7:27 p.m.
Hi there,
Do you know if there is a way to modify how libvirt interacts with the
cgroup?
Because, I successfully add the /dev/net/tun support in my LXC container
by doing:
echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allow
But when I restart the instance/LXC container, this option has gone.
How can I make this persistant? Is there a configuration file?
Thanks for your answers.
Best regards.
Sam
3:55 p.m.
Hi, Sam.
How can I make this persistant? Is there a configuration file?
Libvirt may not have that configuration.
I think you can use "cgconfig" instead of it.
Setting as follows, in my environment was successful.
1) edit /etc/cgconfig.conf
# cpuset.cpus/mems is mandatory values.
# Please set suitable values according to your environment.
----------
group libvirt {
cpuset {
cpuset.cpus = 0;
cpuset.mems = 0;
}
}
group libvirt/lxc {
cpuset {
cpuset.cpus = 0;
cpuset.mems = 0;
} devices {
devices.allow = "c 10:200 rwm";
}
}
mount {
cpuset = /cgroup/cpuset;
cpu = /cgroup/cpu;
cpuacct = /cgroup/cpuacct;
memory = /cgroup/memory;
devices = /cgroup/devices;
freezer = /cgroup/freezer;
net_cls = /cgroup/net_cls;
blkio = /cgroup/blkio;
}
----------
2) restart cgconfig and libvirtd.
# Order is "libvirtd stop->cgconfig restart->libvirtd start"
3) start lxc container.
Result in my environment(CentOS6.2 x86_64+libvirt 0.9.8) is
# virsh -c lxc:/// start lxc_container_1
Domain lxc_container_1 started
# cat /cgroup/devices/libvirt/lxc/lxc_container_1/devices.list
c 10:200 rwm <-- :-)
c 1:3 rwm
c 1:5 rwm
c 1:7 rwm
c 1:8 rwm
c 1:9 rwm
c 5:0 rwm
c 5:2 rwm
c 136:* rwm
Regards,
Mitsuru Kanabuchi
> -----Original Message-----
> From: libvirt-users-bounces(a)redhat.com [mailto:libvirt-users-bounces@redhat.com] On
Behalf Of Samuel Hassine
> Sent: Wednesday, January 25, 2012 8:28 PM
> To: libvirt-users(a)redhat.com
> Subject: [libvirt-users] How to change libvirt / cgroup interaction?
>
> Hi there,
>
> Do you know if there is a way to modify how libvirt interacts with the cgroup?
>
> Because, I successfully add the /dev/net/tun support in my LXC container by doing:
>
> echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allow
>
> But when I restart the instance/LXC container, this option has gone.
>
How can I make this persistant? Is there a configuration file?
>
> Thanks for your answers.
>
> Best regards.
> Sam
>
> _______________________________________________
> libvirt-users mailing list
> libvirt-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users
5:38 a.m.
On 01/25/2012 04:27 AM, Samuel Hassine wrote:
Hi there,
Do you know if there is a way to modify how libvirt interacts with the
cgroup?
Because, I successfully add the /dev/net/tun support in my LXC container
by doing:
echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allow
Libvirt is supposed to be automatically modifying devices.allow as part
of setting up domains, so that devices mentioned/required by the domain
XML are permitted and no other devices are passed through (that is,
libvirt is already using cgroups as part of its sVirt strategy). At
least this is true for qemu while using sVirt. But you mentioned LXC,
where sVirt is just now barely being added; so maybe the answer is to
wait for the 0.9.10 release, and then ask the question again.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
4608
days inactive
4609
days old
2 comments
3 participants
participants (3)
-
Eric Blake -
Kanabuchi -
Samuel Hassine