Pages

Monday, February 4, 2013

Controlling Resources


Many Times as a Sys admin,I see users create different scripts or process that cause a system failure. Many times there are done with out the knowledge of the scripts or process effectively.

One of the dangers associated with the thin client model is that a runaway process might eat up all of the available system memory and/or cpu on the host system. When this happens, the performance on that system can degrade resulting in system hangs, freezes, and a host of other generally undesirable consequences.

sysctl.conf ( System Level )
The number of concurrently open file descriptors throughout the system can be changed via /etc/sysctl.conf file under Linux operating systems.

So you can increase the maximum number of open files by setting a new value in kernel variable /proc/sys/fs/file-max as follows (login as the root):

sysctl -w fs.file-max=100000

Also we can edit the sysctl.conf file and add
fs.file-max = 100000

Save and close the file. Users need to log out and log back in again to changes take effect or just type the following command:
# sysctl -p

check the changes using
sysctl fs.file-max

Limits.conf ( User Level )
The limits.conf is a file located in /etc/security. This file provides the ability to specify the user and group level limits to specific resources like memory , cpu etc. Limits set in this file are set on a per user or per group basis.

The basic syntax for limits.conf consists of individual lines with values of the following types:
(domain) (type) (item) (value)
where domain is user or group, type refers to a hard or soft limit, item refers to the resource being limited and value referring to the value associated with the limit being set. For example, setting the following value:

me hard priority 20

places a hard limit on the priority with which jobs are scheduled for a user named 'me'. In this case, user 'me' is always scheduled at the lowest possible priority.

Some more examples include ,

guest hard cpu 10 : max CPU time

Ulimt
In Linux , there is a way to restrict things that a user is allowed to do. This can be achieved by using the 'ulimit' command. This is available as a part of the shell is that you can include it in the individual user's profile and have it apply to them, or place your restrictions in /etc/security/limits.conf and have them apply to all users.

One important thing is that ulimit cant be used to manage file space. This is specifically used to manage process and we can limit then in three ways
Unlimited ( the Default one)
Hard Limit ( the User Cannot Exceed this)
Soft Limit (The Users may exceed this)

These are based on the parameters -H and -S that we pass .A hard limit cannot be increased, while a soft limit can be increased until it reaches the value of a hard limit

When we run the 'ulimit -a' command

LocalHost:Root -~ $ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) 1073741824
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 32832
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) 1073741824
open files (-n) 8192
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 32832
virtual memory (kbytes, -v) 1073741824
file locks (-x) unlimited

If there are no hard or soft restrictions set, the response returned will simply be “unlimited." This does not mean there are not limits.

Here are Explanation of the Output

CPU TIME - Limits the number of CPU seconds a process can use (not clock seconds). CPU time is the amount of time the CPU actual spends executing processor instructions and is often much less than the total program "runs time".

VIRTUAL MEMORY SIZE - the most useful of the memory-related limitations, because it includes all types of memory, including the stack, the heap, and memory-mapped files. Specified in kilobytes. For Single Process

DATA SEGMENT SIZE - Limits the amount of memory that a process can allocate on the heap, Specified in kilobytes. For Single Process

STACK SIZE - Limits the amount of memory a process can allocate on the stack. Specified in kilobytes.
FILE SIZE - Limits the maximum size of any one file a process can create. Specified in 512-byte blocks.

MAX USER PROCESSES - limits the number of processes the current user is permitted to have in the process table at one time. Attempts to start additional processes will fail.

OPEN FILES - limits the number of file descriptors belonging to a single process. "File descriptors" includes not only files but also sockets for Internet communication. Attempts to open additional file descriptors will fail.

LOCKED MEMORY - this parameter limits the maximum amount of memory that can be "locked down" to a specific address in physical memory by a given process. In practice, only the root user can lock memory in this fashion. Specified in kilobytes, in the bash shell, as found in
Linux and many other systems.

MAX RESIDENT SET SIZE - this parameter limits the amount of memory that can be "swapped in" to physical RAM on behalf of any one process. Specified in kilobytes.

MAX TOTAL SOCKET BUFFER SIZE - this parameter limits the total amount of memory that may be taken up by buffers holding network data on behalf of a given process. Specified in bytes.

PIPE SIZE - when two Unix processes communicate via a pipe or FIFO (first in first out) buffer, as in the simple case of paging through a directory listing with the command "ls | more", the output of the first command is buffered before transmission to the second. The size of this buffer, in bytes, is the pipe size. This is typically not an adjustable parameter, except at kernel compile time.

CORE FILE SIZE - Limits the size of a "core" file left behind when a process encounters a segmentation fault or other unexpected fatal error. Core files are images of the entire memory space used by the process at the time of the crash, and can be used to examine the state
of the process. Specified in 512-byte blocks.

Changing the Values
These values can be changed using the 'ulimit' it self.

For example, to reduce the number of processes a user can have from the default to 100, you can use the command

ulimit –u 100

and then try 'ulimit -a' for the updated result.

To Set the Hard Limit and Soft Limit use

Local host-~ $ ulimit –S –u 100
100

Local host-~ $ ulimit –H –u 8192
8192

To set a value to unlimited, use the word itself: ulimit –u unlimited .

To see only one value, specify that parameter. For example, to see the soft value of user processes, enter: ulimit –Su


Happy Learning