Samuel Hassine
2012-Jan-25 11:27 UTC
[libvirt-users] How to change libvirt / cgroup interaction?
Hi there, Do you know if there is a way to modify how libvirt interacts with the cgroup? Because, I successfully add the /dev/net/tun support in my LXC container by doing: echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allow But when I restart the instance/LXC container, this option has gone. How can I make this persistant? Is there a configuration file? Thanks for your answers. Best regards. Sam
Kanabuchi
2012-Jan-26 07:55 UTC
[libvirt-users] How to change libvirt / cgroup interaction?
Hi, Sam.> How can I make this persistant? Is there a configuration file?Libvirt may not have that configuration. I think you can use "cgconfig" instead of it. Setting as follows, in my environment was successful. 1) edit /etc/cgconfig.conf # cpuset.cpus/mems is mandatory values. # Please set suitable values according to your environment. ---------- group libvirt { cpuset { cpuset.cpus = 0; cpuset.mems = 0; } } group libvirt/lxc { cpuset { cpuset.cpus = 0; cpuset.mems = 0; } devices { devices.allow = "c 10:200 rwm"; } } mount { cpuset = /cgroup/cpuset; cpu = /cgroup/cpu; cpuacct = /cgroup/cpuacct; memory = /cgroup/memory; devices = /cgroup/devices; freezer = /cgroup/freezer; net_cls = /cgroup/net_cls; blkio = /cgroup/blkio; } ---------- 2) restart cgconfig and libvirtd. # Order is "libvirtd stop->cgconfig restart->libvirtd start" 3) start lxc container. Result in my environment(CentOS6.2 x86_64+libvirt 0.9.8) is # virsh -c lxc:/// start lxc_container_1 Domain lxc_container_1 started # cat /cgroup/devices/libvirt/lxc/lxc_container_1/devices.list c 10:200 rwm <-- :-) c 1:3 rwm c 1:5 rwm c 1:7 rwm c 1:8 rwm c 1:9 rwm c 5:0 rwm c 5:2 rwm c 136:* rwm Regards, Mitsuru Kanabuchi> -----Original Message----- > From: libvirt-users-bounces at redhat.com [mailto:libvirt-users-bounces at redhat.com] On Behalf Of Samuel Hassine > Sent: Wednesday, January 25, 2012 8:28 PM > To: libvirt-users at redhat.com > Subject: [libvirt-users] How to change libvirt / cgroup interaction? > > Hi there, > > Do you know if there is a way to modify how libvirt interacts with the cgroup? > > Because, I successfully add the /dev/net/tun support in my LXC container by doing: > > echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allow > > But when I restart the instance/LXC container, this option has gone. > > How can I make this persistant? Is there a configuration file? > > Thanks for your answers. > > Best regards. > Sam > > _______________________________________________ > libvirt-users mailing list > libvirt-users at redhat.com > https://www.redhat.com/mailman/listinfo/libvirt-users
Eric Blake
2012-Jan-26 21:38 UTC
[libvirt-users] How to change libvirt / cgroup interaction?
On 01/25/2012 04:27 AM, Samuel Hassine wrote:> Hi there, > > Do you know if there is a way to modify how libvirt interacts with the > cgroup? > > Because, I successfully add the /dev/net/tun support in my LXC container > by doing: > > echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allowLibvirt is supposed to be automatically modifying devices.allow as part of setting up domains, so that devices mentioned/required by the domain XML are permitted and no other devices are passed through (that is, libvirt is already using cgroups as part of its sVirt strategy). At least this is true for qemu while using sVirt. But you mentioned LXC, where sVirt is just now barely being added; so maybe the answer is to wait for the 0.9.10 release, and then ask the question again. -- Eric Blake eblake at redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 620 bytes Desc: OpenPGP digital signature URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20120126/63d8db9d/attachment.sig>