10:36 a.m.
Recent Linux kernels have a new concept of 'CGroups' which is a way to
group tasks on the system and apply policy to them as a whole. We already
use this in the LXC container driver, to control total memory usage of
things runing within a container.
This patch series is a proof of concept to make use of CGroups in the
QEMU driver. The idea is that we have a 3 level cgroup hierarchy
- Top level; contains the libvirtd daemon itself
- 2nd level: one per libvirt driver, but dos not contain any
processes.
- 3rd level: one per guest VM. Contains the QEMU process
The host admin can do control on the top level and 2nd level to set an
overall system policy. libvirt will then provide APIs / capabilities to
control individual VMs policy.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
10:38 a.m.
New subject: [libvirt] PATCH: 1/3: Put each QEMU guest in a cgroup
This patch sets up the cgroups for QEMU instances. It creates a cgroup
when starting a guest, uses an exec hook to place the process into the
correct cgroup, and cleans up empty cgroup when the QEMU process shuts
down.
Daniel
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -68,6 +68,7 @@
#include "memory.h"
#include "uuid.h"
#include "domain_conf.h"
+#include "cgroup.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
@@ -1134,6 +1135,79 @@ static int qemudNextFreeVNCPort(struct q
static virDomainPtr qemudDomainLookupByName(virConnectPtr conn,
const char *name);
+static int qemuSetupCgroup(virConnectPtr conn,
+ struct qemud_driver *driver ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm)
+{
+ virCgroupPtr cgroup = NULL;
+
+ if (virCgroupHaveSupport() != 0)
+ return 0; /* Not supported, so claim success */
+
+ if (virCgroupForDomain(vm->def, "qemu", &cgroup) !=0 ) {
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("Unable to create cgroup for %s\n"),
+ vm->def->name);
+ goto cleanup;
+ }
+
+ virCgroupFree(&cgroup);
+ return 0;
+
+cleanup:
+ if (cgroup) {
+ virCgroupRemove(cgroup);
+ virCgroupFree(&cgroup);
+ }
+ return -1;
+}
+
+
+static int qemuRemoveCgroup(virConnectPtr conn,
+ struct qemud_driver *driver ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm)
+{
+ virCgroupPtr cgroup;
+
+ if (virCgroupHaveSupport() != 0)
+ return 0; /* Not supported, so claim success */
+
+ if (virCgroupForDomain(vm->def, "qemu", &cgroup) != 0) {
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("Unable to find cgroup for %s\n"),
+ vm->def->name);
+ return -1;
+ }
+
+ virCgroupRemove(cgroup);
+ virCgroupFree(&cgroup);
+ return 0;
+}
+
+static int qemuAddToCgroup(void *data)
+{
+ virDomainDefPtr def = data;
+ virCgroupPtr cgroup = NULL;
+
+ if (virCgroupHaveSupport() != 0)
+ return 0; /* Not supported, so claim success */
+
+ if (virCgroupForDomain(def, "qemu", &cgroup) != 0) {
+ qemudReportError(NULL, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("Unable to find cgroup for %s\n"),
+ def->name);
+ return -1;
+ }
+
+ if (virCgroupAddTask(cgroup, getpid()) < 0) {
+ virCgroupFree(&cgroup);
+ return -1;
+ }
+
+ virCgroupFree(&cgroup);
+ return 0;
+}
+
static int qemudStartVMDaemon(virConnectPtr conn,
struct qemud_driver *driver,
virDomainObjPtr vm,
@@ -1160,6 +1234,8 @@ static int qemudStartVMDaemon(virConnect
return -1;
}
+ qemuRemoveCgroup(conn, driver, vm);
+
if (vm->def->graphics &&
vm->def->graphics->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
vm->def->graphics->data.vnc.autoport) {
@@ -1185,8 +1261,11 @@ static int qemudStartVMDaemon(virConnect
emulator = vm->def->emulator;
if (!emulator)
emulator = virDomainDefDefaultEmulator(conn, vm->def, driver->caps);
- if (!emulator)
- return -1;
+ if (!emulator) {
+ close(vm->logfile);
+ vm->logfile = -1;
+ return -1;
+ }
/* Make sure the binary we are about to try exec'ing exists.
* Technically we could catch the exec() failure, but that's
@@ -1196,6 +1275,8 @@ static int qemudStartVMDaemon(virConnect
virReportSystemError(conn, errno,
_("Cannot find QEMU binary %s"),
emulator);
+ close(vm->logfile);
+ vm->logfile = -1;
return -1;
}
@@ -1205,7 +1286,14 @@ static int qemudStartVMDaemon(virConnect
qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
_("Cannot determine QEMU argv syntax %s"),
emulator);
- return -1;
+ close(vm->logfile);
+ vm->logfile = -1;
+ return -1;
+ }
+
+ if (qemuSetupCgroup(conn, driver, vm) < 0) {
+ close(vm->logfile);
+ vm->logfile = -1;
}
vm->def->id = driver->nextvmid++;
@@ -1249,9 +1337,10 @@ static int qemudStartVMDaemon(virConnect
for (i = 0 ; i < ntapfds ; i++)
FD_SET(tapfds[i], &keepfd);
- ret = virExec(conn, argv, progenv, &keepfd, &child,
- stdin_fd, &vm->logfile, &vm->logfile,
- VIR_EXEC_NONBLOCK | VIR_EXEC_DAEMON);
+ ret = virExecWithHook(conn, argv, progenv, &keepfd, &child,
+ stdin_fd, &vm->logfile, &vm->logfile,
+ VIR_EXEC_NONBLOCK | VIR_EXEC_DAEMON,
+ qemuAddToCgroup, vm->def);
/* wait for qemu process to to show up */
if (ret == 0) {
@@ -1278,6 +1367,8 @@ static int qemudStartVMDaemon(virConnect
"%s", _("Unable to daemonize QEMU
process"));
ret = -1;
}
+ } else {
+ qemuRemoveCgroup(conn, driver, vm);
}
if (ret == 0) {
@@ -1315,7 +1406,7 @@ static int qemudStartVMDaemon(virConnect
}
-static void qemudShutdownVMDaemon(virConnectPtr conn ATTRIBUTE_UNUSED,
+static void qemudShutdownVMDaemon(virConnectPtr conn,
struct qemud_driver *driver,
virDomainObjPtr vm) {
if (!virDomainIsActive(vm))
@@ -1351,6 +1442,9 @@ static void qemudShutdownVMDaemon(virCon
qemudLog(QEMUD_WARN, _("Failed to remove domain status for %s"),
vm->def->name);
}
+
+ qemuRemoveCgroup(conn, driver, vm);
+
vm->pid = -1;
vm->def->id = -1;
vm->state = VIR_DOMAIN_SHUTOFF;
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
9:27 a.m.
New subject: [libvirt] PATCH: 1/3: Put each QEMU guest in a cgroup
On Thu, Feb 26, 2009 at 04:38:25PM +0000, Daniel P. Berrange wrote:
This patch sets up the cgroups for QEMU instances. It creates a
cgroup
when starting a guest, uses an exec hook to place the process into the
correct cgroup, and cleans up empty cgroup when the QEMU process shuts
down.
@@ -1185,8 +1261,11 @@ static int qemudStartVMDaemon(virConnect
emulator = vm->def->emulator;
if (!emulator)
emulator = virDomainDefDefaultEmulator(conn, vm->def, driver->caps);
- if (!emulator)
- return -1;
+ if (!emulator) {
+ close(vm->logfile);
+ vm->logfile = -1;
+ return -1;
+ }
/* Make sure the binary we are about to try exec'ing exists.
* Technically we could catch the exec() failure, but that's
@@ -1196,6 +1275,8 @@ static int qemudStartVMDaemon(virConnect
virReportSystemError(conn, errno,
_("Cannot find QEMU binary %s"),
emulator);
+ close(vm->logfile);
+ vm->logfile = -1;
return -1;
}
@@ -1205,7 +1286,14 @@ static int qemudStartVMDaemon(virConnect
qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
_("Cannot determine QEMU argv syntax %s"),
emulator);
- return -1;
+ close(vm->logfile);
+ vm->logfile = -1;
+ return -1;
+ }
+
+ if (qemuSetupCgroup(conn, driver, vm) < 0) {
+ close(vm->logfile);
+ vm->logfile = -1;
}
vm->def->id = driver->nextvmid++;
Seems the logfile changes are cleanups not directly related,
but yes this all looks sounds to me,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
10:40 a.m.
New subject: [libvirt] PATCH: 2/3: Implement schedular params for QEMU
This patch implements the schedular parameter APIs. This adds a
single tunable 'cpu_shares' that is provided by cgroups. This is
a slightly more fancy way of doing nice priorities, giving a way
to tune relative priority of VMs
Daniel
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -3844,6 +3844,111 @@ cleanup:
return ret;
}
+
+static char *qemuGetSchedulerType(virDomainPtr domain ATTRIBUTE_UNUSED,
+ int *nparams)
+{
+ if (nparams)
+ *nparams = 1;
+
+ return strdup("posix");
+}
+
+static int qemuSetSchedulerParameters(virDomainPtr domain,
+ virSchedParameterPtr params,
+ int nparams)
+{
+ struct qemud_driver *driver = domain->conn->privateData;
+ int i;
+ virCgroupPtr group = NULL;
+ virDomainObjPtr vm = NULL;
+ int ret = -1;
+
+ if (virCgroupHaveSupport() != 0)
+ return -1;
+
+ qemuDriverLock(driver);
+ vm = virDomainFindByUUID(&driver->domains, domain->uuid);
+ qemuDriverUnlock(driver);
+
+ if (vm == NULL) {
+ qemudReportError(domain->conn, domain, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("No such domain %s"), domain->uuid);
+ goto cleanup;
+ }
+
+ if (virCgroupForDomain(vm->def, "qemu", &group) != 0)
+ goto cleanup;
+
+ for (i = 0; i < nparams; i++) {
+ virSchedParameterPtr param = ¶ms[i];
+
+ if (STREQ(param->field, "cpu_shares")) {
+ if (virCgroupSetCpuShares(group, params[i].value.ui) != 0)
+ goto cleanup;
+ } else {
+ qemudReportError(domain->conn, domain, NULL, VIR_ERR_INVALID_ARG,
+ _("Invalid parameter `%s'"),
param->field);
+ goto cleanup;
+ }
+ }
+ ret = 0;
+
+cleanup:
+ virCgroupFree(&group);
+ if (vm)
+ virDomainObjUnlock(vm);
+ return ret;
+}
+
+static int qemuGetSchedulerParameters(virDomainPtr domain,
+ virSchedParameterPtr params,
+ int *nparams)
+{
+ struct qemud_driver *driver = domain->conn->privateData;
+ virCgroupPtr group = NULL;
+ virDomainObjPtr vm = NULL;
+ unsigned long val;
+ int ret = -1;
+
+ if (virCgroupHaveSupport() != 0)
+ return -1;
+
+ if ((*nparams) != 1) {
+ qemudReportError(domain->conn, domain, NULL, VIR_ERR_INVALID_ARG,
+ "%s", _("Invalid parameter count"));
+ return -1;
+ }
+
+ qemuDriverLock(driver);
+ vm = virDomainFindByUUID(&driver->domains, domain->uuid);
+ qemuDriverUnlock(driver);
+
+ if (vm == NULL) {
+ qemudReportError(domain->conn, domain, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("No such domain %s"), domain->uuid);
+ goto cleanup;
+ }
+
+ if (virCgroupForDomain(vm->def, "qemu", &group) != 0)
+ goto cleanup;
+
+ if (virCgroupGetCpuShares(group, &val) != 0)
+ goto cleanup;
+ params[0].value.ul = val;
+ strncpy(params[0].field, "cpu_shares", sizeof(params[0].field));
+ params[0].type = VIR_DOMAIN_SCHED_FIELD_ULLONG;
+
+ ret = 0;
+
+cleanup:
+ virCgroupFree(&group);
+ if (vm)
+ virDomainObjUnlock(vm);
+ return ret;
+}
+
+
/* This uses the 'info blockstats' monitor command which was
* integrated into both qemu & kvm in late 2007. If the command is
* not supported we detect this and return the appropriate error.
@@ -4650,9 +4755,9 @@ static virDriver qemuDriver = {
qemudDomainDetachDevice, /* domainDetachDevice */
qemudDomainGetAutostart, /* domainGetAutostart */
qemudDomainSetAutostart, /* domainSetAutostart */
- NULL, /* domainGetSchedulerType */
- NULL, /* domainGetSchedulerParameters */
- NULL, /* domainSetSchedulerParameters */
+ qemuGetSchedulerType, /* domainGetSchedulerType */
+ qemuGetSchedulerParameters, /* domainGetSchedulerParameters */
+ qemuSetSchedulerParameters, /* domainSetSchedulerParameters */
NULL, /* domainMigratePrepare (v1) */
qemudDomainMigratePerform, /* domainMigratePerform */
NULL, /* domainMigrateFinish */
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
9:31 a.m.
New subject: [libvirt] PATCH: 2/3: Implement schedular params for QEMU
On Thu, Feb 26, 2009 at 04:40:18PM +0000, Daniel P. Berrange wrote:
This patch implements the schedular parameter APIs. This adds a
single tunable 'cpu_shares' that is provided by cgroups. This is
a slightly more fancy way of doing nice priorities, giving a way
to tune relative priority of VMs
The scheduler API is one of the parts I'm most afraid of from an
API perspective...
[...]
+static int qemuSetSchedulerParameters(virDomainPtr domain,
+ virSchedParameterPtr params,
+ int nparams)
[...]
+ for (i = 0; i < nparams; i++) {
+ virSchedParameterPtr param = ¶ms[i];
+
+ if (STREQ(param->field, "cpu_shares")) {
I think we should also check param->type to be of type
VIR_DOMAIN_SCHED_FIELD_ULLONG before passing value.ui
+ if (virCgroupSetCpuShares(group, params[i].value.ui) !=
0)
maybe use param->value.ui since we have a pointer handy, avoid
index trouble if the code evolves.
+ goto cleanup;
+ } else {
+ qemudReportError(domain->conn, domain, NULL, VIR_ERR_INVALID_ARG,
+ _("Invalid parameter `%s'"),
param->field);
+ goto cleanup;
+ }
+ }
+ ret = 0;
Patch looks fine otherwise,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
10:42 a.m.
New subject: [libvirt] PATCH: 3/3: Control file device access
This patch is more focused on access control. CGroups has a controller
that enforces ACLs on device nodes. This allows us to restrict exactly
what block/character devices a guest is allowed to access. So in the
absence of something like SELinux sVirt, you can get a degree of
isolation between VMs on block device backed disks.
This sets up an initial deny-all policy, and then iterates over all
the disks defined for a VM, allowing each one in turn. Finally it
allows a handy of common nodes like /dev/null, /dev/random, /dev/ptmx
and friends, which all processes need to use.
Daniel
diff --git a/src/cgroup.c b/src/cgroup.c
--- a/src/cgroup.c
+++ b/src/cgroup.c
@@ -788,6 +788,23 @@ int virCgroupAllowDeviceMajor(virCgroupP
return rc;
}
+int virCgroupAllowDevicePath(virCgroupPtr group,
+ const char *path)
+{
+ struct stat sb;
+
+ if (stat(path, &sb) < 0)
+ return -errno;
+
+ if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))
+ return -EINVAL;
+
+ return virCgroupAllowDevice(group,
+ S_ISCHR(sb.st_mode) ? 'c' : 'b',
+ major(sb.st_rdev),
+ minor(sb.st_rdev));
+}
+
int virCgroupSetCpuShares(virCgroupPtr group, unsigned long shares)
{
return virCgroupSetValueU64(group, "cpu.shares", (uint64_t)shares);
diff --git a/src/cgroup.h b/src/cgroup.h
--- a/src/cgroup.h
+++ b/src/cgroup.h
@@ -38,6 +38,8 @@ int virCgroupAllowDevice(virCgroupPtr gr
int virCgroupAllowDeviceMajor(virCgroupPtr group,
char type,
int major);
+int virCgroupAllowDevicePath(virCgroupPtr group,
+ const char *path);
int virCgroupSetCpuShares(virCgroupPtr group, unsigned long shares);
int virCgroupGetCpuShares(virCgroupPtr group, unsigned long *shares);
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -1135,11 +1135,18 @@ static int qemudNextFreeVNCPort(struct q
static virDomainPtr qemudDomainLookupByName(virConnectPtr conn,
const char *name);
+static const char *const devs[] = {
+ "/dev/null", "/dev/full", "/dev/zero",
+ "/dev/random", "/dev/urandom",
+ "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+};
+
static int qemuSetupCgroup(virConnectPtr conn,
struct qemud_driver *driver ATTRIBUTE_UNUSED,
virDomainObjPtr vm)
{
virCgroupPtr cgroup = NULL;
+ unsigned int i;
if (virCgroupHaveSupport() != 0)
return 0; /* Not supported, so claim success */
@@ -1151,6 +1158,41 @@ static int qemuSetupCgroup(virConnectPtr
goto cleanup;
}
+ if (virCgroupDenyAllDevices(cgroup) != 0)
+ goto cleanup;
+
+ for (i = 0; i < vm->def->ndisks ; i++) {
+ if (vm->def->disks[i]->type != VIR_DOMAIN_DISK_TYPE_BLOCK)
+ continue;
+
+ if (virCgroupAllowDevicePath(cgroup,
+ vm->def->disks[i]->src) < 0) {
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("unable to allow device %s"),
+ vm->def->disks[i]->src);
+ goto cleanup;
+ }
+ }
+
+ if (virCgroupAllowDeviceMajor(cgroup, 'c', 136) < 0) {
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("unable to allow device %s"),
+ devs[i]);
+ goto cleanup;
+ }
+
+ for (i = 0; i < ARRAY_CARDINALITY(devs) ; i++) {
+ int rc;
+ if ((rc = virCgroupAllowDevicePath(cgroup,
+ devs[i])) < 0 &&
+ rc != -ENOENT) {
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("unable to allow device %s"),
+ devs[i]);
+ goto cleanup;
+ }
+ }
+
virCgroupFree(&cgroup);
return 0;
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
10:09 a.m.
New subject: [libvirt] PATCH: 3/3: Control file device access
On Thu, Feb 26, 2009 at 04:42:59PM +0000, Daniel P. Berrange wrote:
This patch is more focused on access control. CGroups has a controller
that enforces ACLs on device nodes. This allows us to restrict exactly
what block/character devices a guest is allowed to access. So in the
absence of something like SELinux sVirt, you can get a degree of
isolation between VMs on block device backed disks.
Will that work for dynamically plugged block devices ? This seems to
have the potential to break things there, isn't-it ?
This sets up an initial deny-all policy, and then iterates over all
the disks defined for a VM, allowing each one in turn. Finally it
allows a handy of common nodes like /dev/null, /dev/random, /dev/ptmx
and friends, which all processes need to use.
[...]
+ if (virCgroupAllowDeviceMajor(cgroup, 'c', 136) < 0)
{
errr ... what is 136 ? Maybe a descriptive constant would help :-)
In gneral how much testing do we need before pushing those patches ?
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
4:40 p.m.
On Thu, 2009-02-26 at 16:36 +0000, Daniel P. Berrange wrote:
Recent Linux kernels have a new concept of 'CGroups' which is
a way to
group tasks on the system and apply policy to them as a whole. We already
use this in the LXC container driver, to control total memory usage of
things runing within a container.
This patch series is a proof of concept to make use of CGroups in the
QEMU driver. The idea is that we have a 3 level cgroup hierarchy
- Top level; contains the libvirtd daemon itself
- 2nd level: one per libvirt driver, but dos not contain any
processes.
- 3rd level: one per guest VM. Contains the QEMU process
Why the separate group for the driver ? Do you see partitioning of
resources by driver as an important requirement ?
David
4:48 a.m.
On Thu, Feb 26, 2009 at 10:40:54PM +0000, David Lutterkort wrote:
On Thu, 2009-02-26 at 16:36 +0000, Daniel P. Berrange wrote:
> Recent Linux kernels have a new concept of 'CGroups' which is a way to
> group tasks on the system and apply policy to them as a whole. We already
> use this in the LXC container driver, to control total memory usage of
> things runing within a container.
>
> This patch series is a proof of concept to make use of CGroups in the
> QEMU driver. The idea is that we have a 3 level cgroup hierarchy
>
> - Top level; contains the libvirtd daemon itself
> - 2nd level: one per libvirt driver, but dos not contain any
> processes.
> - 3rd level: one per guest VM. Contains the QEMU process
Why the separate group for the driver ? Do you see partitioning of
resources by driver as an important requirement ?
It is mostly a namespacing issue. The per-VM group names on the filesystem
are based off the VM name. VM names are only unique within scope of a
driver. Since both LXC and QEMU drivers use CGroups, we need to make
sure they have separate namespace in cgroups. A per-driver cgroup solves
this nicely.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
4:03 p.m.
Hello Daniel,
I'd like to ask, what is the progres of qemu cgroups support?
are there any problems preventing it from getting into git?
It would be a great feature to have...
thanks a lot for reply in advance
with best regards
nik
On Thu, Feb 26, 2009 at 04:36:10PM +0000, Daniel P. Berrange wrote:
Recent Linux kernels have a new concept of 'CGroups' which is
a way to
group tasks on the system and apply policy to them as a whole. We already
use this in the LXC container driver, to control total memory usage of
things runing within a container.
This patch series is a proof of concept to make use of CGroups in the
QEMU driver. The idea is that we have a 3 level cgroup hierarchy
- Top level; contains the libvirtd daemon itself
- 2nd level: one per libvirt driver, but dos not contain any
processes.
- 3rd level: one per guest VM. Contains the QEMU process
The host admin can do control on the top level and 2nd level to set an
overall system policy. libvirt will then provide APIs / capabilities to
control individual VMs policy.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
--
-------------------------------------
Nikola CIPRICH
LinuxBox.cz, s.r.o.
28. rijna 168, 709 01 Ostrava
tel.: +420 596 603 142
fax: +420 596 621 273
mobil: +420 777 093 799
www.linuxbox.cz
mobil servis: +420 737 238 656
email servis: servis(a)linuxbox.cz
-------------------------------------
12:04 p.m.
On Mon, Jul 06, 2009 at 11:03:10PM +0200, Nikola Ciprich wrote:
Hello Daniel,
I'd like to ask, what is the progres of qemu cgroups support?
are there any problems preventing it from getting into git?
It should be in this next release we do.
Daniel
On Thu, Feb 26, 2009 at 04:36:10PM +0000, Daniel P. Berrange wrote:
> Recent Linux kernels have a new concept of 'CGroups' which is a way to
> group tasks on the system and apply policy to them as a whole. We already
> use this in the LXC container driver, to control total memory usage of
> things runing within a container.
>
> This patch series is a proof of concept to make use of CGroups in the
> QEMU driver. The idea is that we have a 3 level cgroup hierarchy
>
> - Top level; contains the libvirtd daemon itself
> - 2nd level: one per libvirt driver, but dos not contain any
> processes.
> - 3rd level: one per guest VM. Contains the QEMU process
>
>
> The host admin can do control on the top level and 2nd level to set an
> overall system policy. libvirt will then provide APIs / capabilities to
> control individual VMs policy.
>
> Daniel
> --
> |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
> |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
> |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
> |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
>
> --
> Libvir-list mailing list
> Libvir-list(a)redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>
--
-------------------------------------
Nikola CIPRICH
LinuxBox.cz, s.r.o.
28. rijna 168, 709 01 Ostrava
tel.: +420 596 603 142
fax: +420 596 621 273
mobil: +420 777 093 799
www.linuxbox.cz
mobil servis: +420 737 238 656
email servis: servis(a)linuxbox.cz
-------------------------------------
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
5616
days inactive
5747
days old
10 comments
4 participants
participants (4)
-
Daniel P. Berrange -
Daniel Veillard -
David Lutterkort -
Nikola Ciprich