Re: [libvirt] [PATCH 2 of 2] Use cgroup functions to set resource limits on LXC domains
On Wed, Oct 01, 2008 at 01:19:04PM -0700, Dan Smith wrote:
This patch adds code to the controller to set up a cgroup named after
the
domain name, set the memory limit, and restrict devices. It also
adds bits to lxc_driver to properly clean up the cgroup on domain death.
If virCgroupHaveSupport() says that no support is available, then we just
allow the domain creation to proceed as it did before without resource
controls in place.
+
+ rc = virCgroupForDomain(def, &cgroup);
+ if (rc != 0) {
+ fprintf(stderr, "Unable to create cgroup for %s\n", def->name);
+ goto out;
+ }
Should use lxcError() here - as things are setup by virExec(), calls to
lxcError() call to virRaiseError() which ultimately calls fprintf(). By
using lxcError() can we more easily change logging later if needed.
+
+ rc = virCgroupSetMemory(cgroup, def->maxmem);
+ if (rc != 0)
+ goto out;
+
+ rc = virCgroupDenyAllDevices(cgroup);
+ if (rc != 0)
+ goto out;
+
+ for (i = 0; devices[i].type != 0; i++) {
+ struct cgroup_device_policy *dev = &devices[i];
+ rc = virCgroupAllowDevice(cgroup,
+ dev->type,
+ dev->major,
+ dev->minor);
+ if (rc != 0)
+ goto out;
+ }
+
+ rc = virCgroupAddTask(cgroup, getpid());
+out:
+ virCgroupFree(&cgroup);
+
+ if (rc != 0)
+ fprintf(stderr, "Failed to set lxc resources: %s\n", strerror(-rc));
Likewise here use lxcError().
I think we need to virCgroupRemove() in the error path to cleanup
a partially constructed cgroup ?
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|