Cgroup manager for LXC, logind, ...
Due to the use of cgroups by quite a few userspace tools, we need to get a cgroup manager in our installation to centrally handle writes to cgroupfs.
This cgroup manager has been discussed at length during Linux Plumbers 2013 and will likely be based on Google's lmctfy with addition to work under nested LXC containers.
For 14.04, to have a working cgroup manager, with support integrated into
upstart and lxc.
Zoe wants each user to be able to use no more than (xM) ram, and to have each user be able to specify resource constraints for their own various workloads.
Yngwie wants to have secure, user namespaced containers be able to set cgroup limits for jobs inside the containers.
New code (cgmanager), dbus-send, lxc, upstart jobs (to start cgmanager), and potentially other users, including libvirt and lmctfy (which is not yet packaged)
A container must be able to created nested containers under itself, with stricter memory and cpu limits than its own.
Cgroups are now centrally managed by the cgroup manager. All containers are able to manage their cgroups without exceeding their preset limits.
[Work Item Notes]
Upstream kernel cgroup maintainer, in next two weeks, hopes to have a new method for doing notify-on-release.
systemd compatibility API
As for emulating the systemd slice/scope D-BUS API, these are dbus-monitor logs what happens on Fedora 20:
- for opening a new logind session: http://
- for closing a logind session: http://
Work items for ubuntu-13.12:
[serge-hallyn] Get a solid design for the cgroup manager locked down: DONE
[serge-hallyn] Complete a prototype with partial functionality: DONE
[serge-hallyn] Complete a prototype with setValue (1d): DONE
[serge-hallyn] Write basic frame for proxy (2): DONE
[serge-hallyn] Fill in remainder of methods for proxy (1): DONE
[jamesodhunt] Propose nihd-bus-tool extension upstream: DONE
[serge-hallyn] Look for solution to scm_creds sending race (1d): DONE
Work items for ubuntu-14.01:
[serge-hallyn] Convert cgmanager to asynchronously wait for data (1d): DONE
[serge-hallyn] Convert cgmanager-proxy to asynchronously wait for data (2d): DONE
[serge-hallyn] Request security team review of existing design and code (1h): DONE
[serge-hallyn] Package cgmanager (1d): DONE
[serge-hallyn] Implement remove (.5d): DONE
[serge-hallyn] Implement get_nrtasks (1d): DONE
[serge-hallyn] Act upon security team review of existing code (2d): DONE
[stgraber] port logind (not 204!) to the new interface, or provide the systemd cgroup API in systemd-shim (preferring the latter for easier maintenance and compatibility with other systemd API consumers): INPROGRESS
[stgraber] publish the spec on linuxcontainers.org once final: TODO
[jamesodhunt] integrate into upstart (2d): INPROGRESS
Work items for ubuntu-14.02:
[serge-hallyn] Rough draft of server guide section for cgmanager (1d): DONE
[serge-hallyn] Implement ListChildren (.5d): DONE
Work items for ubuntu-14.03:
[serge-hallyn] Implement recursive release-on-empty (supporting new and old kernel feature)(2d): DONE
[serge-hallyn] Implement eventfd (1d): POSTPONED
[serge-hallyn] Review and push a server guide section for cgmanager (1d): DONE
[serge-hallyn] (or community) get libvirt to use the new daemon (or use a shim) (3d): POSTPONED
[serge-hallyn] (or google?) get lmctfy to talk through the new daemon (3d): POSTPONED
[serge-hallyn] write easy-to-use client: DONE
[serge-hallyn] (or community) get cgroup-bin to use daemon (3): POSTPONED
[pitti] provide a dbusmock of the systemd > 205 slice D-BUS API, to be able to play around with newer logind versions on Ubuntu and understand how the API works: INPROGRESS