Difference between revisions of "UBC auxiliary parameters"
(→swappages: +kiprensky) |
(→swappages: +held) |
||
Line 209: | Line 209: | ||
The value of <code>barrier</code> for this beancounter is ignored. | The value of <code>barrier</code> for this beancounter is ignored. | ||
+ | |||
+ | The value of <code>held</code> shows how much swap space | ||
+ | is currently being used for this container. |
Revision as of 12:56, 5 April 2010
|
Configuration of primary and secondary resource control parameters is important for security and stability of the whole system. Auxiliary parameters differ much from primary and secondary parameters in this respect.
Contents
Introduction
The primary functions of auxiliary parameters are the following.
- These parameters improve application's handling of errors and resource consumption limitations. Without these auxiliary parameters, possible bugs in applications (such as forgetting to unlock locked files or forgetting to collect signals) will cause slowdown and, after some time, killing of the applications because of memory exhaustion. In presence of these parameters, applications will notice the problem (because, for example, attempts to create new file locks start to fail) and show an appropriate message helping to debug the problem. Another example. Each object such as opened file or established network connection consume certain resources. When the container is close to exhaustion of the resources allowed to him, it is usually better to refuse creation of new object than to allow it but deny memory allocation or terminate (in case of complete exhaustion of the resources) an already running application.
- These parameters improve fault isolation between applications in the same container. Failures or misbehavior of one application inside a container is more likely to cause hitting a limit on some auxiliary parameter and normal termination of this mis- behaving application, rather than abnormal termination of some other long-running application inside the same container.
- These parameters may be used to impose some administrative limits on the container (for example, to not allow the user to run database servers by limiting the amount of shmpages, or limiting the number of simultaneous shell sessions through numpty).
So, auxiliary parameters play a role similar to limits imposed by
setrlimit(2)
interface and limits configurable by
sysctl(8)
in standard
Linux installations.
Because of this helper role in resource control, system management software may show auxiliary parameters only in advanced mode for experienced administrators and hide them in “basic” management modes.
lockedpages
Process pages not allowed to be swapped out (pages locked by mlock(2)
).
The size of these pages is also accounted into kmemsize
.
The barrier
may be set equal to the limit
or may allow
some gap between the barrier
and the limit
, depending
on the nature of applications using memory locking features.
Note that typical server applications like Web, FTP, mail servers do not use memory locking features.
The configuration of this parameter doesn't affect security and stability of the whole system or isolation between containers. Its configuration affects functionality and resource shortage reaction of applications in the given container only.
shmpages
The total size of shared memory (IPC, shared anonymous mappings and
tmpfs
objects).
These pages are also accounted into privvmpages
.
The barrier
should be set equal to the limit
.
The configuration of this parameter doesn't affect security and
stability of the whole system or isolation between containers.
Its configuration affects functionality and resource shortage reaction
of applications in the given container only.
physpages
Total number of RAM pages used by processes in this container.
For memory pages used by several different containers (mappings of
shared libraries, for example), only a fraction of a page is charged to each
container.
The sum of the physpages
usage for all containers
corresponds to the total number of pages used in the system by all
containers.
Physpages
is an accounting-only parameter currently.
In future OpenVZ releases, this parameter will allow to provide guaranteed
amount of application memory, residing in RAM and not swappable.
For compatibility with future versions, the barrier
of this
parameter should be set to 0
and the limit
to
the maximal allowed value (MAX_ULONG).
numfile
Number of open files.
The barrier
should be set equal to the limit
.
The configuration of this parameter doesn't affect security and
stability of the whole system or isolation between containers.
Its configuration affects functionality and resource shortage reaction
of applications in the given container only.
Note: actually currently adjusting the barrier
will change the kernel behaviour on "pre-charging" the numfile resource. If you change one you will most likely not notice any changes in container behaviour at all. This ability was added for researching purposes purely.
numflock
Number of file locks.
The configuration of this parameter should have a
gap between the barrier
and the limit
, as illustrated in
UBC configuration examples.
Very high limits on numflock
parameters and the big number
of file locks in the system may cause certain slowdown of
the whole system (but not fatal).
So, the limits on this parameter should be reasonable, depending
on the real requirements of the applications.
numpty
Number of pseudo-terminals.
This parameter is usually used to limit the number of simultaneous shell
sessions.
The barrier
should be set equal to the limit
.
The configuration of this parameter doesn't affect security and
stability of the whole system or isolation between containers.
Its configuration affects functionality and resource shortage reaction
of applications in the given container only.
However, in OpenVZ systems, the actual number of pseudo-terminals allowed
for one container is limited to 256
.
numsiginfo
Number of siginfo
structures.
The size of the structure is also accounted into kmemsize
.
The default installations of stand-alone Linux systems limit this number
to 1024
for the whole system.
In OpenVZ installations, numsiginfo
limit applies to each
container individually.
The barrier
should be set equal to the limit
.
Very high settings of the limit
of this parameter may reduce
responsiveness of the system.
It is unlikely that any container will need the limit greater than
the Linux default — 1024
.
dcachesize
The total size of dentry
and inode
structures locked in memory.
Dcachesize
parameter controls filesystem-related caches, such as
directory entry (dentry
) and inode caches.
The value accounted into dcachesize
is also included into
kmemsize
.
Dcachesize
exists as a separate parameter to impose a limit causing
file operations to sense memory shortage and return an error to applications,
protecting from memory shortages during critical operations that shouldn't
fail.
The configuration of this parameter should have a
gap between the barrier
and the limit
, as illustrated in
UBC configuration examples.
The configuration of this parameter doesn't affect security and
stability of the whole system or isolation between containers.
Its configuration affects functionality and resource shortage reaction
of applications in the given container only.
numiptent
The number of NETFILTER (IP packet filtering) entries.
The barrier
should be set equal to the limit
.
There is a restriction on the total number of numiptent
.
It depends on the amount of other allocations in so called “vmalloc”
memory area and constitutes about 250000
entries.
Violation of this restriction may cause failures of operations with
IP packet filter tables (execution of iptables(8)
)
in any container or the host system,
or failures of container starts.
Also, large numiptent
cause considerable slowdown of processing
of network packets. It is not recommended to allow containers
to create more than 200–300 numiptent
.
swappages
The amount of swap space to show in container.
Note: this parameter is only available in RHEL5-based kernel since version 028stab060.2, in 2.6.27 since kiprensky. |
The configuration of this parameter doesn't affect security and stability of the whole system or isolation between containers. Its configuration only affects the way OpenVZ kernel reports about available swap in a container. This is needed for some applications which refuse to run inside a container unless the kernel report that no less than some specific amount of swap is available.
If limit
is set, its value is reported as the amount
of total swap space in a container.
If the limit
is set to MAX_ULONG (which is the
in-kernel default for this parameter), all the swap space values
parameters (total, used, free) are reported as 0.
The value of barrier
for this beancounter is ignored.
The value of held
shows how much swap space
is currently being used for this container.