80 likes | 244 Views
Containers - components. Namespaces For network, uid, pid, ipc, … Control Groups (was Task Containers ) Framework for controlling groups of tasks Subsystems include resource controllers, other behaviour modifiers Checkpoint / Restore For migration and rollback. Namespace status.
E N D
Containers - components • Namespaces • For network, uid, pid, ipc, … • Control Groups (was Task Containers) • Framework for controlling groups of tasks • Subsystems include resource controllers, other behaviour modifiers • Checkpoint / Restore • For migration and rollback.
Namespace status • UTS - complete, in mainline • SysV IPC - complete, in mainline • User - experimental, in mainline • Incomplete, no uid checks • Pid - testing, in -mm • Needs Kthread API conversion (NFS etc) • Network - under development • Needs /sys enhancements & maintainer approval
Namespace Todo • Additional Namespaces • Time, dev (virtual devices: ptys, etc) • Do we have enough clone bits? • Isolation issues • /dev/rtc, physical devices, console, printks • External Control & Monitoring • Enter, configure
Control Groups - Why? Example use cases: • CFS - Apply CPU weights to arbitrary groups of processes • Cpusets • Memory Controller - Limit memory usage for virtual servers or cluster jobs • Task Freezer - Freeze / Unfreeze tasks • NSProxy - Tie namespaces to control groups • Aggregated limits/controls - swap, disk I/O, dirty pages, network restrictions, …
Control Groups - What? • Efficient access to state record for subsystem S, for task T • Constant offsets resolved at compile time • Filesystem API, evolved from Cpusets • Directory == Group, nesting allowed • Allows multiple independent groupings • Subsystems define control files
Why not just use … ? • setrlimit() • Restricted to simple numerical limits • No generic support for aggregate limits • Only settable on current process • uid/gid/pgrp/session • Needed for traditional semantics (e.g. in virtual server) • Only settable on current process • Can’t be set to arbitrary values.
Control Groups - Cautions • Performance • No significant overhead from framework • May be necessary to trade throughput for QoS, for some resource controllers • Filesystem API • Need to avoid proliferating subsystem-specific APIs
Control Groups - Todo • Virtual server support • Let virtual servers manage their own groups • More integration with namespaces