Previous
Chapter 6
Resource Controls (Overview)
After you determine the resource consumption of workloads on your system as described in Chapter 4, Extended Accounting (Overview), you can place boundaries on resource usage. Boundaries prevent workloads from over-consuming resources. The resource controls facility is the constraint mechanism that is used for this purpose.
This chapter covers the following topics.
For information about how to administer resource controls, see Chapter 7, Administering Resource Controls (Tasks).
Resource Controls Concepts
In the Solaris Operating System, the concept of a per-process resource limit has been extended to the task and project entities described in Chapter 2, Projects and Tasks (Overview). These enhancements are provided by the resource controls (rctls) facility. In addition, allocations that were set through the /etc/system tunables are now automatic or configured through the resource controls mechanism as well.
A resource control is identified by the prefix zone, project, task, or process. Resource controls can be observed on a system-wide basis. It is possible to update resource control values on a running system.
For a list of the standard resource controls that are available in this release, see Available Resource Controls See Resource Type Properties for information on available zone-wide resource controls.
Resource Limits and Resource Controls
UNIX systems have traditionally provided a resource limit facility (rlimit). The rlimit facility allows administrators to set one or more numerical limits on the amount of resources a process can consume. These limits include per-process CPU time used, per-process core file size, and per-process maximum heap size. Heap size is the amount of scratch memory that is allocated for the process data segment.
The resource controls facility provides compatibility interfaces for the resource limits facility. Existing applications that use resource limits continue to run unchanged. These applications can be observed in the same way as applications that are modified to take advantage of the resource controls facility.
Interprocess Communication and Resource Controls
Processes can communicate with each other by using one of several types of interprocess communication (IPC). IPC allows information transfer or synchronization to occur between processes. Prior to the Solaris 10 release, IPC tunable parameters were set by adding an entry to the /etc/system file. The resource controls facility now provides resource controls that define the behavior of the kernel's IPC facilities. These resource controls replace the /etc/system tunables.
Obsolete parameters might be included in the /etc/system file on this Solaris system. If so, the parameters are used to initialize the default resource control values as in previous Solaris releases. However, using the obsolete parameters is not recommended.
To observe which IPC objects are contributing to a project's usage, use the ipcs command with the -J option. See How to Use ipcs to view an example display. For more information about the ipcs command, see ipcs(1).
For information about Solaris system tuning, see the Solaris Tunable Parameters Reference Manual.
Resource Control Constraint Mechanisms
Resource controls provide a mechanism for the constraint of system resources. Processes, tasks, projects, and zones can be prevented from consuming amounts of specified system resources. This mechanism leads to a more manageable system by preventing over-consumption of resources.
Constraint mechanisms can be used to support capacity-planning processes. An encountered constraint can provide information about application resource needs without necessarily denying the resource to the application.
Project Attribute Mechanisms
Resource controls can also serve as a simple attribute mechanism for resource management facilities. For example, the number of CPU shares made available to a project in the fair share scheduler (FSS) scheduling class is defined by the project.cpu-shares resource control. Because the project is assigned a fixed number of shares by the control, the various actions associated with exceeding a control are not relevant. In this context, the current value for the project.cpu-shares control is considered an attribute on the specified project.
Another type of project attribute is used to regulate the resource consumption of physical memory by collections of processes attached to a project. These attributes have the prefix rcap, for example, rcap.max-rss. Like a resource control, this type of attribute is configured in the project database. However, while resource controls are synchronously enforced by the kernel, resource caps are asynchronously enforced at the user level by the resource cap enforcement daemon, rcapd. For information on rcapd, see Chapter 10, Physical Memory Control Using the Resource Capping Daemon (Overview) and rcapd(1M).
The project.pool attribute is used to specify a pool binding for a project. For more information on resource pools, see Chapter 12, Resource Pools (Overview).
Configuring Resource Controls and Attributes
The resource controls facility is configured through the project database. See Chapter 2, Projects and Tasks (Overview). Resource controls and other attributes are set in the final field of the project database entry. The values associated with each resource control are enclosed in parentheses, and appear as plain text separated by commas. The values in parentheses constitute an "action clause." Each action clause is composed of a privilege level, a threshold value, and an action that is associated with the particular threshold. Each resource control can have multiple action clauses, which are also separated by commas. The following entry defines a per-task lightweight process limit and a per-process maximum CPU time limit on a project entity. The process.max-cpu-time would send a process a SIGTERM after the process ran for 1 hour, and a SIGKILL if the process continued to run for a total of 1 hour and 1 minute. See Table 6-3.
development:101:Developers:::task.max-lwps=(privileged,10,deny); process.max-cpu-time=(basic,3600,signal=TERM),(priv,3660,signal=KILL) typed as one line |
Note - On systems that have zones enabled, zone-wide resource controls are specified in the zone configuration using a slightly different format. See Zone Configuration Data for more information.
The rctladm command allows you to make runtime interrogations of and modifications to the resource controls facility, with global scope. The prctl command allows you to make runtime interrogations of and modifications to the resource controls facility, with local scope.
For more information, see Global and Local Actions on Resource Control Values, rctladm(1M) and prctl(1).
Note - On a system with zones installed, you cannot use rctladm in a non-global zone to modify settings. You can use rctladm in a non-global zone to view the global logging state of each resource control.
Available Resource Controls
A list of the standard resource controls that are available in this release is shown in the following table.
The table describes the resource that is constrained by each control. The table also identifies the default units that are used by the project database for that resource. The default units are of two types:
Quantities represent a limited amount.
Indexes represent a maximum valid identifier.
Thus, project.cpu-shares specifies the number of shares to which the project is entitled. process.max-file-descriptor specifies the highest file number that can be assigned to a process by the open(2) system call.
Table 6-1 Standard Project, Task, and Process Resource Controls
Control Name | Description | Default Unit |
|---|---|---|
project.cpu-shares | Number of CPU shares granted to this project for use with the fair share scheduler (see FSS(7)). | Quantity (shares) |
project.max-crypto-memory | Total amount of kernel memory that can be used by libpkcs11 for hardware crypto acceleration. Allocations for kernel buffers and session-related structures are charged against this resource control. | Size (bytes) |
project.max-locked-memory | Total amount of physical locked memory allowed. Note that this resource control replaced project.max-device-locked-memory, which has been removed. | Size (bytes) |
project.max-port-ids | Maximum allowable number of event ports. | Quantity (number of event ports) |
project.max-sem-ids | Maximum number of semaphore IDs allowed for this project. | Quantity (semaphore IDs) |
project.max-shm-ids | Maximum number of shared memory IDs allowed for this project. | Quantity (shared memory IDs) |
project.max-msg-ids | Maximum number of message queue IDs allowed for this project. | Quantity (message queue IDs) |
project.max-shm-memory | Total amount of shared memory allowed for this project. | Size (bytes) |
project.max-lwps | Maximum number of LWPs simultaneously available to this project. | Quantity (LWPs) |
project.max-tasks | Maximum number of tasks allowable in this project. | Quantity (number of tasks) |
project.max-contracts | Maximum number of contracts allowed in this project. | Quantity (contracts) |
task.max-cpu-time | Maximum CPU time that is available to this task's processes. | Time (seconds) |
task.max-lwps | Maximum number of LWPs simultaneously available to this task's processes. | Quantity (LWPs) |
process.max-cpu-time | Maximum CPU time that is available to this process. | Time (seconds) |
process.max-file-descriptor | Maximum file descriptor index available to this process. | Index (maximum file descriptor) |
process.max-file-size | Maximum file offset available for writing by this process. | Size (bytes) |
process.max-core-size | Maximum size of a core file created by this process. | Size (bytes) |
process.max-data-size | Maximum heap memory available to this process. | Size (bytes) |
process.max-stack-size | Maximum stack memory segment available to this process. | Size (bytes) |
process.max-address-space | Maximum amount of address space, as summed over segment sizes, that is available to this process. | Size (bytes) |
process.max-port-events | Maximum allowable number of events per event port. | Quantity (number of events) |
process.max-sem-nsems | Maximum number of semaphores allowed per semaphore set. | Quantity (semaphores per set) |
process.max-sem-ops | Maximum number of semaphore operations allowed per semop call (value copied from the resource control at semget() time). | Quantity (number of operations) |
process.max-msg-qbytes | Maximum number of bytes of messages on a message queue (value copied from the resource control at msgget() time). | Size (bytes) |
process.max-msg-messages | Maximum number of messages on a message queue (value copied from the resource control at msgget() time). | Quantity (number of messages) |
You can display the default values for resource controls on a system that does not have any resource controls set or changed. Such a system contains no non-default entries in /etc/system or the project database. To display values, use the prctl command.