[libvirt-users] How to change libvirt / cgroup interaction?
Hi there, Do you know if there is a way to modify how libvirt interacts with the cgroup? Because, I successfully add the /dev/net/tun support in my LXC container by doing: echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allow But when I restart the instance/LXC container, this option has gone. How can I make this persistant? Is there a configuration file? Thanks for your answers. Best regards. Sam
Hi, Sam.
How can I make this persistant? Is there a configuration file?
Libvirt may not have that configuration. I think you can use "cgconfig" instead of it. Setting as follows, in my environment was successful. 1) edit /etc/cgconfig.conf # cpuset.cpus/mems is mandatory values. # Please set suitable values according to your environment. ---------- group libvirt { cpuset { cpuset.cpus = 0; cpuset.mems = 0; } } group libvirt/lxc { cpuset { cpuset.cpus = 0; cpuset.mems = 0; } devices { devices.allow = "c 10:200 rwm"; } } mount { cpuset = /cgroup/cpuset; cpu = /cgroup/cpu; cpuacct = /cgroup/cpuacct; memory = /cgroup/memory; devices = /cgroup/devices; freezer = /cgroup/freezer; net_cls = /cgroup/net_cls; blkio = /cgroup/blkio; } ---------- 2) restart cgconfig and libvirtd. # Order is "libvirtd stop->cgconfig restart->libvirtd start" 3) start lxc container. Result in my environment(CentOS6.2 x86_64+libvirt 0.9.8) is # virsh -c lxc:/// start lxc_container_1 Domain lxc_container_1 started # cat /cgroup/devices/libvirt/lxc/lxc_container_1/devices.list c 10:200 rwm <-- :-) c 1:3 rwm c 1:5 rwm c 1:7 rwm c 1:8 rwm c 1:9 rwm c 5:0 rwm c 5:2 rwm c 136:* rwm Regards, Mitsuru Kanabuchi
-----Original Message----- From: libvirt-users-bounces@redhat.com [mailto:libvirt-users-bounces@redhat.com] On Behalf Of Samuel Hassine Sent: Wednesday, January 25, 2012 8:28 PM To: libvirt-users@redhat.com Subject: [libvirt-users] How to change libvirt / cgroup interaction?
Hi there,
Do you know if there is a way to modify how libvirt interacts with the cgroup?
Because, I successfully add the /dev/net/tun support in my LXC container by doing:
echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allow
But when I restart the instance/LXC container, this option has gone.
How can I make this persistant? Is there a configuration file?
Thanks for your answers.
Best regards. Sam
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
On 01/25/2012 04:27 AM, Samuel Hassine wrote:
Hi there,
Do you know if there is a way to modify how libvirt interacts with the cgroup?
Because, I successfully add the /dev/net/tun support in my LXC container by doing:
echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allow
Libvirt is supposed to be automatically modifying devices.allow as part of setting up domains, so that devices mentioned/required by the domain XML are permitted and no other devices are passed through (that is, libvirt is already using cgroups as part of its sVirt strategy). At least this is true for qemu while using sVirt. But you mentioned LXC, where sVirt is just now barely being added; so maybe the answer is to wait for the 0.9.10 release, and then ask the question again. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
participants (3)
-
Eric Blake -
Kanabuchi -
Samuel Hassine