Mads Toftum wrote:
On Thu, May 10, 2007 at 11:23:18AM -0400, Jeff Victor wrote:
I would like to gather thoughts and opinions on this omission: should
Containers have default RM settings? Is there a better method to solve
this problem? If not, which settings should have defaults?
I really wouldn't like having RM enabled by default on zones as I think
it would create more confusion and annoyance than is fair. That being
said, I think that once you enable RM on your zone, it should choose
sensible settings for you until the point where you choose to override
them.
Currently there isn't a setting which enables (or disables) RM. Are you
suggesting that there should be one 'knob' which enables RM, and chooses
sufficiently large default values until you override them?
I think that such a situation would be much better than what we currently
have. The default values could be ones that no reasonable workload should
exceed, and could be based on the hardware resources available. For example,
the physical memory cap could be set to 50% (or 70%) of available RAM, perhaps
after subtracting a reasonable amount for the kernel.
A similar method could be used to determine a default for a cap on VM.
However, this model does not solve the problem that is documented in
Clarkson's paper: the "out-of-the-box" experience does not protect
well-behaved zones from poorly-behaved zones, or a DoS attack.
Perhaps it could even be as simple as set rctl=FSS to enable RM.
At that point it would be fine to pull in reasonable defaults. To make
matters simple, I think populating defaults is only worth doing for FSS.
I am not certain I understand: are you saying that it doesn't make sense to
cap the amount of swap space that a zone can use unless you are also using FSS?
That is not true in some situations. For example, each container might be in
a separate resource pool, using its own CPUs. FSS would not accomplish anything.
--------------------------------------------------------------------------
Jeff VICTOR Sun Microsystems jeff.victor @ sun.com
OS Ambassador Sr. Technical Specialist
Solaris 10 Zones FAQ: http://www.opensolaris.org/os/community/zones/faq
--------------------------------------------------------------------------
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org