solaris containers: resource management and zones · solaris containers: resource management and...
TRANSCRIPT
Solaris Containers:Resource Management and Zones
Operating Systems AdministrationTobias Pape2008-06-04
Tobias Pape | Solaris Containers | 2008-06-04
Outline
■A Short Introduction to Solaris■Solaris Resource Management□Pools□Capping
■Solaris Zones■Combining Effort—Containers
■Demo
3
Tobias Pape | Solaris Containers | 2008-06-04
A Short Introduction to Solaris
■By Sun Microsystems■“Genuine,” free UNIX (OpenSolaris)□Until SunOS 4, BSD-based□Since SunOS 5 (Solaris 2), System VR4-based
■Supports SPARC, x86, x64■Server-targeted, workstation-capable■Certified against SUS□Dell, IBM, Intel, (not yet HP)
4
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource Management5
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource Management
Idea: Different resource sets for different computation entities
5
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource Management
Idea: Different resource sets for different computation entitiesManagement approaches■Partitioning of resources■Constraining of workload■Scheduling of concurrent resources and workloads
5
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource Management
Idea: Different resource sets for different computation entitiesManagement approaches■Partitioning of resources■Constraining of workload■Scheduling of concurrent resources and workloads
5
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource Management
Idea: Different resource sets for different computation entitiesManagement approaches■Partitioning of resources■Constraining of workload■Scheduling of concurrent resources and workloads
Manageable resource types■CPU, Memory, Space, Network
5
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource ManagementComputation entities
6
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource ManagementComputation entities
Process, Lightweight Process (LWP)■ Basic computation entity (cf. threads, processes)
6
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource ManagementComputation entities
Process, Lightweight Process (LWP)■ Basic computation entity (cf. threads, processes)
Task■ Collection of processes; owned by a project
6
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource ManagementComputation entities
Process, Lightweight Process (LWP)■ Basic computation entity (cf. threads, processes)
Task■ Collection of processes; owned by a project
Project■ Coll. of processes/tasks; assignable to users/groups
6
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource ManagementComputation entities
Process, Lightweight Process (LWP)■ Basic computation entity (cf. threads, processes)
Task■ Collection of processes; owned by a project
Project■ Coll. of processes/tasks; assignable to users/groups
Zone
■ Virtual System
6
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource ManagementComputation entities
Process, Lightweight Process (LWP)■ Basic computation entity (cf. threads, processes)
Task■ Collection of processes; owned by a project
Project■ Coll. of processes/tasks; assignable to users/groups
Zone
■ Virtual System(System)
6
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource ManagementPartitioning: Pools
Pool■Dynamic resource collection (actually, CPUs only)■Independent scheduling entity
Processor sets (psrset(1M))■Range of number of CPUs to usepoolbind(1M)
■Bind process/task/project/zone to a specific poolpoolcfg(1M)
■Configure pools and psrsets
7
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource ManagementConstraining: Capping
8
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource ManagementConstraining: Capping
rcapd(1m) “resource capping daemon”■Memory capping (RSS)■Per-project or Per-zone
8
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Resource ManagementConstraining: Capping
rcapd(1m) “resource capping daemon”■Memory capping (RSS)■Per-project or Per-zone
Resource Control (rcapadm(1m),prctl(1))■CPU/LWP/… capping■CPU: discrete or share-based■Applicable to all computation entities
8
Tobias Pape | Solaris Containers | 2008-06-04
Solaris Zones
OS level virtualization facilityIsolated and secure system environment □boundary separation□non-escapable file system, own process hierarchy
■global zone represents host systemBest Practice:■One Application per Zone
zonecfg(1M), zoneadm(1M)■Configure and administer zones
9
Tobias Pape | Solaris Containers | 2008-06-04
10
Solaris ZonesZone life-cycle
Configured
Start
Installed
install
Ready
ready
install failed
uninstall failed
Running
boot
boot
Incomplete
Shuting
Down
halt
Down
uninstall
Tobias Pape | Solaris Containers | 2008-06-04
Combining EffortContainers
“A Solaris Container is■a Solaris Zone ( boundary separation)■with applied resource control”
Example Use Cases■VRoot webserver■Development/Test/Production environment■Training systems
11
Tobias Pape | Solaris Containers | 2008-06-04
Demo
zlogin zonecfg zoneadm zonename poolcfg pooladm poolstat prctl prstat rctladm rcapad cpu-shares cpu-caps max-lwps max-swap max max-msg-ids max-sem-ids max max -shm-ids max-shm-memory max-locked-memory dedicated-cpu ncpus importance transfer pset capped-memory physical rcapstat swap locked-memory ptrconf scheduling-class capped-cpu poolbind rctl psrinfo psradm fss
12
Tobias Pape | Solaris Containers | 2008-06-04
References
[DG08] Detlef Drewanz and Ulrich Gräf, Solaris 10 Container Leitfaden, Sun Microsystems, 2.0 ed., January 2008.
[DHS06] Rolf Dietze, Tatjana Heuser, and Jörg Schilling, OpenSolaris für Anwender, Administratoren und Rechenzentren, Springer, 2006.
[Dre08] Detlef Drewanz, Solaris Container Resource Management, Sun Microsystems, 2008.
[Kuh] Fred Kuhns, Threads.[Sin] Amit Singh, A Taste of Computer Security.[Sun] Sun Microsystems, Solaris Containers How To
Guide.
13
Tobias Pape | Solaris Containers | 2008-06-04
References
[DG08] Solaris 10 Container Leitfaden, http://blogs.sun.com/solarium/entry/solaris_container_leitfaden_2_0
[DHS06] OpenSolaris für Anwender, Administratoren und Rechenzentren,http://dx.doi.org/10.1007/3-540-33487-4
[Dre08] Solaris Container Resource Management,http://wikis.sun.com/download/attachments/16418664/solaris-container-rm-v5.pdf?version=1
[Kuh] Threads, http://www.arl.wustl.edu/~fredk/Courses/cse522/fall03/Lectures/threads.ppt
[Sin] A Taste of Computer Security, http://www.kernelthread.com/publications/security/solaris.html
[Sun] Solaris Containers How To Guide, http://www.sun.com/software/solaris/howtoguides/containersLowRes.jsp
14
Tobias Pape | Solaris Containers | 2008-06-04
Review
■Powerful individual administrative facilities■Easily combinable■Security and stability through separation
Discussion■Hardware supported virtualization necessary?■Better “chroot” or hardly Xen? xVM?■Large scale? Mid scale? No scale at all?
15