Editing Processes scope and visibility

This [[:Category:HOWTO|HOWTO]] shows how OpenVZ [[hardware node]]
administrator can see a processes belonging to the host system only, or to a
particular [[container]].

== Problem ==
From [[CT0]] one can see all the processes running on the system; that
includes all the processes of all [[container]]s and the processes of the
[[host system]] itself. Sometimes you just want to see the processes from the host system only. Sometimes you just want to see the processes from a
particular container.

There are many ways to achieve it.

== Solutions ==

=== Hide container processes from host completely ===

It is possible to hide other CT's processes from [[CT0]]. For this just enable kernel.pid_ns_hide_child sysctl parameter:

sysctl -w 'kernel.pid_ns_hide_child=1'

and restart all containers. To make setting permanent put into /etc/sysctl.conf following line:

kernel.pid_ns_hide_child=1

After this ps or htop or top will not show other container processes.

{{Warning|If you use checkpointing and/or live migration, note they are not compatible with this feature and will stop working.}}


=== "Poor man's vzps in bash" ===
Use the following script by aistis, broken by [[User:Kir|Kir]], fixed by [[User:Hvdkamer|Hvdkamer]].

First argument is CT ID (0 for the host system), all the remaining arguments are passed to <code>ps(1)</code> utility.

<pre>
#!/bin/bash
# Usage: ./ovzps CTID [ps flags ...]

function find_container_pids(){
       local pid
       local myctid=$1
       local ctpids=

       for pid in $ALLPIDS; do
               [ -f /proc/$pid/status ] || continue
               ctid=`grep envID /proc/$pid/status | awk -F: '{print $2}'`
               if [ ${ctid} = ${myctid} ]; then
                       ctpids="$ctpids $pid"
               fi
       done
       echo "$ctpids"
}

ALLPIDS=`ps -A -o pid --no-headers`
CTPIDS=`find_container_pids $1`
shift

if [ -n "${CTPIDS}" ]; then
        ps $* -p $CTPIDS
else
        exit 0
fi
</pre>

A faster version:

<pre>
#! /bin/bash
# Usage: ovzps <CTID> [ps flags ...]

ctid=${1:-0}
shift

ps $* -p $(grep -l "^envID:[[:space:]]*$ctid\$" /proc/[0-9]*/status | 
	sed -e 's=/proc/\([0-9]*\)/.*=\1=')
</pre>

=== Use vzprocps tools ===
Take <code>vzprocps</code> tools from http://download.openvz.org/contrib/utils/.
These are usual <code>ps</code> and <code>top</code> utilities (named <code>vztop</code> and <code>vzps</code> to not conflict with the standard ones) with an <code>-E</code> option added. You can use <code>-E <i>CTID</i></code> option to limit the output to the selected CTID (use 0 for the host system), or just <code>-E</code> without an argument to just add CTID column to output.

=== Use vzprocps-perl tools ===
Take <code>vzprocps-perl</code> tools from http://sourceforge.net/p/vzprocpsperl/wiki/vzprocps-perl/.
Write in Perl with basics functions. 
Can be used in x86_64 architecture. 

== See also ==
* {{Forum|836}}

[[Category: HOWTO]]