Re: [zones-discuss] Re: improved zones/RM integration
Jerry Jelinek wrote On 08/16/06 18:14,: Steffen, Thanks for your comments. Responses in-line. Steffen Weiberle wrote: Hi Jerry, this is great. I have a few comments below. Thanks Steffen 1) Hard vs. Soft RM configuration within zonecfg We will enhance zonecfg(1M) so that the user can configure basic RM capabilities in a structured way. Various existing and upcoming RM features can be broken down into hard vs. soft partitioning of the system's resources. With hard partitioning, resources are dedicated to the zone using processor sets (psets) and memory sets (msets). With soft partitioning, resources are shared, but capped, with an upper limit on their use by the zone. Hard|Soft - cpu| psets | cpu-caps memory | msets | rcapd Within zonecfg we will organize these various RM features into four basic zonecfg resources so that it is simple for a user to understand and configure the RM features that are to be used with their zone. Note that zonecfg resources are not the same as the system's cpu memory resources or resource management. Within zonecfg, a resource is the name of a top-level property group for the zone (see zonecfg(1M) for more information). Are you saying just the names are different, or are there other differences as well? Unfortunately the word resource is overloaded here. zonecfg(1M) uses it to mean a group of properties which has nothing to do with system resources (e.g. cpu or memory) or how the word resource is used under the umbrella of Solaris Resource Management. Now I am more confused. You mean zonecfg pool[adm,cfg] --- dedicated-cpu!= CPU resource pool (pset and pool) capped-cpu != cpu-caps dedicated-memory != memory resource pool The four new zonecfg resources are: dedicated-cpu capped-cpu (future, after cpu-caps are integrated) dedicated-memory (future, after memory sets are integrated) capped-memory Each of these zonecfg resources will have properties that are appropriate to the RM capabilities associated with that resource. Zonecfg will only allow one instance of each these resource to be configured and it will not allow conflicting resources to be added (e.g. dedicated-cpu and capped-cpu are mutually exclusive). The mapping of these new zonecfg resources to the underlying RM feature is: dedicated-cpu - temporary pset dedicated-memory - temporary mset capped-cpu - cpu-cap rctl [14] capped-memory - rcapd running in global zone 2) Temporary Pools. We will implement the concept of temporary pools within the pools framework. To improve the integration of zones and pools we are allowing the configuration of some basic pool attributes within zonecfg, as described above in section 1. However, we do not want to extend zonecfg to completely and directly manage standard pool configurations. That would lead to confusion and inconsistency regarding which tool to use and where configuration data is stored. Temporary pools sidesteps this problem and allows zones to dynamically create a simple pool/pset configuration for the basic case where a sysadmin just wants a specified number of processors dedicated to the zone (and eventually a dedicated amount of memory). We believe that the ability to simply specify a fixed number of cpus (and eventually a mset size) meets the needs of a large percentage of zones users who need hard partitioning (e.g. to meet licensing restrictions). If a dedicated-cpu (and/or eventually a dedicated-memory) resource is configured for the zone, then when the zone boots zoneadmd will enable pools if necessary and create a temporary pool dedicated for the zones use. Zoneadmd will dynamically create a pool pset (and/or eventually a mset) and assign the number of cpus specified in zonecfg to that pset. The temporary pool pset will be named 'SUNWtmp_{zonename}'. Zonecfg validation will disallow an explicit 'pool' property name beginning with 'SUNWtmp'. Zoneadmd will set the 'pset.min' and 'pset.max' pset properties, as well as the 'pool.importance' pool property, based on the values specified for dedicated-cpu's 'ncpus' and 'importance' properties in zonecfg, as described above in section 1. If the cpu (or memory) resources needed to create the temporary pool are unavailable, zoneadmd will issue an error and the zone won't boot. When the zone is halted, the temporary pool pset will be destroyed. We will add a new boolean libpool(3LIB) property ('temporary') that can exist on pools and any pool resource set. The 'temporary'
Re: [zones-discuss] Re: improved zones/RM integration
Steffen, Steffen Weiberle wrote: Jerry Jelinek wrote On 08/16/06 18:14,: Steffen, Thanks for your comments. Responses in-line. Steffen Weiberle wrote: Hi Jerry, this is great. I have a few comments below. Thanks Steffen 1) Hard vs. Soft RM configuration within zonecfg We will enhance zonecfg(1M) so that the user can configure basic RM capabilities in a structured way. Various existing and upcoming RM features can be broken down into hard vs. soft partitioning of the system's resources. With hard partitioning, resources are dedicated to the zone using processor sets (psets) and memory sets (msets). With soft partitioning, resources are shared, but capped, with an upper limit on their use by the zone. Hard|Soft - cpu| psets | cpu-caps memory | msets | rcapd Within zonecfg we will organize these various RM features into four basic zonecfg resources so that it is simple for a user to understand and configure the RM features that are to be used with their zone. Note that zonecfg resources are not the same as the system's cpu memory resources or resource management. Within zonecfg, a resource is the name of a top-level property group for the zone (see zonecfg(1M) for more information). Are you saying just the names are different, or are there other differences as well? Unfortunately the word resource is overloaded here. zonecfg(1M) uses it to mean a group of properties which has nothing to do with system resources (e.g. cpu or memory) or how the word resource is used under the umbrella of Solaris Resource Management. Now I am more confused. You mean zonecfg pool[adm,cfg] --- dedicated-cpu!= CPU resource pool (pset and pool) capped-cpu != cpu-caps dedicated-memory != memory resource pool Sorry, I misunderstood your question here. The mapping *is* to these RM features. I actually have this shown about two paragraphs down from here. I thought you were talking about the word 'resource' and how we use that word to mean different things in zones and RM. The four new zonecfg resources are: dedicated-cpu capped-cpu (future, after cpu-caps are integrated) dedicated-memory (future, after memory sets are integrated) capped-memory Each of these zonecfg resources will have properties that are appropriate to the RM capabilities associated with that resource. Zonecfg will only allow one instance of each these resource to be configured and it will not allow conflicting resources to be added (e.g. dedicated-cpu and capped-cpu are mutually exclusive). The mapping of these new zonecfg resources to the underlying RM feature is: dedicated-cpu - temporary pset dedicated-memory - temporary mset capped-cpu - cpu-cap rctl [14] capped-memory - rcapd running in global zone 2) Temporary Pools. We will implement the concept of temporary pools within the pools framework. To improve the integration of zones and pools we are allowing the configuration of some basic pool attributes within zonecfg, as described above in section 1. However, we do not want to extend zonecfg to completely and directly manage standard pool configurations. That would lead to confusion and inconsistency regarding which tool to use and where configuration data is stored. Temporary pools sidesteps this problem and allows zones to dynamically create a simple pool/pset configuration for the basic case where a sysadmin just wants a specified number of processors dedicated to the zone (and eventually a dedicated amount of memory). We believe that the ability to simply specify a fixed number of cpus (and eventually a mset size) meets the needs of a large percentage of zones users who need hard partitioning (e.g. to meet licensing restrictions). If a dedicated-cpu (and/or eventually a dedicated-memory) resource is configured for the zone, then when the zone boots zoneadmd will enable pools if necessary and create a temporary pool dedicated for the zones use. Zoneadmd will dynamically create a pool pset (and/or eventually a mset) and assign the number of cpus specified in zonecfg to that pset. The temporary pool pset will be named 'SUNWtmp_{zonename}'. Zonecfg validation will disallow an explicit 'pool' property name beginning with 'SUNWtmp'. Zoneadmd will set the 'pset.min' and 'pset.max' pset properties, as well as the 'pool.importance' pool property, based on the values specified for dedicated-cpu's 'ncpus' and 'importance' properties in zonecfg, as described above in section 1. If the cpu (or memory) resources needed to create the
Re: [zones-discuss] Re: improved zones/RM integration
On Wed 08/16/06 at 09:10 AM, [EMAIL PROTECTED] wrote: [...] dedicated-memory [...] physical: A positive decimal number or a range with a required [...] virtual: This accepts the same numbers as the 'physical' property. This will set the 'mset.minswap' and 'mset.maxswap' properties on the temporary mset. Why not just call this 'swap'? 'virtual' memory has an established definition that does not match this usage. With this naming, I guarantee we are going to get calls from confused customers wanting to know why firefox has something mapped at 0xC00 when they set a 'virtual memory' limit of 1GB. 4) Enable rcapd to limit zone memory while running in the global zone [9] Currently, to use rcapd(1M) to limit zone memory consumption, the rcapd process must be run within the zone. While useful in some configurations, in situations where the zone administrator is untrusted, this is ineffective, since the zone administrator could simply change the rcapd limit. We will enhance rcapd so that it can limit each zone's memory consumption while it is running in the global zone. This closes the rcapd loophole described above and allows the global zone administrator to set memory caps that can be enforced by a single, trusted process. Currently rcapd will not run in a Linux zone. This change will also allow you to apply rcapd limits to branded zones. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: improved zones/RM integration
Hi Jerry, this is great. I have a few comments below. Thanks Steffen 1) Hard vs. Soft RM configuration within zonecfg We will enhance zonecfg(1M) so that the user can configure basic RM capabilities in a structured way. Various existing and upcoming RM features can be broken down into hard vs. soft partitioning of the system's resources. With hard partitioning, resources are dedicated to the zone using processor sets (psets) and memory sets (msets). With soft partitioning, resources are shared, but capped, with an upper limit on their use by the zone. Hard|Soft - cpu| psets | cpu-caps memory | msets | rcapd Within zonecfg we will organize these various RM features into four basic zonecfg resources so that it is simple for a user to understand and configure the RM features that are to be used with their zone. Note that zonecfg resources are not the same as the system's cpu memory resources or resource management. Within zonecfg, a resource is the name of a top-level property group for the zone (see zonecfg(1M) for more information). Are you saying just the names are different, or are there other differences as well? The four new zonecfg resources are: dedicated-cpu capped-cpu (future, after cpu-caps are integrated) dedicated-memory (future, after memory sets are integrated) capped-memory Each of these zonecfg resources will have properties that are appropriate to the RM capabilities associated with that resource. Zonecfg will only allow one instance of each these resource to be configured and it will not allow conflicting resources to be added (e.g. dedicated-cpu and capped-cpu are mutually exclusive). The mapping of these new zonecfg resources to the underlying RM feature is: dedicated-cpu - temporary pset dedicated-memory - temporary mset capped-cpu - cpu-cap rctl [14] capped-memory - rcapd running in global zone Temporary psets and msets are described below, in section 2. Rcapd enhancements for running in the global zone are described below in section 4. The valid properties for each of these new zonecfg resources will be: dedicated-cpu ncpus importance capped-cpu ncpus dedicated-memory physical virtual importance capped-memory physical virtual The meaning of each of these properties is as follows: dedicated-cpu ncpus: This can be a positive integer or range. A value of '2' means two cpus, a value of '2-4' means a range of two to four cpus. This sets the 'pset.min' and 'pset.max' properties on the temporary pset. importance: This property is optional. It can be a positive integer. It sets the 'pool.importance' property on the temporary pool. capped-cpu This resource group and its property will not be delivered as part of this project since cpu-caps are still under development. However, our thinking on this is described here for completeness. ncpus: This is a positive decimal. The 'ncpus' property actually maps to the zone.cpu-cap rctl. This property will be implemented as a special case of the new zones rctl aliases which are described below in section 3. The special case handling of this property will normalize the value so that it corresponds to units of cpus and is similar to the 'ncpus' property under the dedicated-cpu resource group. However, it won't accept a range and it will accept a decimal number. For example, when using 'ncpus' in the dedicated-cpu resource group, a value of 1 means one dedicated cpu. When using 'ncpus' in the capped-cpu resource group, a value of 1 means 100% of a cpu is the cap setting. A value of 1.25 means 125%, since 100% corresponds to one full cpu on the system when using cpu caps. The idea here is to align the 'ncpus' units as
Re: [zones-discuss] Re: improved zones/RM integration
Steffen, Thanks for your comments. Responses in-line. Steffen Weiberle wrote: Hi Jerry, this is great. I have a few comments below. Thanks Steffen 1) Hard vs. Soft RM configuration within zonecfg We will enhance zonecfg(1M) so that the user can configure basic RM capabilities in a structured way. Various existing and upcoming RM features can be broken down into hard vs. soft partitioning of the system's resources. With hard partitioning, resources are dedicated to the zone using processor sets (psets) and memory sets (msets). With soft partitioning, resources are shared, but capped, with an upper limit on their use by the zone. Hard|Soft - cpu| psets | cpu-caps memory | msets | rcapd Within zonecfg we will organize these various RM features into four basic zonecfg resources so that it is simple for a user to understand and configure the RM features that are to be used with their zone. Note that zonecfg resources are not the same as the system's cpu memory resources or resource management. Within zonecfg, a resource is the name of a top-level property group for the zone (see zonecfg(1M) for more information). Are you saying just the names are different, or are there other differences as well? Unfortunately the word resource is overloaded here. zonecfg(1M) uses it to mean a group of properties which has nothing to do with system resources (e.g. cpu or memory) or how the word resource is used under the umbrella of Solaris Resource Management. The four new zonecfg resources are: dedicated-cpu capped-cpu (future, after cpu-caps are integrated) dedicated-memory (future, after memory sets are integrated) capped-memory Each of these zonecfg resources will have properties that are appropriate to the RM capabilities associated with that resource. Zonecfg will only allow one instance of each these resource to be configured and it will not allow conflicting resources to be added (e.g. dedicated-cpu and capped-cpu are mutually exclusive). The mapping of these new zonecfg resources to the underlying RM feature is: dedicated-cpu - temporary pset dedicated-memory - temporary mset capped-cpu - cpu-cap rctl [14] capped-memory - rcapd running in global zone Temporary psets and msets are described below, in section 2. Rcapd enhancements for running in the global zone are described below in section 4. The valid properties for each of these new zonecfg resources will be: dedicated-cpu ncpus importance capped-cpu ncpus dedicated-memory physical virtual importance capped-memory physical virtual The meaning of each of these properties is as follows: dedicated-cpu ncpus:This can be a positive integer or range. A value of '2' means two cpus, a value of '2-4' means a range of two to four cpus. This sets the 'pset.min' and 'pset.max' properties on the temporary pset. importance: This property is optional. It can be a positive integer. It sets the 'pool.importance' property on the temporary pool. capped-cpu This resource group and its property will not be delivered as part of this project since cpu-caps are still under development. However, our thinking on this is described here for completeness. ncpus:This is a positive decimal. The 'ncpus' property actually maps to the zone.cpu-cap rctl. This property will be implemented as a special case of the new zones rctl aliases which are described below in section 3. The special case handling of this property will normalize the value so that it corresponds to units of cpus and is similar to the 'ncpus' property under the dedicated-cpu resource group. However, it won't accept a range and it will accept a decimal number. For example, when using 'ncpus' in the dedicated-cpu resource group, a value of 1 means one dedicated cpu. When using 'ncpus' in the capped-cpu resource group, a value of 1 means 100% of a cpu is the cap setting. A value of 1.25 means 125%, since 100% corresponds to one full cpu on the system when using cpu caps. The idea here is to align the 'ncpus' units as closely as possible in these two cases (dedicated-cpu vs. capped-cpu), given the limitations and capabilities of the two underlying mechanisms (pset vs. rctl). The 'ncpus' rctl alias is described