Resources available for OpenVZ containers.
Resources that can be set, include disk space usage, memory usage, CPU usage, and more.
Restricting and setting hard limits of what is permitted in a container ensures that no tasks within the container can get greedy and steal resources from other containers or the host system itself.
First, look at the vzlist tool. This will provide information on any installed containers which makes managing them simpler vzlist tool
This will provide information on any installed containers which makes managing them simpler:
How to increase the available disk space from 1GB to something more useful like 10GB.
Check disk space.
The above increases the default 1GB drive space available to a barrier of 10GB and a maximum limit of 11GB.
# vzctl set 101 –diskspace 10G:11G –save
# vzctl exec 101 df -hT
There are two ways to change settings for containers. The first is using vzctl as above (remember to use the -save option to make the changes persistent). The second is to edit the configuration file for the container. For a container with a CTID of 101, the file would be /etc/sysconfig/vz-scripts/101.conf.
Controlling Server Resources from denial of service using Xinetd
Another important feature of xinetd is its ability to control the amount of resources which services under its control can utilize.
It does this by way of the following directives:
cps = [number_of_connections] [wait_period] — Dictates the connections allowed to the service per second. This directive accepts only integer values.
instances = [number_of_connections] — Dictates the total number of connections allowed to a service. This directive accepts either an integer value or UNLIMITED.
per_source = [number_of_connections] — Dictates the connections allowed to a service by each host. This directive accepts either an integer value or UNLIMITED.
rlimit_as = [number[K|M]] — Dictates the amount of memory address space the service can occupy in kilobytes or megabytes. This directive accepts either an integer value or UNLIMITED.
rlimit_cpu = [number_of_seconds] — Dictates the amount of time in seconds that a service may occupy the CPU. This directive accepts either an integer value or UNLIMITED.
Using these directives can help prevent any one xinetd service from overwhelming the system, resulting in a denial of service.