[lxc-users] nfsd daemon;s cgroups
Hi,I am looking to moving nfsd daemon to a cgroup that we created. This action need not be at system boot. When I tried to move the pid to the tasks of the cgroup. It does not honour. Is there any better way of moving daemons like nfsd to a particular cgroup. We don;t have the nfsd.conf file in ubuntu, regards ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] trouble starting nfsd
Hi,I have created a cgroup and i am struggling to move nfsd to the group. This is on ubuntu and we don;t have /etc/sysconfig to specify CGROUP_DAEMON. I tried doing this in /etc/default/nfs* files. But no luck. How do i move nfsd deamon to a cgroup and its start in ubuntu. Regards ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] cgrulesengd issues
Hi,My /etc/cgrules.conf is
root:nfsd memory /sys/fs/cgroups/filer/root:/usr/sbin/exportfs cpuset,memory
/sys/fs/cgroups/filer/root:/usr/sbin/rpc.mountd cpuset,memory
/sys/fs/cgroups/filer/root:/usr/sbin/rpc.nfsd cpuset,memory
/sys/fs/cgroups/filer/root:/usr/sbin/rpc.svcgssd cpuset,memory
/sys/fs/cgroups/filer/
my /etc/cgconfig.conf is like below.
group filer { memory { memory.limit_in_bytes=4G; }
cpuset { cpuset.cpus=0-2; }}
after the system boots, i don;t see any group created, But then when i run
"cgconfigparser", the group gets created,Post this i want the cgrules.conf to
take effect, but it does not work after running cgrulesengd.And there are no
start-up scripts too in my 3.13 kernel. My requirement is to create the group
and move the process as above to the group on system boot.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] memory limits
Hi.My dilemma is that i have one cgroup in the system which is running file work load and there are other applications running natively on the system without any cgroups. But when cgroups have set some memory configured, it should be honoured or given preference.Like in case the shrinker kicks in as part of system pressure, the cgroup that i have created should be the last one to be reclaimed or no reclaim at all, until the soft limits of the cgroups are beached. Are there any such schema. RegardsMohan From: Fajar A. Nugraha To: LXC users mailing-list Sent: Thursday, April 9, 2015 11:11 AM Subject: Re: [lxc-users] memory limits On Thu, Apr 9, 2015 at 11:33 AM, Mohan G wrote: > Hi, > query: if i create a cgroup with memory limit of 4GB and if the system has > 8GB ram, now if both the system wide pressure is pretty high, does it mean > it can take away part of this cgroup memory and what if the cgroup now wants > to run its workloads ? > My question is whether there is any gurantee that memory limit set on the > cgroups will be given/reserved to it. No. Your best bet would probably be to limit memory in other cgroups as well, in a way that the sum of all top-level memory cgroup is below or equal your total memory. For example, on my ubuntu 14.10, user-started programs all reside under /user.slice/user-$(id -u).slice, while all root-started containers lxc is under /lxc. All init-started daemons (e.g. sshd) does not belong to any cgroup. In that scenario, you could: - limit memory use in /lxc to 4G - limit memory use in /user.slice to use something like 3.5G - manually move memory-hungry daemons to a new cgroup under /user.slice (e.g. /user.slice/daemon/mysql). It will then inherit the limit of its parent cgroup (/user.slice) -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] memory limits
Hi,Regarding the same thread, can memory.soft_limit_in_bytes be used to guarantee that at least soft limits are honoured or guaranteed to be got by the cgroup, even with heavily contended system wide pressure. RegardsMohan From: Fajar A. Nugraha To: LXC users mailing-list Sent: Thursday, April 9, 2015 11:11 AM Subject: Re: [lxc-users] memory limits On Thu, Apr 9, 2015 at 11:33 AM, Mohan G wrote: > Hi, > query: if i create a cgroup with memory limit of 4GB and if the system has > 8GB ram, now if both the system wide pressure is pretty high, does it mean > it can take away part of this cgroup memory and what if the cgroup now wants > to run its workloads ? > My question is whether there is any gurantee that memory limit set on the > cgroups will be given/reserved to it. No. Your best bet would probably be to limit memory in other cgroups as well, in a way that the sum of all top-level memory cgroup is below or equal your total memory. For example, on my ubuntu 14.10, user-started programs all reside under /user.slice/user-$(id -u).slice, while all root-started containers lxc is under /lxc. All init-started daemons (e.g. sshd) does not belong to any cgroup. In that scenario, you could: - limit memory use in /lxc to 4G - limit memory use in /user.slice to use something like 3.5G - manually move memory-hungry daemons to a new cgroup under /user.slice (e.g. /user.slice/daemon/mysql). It will then inherit the limit of its parent cgroup (/user.slice) -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] memory limits
Hi,query: if i create a cgroup with memory limit of 4GB and if the system has 8GB ram, now if both the system wide pressure is pretty high, does it mean it can take away part of this cgroup memory and what if the cgroup now wants to run its workloads ?My question is whether there is any gurantee that memory limit set on the cgroups will be given/reserved to it. RegardsMohan___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] nested containers
Thanks much.. This helps RegardsMohan From: Fajar A. Nugraha To: LXC users mailing-list Sent: Friday, March 6, 2015 12:30 PM Subject: Re: [lxc-users] nested containers This is on ubuntu 14.10, lxc and lxcfs from ppa:ubuntu-lxc/daily Test memory limit on the parent container, by writing data to /run/shm (a tmpfs mount): @host # lxc-cgroup -n v memory.use_hierarchy 1 @host # lxc-cgroup -n v memory.limit_in_bytes 1G @host # lxc-cgroup -n v memory.limit_in_bytes 1073741824 @host # lxc-attach -n v -- mount | grep shm none on /run/shm type tmpfs (rw,nosuid,nodev,relatime) @host # lxc-cgroup -n v memory.usage_in_bytes 12881920 @host # lxc-attach -n v -- dd if=/dev/zero of=/run/shm/testfile dd: writing to ‘/run/shm/testfile’: Cannot allocate memory 2076473+0 records in 2076472+0 records out 1063153664 bytes (1.1 GB) copied, 2.18223 s, 487 MB/s @host # lxc-cgroup -n v memory.usage_in_bytes 1073561600 See how it's limited to around 1GB? Now delete the file before running more test to free up memory. @host # lxc-attach -n v -- rm /run/shm/testfile @host # lxc-cgroup -n v memory.usage_in_bytes 10219520 Now test the limit on the nested container. We test with memory limit 2G. It should max out at 1G, since the parent only has that much limit. @host # lxc-attach -n v root@v:~# lxc-cgroup -n nv memory.limit_in_bytes 2G root@v:~# lxc-cgroup -n nv memory.limit_in_bytes 2147483648 root@v:~# lxc-cgroup -n nv memory.usage_in_bytes 7045120 root@v:~# lxc-attach -n nv -- dd if=/dev/zero of=/run/shm/testfile dd: writing to ‘/run/shm/testfile’: Cannot allocate memory 2080265+0 records in 2080264+0 records out 1065095168 bytes (1.1 GB) copied, 2.96393 s, 359 MB/s root@v:~# lxc-cgroup -n nv memory.usage_in_bytes lxc_container: lxc_cgroup.c: main: 113 failed to retrieve value of 'memory.usage_in_bytes' for '/var/lib/lxc:nv' root@v:~# lxc-ls -f Killed See how the testfile on the nested container is also limited at around 1GB? Note that at this time the container "v" (the parent) can't do anything (it can't even run "lxc-ls"), because it wants to allocate more memory, and all available memory has been used by the child container "nv". Since we can't run anything on the parent container due to memory limit, kill the nested container root@v:~# lxc-stop -k -n nv lxc-stop: commands.c: lxc_cmd_stop: 615 failed to stop 'nv': Operation not permitted root@v:~# lxc-stop -k -n nv nv is not running root@v:~# lxc-ls -f NAME STATE IPV4 IPV6 GROUPS AUTOSTART nv STOPPED - - - NO So in short, the nested limit works. To make it operable, make sure that the parent container ALWAYS have some free memory to work with. -- Fajar On Fri, Mar 6, 2015 at 1:19 PM, Mohan G wrote: > Hi Folks, > Let me explain my problem and then you can suggest me some way of over > coming this. > I wan to be able to run different protocol clients to use my file system > mounted on the host. But i want to be able to limit their memory resource to > 10Gb in total. Also, be able to set memory.sw limit so that each can have a > softy limit of 5G. But if only one container is runing, it can use the > entire 10G. I am able to use memory.use_hierarchy in cgroups to acheive the > same. But how do i acheive this with container. > Will nesting of containers help. my plan is to create a parent container and > set limits to this and expect the nested conatiners to inherit these > limit, and then i will set soft limits on these children container. But when > i start nested containers, i don;t see any entrry under /sys/fs/groups for > the children container. > > Regards > Mohan > > > > From: Fajar A. Nugraha > To: LXC users mailing-list > Sent: Wednesday, March 4, 2015 2:44 PM > Subject: Re: [lxc-users] nested containers > > On Wed, Mar 4, 2015 at 12:15 PM, Mohan G wrote: > > > >> Hi, >> Is there anyway we can have nested containers/cgroups. One parent >> container >> forming the basis for children containers. i.e subset of parent container. > > > Yes. > > On parent container config (in ubuntu), add this: > lxc.aa_profile=lxc-container-default-with-nesting > > And then on that container, you can create containers > > utopic ~ # lxc-ls -f --running > NAME STATE IPV4 IPV6 GROUPS AUTOSTART > - > v RUNNING 10.0.3.1, 192.168.124.173 - - NO > > utopic ~ # lxc-attach -n v > > root@v:~# > > root@v:~# cat /proc/1/cgroup > 12:name=systemd:/lxc/v > 11:perf_event:/lxc/v > 10:net_prio:/lxc/v > 9:net_cls:/lxc/v > 8:memory:/lxc/v > 7:hugetlb:/lxc/v > 6:freezer:/lxc/v > 5:devices:/lxc/
Re: [lxc-users] nested containers
Hi Folks,Let me explain my problem and then you can suggest me some way of over coming this.I wan to be able to run different protocol clients to use my file system mounted on the host. But i want to be able to limit their memory resource to 10Gb in total. Also, be able to set memory.sw limit so that each can have a softy limit of 5G. But if only one container is runing, it can use the entire 10G. I am able to use memory.use_hierarchy in cgroups to acheive the same. But how do i acheive this with container.Will nesting of containers help. my plan is to create a parent container and set limits to this and expect the nested conatiners to inherit theselimit, and then i will set soft limits on these children container. But when i start nested containers, i don;t see any entrry under /sys/fs/groups for the children container. RegardsMohan From: Fajar A. Nugraha To: LXC users mailing-list Sent: Wednesday, March 4, 2015 2:44 PM Subject: Re: [lxc-users] nested containers On Wed, Mar 4, 2015 at 12:15 PM, Mohan G wrote: > Hi, > Is there anyway we can have nested containers/cgroups. One parent container > forming the basis for children containers. i.e subset of parent container. Yes. On parent container config (in ubuntu), add this: lxc.aa_profile=lxc-container-default-with-nesting And then on that container, you can create containers utopic ~ # lxc-ls -f --running NAME STATE IPV4 IPV6 GROUPS AUTOSTART - v RUNNING 10.0.3.1, 192.168.124.173 - - NO utopic ~ # lxc-attach -n v root@v:~# root@v:~# cat /proc/1/cgroup 12:name=systemd:/lxc/v 11:perf_event:/lxc/v 10:net_prio:/lxc/v 9:net_cls:/lxc/v 8:memory:/lxc/v 7:hugetlb:/lxc/v 6:freezer:/lxc/v 5:devices:/lxc/v 4:cpuset:/lxc/v 3:cpuacct:/lxc/v 2:cpu:/lxc/v 1:blkio:/lxc/v root@v:~# lxc-create -t download -n nv -- -d ubuntu -r vivid -a amd64 Using image from local cache Unpacking the rootfs --- You just created an Ubuntu container (release=vivid, arch=amd64, variant=default) To enable sshd, run: apt-get install openssh-server For security reason, container images ship without user accounts and without a root password. Use lxc-attach or chroot directly into the rootfs to set a root password or create user accounts. root@v:~# lxc-start -n nv root@v:~# lxc-ls -f --running NAME STATE IPV4 IPV6 GROUPS AUTOSTART -- nv RUNNING 10.0.3.249 - - NO Now run a process inside the nested container root@v:~# lxc-attach -n nv -- cat /proc/1/cgroup 12:name=systemd:/lxc/v/lxc/nv 11:perf_event:/lxc/v/lxc/nv 10:net_prio:/lxc/v/lxc/nv 9:net_cls:/lxc/v/lxc/nv 8:memory:/lxc/v/lxc/nv 7:hugetlb:/lxc/v/lxc/nv 6:freezer:/lxc/v/lxc/nv 5:devices:/lxc/v/lxc/nv 4:cpuset:/lxc/v/lxc/nv 3:cpuacct:/lxc/v/lxc/nv 2:cpu:/lxc/v/lxc/nv 1:blkio:/lxc/v/lxc/nv Note how the cgroup is nested -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] nested containers
Thanks ,I am able to create nested containers. I want the children to inherit the limits of parent container. I am able to do it in cgroups. But in containers i am not able to. Example in cgroups, used the memory.use_hierarchy option and contained the cgroups. From: Fajar A. Nugraha To: LXC users mailing-list Sent: Wednesday, March 4, 2015 2:44 PM Subject: Re: [lxc-users] nested containers On Wed, Mar 4, 2015 at 12:15 PM, Mohan G wrote: > Hi, > Is there anyway we can have nested containers/cgroups. One parent container > forming the basis for children containers. i.e subset of parent container. Yes. On parent container config (in ubuntu), add this: lxc.aa_profile=lxc-container-default-with-nesting And then on that container, you can create containers utopic ~ # lxc-ls -f --running NAME STATE IPV4 IPV6 GROUPS AUTOSTART - v RUNNING 10.0.3.1, 192.168.124.173 - - NO utopic ~ # lxc-attach -n v root@v:~# root@v:~# cat /proc/1/cgroup 12:name=systemd:/lxc/v 11:perf_event:/lxc/v 10:net_prio:/lxc/v 9:net_cls:/lxc/v 8:memory:/lxc/v 7:hugetlb:/lxc/v 6:freezer:/lxc/v 5:devices:/lxc/v 4:cpuset:/lxc/v 3:cpuacct:/lxc/v 2:cpu:/lxc/v 1:blkio:/lxc/v root@v:~# lxc-create -t download -n nv -- -d ubuntu -r vivid -a amd64 Using image from local cache Unpacking the rootfs --- You just created an Ubuntu container (release=vivid, arch=amd64, variant=default) To enable sshd, run: apt-get install openssh-server For security reason, container images ship without user accounts and without a root password. Use lxc-attach or chroot directly into the rootfs to set a root password or create user accounts. root@v:~# lxc-start -n nv root@v:~# lxc-ls -f --running NAME STATE IPV4 IPV6 GROUPS AUTOSTART -- nv RUNNING 10.0.3.249 - - NO Now run a process inside the nested container root@v:~# lxc-attach -n nv -- cat /proc/1/cgroup 12:name=systemd:/lxc/v/lxc/nv 11:perf_event:/lxc/v/lxc/nv 10:net_prio:/lxc/v/lxc/nv 9:net_cls:/lxc/v/lxc/nv 8:memory:/lxc/v/lxc/nv 7:hugetlb:/lxc/v/lxc/nv 6:freezer:/lxc/v/lxc/nv 5:devices:/lxc/v/lxc/nv 4:cpuset:/lxc/v/lxc/nv 3:cpuacct:/lxc/v/lxc/nv 2:cpu:/lxc/v/lxc/nv 1:blkio:/lxc/v/lxc/nv Note how the cgroup is nested -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] nested containers
Hi,Is there anyway we can have nested containers/cgroups. One parent container forming the basis for children containers. i.e subset of parent container. RegardsMohan ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] running NFS and cifs in a container.
Thanks Fajar,My intention is to run 2 container , one serving as a NFS mount and the other a CIFS share. I could live a bind mount for to export these mount points. ( imagine mounting 2 file system mounts on the host). Now i want NFS/cifs client to talk to this share which are in individual containers, ( the point is to contain their other resrources (mem,cpu). (NFS and CIFS kernel componenets can be on the host side).I am worried about all the user level components like AD swicth or nfs name to uid resolution service using user level config or etc files, will it appear saem on the conatiner too. From: Fajar A. Nugraha To: LXC users mailing-list Sent: Tuesday, March 3, 2015 12:14 PM Subject: Re: [lxc-users] running NFS and cifs in a container. On Tue, Mar 3, 2015 at 1:22 PM, Mohan G wrote: > Hi Folks. > can anyone point me to material/docs on running NFS /CIFS inside a > container. Short version: - if you mean nfs/cifs client, the recommended way if for the HOST to mount it (e.g. directly on /var/lib/lxc/container_name/rootfs/mnt/share1). - if you mean nfs kernel server, then containers are not designed to run that. You could work around it using lxc.aa_profile=unconfined, but some functions might still be broken (e.g. on my test "showmount -a" doesn't show connected clients) - userland cifs server (e.g. samba) should work just fine inside container -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] running NFS and cifs in a container.
From: Guido Jäkel To: LXC users mailing-list Sent: Tuesday, March 3, 2015 12:22 PM Subject: Re: [lxc-users] running NFS and cifs in a container. On 03.03.2015 07:22, Mohan G wrote: > Hi Folks.can anyone point me to material/docs on running NFS /CIFS inside a > container. > Regards > Mohan > Dear Mohan, If it is an abstract resource for the container, it may be better to mount it on the host and reach-in a bind mount. But you should also be able to mount this filesystems inside the container if it's not restricted to do such operations. >>> i did not get the abstarct resource part. Can't mount ext4 from being >>> inside a container after exporting the required volume to it. ??? Guido ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] running NFS and cifs in a container.
Hi Folks.can anyone point me to material/docs on running NFS /CIFS inside a container. RegardsMohan___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] page cache memory accounting
As the cgroup is now say 400M and i create/write a file of 8G. My point was due to 400M limit in my group, the write should create a lot of memory pressure and there by start the pager/shrinker activity desperately and slow down the entire write throughput. ( file does get created but performance should be far worse that without running with cgroups.) is't it ? On Monday, January 19, 2015 3:52 PM, Holger Amann wrote: Why shouldn’t it be possible to create a file with size > $some_cgroup_page_cache_memory_limit? What’s the point here? > Am 16.01.2015 um 20:32 schrieb Serge Hallyn : > > Yes, I believe you need to use the kmem limits for that. Those are afaik > not yet fully supported, sadly, but my ubuntu utopic host at least has > them available: memory.kmem.limit_in_bytes etc > > Quoting Mohan G (mohan...@yahoo.com): >> Hi,I created a cgroup and set memory limit as 400M. And i ran my test >> program which is under this group to create a file of size 8G. ( thinking >> that the amount of page cache pages needed at any point of time can exceed >> 400M). But i did not have any issues and the file got created. So my >> question is do these memory limits only apply to non file based operations. >> ie (page cache is not accounted for ?). The question is relevant to >> containers too.. ( same logic applies here too). >> RegardsMohan >> > >> ___ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] page cache memory accounting
Regarding the subject of page cache accounting.. Actually it does limit all memory and even page cache usage we limited with memory limit setting. memory.limit_in_bytes=400M On Monday, January 19, 2015 11:17 AM, Mohan G wrote: please don;t bother.. got the stats file.. thanks Mohan On Monday, January 19, 2015 11:10 AM, Mohan G wrote: Thanks.Where can find the memory usage details of a cgroup On Saturday, January 17, 2015 1:03 AM, Serge Hallyn wrote: Yes, I believe you need to use the kmem limits for that. Those are afaik not yet fully supported, sadly, but my ubuntu utopic host at least has them available: memory.kmem.limit_in_bytes etc Quoting Mohan G (mohan...@yahoo.com): > Hi,I created a cgroup and set memory limit as 400M. And i ran my test program > which is under this group to create a file of size 8G. ( thinking that the > amount of page cache pages needed at any point of time can exceed 400M). But > i did not have any issues and the file got created. So my question is do > these memory limits only apply to non file based operations. ie (page cache > is not accounted for ?). The question is relevant to containers too.. ( same > logic applies here too). > RegardsMohan > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] page cache memory accounting
please don;t bother.. got the stats file.. thanks Mohan On Monday, January 19, 2015 11:10 AM, Mohan G wrote: Thanks.Where can find the memory usage details of a cgroup On Saturday, January 17, 2015 1:03 AM, Serge Hallyn wrote: Yes, I believe you need to use the kmem limits for that. Those are afaik not yet fully supported, sadly, but my ubuntu utopic host at least has them available: memory.kmem.limit_in_bytes etc Quoting Mohan G (mohan...@yahoo.com): > Hi,I created a cgroup and set memory limit as 400M. And i ran my test program > which is under this group to create a file of size 8G. ( thinking that the > amount of page cache pages needed at any point of time can exceed 400M). But > i did not have any issues and the file got created. So my question is do > these memory limits only apply to non file based operations. ie (page cache > is not accounted for ?). The question is relevant to containers too.. ( same > logic applies here too). > RegardsMohan > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] page cache memory accounting
Thanks.Where can find the memory usage details of a cgroup On Saturday, January 17, 2015 1:03 AM, Serge Hallyn wrote: Yes, I believe you need to use the kmem limits for that. Those are afaik not yet fully supported, sadly, but my ubuntu utopic host at least has them available: memory.kmem.limit_in_bytes etc Quoting Mohan G (mohan...@yahoo.com): > Hi,I created a cgroup and set memory limit as 400M. And i ran my test program > which is under this group to create a file of size 8G. ( thinking that the > amount of page cache pages needed at any point of time can exceed 400M). But > i did not have any issues and the file got created. So my question is do > these memory limits only apply to non file based operations. ie (page cache > is not accounted for ?). The question is relevant to containers too.. ( same > logic applies here too). > RegardsMohan > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] page cache memory accounting
Hi,I created a cgroup and set memory limit as 400M. And i ran my test program which is under this group to create a file of size 8G. ( thinking that the amount of page cache pages needed at any point of time can exceed 400M). But i did not have any issues and the file got created. So my question is do these memory limits only apply to non file based operations. ie (page cache is not accounted for ?). The question is relevant to containers too.. ( same logic applies here too). RegardsMohan ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] loading a file system
Also, i am hoping that all host mount point can be seen by containers. Is this assumption correct. On Wednesday, January 14, 2015 1:47 PM, Mohan G wrote: Thanks for the replies. My conclusions from the replies are that i am better of controlling the consumers of my FS via cgroups. If i decide to run my apps on containers, then i need to mount my FS on the host and create containers with limits of CPU and memory and use my FS via this container. Both these approaches seem fine and helps. On Wednesday, January 14, 2015 12:28 PM, Fajar A. Nugraha wrote: As Serge said, some limits needs to be enforced by your filesystem. Like tmpfs case for example, the size limit are set during mount, which should be done by the host (e.g. as an option on lxc.mount.entry in container config file). cgroup limits is AFAIK only apply to userland, and does not apply to memory used by kernel modules. What is your fs like? Most fs that I know of (e.g. btrfs, ext4) does not need particular amount of memory/cpu resource. In this case the only cpu/memory limit you need to worry about are userland (handled by cgroups). This is different from zfs, which requires huge amount of memory. But even in this case the resource used are global, and can't be separated per pool/dataset/mountpoint, so you won't be able to limit it per container. fuse, on the otherhand, will use some cpu/memory resource per mounts on its userland part. In this case, you can limit its cpu/memory usage the same way you limit other userland processes, using cgroups. -- Fajar On Wed, Jan 14, 2015 at 12:25 PM, Mohan G wrote: > Thanks. When i say my own file system, yes my own kernel file system written > for linux. A small yet working FS. > I want to load this FS and want applications to use them, but not consume > entire cpu and memory. If i can bring up KVM then i can set cpu and memory > for this KVM and load and mount my FS in this KVM and KVM's resource limits > will directly control the FS consumption etc. > > How i can achieve the same thing without using KVM. When i mean template, i > mean the linux image used as a separate container. ( i assume i can build a > new linux distro with my FS as default) and boot it up. > I am aware that containers are user level and share the same kernel. Thank > for the patience > > > > On Wednesday, January 14, 2015 10:37 AM, Fajar A. Nugraha > wrote: > > > You need to be more clear. More response inline > > On Wed, Jan 14, 2015 at 11:26 AM, Mohan G wrote: >> >> Thanks for the reply, now i guess my specific question is. >> 1) I have my own file system which i can load to the kernel. But i want to >> restrict the file systems usage as a whole. > > Do you mean your own file system module? e.g. something like fuse? > What do you mean by "restrict the file systems usage"? Only some > container can use that type of fs? Restrict its size? > > Short version is you should set all mounts in the host (including > loading the fs module, if it's a new one), and the container can then > simply use it. Also, do NOT allow containers to mount their own > filesystem (this is already the default setting when you use ubuntu > container on ubuntu host) > > >> 2) which means if i can build a kernel template with my FS on it , then >> would i be able to set limits on memory and cpu for the FS. >> > > what "kernel template"? You DO know that containers share the same > kernel as the host, right? > Also, I see no direct connection between "memory and cpu" and the type > of filesystem. Are you perhaps confusing FS, when you mean "container" > (i.e. guest) > >> basically i am looking for ways for FS to use KVM type limit ( in terms of >> cpu and memory) without actually using KVM. > > If you mean "limit container's cpu and memory use", see earlier > response about cgroups. Again, I see no correlation between FS and > > "cpu and memory". > > > -- > Fajar > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users > > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] loading a file system
Thanks for the replies. My conclusions from the replies are that i am better of controlling the consumers of my FS via cgroups. If i decide to run my apps on containers, then i need to mount my FS on the host and create containers with limits of CPU and memory and use my FS via this container. Both these approaches seem fine and helps. On Wednesday, January 14, 2015 12:28 PM, Fajar A. Nugraha wrote: As Serge said, some limits needs to be enforced by your filesystem. Like tmpfs case for example, the size limit are set during mount, which should be done by the host (e.g. as an option on lxc.mount.entry in container config file). cgroup limits is AFAIK only apply to userland, and does not apply to memory used by kernel modules. What is your fs like? Most fs that I know of (e.g. btrfs, ext4) does not need particular amount of memory/cpu resource. In this case the only cpu/memory limit you need to worry about are userland (handled by cgroups). This is different from zfs, which requires huge amount of memory. But even in this case the resource used are global, and can't be separated per pool/dataset/mountpoint, so you won't be able to limit it per container. fuse, on the otherhand, will use some cpu/memory resource per mounts on its userland part. In this case, you can limit its cpu/memory usage the same way you limit other userland processes, using cgroups. -- Fajar On Wed, Jan 14, 2015 at 12:25 PM, Mohan G wrote: > Thanks. When i say my own file system, yes my own kernel file system written > for linux. A small yet working FS. > I want to load this FS and want applications to use them, but not consume > entire cpu and memory. If i can bring up KVM then i can set cpu and memory > for this KVM and load and mount my FS in this KVM and KVM's resource limits > will directly control the FS consumption etc. > > How i can achieve the same thing without using KVM. When i mean template, i > mean the linux image used as a separate container. ( i assume i can build a > new linux distro with my FS as default) and boot it up. > I am aware that containers are user level and share the same kernel. Thank > for the patience > > > > On Wednesday, January 14, 2015 10:37 AM, Fajar A. Nugraha > wrote: > > > You need to be more clear. More response inline > > On Wed, Jan 14, 2015 at 11:26 AM, Mohan G wrote: >> >> Thanks for the reply, now i guess my specific question is. >> 1) I have my own file system which i can load to the kernel. But i want to >> restrict the file systems usage as a whole. > > Do you mean your own file system module? e.g. something like fuse? > What do you mean by "restrict the file systems usage"? Only some > container can use that type of fs? Restrict its size? > > Short version is you should set all mounts in the host (including > loading the fs module, if it's a new one), and the container can then > simply use it. Also, do NOT allow containers to mount their own > filesystem (this is already the default setting when you use ubuntu > container on ubuntu host) > > >> 2) which means if i can build a kernel template with my FS on it , then >> would i be able to set limits on memory and cpu for the FS. >> > > what "kernel template"? You DO know that containers share the same > kernel as the host, right? > Also, I see no direct connection between "memory and cpu" and the type > of filesystem. Are you perhaps confusing FS, when you mean "container" > (i.e. guest) > >> basically i am looking for ways for FS to use KVM type limit ( in terms of >> cpu and memory) without actually using KVM. > > If you mean "limit container's cpu and memory use", see earlier > response about cgroups. Again, I see no correlation between FS and > > "cpu and memory". > > > -- > Fajar > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users > > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] loading a file system
Thanks. When i say my own file system, yes my own kernel file system written for linux. A small yet working FS.I want to load this FS and want applications to use them, but not consume entire cpu and memory. If i can bring up KVM then i can set cpu and memory for this KVM and load and mount my FS in this KVM and KVM's resource limits will directly control the FS consumption etc. How i can achieve the same thing without using KVM. When i mean template, i mean the linux image used as a separate container. ( i assume i can build a new linux distro with my FS as default) and boot it up. I am aware that containers are user level and share the same kernel. Thank for the patience On Wednesday, January 14, 2015 10:37 AM, Fajar A. Nugraha wrote: You need to be more clear. More response inline On Wed, Jan 14, 2015 at 11:26 AM, Mohan G wrote: > > Thanks for the reply, now i guess my specific question is. > 1) I have my own file system which i can load to the kernel. But i want to > restrict the file systems usage as a whole. Do you mean your own file system module? e.g. something like fuse? What do you mean by "restrict the file systems usage"? Only some container can use that type of fs? Restrict its size? Short version is you should set all mounts in the host (including loading the fs module, if it's a new one), and the container can then simply use it. Also, do NOT allow containers to mount their own filesystem (this is already the default setting when you use ubuntu container on ubuntu host) > 2) which means if i can build a kernel template with my FS on it , then would > i be able to set limits on memory and cpu for the FS. > what "kernel template"? You DO know that containers share the same kernel as the host, right? Also, I see no direct connection between "memory and cpu" and the type of filesystem. Are you perhaps confusing FS, when you mean "container" (i.e. guest) > basically i am looking for ways for FS to use KVM type limit ( in terms of > cpu and memory) without actually using KVM. If you mean "limit container's cpu and memory use", see earlier response about cgroups. Again, I see no correlation between FS and "cpu and memory". -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] loading a file system
Thanks for the reply, now i guess my specific question is.1) I have my own file system which i can load to the kernel. But i want to restrict the file systems usage as a whole.2) which means if i can build a kernel template with my FS on it , then would i be able to set limits on memory and cpu for the FS. basically i am looking for ways for FS to use KVM type limit ( in terms of cpu and memory) without actually using KVM. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] loading a file system
Hi,I am new to the containers world and have been reading about this feature all day. Some of queries are basic in nature, do bear with me.1) can i load a module inside a container.2) And can that module be a file system module.3) where do we specify the memory/cpu limits of the container. (is it in the template ?)4) cgroups are for user process only right ? ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
