Hi Folks,Let me explain my problem and then you can suggest me some way of over coming this.I wan to be able to run different protocol clients to use my file system mounted on the host. But i want to be able to limit their memory resource to 10Gb in total. Also, be able to set memory.sw limit so that each can have a softy limit of 5G. But if only one container is runing, it can use the entire 10G. I am able to use memory.use_hierarchy in cgroups to acheive the same. But how do i acheive this with container.Will nesting of containers help. my plan is to create a parent container and set limits to this and expect the nested conatiners to inherit theselimit, and then i will set soft limits on these children container. But when i start nested containers, i don;t see any entrry under /sys/fs/groups for the children container. RegardsMohan
From: Fajar A. Nugraha <l...@fajar.net> To: LXC users mailing-list <lxc-users@lists.linuxcontainers.org> Sent: Wednesday, March 4, 2015 2:44 PM Subject: Re: [lxc-users] nested containers On Wed, Mar 4, 2015 at 12:15 PM, Mohan G <mohan...@yahoo.com> wrote: > Hi, > Is there anyway we can have nested containers/cgroups. One parent container > forming the basis for children containers. i.e subset of parent container. Yes. On parent container config (in ubuntu), add this: lxc.aa_profile=lxc-container-default-with-nesting And then on that container, you can create containers utopic ~ # lxc-ls -f --running NAME STATE IPV4 IPV6 GROUPS AUTOSTART ----------------------------------------------------------------- v RUNNING 10.0.3.1, 192.168.124.173 - - NO utopic ~ # lxc-attach -n v root@v:~# root@v:~# cat /proc/1/cgroup 12:name=systemd:/lxc/v 11:perf_event:/lxc/v 10:net_prio:/lxc/v 9:net_cls:/lxc/v 8:memory:/lxc/v 7:hugetlb:/lxc/v 6:freezer:/lxc/v 5:devices:/lxc/v 4:cpuset:/lxc/v 3:cpuacct:/lxc/v 2:cpu:/lxc/v 1:blkio:/lxc/v root@v:~# lxc-create -t download -n nv -- -d ubuntu -r vivid -a amd64 Using image from local cache Unpacking the rootfs --- You just created an Ubuntu container (release=vivid, arch=amd64, variant=default) To enable sshd, run: apt-get install openssh-server For security reason, container images ship without user accounts and without a root password. Use lxc-attach or chroot directly into the rootfs to set a root password or create user accounts. root@v:~# lxc-start -n nv root@v:~# lxc-ls -f --running NAME STATE IPV4 IPV6 GROUPS AUTOSTART -------------------------------------------------- nv RUNNING 10.0.3.249 - - NO Now run a process inside the nested container root@v:~# lxc-attach -n nv -- cat /proc/1/cgroup 12:name=systemd:/lxc/v/lxc/nv 11:perf_event:/lxc/v/lxc/nv 10:net_prio:/lxc/v/lxc/nv 9:net_cls:/lxc/v/lxc/nv 8:memory:/lxc/v/lxc/nv 7:hugetlb:/lxc/v/lxc/nv 6:freezer:/lxc/v/lxc/nv 5:devices:/lxc/v/lxc/nv 4:cpuset:/lxc/v/lxc/nv 3:cpuacct:/lxc/v/lxc/nv 2:cpu:/lxc/v/lxc/nv 1:blkio:/lxc/v/lxc/nv Note how the cgroup is nested -- Fajar _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users