Difference between revisions of "UBC consistency check"
(code) |
(highlight vzcfgvalidate) |
||
(One intermediate revision by the same user not shown) | |||
Line 4: | Line 4: | ||
Configuration of resource control parameters for a container | Configuration of resource control parameters for a container | ||
− | is invalid if these constraints are not satisfied. The best way to ensure the | + | is invalid if these constraints are not satisfied. '''The best way to ensure the |
− | validity of the configuration is to use the {{man|vzcfgvalidate|8}} utility. | + | validity of the configuration is to use the {{man|vzcfgvalidate|8}} utility.''' |
All the interdependencies discussed below and their importance are summarized in [[UBC interdependencies table]]. | All the interdependencies discussed below and their importance are summarized in [[UBC interdependencies table]]. | ||
The configured limits can be checked through | The configured limits can be checked through | ||
− | * | + | * /[[proc/user_beancounters]] interface; |
− | * container configuration files in <code>/etc/vz/conf/</code> directory | + | * [[BC proc entries|/proc/bc/]] interface; |
+ | * {{Man|vzubc|8}} utility; | ||
+ | * container configuration files in <code>/etc/vz/conf/</code> directory; | ||
Latest revision as of 22:35, 23 November 2014
|
System resource control parameters have certain interdependencies. Constraints on the parameter settings are listed below. Indexes bar
and lim
in the formulae below mean the barrier and the limit of the parameters, respectively.
Configuration of resource control parameters for a container is invalid if these constraints are not satisfied. The best way to ensure the validity of the configuration is to use the vzcfgvalidate(8) utility.
All the interdependencies discussed below and their importance are summarized in UBC interdependencies table.
The configured limits can be checked through
- /proc/user_beancounters interface;
- /proc/bc/ interface;
- vzubc(8) utility;
- container configuration files in
/etc/vz/conf/
directory;
Contents
- 1 kmemsize should be enough for the expected number of processes
- 2 Memory allocation limits should not be less than the guarantee
- 3 Send buffers should have enough space for all sockets
- 4 Other TCP socket buffers should be big enough
- 5 UDP socket buffers should be large enough if the system is not tight on memory
- 6 Number of files limit should be adequate for the expected number of processes
- 7 The limit on the total size of dentry and inode structures locked in memory should be adequate for allowed number of files
- 8 Barrier should be less or equal than limit
- 9 Code
kmemsize should be enough for the expected number of processes[edit]
(avnumproc
here stands for the expected average number of processes).
This constraint is important for applications to work reliably in the container. If it is not satisfied, applications will start to fail in the middle of operations instead of failing while spawning more processes and the application's ability to handle resource shortage will be very limited.
Memory allocation limits should not be less than the guarantee[edit]
If this constraint is not satisfied, vmguarpages
will not work.
Send buffers should have enough space for all sockets[edit]
These constraints are also important. If they are not satisfied, transmission of data over the sockets may hang in some circumstances.
Other TCP socket buffers should be big enough[edit]
Selecting the left side equal to the right side in the inequalities above ensures minimal performance of network communications. Increasing the left side will increase performance to a certain extent.
UDP socket buffers should be large enough if the system is not tight on memory[edit]
These constraints are desired, but not essential. Large enough buffers for UDP sockets improve reliability of datagram delivery. However, note that if the UDP traffic is so bursty that it needs larger buffers, the datagrams will likely be lost not because of resource control limits, but because of other memory and performance limitations.
Number of files limit should be adequate for the expected number of processes[edit]
Note that each process after a execve(2)
system call
requires a file for each loaded shared library.
A too low numfile
limit will increase the chances of failures
during execve(2)
calls with error messages that are not clear
to the users.
The limit on the total size of dentry
and inode
structures locked in memory should be adequate for allowed number of files[edit]
A too low dcachesize
limit will increase the chances of
file operation refusals resulting in unexpected application failures.
Barrier should be less or equal than limit[edit]
In addition to the conditions listed above,
should be maintained for each parameter.
Code[edit]
See User:Grin/openvz checker.pl for a contributed code to check the consistency.