Ok, i'm applying this version. We still have following issues to address:
1) what should be shown in /proc/cgroups inside a CT and how https://jira.sw.ru/browse/PSBM-33400 2) we need a list of cgroups, creating sub-cgroups of which might make troubles for the Node as a whole For now we keep in mind only memcg. Any others? We need to limit the number of sub-cgroups of those kinds by some reasonable defaults (Volodya, how many memory subcgroups might give us noticeable performance degradation?), and optionally create new corresponding per-CT parameter in userspace (but this can be done later in case default is high enough and we won't hit it soon). https://jira.sw.ru/browse/PSBM-33401 -- Best regards, Konstantin Khorenko, Virtuozzo Linux Kernel Team On 05/07/2015 05:54 PM, Vladimir Davydov wrote: > On Thu, May 07, 2015 at 05:01:42PM +0300, Cyrill Gorcunov wrote: >> Here we rip off all the virtualization code we introduced into kernel to >> behave close to rhel6. >> >> Because we're trying a new concept (bindmounting from the node) it is >> no longer needed. >> >> Now some details: >> >> - drop cgroup_show_path -- we don't hide VEID in /proc/self/cgroup output, >> it doesn't break criu so no need to carry it, same applies to changes >> in cgroup_path; >> >> - because we drop virtualization of systemd -- disable creation of new >> hierarchies in container: we don't support it, neither we need it. The >> primary reason why we allowed new hierarchies in container was that >> CRIU has been running restore procedure inside VE but now we initiate >> restore from VE0, so we can safely disable new hierarchies; >> >> - in cgroup_addrm_files go back to former RHEL7 code; if we need something >> special here it must be reviewed carefully and separately; >> >> - no need to hide /proc/cgroups in VE, there is no sensible info present. >> >> v2: >> - take into account commits 38f039db6e023ac14517219ad6f674633c4e99ca >> and c2ac6df22b20389ae2d0af49c436b00ff3243e89 removing >> cgroup_is_disposable, >> cgroup_kernel_destroy, ve::ve_cgroup_head. >> >> - drop GRPP_WEAK, CGRP_SELF_DESTRUCTION and CGRP_VE_TOP_CGROUP_VIRTUAL flags >> which implies the cgroups no longer auto-cleaned up but user-space tool >> (read vzctl and friends) should handle cgroups removal >> >> - because we're moving to native cgroups code we don't virtualize release >> agent anymore >> >> - still cgroup::cgroup_ve member is needed because we're using it >> all over the code >> >> v3: >> - move back ve_offline, we need to free ve id >> >> v4: >> - use native call_usermodehelper in release_agent execution, we don't >> virtualized cgroups, but I kept error code and pr_warn so it would >> be easier identify problems if ever >> - drop cgroup::cgroup_ve member, no longer used >> - drop unused cgroup_kernel_destory >> >> v5: >> - disable mounting of cgroups inside VE >> - disable modifying toplevel bindmount cgroup >> files from inside of container, except ve cgroup, >> where we need to write "START" to kick container to >> run (probably we will need more control here for >> "restore" via CRIU case, hasn't investigated it >> yet) >> - drop redundant @cgrp from ve_offline >> >> Signed-off-by: Cyrill Gorcunov <gorcu...@odin.com> >> CC: Vladimir Davydov <vdavy...@odin.com> >> CC: Konstantin Khorenko <khore...@odin.com> >> CC: Pavel Emelyanov <xe...@odin.com> >> CC: Andrey Vagin <ava...@odin.com> > > Acked-by: Vladimir Davydov <vdavy...@parallels.com> > _______________________________________________ > Devel mailing list > Devel@openvz.org > https://lists.openvz.org/mailman/listinfo/devel > _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
