From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 8007F713B9 for ; Thu, 10 Jun 2021 13:15:53 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 65B0D2E03B for ; Thu, 10 Jun 2021 13:15:23 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id C11BC2E031 for ; Thu, 10 Jun 2021 13:15:22 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 8E88846754 for ; Thu, 10 Jun 2021 13:15:22 +0200 (CEST) From: Wolfgang Bumiller To: pve-devel@lists.proxmox.com Date: Thu, 10 Jun 2021 13:15:16 +0200 Message-Id: <20210610111516.90018-1-w.bumiller@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.889 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [lxc.pm] Subject: [pve-devel] [PATCH container] configure cpu/cpuset/memory cgroupv2 values X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jun 2021 11:15:53 -0000 While the hotplug code utilized PVE::CGroup and already supported cgroupv2 with this, we did not write out the configuration before. Signed-off-by: Wolfgang Bumiller --- These values should correspond to how the PVE::CGroup live-apply code works. After this there's 1 more missing piece for pure-cgroup2 systems: handling the devices we currently handle in the autodev hook. This is very different in cgv2. src/PVE/LXC.pm | 34 +++++++++++++++++++++++++++------- src/lxc-pve-prestart-hook | 3 ++- 2 files changed, 29 insertions(+), 8 deletions(-) diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm index bb1cbdb..a1f9b71 100644 --- a/src/PVE/LXC.pm +++ b/src/PVE/LXC.pm @@ -408,11 +408,6 @@ sub parse_ipv4_cidr { die "unable to parse ipv4 address/mask\n"; } -# Deprecated. Use `PVE::CGroup::get_cgroup_controllers()` instead. -sub get_cgroup_subsystems { - PVE::CGroup::get_v1_controllers(); -} - # With seccomp trap to userspace we now have the ability to optionally forward # certain syscalls to the "host" to handle (via our pve-lxc-syscalld daemon). # @@ -637,7 +632,7 @@ sub update_lxc_config { # files while the container is running! $raw .= "lxc.monitor.unshare = 1\n"; - my $cgv1 = get_cgroup_subsystems(); + my ($cgv1, $cgv2) = PVE::CGroup::get_cgroup_controllers(); # Should we read them from /etc/subuid? if ($unprivileged && !$custom_idmap) { @@ -647,7 +642,11 @@ sub update_lxc_config { if (!PVE::LXC::Config->has_dev_console($conf)) { $raw .= "lxc.console.path = none\n"; - $raw .= "lxc.cgroup.devices.deny = c 5:1 rwm\n" if $cgv1->{devices}; + if ($cgv1->{devices}) { + $raw .= "lxc.cgroup.devices.deny = c 5:1 rwm\n"; + } elsif (defined($cgv2)) { + $raw .= "lxc.cgroup2.devices.deny = c 5:1 rwm\n"; + } } my $ttycount = PVE::LXC::Config->get_tty_count($conf); @@ -668,6 +667,15 @@ sub update_lxc_config { my $lxcswap = int(($memory + $swap)*1024*1024); $raw .= "lxc.cgroup.memory.memsw.limit_in_bytes = $lxcswap\n"; + } elsif ($cgv2->{memory}) { + my $memory = $conf->{memory} || 512; + my $swap = $conf->{swap} // 0; + + my $lxcmem = int($memory*1024*1024); + $raw .= "lxc.cgroup2.memory.max = $lxcmem\n"; + + my $lxcswap = int($swap*1024*1024); + $raw .= "lxc.cgroup2.memory.swap.max = $lxcswap\n"; } if ($cgv1->{cpu}) { @@ -679,6 +687,18 @@ sub update_lxc_config { my $shares = $conf->{cpuunits} || 1024; $raw .= "lxc.cgroup.cpu.shares = $shares\n"; + } elsif ($cgv2->{cpu}) { + # See PVE::CGroup + if (my $cpulimit = $conf->{cpulimit}) { + my $value = int(100000*$cpulimit); + $raw .= "lxc.cgroup2.cpu.max = $value 100000\n"; + } + + if (defined(my $shares = $conf->{cpuunits})) { + die "cpu weight (shares) must be in range [1, 10000]\n" + if $shares < 1 || $shares > 10000; + $raw .= "lxc.cgroup2.cpu.weight = $shares\n"; + } } die "missing 'rootfs' configuration\n" diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook index 40d58c4..8d876a8 100755 --- a/src/lxc-pve-prestart-hook +++ b/src/lxc-pve-prestart-hook @@ -9,6 +9,7 @@ use Fcntl qw(O_DIRECTORY :mode); use File::Path; use POSIX; +use PVE::CGroup; use PVE::Cluster; use PVE::LXC::Config; use PVE::LXC::Setup; @@ -148,7 +149,7 @@ sub cleanup_cgroups($) { rmdir_recursive("/sys/fs/cgroup/lxc/$vmid"); rmdir_recursive("/sys/fs/cgroup/lxc.monitor/$vmid"); } else { - my ($v1, $v2) = PVE::LXC::get_cgroup_subsystems(); + my ($v1, $v2) = PVE::CGroup::get_cgroup_controllers(); my @controllers_cgv1 = keys %$v1; foreach my $controller (@controllers_cgv1) { -- 2.30.2