use PVE::LXC::Config;
use PVE::GuestHelpers qw(safe_string_ne safe_num_ne safe_boolean_ne);
use PVE::LXC::Tools;
+use PVE::LXC::CGroup;
use Time::HiRes qw (gettimeofday);
my $have_sdn;
my $last_proc_vmid_stat;
-my $parse_cpuacct_stat = sub {
- my ($vmid, $unprivileged) = @_;
-
- my $raw = read_cgroup_value('cpuacct', $vmid, $unprivileged, 'cpuacct.stat', 1);
-
- my $stat = {};
-
- if ($raw =~ m/^user (\d+)\nsystem (\d+)\n/) {
-
- $stat->{utime} = $1;
- $stat->{stime} = $2;
-
- }
-
- return $stat;
-};
-
our $vmstatus_return_properties = {
vmid => get_standard_option('pve-vmid'),
status => {
my $unpriv = $unprivileged->{$vmid};
- if (-d '/sys/fs/cgroup/memory') {
- my $memory_stat = read_cgroup_list('memory', $vmid, $unpriv, 'memory.stat');
- my $mem_usage_in_bytes = read_cgroup_value('memory', $vmid, $unpriv, 'memory.usage_in_bytes');
+ my $cgroups = PVE::LXC::CGroup->new($vmid);
- $d->{mem} = $mem_usage_in_bytes - $memory_stat->{total_cache};
- $d->{swap} = read_cgroup_value('memory', $vmid, $unpriv, 'memory.memsw.usage_in_bytes') - $mem_usage_in_bytes;
+ if (defined(my $mem = $cgroups->get_memory_stat())) {
+ $d->{mem} = $mem->{mem};
+ $d->{swap} = $mem->{swap};
} else {
$d->{mem} = 0;
$d->{swap} = 0;
}
- if (-d '/sys/fs/cgroup/blkio') {
- my $blkio_bytes = read_cgroup_value('blkio', $vmid, 0, 'blkio.throttle.io_service_bytes', 1); # don't check if unpriv
- my @bytes = split(/\n/, $blkio_bytes);
- foreach my $byte (@bytes) {
- if (my ($key, $value) = $byte =~ /(Read|Write)\s+(\d+)/) {
- $d->{diskread} += $2 if $key eq 'Read';
- $d->{diskwrite} += $2 if $key eq 'Write';
- }
- }
+ if (defined(my $blkio = $cgroups->get_io_stats())) {
+ $d->{diskread} = $blkio->{diskread};
+ $d->{diskwrite} = $blkio->{diskwrite};
} else {
$d->{diskread} = 0;
$d->{diskwrite} = 0;
}
- if (-d '/sys/fs/cgroup/cpuacct') {
- my $pstat = $parse_cpuacct_stat->($vmid, $unpriv);
-
- my $used = $pstat->{utime} + $pstat->{stime};
+ if (defined(my $cpu = $cgroups->get_cpu_stat())) {
+ # Total time (in milliseconds) used up by the cpu.
+ my $used_ms = $cpu->{utime} + $cpu->{stime};
my $old = $last_proc_vmid_stat->{$vmid};
if (!$old) {
$last_proc_vmid_stat->{$vmid} = {
time => $cdtime,
- used => $used,
+ used => $used_ms,
cpu => 0,
};
next;
}
- my $dtime = ($cdtime - $old->{time}) * $cpucount * $cpuinfo->{user_hz};
-
- if ($dtime > 1000) {
- my $dutime = $used - $old->{used};
-
- $d->{cpu} = (($dutime/$dtime)* $cpucount) / $d->{cpus};
+ my $delta_ms = ($cdtime - $old->{time}) * $cpucount * 1000.0;
+ if ($delta_ms > 1000.0) {
+ my $delta_used_ms = $used_ms - $old->{used};
+ $d->{cpu} = (($delta_used_ms / $delta_ms) * $cpucount) / $d->{cpus};
$last_proc_vmid_stat->{$vmid} = {
time => $cdtime,
- used => $used,
+ used => $used_ms,
cpu => $d->{cpu},
};
} else {
return $list;
}
-sub read_cgroup_list($$$$) {
- my ($group, $vmid, $unprivileged, $name) = @_;
-
- my $content = read_cgroup_value($group, $vmid, $unprivileged, $name, 1);
-
- return { split(/\s+/, $content) };
-}
-
-sub read_cgroup_value($$$$$) {
- my ($group, $vmid, $unprivileged, $name, $full) = @_;
-
- my $nsdir = $unprivileged ? '' : 'ns/';
- my $path = "/sys/fs/cgroup/$group/lxc/$vmid/${nsdir}$name";
-
- return PVE::Tools::file_get_contents($path) if $full;
-
- return PVE::Tools::file_read_firstline($path);
-}
-
-sub write_cgroup_value {
- my ($group, $vmid, $name, $value) = @_;
-
- my $path = "/sys/fs/cgroup/$group/lxc/$vmid/$name";
- PVE::ProcFSTools::write_proc_entry($path, $value) if -e $path;
-
-}
-
sub find_lxc_console_pids {
my $res = {};
return;
}
+ my ($lxc_major, $lxc_minor) = get_lxc_version();
+
my $raw = '';
+ if ($lxc_major >= 4) {
+ # Explicitly don't use relative directories, which is the default, but
+ # note that we do this mostly because they are only applied for *some*
+ # cgroups. Our pve-container@.service now starts lxc-start with `-F`,
+ # so we also don't need to worry about the new monitor cgroup to
+ # confuse systemd.
+ $raw .= "lxc.cgroup.relative = 0\n";
+
+ # To make things easier, let's keep our previous cgroup layout and
+ # simply move the monitor outside:
+ $raw .= "lxc.cgroup.dir.monitor = lxc.monitor/$vmid\n";
+ # cgroup namespace separation for stronger limits:
+ $raw .= "lxc.cgroup.dir.container = lxc/$vmid\n";
+ $raw .= "lxc.cgroup.dir.container.inner = ns\n";
+ }
+
die "missing 'arch' - internal error" if !$conf->{arch};
$raw .= "lxc.arch = $conf->{arch}\n";
$raw .= "lxc.net.$ind.hwaddr = $d->{hwaddr}\n" if defined($d->{hwaddr});
$raw .= "lxc.net.$ind.name = $d->{name}\n" if defined($d->{name});
$raw .= "lxc.net.$ind.mtu = $d->{mtu}\n" if defined($d->{mtu});
+
+ # Starting with lxc 4.0, we do not patch lxc to execute our up-scripts.
+ if ($lxc_major >= 4) {
+ $raw .= "lxc.net.$ind.script.up = /usr/share/lxc/lxcnetaddbr\n";
+ }
}
my $had_cpuset = 0;
return $new_volid;
}
+sub get_lxc_version() {
+ my $version;
+ PVE::Tools::run_command([qw(lxc-start --version)], outfunc => sub {
+ my ($line) = @_;
+ # We only parse out major & minor version numbers.
+ if ($line =~ /^(\d+)\.(\d+)(?:\D.*)?$/) {
+ $version = [$1, $2];
+ }
+ });
+
+ die "failed to get lxc version\n" if !defined($version);
+
+ # return as a list:
+ return $version->@*;
+}
+
1;