[Devel] Re: 2009 kernel summit preparation for 'containers end-game' discussion
Serge E. Hallyn
serue at us.ibm.com
Mon Oct 12 12:04:17 PDT 2009
Quoting Oren Laadan (orenl at librato.com):
> Hi,
>
> Serge E. Hallyn wrote:
> > Hi,
> >
> > the kernel summit is rapidly approaching. One of the agenda
> > items is 'the containers end-game and how do we get there.'
> > As of now I don't yet know who will be there to represent the
> > containers community in that discussion. I hope there is
> > someone planning on that? In the hopes that there is, here is
> > a summary of the info I gathered in June, in case that is
> > helpful. If it doesn't look like anyone will be attending
> > ksummit representing containers, then I'll send the final
> > version of this info to the ksummit mailing list so that someone
> > can stand in.
> >
> > 1. There will be an IO controller minisummit before KS. I
> > trust someone (Balbir?) will be sending meeting notes to
> > the cgroup list, so that highlights can be mentioned at KS?
> >
> > 2. There was a checkpoint/restart BOF plus talk at plumber's.
> > Notes on the BOF are here:
> > https://lists.linux-foundation.org/pipermail/containers/2009-September/020915.html
>
> Based on Suka's post, I updated the linux-cr wiki page with the
> notes from the BOF here:
>
> http://ckpt.wiki.kernel.org/index.php/LPC2009
Thanks.
> > 3. There was an OOM notification talk or BOF at plumber's.
> > Dave or Balbir, are there any notes about that meeting?
> >
> > 4. The actual title of the KS discussion is 'containers end-game'.
> > The containers-specific info I gathered in June was mainly about
> > additional resources which we might containerize. I expect that
> > will be useful in helping the KS community decide how far down
> > the containerization path they are willing to go - i.e. whether
> > we want to call what we have good enough and say you must use kvm
> > for anything more, whether we want to be able to provide all the
> > features of a full VM with containers, or something in between,
> > say targetting specific uses (perhaps only expand on cooperative
> > resource management containers). With that in mind, here are
> > some items that were mentioned in June as candidates for
> > more containerization work
> >
> > 1. Cpu hard limits, memory soft limits (Balbir)
> > 2. Large pages, mlock, shared page accounting (Balbir)
> > 3. Oom notification (Balbir - was anything decided on this
> > at plumber's?)
> > 4. There is agreement on getting rid of the ns cgroup,
> > provided that:
> > a. user namespaces can provide container confinement
> > guarantees
> > b. a compatibility flag is created to clone parent
> > cgroup when creating a new cgroup (Paul and Daniel)
> > 5. Poweroff/reboot handling in containers (Daniel)
> > 6. Full user namespaces to segragate uids in different
> > containers and confine root users in containers, i.e.
> > with respect to file systems like cgroupfs.
> > 7. Checkpoint/restart (c/r) will want time virtualization (Daniel)
> > 8. C/r will want inode virtualization (Daniel)
>
> What is the status on device namespace/virtualization ? the first few
> I have in mind are per-container: /dev/rtc, /dev/ttyX, and even
> dev/urandom (isolated entropy pools?).
They sound like good ideas. I think the status is unstarted :)
> The first two are important for containers that hold user sessions
> (e.g. linux terminal server) - is anyone pushing this use-case in the
> context of containers-end-game ?
/me hopes someone chimes in and says "I am".
BTW, containers end-game is off the ksummit agenda now.
-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list