Solaris 10’s Resource Management and Shell Limit(ulimit)

Solaris 10’s Resource Management

One of the best known features in Solaris is Resource management. This mechanism allows controlling resource for each and every process which is big advantage in system administration.System precious resources like CPU & memory also can be controlled by using projects and newtask feature.

Advertisements

Resource Management:
A resource controls are identified by following prefix
1.   zone (Ex:zone.cpu-shares)
2.   project (Ex:project.max-shm-memory)
3.  task (Ex:task.max-lwps)
4.  process (Ex:process.max-stack-size)

Resource controls can be observed on a system-wide basis and possible to update resource control values on a running system. In older system we need to deal with ulimit command and most of the time we use to set in /etc/profile file to take effect for all users. But in Solaris 10, we can easily manage shell limits using simple prctl command.

Levels: Each resource control threshold needs to be associated with one of the following privilege levels:

basic:  Can be modified by owner of calling process. 
(In older term, we call it as Soft limit.These settings can be viewed using ulimit -Sa )
privileged:  Only modifiable by superuser
(In older term, we call it as Hard limit.These settings can be viewed using ulimit -Ha )
system: Fixed for the duration of the operating system instance
(System’s maximum value.You can’t set the privileged more than system value)

Actions: It is possible to use rctladm to specify one of the following actions on a process that violates the control: ·         none:  No action taken. (Useful for monitoring.) ·         deny:  Denies a request. ·         signal:  Enable a signal.(i.e   SIGTERM , SIGKILL )

To check current soft shell limits, enter the following command: $ ulimit -Sa Ex:To find the Maximum open files soft limit bash-3.00# ulimit -Sn 8192
To check maximum hard limits, enter the following command: $ ulimit -Ha Ex:To find the Maximum open files hard limit. bash-3.00# ulimit -Hn 61921
We can find the same using prctl , bash-3.00# prctl -n process.max-file-descriptor $$ process: 6414: bash NAME    PRIVILEGE       VALUE    FLAG   ACTION     RECIPIENT process.max-file-descriptor  basic         8.19K     –   deny    6414—–>8.19K is soft limit(Basic).It can be increased by user.  privileged   61.9K   –   deny  – —–>61.9k is hard limit( privileged ). Only Root  modify this.  system     2.15G  max   deny    – ——>2.15G is system maximum limit. Otherwords privileged max value.
To Display default resource control value:

bash-3.2# prctl -n process.max-file-descriptor $$
process: 12372: bash
NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT
process.max-file-descriptor
        basic             256       -   deny                             12372
        privileged      65.5K       -   deny                                 -
        system          2.15G     max   deny                                 -
bash-3.2# prctl -n process.max-stack-size $$
process: 12372: bash
NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT
process.max-stack-size
        basic           8.00MB      -   deny                             12372
        privileged      8.00EB      -   deny                                 -
        system          8.00EB    max   deny                                 -

Experiment:

I am creating the new user called linges and setting the resource control on fly using project control.

bash-3.00# useradd -m -d /export/home/linges -s /bin/bash linges
64 blocks
bash-3.00# cat /etc/project
system:0::::
user.root:1::::
noproject:2::::
default:3::::
group.staff:10::::

Creating the new project called “limitedusers”

bash-3.00# projadd limitedusers
bash-3.00# cat /etc/project
system:0::::
user.root:1::::
noproject:2::::
default:3::::
group.staff:10::::
limitedusers:100::::

Adding the newly created user to in to “limitedusers” project.

bash-3.00# projmod -U linges limitedusers
bash-3.00# cat /etc/project
system:0::::
user.root:1::::
noproject:2::::
default:3::::
group.staff:10::::
limitedusers:100::linges::

Here i am setting maximum openfile’s softlimit to 8192 and maximum hard limit to 61921 using below command.

bash-3.00# projmod -s -K 'process.max-file-descriptor=(basic,8192,deny),(privileged,61921,deny)' limitedusers

Method :1 to verify the new values To check the current project.

bash-3.00# id -p
uid=0(root) gid=0(root) projid=1(user.root)

We can gain new project using below command.

bash-3.00# newtask -p limitedusers bash
bash-3.00# id -p
uid=0(root) gid=0(root) projid=100(limitedusers)

Now we can check new values using prctl command.

bash-3.00# prctl -n process.max-file-descriptor $$
process: 6414: bash
NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT
process.max-file-descriptor
        basic           8.19K       -   deny                              6414
        privileged      61.9K       -   deny                                 -
        system          2.15G     max   deny                                 -

you can verify Using ulimit ,

bash-3.00# ulimit -Ha
core file size        (blocks, -c) unlimited
data seg size         (kbytes, -d) unlimited
file size             (blocks, -f) unlimited
open files                    (-n) 61921
pipe size          (512 bytes, -p) 10
stack size            (kbytes, -s) unlimited
cpu time             (seconds, -t) unlimited
max user processes            (-u) 16245
virtual memory        (kbytes, -v) unlimited
bash-3.00# ulimit -Sa
core file size        (blocks, -c) unlimited
data seg size         (kbytes, -d) unlimited
file size             (blocks, -f) unlimited
open files                    (-n) 8192
pipe size          (512 bytes, -p) 10
stack size            (kbytes, -s) 1347
cpu time             (seconds, -t) unlimited
max user processes            (-u) 16245
virtual memory        (kbytes, -v) unlimited
bash-3.00# ulimit -Sn
8192
bash-3.00# ulimit -Hn
61921

Method :2 to verify the new values

Otherwise, we can login to user which is part of project “limitedusers” to verify the settings.

bash-3.00# su - linges
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
-bash-3.00$ prctl -n process.max-file-descriptor $$
process: 7369: -bash
NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT
process.max-file-descriptor
        basic           8.19K       -   deny                              7369
        privileged      61.9K       -   deny                                 -
        system          2.15G     max   deny                                 -
-bash-3.00$ ulimit -Sn
8192
-bash-3.00$ ulimit -Hn
61921

Setting Unlimited:

In older days we use to set value “unlimited” for shell limits. But in Resource Management you can’t use the word “unlimited” as the resource controls have no concept of “unlimited”. Instead, you just need to set the value to the maximum allowed system value. For example, to see the maximum stack size, use:

bash-3.00# prctl -P -t system -n process.max-stack-size $$
process: 29525: bash
process.max-stack-size system 137988707188736 max deny -

Here i am setting stack size hardlimit as system’s stack size.(Which is equal to unlimited value)

bash-3.00# projmod -s -K "process.max-stack-size=(basic,10MB,deny),(privileged,137988707188736,deny)" limitedusers
-bash-3.00$ prctl -n process.max-stack-size $$
process: 7605: -bash
NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT
process.max-stack-size
        basic           10.0MB      -   deny                              7605--------------->Soft Limit
        privileged       125TB      -   deny                                 - -------------->Hard Limit
        system           125TB    max   deny                            - -------------->Maximum System Limit
-bash-3.00$ ulimit -Ha
core file size        (blocks, -c) unlimited
data seg size         (kbytes, -d) unlimited
file size             (blocks, -f) unlimited
open files                    (-n) 61921
pipe size          (512 bytes, -p) 10
stack size            (kbytes, -s) unlimited
cpu time             (seconds, -t) unlimited
max user processes            (-u) 16245
virtual memory        (kbytes, -v) unlimited
-bash-3.00$ ulimit -Sa
core file size        (blocks, -c) unlimited
data seg size         (kbytes, -d) unlimited
file size             (blocks, -f) unlimited
open files                    (-n) 8192
pipe size          (512 bytes, -p) 10
stack size            (kbytes, -s) 10240
cpu time             (seconds, -t) unlimited
max user processes            (-u) 16245
virtual memory        (kbytes, -v) unlimited
-bash-3.00$ ulimit -Ss
10240
-bash-3.00$ ulimit -Hs
unlimited                       -

Here I tried to set value which is higher that than the system value and its end up with error “exceeds system limit”.Which means you can’t set value higher than the system value.

bash-3.00# projmod -s -K "process.max-stack-size=(privileged,9223372036854775807,deny)" limitedusers
projmod: rctl "process.max-stack-size" value "9223372036854775807" exceeds system limit

We can verify using root account also by gaining access via newtask

bash-3.00# newtask -p limitedusers bash
bash-3.00# id -p
uid=0(root) gid=0(root) projid=100(limitedusers)
-bash-3.00# ulimit -Ss
10240
-bash-3.00# ulimit -Hs
unlimited

Important parameters in IPC in solaris

• project.max-shm-ids

: Maximum shared memory IDs for a project. 

• project.max-sem-ids

: Maximum semaphore IDs for a project.

• project.max-msg-ids

: Maximum message queue IDs for a project. 

• project.max-shm-memory

: Total amount of shared memory allowed for a project. 

• process.max-sem-nsems

: Maximum number of semaphores allowed per semaphore set. 

• process.max-sem-ops

: Maximum number of semaphore operations allowed per semop. 

• process.max-msg-messages

: Maximum number of messages on a message queue. 

• process.max-msg-qbytes

: Maximum number of bytes of messages on a message queue.