Re: [zones-discuss] Default RM controls for Containers?

Thu, 10 May 2007 11:09:03 -0700 

Mads Toftum wrote:

On Thu, May 10, 2007 at 11:23:18AM -0400, Jeff Victor wrote:
I would like to gather thoughts and opinions on this omission: should Containers have default RM settings? Is there a better method to solve this problem? If not, which settings should have defaults? 


I really wouldn't like having RM enabled by default on zones as I think
it would create more confusion and annoyance than is fair. That being
said, I think that once you enable RM on your zone, it should choose
sensible settings for you until the point where you choose to override

them. 



Currently there isn't a setting which enables (or disables) RM.  Are you 
suggesting that there should be one 'knob' which enables RM, and chooses 
sufficiently large default values until you override them?



I think that such a situation would be much better than what we currently 
have.  The default values could be ones that no reasonable workload should 
exceed, and could be based on the hardware resources available.  For example, 
the physical memory cap could be set to 50% (or 70%) of available RAM, perhaps 
after subtracting a reasonable amount for the kernel.


A similar method could be used to determine a default for a cap on VM.


However, this model does not solve the problem that is documented in 
Clarkson's paper: the "out-of-the-box" experience does not protect 
well-behaved zones from poorly-behaved zones, or a DoS attack.



Perhaps it could even be as simple as set rctl=FSS to enable RM.
At that point it would be fine to pull in reasonable defaults. To make
matters simple, I think populating defaults is only worth doing for FSS.



I am not certain I understand: are you saying that it doesn't make sense to 
cap the amount of swap space that a zone can use unless you are also using FSS?



That is not true in some situations.  For example, each container might be in 
a separate resource pool, using its own CPUs.  FSS would not accomplish anything.


--------------------------------------------------------------------------
Jeff VICTOR              Sun Microsystems            jeff.victor @ sun.com
OS Ambassador            Sr. Technical Specialist
Solaris 10 Zones FAQ:    http://www.opensolaris.org/os/community/zones/faq
--------------------------------------------------------------------------
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org






















					Reply via email to