED=y
CONFIG_CGROUP_SCHED=y
CONFIG_CGROUPS=y
CONFIG_CGROUP_NS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CPUSETS=y
CONFIG_PROC_PID_CPUSET=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_RESOURCE_COUNTERS=y
CONFIG_CGROUP_MEM_RES_CTLR=y
CONFIG_CGROUP_MEM_RES_CTLR_SWAP=y
CONFIG_MM_OWNER=y
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_NET_CLS_CGROUP=y
CONFIG_SECURITY_FILE_CAPABILITIES=y
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
 
 View user's profile Send private message  
Reply with quote Back to top
gerdOffline
Post subject:   PostPosted: 27.07.2011, 20:00



Joined: 2010-09-13
Posts: 94

Status: Offline
I think
CONFIG_CGROUP_MEM_RES_CTLR=y
CONFIG_CGROUP_MEM_RES_CTLR_SWAP=y
CONFIG_NAMESPACES=y
could be the ones that are missing

edit: towo listed the needed ones already
 
 View user's profile Send private message  
Reply with quote Back to top
slhOffline
Post subject:   PostPosted: 27.07.2011, 22:50



Joined: 2010-08-25
Posts: 761

Status: Offline
RESOURCE_COUNTERS is not without negative impacts on system performance, I will have give it some further testing before releasing a kernel with that setting.
 
 View user's profile Send private message  
Reply with quote Back to top
slhOffline
Post subject:   PostPosted: 01.08.2011, 00:26



Joined: 2010-08-25
Posts: 761

Status: Offline
Please test linux-image-3.0-0.slh.5-aptosid-{686,amd64} 3.0-5.
 
 View user's profile Send private message  
Reply with quote Back to top
gerdOffline
Post subject:   PostPosted: 01.08.2011, 07:55



Joined: 2010-09-13
Posts: 94

Status: Offline
Better now, but one entry is still missing:
"Cgroup namespace: missing"

This entry helps:
CONFIG_CGROUP_NS=y

(i tested it. This is the entry to make lxc support complete)
 
 View user's profile Send private message  
Reply with quote Back to top
slhOffline
Post subject:   PostPosted: 01.08.2011, 11:31



Joined: 2010-08-25
Posts: 761

Status: Offline
There is no CGROUP_NS in the whole kernel.
 
 View user's profile Send private message  
Reply with quote Back to top
slhOffline
Post subject:   PostPosted: 01.08.2011, 12:11



Joined: 2010-08-25
Posts: 761

Status: Offline
cgroup: remove the ns_cgroup
 
 View user's profile Send private message  
Reply with quote Back to top
gerdOffline
Post subject:   PostPosted: 01.08.2011, 13:18



Joined: 2010-09-13
Posts: 94

Status: Offline
thx for researching. So the lxc-tools are old, I hope that there aren't negative impacts.
A first test with a application sandbox was successful. Further tests will follow. If there are any problems i will tell.


Last edited by gerd on 01.08.2011, 13:50; edited 1 time in total
 
 View user's profile Send private message  
Reply with quote Back to top
slhOffline
Post subject:   PostPosted: 01.08.2011, 13:24



Joined: 2010-08-25
Posts: 761

Status: Offline
Likely, yes. While I'm mildly interested in lxc, I see little use for it in the light of "Marco d'Itri: Evading from linux containers" - which keeps me personally from spending any time on it so far.
 
 View user's profile Send private message  
Reply with quote Back to top
slhOffline
Post subject:   PostPosted: 03.08.2011, 19:55



Joined: 2010-08-25
Posts: 761

Status: Offline
By the way, do you have cgroups mounted, e.g. below /sys/fs/cgroup/ ?
      Code:
mount -t cgroup -o nodev,noexec,nosuid cgroup /sys/fs/cgroup
(I'm not sure if lxc or one of its dependencies needs this or if it does the mounting itself, but it would be worth checking)
 
 View user's profile Send private message  
Reply with quote Back to top
gerdOffline
Post subject:   PostPosted: 03.08.2011, 20:02



Joined: 2010-09-13
Posts: 94

Status: Offline
Interestingly cgroups are mounted (/sys/fs/cgroup is full of entries) and active, but mount don't displays them.
 
 View user's profile Send private message  
Reply with quote Back to top
slhOffline
Post subject:   PostPosted: 03.08.2011, 20:05



Joined: 2010-08-25
Posts: 761

Status: Offline
Maybe look at "cat /proc/mounts", mtab is everything but reliable (and its days are numbered); but that rules out my 'easy' suspicion.
 
 View user's profile Send private message  
Reply with quote Back to top
gerdOffline
Post subject:   PostPosted: 03.08.2011, 20:15



Joined: 2010-09-13
Posts: 94

Status: Offline
Thx for the hint. And you are right. The mounts are listed there
      Code:
cat /proc/mounts | grep cgroup
cgroup /sys/fs/cgroup cgroup rw,relatime,cpu,clone_children 0 0
cgroup /sys/fs/cgroup/cpuacct cgroup rw,relatime,cpuacct 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,relatime,devices 0 0
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 12 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Powered by Zafenio