Hi Folks,Let me explain my problem and then you can suggest me some way of over
coming this.I wan to be able to run different protocol clients to use my file
system mounted on the host. But i want to be able to limit their memory
resource to 10Gb in total. Also, be able to set memory.sw limit so that each
can have a softy limit of 5G. But if only one container is runing, it can use
the entire 10G. I am able to use memory.use_hierarchy in cgroups to acheive the
same. But how do i acheive this with container.Will nesting of containers help.
my plan is to create a parent container and set limits to this and expect the
nested conatiners to inherit theselimit, and then i will set soft limits on
these children container. But when i start nested containers, i don;t see any
entrry under /sys/fs/groups for the children container.
RegardsMohan
From: Fajar A. Nugraha <l...@fajar.net>
To: LXC users mailing-list <lxc-users@lists.linuxcontainers.org>
Sent: Wednesday, March 4, 2015 2:44 PM
Subject: Re: [lxc-users] nested containers
On Wed, Mar 4, 2015 at 12:15 PM, Mohan G <mohan...@yahoo.com> wrote:
> Hi,
> Is there anyway we can have nested containers/cgroups. One parent container
> forming the basis for children containers. i.e subset of parent container.
Yes.
On parent container config (in ubuntu), add this:
lxc.aa_profile=lxc-container-default-with-nesting
And then on that container, you can create containers
utopic ~ # lxc-ls -f --running
NAME STATE IPV4 IPV6 GROUPS AUTOSTART
-----------------------------------------------------------------
v RUNNING 10.0.3.1, 192.168.124.173 - - NO
utopic ~ # lxc-attach -n v
root@v:~#
root@v:~# cat /proc/1/cgroup
12:name=systemd:/lxc/v
11:perf_event:/lxc/v
10:net_prio:/lxc/v
9:net_cls:/lxc/v
8:memory:/lxc/v
7:hugetlb:/lxc/v
6:freezer:/lxc/v
5:devices:/lxc/v
4:cpuset:/lxc/v
3:cpuacct:/lxc/v
2:cpu:/lxc/v
1:blkio:/lxc/v
root@v:~# lxc-create -t download -n nv -- -d ubuntu -r vivid -a amd64
Using image from local cache
Unpacking the rootfs
---
You just created an Ubuntu container (release=vivid, arch=amd64,
variant=default)
To enable sshd, run: apt-get install openssh-server
For security reason, container images ship without user accounts
and without a root password.
Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.
root@v:~# lxc-start -n nv
root@v:~# lxc-ls -f --running
NAME STATE IPV4 IPV6 GROUPS AUTOSTART
--------------------------------------------------
nv RUNNING 10.0.3.249 - - NO
Now run a process inside the nested container
root@v:~# lxc-attach -n nv -- cat /proc/1/cgroup
12:name=systemd:/lxc/v/lxc/nv
11:perf_event:/lxc/v/lxc/nv
10:net_prio:/lxc/v/lxc/nv
9:net_cls:/lxc/v/lxc/nv
8:memory:/lxc/v/lxc/nv
7:hugetlb:/lxc/v/lxc/nv
6:freezer:/lxc/v/lxc/nv
5:devices:/lxc/v/lxc/nv
4:cpuset:/lxc/v/lxc/nv
3:cpuacct:/lxc/v/lxc/nv
2:cpu:/lxc/v/lxc/nv
1:blkio:/lxc/v/lxc/nv
Note how the cgroup is nested
--
Fajar
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
