[libvirt PATCH 0/9] fix cgroups on systemd hosts

Pavel Hrdina posted 9 patches 3 years, 1 month ago
Failed in applying to current master (apply log)
docs/cgroups.html.in                          |  29 +-
src/libvirt_private.syms                      |   2 +
src/util/vircgroup.c                          | 300 ++++++++++++++----
src/util/vircgroupbackend.h                   |   5 +
src/util/vircgrouppriv.h                      |  10 +
src/util/vircgroupv1.c                        | 122 +++++--
src/util/vircgroupv2.c                        |  82 ++++-
src/util/virsystemd.c                         | 105 +++++-
src/util/virsystemd.h                         |   4 +
tests/vircgroupdata/systemd-legacy.cgroups    |  12 +
tests/vircgroupdata/systemd-legacy.mounts     |  11 +
.../vircgroupdata/systemd-legacy.self.cgroup  |  11 +
tests/vircgroupdata/systemd-unified.cgroups   |  13 +
tests/vircgroupdata/systemd-unified.mounts    |   1 +
.../vircgroupdata/systemd-unified.self.cgroup |   1 +
tests/vircgrouptest.c                         |  72 +++++
tests/virsystemdtest.c                        |  39 ++-
17 files changed, 687 insertions(+), 132 deletions(-)
create mode 100644 tests/vircgroupdata/systemd-legacy.cgroups
create mode 100644 tests/vircgroupdata/systemd-legacy.mounts
create mode 100644 tests/vircgroupdata/systemd-legacy.self.cgroup
create mode 100644 tests/vircgroupdata/systemd-unified.cgroups
create mode 100644 tests/vircgroupdata/systemd-unified.mounts
create mode 100644 tests/vircgroupdata/systemd-unified.self.cgroup
[libvirt PATCH 0/9] fix cgroups on systemd hosts
Posted by Pavel Hrdina 3 years, 1 month ago
When running on host with systemd there is an ownership issue of
the root VM cgroup. When it is created for us by systemd using machined
the owner of the root VM cgroup is systemd and we should not touch any
of the files as systemd can and will modify any values configured there.

Basically we had the issue since introduction of machined support
in libvirt 1.1.1 back in 2013. With systemd implementing more cgroup
APIs the `systemctl daemon-reload` would change more values configured
by libvirt.

The solution to the issue is to use systemd DBus APIs to configure
cgroups but unfortunately they don't cover everything that libvirt
needs.

For that reason we will use systemd DBus APIs only for values that
affect sibling cgroups where the resources are distributed
proportionally, such as blkio.weight or cpu.shares. For the remaining
resources we will keep the current code where we work with the files
directly but we move everything into a child cgroup of the VM root
cgroup where we are free to do whatever we like including thread
configuration.

Pavel Hrdina (9):
  virsystemd: export virSystemdHasMachined
  virsystemd: introduce virSystemdGetMachineByPID
  virsystemd: introduce virSystemdGetMachineUnitByPID
  vircgroup: use DBus call to systemd for some APIs
  vircgroupv1: refactor virCgroupV1DetectPlacement
  vircgroupv2: move task into cgroup before enabling controllers
  vircgroup: introduce virCgroupV1Exists and virCgroupV2Exists
  vircgroup: introduce nested cgroup to properly work with systemd
  tests: add cgroup nested tests

 docs/cgroups.html.in                          |  29 +-
 src/libvirt_private.syms                      |   2 +
 src/util/vircgroup.c                          | 300 ++++++++++++++----
 src/util/vircgroupbackend.h                   |   5 +
 src/util/vircgrouppriv.h                      |  10 +
 src/util/vircgroupv1.c                        | 122 +++++--
 src/util/vircgroupv2.c                        |  82 ++++-
 src/util/virsystemd.c                         | 105 +++++-
 src/util/virsystemd.h                         |   4 +
 tests/vircgroupdata/systemd-legacy.cgroups    |  12 +
 tests/vircgroupdata/systemd-legacy.mounts     |  11 +
 .../vircgroupdata/systemd-legacy.self.cgroup  |  11 +
 tests/vircgroupdata/systemd-unified.cgroups   |  13 +
 tests/vircgroupdata/systemd-unified.mounts    |   1 +
 .../vircgroupdata/systemd-unified.self.cgroup |   1 +
 tests/vircgrouptest.c                         |  72 +++++
 tests/virsystemdtest.c                        |  39 ++-
 17 files changed, 687 insertions(+), 132 deletions(-)
 create mode 100644 tests/vircgroupdata/systemd-legacy.cgroups
 create mode 100644 tests/vircgroupdata/systemd-legacy.mounts
 create mode 100644 tests/vircgroupdata/systemd-legacy.self.cgroup
 create mode 100644 tests/vircgroupdata/systemd-unified.cgroups
 create mode 100644 tests/vircgroupdata/systemd-unified.mounts
 create mode 100644 tests/vircgroupdata/systemd-unified.self.cgroup

-- 
2.29.2

Re: [libvirt PATCH 0/9] fix cgroups on systemd hosts
Posted by Michal Privoznik 3 years, 1 month ago
On 2/9/21 2:26 PM, Pavel Hrdina wrote:
> When running on host with systemd there is an ownership issue of
> the root VM cgroup. When it is created for us by systemd using machined
> the owner of the root VM cgroup is systemd and we should not touch any
> of the files as systemd can and will modify any values configured there.
> 
> Basically we had the issue since introduction of machined support
> in libvirt 1.1.1 back in 2013. With systemd implementing more cgroup
> APIs the `systemctl daemon-reload` would change more values configured
> by libvirt.
> 
> The solution to the issue is to use systemd DBus APIs to configure
> cgroups but unfortunately they don't cover everything that libvirt
> needs.
> 
> For that reason we will use systemd DBus APIs only for values that
> affect sibling cgroups where the resources are distributed
> proportionally, such as blkio.weight or cpu.shares. For the remaining
> resources we will keep the current code where we work with the files
> directly but we move everything into a child cgroup of the VM root
> cgroup where we are free to do whatever we like including thread
> configuration.

Yeah, if only there was a way to tell machined to not touch CGroups 
we've created until they offer full set of features.

> 
> Pavel Hrdina (9):
>    virsystemd: export virSystemdHasMachined
>    virsystemd: introduce virSystemdGetMachineByPID
>    virsystemd: introduce virSystemdGetMachineUnitByPID
>    vircgroup: use DBus call to systemd for some APIs
>    vircgroupv1: refactor virCgroupV1DetectPlacement
>    vircgroupv2: move task into cgroup before enabling controllers
>    vircgroup: introduce virCgroupV1Exists and virCgroupV2Exists
>    vircgroup: introduce nested cgroup to properly work with systemd
>    tests: add cgroup nested tests
> 
>   docs/cgroups.html.in                          |  29 +-
>   src/libvirt_private.syms                      |   2 +
>   src/util/vircgroup.c                          | 300 ++++++++++++++----
>   src/util/vircgroupbackend.h                   |   5 +
>   src/util/vircgrouppriv.h                      |  10 +
>   src/util/vircgroupv1.c                        | 122 +++++--
>   src/util/vircgroupv2.c                        |  82 ++++-
>   src/util/virsystemd.c                         | 105 +++++-
>   src/util/virsystemd.h                         |   4 +
>   tests/vircgroupdata/systemd-legacy.cgroups    |  12 +
>   tests/vircgroupdata/systemd-legacy.mounts     |  11 +
>   .../vircgroupdata/systemd-legacy.self.cgroup  |  11 +
>   tests/vircgroupdata/systemd-unified.cgroups   |  13 +
>   tests/vircgroupdata/systemd-unified.mounts    |   1 +
>   .../vircgroupdata/systemd-unified.self.cgroup |   1 +
>   tests/vircgrouptest.c                         |  72 +++++
>   tests/virsystemdtest.c                        |  39 ++-
>   17 files changed, 687 insertions(+), 132 deletions(-)
>   create mode 100644 tests/vircgroupdata/systemd-legacy.cgroups
>   create mode 100644 tests/vircgroupdata/systemd-legacy.mounts
>   create mode 100644 tests/vircgroupdata/systemd-legacy.self.cgroup
>   create mode 100644 tests/vircgroupdata/systemd-unified.cgroups
>   create mode 100644 tests/vircgroupdata/systemd-unified.mounts
>   create mode 100644 tests/vircgroupdata/systemd-unified.self.cgroup
> 

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Michal