Date: Wed, 9 Jan 2008 14:00:04 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Andrew Snow <andrew@modulus.org> Cc: freebsd-jail@freebsd.org Subject: Re: Jails as a VPS Message-ID: <20080109120004.GV57756@deviant.kiev.zoral.com.ua> In-Reply-To: <47841D07.20902@modulus.org> References: <47841D07.20902@modulus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Bs30vi9tNOOGUgTv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 09, 2008 at 12:01:59PM +1100, Andrew Snow wrote: >=20 > Hi Guys, >=20 > I am running a hoster providing "VPS" using FreeBSD Jails on 6.2 >=20 > FYI, I have patched my kernel in several places to make it work for me: > * jails have their own SYSV shared memory and semaphores > * per-jail number of processes limit > * jail ability to be bound to a given CPU core > * jails have a limited range of nice values (10 to -10) compared to=20 > the host environment >=20 > and last but not least: > * memory usage measurement and limiting. >=20 > It is this last one that is causing me the most problems. I modified=20 > obreak() to deny requests for more memory when memory limit is exceeded,= =20 > and that works OK. >=20 > But measuring the jail memory usage in the first place is proving to be= =20 > a pain, and I wonder if you guys have any ideas. >=20 > I am doing something similar to the Google SoC, by measuring the=20 > resident page count of every VM map held by every process in the jail. >=20 > This does not measure memory fairly - it counts shared memory too many=20 > times. To see this in action, I can allocate a jail with 500mb memory=20 > limit then try to start 10 or 20 large apache HTTPD processes. While=20 > using only a small amount of actual system ram (under 100mb probably),=20 > it measures it to be much larger. >=20 > I am now looking at adding fields to VM memory maps and tagging them so= =20 > I can ensure I don't count them twice, but this is starting to get=20 > non-trivial. >=20 > Anyone else been able to solve this problem or have any better knowledge? You may look at the http://people.freebsd.org/~kib/overcommit The text describes the changes more or less accurate, just ignore the status part and the patches itself. The current patch is at http://people.freebsd.org/~kib/overcommit/vm_overcommit.4.patch It does not account nor enforce any per-jail limits, only per uid (as all FreeBSD accounting does at the moment). But, having this done, per-jail and per-uid-in-jail would be much easier. --Bs30vi9tNOOGUgTv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHhLdDC3+MBN1Mb4gRAn07AKCe4j6m7Enk8Zan2UFDsHqmSPGBxACfdCXq LZKmzSd/zJaOZgF+Wa402jE= =dgcC -----END PGP SIGNATURE----- --Bs30vi9tNOOGUgTv--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080109120004.GV57756>