Editing Processes scope and visibility

Jump to: navigation, search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 1: Line 1:
This [[:Category:HOWTO|HOWTO]] shows how OpenVZ [[hardware node]]
+
This [[:Category:HOWTO|HOWTO]] shows how OpenVZ [[hardware node]] administrator can see a processes belonging to the host system only, or to a particular [[VE]].
administrator can see a processes belonging to the host system only, or to a
 
particular [[container]].
 
  
 
== Problem ==
 
== Problem ==
From [[CT0]] one can see all the processes running on the system; that
+
From [[VE0]] one can see all the processes running on the system; that includes all the processes of all [[VE]]s and the processes of the [[host system]] itself. Sometimes you just want to see the processes from the host system only. Sometimes you just want to see the processes from a particular VE.
includes all the processes of all [[container]]s and the processes of the
 
[[host system]] itself. Sometimes you just want to see the processes from the host system only. Sometimes you just want to see the processes from a
 
particular container.
 
  
 
There are many ways to achieve it.
 
There are many ways to achieve it.
  
 
== Solutions ==
 
== Solutions ==
 
=== Hide container processes from host completely ===
 
 
It is possible to hide other CT's processes from [[CT0]]. For this just enable kernel.pid_ns_hide_child sysctl parameter:
 
 
<pre>
 
sysctl -w 'kernel.pid_ns_hide_child=1'
 
</pre>
 
 
and restart all containers. To make setting permanent put into /etc/sysctl.conf following line:
 
 
<pre>
 
kernel.pid_ns_hide_child=1
 
</pre>
 
 
After this ps or htop or top will not show other container processes.
 
 
{{Warning|If you use checkpointing and/or live migration, note they are not compatible with this feature and will stop working.}}
 
  
 
=== "Poor man's vzps in bash" ===
 
=== "Poor man's vzps in bash" ===
Line 40: Line 17:
 
# Usage: ./ovzps CTID [ps flags ...]
 
# Usage: ./ovzps CTID [ps flags ...]
  
function find_container_pids(){
+
function find_ve_pids(){
 
       local pid
 
       local pid
       local myctid=$1
+
       local myveid=$1
       local ctpids=
+
       local vepids=
  
 
       for pid in $ALLPIDS; do
 
       for pid in $ALLPIDS; do
 
               [ -f /proc/$pid/status ] || continue
 
               [ -f /proc/$pid/status ] || continue
               ctid=`grep envID /proc/$pid/status | awk -F: '{print $2}'`
+
               veid=`grep envID /proc/$pid/status | awk -F: '{print $2}'`
               if [ ${ctid} = ${myctid} ]; then
+
               if [ ${veid} = ${myveid} ]; then
                       ctpids="$ctpids $pid"
+
                       vepids="$vepids $pid"
 
               fi
 
               fi
 
       done
 
       done
       echo "$ctpids"
+
       echo "$vepids"
 
}
 
}
  
 
ALLPIDS=`ps -A -o pid --no-headers`
 
ALLPIDS=`ps -A -o pid --no-headers`
CTPIDS=`find_container_pids $1`
+
VEPIDS=`find_ve_pids $1`
 
shift
 
shift
  
if [ -n "${CTPIDS}" ]; then
+
if [ -n "${VEPIDS}" ]; then
         ps $* -p $CTPIDS
+
         ps $* -p $VEPIDS
 
else
 
else
 
         exit 0
 
         exit 0
 
fi
 
fi
</pre>
 
 
A faster version:
 
 
<pre>
 
#! /bin/bash
 
# Usage: ovzps <CTID> [ps flags ...]
 
 
ctid=${1:-0}
 
shift
 
 
ps $* -p $(grep -l "^envID:[[:space:]]*$ctid\$" /proc/[0-9]*/status |
 
sed -e 's=/proc/\([0-9]*\)/.*=\1=')
 
 
</pre>
 
</pre>
  
Line 82: Line 46:
 
Take <code>vzprocps</code> tools from http://download.openvz.org/contrib/utils/.
 
Take <code>vzprocps</code> tools from http://download.openvz.org/contrib/utils/.
 
These are usual <code>ps</code> and <code>top</code> utilities (named <code>vztop</code> and <code>vzps</code> to not conflict with the standard ones) with an <code>-E</code> option added. You can use <code>-E <i>CTID</i></code> option to limit the output to the selected CTID (use 0 for the host system), or just <code>-E</code> without an argument to just add CTID column to output.
 
These are usual <code>ps</code> and <code>top</code> utilities (named <code>vztop</code> and <code>vzps</code> to not conflict with the standard ones) with an <code>-E</code> option added. You can use <code>-E <i>CTID</i></code> option to limit the output to the selected CTID (use 0 for the host system), or just <code>-E</code> without an argument to just add CTID column to output.
 
=== Use vzprocps-perl tools ===
 
Take <code>vzprocps-perl</code> tools from http://sourceforge.net/p/vzprocpsperl/wiki/vzprocps-perl/.
 
Write in Perl with basics functions.
 
Can be used in x86_64 architecture.
 
  
 
== See also ==
 
== See also ==

Please note that all contributions to OpenVZ Virtuozzo Containers Wiki may be edited, altered, or removed by other contributors. If you don't want your writing to be edited mercilessly, then don't submit it here.
 If you are going to add external links to an article, read the External links policy first!

To edit this page, please answer the question that appears below (more info):

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://wiki.openvz.org/Processes_scope_and_visibility"