Changes

Jump to: navigation, search

Processes scope and visibility

1,077 bytes added, 20:41, 29 May 2013
fix using template:warning
This [[:Category:HOWTO|HOWTO]] shows how OpenVZ [[hardware node]] administrator can see a processes belonging to the host system only, or to a particular [[VEcontainer]].
== Problem ==
From [[VE0CT0]] one can see all the processes running on the system; that includes all the processes of all [[VEcontainer]]s and the processes of the [[host system]] itself. Sometimes you just want to see the processes from the host system only. Sometimes you just want to see the processes from a particular VEcontainer.
There are many ways to achieve it.
== Solutions ==
 
=== Hide container processes from host completely ===
 
It is possible to hide other CT's processes from [[CT0]]. For this just enable kernel.pid_ns_hide_child sysctl parameter:
 
<pre>
sysctl -w 'kernel.pid_ns_hide_child=1'
</pre>
 
and restart all containers. To make setting permanent put into /etc/sysctl.conf following line:
 
<pre>
kernel.pid_ns_hide_child=1
</pre>
 
After this ps or htop or top will not show other container processes.
 
{{Warning|If you use checkpointing and/or live migration, note they are not compatible with this feature and will stop working.}}
=== "Poor man's vzps in bash" ===
Use the following script by aistis, modified broken by kir[[User:Kir|Kir]], fixed by [[User:Hvdkamer|Hvdkamer]].
First argument is VE CT ID (0 for the host system), all the remaining arguments are passed to <code>ps(1)</code> utility.
<pre>
#!/bin/bash
# Usage: ./ovzps VEID CTID [ps flags ...]
function find_ve_pidsfind_container_pids(){
local pid
local myveidmyctid=$1 local vepidsctpids=
for pid in $ALLPIDS; do
[ -f /proc/$pid/status ] || continue
veidctid=`grep envID /proc/$pid/status | awk -F: '{print $2}'` if [ ${veidctid} = ${myveidmyctid} ]; then VEPIDSctpids="$VEPIDS ctpids $pid"
fi
done
echo "$vepidsctpids"
}
ALLPIDS=`ps -A -o pid --no-headers`
VEPIDSCTPIDS=`find_ve_pids find_container_pids $1`
shift
if [ -n "${VEPIDSCTPIDS}" ]; then ps $* -p "$VEPIDS"CTPIDS
else
exit 0
fi
</pre>
 
A faster version:
 
<pre>
#! /bin/bash
# Usage: ovzps <CTID> [ps flags ...]
 
ctid=${1:-0}
shift
 
ps $* -p $(grep -l "^envID:[[:space:]]*$ctid\$" /proc/[0-9]*/status |
sed -e 's=/proc/\([0-9]*\)/.*=\1=')
</pre>
=== Use vzprocps tools ===
Take <code>vzprocps</code> tools from http://download.openvz.org/contrib/utils/.
These are usual <code>ps</code> and <code>top</code> utilities (named <code>vztop</code> and <code>vzps</code> to not conflict with the standard ones) with an <code>-E</code> option added. You can use <code>-E <i>VEIDCTID</i></code> option to limit the output to the selected VEID CTID (use 0 for the host system), or just <code>-E</code> without an argument to just add VEID CTID column to output. === Use vzprocps-perl tools ===Take <code>vzprocps-perl</code> tools from http://sourceforge.net/p/vzprocpsperl/wiki/vzprocps-perl/.Write in Perl with basics functions. Can be used in x86_64 architecture.
== See also ==
Retrieved from "https://wiki.openvz.org/Special:MobileDiff/1903...13801"

Navigation menu