Cgroup manager for LXC, logind, ...

Registered by Stéphane Graber

[Rationale]
Due to the use of cgroups by quite a few userspace tools, we need to get a cgroup manager in our installation to centrally handle writes to cgroupfs.
This cgroup manager has been discussed at length during Linux Plumbers 2013 and will likely be based on Google's lmctfy with addition to work under nested LXC containers.

[Goal]
For 14.04, to have a working cgroup manager, with support integrated into
upstart and lxc.

Blueprint information

Status:
Not started
Approver:
Steve Langasek
Priority:
Undefined
Drafter:
Stéphane Graber
Direction:
Needs approval
Assignee:
Serge Hallyn
Definition:
Pending Approval
Series goal:
Accepted for trusty
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

[User Stories]
Zoe wants each user to be able to use no more than (xM) ram, and to have each user be able to specify resource constraints for their own various workloads.

Yngwie wants to have secure, user namespaced containers be able to set cgroup limits for jobs inside the containers.

[Assumptions]

[Risks]

[In scope]

New code (cgmanager), dbus-send, lxc, upstart jobs (to start cgmanager), and potentially other users, including libvirt and lmctfy (which is not yet packaged)

[User acceptance]

A container must be able to created nested containers under itself, with stricter memory and cpu limits than its own.

[Release Notes]
Cgroups are now centrally managed by the cgroup manager. All containers are able to manage their cgroups without exceeding their preset limits.

[Work Item Notes]
Upstream kernel cgroup maintainer, in next two weeks, hopes to have a new method for doing notify-on-release.

systemd compatibility API
---------------------------------------
As for emulating the systemd slice/scope D-BUS API, these are dbus-monitor logs what happens on Fedora 20:
 - for opening a new logind session: http://people.canonical.com/~pitti/tmp/dbus-logind-open.log
 - for closing a logind session: http://people.canonical.com/~pitti/tmp/dbus-logind-close.log

(?)

Work Items

Work items for ubuntu-13.12:
[serge-hallyn] Get a solid design for the cgroup manager locked down: DONE
[serge-hallyn] Complete a prototype with partial functionality: DONE
[serge-hallyn] Complete a prototype with setValue (1d): DONE
[serge-hallyn] Write basic frame for proxy (2): DONE
[serge-hallyn] Fill in remainder of methods for proxy (1): DONE
[jamesodhunt] Propose nihd-bus-tool extension upstream: DONE
[serge-hallyn] Look for solution to scm_creds sending race (1d): DONE

Work items for ubuntu-14.01:
[serge-hallyn] Convert cgmanager to asynchronously wait for data (1d): DONE
[serge-hallyn] Convert cgmanager-proxy to asynchronously wait for data (2d): DONE
[serge-hallyn] Request security team review of existing design and code (1h): DONE
[serge-hallyn] Package cgmanager (1d): DONE
[serge-hallyn] Implement remove (.5d): DONE
[serge-hallyn] Implement get_nrtasks (1d): DONE
[serge-hallyn] Act upon security team review of existing code (2d): DONE
[stgraber] port logind (not 204!) to the new interface, or provide the systemd cgroup API in systemd-shim (preferring the latter for easier maintenance and compatibility with other systemd API consumers): INPROGRESS
[stgraber] publish the spec on linuxcontainers.org once final: TODO
[jamesodhunt] integrate into upstart (2d): INPROGRESS

Work items for ubuntu-14.02:
[serge-hallyn] Rough draft of server guide section for cgmanager (1d): DONE
[serge-hallyn] Implement ListChildren (.5d): DONE

Work items for ubuntu-14.03:
[serge-hallyn] Implement recursive release-on-empty (supporting new and old kernel feature)(2d): DONE
[serge-hallyn] Implement eventfd (1d): POSTPONED
[serge-hallyn] Review and push a server guide section for cgmanager (1d): DONE
[serge-hallyn] (or community) get libvirt to use the new daemon (or use a shim) (3d): POSTPONED
[serge-hallyn] (or google?) get lmctfy to talk through the new daemon (3d): POSTPONED
[serge-hallyn] write easy-to-use client: DONE
[serge-hallyn] (or community) get cgroup-bin to use daemon (3): POSTPONED
[pitti] provide a dbusmock of the systemd > 205 slice D-BUS API, to be able to play around with newer logind versions on Ubuntu and understand how the API works: INPROGRESS