How to enable Control Group v2

How to enable Control Group v2

https://sleeplessbeastie.eu/2021/09/10/how-to-enable-control-group-v2/

September 10, 2021 · 4 min · 770 words · Ubuntu Impish Indri · Podman · Ubuntu Enable Control Group v2 for podman to display container’s resource usage statistics.

Display Linux distribution.

$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Impish Indri (development branch) Release: 21.10 Codename: impish Update package index.

$ sudo apt update Install podman.

$ sudo apt install podman Display basic podman information. Notice that the cgroupVersion is set to v1.

$ podman info host: arch: amd64 buildahVersion: 1.21.0 cgroupControllers: [] cgroupManager: cgroupfs cgroupVersion: v1 conmon: package: ‘conmon: /usr/bin/conmon’ path: /usr/bin/conmon version: ‘conmon version 2.0.25, commit: unknown’ cpus: 2 distribution: distribution: ubuntu version: “21.10” eventLogger: journald hostname: ubuntu-impish idMappings: gidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 uidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 kernel: 5.13.0-14-generic linkmode: dynamic memFree: 360980480 memTotal: 1018318848 ociRuntime: name: runc package: ‘runc: /usr/sbin/runc’ path: /usr/sbin/runc version: |- runc version 1.0.1-0ubuntu2 spec: 1.0.2-dev go: go1.16.5 libseccomp: 2.5.1 os: linux remoteSocket: path: /run/user/1000/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCA P,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: false serviceIsRemote: false slirp4netns: executable: /usr/bin/slirp4netns package: ‘slirp4netns: /usr/bin/slirp4netns’ version: |- slirp4netns version 1.0.1 commit: 6a7b16babc95b6a3056b33fb45b74a6f62262dd4 libslirp: 4.4.0 swapFree: 0 swapTotal: 0 uptime: 37m 36.58s registries: {} store: configFile: /home/vagrant/.config/containers/storage.conf containerStore: number: 0 paused: 0 running: 0 stopped: 0 graphDriverName: overlay graphOptions: {} graphRoot: /home/vagrant/.local/share/containers/storage graphStatus: Backing Filesystem: extfs Native Overlay Diff: “false” Supports d_type: “true” Using metacopy: “false” imageStore: number: 0 runRoot: /run/user/1000/containers volumePath: /home/vagrant/.local/share/containers/storage/volumes version: APIVersion: 3.2.1 Built: 0 BuiltTime: Thu Jan 1 00:00:00 1970 GitCommit: “” GoVersion: go1.16.2 OsArch: linux/amd64 Version: 3.2.1 Pull an image.

$ podman pull docker.io/library/mariadb Trying to pull docker.io/library/mariadb:latest… Getting image source signatures Copying blob e8aad5ad91b4 done Copying blob c9acfbaed0bf done Copying blob c0eb3de6044a done Copying blob 7275e59ecb3d done Copying blob bc1fe3865c9c done Copying blob 35807b77a593 done Copying blob 91c9aaf2ea87 done Copying blob 63117ccbd0ec done Copying blob 2118d7479e34 done Copying blob 6bd89e50398a done Copying config 6b01262bc7 done Writing manifest to image destination Storing signatures 6b01262bc78060dbf916a65219ccfeeac74a6b9c44340044cb709c0d3b148440 Run an image in the background.

$ podman run –detach –name mariadb -e MARIADB_RANDOM_ROOT_PASSWORD=true mariadb 3ed597e915d300794d56e71d91c5f743aadb86ca21c3e1c63c24e92bd2d11bc5 Inspect container stats.

$ podman stats mariadb Error: stats is not supported in rootless mode without cgroups v2 This error was expected as podman clearly stated that it is using cgroupVersion v1.

This can be also determined by missing cgroup.controllers file or crgoup filesystem.

$ cat /sys/fs/cgroup/cgroup.controllers cat: /sys/fs/cgroup/cgroup.controllers: No such file or directory $ stat -c %T -f /sys/fs/cgroup tmpfs To enable Control Group v2 alter boot options to append systemd.unified_cgroup_hierarchy=1 parameter.

$ cat /etc/default/grub | grep GRUB_CMDLINE_LINUX= GRUB_CMDLINE_LINUX=”” $ sudo sed -i -e ‘s/^GRUB_CMDLINE_LINUX=”“/GRUB_CMDLINE_LINUX=”systemd.unified_cgroup_hierarchy=1”/’ /etc/default/grub $ sudo update-grub Sourcing file /etc/default/grub' Sourcing file /etc/default/grub.d/50-cloudimg-settings.cfg’ Sourcing file `/etc/default/grub.d/init-select.cfg’ Generating grub configuration file … Found linux image: /boot/vmlinuz-5.13.0-14-generic Found initrd image: /boot/initrd.img-5.13.0-14-generic done Reboot the operating system.

$ sudo reboot Inspect cgroup filesystem.

$ stat -c %T -f /sys/fs/cgroup cgroup2fs Inspect cgroup.controllers file.

$ cat /sys/fs/cgroup/cgroup.controllers cpuset cpu io memory hugetlb pids rdma misc Inspect podman information.

$ podman info host: arch: amd64 buildahVersion: 1.21.0 cgroupControllers: [] cgroupManager: systemd cgroupVersion: v2 conmon: package: ‘conmon: /usr/bin/conmon’ path: /usr/bin/conmon version: ‘conmon version 2.0.25, commit: unknown’ cpus: 2 distribution: distribution: ubuntu version: “21.10” eventLogger: journald hostname: ubuntu-impish idMappings: gidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 uidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 kernel: 5.13.0-14-generic linkmode: dynamic memFree: 380932096 memTotal: 1018318848 ociRuntime: name: runc package: ‘runc: /usr/sbin/runc’ path: /usr/sbin/runc version: |- runc version 1.0.1-0ubuntu2 spec: 1.0.2-dev go: go1.16.5 libseccomp: 2.5.1 os: linux remoteSocket: exists: true path: /run/user/1000/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCA P,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: false serviceIsRemote: false slirp4netns: executable: /usr/bin/slirp4netns package: ‘slirp4netns: /usr/bin/slirp4netns’ version: |- slirp4netns version 1.0.1 commit: 6a7b16babc95b6a3056b33fb45b74a6f62262dd4 libslirp: 4.4.0 swapFree: 0 swapTotal: 0 uptime: 32m 10.7s registries: {} store: configFile: /home/vagrant/.config/containers/storage.conf containerStore: number: 1 paused: 0 running: 1 stopped: 0 graphDriverName: overlay graphOptions: {} graphRoot: /home/vagrant/.local/share/containers/storage graphStatus: Backing Filesystem: extfs Native Overlay Diff: “false” Supports d_type: “true” Using metacopy: “false” imageStore: number: 2 runRoot: /run/user/1000/containers volumePath: /home/vagrant/.local/share/containers/storage/volumes version: APIVersion: 3.2.1 Built: 0 BuiltTime: Thu Jan 1 00:00:00 1970 GitCommit: “” GoVersion: go1.16.2 OsArch: linux/amd64 Version: 3.2.1 Now, you can simply display container statistics …

$ podman stats –no-stream mariadb ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS 3ed597e915d3 mariadb 2.74% 98.21MB / 1.018GB 9.64% – / – – / – 9 … or export these as JSON.

$ podman stats –no-stream –format=json mariadb [ { “id”: “3ed597e915d3”, “name”: “mariadb”, “cpu_percent”: “4.70%”, “mem_usage”: “98.17MB / 1.018GB”, “mem_percent”: “9.64%”, “net_io”: “– / –”, “block_io”: “– / –”, “pids”: “8” } ] Published on 2021-09-10 11:00, and built on 2025-12-16 04:00 UTC.