From 1760258cc396ad271ab6dd3342f3e7af7c722e00 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Thu, 14 Mar 2013 12:47:28 +0000 Subject: [PATCH] Setup LXC cgroups in two phases Currently the LXC controller creates the cgroup, configures the resources and adds the task all in one go. This is not sufficiently flexible for the forthcoming NBD integration. We need to make sure the NBD process gets into the right cgroup immediately, but we can not have limits (in particular the device ACL) applied at the point where we start qemu-nbd. So create a virLXCCgroupCreate method which creates the cgroup and adds the current task to be called early, and leave virLXCCgroupSetup to only do resource config. Signed-off-by: Daniel P. Berrange --- src/lxc/lxc_cgroup.c | 39 +++++++++++++++++++++++++++------------ src/lxc/lxc_cgroup.h | 4 +++- src/lxc/lxc_controller.c | 12 +++++++++--- 3 files changed, 39 insertions(+), 16 deletions(-) diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c index a07533545e..fa47229a5d 100644 --- a/src/lxc/lxc_cgroup.c +++ b/src/lxc/lxc_cgroup.c @@ -472,7 +472,7 @@ cleanup: } -int virLXCCgroupSetup(virDomainDefPtr def) +virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def) { virCgroupPtr driver = NULL; virCgroupPtr cgroup = NULL; @@ -494,6 +494,32 @@ int virLXCCgroupSetup(virDomainDefPtr def) goto cleanup; } + rc = virCgroupAddTask(cgroup, getpid()); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to add task %d to cgroup for domain %s"), + getpid(), def->name); + goto cleanup; + } + + ret = 0; + +cleanup: + virCgroupFree(&driver); + if (ret < 0) { + virCgroupFree(&cgroup); + return NULL; + } + + return cgroup; +} + + +int virLXCCgroupSetup(virDomainDefPtr def, + virCgroupPtr cgroup) +{ + int ret = -1; + if (virLXCCgroupSetupCpuTune(def, cgroup) < 0) goto cleanup; @@ -506,19 +532,8 @@ int virLXCCgroupSetup(virDomainDefPtr def) if (virLXCCgroupSetupDeviceACL(def, cgroup) < 0) goto cleanup; - rc = virCgroupAddTask(cgroup, getpid()); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to add task %d to cgroup for domain %s"), - getpid(), def->name); - goto cleanup; - } - ret = 0; cleanup: - virCgroupFree(&cgroup); - virCgroupFree(&driver); - return ret; } diff --git a/src/lxc/lxc_cgroup.h b/src/lxc/lxc_cgroup.h index fff554b3d4..18f54e630a 100644 --- a/src/lxc/lxc_cgroup.h +++ b/src/lxc/lxc_cgroup.h @@ -26,7 +26,9 @@ # include "lxc_fuse.h" # include "virusb.h" -int virLXCCgroupSetup(virDomainDefPtr def); +virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def); +int virLXCCgroupSetup(virDomainDefPtr def, + virCgroupPtr cgroup); int virLXCCgroupGetMeminfo(virLXCMeminfoPtr meminfo); int diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index becf811297..1508b9c281 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -628,7 +628,8 @@ static int virLXCControllerSetupCpuAffinity(virLXCControllerPtr ctrl) * * Returns 0 on success or -1 in case of error */ -static int virLXCControllerSetupResourceLimits(virLXCControllerPtr ctrl) +static int virLXCControllerSetupResourceLimits(virLXCControllerPtr ctrl, + virCgroupPtr cgroup) { if (virLXCControllerSetupCpuAffinity(ctrl) < 0) @@ -637,7 +638,7 @@ static int virLXCControllerSetupResourceLimits(virLXCControllerPtr ctrl) if (virLXCControllerSetupNUMAPolicy(ctrl) < 0) return -1; - return virLXCCgroupSetup(ctrl->def); + return virLXCCgroupSetup(ctrl->def, cgroup); } @@ -1473,6 +1474,7 @@ virLXCControllerRun(virLXCControllerPtr ctrl) int containerhandshake[2] = { -1, -1 }; char **containerTTYPaths = NULL; size_t i; + virCgroupPtr cgroup = NULL; if (VIR_ALLOC_N(containerTTYPaths, ctrl->nconsoles) < 0) { virReportOOMError(); @@ -1494,10 +1496,13 @@ virLXCControllerRun(virLXCControllerPtr ctrl) if (virLXCControllerSetupPrivateNS() < 0) goto cleanup; + if (!(cgroup = virLXCCgroupCreate(ctrl->def))) + goto cleanup; + if (virLXCControllerSetupLoopDevices(ctrl) < 0) goto cleanup; - if (virLXCControllerSetupResourceLimits(ctrl) < 0) + if (virLXCControllerSetupResourceLimits(ctrl, cgroup) < 0) goto cleanup; if (virLXCControllerSetupDevPTS(ctrl) < 0) @@ -1570,6 +1575,7 @@ cleanup: VIR_FREE(containerTTYPaths[i]); VIR_FREE(containerTTYPaths); + virCgroupFree(&cgroup); virLXCControllerStopInit(ctrl); return rc;