[systemd-devel] systemd-cgroups-agent not working in containers

Martin Pitt mpitt at debian.org
Fri Nov 28 05:33:02 UTC 2014


Hello all,

Cameron Norman [2014-11-27 12:26 -0800]:
> On Wed, Nov 26, 2014 at 1:29 PM, Richard Weinberger <richard at nod.at> wrote:
> > Hi!
> >
> > I run a Linux container setup with openSUSE 13.1/2 as guest distro.
> > After some time containers slow down.
> > An investigation showed that the containers slow down because a lot of stale
> > user sessions slow down almost all systemd tools, mostly systemctl.
> > loginctl reports many thousand sessions.
> > All in state "closing".
> 
> This sounds similar to an issue that systemd-shim in Debian had.
> Martin Pitt (helps to maintain systemd in Debian) fixed that issue; he
> may have some ideas here. I CC'd him.

The problem with systemd-shim under sysvinit or upstart was that shim
didn't set a cgroup release agent like systemd itself does. Thus the
cgroups were never cleaned up after all the session processes died.
(See 1.4 on https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
for details)

I don't think that SUSE uses systemd-shim, I take it in that setup you
are running systemd proper on both the host and the guest? Then I
suggest checking the cgroups that correspond to the "closing" sessions
in the container, i. e. /sys/fs/cgroup/systemd/.../session-XX.scope/tasks.
If there are still processes in it, logind is merely waiting for them
to exit (or set KillUserProcesses in logind.conf). If they are empty,
check that /sys/fs/cgroup/systemd/.../session-XX.scope/notify_on_release is 1
and that /sys/fs/cgroup/systemd/release_agent is set?

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)


More information about the Containers mailing list