We have a cluster of two hypervisors both running Debian 11 (bullseye). They were initially installed as Debian 10, then upgraded to Debian 11.
The boot seems to use unified hierarchy. In dmesg
, there is this line (on each hypervisors):
[ 30.947276] systemd[1]: systemd 247.3-6 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified)
And also:
$ systemd --version
systemd 247 (247.3-6)
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified
$ findmnt /sys/fs/cgroup
TARGET SOURCE FSTYPE OPTIONS
/sys/fs/cgroup cgroup2 cgroup2 rw,nosuid,nodev,noexec,relatime
However, lxc
commands print a warning. For example:
$ sudo lxc list
WARNING: cgroup v2 is not fully supported yet, proceeding with partial confinement
On an empty hypervisor, the /sys/fs/cgroup/
is filled with:
$ ls /sys/fs/cgroup/
cgroup.controllers cpuset.mems.effective memory.numa_stat
cgroup.max.depth cpu.stat memory.pressure
cgroup.max.descendants dev-hugepages.mount memory.stat
cgroup.procs dev-mqueue.mount sys-fs-fuse-connections.mount
cgroup.stat init.scope sys-kernel-config.mount
cgroup.subtree_control io.cost.model sys-kernel-debug.mount
cgroup.threads io.cost.qos sys-kernel-tracing.mount
cpu.pressure io.pressure system.slice
cpuset.cpus.effective io.stat user.slice
With containers, the directory content is the same, with lxc.monitor.${container_names}
and lxc.payload.${container_names}
added.
- Did we miss something and we’re not using unified hierarchy?
- How could we fix the warning?