Information Technology Reference
In-Depth Information
6.2.2.2 Memory Controls
Containers also offer several memory controls. Each control can be configured
separately, or various controls can be used in any combination. Some constrain
the use of a physical resource, such as the RAM cap or the virtual memory cap.
The latter is a physical resource because it is the sum of RAM and swap space.
Other memory controls limit the use of special types of memory resources that
the kernel provides, including locked memory and shared memory. The virtual
memory system does not page those memory pages out to the swap device. If one
Container allocates a lot of locked memory or shared memory, it can prevent other
Containers from allocating sufficient memory to run well. The ability to lock down
pages must be limited to prevent one Container from locking down all of its memory
pages, thereby potentially starving other Containers and preventing them from us-
ing RAM. This feat can be accomplished through the proper use of resource controls.
Virtual Memory Tools
A virtual memory cap prevents one Container from using
more swap space than it should. Over-utilization of this resource can happen when
a workload grows too quickly, or it can be caused by an application that “leaks”
memory. It may also result from a denial-of-service attack that tries to starve the
system of swap space. A system that runs out of swap space has little recourse, and
will either crash, stop itself gracefully, or forcefully halt processes in an attempt
to free up swap space.
The virtual memory cap that can be assigned to each Container is called a
“swap cap.” That name is a bit misleading, because it really limits the amount of
virtual memory (physical RAM plus swap disk usage). The following command can
be used to limit a zone to 4 GB of virtual memory:
GZ#
zonecfg -z web
zonecfg:web>
add capped-memory
zonecfg:web:capped-memory>
set swap=4g
zonecfg:web:capped-memory>
end
zonecfg:web>
exit
GZ#
zoneadm -z web reboot
This limit can be queried using the following command:
GZ#
prctl -n zone.max-swap -i zone web
zone: 6: web
NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT
zone.max-swap privileged 4.0GB - deny -
system 16.0EB max deny -
After the zone has been rebooted, the processes running in that Container will
be able to use only 4 GB of virtual memory, in aggregate. The first attempt by one
Search WWH ::
Custom Search