]>
git.proxmox.com Git - pve-container.git/blob - src/PVE/LXC/CGroup.pm
8ad1627e47340b18d3fce3d6d3d9d0fcb2d3d2a6
3 # This package should deal with figuring out the right cgroup path for a
4 # container (via the command socket), reading and writing cgroup values, and
5 # handling cgroup v1 & v2 differences.
7 # Note that the long term plan is to have resource manage functions instead of
8 # dealing with cgroup files on the outside.
10 package PVE
::LXC
::CGroup
;
23 use PVE
::LXC
::Command
;
25 # We don't want to do a command socket round trip for every cgroup read/write,
26 # so any cgroup function needs to have the container's path cached, so this
27 # package has to be instantiated.
29 # LXC keeps separate paths by controller (although they're normally all the
30 # same, in our # case anyway), so we cache them by controller as well.
32 my ($class, $vmid) = @_;
34 my $self = { vmid
=> $vmid };
36 return bless $self, $class;
39 my $CPUSET_BASE = undef;
40 # Find the cpuset cgroup controller.
42 # This is a function, not a method!
43 sub cpuset_controller_path
() {
44 if (!defined($CPUSET_BASE)) {
46 # legacy cpuset cgroup:
47 ['/sys/fs/cgroup/cpuset', 'cpuset.effective_cpus'],
48 # pure cgroupv2 environment:
49 ['/sys/fs/cgroup', 'cpuset.cpus.effective'],
50 # hybrid, with cpuset moved to cgroupv2
51 ['/sys/fs/cgroup/unified', 'cpuset.cpus.effective'],
54 my ($result) = grep { -f
"$_->[0]/$_->[1]" } @$CPUSET_PATHS;
55 die "failed to find cpuset controller\n" if !defined($result);
57 $CPUSET_BASE = $result->[0];
63 my $CGROUP_MODE = undef;
64 # Figure out which cgroup mode we're operating under:
66 # Returns 1 if cgroupv1 controllers exist (hybrid or legacy mode), and 2 in a
67 # cgroupv2-only environment.
69 # This is a function, not a method!
71 if (!defined($CGROUP_MODE)) {
72 my ($v1, $v2) = PVE
::LXC
::get_cgroup_subsystems
();
74 # hybrid or legacy mode
81 die "unknown cgroup mode\n" if !defined($CGROUP_MODE);
85 # Get a subdirectory (without the cgroup mount point) for a controller.
87 # If `$controller` is `undef`, get the unified (cgroupv2) path.
89 # Note that in cgroup v2, lxc uses the activated controller names
90 # (`cgroup.controllers` file) as list of controllers for the unified hierarchy,
91 # so this returns a result when a `controller` is provided even when using
92 # a pure cgroupv2 setup.
94 my ($self, $controller, $limiting) = @_;
96 my $entry_name = $controller || 'unified';
97 my $entry = ($self->{controllers
}->{$entry_name} //= {});
99 my $kind = $limiting ?
'limit' : 'ns';
100 my $path = $entry->{$kind};
102 return $path if defined $path;
104 $path = PVE
::LXC
::Command
::get_cgroup_path
(
111 if ($path =~ /\.\./) {
112 die "lxc returned suspicious path: '$path'\n";
114 ($path) = ($path =~ /^(.*)$/s);
116 $entry->{$kind} = $path;
121 # Get a path for a controller.
123 # `$controller` may be `undef`, see get_subdir above for details.
125 my ($self, $controller) = @_;
127 my $path = get_subdir
($self, $controller)
130 # The main mount point we currently assume to be in a standard location.
131 return "/sys/fs/cgroup/$path" if cgroup_mode
() == 2;
132 return "/sys/fs/cgroup/unified/$path" if !defined($controller);
133 return "/sys/fs/cgroup/$controller/$path";
136 # Parse a 'Nested keyed' file:
138 # See kernel documentation `admin-guide/cgroup-v2.rst` 4.1.
139 my sub parse_nested_keyed_file
($) {
142 foreach my $line (split(/\n/, $data)) {
143 my ($key, @values) = split(/\s+/, $line);
145 my $d = ($res->{$key} = {});
147 foreach my $value (@values) {
148 if (my ($key, $value) = ($value =~ /^([^=]+)=(.*)$/)) {
151 warn "bad key=value pair in nested keyed file\n";
158 # Parse a 'Flat keyed' file:
160 # See kernel documentation `admin-guide/cgroup-v2.rst` 4.1.
161 my sub parse_flat_keyed_file
($) {
164 foreach my $line (split(/\n/, $data)) {
165 if (my ($key, $value) = ($line =~ /^(\S+)\s+(.*)$/)) {
166 $res->{$key} = $value;
168 warn "bad 'key value' pair in flat keyed file\n";
174 # Parse out 'diskread' and 'diskwrite' values from I/O stats for this container.
183 if (cgroup_mode
() == 2) {
184 if (defined(my $path = $self->get_path('io'))) {
185 # cgroupv2 environment, io controller enabled
186 my $io_stat = file_get_contents
("$path/io.stat");
188 my $data = parse_nested_keyed_file
($io_stat);
189 foreach my $dev (keys %$data) {
190 my $dev = $data->{$dev};
191 if (my $b = $dev->{rbytes
}) {
192 $res->{diskread
} += $b;
194 if (my $b = $dev->{wbytes
}) {
195 $res->{diskread
} += $b;
199 # io controller not enabled or container not running
202 } elsif (defined(my $path = $self->get_path('blkio'))) {
203 # cgroupv1 environment:
204 my $io = file_get_contents
("$path/blkio.throttle.io_service_bytes_recursive");
205 foreach my $line (split(/\n/, $io)) {
206 if (my ($type, $bytes) = ($line =~ /^\d+:\d+\s+(Read|Write)\s+(\d+)$/)) {
207 $res->{diskread
} += $bytes if $type eq 'Read';
208 $res->{diskwrite
} += $bytes if $type eq 'Write';
212 # container not running
219 # Read utime and stime for this container from the cpuacct cgroup.
220 # Values are in milliseconds!
229 if (cgroup_mode
() == 2) {
230 if (defined(my $path = $self->get_path('cpu'))) {
231 my $data = eval { file_get_contents
("$path/cpu.stat") };
233 # or no io controller available:
234 return undef if !defined($data);
236 $data = parse_flat_keyed_file
($data);
237 $res->{utime} = int($data->{user_usec
} / 1000);
238 $res->{stime
} = int($data->{system_usec
} / 1000);
240 # memory controller not enabled or container not running
243 } elsif (defined(my $path = $self->get_path('cpuacct'))) {
244 # cgroupv1 environment:
245 my $clock_ticks = POSIX
::sysconf
(&POSIX
::_SC_CLK_TCK
);
246 my $clk_to_usec = 1000 / $clock_ticks;
248 my $data = parse_flat_keyed_file
(file_get_contents
("$path/cpuacct.stat"));
249 $res->{utime} = int($data->{user
} * $clk_to_usec);
250 $res->{stime
} = int($data->{system} * $clk_to_usec);
252 # container most likely isn't running
259 # Parse some memory data from `memory.stat`
260 sub get_memory_stat
{
268 if (cgroup_mode
() == 2) {
269 if (defined(my $path = $self->get_path('memory'))) {
270 my $mem = file_get_contents
("$path/memory.current");
271 my $swap = file_get_contents
("$path/memory.swap.current");
275 # FIXME: For the cgv1 equivalent of `total_cache` we may need to sum up
276 # the values in `memory.stat`...
279 $res->{swap
} = $swap;
281 # memory controller not enabled or container not running
284 } elsif (defined(my $path = $self->get_path('memory'))) {
285 # cgroupv1 environment:
286 my $stat = parse_flat_keyed_file
(file_get_contents
("$path/memory.stat"));
287 my $mem = file_get_contents
("$path/memory.usage_in_bytes");
288 my $memsw = file_get_contents
("$path/memory.memsw.usage_in_bytes");
289 chomp ($mem, $memsw);
291 $res->{mem
} = $mem - $stat->{total_cache
};
292 $res->{swap
} = $memsw - $mem;
294 # container most likely isn't running
301 # Change the memory limit for this container.
303 # Dies on error (including a not-running or currently-shutting-down guest).
304 sub change_memory_limit
{
305 my ($self, $mem_bytes, $swap_bytes) = @_;
307 if (cgroup_mode
() == 2) {
308 if (defined(my $path = $self->get_path('memory'))) {
309 PVE
::ProcFSTools
::write_proc_entry
("$path/memory.swap.max", $swap_bytes)
310 if defined($swap_bytes);
311 PVE
::ProcFSTools
::write_proc_entry
("$path/memory.max", $mem_bytes)
312 if defined($mem_bytes);
315 } elsif (defined(my $path = $self->get_path('memory'))) {
316 # With cgroupv1 we cannot control memory and swap limits separately.
317 # This also means that since the two values aren't independent, we need to handle
318 # growing and shrinking separately.
319 my $path_mem = "$path/memory.limit_in_bytes";
320 my $path_memsw = "$path/memory.memsw.limit_in_bytes";
322 my $old_mem_bytes = file_get_contents
($path_mem);
323 my $old_memsw_bytes = file_get_contents
($path_memsw);
324 chomp($old_mem_bytes, $old_memsw_bytes);
326 $mem_bytes //= $old_mem_bytes;
327 my $memsw_bytes = defined($swap_bytes) ?
($mem_bytes + $swap_bytes) : $old_memsw_bytes;
329 if ($memsw_bytes > $old_memsw_bytes) {
330 # Growing the limit means growing the combined limit first, then pulling the
332 PVE
::ProcFSTools
::write_proc_entry
($path_memsw, $memsw_bytes);
333 PVE
::ProcFSTools
::write_proc_entry
($path_mem, $mem_bytes);
335 # Shrinking means we first need to shrink the mem-only memsw cannot be
337 PVE
::ProcFSTools
::write_proc_entry
($path_mem, $mem_bytes);
338 PVE
::ProcFSTools
::write_proc_entry
($path_memsw, $memsw_bytes);
343 die "trying to change memory cgroup values: container not running\n";
346 # Change the cpu quota for a container.
348 # Dies on error (including a not-running or currently-shutting-down guest).
349 sub change_cpu_quota
{
350 my ($self, $quota, $period) = @_;
352 die "quota without period not allowed\n" if !defined($period) && defined($quota);
354 if (cgroup_mode
() == 2) {
355 if (defined(my $path = $self->get_path('cpu'))) {
356 # cgroupv2 environment, an undefined (unlimited) quota is defined as "max"
358 $quota //= 'max'; # unlimited
359 if (defined($quota)) {
360 PVE
::ProcFSTools
::write_proc_entry
("$path/cpu.max", "$quota $period");
362 # we're allowed to only write the quota:
363 PVE
::ProcFSTools
::write_proc_entry
("$path/cpu.max", 'max');
367 } elsif (defined(my $path = $self->get_path('cpu'))) {
368 $quota //= -1; # unlimited
370 PVE
::ProcFSTools
::write_proc_entry
("$path/cpu.cfs_period_us", $period);
371 PVE
::ProcFSTools
::write_proc_entry
("$path/cpu.cfs_quota_us", $quota);
375 die "trying to change cpu quota cgroup values: container not running\n";
378 # Change the cpu "shares" for a container.
380 # In cgroupv1 we used a value in `[0..500000]` with a default of 1024.
382 # In cgroupv2 we do not have "shares", we have "weights" in the range
383 # of `[1..10000]` with a default of 100.
385 # Since the default values don't match when scaling linearly, we use the
386 # values we get as-is and simply error for values >10000 in cgroupv2.
388 # It is left to the user to figure this out for now.
390 # Dies on error (including a not-running or currently-shutting-down guest).
391 sub change_cpu_shares
{
392 my ($self, $shares, $cgroupv1_default) = @_;
394 if (cgroup_mode
() == 2) {
395 if (defined(my $path = $self->get_path('cpu'))) {
396 # the cgroupv2 documentation defines the default to 100
398 die "cpu weight (shares) must be in range [1, 10000]\n" if $shares < 1 || $shares > 10000;
399 PVE
::ProcFSTools
::write_proc_entry
("$path/cpu.weight", $shares);
402 } elsif (defined(my $path = $self->get_path('cpu'))) {
404 PVE
::ProcFSTools
::write_proc_entry
("$path/cpu.shares", $shares // $cgroupv1_default);
408 # container most likely isn't running
409 die "trying to change cpu shares/weight cgroup values: container not running\n";