[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] kernel summit topic - 'containers end-game'



On Tue, Jun 23, 2009 at 8:26 PM, Serge E. Hallyn<serue us ibm com> wrote:
> A topic on ksummit agenda is 'containers end-game and how do we
> get there'.
>
> So for starters, looking just at application (and system) containers, what do
> the libvirt and liblxc projects want to see in kernel support that is currently
> missing?  Are there specific things that should be done soon to make containers
> more useful and usable?
>
> More generally, the topic raises the question... what 'end-games' are there?
> A few I can think of off-hand include:
>
>        1. resource control

We intend to hold a io-controller minisummit before KS, we should have
updates on that front. We also need to discuss CPU hard limits and
Memory soft limits. We need control for memory large page, mlock, OOM
notification support, shared page accounting, etc. Eventually on the
libvirt front, we want to isolate cgroup and lxc support into
individual components (long term)

>        2. lightweight virtual servers
>        3. (or 2.5) unprivileged containers/jail-on-steroids
>                (lightweight virtual servers in which you might, just
>                maybe, almost, be able to give away a root account, at
>                least as much as you could do so with a kvm/qemu/xen
>                partition)
>        4. checkpoint, restart, and migration
>
> For each end-game, what kernel pieces do we think are missing?  For instance,
> people seem agreed that resource control needs io control :)  Containers imo
> need a user namespace.  I think there are quite a few network namespace
> exploiters who require sysfs directory tagging (or some equivalent) to
> allow us to migrate physical devices into network namespaces.  And
> checkpoint/restart needs... checkpoint/restart.

Balbir Singh


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]