On Thu, Aug 22, 2019 at 2:24 AM Daniel P. Berrangé <berrange@redhat.com> wrote:
On Wed, Aug 21, 2019 at 01:37:21PM -0700, Ihar Hrachyshka wrote:
Hi all,
KubeVirt uses libvirtd to manage qemu VMs represented as Kubernetes API resources. In this case, libvirtd is running inside an unprivileged pod, with some host mounts / capabilities added to the pod, needed by libvirtd and other services.
One of the capabilities libvirtd requires for successful startup inside a pod is SYS_RESOURCE. This capability is used to adjust RLIMIT_MEMLOCK ulimit value depending on devices attached to the managed guest, both on startup and during hotplug. AFAIU the need to lock the memory is to avoid pages being pushed out from RAM into swap.
Libvirt shouldn't set RLIMIT_MEMLOCK by default, unless there's something in the XML that requires it - one of
You are right, sorry. We add SYS_RESOURCE only for particular domains.
- hard limit memory value is present - host PCI device passthrough is requested
We are using passthrough to pass SR-IOV NIC VFs into guests. We also plan to do the same for GPUs in the near future.
- memory is locked into RAM
which of these are you actually using ?
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|