1 / 8

Containers - components

Containers - components. Namespaces For network, uid, pid, ipc, … Control Groups (was Task Containers ) Framework for controlling groups of tasks Subsystems include resource controllers, other behaviour modifiers Checkpoint / Restore For migration and rollback. Namespace status.

sadah
Download Presentation

Containers - components

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Containers - components • Namespaces • For network, uid, pid, ipc, … • Control Groups (was Task Containers) • Framework for controlling groups of tasks • Subsystems include resource controllers, other behaviour modifiers • Checkpoint / Restore • For migration and rollback.

  2. Namespace status • UTS - complete, in mainline • SysV IPC - complete, in mainline • User - experimental, in mainline • Incomplete, no uid checks • Pid - testing, in -mm • Needs Kthread API conversion (NFS etc) • Network - under development • Needs /sys enhancements & maintainer approval

  3. Namespace Todo • Additional Namespaces • Time, dev (virtual devices: ptys, etc) • Do we have enough clone bits? • Isolation issues • /dev/rtc, physical devices, console, printks • External Control & Monitoring • Enter, configure

  4. Control Groups - Why? Example use cases: • CFS - Apply CPU weights to arbitrary groups of processes • Cpusets • Memory Controller - Limit memory usage for virtual servers or cluster jobs • Task Freezer - Freeze / Unfreeze tasks • NSProxy - Tie namespaces to control groups • Aggregated limits/controls - swap, disk I/O, dirty pages, network restrictions, …

  5. Control Groups - What? • Efficient access to state record for subsystem S, for task T • Constant offsets resolved at compile time • Filesystem API, evolved from Cpusets • Directory == Group, nesting allowed • Allows multiple independent groupings • Subsystems define control files

  6. Why not just use … ? • setrlimit() • Restricted to simple numerical limits • No generic support for aggregate limits • Only settable on current process • uid/gid/pgrp/session • Needed for traditional semantics (e.g. in virtual server) • Only settable on current process • Can’t be set to arbitrary values.

  7. Control Groups - Cautions • Performance • No significant overhead from framework • May be necessary to trade throughput for QoS, for some resource controllers • Filesystem API • Need to avoid proliferating subsystem-specific APIs

  8. Control Groups - Todo • Virtual server support • Let virtual servers manage their own groups • More integration with namespaces

More Related