Correct cgroup access on older kernels
This change adds an auto mount entry into config which ensures containers have access to the cgroups, even if they're read only. Without this change containers see a notable slowdown and repeating message regarding a failure when resetting the device list. This option has no effect and is not needed on newer kernels (4.15+) as cgroup namespaces and device access is inherent to the creation of a container namespace. > Example Error: http://paste.openstack.org/show/702764 While this change is introducing new config into the container it is not forcing a container restart. This is approach has been taken to ensure we're correcting the issue on greenfield deployments but not impacting running ones. Change-Id: I31b1b5a044687f52b1c54049ba03c65ecda34b51 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
beeb8573f6
commit
774aef5472
|
@ -25,6 +25,14 @@
|
|||
notify:
|
||||
- Lxc container restart
|
||||
|
||||
- name: Ensure containers have access RO cgroups
|
||||
lineinfile:
|
||||
dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
|
||||
line: "lxc.mount.auto = proc:rw sys:ro cgroup:ro"
|
||||
insertafter: "^lxc.mount.auto"
|
||||
backup: "true"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
|
||||
- name: Ensure bind mount host directories exists
|
||||
file:
|
||||
path: "{{ item['host_directory'] }}"
|
||||
|
|
Loading…
Reference in New Issue