6,535
 edits
Changes
fix using template:warning
This [[:Category:HOWTO|HOWTO]] shows how OpenVZ [[hardware node]] administrator can see a processes belonging to the host system only, or to a particular [[VEcontainer]].
== Problem ==
From [[VE0CT0]] one can see all the processes running on the system; that includes all the processes of all [[VEcontainer]]s and the processes of the [[host system]] itself. Sometimes you just want to see the processes from the host system only. Sometimes you just want to see the processes from a particular VEcontainer.
There are many ways to achieve it.
== Solutions ==
=== Hide container processes from host completely ===
It is possible to hide other CT's processes from [[CT0]]. For this just enable kernel.pid_ns_hide_child sysctl parameter:
<pre>
sysctl -w 'kernel.pid_ns_hide_child=1'
</pre>
and restart all containers. To make setting permanent put into /etc/sysctl.conf following line:
<pre>
kernel.pid_ns_hide_child=1
</pre>
After this ps or htop or top will not show other container processes.
{{Warning|If you use checkpointing and/or live migration, note they are not compatible with this feature and will stop working.}}
=== "Poor man's vzps in bash" ===
# Usage: ./ovzps CTID [ps flags ...]
function find_ve_pidsfind_container_pids(){
       local pid
       local myveidmyctid=$1       local vepidsctpids=
       for pid in $ALLPIDS; do
               [ -f /proc/$pid/status ] || continue
               fi
       done
       echo "$vepidsctpids"
}
ALLPIDS=`ps -A -o pid --no-headers`
shift
if [ -n "${VEPIDSCTPIDS}" ]; then        ps $* -p $VEPIDSCTPIDS
else
        exit 0
fi
</pre>
A faster version:
<pre>
#! /bin/bash
# Usage: ovzps <CTID> [ps flags ...]
ctid=${1:-0}
shift
ps $* -p $(grep -l "^envID:[[:space:]]*$ctid\$" /proc/[0-9]*/status | 
	sed -e 's=/proc/\([0-9]*\)/.*=\1=')
</pre>
Take <code>vzprocps</code> tools from http://download.openvz.org/contrib/utils/.
These are usual <code>ps</code> and <code>top</code> utilities (named <code>vztop</code> and <code>vzps</code> to not conflict with the standard ones) with an <code>-E</code> option added. You can use <code>-E <i>CTID</i></code> option to limit the output to the selected CTID (use 0 for the host system), or just <code>-E</code> without an argument to just add CTID column to output.
=== Use vzprocps-perl tools ===
Take <code>vzprocps-perl</code> tools from http://sourceforge.net/p/vzprocpsperl/wiki/vzprocps-perl/.
Write in Perl with basics functions. 
Can be used in x86_64 architecture. 
== See also ==