Running LXD an openrc container on a openrc system - trouble with cgroups

palica · November 25, 2017, 9:28am

Hello all,

I am trying to start a container with OpenRC init system running also on a host that uses OpenRC as its init system. Almost everything works fine. I can create, start and exec commands in container. The part that is not working for me is that there are no cgroup mounts inside the container.

I am running fairly recent kernel 4.13 with cgroups enabled and also recent OpenRC on host and container (openrc-0.34.9).

I am using LXD 2.20, LXC 2.0.9, and LXCFS 2.0.8.

Mount from HOST:
# mount |grep cgroup
cgroup_root on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,size=10240k,mode=755)
openrc on /sys/fs/cgroup/openrc type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/lib64/rc/sh/cgroup-release-agent.sh,name=openrc)
none on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime)
cpuset on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cpu on /sys/fs/cgroup/cpu type cgroup (rw,nosuid,nodev,noexec,relatime,cpu)
cpuacct on /sys/fs/cgroup/cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct)
blkio on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
memory on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
devices on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
freezer on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
perf_event on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
pids on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
rdma on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)

HOST cgroup:
# ls /sys/fs/cgroup/
blkio cpu cpuacct cpuset devices freezer memory openrc perf_event pids rdma unified

HOST OpenRC related cgroups
# ls /sys/fs/cgroup/openrc/
cgroup.clone_children cgroup.sane_behavior fcron lxc lxd notify_on_release release_agent sshd tasks
cgroup.procs dhcpcd haveged lxcfs netdata ntpd smartd syslog-ng udev

HOST LX* related cgroups:
# ls /sys/fs/cgroup/openrc/lxc
cgroup.clone_children cgroup.procs test-container notify_on_release tasks
# ls /sys/fs/cgroup/openrc/lxd
cgroup.clone_children cgroup.procs notify_on_release tasks

Mount from CONTAINER:
# lxc exec fun-new-lxd-2 mount |grep cgroup
(no output) no cgroups mounted

LS of /sys/fs/cgroup in CONTAINER:
ls -alF /sys/fs/cgroup/
total 0
dr-xr-xr-x 2 nobody nobody 0 Nov 24 23:39 ./
drwxr-xr-x 12 nobody nobody 0 Nov 24 23:39 …/

Does anybody have experience with running LXD on an OpenRC host? Do you have a solution how to mount cgroups on container startup? Can someone please shed some light on this problem? Thank you in advance.

Palica

palica · November 25, 2017, 2:10pm

I have filed some bug reports for LXD and for OpenRC. LXD devs are saying OpenRC should be mounting cgroups inside container.

See:
LXD issue - https://github.com/lxc/lxd/issues/4052
OpenRC isue - https://github.com/OpenRC/openrc/issues/187

palica · November 26, 2017, 10:21am

If openrc is responsible for mounting cgroups inside container one can workaround it with something like this.

gist.github.com

https://gist.github.com/palica/c8d7722aab57de8a2437fa8b9d00ba42/54100b99ec494f325bdf2bdc444fd97b4e20b5ed

sysfs

--- sysfs       2017-11-25 00:02:31.150396179 +0100
+++ sysfs.palica        2017-11-26 11:22:54.041218857 +0100
@@ -15,7 +15,8 @@
 
 depend()
 {
-       keyword -docker -lxc -prefix -systemd-nspawn -vserver
+# Removing -lxc keyword as we need to run cgroup mount inside container
+  keyword -docker -prefix -systemd-nspawn -vserver
 }

This file has been truncated. show original

Removing -lxc keyword and commenting out mount_sys and mount_misc, but mounting cgroups inside container.

You have to change this inside container.

palica · November 29, 2017, 8:54pm

This issue got fixed in openrc