[systemd-devel] Issues with docker systemd cgroups integration

Michal Sekletar msekleta at redhat.com
Tue Mar 15 15:06:41 UTC 2016


On Mon, Mar 14, 2016 at 6:42 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> To see the code you can refer to
>> https://github.com/projectatomic/docker/pull/71/files (In this PR, I made
>> the change to always join all the subsystems after creating the scope to
>> help with first issue below).

Why do you touch cgroup hierarchies which systemd manages? This is not
supported. I think you should consider applying following patch,

@@ -375,7 +375,7 @@ func setKernelMemory(c *configs.Cgroup) error {
 func joinCgroups(c *configs.Cgroup, pid int) error {
        for name, sys := range subsystems {
                switch name {
-               case "name=systemd":
+               case "name=systemd", "devices", "memory", "cpu",
"cpuacct", "blkio":
                        // let systemd handle this
                        break
                case "cpuset":


>> There are two classes of issues that are cropping up (especially under
>> load):
>> 1. Sometimes a cgroup isn't joined even though it is passed as a property
>> while creating a Transient Unit. For e.g. CPUShares are specified, however
>> the transient unit doesn't seem to join
>> the cpu,cpuacct subsystem.

This is probably a bug.

>> 2. cpu.proc file itself goes missing especitally with the devices
>> subsystemd even thought we mkdir the directory and write to the file. It is
>> as if the file gets deleted by some other process.

We had similar problem in the past with libvirtd and it got solved by
introducing Delegate option (man systemd.resource-control). Setting
Delegate=yes for unit will cause that cgroup hierarchy for this unit
will be created in all controllers. Then you can manage cgroup
settings for controllers not managed by systemd.

Michal


More information about the systemd-devel mailing list