LXC CPU pinning

M

merlin-vrn

Member
Feb 10, 2020
14
0
21
42
Hello,

I met a requirement to pin some container to certain CPU cores forever. This comes from the specific software we installed into the container and its licensing model. It checks CPUs and if it finds any dissimilarity with license file, it refuses to use that license file.

My machine has 24 cores, but only 10 of them are given to the container. And each time I start container it sees different 10 cores. The software seems to record which cores are in use during license activation, and after container restart it finds another set of cores.

Currently I have SMT (hyperthreading) disabled, but it would be nice to also know how to deal with it enabled.

How can I pin a container to certain CPU cores? I use PVE 7, CT is Debian 10 (due to this specific software support).

I've seen some messages in this forum that might be relevant:
but I can't fully understand them. I think lack the required expertise in cgroups, LXC and systemd. Is it possible to encode everyting into CT configuration file (and, probably, the files referenced from it, but then it is unknown how to backup them together with the container)?
 
Last edited:
hi,

you can add the following to your container configuration:
Code: 
lxc.cgroup2.cpuset.cpus: 0-10

will pin the cores 0 to 10 for that container. please make sure you have latest version of pve-container as there was a bugfix related to rebalancing cpu cores on cgroupv2 recently (version 4.1-1 has the fix)
 
  • Like
Reactions: merlin-vrn and blebo
Is there a way to set this as "affinity" (like for kvm / qemu) ?
So if I set cores: 2 and also set lxc.cgroup2.cpuset.cpus: 0-11 (because of little-bit endian architecture), the lxc sees all 12 cores instead of only two (from the pool of 0-11 / 1-12).
 
leesteken said:
You can set this for VMs too but in a different way or via the Proxmox web GUI. See the affinity section here: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#qm_cpu_resource_limits
Click to expand...
sorry, I think you misunderstood me or I expressed it incorrectly.

I know that there is exactly this setting for cpu-affinity in kvm, but this works like:
- kvm has 2 cores
- affinity is set to 0-11
=> kvm selects 2 cores out of the set from 0-11

lxc.cgroup2.cpuset.cpus works this way:
- lxc has 2 cores
- cpuset is set to 0-11
=> lxc sees all cores from 0-11


So my question is, is there a way to have the kvm behaviour on lxc too?
 
no, because a container doesn't have virtual CPUs, it's just a collection of processes running on the host..
 
xenon96 said:
sorry, I think you misunderstood me or I expressed it incorrectly.

I know that there is exactly this setting for cpu-affinity in kvm, but this works like:
- kvm has 2 cores
- affinity is set to 0-11
=> kvm selects 2 cores out of the set from 0-11

lxc.cgroup2.cpuset.cpus works this way:
- lxc has 2 cores
- cpuset is set to 0-11
=> lxc sees all cores from 0-11


So my question is, is there a way to have the kvm behaviour on lxc too?
Click to expand...
Maybe give the VM 12 cores and set the the CPU Limit to 2? Alternatively, you can give it 12 cores but have only 2 enabled (and 10 disabled) by setting VCPUs to 2.
Either way you can set the affinity for the 12 cores.
I don't really see a use case for this. Can you explain what you want to achieve?
 
AFAIU the difference is:

VM: has two vCPUs which can run on a number of physical cores of the host, VM only sees two cores
CT: has two "cores" worth of CPU time which can run on a number of physical cores of the host, CT sees that number of cores not just the two (unless it's pinned to two cores, of course)
 
leesteken said:
Can you explain what you want to achieve?
Click to expand...
Yes, I have a Minisforum MS-01 with Intel 13th Gen CPU with Litte-Big Endian architecture. And sometimes I have some Segfaults - I'll try to see if this comes from jumping cores from P-Core to E-Core or vice versa.

CT: has two "cores" worth of CPU time which can run on a number of physical cores of the host, CT sees that number of cores not just the two (unless it's pinned to two cores, of course)
Click to expand...
So with lxc.cgroup2.cpuset.cpus I do not take resources away from the other containers?
 
  • Like
Reactions: leesteken
You must log in or register to reply here.
Top Bottom