The system administrator controls the resources available to a Container through a set of resource management parameters. All these parameters are defined either in the OpenVZ global configuration file (/etc/vz/vz.conf), or in the respective CT configuration files (/etc/vz/conf/CTID.conf)
In OpenVZ, 3 main resource parameters are present
a) Disk
DISK_QUOTA, DISKSPACE, DISKINODES, QUOTATIME, QUOTAUGIDLIMIT, IOPRIO
b) Cpu
VE0CPUUNITS, CPUUNITS
c) System
avnumproc, numproc, numtcpsock, numothersock, vmguarpages, kmemsize, tcpsndbuf, tcprcvbuf, othersockbuf, dgramrcvbuf, oomguarpages, lockedpages, shmpages, privvmpages, physpages, numfile, numflock, numpty, numsiginfo, dcachesize, numiptent
Managing Disk Parameters
DISK_QUOTA
- This parameter enable system administrators to the control the size of Linux file systems by limiting the amount of disk space and the number of inodes a Container can use.They are called per-CT quotas or first-level quotas in OpenVZ
- OpenVZ keeps quota usage statistics and limits in /var/vzquota/quota.ctid — a special quota file. The quota file has a special flag indicating whether the file is “dirty”. The file becomes dirty when its contents become inconsistent with the real CT usage. It becomes dirty when Hardware Node has been incorrectly brought down.
DISKSPACE
Total size of disk space the CT may consume, in 1-Kb blocks.
DISKINODES
Total number of disk inodes (files, directories, and symbolic links) the Container can allocate.
QUOTATIME
The grace period of the disk quota specified in seconds. The Container is allowed to temporarily exceed the soft limit values for the disk space and disk inodes. quotas for no more than the period specified by this parameter.
vzctl set 101 –diskspace 1000000:1100000 –save vzctl set 101 –diskinodes 90000:91000 –save vzctl set 101 –quotatime 600 –save
QUOTAUGIDLIMIT
This parameter controls second-level disk quotas
- By default, the value of this parameter is zero and this corresponds to disabled per-user/group quotas.
- Non-zero value means per-user and per-group disk quotas is enabled and limit the number of file owners and groups of this Container, including Linux system users( theoretical any no of users can be created but they can’t own any file)
- After setting the parameter CT should be restarted.
- Value should be choosen corretly because higher value means higher kernel over head. Usually it should greater or equal to entries in /etc/passwd or /etc/group( about 100) eg vzctl set 101 –quotaugidlimit 100 –save; vzctl restart 101;
- Use quota inside the CT for quota
List quota use-age
- vzquota stat ctid –t – status from kernel and running ct
- vzquota show ctid -t status from /var/vzquota/quota.CTID and stopped ct
The first three lines of the output show the status of first-level disk quotas for the Container. The rest of the output displays statistics for user/group quotas and has separate lines for each user and group ID existing in the system.
Container disk I/O (input/output) priority level
- By default, any Container on the Hardware Node has the I/O priority level set to 4.
- You can change the current Container I/O priority level( 0 – 7 ). Higher value,more the CT gets for I/O operation.
vzctl set 101 –ioprio 6 –save
Managing Container CPU resources
ve0cpuunits
- a positive integer number that determines the minimal guaranteed share of the CPU time Container 0 (the Hardware Node itself) will receive. It is recommended to set the value of this parameter to be 5-10% of the power of the Hardware Node
cpuunits
a positive integer number that determines the minimal guaranteed share of the CPU time the corresponding Container will receive.
cpulimit
This is a positive number indicating the CPU time in per cent the corresponding CT is not allowed to exceed.
- The CPU time shares and limits are calculated on the basis of a one-second period
vzctl set 102 –cpuunits 1500 –cpulimit 4 –save
- Container 102 is guaranteed to receive about 2% of the CPU time even if the Hardware Node is fully used, or in other words, if the current CPU utilization equals the power of the Node. Besides, CT 102 will not receive more than 4% of the CPU time even if the CPU is not fully loaded. Hardware Node is overcommitted CT will receive less than 2% of cputime
cpus
- The number of CPUs to be used to handle the processes running inside the corresponding Container i.e we can set how many processors should only be used to run a CT
- By default, a Container is allowed to consume the CPU time of all processors on the Hardware Node, i.e. any process inside any Container can be executed on any processor on the Node.
vzctl set 101 –cpus 2 –save
This means if the hardware node has 4 processors, then this CT is allowed to use only 2 processors. To check this, enter into CT and cat /proc/cpuinfo
Managing System Parameters
- parameters can be subdivided into the following categories: primary, secondary, and auxiliary parameters
- these all parameters can be seen in CT /proc/user_beancounter
Monitoring Memory Consumption
- vzmemcheck -vA ( A – display it in MB )
Primary parameters
avnumproc
The average number of processes and threads.
numproc
The maximal number of processes and threads the CT may create.
numtcpsock
The number of TCP sockets (PF_INET family, SOCK_STREAM type). This parameter limits the number of TCP connections and, thus, the number of clients the server application can handle in parallel.
numothersock
The number of sockets other than TCP ones. Local (UNIX-domain) sockets are used for communications inside the system. UDP sockets are used, for example, for Domain Name Service (DNS) queries. UDP and other sockets may also be used in some very specialized applications (SNMP agents and others).
vmguarpages
The memory allocation guarantee, in pages (one page is 4 Kb). CT applications are guaranteed to be able to allocate additional memory so long as the amount of memory accounted as privvmpages (see the auxiliary parameters) does not exceed the configured barrier of the vmguarpages parameter. Above the barrier, additional memory allocation is not guaranteed and may fail in case of overall memory shortage.
Secondary parameters
kmemsize
The size of unswappable kernel memory allocated for the internal kernel structures for the processes of a particular CT.
tcpsndbuf
The total size of send buffers for TCP sockets, i.e. the amount of kernel memory allocated for the data sent from an application to a TCP socket, but not acknowledged by the remote side yet.
tcprcvbuf
The total size of receive buffers for TCP sockets, i.e. the amount of kernel memory allocated for the data received from the remote side, but not read by the local application yet.
othersockbuf
The total size of UNIX-domain socket buffers, UDP, and other datagram protocol send buffers.
dgramrcvbuf
The total size of receive buffers of UDP and other datagram protocols.
oomguarpages
The out-of-memory guarantee, in pages (one page is 4 Kb). Any CT process will not be killed even in case of heavy memory shortage if the current memory consumption (including both physical memory and swap) does not reach the oomguarpages barrier.
Auxiliary parameters
lockedpages
The memory not allowed to be swapped out (locked with the mlock() system call), in pages.
shmpages
The total size of shared memory (including IPC, shared anonymous mappings and tmpfs objects) allocated by the processes of a particular CT, in pages).
privvmpages
The size of private (or potentially private) memory allocated by an application. The memory that is always shared among different applications is not included in this resource parameter.
numfile
The number of files opened by all CT processes.
numflock
The number of file locks created by all CT processes.
numpty
The number of pseudo-terminals, such as an ssh session, the screen or xterm applications, etc.
numsiginfo
The number of siginfo structures (essentially, this parameter limits the size of the signal delivery queue).
dcachesize
The total size of dentry and inode structures locked in the memory.
physpages
The total size of RAM used by the CT processes. This is an accounting-only parameter currently. It shows the usage of RAM by the CT. For the memory pages used by several different CTs (mappings of shared libraries, for example), only the corresponding fraction of a page is charged to each CT. The sum of the physpages usage for all CTs corresponds to the total number of pages used in the system by all the accounted users.
numiptent
The number of IP packet filtering entries. It gives no of iptables rules that can be set. ( default 128).
Hope this helps !!