I've been working through all the bits and pieces of getting Linux Containers LXC to work in Debian Stretch. This article is about the cgroups memory controller enablement, and what I found out about it.
The base article for installing LXC on Debian is found at LXC. But it deals with Squeeze, Wheezy, and Jessie. Which means it should be mostly applicable to Stretch.
A basic pre-lxc install has the following cgroups enabled by default:
# mount | grep cgroup
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
So.... I think that the following line is no longer needed in /etc/fstab:
cgroup /sys/fs/cgroup cgroup defaults 0 0
And therefore, no manual mount is required:
mount /sys/fs/cgroup
The article also mentions CONFIG_CGROUP_MEM_RES_CTLR and CONFIG_CGROUP_MEM_RES_CTLR_SWAP. But based upon
Andrew Morton's Patch in 2012, those have been changed to:
CONFIG_CGROUP_MEM_RES_CTLR -> CONFIG_MEMCG
CONFIG_CGROUP_MEM_RES_CTLR_SWAP -> CONFIG_MEMCG_SWAP
CONFIG_CGROUP_MEM_RES_CTLR_SWAP_ENABLED -> CONFIG_MEMCG_SWAP_ENABLED
CONFIG_CGROUP_MEM_RES_CTLR_KMEM -> CONFIG_MEMCG_KMEM
The new ones are indeed in Stretch:
~# grep MEMCG /boot/config-4.1.0-1-amd64
CONFIG_MEMCG=y
CONFIG_MEMCG_DISABLED=y
CONFIG_MEMCG_SWAP=y
# CONFIG_MEMCG_SWAP_ENABLED is not set
# CONFIG_MEMCG_KMEM is not set
LXC userspace tools for Debian are currently:
:~# dpkg -l lxc
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-==================================
ii lxc 1:1.0.7-4 amd64 Linux Containers userspace tools
There is a bug report for lxc-checkconfig wrong report on memory controller. The following:
if [ $KVER_MAJOR -ge 3 -a $KVER_MINOR -ge 6 ]; then
is_enabled CONFIG_MEMCG
else
is_enabled CONFIG_CGROUP_MEM_RES_CTLR
fi
Should instead be:
if [ $KVER_MAJOR -le 3 -a $KVER_MINOR -lt 6 ]; then
is_enabled CONFIG_CGROUP_MEM_RES_CTLR
else
is_enabled CONFIG_MEMCG
fi
This bug is present in the lxc 1.0.7 package.
Running this patched version of lxc-checkconfig, results in:
Cgroup memory controller: enabled
But it is only partially enabled because of the setting, as mentioned earlier, of CONFIG_MEMCG_DISABLED=y'. The
Debian Bug Report 534964 and 566180 talks a bit about why it is operationally disabled. Additional processing and memory space is used for managing cgroup based memory usage.
So by going in and adjusting to 'CONFIG_MEMCG_DISABLED=n', the cgroup still doesn't show as being mounted. I guess the file is only shows kernel build status, rather than providing any active configuration change. Only after putting:
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
into /etc/default/grub, running 'update-grub2', and rebooting, then does it show as being mounted:
:~# mount |grep cgroup|grep mem
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
In the end, the memory management is required when you want to control the amount of memory used by the container. If you don't care, then the above is superfluous. An article How to control memory in LXC talks about how to control memory of a container, and things to watch out for.
An article on LWN, called Integrating Memory Control Groups talks about the overheads of cgroup memory vs regular memory management.