Hi,
I have enabled KSM on my Worker Node.
Is there a way a container running in the Worker Node know whether KSM is enabled in the worker node?
thanks
Prince
To check this from within a container, you can mount the host’s /sys filesystem into the container using the lxc.mount.entry configuration option in the container’s configuration file. Once mounted, the container can read the /sys/kernel/mm/ksm/run file to determine the status of KSM on the host node.
lxc.mount.entry = /sys sys none bind,optional 0 0
Once the container is started, you can check the status of KSM on the host node by running the following command inside the container:
lxc shell <container> -- cat /sys/kernel/mm/ksm/run
If the output is 1 , then KSM is enabled on the host node. Can you try this on your side and tell me if this works for you ?
@tomp Do you agree with that ?
Thank you !!
I found this past post which may be of interest:
@amikhalitsyn is the mount that @gabrielmougard suggested above a security concern?
It can be a problem of course as we expose a host sysfs to a container.
As far as I know the KSM is not namespaced and we can read /sys/kernel/mm/ksm/run from any sysfs mount and it will give a host value. KSM is a completely independent with the namespaces/cgroups it works globally on the memory management subsystem level.
2 Likes