From owner-freebsd-jail@FreeBSD.ORG Wed Jan 9 01:20:35 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F85E16A417 for ; Wed, 9 Jan 2008 01:20:35 +0000 (UTC) (envelope-from andrew@modulus.org) Received: from email.octopus.com.au (host-122-100-2-232.octopus.com.au [122.100.2.232]) by mx1.freebsd.org (Postfix) with ESMTP id EC79A13C461 for ; Wed, 9 Jan 2008 01:20:34 +0000 (UTC) (envelope-from andrew@modulus.org) Received: by email.octopus.com.au (Postfix, from userid 1002) id BD29E1146B; Wed, 9 Jan 2008 12:02:03 +1100 (EST) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on email.octopus.com.au X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.2.3 Received: from anzac.hos (132.169.233.220.exetel.com.au [220.233.169.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: admin@email.octopus.com.au) by email.octopus.com.au (Postfix) with ESMTP id A8BE21143D for ; Wed, 9 Jan 2008 12:01:59 +1100 (EST) Message-ID: <47841D07.20902@modulus.org> Date: Wed, 09 Jan 2008 12:01:59 +1100 From: Andrew Snow User-Agent: Thunderbird 2.0.0.0 (X11/20070426) MIME-Version: 1.0 To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Jails as a VPS X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2008 01:20:35 -0000 Hi Guys, I am running a hoster providing "VPS" using FreeBSD Jails on 6.2 FYI, I have patched my kernel in several places to make it work for me: * jails have their own SYSV shared memory and semaphores * per-jail number of processes limit * jail ability to be bound to a given CPU core * jails have a limited range of nice values (10 to -10) compared to the host environment and last but not least: * memory usage measurement and limiting. It is this last one that is causing me the most problems. I modified obreak() to deny requests for more memory when memory limit is exceeded, and that works OK. But measuring the jail memory usage in the first place is proving to be a pain, and I wonder if you guys have any ideas. I am doing something similar to the Google SoC, by measuring the resident page count of every VM map held by every process in the jail. This does not measure memory fairly - it counts shared memory too many times. To see this in action, I can allocate a jail with 500mb memory limit then try to start 10 or 20 large apache HTTPD processes. While using only a small amount of actual system ram (under 100mb probably), it measures it to be much larger. I am now looking at adding fields to VM memory maps and tagging them so I can ensure I don't count them twice, but this is starting to get non-trivial. Anyone else been able to solve this problem or have any better knowledge? Thanks, - Andrew