We have a cluster of two hypervisors both running Debian 11 (bullseye). They were initially installed as Debian 10, then upgraded to Debian 11.
The boot seems to use unified hierarchy. In dmesg, there is this line (on each hypervisors):
[ 30.947276] systemd[1]: systemd 247.3-6 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified)
And also:
$ systemd --version
systemd 247 (247.3-6)
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified
$ findmnt /sys/fs/cgroup
TARGET SOURCE FSTYPE OPTIONS
/sys/fs/cgroup cgroup2 cgroup2 rw,nosuid,nodev,noexec,relatime
However, lxc commands print a warning. For example:
$ sudo lxc list
WARNING: cgroup v2 is not fully supported yet, proceeding with partial confinement
On an empty hypervisor, the /sys/fs/cgroup/ is filled with:
$ ls /sys/fs/cgroup/
cgroup.controllers cpuset.mems.effective memory.numa_stat
cgroup.max.depth cpu.stat memory.pressure
cgroup.max.descendants dev-hugepages.mount memory.stat
cgroup.procs dev-mqueue.mount sys-fs-fuse-connections.mount
cgroup.stat init.scope sys-kernel-config.mount
cgroup.subtree_control io.cost.model sys-kernel-debug.mount
cgroup.threads io.cost.qos sys-kernel-tracing.mount
cpu.pressure io.pressure system.slice
cpuset.cpus.effective io.stat user.slice
With containers, the directory content is the same, with lxc.monitor.${container_names} and lxc.payload.${container_names} added.
- Did we miss something and we’re not using unified hierarchy?
- How could we fix the warning?
