Mads Toftum wrote:
On Thu, May 10, 2007 at 11:23:18AM -0400, Jeff Victor wrote:
I would like to gather thoughts and opinions on this omission: should Containers have default RM settings? Is there a better method to solve this problem? If not, which settings should have defaults?

I really wouldn't like having RM enabled by default on zones as I think
it would create more confusion and annoyance than is fair. That being
said, I think that once you enable RM on your zone, it should choose
sensible settings for you until the point where you choose to override

Currently there isn't a setting which enables (or disables) RM. Are you suggesting that there should be one 'knob' which enables RM, and chooses sufficiently large default values until you override them?

I think that such a situation would be much better than what we currently have. The default values could be ones that no reasonable workload should exceed, and could be based on the hardware resources available. For example, the physical memory cap could be set to 50% (or 70%) of available RAM, perhaps after subtracting a reasonable amount for the kernel.

A similar method could be used to determine a default for a cap on VM.

However, this model does not solve the problem that is documented in Clarkson's paper: the "out-of-the-box" experience does not protect well-behaved zones from poorly-behaved zones, or a DoS attack.

Perhaps it could even be as simple as set rctl=FSS to enable RM.
At that point it would be fine to pull in reasonable defaults. To make
matters simple, I think populating defaults is only worth doing for FSS.

I am not certain I understand: are you saying that it doesn't make sense to cap the amount of swap space that a zone can use unless you are also using FSS?

That is not true in some situations. For example, each container might be in a separate resource pool, using its own CPUs. FSS would not accomplish anything.

Jeff VICTOR              Sun Microsystems            jeff.victor @
OS Ambassador            Sr. Technical Specialist
Solaris 10 Zones FAQ:
zones-discuss mailing list

Reply via email to