[Pkg-libvirt-commits] [libvirt] 02/03: lxc: ensure libvirt_lxc and qemu-nbd move into systemd machine slice

Guido Guenther agx at moszumanska.debian.org
Mon Jan 9 20:06:05 UTC 2017 

This is an automated email from the git hooks/post-receive script.

agx pushed a commit to branch debian/sid
in repository libvirt.

commit 5be8cad5d78658f73d61cdb1b5df2713e93244da
Author: Guido Günther <agx at sigxcpu.org>
Date:   Mon Jan 9 21:05:39 2017 +0100

    lxc: ensure libvirt_lxc and qemu-nbd move into systemd machine slice
    
    Closes: #848317
---
 ...rt_lxc-and-qemu-nbd-move-into-systemd-mac.patch | 155 +++++++++++++++++++++
 debian/patches/series                              |   1 +
 2 files changed, 156 insertions(+)

diff --git a/debian/patches/lxc-ensure-libvirt_lxc-and-qemu-nbd-move-into-systemd-mac.patch b/debian/patches/lxc-ensure-libvirt_lxc-and-qemu-nbd-move-into-systemd-mac.patch
new file mode 100644
index 0000000..ee3a634
--- /dev/null
+++ b/debian/patches/lxc-ensure-libvirt_lxc-and-qemu-nbd-move-into-systemd-mac.patch
@@ -0,0 +1,155 @@
+From: "Daniel P. Berrange" <berrange at redhat.com>
+Date: Thu, 5 Jan 2017 15:30:56 +0000
+Subject: lxc: ensure libvirt_lxc and qemu-nbd move into systemd machine slice
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Currently when spawning containers with systemd, the container PID 1
+will get moved into the systemd machine slice. Libvirt then manually
+moves the libvirt_lxc and qemu-nbd processes into the cgroups associated
+with the slice, but skips the systemd controller cgroup. This means that
+from systemd's POV, libvirt_lxc and qemu-nbd are still part of the
+libvirtd.service unit.
+
+On systemctl daemon-reload, it will notice that libvirt_lxc & qemu-nbd
+are in the libvirtd.service unit for the systemd controller, but in the
+machine cgroups for resources. Systemd will thus move them back into
+the libvirtd.service resource cgroups next time libvirtd is restarted.
+This causes libvirtd to kill off the container due to incorrect cgroup
+placement.
+
+The solution is to ensure that when moving libvirt_lxc & qemu-nbd, we
+also move the systemd cgroup controller placement. Normally this is
+not something we ever want todo, but this is a special case as we are
+intentionally wanting to move them to a different systemd unit.
+
+Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
+Signed-off-by: Guido Günther <agx at sigxcpu.org>
+---
+ src/libvirt_private.syms |  1 +
+ src/lxc/lxc_controller.c |  4 ++--
+ src/util/vircgroup.c     | 52 +++++++++++++++++++++++++++++++++++++-----------
+ src/util/vircgroup.h     |  1 +
+ 4 files changed, 44 insertions(+), 14 deletions(-)
+
+diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
+index 43220e0..9aae1c1 100644
+--- a/src/libvirt_private.syms
++++ b/src/libvirt_private.syms
+@@ -1286,6 +1286,7 @@ virBufferVasprintf;
+ 
+ 
+ # util/vircgroup.h
++virCgroupAddMachineTask;
+ virCgroupAddTask;
+ virCgroupAddTaskController;
+ virCgroupAllowAllDevices;
+diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
+index 508bc3e..9880741 100644
+--- a/src/lxc/lxc_controller.c
++++ b/src/lxc/lxc_controller.c
+@@ -869,12 +869,12 @@ static int virLXCControllerSetupCgroupLimits(virLXCControllerPtr ctrl)
+                                             ctrl->nicindexes)))
+         goto cleanup;
+ 
+-    if (virCgroupAddTask(ctrl->cgroup, getpid()) < 0)
++    if (virCgroupAddMachineTask(ctrl->cgroup, getpid()) < 0)
+         goto cleanup;
+ 
+     /* Add all qemu-nbd tasks to the cgroup */
+     for (i = 0; i < ctrl->nnbdpids; i++) {
+-        if (virCgroupAddTask(ctrl->cgroup, ctrl->nbdpids[i]) < 0)
++        if (virCgroupAddMachineTask(ctrl->cgroup, ctrl->nbdpids[i]) < 0)
+             goto cleanup;
+     }
+ 
+diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
+index f151193..2d53a89 100644
+--- a/src/util/vircgroup.c
++++ b/src/util/vircgroup.c
+@@ -1178,16 +1178,8 @@ virCgroupNew(pid_t pid,
+ }
+ 
+ 
+-/**
+- * virCgroupAddTask:
+- *
+- * @group: The cgroup to add a task to
+- * @pid: The pid of the task to add
+- *
+- * Returns: 0 on success, -1 on error
+- */
+-int
+-virCgroupAddTask(virCgroupPtr group, pid_t pid)
++static int
++virCgroupAddTaskInternal(virCgroupPtr group, pid_t pid, bool withSystemd)
+ {
+     int ret = -1;
+     size_t i;
+@@ -1197,8 +1189,10 @@ virCgroupAddTask(virCgroupPtr group, pid_t pid)
+         if (!group->controllers[i].mountPoint)
+             continue;
+ 
+-        /* We must never add tasks in systemd's hierarchy */
+-        if (i == VIR_CGROUP_CONTROLLER_SYSTEMD)
++        /* We must never add tasks in systemd's hierarchy
++         * unless we're intentionally trying to move a
++         * task into a systemd machine scope */
++        if (i == VIR_CGROUP_CONTROLLER_SYSTEMD && !withSystemd)
+             continue;
+ 
+         if (virCgroupAddTaskController(group, pid, i) < 0)
+@@ -1210,6 +1204,40 @@ virCgroupAddTask(virCgroupPtr group, pid_t pid)
+     return ret;
+ }
+ 
++/**
++ * virCgroupAddTask:
++ *
++ * @group: The cgroup to add a task to
++ * @pid: The pid of the task to add
++ *
++ * Will add the task to all controllers, except the
++ * systemd unit controller.
++ *
++ * Returns: 0 on success, -1 on error
++ */
++int
++virCgroupAddTask(virCgroupPtr group, pid_t pid)
++{
++    return virCgroupAddTaskInternal(group, pid, false);
++}
++
++/**
++ * virCgroupAddMachineTask:
++ *
++ * @group: The cgroup to add a task to
++ * @pid: The pid of the task to add
++ *
++ * Will add the task to all controllers, including the
++ * systemd unit controller.
++ *
++ * Returns: 0 on success, -1 on error
++ */
++int
++virCgroupAddMachineTask(virCgroupPtr group, pid_t pid)
++{
++    return virCgroupAddTaskInternal(group, pid, true);
++}
++
+ 
+ /**
+  * virCgroupAddTaskController:
+diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h
+index 4b8f3ff..2de1bf2 100644
+--- a/src/util/vircgroup.h
++++ b/src/util/vircgroup.h
+@@ -131,6 +131,7 @@ int virCgroupPathOfController(virCgroupPtr group,
+                               char **path);
+ 
+ int virCgroupAddTask(virCgroupPtr group, pid_t pid);
++int virCgroupAddMachineTask(virCgroupPtr group, pid_t pid);
+ 
+ int virCgroupAddTaskController(virCgroupPtr group,
+                                pid_t pid,
diff --git a/debian/patches/series b/debian/patches/series
index 3d19e77..40e0bc8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,3 +17,4 @@ Set-defaults-for-zfs-tools.patch
 Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
 AppArmor-policy-support-merged-usr.patch
 apparmor-pass-attach_disconnected.patch
+lxc-ensure-libvirt_lxc-and-qemu-nbd-move-into-systemd-mac.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libvirt.git

More information about the Pkg-libvirt-commits mailing list