🐳 Как включить Control Group v2

by itisgood

Включим Control Group v2 для podman для отображения статистики использования ресурсов контейнера.

Просмотр дистрибутива Linux.

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu Impish Indri (development branch)
Release:        21.10
Codename:       impish

Обновим систему

$ sudo apt update

Установим podman.

$ sudo apt install podman

Отображение основной информации о podman.

Обратите внимание, что cgroupVersion имеет значение v1.

$ podman info
host:
  arch: amd64
  buildahVersion: 1.21.0
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: 'conmon: /usr/bin/conmon'
    path: /usr/bin/conmon
    version: 'conmon version 2.0.25, commit: unknown'
  cpus: 2
  distribution:
    distribution: ubuntu
    version: "21.10"
  eventLogger: journald
  hostname: ubuntu-impish
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.13.0-14-generic
  linkmode: dynamic
  memFree: 360980480
  memTotal: 1018318848
  ociRuntime:
    name: runc
    package: 'runc: /usr/sbin/runc'
    path: /usr/sbin/runc
    version: |-
      runc version 1.0.1-0ubuntu2
      spec: 1.0.2-dev
      go: go1.16.5
      libseccomp: 2.5.1
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCA
P,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: 'slirp4netns: /usr/bin/slirp4netns'
    version: |-
      slirp4netns version 1.0.1
      commit: 6a7b16babc95b6a3056b33fb45b74a6f62262dd4
      libslirp: 4.4.0
  swapFree: 0
  swapTotal: 0
  uptime: 37m 36.58s
registries: {}
store:
  configFile: /home/vagrant/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/vagrant/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 0
  runRoot: /run/user/1000/containers
  volumePath: /home/vagrant/.local/share/containers/storage/volumes
version:
  APIVersion: 3.2.1
  Built: 0
  BuiltTime: Thu Jan  1 00:00:00 1970
  GitCommit: ""
  GoVersion: go1.16.2
  OsArch: linux/amd64
  Version: 3.2.1

Скачаем образ

$ podman pull docker.io/library/mariadb
Trying to pull docker.io/library/mariadb:latest...
Getting image source signatures
Copying blob e8aad5ad91b4 done
Copying blob c9acfbaed0bf done
Copying blob c0eb3de6044a done
Copying blob 7275e59ecb3d done
Copying blob bc1fe3865c9c done
Copying blob 35807b77a593 done
Copying blob 91c9aaf2ea87 done
Copying blob 63117ccbd0ec done
Copying blob 2118d7479e34 done
Copying blob 6bd89e50398a done
Copying config 6b01262bc7 done
Writing manifest to image destination
Storing signatures
6b01262bc78060dbf916a65219ccfeeac74a6b9c44340044cb709c0d3b148440

Запустим образ в фоновом режиме.

$ podman run --detach --name mariadb -e MARIADB_RANDOM_ROOT_PASSWORD=true mariadb
3ed597e915d300794d56e71d91c5f743aadb86ca21c3e1c63c24e92bd2d11bc5

Проверим статистику контейнера.

$ podman stats mariadb
Error: stats is not supported in rootless mode without cgroups v2

Эта ошибка была ожидаема, так как podman четко указал, что он использует cgroupVersion v1.

Это также может быть определено отсутствием файла cgroup.controllers или файловой системы crgoup.

$ cat /sys/fs/cgroup/cgroup.controllers
cat: /sys/fs/cgroup/cgroup.controllers: No such file or directory
$ stat -c %T -f /sys/fs/cgroup
tmpfs

Чтобы включить Control Group v2, измените параметры загрузки и добавьте параметр systemd.unified_cgroup_hierarchy=1.

$ cat /etc/default/grub | grep GRUB_CMDLINE_LINUX=
GRUB_CMDLINE_LINUX=""
$ sudo sed -i -e 's/^GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=1"/' /etc/default/grub
$ sudo update-grub
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/50-cloudimg-settings.cfg'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.13.0-14-generic
Found initrd image: /boot/initrd.img-5.13.0-14-generic
done

Перезагрузите операционную систему.

$ sudo reboot

Проверьте файловую систему cgroup.

$ stat -c %T -f /sys/fs/cgroup
cgroup2fs

Проверьте файл cgroup.controllers.

$ cat /sys/fs/cgroup/cgroup.controllers
cpuset cpu io memory hugetlb pids rdma misc

Проверьте информацию о podman.

$ podman info
host:
  arch: amd64
  buildahVersion: 1.21.0
  cgroupControllers: []
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: 'conmon: /usr/bin/conmon'
    path: /usr/bin/conmon
    version: 'conmon version 2.0.25, commit: unknown'
  cpus: 2
  distribution:
    distribution: ubuntu
    version: "21.10"
  eventLogger: journald
  hostname: ubuntu-impish
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.13.0-14-generic
  linkmode: dynamic
  memFree: 380932096
  memTotal: 1018318848
  ociRuntime:
    name: runc
    package: 'runc: /usr/sbin/runc'
    path: /usr/sbin/runc
    version: |-
      runc version 1.0.1-0ubuntu2
      spec: 1.0.2-dev
      go: go1.16.5
      libseccomp: 2.5.1
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCA
P,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: 'slirp4netns: /usr/bin/slirp4netns'
    version: |-
      slirp4netns version 1.0.1
      commit: 6a7b16babc95b6a3056b33fb45b74a6f62262dd4
      libslirp: 4.4.0
  swapFree: 0
  swapTotal: 0
  uptime: 32m 10.7s
registries: {}
store:
  configFile: /home/vagrant/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 1
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/vagrant/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 2
  runRoot: /run/user/1000/containers
  volumePath: /home/vagrant/.local/share/containers/storage/volumes
version:
  APIVersion: 3.2.1
  Built: 0
  BuiltTime: Thu Jan  1 00:00:00 1970
  GitCommit: ""
  GoVersion: go1.16.2
  OsArch: linux/amd64
  Version: 3.2.1

Теперь вы можете просто отображать статистику контейнеров …

$ podman stats --no-stream mariadb
ID            NAME     CPU %   MEM USAGE / LIMIT  MEM %   NET IO   BLOCK IO  PIDS
3ed597e915d3  mariadb  2.74%   98.21MB / 1.018GB  9.64%   -- / --  -- / --   9

… или экспортировать их в формате JSON.

$ podman stats --no-stream --format=json mariadb
[
 {
  "id": "3ed597e915d3",
  "name": "mariadb",
  "cpu_percent": "4.70%",
  "mem_usage": "98.17MB / 1.018GB",
  "mem_percent": "9.64%",
  "net_io": "-- / --",
  "block_io": "-- / --",
  "pids": "8"
 }
]

 

You may also like

Leave a Comment