From: Cedric Le Goater <clg-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
To: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Cc: Kir Kolyshkin <kir-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>,
Rohit Seth <rohitseth-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Paul Menage <menage-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
office-xGb7/i2pWyrYtjvyW6yDsg@public.gmane.org,
Alasdair Kergon <agk-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Pavel Emelianov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: [RFC] Container mini-summit agenda for Sept 3, 2007
Date: Thu, 30 Aug 2007 12:05:07 +0200 [thread overview]
Message-ID: <46D69653.1090003@fr.ibm.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 873 bytes --]
Hello All,
Some of us will meet next week for the first mini-summit on containers.
Many thanks to Alasdair Kergon and LCE for the help they provided in
making this mini-summit happen !
It will be help on Monday the 3rd of September from 9:00 to 12:45 at LCE
in room D. We also might get a phone line for external participants and,
if not, we should be able to set up a skype phone.
Here's a first try for the Agenda.
Global items
[ let's try to defer discussion after presentation ]
* Pavel Emelianov status update
* Serge E. Hallyn Container Roadmap including
. task containers (Paul Menage)
. resource management (Srivatsa Vaddagiri)
Special items
[ brainstorm sessions which we would like to focus on ]
* builing the global container object ('a la' openvz or vserver)
* container user space tools
* container checkpoint/restart
Thanks,
C.
[-- Attachment #2: container-roadmap.txt --]
[-- Type: text/plain, Size: 9087 bytes --]
====================== Section 1 ======================
=Introduction
====================== Section 1 ======================
We are trying to create a roadmap for the next year of
'container' development, to be reported to the upcoming kernel
summit. Containers here is a bit of an ambiguous term, so we are
taking it to mean all of:
1. namespaces
kernel resource namespaces to support resource isolation
and virtualization for virtual servers and application
checkpoint/restart.
2. task containers framework
task containers provide a framework for subsystems which associate
state with arbitrary groups of processes, for purposes such as
resource control/monitoring.
3. checkpoint/restart
====================== Section 2 ======================
=Detailed development plans
====================== Section 2 ======================
A (still under construction) list of features we expect to be worked on
next year looks like this:
1. completion of ongoing namespaces
pid namespace
push merged patchset upstream
kthread cleanup
especially nfs
autofs
af_unix credentials (stores pid_t?)
net namespace
ro bind mounts
2. continuation with new namespaces
devpts, console, and ttydrivers
user
time
namespace management tools
namespace entering (using one of:)
bind_ns()
ns container subsystem
(vs refuse this functionality)
multiple /sys mounts
break /sys into smaller chunks?
shadow dirs vs namespaces
multiple proc mounts
likely need to extend on the work done for pid namespaces
i.e. other /proc files will need some care
virtualization of statistics for 'top', etc
3. any additional work needed for virtual servers?
i.e. in-kernel keyring usage for cross-usernamespace permissions, etc
nfs and rpc updates needed?
general security fixes
per-container capabilities?
device access controls
e.g. root in container should not have access to /dev/sda by default)
filesystems access controls
'container object'?
implementation (perhaps largely userspace abstraction)
container enter
container list
container shutdown notification
4. task containers functionality
base features
hierarchical/virtualized containers
support vserver mgmnt of sub-containers
locking cleanup
control file API simplification
userpace RBCE to provide controls for
users
groups
pgrp
executable
specific containers targeted:
split cpusets into
cpuset
memset
network
connect/bind/accept controller using iptables
memory controller (see detail below)
cpu controller d (see detailbelow)
io controller (see detail below)
network flow id control
per-container OOM handler (userspace)
per-container swap
per-container disk I/O scheduling
per container memory reclaim
per container dirty page (write throttling) limit.
network rate limiting (outbound) based on container
misc
User level APIS to identify the resource limits that is allowed to a
job, for example, how much physical memory a
process can use. This should seamlessly
integrated with non-container environment as
well (may be with ulimit).
Per container stats, like pages on active list, cpus usage, etc
memory controller
users and requirements:
1. The containers solution would need resource
management (including memory control and per container swap files).
Paul Menage, YAMOMOTO Takshi, Peter Zijlstra, Pavel Emelianov have all shown
interest in the memory controller patches.
2. The memory controller can account for page
cache as well, all people interested in limiting page cahce control, can
theoratically put move all page cache hungry applications under the same
container.
Planned enhancements to the memory controller
1. Improved shared page accounting
2. Improved statistics
3. Soft-limit memory usage
generic infrastructure work:
1. Enhancing containerstats
a. Working on per controller statistics
b. Integrating taskstats with containerstats
2. CPU accounting framework
a. Migrate the accounting to be more precis
cpu controller
users and requirements:
1. Virtualization solutions like containers and
KVM need CPU control. KVM for example would
like to have both limits and guarantees
supported by a CPU controller, to control CPU
allocation to a particular instance.
2. Workload management products would like to exploit this for providing
guaranteed cpu bandwidth and also (hard/soft) limiting cpu usage.
work items
1. Fine-grained proportional-share fair-group scheduling.
2. More accurate SMP fairness
3. Hard limit
4. SCHED_FIFO type policy for groups
5. Improved statistics and debug facility for group scheduler
io controller
users and requirements:
1. At a talk presented to the Linux Foundation
(OSDL), the attendees showed interest in an IO
controller to control IO bandwidth of various
filesystem operations (backup, journalling,
etc)
work items:
1. Proof of concept IO controller and community discussion/feedback
2. Development and Integration of the IO controller with containers
open issues
1. Automatic tagging/resource classification engine
5. checkpoint/restart
memory c/r
(there are a few designs and prototypes)
(though this may be ironed out by then)
per-container swapfile?
overall checkpoint strategy (one of:)
in-kernel
userspace-driven
hybrid
overall restart strategy
use freezer API
use suspend-to-disk?
sysvipc
"set identifier" syscall
pid namespace
clone_with_pid()
live migration
====================== Section 3 ======================
=Use cases
====================== Section 3 ======================
1, Namespaces:
The most commonly listed uses for namespaces are virtual
servers and checkpoint restart. Other uses are debugging
(running tests in not-quite-virtual-servers) and resource
isolation, such as the use of mounts namespaces to simulate
multi-level directories for LSPP.
2. Task Containers:
(Vatsa to fill in)
3. Checkpoint/restart
load balancing:
applications can be migrated from high-load systems to ones
with a lower load. Long-running applications can be checkpointed
(or migrated) to start a short-running high-load job, then
restarted.
kernel upgrades:
A long-running application - or whole virtual server - can
be migrated or checkpointed so that the system can be
rebooted, and the application can continue to run
====================== Section 4 ======================
=Involved parties
====================== Section 4 ======================
In the list of stakeholders, I try to guess based on past comments and
contributions what *general* area they are most likely to contribute in.
I may try to narrow those down later, but am just trying to get something
out the door right now before my next computer breaks.
Stakeholders:
Eric Biederman
everything
google
task containers
ibm (serge, dave, cedric, daniel)
namespaces
checkpoint/restart
bull (benjamin, pierre)
namespaces
checkpoint/restart
ibm (balbir, vatsa)
task containers
kerlabs
checkpoint/restart
openvz
everything
NEC Japan (Masahiko Takahashi)
checkpoint/restart
Linux-VServer
namespaces+containers
zap project
checkpoint/restart
planetlab
everything
hp
network namespaces, virtual servers?
XtreemOS
checkpoint/restart
Fujitsu/VA Linux Japan
resource control
BLCR (Paul H. Hargrove)
checkpoint/restart
Is anyone else still missing from the list?
thanks,
-serge
[-- Attachment #3: Type: text/plain, Size: 206 bytes --]
_______________________________________________
Containers mailing list
Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
https://lists.linux-foundation.org/mailman/listinfo/containers
next reply other threads:[~2007-08-30 10:05 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-30 10:05 Cedric Le Goater [this message]
[not found] ` <46D69653.1090003-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-08-30 15:35 ` [RFC] Container mini-summit agenda for Sept 3, 2007 Rohit Seth
[not found] ` <46D6E3D9.3050208-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2007-08-31 14:28 ` Cedric Le Goater
2007-08-31 3:26 ` Oren Laadan
[not found] ` <46D78A5E.3030304-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2007-08-31 14:26 ` Cedric Le Goater
[not found] ` <46D824FA.2080300-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-08-31 14:59 ` Cedric Le Goater
[not found] ` <46D82CC4.5010809-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-08-31 15:59 ` [Devel] " Kirill Korotaev
[not found] ` <46D83AD3.4090404-3ImXcnM4P+0@public.gmane.org>
2007-08-31 18:10 ` Oren Laadan
2007-08-31 18:20 ` Oren Laadan
2007-09-02 22:49 ` Kirill Kolyshkin
[not found] ` <82da1a7b0709021549m554515dewaf36d846420770bc-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2007-09-03 0:03 ` Alasdair G Kergon
2007-09-03 0:25 ` Eric W. Biederman
2007-09-03 3:51 ` Paul Menage
2007-09-03 4:44 ` Srivatsa Vaddagiri
2007-09-03 8:22 ` Srivatsa Vaddagiri
2007-09-03 8:45 ` Cedric Le Goater
[not found] ` <46DBC9C5.5060101-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-09-03 9:03 ` Paul Menage
[not found] ` <6599ad830709030203s50ad1ab1vb0cdf21be0ab023-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2007-09-03 9:32 ` Pavel Emelyanov
[not found] ` <46DBD4BE.4000901-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-09-03 9:48 ` Paul Menage
[not found] ` <6599ad830709030248g4854a056y2f92b8a0fc12c48d-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2007-09-03 9:50 ` Pavel Emelyanov
2007-09-03 10:16 ` Srivatsa Vaddagiri
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46D69653.1090003@fr.ibm.com \
--to=clg-nmtc/0zbporqt0dzr+alfa@public.gmane.org \
--cc=agk-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=kir-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=menage-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=office-xGb7/i2pWyrYtjvyW6yDsg@public.gmane.org \
--cc=rohitseth-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.