KS2011: Coming to love control groups
There are two aspects to control groups. The groups themselves are just a
way of grouping processes; there may be complaints about how they are
implemented, but they are not hugely expensive or intrusive. That cannot
always be said about the controllers which, when associated with control
groups, enforce resource limits and provide isolation. Thomas Gleixner was
quick to chime in that one problem is that people are "creating control
groups like crazy"; he booted a box recently and found over 70 control
groups on it. That, he thinks, is too many.
Lennart Poettering responded that systemd only uses control groups for process grouping, it does not need any controllers at all. The only one it will use is the CPU controller if it is present. It became clear during the session - more than once - that he wanted to talk about systemd; that made some sense since systemd is one of the biggest users of control groups, but the point of the session was really to talk about control groups in the kernel. The discussion had to be rescued from systemd-related fights more than once during this session.
Ted Ts'o said that one of the big problems is the interactions between controllers. Each controller is tied to a specific subsystem, but they often operate in ways that affect each other. It was asked whether it would make sense to name a "control group maintainer" who would have an overall view of the situation and try to make the controllers work better together; Ingo Molnar suggested that a developer who has worked with control groups for a while should be found to do it.
Andrew Morton seemed to think that a control group maintainer was a good idea; he said that the real problem is getting people to pay attention to all the new stuff out there. Currently he is looking at the timer slack and task counter controllers and trying to figure out if they are something we want or not. He is the "resident sitting cgroup maintainer," but would really like some input from others. An "architect" who understands how the controllers interact would be very helpful. It would also be good to create a list for control group discussions; containers@lists.linux-foundation.org has existed for a while, but did not see a lot of use even before the Linux Foundation lists went down. James said he will create a new cgroups@vger.kernel.org list.
Ted complained about the lack of widely-used applications for controllers; most of the code out there tends to be internal company code. There was agreement that having more useful utilities for control groups would be a good thing.
With regard to the controllers themselves, Paul Turner said that Google would, based on its experience, rip apart a lot of the controllers and rework them in a better form. Alan Cox added that a lot of the existing controllers are "research projects" that should never have made it into the kernel. There were some emphatic suggestions that controllers should have zero overhead if they are turned off, even when they are built into the kernel. It was also said that controllers should default to "off" unless the user has explicitly asked for them to be turned on.
Another problem with controllers is their interaction with namespaces. The two often need to be used together, but their interfaces are completely different and the combination is awkward. Evidently there are patches in the works to give namespaces a more cgroup-like interface.
Linus raised a complaint about namespaces: their implementation has required changes throughout the kernel. But there is still a lot of code that has not been made namespace-aware; that code works most of the time, but can occasionally break in random places. A lot of kernel code still looks at process IDs without taking into account the PID namespace; that code could end up acting on the wrong process at times. But people rarely notice because much of this code is still unused.
The session ended with the identification of a potential control group
maintainer. The victim future maintainer was not in the
room to defend himself, though, so his name will be withheld for the time
being.
Next: Memory management issues
| Index entries for this article | |
|---|---|
| Kernel | Control groups |
Posted Oct 25, 2011 2:06 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
That's cruel.
Posted Oct 25, 2011 10:47 UTC (Tue)
by mstefani (guest, #31644)
[Link]
Posted Oct 25, 2011 6:34 UTC (Tue)
by ebiederm (subscriber, #35028)
[Link] (2 responses)
I propose someone fix the control group interface so it works before having control groups take over the world.
Posted Oct 25, 2011 10:06 UTC (Tue)
by nix (subscriber, #2304)
[Link] (1 responses)
Posted Oct 26, 2011 1:20 UTC (Wed)
by ebiederm (subscriber, #35028)
[Link]
In fairness Paul Menage has been looking at this a bit after I raised the issue with him at plumers conf.
James seems a little more dense and seems to not have understood when I pointed out that control groups and namespaces were not them same thing. I guess more repetition of the obvious is in order.
KS2011: Coming to love control groups
KS2011: Coming to love control groups
/me runs fast
KS2011: Coming to love control groups
KS2011: Coming to love control groups
The control group interface has serious nesting problems
Presumably you mean the kernel-internal interface, not the userspace-visible interface? As far as I know directories can be nested with no problems at all. (If there are problems, a lot of people would like to know what they are!)
KS2011: Coming to love control groups