Mads Toftum wrote:
On Fri, May 11, 2007 at 10:48:04AM -0600, Jerry Jelinek wrote:
The requirement for the RM defaults should be that a misbehaving
zone can't effectively bring down the whole system.  You want to
be able to get on the global zone and clean up the misbehaving zone
and any other well behaved non-global zones should still be able to
do work.

Given that, having FSS on by default makes sense.  Each zone will
have 1 share by default, so thats fine.

I'm not too keen to have it on by default, but if you're going to then 1
share each makes sense. Or perhaps something like 10 shares each making
it simple to sneak in a low priority zone without having to edit all
zones.

Except for Jerry's comment earlier about impacting GUIs that currently use IA, I agree.

What if max-lwps defaulted to a fairly large number (5000)?   How often
would this be an issue for a well-behaved zone?

Sounds fairly reasonable and as something where people won't often hit
the limit - in fact I'd almost be tempted to go lower and small
configurations.

Perhaps the default would be one of two or three values, depending on number of CPUs on the system (as Solaris counts them, not necessarily sockets or cores). The values could be chosen to meet a very rough "quantity of threads per CPU" which is similar across all size. This would be similar to the model used for memory (below):

Small  = 1-2 CPUs:  750
Medium = 3-8 CPUs: 2500
Large  = 9+ CPUs:  5000

Those are in the range 400-500 lwps per CPU.

we could have physical memory and swap caps default to something like
50%-75% of the system total.  Again, well-behaved zones shouldn't get close
to this (if they do, the system is probably undersized to begin with) but
we can keep a misbehaving zone in check.

Wouldn't this lead to a waste of resources on systems with only one
non-global zone? It may not be the most common setup, but still makes a
lot of sense for a higher level of security.

The model sounds good. It *is* a default, meant for people who don't know (or don't want to know) about these things. Other than prompting the zone creator "will this be the only zone on the system") I don't see a way around this.

I would choose 50%. For >3 zones, 75% doesn't accomplish enough. At 50%, they will (hopefully) investigate the performance issue and be happily surprised when they learn they've been using a default value...



--------------------------------------------------------------------------
Jeff VICTOR              Sun Microsystems            jeff.victor @ sun.com
OS Ambassador            Sr. Technical Specialist
Solaris 10 Zones FAQ:    http://www.opensolaris.org/os/community/zones/faq
--------------------------------------------------------------------------
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to