Gain fine control in OpenVZ with resource management

Vincent Danen explains how to get the most out of OpenVZ by using all the settings that allow you to control resources that are made available to the OpenVZ containers.

In previous tips we have looked at the OpenVZ virtualization software. This week we will be looking at controlling resources that are made available to the OpenVZ containers.

There are a number of resources that can be set, including disk space usage, memory usage, CPU usage, and more. Restricting and setting hard limits of what is permitted in a container ensures that no tasks within the container can get greedy and steal resources from other containers or the host system itself.

First, look at the vzlist tool. This will provide information on any installed containers which makes managing them simpler:

# vzlist -a
       101          7 running

To start with, we will increase the available disk space from the default 1GB to something more useful like 10GB. This will not immediately consume 10GB of space by the container, but will allocate a maximum of 10GB of hard drive space to it.

# vzctl exec 101 df -hT
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/simfs   simfs    1.0G  428M  597M  42% /
none         tmpfs    3.9G  4.0K  3.9G   1% /dev
# vzctl set 101 —diskspace 10G:11G —save
Saved parameters for CT 101
# vzctl exec 101 df -hT
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/simfs   simfs     10G  428M  9.6G   5% /
none         tmpfs    3.9G  4.0K  3.9G   1% /dev

The above increases the default 1GB drive space available to a barrier of 10GB and a maximum limit of 11GB. The upper limit allows for some grace; the disk space permitted will be 10GB but if it exceeds it, it won't be restricted from that resource until the barrier is hit. This gives the container a 1GB "buffer."

There are two ways to change settings for containers. The first is using vzctl as above (remember to use the —save option to make the changes persistent). The second is to edit the configuration file for the container. For a container with a CTID of 101, the file would be /etc/sysconfig/vz-scripts/101.conf. This file can be used to change options to the container and can also be used to see what existing configuration settings are.

For managing CPU usage, OpenVZ looks at CPU utilization as a percentage. For instance, the host system, by default, is reserved 5-10 percent of the power of the host system. "Power" here is subjective and consists of a special algorithm that OpenVZ uses to calculate how much power a host has and that containers are using. To view the power of your system, use vzcpucheck:

# vzcpucheck
Current CPU utilization: 2000
Power of the node: 477598

Here the host has a "power" value of 477,598 and the current CPU utilization is 2000 "power" units.

By default, a container will be assigned 1000 units (the CPUUNITS option in the configuration file). If you wish to guarantee 5 percent of the CPU for your container, take the power value and obtain the percentage (477598*0.05) which gives a value of 23879 power units. Use vzctl to set this and also to ensure that the container never uses more than 10 percent of the CPU:

# vzctl set 101 —cpuunits 24000 —cpulimit 10 —save
Setting CPU limit: 10
Setting CPU units: 24000
Saved parameters for CT 101
# vzcpucheck
Current CPU utilization: 26000
Power of the node: 477598

With the above output, the CPU utilization has jumped from 2000 units to 26,000 units because we have reserved 24,000 units for the container.

A number of settings can be tweaked to really get fine control over the system. Items such as the number of processes and threads a container can create, the number of TCP sockets, memory allocation guarantees, total size of shared memory, number of open files, number of pseudo terminals... the list goes on.

OpenVZ is very advanced and allows you to thoroughly tweak almost anything you could think of. The vzctl(8) manpage gives the specifics of what options are available and how to use them to fine-tune the resources your container can consume. Using some simple math, you can also determine the number of containers of particular types you can run on the host system, ensuring that you don't create more containers than your server can realistically handle and don't over-allocate resources. Also, always be sure there is enough resources remaining for the host system, in order to manage all of the containers.

Get the PDF version of this tip here.

Delivered each Tuesday, TechRepublic's free Linux and Open Source newsletter provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

By Vincent Danen

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.