Grouping Applications Inside Container

SLM provides a mechanism of classifying available applications (or processes representing instances of these running applications) inside a Container, uniting them into certain groups, and ensuring a sort of isolation among these groups. Such application grouping allows you to separately control each application group and, if the Container exceeds its memory limit and some application group inside this Container overuses the memory, to reduce the memory consumption only by the corresponding application group rather than to impose memory restrictions on the whole Container and all its applications. For example, this can help you keep the remote SSH connection to your Container in the case of the apache Web server misbehaviour or keep this Web service working if the 'dangerous' application is the sendmail service.

In the current version of Parallels Server Bare Metal, all applications (processes) inside a Container are by default included in one of the following groups:

• ' other ' (also referred to as group 0): this group contains all the processes not included in the ' daemons ', ' httpd ', and ' mysql ' groups. The termination of any process belonging to this group affects certain (usually uncritical) Container functionality only and does not lead to the entire Container DoS (denial of service).
• ' daemons ' (also referred to as group 1): this group includes init , rc , and all system daemons (e.g. sshd ). The ' daemons ' group is the most important one and provides the basis for the Container functioning.
• ' httpd ' (also referred to as group 2): this group includes the apache Web server only. The processes in this group and the ' mysql ' one provide the main workload of any Container.
• ' mysql ' (also referred to as group 3): this group includes the MySQL database server only. The processes in this group and the ' httpd ' one provide the main workload of any Container.

By default, any new process inherits the group from its parent process. For example, all children of the httpd process are placed to the ' httpd ' group whereas all children of the ' mysql ' process are included in the ' mysql ' group. However, the group of a process can be changed during its forking and/or execution on the basis of special SLM pattern rules. The default SLM pattern rules are specified in the /etc/vzslm.d/default.conf file on the server in the table having the following four columns:

• first_column : the name of the process to which the rule is to be applied.
• second_column : a bitwise set of values defining the scheme on the basis of which the process is to be moved to the corresponding group.
• third_column : the group the process belongs to before the rule is applied. The -1 value, if specified, means any group.
• fourth_column : the group where the process will be moved after the rule is applied.

The flags field represents a number containing one or several of the following bitwise values:

Let us take as an example the following rule from the /etc/vzslm.d/default.conf file

"httpd" 0000001c -1 2

and examine what processes are affected by this rule and in what way. The flags in this rule ( 0000001c or |_0_|_0_|_0_|_1_|_1_|_1_|_0_|_0_| in the binary notation) involve checking the name of the process (the fifth bit from the right equals 1 ) and, if this name is httpd , moving the process to the ' httpd' group ( destination_subgroup = 2 ) regardless of the group it originally belongs to ( source_subgroup = -1 ) during the process forking and execution (the third and forth bits from the right equal 1 ).

The following table lists all the rules present in the /etc/vzslm.d/default.conf file:

Note: As all processes (parents) in rules #6 - #11 belong to group 1, the instances these rules can be applied to can only be children (see rule #14 ).

During its life cycle, any process running inside the Container is checked against the available rules in the /etc/vzslm.d/default.conf file from top to bottom and the first matching rule is applied to it. So, if the following 2 rules are present in the default.conf file

"httpd" 0000001c -1 2

"httpd" 00000016 -1 1

the first rule ( " httpd" 0000001c -1 2 ) will be applied to all httpd processes inside all Containers on the server.

You can create your own SLM pattern configuration files with your own rules and apply them to particular Containers on the server. For example, if you want Container 101 to start using a configuration file different from /etc/vzslm.d/default.conf , you can proceed as follows:

1. Create a new file with an arbitrary name and the .conf extension (e.g. by means of vi ) and place it to the /etc/vzslm.d directory on the server.
2. Make Container 101 use the newly created configuration file. Assuming that the configuration file name is light.conf , you can do it by issuing the following command on the server:

   # pctl set 101 --slmpattern light --save

   Saved parameters for Container 101

   Note: If you want to make all Containers on the server use another SLM pattern configuration file, you should specify the name of this file without the .conf extension (e.g. light ) as the value of the SLMPATTERN parameter in the /etc/vz/vz.conf configuration file.