On Fri, 28.11.14 15:52, Richard Weinberger (richard(a)nod.at) wrote:
Am 28.11.2014 um 06:33 schrieb Martin Pitt:
> Hello all,
>
> Cameron Norman [2014-11-27 12:26 -0800]:
>> On Wed, Nov 26, 2014 at 1:29 PM, Richard Weinberger <richard(a)nod.at>
wrote:
>>> Hi!
>>>
>>> I run a Linux container setup with openSUSE 13.1/2 as guest distro.
>>> After some time containers slow down.
>>> An investigation showed that the containers slow down because a lot of
stale
>>> user sessions slow down almost all systemd tools, mostly systemctl.
>>> loginctl reports many thousand sessions.
>>> All in state "closing".
>>
>> This sounds similar to an issue that systemd-shim in Debian had.
>> Martin Pitt (helps to maintain systemd in Debian) fixed that issue; he
>> may have some ideas here. I CC'd him.
>
> The problem with systemd-shim under sysvinit or upstart was that shim
> didn't set a cgroup release agent like systemd itself does. Thus the
> cgroups were never cleaned up after all the session processes died.
> (See 1.4 on
https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
> for details)
>
> I don't think that SUSE uses systemd-shim, I take it in that setup you
> are running systemd proper on both the host and the guest? Then I
> suggest checking the cgroups that correspond to the "closing" sessions
> in the container, i. e. /sys/fs/cgroup/systemd/.../session-XX.scope/tasks.
> If there are still processes in it, logind is merely waiting for them
> to exit (or set KillUserProcesses in logind.conf). If they are empty,
> check that /sys/fs/cgroup/systemd/.../session-XX.scope/notify_on_release is 1
> and that /sys/fs/cgroup/systemd/release_agent is set?
The problem is that within the container the release agent is not executed.
It is executed on the host side.
Lennart, how is this supposed to work?
Is the theory of operation that the host systemd sends org.freedesktop.systemd1.Agent
Released
via dbus into the guest?
The guests systemd definitely does not receive such a signal.
No, the cgrouips agents are not reliable, because of subgroups, and
because of their incompatibility with containers. systemd uses the
events if it gets them, but we try hard to be able to live without
them (see other mail).
Lennart
--
Lennart Poettering, Red Hat