[libvirt] [PATCH 8/8] Make QEMU cgroups use configurable

Thu Jul 23 15:46:16 UTC 2009

On Wed, Jul 22, 2009 at 04:23:47PM +0100, Daniel P. Berrange wrote:
>  * qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug,
>    src/qemu.conf: Add 'cgroups_controllers' and 'cgroups_device_acl'
>    parameters
>  * src/qemu_conf.h, src/qemu_conf.c: Load & parse configuration params
>    for cgroups
>  * src/qemu_driver.c: Only use cgroups controllers that are activated,
>    and use configured device whitelist instead of default, if set.
> 
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
>  qemud/libvirtd_qemu.aug      |    2 +
>  qemud/test_libvirtd_qemu.aug |   21 +++++++-
>  src/Makefile.am              |    3 +-
>  src/cgroup.c                 |   11 ----
>  src/cgroup.h                 |   12 +++++
>  src/qemu.conf                |   34 +++++++++++++
>  src/qemu_conf.c              |   61 ++++++++++++++++++++++++
>  src/qemu_conf.h              |    3 +
>  src/qemu_driver.c            |  106 ++++++++++++++++++++++++------------------
[...]
> +++ b/src/qemu.conf
> @@ -95,3 +95,37 @@
>  
>  # The group ID for QEMU processes run by the system instance
>  #group = "root"
> +
> +
> +# What cgroup controllers to make use of with QEMU guests
> +#
> +#  - 'cpu' - use for schedular tunables
> +#  - 'devices' - use for device whitelisting
> +#
> +# NB, even if configured here, they won't be used unless
> +# the adminsitrator has mounted cgroups. eg
> +#
> +#  mkdir /dev/cgroup
> +#  mount -t cgroup -o devices,cpu none /dev/cgroup
> +#
> +# They can be mounted anywhere, and different controlers
> +# can be mounted in different locations. libvirt will detect
> +# where they are located.
> +#
> +# cgroup_controllers = [ "cpu", "devices" ]
> +
> +# This is the basic set of devices allowed / required by
> +# all virtual machines.
> +#
> +# As well as this, any configured block backed disks,
> +# all sound device, and all PTY devices are allowed.
> +#
> +# This will only need setting if newer QEMU suddenly
> +# wants some device we don't already know a bout.
> +#
> +#cgroup_device_acl = [
> +#    "/dev/null", "/dev/full", "/dev/zero",
> +#    "/dev/random", "/dev/urandom",
> +#    "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
> +#    "/dev/rtc", "/dev/hpet", "/dev/net/tun",
> +#]

 great, but that doesn't really replace documentation :-)

[...]
> -    if (vm->def->nsounds) {
> -        rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_SND_MAJOR);
> +        rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_PTY_MAJOR);
>          if (rc != 0) {
>              virReportSystemError(conn, -rc, "%s",
> -                                 _("unable to allow /dev/snd/ devices"));
> +                                 _("unable to allow /dev/pts/ devices"));
>              goto cleanup;

  diff is really making the patch hard to read ...

  ACK,

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel at veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/