How can I restrict CPU scheduling in FreeBSD 12?












1















How are other admins managing CPU resources on multi-core hosts that run jails, such as allocating the appropriate number of cores for exclusive use by specific jails, and likewise reserving the appropiate number of cores for exclusive use by the host system?



TL;DR



I'm learning how to manage CPUs using rctl(8), /etc/rctl.conf, cpuset(1) and related tools.



As an exercise, I am working with an 8-core system. I wish to dedicate CPUs 0-3 for use solely by the host system processes, and make CPUs 4-7 available solely to jailed processes.



I'm encountering two fundamental problems in my mental landscape of this problem. The first is that since cpuset can apply a CPU mask only to an existing target (process, jail, whatever), I presently have to start a jail first, and THEN restrict its CPU set. This means that jailed processes which are spawned before the cpuset restriction is created will run outside of the CPU set. If those jailed processes are long-lived then they must be restarted after cpuset is invoked in order to ensure that the jail stays within its restriction.



Second, for similar reasons as #1, it is not clear to me how to get the host system to restrict its own CPU usage, so that it doesn't use any of the CPUs that are dedicated to running jails. Again, since a CPU set restriction has to be established before a process is born, it seems that init(8) itself needs to be launched with a restricted CPU set. I cannot find any mechanism by which to do this.



To solve the first problem, that of being able to start a jail with an immediate cpuset restriction, this syntax didn't work in /etc/jail.conf:



path                = "/jail/$name";

test {
jid = 42;
# This is the default value before tweaking:
# exec.start = "/bin/sh /etc/rc";
# restrict this jail to CPU7 only:
exec.start = "/usr/bin/cpuset -c -l 7 /bin/sh /etc/rc";
host.hostname = "test";
ip4.addr = "public|10.160.161.162";
mount.devfs = true;
allow.raw_sockets = true;
allow.sysvipc = true;
}


Another unsuccessful approach was to restore the default value of exec.start and start the jail with:



# cpuset -c -l 7 service jail start test


Regarding the second problem, that of restricting the host system to prevent non-jailed processes (jail id = 0) from using CPUs that are reserved for jailed processes (jail id's > 0, I'm not sure where to begin. The most elegant way would seem to be to restrict init(8) at its very outset, so that any processes it spawns inherit the same CPU restriction. A less elegant hack might be to use rctl.conf to create a CPU restriction based on a particular login class, and assign all users to that login class. That still seems to fail to restrict system daemons which are launched by init before rctl initializes. A naive look at rcorder(8) suggests that rctl runs relatively late in the rc start-up process, at 127th place out of 166 on my system:



# cd /etc/rc.d
# rcorder * | grep -xn rctl
127:rctl
# rcorder * | wc -l
166


What are some solutions and best practices that have been developed to solve this kind of problem? For now I am reading some historical discussion from 2014 regarding the issue of starting init(8) with a specific cpuset. Sadly the patch proposed by the OP of that thread is no longer accessible.










share|improve this question





























    1















    How are other admins managing CPU resources on multi-core hosts that run jails, such as allocating the appropriate number of cores for exclusive use by specific jails, and likewise reserving the appropiate number of cores for exclusive use by the host system?



    TL;DR



    I'm learning how to manage CPUs using rctl(8), /etc/rctl.conf, cpuset(1) and related tools.



    As an exercise, I am working with an 8-core system. I wish to dedicate CPUs 0-3 for use solely by the host system processes, and make CPUs 4-7 available solely to jailed processes.



    I'm encountering two fundamental problems in my mental landscape of this problem. The first is that since cpuset can apply a CPU mask only to an existing target (process, jail, whatever), I presently have to start a jail first, and THEN restrict its CPU set. This means that jailed processes which are spawned before the cpuset restriction is created will run outside of the CPU set. If those jailed processes are long-lived then they must be restarted after cpuset is invoked in order to ensure that the jail stays within its restriction.



    Second, for similar reasons as #1, it is not clear to me how to get the host system to restrict its own CPU usage, so that it doesn't use any of the CPUs that are dedicated to running jails. Again, since a CPU set restriction has to be established before a process is born, it seems that init(8) itself needs to be launched with a restricted CPU set. I cannot find any mechanism by which to do this.



    To solve the first problem, that of being able to start a jail with an immediate cpuset restriction, this syntax didn't work in /etc/jail.conf:



    path                = "/jail/$name";

    test {
    jid = 42;
    # This is the default value before tweaking:
    # exec.start = "/bin/sh /etc/rc";
    # restrict this jail to CPU7 only:
    exec.start = "/usr/bin/cpuset -c -l 7 /bin/sh /etc/rc";
    host.hostname = "test";
    ip4.addr = "public|10.160.161.162";
    mount.devfs = true;
    allow.raw_sockets = true;
    allow.sysvipc = true;
    }


    Another unsuccessful approach was to restore the default value of exec.start and start the jail with:



    # cpuset -c -l 7 service jail start test


    Regarding the second problem, that of restricting the host system to prevent non-jailed processes (jail id = 0) from using CPUs that are reserved for jailed processes (jail id's > 0, I'm not sure where to begin. The most elegant way would seem to be to restrict init(8) at its very outset, so that any processes it spawns inherit the same CPU restriction. A less elegant hack might be to use rctl.conf to create a CPU restriction based on a particular login class, and assign all users to that login class. That still seems to fail to restrict system daemons which are launched by init before rctl initializes. A naive look at rcorder(8) suggests that rctl runs relatively late in the rc start-up process, at 127th place out of 166 on my system:



    # cd /etc/rc.d
    # rcorder * | grep -xn rctl
    127:rctl
    # rcorder * | wc -l
    166


    What are some solutions and best practices that have been developed to solve this kind of problem? For now I am reading some historical discussion from 2014 regarding the issue of starting init(8) with a specific cpuset. Sadly the patch proposed by the OP of that thread is no longer accessible.










    share|improve this question



























      1












      1








      1








      How are other admins managing CPU resources on multi-core hosts that run jails, such as allocating the appropriate number of cores for exclusive use by specific jails, and likewise reserving the appropiate number of cores for exclusive use by the host system?



      TL;DR



      I'm learning how to manage CPUs using rctl(8), /etc/rctl.conf, cpuset(1) and related tools.



      As an exercise, I am working with an 8-core system. I wish to dedicate CPUs 0-3 for use solely by the host system processes, and make CPUs 4-7 available solely to jailed processes.



      I'm encountering two fundamental problems in my mental landscape of this problem. The first is that since cpuset can apply a CPU mask only to an existing target (process, jail, whatever), I presently have to start a jail first, and THEN restrict its CPU set. This means that jailed processes which are spawned before the cpuset restriction is created will run outside of the CPU set. If those jailed processes are long-lived then they must be restarted after cpuset is invoked in order to ensure that the jail stays within its restriction.



      Second, for similar reasons as #1, it is not clear to me how to get the host system to restrict its own CPU usage, so that it doesn't use any of the CPUs that are dedicated to running jails. Again, since a CPU set restriction has to be established before a process is born, it seems that init(8) itself needs to be launched with a restricted CPU set. I cannot find any mechanism by which to do this.



      To solve the first problem, that of being able to start a jail with an immediate cpuset restriction, this syntax didn't work in /etc/jail.conf:



      path                = "/jail/$name";

      test {
      jid = 42;
      # This is the default value before tweaking:
      # exec.start = "/bin/sh /etc/rc";
      # restrict this jail to CPU7 only:
      exec.start = "/usr/bin/cpuset -c -l 7 /bin/sh /etc/rc";
      host.hostname = "test";
      ip4.addr = "public|10.160.161.162";
      mount.devfs = true;
      allow.raw_sockets = true;
      allow.sysvipc = true;
      }


      Another unsuccessful approach was to restore the default value of exec.start and start the jail with:



      # cpuset -c -l 7 service jail start test


      Regarding the second problem, that of restricting the host system to prevent non-jailed processes (jail id = 0) from using CPUs that are reserved for jailed processes (jail id's > 0, I'm not sure where to begin. The most elegant way would seem to be to restrict init(8) at its very outset, so that any processes it spawns inherit the same CPU restriction. A less elegant hack might be to use rctl.conf to create a CPU restriction based on a particular login class, and assign all users to that login class. That still seems to fail to restrict system daemons which are launched by init before rctl initializes. A naive look at rcorder(8) suggests that rctl runs relatively late in the rc start-up process, at 127th place out of 166 on my system:



      # cd /etc/rc.d
      # rcorder * | grep -xn rctl
      127:rctl
      # rcorder * | wc -l
      166


      What are some solutions and best practices that have been developed to solve this kind of problem? For now I am reading some historical discussion from 2014 regarding the issue of starting init(8) with a specific cpuset. Sadly the patch proposed by the OP of that thread is no longer accessible.










      share|improve this question
















      How are other admins managing CPU resources on multi-core hosts that run jails, such as allocating the appropriate number of cores for exclusive use by specific jails, and likewise reserving the appropiate number of cores for exclusive use by the host system?



      TL;DR



      I'm learning how to manage CPUs using rctl(8), /etc/rctl.conf, cpuset(1) and related tools.



      As an exercise, I am working with an 8-core system. I wish to dedicate CPUs 0-3 for use solely by the host system processes, and make CPUs 4-7 available solely to jailed processes.



      I'm encountering two fundamental problems in my mental landscape of this problem. The first is that since cpuset can apply a CPU mask only to an existing target (process, jail, whatever), I presently have to start a jail first, and THEN restrict its CPU set. This means that jailed processes which are spawned before the cpuset restriction is created will run outside of the CPU set. If those jailed processes are long-lived then they must be restarted after cpuset is invoked in order to ensure that the jail stays within its restriction.



      Second, for similar reasons as #1, it is not clear to me how to get the host system to restrict its own CPU usage, so that it doesn't use any of the CPUs that are dedicated to running jails. Again, since a CPU set restriction has to be established before a process is born, it seems that init(8) itself needs to be launched with a restricted CPU set. I cannot find any mechanism by which to do this.



      To solve the first problem, that of being able to start a jail with an immediate cpuset restriction, this syntax didn't work in /etc/jail.conf:



      path                = "/jail/$name";

      test {
      jid = 42;
      # This is the default value before tweaking:
      # exec.start = "/bin/sh /etc/rc";
      # restrict this jail to CPU7 only:
      exec.start = "/usr/bin/cpuset -c -l 7 /bin/sh /etc/rc";
      host.hostname = "test";
      ip4.addr = "public|10.160.161.162";
      mount.devfs = true;
      allow.raw_sockets = true;
      allow.sysvipc = true;
      }


      Another unsuccessful approach was to restore the default value of exec.start and start the jail with:



      # cpuset -c -l 7 service jail start test


      Regarding the second problem, that of restricting the host system to prevent non-jailed processes (jail id = 0) from using CPUs that are reserved for jailed processes (jail id's > 0, I'm not sure where to begin. The most elegant way would seem to be to restrict init(8) at its very outset, so that any processes it spawns inherit the same CPU restriction. A less elegant hack might be to use rctl.conf to create a CPU restriction based on a particular login class, and assign all users to that login class. That still seems to fail to restrict system daemons which are launched by init before rctl initializes. A naive look at rcorder(8) suggests that rctl runs relatively late in the rc start-up process, at 127th place out of 166 on my system:



      # cd /etc/rc.d
      # rcorder * | grep -xn rctl
      127:rctl
      # rcorder * | wc -l
      166


      What are some solutions and best practices that have been developed to solve this kind of problem? For now I am reading some historical discussion from 2014 regarding the issue of starting init(8) with a specific cpuset. Sadly the patch proposed by the OP of that thread is no longer accessible.







      freebsd






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 14 at 22:36







      Jim L.

















      asked Jan 11 at 22:30









      Jim L.Jim L.

      41117




      41117






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1393365%2fhow-can-i-restrict-cpu-scheduling-in-freebsd-12%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1393365%2fhow-can-i-restrict-cpu-scheduling-in-freebsd-12%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Сан-Квентин

          8-я гвардейская общевойсковая армия

          Алькесар