[systemd-devel] [systemd][cgroup in container] problem with cgroup hierarchy in container
Jacek Pielaszkiewicz
j.pielaszkie at samsung.com
Thu Mar 6 05:03:57 PST 2014
Hi
In previous mail I putted case for libvirt. In case of nspawn everything works fine (see details below):
++++++++++++
+++ Guest
++++++++++++
Jacek Pielaszkiewicz
Samsung R&D Institute Poland
Samsung Electronics
Email: j.pielaszkie at samsung.com
> -----Original Message-----
> From: Jacek Pielaszkiewicz [mailto:j.pielaszkie at samsung.com]
> Sent: Thursday, March 06, 2014 12:55 PM
> To: 'Lennart Poettering'
> Cc: 'systemd-devel at lists.freedesktop.org'
> Subject: RE: [systemd-devel] [systemd][cgroup in container] problem
> with cgroup hierarchy in container
>
> Hi
>
>
> ++++++++++++++++++++++++
> +++ Host
> ++++++++++++++++++++++++
>
> sh-4.2# systemctl --version
> systemd 210
> +PAM -LIBWRAP -AUDIT -SELINUX +IMA -SYSVINIT -LIBCRYPTSETUP +GCRYPT
> +ACL
> ++XZ -SECCOMP -APPARMOR
> sh-4.2#
>
>
>
> sh-4.2# systemctl show
> Version=210
> Features=+PAM -LIBWRAP -AUDIT -SELINUX +IMA -SYSVINIT -LIBCRYPTSETUP
> +GCRYPT +AC
> FirmwareTimestampMonotonic=0
> LoaderTimestampMonotonic=0
> KernelTimestamp=Fri 1999-12-31 21:45:33 PST
> KernelTimestampMonotonic=0
> InitRDTimestampMonotonic=0
> UserspaceTimestamp=Fri 1999-12-31 21:45:38 PST
> UserspaceTimestampMonotonic=4660232
> FinishTimestamp=Fri 1999-12-31 21:45:45 PST
> FinishTimestampMonotonic=12150606
> SecurityStartTimestamp=Fri 1999-12-31 21:45:38 PST
> SecurityStartTimestampMonotonic=4688429
> SecurityFinishTimestamp=Fri 1999-12-31 21:45:38 PST
> SecurityFinishTimestampMonotonic=4688738
> GeneratorsStartTimestamp=Fri 1999-12-31 21:45:38 PST
> GeneratorsStartTimestampMonotonic=4827446
> GeneratorsFinishTimestamp=Fri 1999-12-31 21:45:38 PST
> GeneratorsFinishTimestampMonotonic=5428254
> UnitsLoadStartTimestamp=Fri 1999-12-31 21:45:39 PST
> UnitsLoadStartTimestampMonotonic=5448687
> UnitsLoadFinishTimestamp=Fri 1999-12-31 21:45:39 PST
> UnitsLoadFinishTimestampMonotonic=5921444
> LogLevel=info
> LogTarget=journal-or-kmsg
> NNames=263
> NJobs=0
> NInstalledJobs=145
> NFailedJobs=4
> Progress=1
> Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
> ConfirmSpawn=no
> ShowStatus=yes
> UnitPath=/etc/systemd/system /run/systemd/system /run/systemd/generator
> /usr/loc DefaultStandardOutput=journal DefaultStandardError=journal
> RuntimeWatchdogUSec=0
> ShutdownWatchdogUSec=10min
>
>
> bash-4.2# systemd-cgls
> ...
>
> └─machine.slice
> └─machine-lxc\x2dtizen\x2d2.scope
> ├─3135 /usr/libexec/libvirt_lxc --name tizen-2 --console 20 --
> security=none
> └─machine.slice
> └─machine-lxc\x2dtizen\x2d2.scope
> ├─3144 /usr/lib/systemd/systemd
> ├─machine.slice
> │ └─machine-lxc\x2dtizen\x2d2.scope
> │ └─user.slice
> │ └─user-0.slice
> │ └─user at 0.service
> │ └─3227 /usr/lib/systemd/systemd --user
> ├─system.slice
> │ ├─wpa_supplicant.service
> │ │ └─3185 /usr/sbin/wpa_supplicant -u
> │ ├─systemd-logind.service
> │ │ └─3171 /usr/lib/systemd/systemd-logind
> │ ├─connman.service
> │ │ └─3170 /usr/sbin/connmand -n
> │ ├─dbus.service
> │ │ └─3169 /usr/bin/dbus-daemon --system --address=systemd: --
> nofork --n
> │ └─systemd-journald.service
> │ └─3162 /usr/lib/systemd/systemd-journald
> └─user.slice
> └─user-0.slice
> ├─session-c1.scope
> │ ├─3174 login -- root
> │ ├─3231 -bash
> │ ├─3245 su
> │ └─3246 bash
> └─user at 0.service
> └─3229 (sd-pam)
>
>
>
> sh-4.2# cat /proc/1/cgroup
> 8:name=daemon_mgr:/
> 7:freezer:/
> 6:devices:/
> 5:memory:/
> 4:cpuacct,cpu:/
> 3:debug:/
> 2:cpuset:/
> 1:name=systemd:/
> sh-4.2#
>
> ++++++++++++++++++++++++
> +++ Guest
> ++++++++++++++++++++++++
>
>
> bash-4.2# systemctl --version
> systemd 210
> +PAM -LIBWRAP -AUDIT -SELINUX +IMA -SYSVINIT -LIBCRYPTSETUP +GCRYPT
> +ACL +XZ -SECCOMP -APPARMOR
> bash-4.2#
>
>
> bash-4.2# systemd-cgls
> └─user.slice
> └─user-0.slice
> └─user at 0.service
> └─ /usr/lib/systemd/systemd --user
> bash-4.2#
> bash-4.2#
>
>
> bash-4.2# systemctl show
> Version=210
> Features=+PAM -LIBWRAP -AUDIT -SELINUX +IMA -SYSVINIT -LIBCRYPTSETUP
> +GCRYPT +ACL +XZ -SECCOMP -APPARMOR
> Virtualization=lxc-libvirt
> FirmwareTimestampMonotonic=0
> LoaderTimestampMonotonic=0
> KernelTimestampMonotonic=0
> InitRDTimestampMonotonic=0
> UserspaceTimestamp=Fri 1999-12-31 21:47:21 PST
> UserspaceTimestampMonotonic=108344930
> FinishTimestamp=Fri 1999-12-31 21:47:22 PST
> FinishTimestampMonotonic=108914532
> SecurityStartTimestampMonotonic=0
> SecurityFinishTimestampMonotonic=0
> GeneratorsStartTimestamp=Fri 1999-12-31 21:47:21 PST
> GeneratorsStartTimestampMonotonic=108358751
> GeneratorsFinishTimestamp=Fri 1999-12-31 21:47:21 PST
> GeneratorsFinishTimestampMonotonic=108393001
> UnitsLoadStartTimestamp=Fri 1999-12-31 21:47:21 PST
> UnitsLoadStartTimestampMonotonic=108403019
> UnitsLoadFinishTimestamp=Fri 1999-12-31 21:47:22 PST
> UnitsLoadFinishTimestampMonotonic=108467261
> LogLevel=info
> LogTarget=journal
> NNames=92
> NJobs=0
> NInstalledJobs=58
> NFailedJobs=3
> Progress=1
> Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
> ConfirmSpawn=no
> ShowStatus=yes
> UnitPath=/etc/systemd/system /run/systemd/system /run/systemd/generator
> /usr/local/lib/systemd/system /usr/lib/systemd/system
> DefaultStandardOutput=journal
> DefaultStandardError=journal
> RuntimeWatchdogUSec=0
> ShutdownWatchdogUSec=10min
> ControlGroup=/machine.slice/machine-lxc\x2dtizen\x2d2.scope
> bash-4.2#
>
>
>
> bash-4.2# cat /proc/1/cgroup
> 8:name=daemon_mgr:/
> 7:freezer:/machine.slice/machine-lxc\x2dtizen\x2d2.scope
> 6:devices:/machine.slice/machine-lxc\x2dtizen\x2d2.scope
> 5:memory:/machine.slice/machine-lxc\x2dtizen\x2d2.scope
> 4:cpuacct,cpu:/machine.slice/machine-lxc\x2dtizen\x2d2.scope
> 3:debug:/
> 2:cpuset:/machine.slice/machine-lxc\x2dtizen\x2d2.scope
> 1:name=systemd:/machine.slice/machine-
> lxc\x2dtizen\x2d2.scope/machine.slice/machine-lxc\x2dtizen\x2d2.scope
> bash-4.2#
>
>
> Best regards
>
>
> Jacek Pielaszkiewicz
> Samsung R&D Institute Poland
> Samsung Electronics
> Email: j.pielaszkie at samsung.com
>
>
>
> > -----Original Message-----
> > From: Lennart Poettering [mailto:lennart at poettering.net]
> > Sent: Tuesday, March 04, 2014 9:11 PM
> > To: Jacek Pielaszkiewicz
> > Cc: systemd-devel at lists.freedesktop.org
> > Subject: Re: [systemd-devel] [systemd][cgroup in container] problem
> > with cgroup hierarchy in container
> >
> > On Tue, 04.03.14 16:23, Jacek Pielaszkiewicz
> (j.pielaszkie at samsung.com)
> > wrote:
> >
> > > +-machine.slice
> > > │ L-machine-lxc\x2dtizen\x2dbash\x2d2.scope
> > > │ +-2672 /usr/libexec/libvirt_lxc --name tizen-bash-2 --console
> 20
> > --
> > > security=
> > > │ L-machine.slice
> > > │ L-machine-lxc\x2dtizen\x2dbash\x2d2.scope
> > > │ L-system.slice
> > > │ +-2681 /usr/lib/systemd/systemd
> > > │ +-systemd-logind.service
> > > │ │ L-3215 /usr/lib/systemd/systemd-logind
> > > │ +-connman.service
> > > │ │ L-3214 /usr/sbin/connmand -n
> > > │ +-dbus.service
> > > │ │ L-3212 /usr/bin/dbus-daemon --system --address=systemd:
> -
> > -
> > > nofork --n
> > > │ +-console-getty.service
> > > │ │ L-3240 /sbin/agetty --noclear -s console 115200 38400
> > 9600
> > > │ +-wpa_supplicant.service
> > > │ │ L-3241 /usr/sbin/wpa_supplicant -u
> > > │ L-systemd-journald.service
> > > │ L-3200 /usr/lib/systemd/systemd-journald
> >
> > OK, this looks wrong, the machine slice appears to have been used
> twice
> > in the cgroup path.
> >
> > Can you try this with 210 in the container, and then run "systemctl
> > show" and report the value of the ControlGroup property, please?
> >
> > If you boot this up with npsawn instead of libvirt-lxc, does t work
> > then?
> >
> > Lennart
> >
> > --
> > Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list