8:30 a.m.
From: "Daniel P. Berrange" <berrange(a)redhat.com>
To make lxcSetContainerResources smaller, pull the mem tune
I/O tune, CPU tune, and device ACL setup code out into separate
methods
* src/lxc/lxc_controller.c: Split up lxcSetContainerResources
---
src/lxc/lxc_controller.c | 154 +++++++++++++++++++++++++++++++---------------
1 files changed, 104 insertions(+), 50 deletions(-)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 137ef52..d3c3b61 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -223,70 +223,49 @@ cleanup:
return ret;
}
-/**
- * lxcSetContainerResources
- * @def: pointer to virtual machine structure
- *
- * Creates a cgroup for the container, moves the task inside,
- * and sets resource limits
- *
- * Returns 0 on success or -1 in case of error
- */
-static int lxcSetContainerResources(virDomainDefPtr def)
+static int lxcSetContainerCpuTune(virCgroupPtr cgroup, virDomainDefPtr def)
{
- virCgroupPtr driver;
- virCgroupPtr cgroup;
- int rc = -1;
- int i;
- struct cgroup_device_policy devices[] = {
- {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL},
- {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO},
- {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL},
- {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM},
- {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM},
- {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY},
- {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX},
- {0, 0, 0}};
-
- rc = virCgroupForDriver("lxc", &driver, 1, 0);
- if (rc != 0) {
- /* Skip all if no driver cgroup is configured */
- if (rc == -ENXIO || rc == -ENOENT)
- return 0;
-
- virReportSystemError(-rc, "%s",
- _("Unable to get cgroup for driver"));
- return rc;
- }
-
- rc = virCgroupForDomain(driver, def->name, &cgroup, 1);
- if (rc != 0) {
- virReportSystemError(-rc,
- _("Unable to create cgroup for domain %s"),
- def->name);
- goto cleanup;
- }
-
- if (def->blkio.weight) {
- rc = virCgroupSetBlkioWeight(cgroup, def->blkio.weight);
+ int ret = -1;
+ if (def->cputune.shares != 0) {
+ int rc = virCgroupSetCpuShares(cgroup, def->cputune.shares);
if (rc != 0) {
virReportSystemError(-rc,
- _("Unable to set Blkio weight for domain
%s"),
+ _("Unable to set io cpu shares for domain
%s"),
def->name);
goto cleanup;
}
}
+ ret = 0;
+cleanup:
+ return ret;
+}
+
- if (def->cputune.shares) {
- rc = virCgroupSetCpuShares(cgroup, def->cputune.shares);
+static int lxcSetContainerBlkioTune(virCgroupPtr cgroup, virDomainDefPtr def)
+{
+ int ret = -1;
+
+ if (def->blkio.weight) {
+ int rc = virCgroupSetBlkioWeight(cgroup, def->blkio.weight);
if (rc != 0) {
virReportSystemError(-rc,
- _("Unable to set cpu shares for domain %s"),
+ _("Unable to set Blkio weight for domain
%s"),
def->name);
goto cleanup;
}
}
+ ret = 0;
+cleanup:
+ return ret;
+}
+
+
+static int lxcSetContainerMemTune(virCgroupPtr cgroup, virDomainDefPtr def)
+{
+ int ret = -1;
+ int rc;
+
rc = virCgroupSetMemory(cgroup, def->mem.max_balloon);
if (rc != 0) {
virReportSystemError(-rc,
@@ -325,6 +304,27 @@ static int lxcSetContainerResources(virDomainDefPtr def)
}
}
+ ret = 0;
+cleanup:
+ return ret;
+}
+
+
+static int lxcSetContainerDeviceACL(virCgroupPtr cgroup, virDomainDefPtr def)
+{
+ int ret = -1;
+ int rc;
+ size_t i;
+ static const struct cgroup_device_policy devices[] = {
+ {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL},
+ {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO},
+ {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL},
+ {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM},
+ {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM},
+ {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY},
+ {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX},
+ {0, 0, 0}};
+
rc = virCgroupDenyAllDevices(cgroup);
if (rc != 0) {
virReportSystemError(-rc,
@@ -334,7 +334,7 @@ static int lxcSetContainerResources(virDomainDefPtr def)
}
for (i = 0; devices[i].type != 0; i++) {
- struct cgroup_device_policy *dev = &devices[i];
+ const struct cgroup_device_policy *dev = &devices[i];
rc = virCgroupAllowDevice(cgroup,
dev->type,
dev->major,
@@ -374,6 +374,60 @@ static int lxcSetContainerResources(virDomainDefPtr def)
goto cleanup;
}
+ ret = 0;
+cleanup:
+ return ret;
+}
+
+
+/**
+ * lxcSetContainerResources
+ * @def: pointer to virtual machine structure
+ *
+ * Creates a cgroup for the container, moves the task inside,
+ * and sets resource limits
+ *
+ * Returns 0 on success or -1 in case of error
+ */
+static int lxcSetContainerResources(virDomainDefPtr def)
+{
+ virCgroupPtr driver;
+ virCgroupPtr cgroup;
+ int rc = -1;
+
+ rc = virCgroupForDriver("lxc", &driver, 1, 0);
+ if (rc != 0) {
+ /* Skip all if no driver cgroup is configured */
+ if (rc == -ENXIO || rc == -ENOENT)
+ return 0;
+
+ virReportSystemError(-rc, "%s",
+ _("Unable to get cgroup for driver"));
+ return rc;
+ }
+
+ rc = virCgroupForDomain(driver, def->name, &cgroup, 1);
+ if (rc != 0) {
+ virReportSystemError(-rc,
+ _("Unable to create cgroup for domain %s"),
+ def->name);
+ goto cleanup;
+ }
+
+ rc = -1;
+
+ if (lxcSetContainerCpuTune(cgroup, def) < 0)
+ goto cleanup;
+
+ if (lxcSetContainerBlkioTune(cgroup, def) < 0)
+ goto cleanup;
+
+ if (lxcSetContainerMemTune(cgroup, def) < 0)
+ goto cleanup;
+
+ if (lxcSetContainerDeviceACL(cgroup, def) < 0)
+ goto cleanup;
+
rc = virCgroupAddTask(cgroup, getpid());
if (rc != 0) {
virReportSystemError(-rc,
--
1.7.6.4