OpenVz resource parameters

The system administrator controls the resources available to a Container through a set of resource management parameters. All these parameters are defined either in the OpenVZ global configuration file (/etc/vz/vz.conf), or in the respective CT configuration files (/etc/vz/conf/CTID.conf)

In OpenVZ, 3 main resource parameters are present

a) Disk


b) Cpu


c) System

avnumproc, numproc, numtcpsock, numothersock, vmguarpages, kmemsize, tcpsndbuf, tcprcvbuf, othersockbuf, dgramrcvbuf, oomguarpages, lockedpages, shmpages, privvmpages, physpages, numfile, numflock, numpty, numsiginfo, dcachesize, numiptent

Managing Disk Parameters


  • This parameter enable system administrators to the control the size of Linux file systems by limiting the amount of disk space and the number of inodes a Container can use.They are called per-CT quotas or first-level quotas in OpenVZ
  • OpenVZ keeps quota usage statistics and limits in /var/vzquota/quota.ctid — a special quota file. The quota file has a special flag indicating whether the file is “dirty”. The file becomes dirty when its contents become inconsistent with the real CT usage. It becomes dirty when Hardware Node has been incorrectly brought down.


Total size of disk space the CT may consume, in 1-Kb blocks.


Total number of disk inodes (files, directories, and symbolic links) the Container can allocate.


The grace period of the disk quota specified in seconds. The Container is allowed to temporarily exceed the soft limit values for the disk space and disk inodes. quotas for no more than the period specified by this parameter.

vzctl set 101 –diskspace 1000000:1100000 –save vzctl set 101 –diskinodes 90000:91000 –save vzctl set 101 –quotatime 600 –save


This parameter controls second-level disk quotas

  • By default, the value of this parameter is zero and this corresponds to disabled per-user/group quotas.
  • Non-zero value means per-user and per-group disk quotas is enabled and limit the number of file owners and groups of this Container, including Linux system users( theoretical any no of users can be created but they can’t own any file)
  • After setting the parameter CT should be restarted.
  • Value should be choosen corretly because higher value means higher kernel over head. Usually it should greater or equal to entries in /etc/passwd or /etc/group( about 100) eg vzctl set 101 –quotaugidlimit 100 –save; vzctl restart 101;
  • Use quota inside the CT for quota

List quota use-age

  • vzquota stat ctid –t – status from kernel and running ct
  • vzquota show ctid -t status from /var/vzquota/quota.CTID and stopped ct

The first three lines of the output show the status of first-level disk quotas for the Container. The rest of the output displays statistics for user/group quotas and has separate lines for each user and group ID existing in the system.

Container disk I/O (input/output) priority level

  • By default, any Container on the Hardware Node has the I/O priority level set to 4.
  • You can change the current Container I/O priority level( 0 – 7 ). Higher value,more the CT gets for I/O operation.

vzctl set 101 –ioprio 6 –save

Managing Container CPU resources


  • a positive integer number that determines the minimal guaranteed share of the CPU time Container 0 (the Hardware Node itself) will receive. It is recommended to set the value of this parameter to be 5-10% of the power of the Hardware Node


a positive integer number that determines the minimal guaranteed share of the CPU time the corresponding Container will receive.


This is a positive number indicating the CPU time in per cent the corresponding CT is not allowed to exceed.

  • The CPU time shares and limits are calculated on the basis of a one-second period

vzctl set 102 –cpuunits 1500 –cpulimit 4 –save

  • Container 102 is guaranteed to receive about 2% of the CPU time even if the Hardware Node is fully used, or in other words, if the current CPU utilization equals the power of the Node. Besides, CT 102 will not receive more than 4% of the CPU time even if the CPU is not fully loaded. Hardware Node is overcommitted CT will receive less than 2% of cputime


  • The number of CPUs to be used to handle the processes running inside the corresponding Container i.e we can set how many processors should only be used to run a CT
  • By default, a Container is allowed to consume the CPU time of all processors on the Hardware Node, i.e. any process inside any Container can be executed on any processor on the Node.

vzctl set 101 –cpus 2 –save

This means if the hardware node has 4 processors, then this CT is allowed to use only 2 processors. To check this, enter into CT and cat /proc/cpuinfo

Managing System Parameters

  • parameters can be subdivided into the following categories: primary, secondary, and auxiliary parameters
  • these all parameters can be seen in CT /proc/user_beancounter

Monitoring Memory Consumption

  • vzmemcheck -vA ( A – display it in MB )


Primary parameters


The average number of processes and threads.


The maximal number of processes and threads the CT may create.


The number of TCP sockets (PF_INET family, SOCK_STREAM type). This parameter limits the number of TCP connections and, thus, the number of clients the server application can handle in parallel.

The number of sockets other than TCP ones. Local (UNIX-domain) sockets are used for communications inside the system. UDP sockets are used, for example, for Domain Name Service (DNS) queries. UDP and other sockets may also be used in some very specialized applications (SNMP agents and others).


The memory allocation guarantee, in pages (one page is 4 Kb). CT applications are guaranteed to be able to allocate additional memory so long as the amount of memory accounted as privvmpages (see the auxiliary parameters) does not exceed the configured barrier of the vmguarpages parameter. Above the barrier, additional memory allocation is not guaranteed and may fail in case of overall memory shortage.


Secondary parameters


The size of unswappable kernel memory allocated for the internal kernel structures for the processes of a particular CT.


The total size of send buffers for TCP sockets, i.e. the amount of kernel memory allocated for the data sent from an application to a TCP socket, but not acknowledged by the remote side yet.


The total size of receive buffers for TCP sockets, i.e. the amount of kernel memory allocated for the data received from the remote side, but not read by the local application yet.


The total size of UNIX-domain socket buffers, UDP, and other datagram protocol send buffers.


The total size of receive buffers of UDP and other datagram protocols.


The out-of-memory guarantee, in pages (one page is 4 Kb). Any CT process will not be killed even in case of heavy memory shortage if the current memory consumption (including both physical memory and swap) does not reach the oomguarpages barrier.


Auxiliary parameters


The memory not allowed to be swapped out (locked with the mlock() system call), in pages.


The total size of shared memory (including IPC, shared anonymous mappings and tmpfs objects) allocated by the processes of a particular CT, in pages).


The size of private (or potentially private) memory allocated by an application. The memory that is always shared among different applications is not included in this resource parameter.


The number of files opened by all CT processes.


The number of file locks created by all CT processes.


The number of pseudo-terminals, such as an ssh session, the screen or xterm applications, etc.


The number of siginfo structures (essentially, this parameter limits the size of the signal delivery queue).


The total size of dentry and inode structures locked in the memory.


The total size of RAM used by the CT processes. This is an accounting-only parameter currently. It shows the usage of RAM by the CT. For the memory pages used by several different CTs (mappings of shared libraries, for example), only the corresponding fraction of a page is charged to each CT. The sum of the physpages usage for all CTs corresponds to the total number of pages used in the system by all the accounted users.


The number of IP packet filtering entries. It gives no of iptables rules that can be set. ( default 128).

Hope this helps !!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: