SOLARIS RESOURCE MANAGER & DYNAMIC RESOURCE POOLS

 Restrict access to a specific resource
 Offer resources to workloads on a preferential basis
 Isolate workloads from each another

Projects and tasks

* Project(s) Database file : /etc/project
* Other useful file : /etc/user_attr

• create a project
# projadd -p 100 -U oracle myproject

• Delete a project
# projdel myproject

• Modify project attribute(s)
# projmod -U paul,fred myproject

• Switching to a project
# newtask -p myproject /opt/apache/bin/apachectl start

• Re-allocate a process to a project
# newtask -p myproject -c PID

• Monitoring processes in a project
# ps -eo user,pid,uid,projid...
# id -p
# prstat -J (project)
# prstat -T (task)

Resource Control

The resource control feature limit resources usage on a per-processe(s), per-task(s)
or per-project(s) basis.
In Solaris10 Kernel tunable parameters are no longer supported into /etc/system

• Add a resource control to a project
# projmod -a -K "project.max-lwps=(priv,1000,deny)"

• Modify a resource control for a project
# projmod -s -K project.max-lwps=(priv,1000,none),(priv,2000,deny)"

• Remove a resource control
# projmod -r -K "project.max-lwps"

• Resource Control Attributes for project, task& process are:

project.cpu-shares
=> Number of CPU shares granted to this project for use with the fair share scheduler
project.max-crypto-memory
=> Total amount of kernel memory can be used by libpkcs11 for hardware crypto acceleration
project.max-device-locked-memory
=> Total amount of locked memory allowed
project.max-port-ids
=> Maximum allowable number of event ports
project.max-shm-ids
=> Maximum number of shared memory IDs allowed for this project
project.max-sem-ids
=> Maximum number of semaphore IDs allowed for this project
project.max-msg-ids
=> Maximum number of message queue IDs allowed for this project
project.max-shm-memory
=> Total amount of shared memory allowed for this project
project.max-lwps
=> Maximum number of LWPs simultaneously available to this project
project.max-tasks
=> Maximum number of tasks allowable in this project
project.max-contracts
=> Maximum number of contracts allowed in this project

task.max-cpu-time
=> Maximum CPU time that is available to this task's processes
task.max-lwps
=> Maximum number of LWPs simultaneously available to this task's processes

process.max-cpu-time
=> Maximum CPU time that is available to this process
process.max-file-descriptor
=> Maximum file descriptor index available to this process
process.max-file-size
=> Maximum file offset available for writing by this process
process.max-core-size
=> Maximum size of a core file created by this process
process.max-data-size
=> Maximum heap memory available to this process
process.max-stack-size
=> Maximum stack memory segment available to this process
process.max-address-space
=> Maximum amount of address space that is available to this process
process.max-port-events
=> Maximum allowable number of events per event port
process.max-sem-nsems
=> Maximum number of semaphores allowed per semaphore set
process.max-sem-ops
=> Maximum number of semaphore operations allowed per semop call
process.max-msg-qbytes
=> Maximum number of bytes of messages on a message queue
process.max-msg-messages
=> Maximum number of messages on a message queue

• Resource-wide Control attributes for a Zone are:
  

zone.cpu-shares
=> Number of CPU shares granted to this zone for use with the fair share scheduler
zone.max-lwps
=> Maximum number of LWPs simultaneously available to this zone

• Resource-wide Control attribute for a Pool is:

project.pool
=> Specify a pool binding for a project

• Resource-wide Control for memory

rcap.max-rss
=> Specify a value (gb, mb ...) for memory capping

* Resource Control attributes values are a privilege, a threshold and an action

• Resource Control Privileges are :

basic => process owner can modify the threshold value
privileged => only superuser can modify threshold value
system => fixed during execution of the system instance

• Resource Control Local Actions values are :

none => No action is taken on resource requests for an amount that is greater than the threshold
deny => You can deny resource requests for an amount that is greater than the threshold
signal => You can enable a global signal message action when the resource control is exceeded (SIGTERM, SIGKILL ...)

• Display local values and actions (rctl) for a running process (or project, zone and task)

# prctl -n process.max-cpu-time

• Enable an local action

# prctl -n project.max-lwps -e deny -i project

• Modify threshold value of an attribute

# prctl -n(name) project.max-device-locked-memory -v(value) 300000000 -r(replace) -i project
# prctl -n project.max-lwps -t(privilege) privileged -v 3 -e deny -i project

# prctl -n task.max-lwps -v 40 -t privileged -d all `pgrep httpd`
=> place a privileged rctl on the tasks that contain an httpd process
=> Limit each task's total number of LWPs to 40, and disable all local actions

=> Global actions are defined for the system wide and can be monitored

• Global Actions logging values are :

debug, info, notice, warning, err, crit, alert, emerg

• Display global actions on Resource Control attributes

# rctladm -l
# cat /etc/rctladm.conf (do not edit)

• Global Action Flags

lowerable => Superuser privileges are not required to lower the privileged values for this control
no-deny => Even when threshold values are exceeded, access to the resource is never denied
cpu-time => SIGXCPU is available to be sent when threshold values of this resource are reached
seconds => The time value for the resource control

• Enable logging of global action

# rctladm -e syslog project.cpu-shares

• Modify a global action logging value

# rctladm -e syslog=alert process.max-cpu-time

• Disable logging on a global action

# rctladm -d syslog project.cpu-shares

=> Resource Control are enforced by the process first, then by the task and finally by project