Difference between revisions of "UBC consistency check"
m (fixed vzcfgvalidate util name) |
(highlight vzcfgvalidate) |
||
(10 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
− | + | {{UBC toc}} | |
− | Configuration of resource control parameters for a | + | System resource control parameters have certain interdependencies. Constraints on the parameter settings are listed below. Indexes <code>bar</code> and <code>lim</code> in the formulae below mean the barrier and the limit of the parameters, respectively. |
− | is invalid if these constraints are not satisfied. The best way to ensure the | + | |
− | validity of the configuration is to use | + | Configuration of resource control parameters for a container |
+ | is invalid if these constraints are not satisfied. '''The best way to ensure the | ||
+ | validity of the configuration is to use the {{man|vzcfgvalidate|8}} utility.''' | ||
All the interdependencies discussed below and their importance are summarized in [[UBC interdependencies table]]. | All the interdependencies discussed below and their importance are summarized in [[UBC interdependencies table]]. | ||
The configured limits can be checked through | The configured limits can be checked through | ||
− | * | + | * /[[proc/user_beancounters]] interface; |
− | * | + | * [[BC proc entries|/proc/bc/]] interface; |
+ | * {{Man|vzubc|8}} utility; | ||
+ | * container configuration files in <code>/etc/vz/conf/</code> directory; | ||
Line 17: | Line 21: | ||
(<code>avnumproc</code> here stands for the expected average number of processes). | (<code>avnumproc</code> here stands for the expected average number of processes). | ||
− | This constraint is important for | + | This constraint is important for applications to work reliably in the |
− | + | container. | |
− | If it is not satisfied, applications will start to fail | + | If it is not satisfied, applications will start to fail in the middle of |
− | operations instead of failing | + | operations instead of failing while spawning more processes |
− | and the application | + | and the application's ability to handle resource shortage will be very |
limited. | limited. | ||
Line 47: | Line 51: | ||
Selecting the left side equal to the right side in the inequalities | Selecting the left side equal to the right side in the inequalities | ||
above ensures minimal performance of network communications. | above ensures minimal performance of network communications. | ||
− | Increasing the left side will increase performance to certain extent. | + | Increasing the left side will increase performance to a certain extent. |
− | == UDP socket buffers should be | + | == UDP socket buffers should be large enough if the system is not tight on memory == |
<math>dgramrcvbuf_{bar} \ge 129KB</math> | <math>dgramrcvbuf_{bar} \ge 129KB</math> | ||
Line 55: | Line 59: | ||
These constraints are desired, but not essential. | These constraints are desired, but not essential. | ||
− | + | Large enough buffers for UDP sockets improve reliability of datagram delivery. | |
However, note that if the UDP traffic is so bursty that it needs larger | However, note that if the UDP traffic is so bursty that it needs larger | ||
buffers, the datagrams will likely be lost not because of resource control | buffers, the datagrams will likely be lost not because of resource control | ||
limits, but because of other memory and performance limitations. | limits, but because of other memory and performance limitations. | ||
− | == Number of | + | == Number of files limit should be adequate for the expected number of processes == |
<math>numfile \ge avnumproc \cdot 32</math> | <math>numfile \ge avnumproc \cdot 32</math> | ||
− | Note that each process after <code>execve(2)</code> system call | + | Note that each process after a <code>execve(2)</code> system call |
requires a file for each loaded shared library. | requires a file for each loaded shared library. | ||
− | + | A too low <code>numfile</code> limit will increase the chances of failures | |
− | during <code>execve(2)</code> | + | during <code>execve(2)</code> calls with error messages that are not clear |
− | + | to the users. | |
== The limit on the total size of <code>dentry</code> and <code>inode</code> structures locked in memory should be adequate for allowed number of files == | == The limit on the total size of <code>dentry</code> and <code>inode</code> structures locked in memory should be adequate for allowed number of files == | ||
Line 73: | Line 77: | ||
<math>dcachesize_{bar} \ge numfile \cdot 384\ \rm(bytes)</math> | <math>dcachesize_{bar} \ge numfile \cdot 384\ \rm(bytes)</math> | ||
− | + | A too low <code>dcachesize</code> limit will increase the chances of | |
− | file operation refusals | + | file operation refusals resulting in unexpected application failures. |
== Barrier should be less or equal than limit == | == Barrier should be less or equal than limit == | ||
Line 82: | Line 86: | ||
should be maintained for each parameter. | should be maintained for each parameter. | ||
+ | |||
+ | == Code == | ||
+ | See [[User:Grin/openvz checker.pl]] for a contributed code to check the consistency. | ||
+ | |||
+ | [[Category:Troubleshooting]] |
Latest revision as of 22:35, 23 November 2014
|
System resource control parameters have certain interdependencies. Constraints on the parameter settings are listed below. Indexes bar
and lim
in the formulae below mean the barrier and the limit of the parameters, respectively.
Configuration of resource control parameters for a container is invalid if these constraints are not satisfied. The best way to ensure the validity of the configuration is to use the vzcfgvalidate(8) utility.
All the interdependencies discussed below and their importance are summarized in UBC interdependencies table.
The configured limits can be checked through
- /proc/user_beancounters interface;
- /proc/bc/ interface;
- vzubc(8) utility;
- container configuration files in
/etc/vz/conf/
directory;
Contents
- 1 kmemsize should be enough for the expected number of processes
- 2 Memory allocation limits should not be less than the guarantee
- 3 Send buffers should have enough space for all sockets
- 4 Other TCP socket buffers should be big enough
- 5 UDP socket buffers should be large enough if the system is not tight on memory
- 6 Number of files limit should be adequate for the expected number of processes
- 7 The limit on the total size of dentry and inode structures locked in memory should be adequate for allowed number of files
- 8 Barrier should be less or equal than limit
- 9 Code
kmemsize should be enough for the expected number of processes[edit]
(avnumproc
here stands for the expected average number of processes).
This constraint is important for applications to work reliably in the container. If it is not satisfied, applications will start to fail in the middle of operations instead of failing while spawning more processes and the application's ability to handle resource shortage will be very limited.
Memory allocation limits should not be less than the guarantee[edit]
If this constraint is not satisfied, vmguarpages
will not work.
Send buffers should have enough space for all sockets[edit]
These constraints are also important. If they are not satisfied, transmission of data over the sockets may hang in some circumstances.
Other TCP socket buffers should be big enough[edit]
Selecting the left side equal to the right side in the inequalities above ensures minimal performance of network communications. Increasing the left side will increase performance to a certain extent.
UDP socket buffers should be large enough if the system is not tight on memory[edit]
These constraints are desired, but not essential. Large enough buffers for UDP sockets improve reliability of datagram delivery. However, note that if the UDP traffic is so bursty that it needs larger buffers, the datagrams will likely be lost not because of resource control limits, but because of other memory and performance limitations.
Number of files limit should be adequate for the expected number of processes[edit]
Note that each process after a execve(2)
system call
requires a file for each loaded shared library.
A too low numfile
limit will increase the chances of failures
during execve(2)
calls with error messages that are not clear
to the users.
The limit on the total size of dentry
and inode
structures locked in memory should be adequate for allowed number of files[edit]
A too low dcachesize
limit will increase the chances of
file operation refusals resulting in unexpected application failures.
Barrier should be less or equal than limit[edit]
In addition to the conditions listed above,
should be maintained for each parameter.
Code[edit]
See User:Grin/openvz checker.pl for a contributed code to check the consistency.