[Vserver] Re: [Devel] Container Test Campaign

Kir Kolyshkin kir at openvz.org
Tue Jul 4 07:52:07 PDT 2006


Clément Calmels wrote:
> Hi,
>
>   
>>> I'm wondering why a default 'guest' creation implies some resources
>>> restrictions? Couldn't the resources be unlimited? I understand the need
>>> for resource management, but the default values look a little bit
>>> tiny...
>>>   
>>>       
>> The reason is security. A guest is untrusted by default, though sane 
>> limits are applied. Same as ulimit which has some sane defaults (check 
>> output of ulimit -a). Same as those kernel settings from /proc/sys -- 
>> should /proc/sys/fs/file-max be 'unlimited' by default?
>>     
>
> Ok. So as our benchmarks have no security concern, you will see no
> objection if I set all the parameters in the 'guest' to their value in
> the host, won't you?
Sure.

In case you are testing performance (but not, say, isolation), you can 
definitely set all the UBCs to unlimited values (i.e. both barrier and 
limit for each parameter should be set to MAX_LONG). The only issues is 
with vmguarpages parameter, because this is a guarantee but not limit -- 
but unless you are doing something weird it should be OK to set to to 
MAX_LONG as well.

Another approach is to generate sample config (for the given server) 
using vzsplit utility with the number of VEs set to 1, like this:
# vzsplit -f one-ve -n 1 [-s xxx]
and use it for new VE creation:
# vzctl create 123 --config one-ve




More information about the Devel mailing list