limits.conf or limits.d

Sometimes you're hitting the limits of the operating system but you're not sure if your changes in limits.conf are picked up, or you are not sure what parameter may be hitting a limit...

Then you find plenty of information in /proc/$pid/limits!

# cat /proc/$(pidof java)/limits
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            10485760             unlimited            bytes     
Max core file size        0                    unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             1024                 unlimited            processes 
Max open files            32768                32768                files     
Max locked memory         65536                65536                bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       15904                15904                signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us        

/etc/security/limits.d/90-nproc.conf limits nproc to 1024 to prevent fork bombs for all users.  You may need to override it for specific users or groups for high-capacity servers.

System V init template

Sometimes you just need a quick and simple custom System V init script template to be able to start/stop daemons during boot/reboot.

This init template uses the RHEL/CentOS symantics/functions and works on RHEL/CentOS 6.x

#!/bin/sh
#
# myApp Starts/stop the myApp daemon
#
# chkconfig:   345 55 25
# description: myApp description

### BEGIN INIT INFO
# Provides: myApp
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start: 345
# Default-Stop: 016
# Short-Description: Starts/stop the myApp daemon
# Description:      myApp description
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

exec=/path/to/myapp
prog="myapp"
OPTS=""
config=/etc/sysconfig/$prog

[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog

lockfile=/var/lock/subsys/$prog

start() {
    [ -x $exec ] || exit 5
    echo -n $"Starting $prog: "
    daemon $exec $OPTS
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
}

stop() {
    echo -n $"Stopping $prog: "
    if [ -n "`pidofproc $exec`" ] ; then
        killproc $exec
    else
        failure $"Stopping $prog"
    fi
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
}

restart() {
    stop
    start
}

reload() {
    restart
}

force_reload() {
    restart
}

rh_status() {
    # run checks to determine if the service is running or use generic status
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}


case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
        restart
        ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
        exit 2
esac
exit $?

Sanlock patch accepted

My sanlock patch has been accepted by the libvirt maintainers today.  It will be included in libvirt 0.10.0.  It fixes the problem where all sanlock resources are released when hot-dettaching a disk from a qemu/kvm domain, leaving the other (disk) resources unlocked/unprotected.

Meanwhile, this is a situation that can be recovered from through the sanlock client by re-registering the assigned disks, or by avoiding the problem altogether by applying the patch.

Open vSwitch bandwidth throttling

Bandwidth throttling is pretty easy with Open vSwitch for outgoing (ingress) traffic.  Configure the ingress policy on the port interface for the specific virtual machine.  To limit outgoing bandwidth to 100Mbit/s:

# ovs-vsctl set Interface vnet0 ingress_policing_rate=100000

# ovs-vsctl set Interface vnet0 ingress_policing_burst=10000

The config can be tested with iperf by running the client on the VM, like:

 # iperf -d -i 10 -c <destserver> -t 60  
 [ 3] 0.0-10.0 sec 124 MBytes 104 Mbits/sec  
 [ 3] 10.0-20.0 sec 118 MBytes 99.1 Mbits/sec  
 [ 3] 20.0-30.0 sec 116 MBytes 97.1 Mbits/sec  
 [ 3] 30.0-40.0 sec 117 MBytes 98.1 Mbits/sec  
 [ 3] 40.0-50.0 sec 116 MBytes 97.7 Mbits/sec  
 [ 3] 50.0-60.0 sec 118 MBytes 99.2 Mbits/sec  
 [ 3] 0.0-60.2 sec 710 MBytes 98.9 Mbits/sec  

To reset the bandwidth to full speed:

# ovs-vsctl set Interface vnet0 ingress_policing_rate=0