From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> Currently the LXC controller creates the cgroup, configures the resources and adds the task all in one go. This is not sufficiently flexible for the forthcoming NBD integration. We need to make sure the NBD process gets into the right cgroup immediately, but we can not have limits (in particular the device ACL) applied at the point where we start qemu-nbd. So create a virLXCCgroupCreate method which creates the cgroup and adds the current ask to be called early, and leave virLXCCgroupSetup to only do resource config. Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> --- src/lxc/lxc_cgroup.c | 39 +++++++++++++++++++++++++++------------ src/lxc/lxc_cgroup.h | 4 +++- src/lxc/lxc_controller.c | 12 +++++++++--- 3 files changed, 39 insertions(+), 16 deletions(-) diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c index a075335..fa47229 100644 --- a/src/lxc/lxc_cgroup.c +++ b/src/lxc/lxc_cgroup.c @@ -472,7 +472,7 @@ cleanup: } -int virLXCCgroupSetup(virDomainDefPtr def) +virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def) { virCgroupPtr driver = NULL; virCgroupPtr cgroup = NULL; @@ -494,6 +494,32 @@ int virLXCCgroupSetup(virDomainDefPtr def) goto cleanup; } + rc = virCgroupAddTask(cgroup, getpid()); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to add task %d to cgroup for domain %s"), + getpid(), def->name); + goto cleanup; + } + + ret = 0; + +cleanup: + virCgroupFree(&driver); + if (ret < 0) { + virCgroupFree(&cgroup); + return NULL; + } + + return cgroup; +} + + +int virLXCCgroupSetup(virDomainDefPtr def, + virCgroupPtr cgroup) +{ + int ret = -1; + if (virLXCCgroupSetupCpuTune(def, cgroup) < 0) goto cleanup; @@ -506,19 +532,8 @@ int virLXCCgroupSetup(virDomainDefPtr def) if (virLXCCgroupSetupDeviceACL(def, cgroup) < 0) goto cleanup; - rc = virCgroupAddTask(cgroup, getpid()); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to add task %d to cgroup for domain %s"), - getpid(), def->name); - goto cleanup; - } - ret = 0; cleanup: - virCgroupFree(&cgroup); - virCgroupFree(&driver); - return ret; } diff --git a/src/lxc/lxc_cgroup.h b/src/lxc/lxc_cgroup.h index fff554b..18f54e6 100644 --- a/src/lxc/lxc_cgroup.h +++ b/src/lxc/lxc_cgroup.h @@ -26,7 +26,9 @@ # include "lxc_fuse.h" # include "virusb.h" -int virLXCCgroupSetup(virDomainDefPtr def); +virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def); +int virLXCCgroupSetup(virDomainDefPtr def, + virCgroupPtr cgroup); int virLXCCgroupGetMeminfo(virLXCMeminfoPtr meminfo); int diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index becf811..1508b9c 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -628,7 +628,8 @@ static int virLXCControllerSetupCpuAffinity(virLXCControllerPtr ctrl) * * Returns 0 on success or -1 in case of error */ -static int virLXCControllerSetupResourceLimits(virLXCControllerPtr ctrl) +static int virLXCControllerSetupResourceLimits(virLXCControllerPtr ctrl, + virCgroupPtr cgroup) { if (virLXCControllerSetupCpuAffinity(ctrl) < 0) @@ -637,7 +638,7 @@ static int virLXCControllerSetupResourceLimits(virLXCControllerPtr ctrl) if (virLXCControllerSetupNUMAPolicy(ctrl) < 0) return -1; - return virLXCCgroupSetup(ctrl->def); + return virLXCCgroupSetup(ctrl->def, cgroup); } @@ -1473,6 +1474,7 @@ virLXCControllerRun(virLXCControllerPtr ctrl) int containerhandshake[2] = { -1, -1 }; char **containerTTYPaths = NULL; size_t i; + virCgroupPtr cgroup = NULL; if (VIR_ALLOC_N(containerTTYPaths, ctrl->nconsoles) < 0) { virReportOOMError(); @@ -1494,10 +1496,13 @@ virLXCControllerRun(virLXCControllerPtr ctrl) if (virLXCControllerSetupPrivateNS() < 0) goto cleanup; + if (!(cgroup = virLXCCgroupCreate(ctrl->def))) + goto cleanup; + if (virLXCControllerSetupLoopDevices(ctrl) < 0) goto cleanup; - if (virLXCControllerSetupResourceLimits(ctrl) < 0) + if (virLXCControllerSetupResourceLimits(ctrl, cgroup) < 0) goto cleanup; if (virLXCControllerSetupDevPTS(ctrl) < 0) @@ -1570,6 +1575,7 @@ cleanup: VIR_FREE(containerTTYPaths[i]); VIR_FREE(containerTTYPaths); + virCgroupFree(&cgroup); virLXCControllerStopInit(ctrl); return rc; -- 1.7.11.7 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list