Re: [libvirt] [PATCH 8/8] Make QEMU cgroups use configurable
On Wed, Jul 22, 2009 at 04:23:47PM +0100, Daniel P. Berrange wrote:
* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug,
src/qemu.conf: Add 'cgroups_controllers' and 'cgroups_device_acl'
parameters
* src/qemu_conf.h, src/qemu_conf.c: Load & parse configuration params
for cgroups
* src/qemu_driver.c: Only use cgroups controllers that are activated,
and use configured device whitelist instead of default, if set.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
qemud/libvirtd_qemu.aug | 2 +
qemud/test_libvirtd_qemu.aug | 21 +++++++-
src/Makefile.am | 3 +-
src/cgroup.c | 11 ----
src/cgroup.h | 12 +++++
src/qemu.conf | 34 +++++++++++++
src/qemu_conf.c | 61 ++++++++++++++++++++++++
src/qemu_conf.h | 3 +
src/qemu_driver.c | 106 ++++++++++++++++++++++++------------------
[...]
+++ b/src/qemu.conf
@@ -95,3 +95,37 @@
# The group ID for QEMU processes run by the system instance
#group = "root"
+
+
+# What cgroup controllers to make use of with QEMU guests
+#
+# - 'cpu' - use for schedular tunables
+# - 'devices' - use for device whitelisting
+#
+# NB, even if configured here, they won't be used unless
+# the adminsitrator has mounted cgroups. eg
+#
+# mkdir /dev/cgroup
+# mount -t cgroup -o devices,cpu none /dev/cgroup
+#
+# They can be mounted anywhere, and different controlers
+# can be mounted in different locations. libvirt will detect
+# where they are located.
+#
+# cgroup_controllers = [ "cpu", "devices" ]
+
+# This is the basic set of devices allowed / required by
+# all virtual machines.
+#
+# As well as this, any configured block backed disks,
+# all sound device, and all PTY devices are allowed.
+#
+# This will only need setting if newer QEMU suddenly
+# wants some device we don't already know a bout.
+#
+#cgroup_device_acl = [
+# "/dev/null", "/dev/full", "/dev/zero",
+# "/dev/random", "/dev/urandom",
+# "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+# "/dev/rtc", "/dev/hpet", "/dev/net/tun",
+#]
great, but that doesn't really replace documentation :-)
[...]
- if (vm->def->nsounds) {
- rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_SND_MAJOR);
+ rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_PTY_MAJOR);
if (rc != 0) {
virReportSystemError(conn, -rc, "%s",
- _("unable to allow /dev/snd/ devices"));
+ _("unable to allow /dev/pts/ devices"));
goto cleanup;
diff is really making the patch hard to read ...
ACK,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/