Re: Containers and /proc/sys/vm/drop_caches

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Rob Landley <rlandley-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
To: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: Re: Containers and /proc/sys/vm/drop_caches
Date: Sat, 8 Jan 2011 06:39:31 -0600	[thread overview]
Message-ID: <4D285B03.6050708@parallels.com> (raw)
In-Reply-To: <20110107151241.GB4962-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>

On 01/07/2011 09:12 AM, Serge Hallyn wrote:
>> Changing ownership so a script can't open a file that it otherwise
>>  could may cause scripts to fail when run in a container.  Makes
>> the containers less transparent.
> 
> While my goal next week is to make containers more transparent, the 
> official stance from kernel summit a few years ago was:  transparent
>  containers are not a valid goal (as seen from kernel).

Do you have a reference for that?  I'm still coming up to speed on all this.  Trying to collect documentation...

>> A heavily loaded system that goes deep into swap without triggering
>> the OOM killer can become pretty useless.  My home laptop with 2
>> gigs
> 
> Isn't a cgroup that controls both memory and swap access the right 
> answer to this?

There are other ways to work around it, sure.  (It's yet to be proven that they do actually work better in resource constrained desktop environments under real-world load, but they seem very promising.)

I was just pointing out that this has seen some use as a recovery mechanism, slightly less drastic than the OOM killer.  (Didn't say it was a _good_ use.  Also, error avoidance and error recovery are different issues, and virtual memory is an inherently overcommitted resource domain.)

> (And do we have that now, btw?)

I think it's coming, rather than actually here.  (I thought the beancounters stuff was OpenVZ, controlled by syscalls that the kernel developers rejected.  Have resource constraints on anything other than scheduler made it into vanilla yet?  If so, what's the UI to control them?)

By the way, from a UI perspective, most of the containers stuff I've seen so far is apparently aimed at big iron deployments (or attempts to make PC clusters look like mainframes, I.E. this "cloud" stuff).  I'm glad to see more diverse uses of it, but one of the downsides of cobbling together a mechanism from a dozen different unrelated pieces of infrastructure (clone flags, cgroup filesystem, extra mount flags on proc and such so they behave differently) is that we need a lot of documentation/example code/libraries to make it easy to use.  "You can do X" and "it's easy to reliably do X" have a gap that may take a while to close...

Rob

next prev parent reply	other threads:[~2011-01-08 12:39 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-01-05  9:40 Containers and /proc/sys/vm/drop_caches Mike Hommey
     [not found] ` <20110105094022.GA5366-YmoObPS1fuhg9hUCZPvPmw@public.gmane.org>
2011-01-05  9:49   ` Daniel Lezcano
     [not found]     ` <4D243EC3.1050101-GANU6spQydw@public.gmane.org>
2011-01-05 14:01       ` Serge Hallyn
     [not found]         ` <20110105140159.GC2718-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
2011-01-05 14:16           ` Balbir Singh
     [not found]             ` <AANLkTi=x=6gUZTxJC8LXxYNu029+firyzKqjMa6m+R-x-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-01-06 21:43               ` Matt Helsley
     [not found]                 ` <20110106214315.GJ29064-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2011-01-06 21:50                   ` Dave Hansen
2011-01-06 22:08                     ` Matt Helsley
     [not found]                       ` <20110106220841.GK29064-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2011-01-06 22:15                         ` Dave Hansen
2011-01-07 13:03                   ` Rob Landley
     [not found]                     ` <4D270F34.8080305-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2011-01-07 15:12                       ` Serge Hallyn
     [not found]                         ` <20110107151241.GB4962-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
2011-01-08 12:39                           ` Rob Landley [this message]
     [not found]                             ` <4D285B03.6050708-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2011-01-11 16:28                               ` Serge Hallyn
  -- strict thread matches above, loose matches on Subject: below --
2010-12-30  7:59 Mike Hommey
2010-12-30  8:57 ` Rob Landley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D285B03.6050708@parallels.com \
    --to=rlandley-bzqdu9zft3wakbo8gow8eq@public.gmane.org \
    --cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
    --cc=serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.