UBC consistency check
System resource control parameters have certain interdependencies. Constraints on the parameter settings are listed below. Indexes
lim in the formulae below mean the barrier and the limit of the parameters, respectively.
Configuration of resource control parameters for a container is invalid if these constraints are not satisfied. The best way to ensure the validity of the configuration is to use the vzcfgvalidate(8) utility.
All the interdependencies discussed below and their importance are summarized in UBC interdependencies table.
The configured limits can be checked through
- /proc/user_beancounters interface;
- /proc/bc/ interface;
- vzubc(8) utility;
- container configuration files in
- 1 kmemsize should be enough for the expected number of processes
- 2 Memory allocation limits should not be less than the guarantee
- 3 Send buffers should have enough space for all sockets
- 4 Other TCP socket buffers should be big enough
- 5 UDP socket buffers should be large enough if the system is not tight on memory
- 6 Number of files limit should be adequate for the expected number of processes
- 7 The limit on the total size of dentry and inode structures locked in memory should be adequate for allowed number of files
- 8 Barrier should be less or equal than limit
- 9 Code
kmemsize should be enough for the expected number of processes
avnumproc here stands for the expected average number of processes).
This constraint is important for applications to work reliably in the container. If it is not satisfied, applications will start to fail in the middle of operations instead of failing while spawning more processes and the application's ability to handle resource shortage will be very limited.
Memory allocation limits should not be less than the guarantee
If this constraint is not satisfied,
vmguarpages will not work.
Send buffers should have enough space for all sockets
These constraints are also important. If they are not satisfied, transmission of data over the sockets may hang in some circumstances.
Other TCP socket buffers should be big enough
Selecting the left side equal to the right side in the inequalities above ensures minimal performance of network communications. Increasing the left side will increase performance to a certain extent.
UDP socket buffers should be large enough if the system is not tight on memory
These constraints are desired, but not essential. Large enough buffers for UDP sockets improve reliability of datagram delivery. However, note that if the UDP traffic is so bursty that it needs larger buffers, the datagrams will likely be lost not because of resource control limits, but because of other memory and performance limitations.
Number of files limit should be adequate for the expected number of processes
Note that each process after a
execve(2) system call
requires a file for each loaded shared library.
A too low
numfile limit will increase the chances of failures
execve(2) calls with error messages that are not clear
to the users.
The limit on the total size of
inode structures locked in memory should be adequate for allowed number of files
A too low
dcachesize limit will increase the chances of
file operation refusals resulting in unexpected application failures.
Barrier should be less or equal than limit
In addition to the conditions listed above,
should be maintained for each parameter.
See User:Grin/openvz checker.pl for a contributed code to check the consistency.