While the hotplug code utilized PVE::CGroup and already
supported cgroupv2 with this, we did not write out the
configuration before.
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
These values should correspond to how the PVE::CGroup live-apply code
works.
After this there's 1 more missing piece for pure-cgroup2 systems:
handling the devices we currently handle in the autodev hook. This is
very different in cgv2.
src/PVE/LXC.pm | 34 +++++++++++++++++++++++++++-------
src/lxc-pve-prestart-hook | 3 ++-
2 files changed, 29 insertions(+), 8 deletions(-)
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index bb1cbdb..a1f9b71 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -408,11 +408,6 @@ sub parse_ipv4_cidr {
die "unable to parse ipv4 address/mask\n";
}
-# Deprecated. Use `PVE::CGroup::get_cgroup_controllers()` instead.
-sub get_cgroup_subsystems {
- PVE::CGroup::get_v1_controllers();
-}
-
# With seccomp trap to userspace we now have the ability to optionally forward
# certain syscalls to the "host" to handle (via our pve-lxc-syscalld daemon).
#
@@ -637,7 +632,7 @@ sub update_lxc_config {
# files while the container is running!
$raw .= "lxc.monitor.unshare = 1\n";
- my $cgv1 = get_cgroup_subsystems();
+ my ($cgv1, $cgv2) = PVE::CGroup::get_cgroup_controllers();
# Should we read them from /etc/subuid?
if ($unprivileged && !$custom_idmap) {
@@ -647,7 +642,11 @@ sub update_lxc_config {
if (!PVE::LXC::Config->has_dev_console($conf)) {
$raw .= "lxc.console.path = none\n";
- $raw .= "lxc.cgroup.devices.deny = c 5:1 rwm\n" if $cgv1->{devices};
+ if ($cgv1->{devices}) {
+ $raw .= "lxc.cgroup.devices.deny = c 5:1 rwm\n";
+ } elsif (defined($cgv2)) {
+ $raw .= "lxc.cgroup2.devices.deny = c 5:1 rwm\n";
+ }
}
my $ttycount = PVE::LXC::Config->get_tty_count($conf);
@@ -668,6 +667,15 @@ sub update_lxc_config {
my $lxcswap = int(($memory + $swap)*1024*1024);
$raw .= "lxc.cgroup.memory.memsw.limit_in_bytes = $lxcswap\n";
+ } elsif ($cgv2->{memory}) {
+ my $memory = $conf->{memory} || 512;
+ my $swap = $conf->{swap} // 0;
+
+ my $lxcmem = int($memory*1024*1024);
+ $raw .= "lxc.cgroup2.memory.max = $lxcmem\n";
+
+ my $lxcswap = int($swap*1024*1024);
+ $raw .= "lxc.cgroup2.memory.swap.max = $lxcswap\n";
}
if ($cgv1->{cpu}) {
@@ -679,6 +687,18 @@ sub update_lxc_config {
my $shares = $conf->{cpuunits} || 1024;
$raw .= "lxc.cgroup.cpu.shares = $shares\n";
+ } elsif ($cgv2->{cpu}) {
+ # See PVE::CGroup
+ if (my $cpulimit = $conf->{cpulimit}) {
+ my $value = int(100000*$cpulimit);
+ $raw .= "lxc.cgroup2.cpu.max = $value 100000\n";
+ }
+
+ if (defined(my $shares = $conf->{cpuunits})) {
+ die "cpu weight (shares) must be in range [1, 10000]\n"
+ if $shares < 1 || $shares > 10000;
+ $raw .= "lxc.cgroup2.cpu.weight = $shares\n";
+ }
}
die "missing 'rootfs' configuration\n"
diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook
index 40d58c4..8d876a8 100755
--- a/src/lxc-pve-prestart-hook
+++ b/src/lxc-pve-prestart-hook
@@ -9,6 +9,7 @@ use Fcntl qw(O_DIRECTORY :mode);
use File::Path;
use POSIX;
+use PVE::CGroup;
use PVE::Cluster;
use PVE::LXC::Config;
use PVE::LXC::Setup;
@@ -148,7 +149,7 @@ sub cleanup_cgroups($) {
rmdir_recursive("/sys/fs/cgroup/lxc/$vmid");
rmdir_recursive("/sys/fs/cgroup/lxc.monitor/$vmid");
} else {
- my ($v1, $v2) = PVE::LXC::get_cgroup_subsystems();
+ my ($v1, $v2) = PVE::CGroup::get_cgroup_controllers();
my @controllers_cgv1 = keys %$v1;
foreach my $controller (@controllers_cgv1) {
--
2.30.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
