all lists on lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH v2 docs] pct: add short cgroup section
@ 2021-06-28 11:44 Wolfgang Bumiller
  2021-06-28 16:24 ` [pve-devel] applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Wolfgang Bumiller @ 2021-06-28 11:44 UTC (permalink / raw)
  To: pve-devel

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Reviewed-By: Stoiko Ivanov <s.ivanov@proxmox.com>
---
Changes to v1.
* Some paragraphs are rephrazed, same overall structure otherwise.
* Typo fixes
Rb tag included after a short off-list read-through

 pct.adoc | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 50 insertions(+), 1 deletion(-)

diff --git a/pct.adoc b/pct.adoc
index 0c90106..b03b6ba 100644
--- a/pct.adoc
+++ b/pct.adoc
@@ -484,7 +484,54 @@ lxc.apparmor.profile = unconfined
 WARNING: Please note that this is not recommended for production use.
 
 
-// TODO: describe cgroups + seccomp a bit more.
+[[pct_cgroup]]
+Control Groups ('cgroup')
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+'cgroup' is a kernel
+mechanism used to hierarchically organize processes and distribute system
+resources.
+
+The main resources controlled via 'cgroups' are CPU time, memory and swap
+limits, and access to device nodes. 'cgroups' are also used to "freeze" a
+container before taking snapshots.
+
+There are 2 versions of 'cgroups' currently available,
+https://www.kernel.org/doc/html/v5.11/admin-guide/cgroup-v1/index.html[legacy]
+and
+https://www.kernel.org/doc/html/v5.11/admin-guide/cgroup-v2.html['cgroupv2'].
+
+Since {pve} 7.0, the default is a pure 'cgroupv2' environment. Previously a
+"hybrid" setup was used, where resource control was mainly done in 'cgroupv1'
+with an additional 'cgroupv2' controller which could take over some subsystems
+via the 'cgroup_no_v1' kernel command line parameter. (See the
+https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html[kernel
+parameter documentation] for details.)
+
+The main difference between pure 'cgroupv2' and the old hybrid environments
+regarding {pve} is that with 'cgroupv2' memory and swap are now controlled
+independently. The memory and swap settings for containers can map directly to
+these values, whereas previously only the memory limit and the limit of the
+*sum* of memory and swap could be limited.
+
+Another important difference is that the 'devices' controller is configured in a
+completely different way. Because of this, file system quotas are currently not
+supported in a pure 'cgroupv2' environment.
+
+If file system quotas are not required and the containers are new enough to
+understand 'cgroupv2', it is recommended to stick to the new default.
+
+To switch back to the previous version the following kernel command line
+parameter can be used:
+
+----
+systemd.unified_cgroup_hierarchy=0
+----
+
+See xref:sysboot_edit_kernel_cmdline[this section] on editing the kernel boot
+command line on where to add the parameter.
+
+// TODO: seccomp a bit more.
 // TODO: pve-lxc-syscalld
 
 
@@ -603,6 +650,8 @@ Using Quotas Inside Containers
 Quotas allow to set limits inside a container for the amount of disk space that
 each user can use.
 
+NOTE: This currently requires the use of legacy 'cgroups'.
+
 NOTE: This only works on ext4 image based storage types and currently only
 works with privileged containers.
 
-- 
2.30.2





^ permalink raw reply	[flat|nested] 2+ messages in thread

* [pve-devel] applied: [PATCH v2 docs] pct: add short cgroup section
  2021-06-28 11:44 [pve-devel] [PATCH v2 docs] pct: add short cgroup section Wolfgang Bumiller
@ 2021-06-28 16:24 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2021-06-28 16:24 UTC (permalink / raw)
  To: Proxmox VE development discussion, Wolfgang Bumiller

On 28.06.21 13:44, Wolfgang Bumiller wrote:
> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
> Reviewed-By: Stoiko Ivanov <s.ivanov@proxmox.com>
> ---
> Changes to v1.
> * Some paragraphs are rephrazed, same overall structure otherwise.
> * Typo fixes
> Rb tag included after a short off-list read-through
> 
>  pct.adoc | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 50 insertions(+), 1 deletion(-)
> 
>

applied, thanks!




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-06-28 16:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-28 11:44 [pve-devel] [PATCH v2 docs] pct: add short cgroup section Wolfgang Bumiller
2021-06-28 16:24 ` [pve-devel] applied: " Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal