• No results found

Advanced Settings Oct 10, 2011

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Advanced Settings Oct 10, 2011"

Copied!
31
0
0

Loading.... (view fulltext now)

Download now ( 31 Page )

Full text

(1)

Igor Seletskiy

CEO, CloudLinux

Advanced Settings Oct 10, 2011

(2)

• Linux OS based on RHEL source RPMs • Binary compatible with RHEL 5.x/6.x

and CentOS 5.x/6.x

• Made for Shared Hosting Companies • Focus on Stability and Security

• Excellent, free 24/7 support

• Affordable for Companies of any Size

CloudLinux delivered patches for several local exploits days before RHEL and CentOS

(3)

• Lightweight resource limits

– CPU/Concurrent Connection/Memory limits • Transparent to administrator

• Easy to deploy to CentOS/RHEL servers • No need to setup per customer limits

(4)

• One customer usually the cause of majority of downtimes

– Limiting resource usage for a customer his usage spikes will prevent issues for other customers

– Hard & expensive to track

– Takes time to track, which results in downtime for the server.

(5)

• Better stability

• No server slow downs

• No need to suspend customers due to resource abuse

– Simplifies up sell to higher plans / VPS

• Ability to track usage on per customer bases • Less support

• Improved security • Better density

(6)

• We deployed CloudLinux on our shared hosting servers, and we have seen immediate improvement in reliability.

– Ditlev Bredah, CEO UK2 Group

• We deployed CloudLinux on our shared hosting

servers, and we have seen immediate improvement in reliability. Now we want to offer the same solution to our dedicated server customers.

(7)

• Resource Limits

– CPU

– Memory

– Connections

– IO Priorities (limits coming soon)

• Ability to change limits on the fly

• Ability to see current & historic usage • Easy way to pin-point abusers

(8)

• Kernel level technology

– modified CPU scheduler – cgroups/bean counters

• Apache module talks to kernel

– Works with any technology: cgi, mod_php, fcgid, MPT ITK, ruid2, LiteSpeed, etc…

(9)
(10)

/etc/container/ve.cfglvectlubc/proc/lve/list/proc/user_beancounters/etc/sysconfig/lve

(11)

CloudLinux 5.x

• Based on 2.6.18 kernel • UBC – memory limits

disabled by default

• Migration thread per core • Live ncpu change since

lve0.8.42 kernel

• gresecurity TPE patch

CloudLinux 6.x

• Based on 2.6.32

• cgroups – memory limits always enabled

• No migration processes • Live ncpu changes

• No grsecurity TPE patch (yet)

• Performance optimization still in progress

(12)

/etc/sysctl.conf

– fs.proc_can_see_other_uid=1 – fs.proc_user_gid=0

(13)

• Different way to calculate

– 1 per LVE, instead of per process

• # sysctl -w kernel.full_loadavg=1

(14)

• 0 means disabled

• mod_php, LiteSpeed not supported

– Needs to fork to start counting

• Virtual memory vs real memory usage. • What happens when user hits memory

(15)

• Number of cores per LVE

– 1 migration thread per enabled core

(16)

• # lvectl set XX –ncpu 2 –force

(17)

• Smallest limit wins

• 1 core server, ncpu=1, cpu=25% -- true limit = 25% • 2 core server, ncpu=1, cpu=25% -- true limit = 25% • 4 core server, ncpu=1, cpu=25% -- true limit = 25% • 8 core server, ncpu=1, cpu=25% -- true limit ~ 12% • 16 core server, ncpu=1, cpu=25% -- true limit ~6% • 16 core server, ncpu=2, cpu=25% -- true limit ~12% • 16 core server, ncpu=4, cpu=25% -- true limit = 25%

(18)

• No more NCPU

• CPU will automatically adjust NCPU parameter

• --core – specifying speed on per core bases. 50% -- half a core, 150% -- 1.5 cores.

(19)

# lveinfo --from='2010-10-10' --to='2010-10-15' -o cpu_max --display-username

ID aCPU mCPU lCPU aEP mEP lEP MemF MepF

web2 5 10 10 14 25 25 4 342

web1 3 8 10 6 18 25 0 0

ID User or LVE id

aCPU Average CPU usage

mCPU Max CPU usage

lCPU CPU Limit

aEP Average Number of Concurrent Connections

mEP Max Number of Concurrent Connections

lEP Limit on Concurrent Connections

MemF Out Of Memory Faults

(20)

• 508 – Concurrent connections (maxEntryProcs)

• 500 – Either server/script error – or memory limits

• Use lve-stats –by-fault to figure out the issue

• CPU limit will slow down the site, but it will not cause it to fail.

(21)

• physical memory instead of virtual memory

– Processes share memory

– Allocated memory doesn’t mean used memory

– Copy on write

– OOM killer – will kill processes if LVE hits memory limit

(22)

• Number of Processes • CPU Weight

(23)

• lvestats-server binary

• Polls data ever 5 seconds

- Updates /var/lve/info

• Writes to database every minute

– Sqlite db /var/lve/lveinfo.db

– Can write to centralized MySQL/PostgreSQL

• Data is read via lveinfo

(24)

/etc/sysconfig/lvestats

– db_type: postgresql, mysql, (sqlite) – server_id – unique id for the server

• Required DB server

(25)

• Part of lve_wrapper package

• Allows to run anything inside LVE

– # lve_suwrapper 300 service mysql restart

(26)

• Cron

– Vixie-cron

/etc/sysconfig/crond

• LVE_DISABLE • LVE_START_UID

(27)

• session required pam_lve.so 500

/etc/pam.d/sshd

/etc/pam.d/crond

• works on PAM level

When you su/sudo to root from regular user you will still be inside LVE

(28)

• httpd.conf, modhostinglimits.conf • AllowedHandlers

– Support regexp

• Daemon based software:

– mod_fcgid, mod_cgid, other

(29)

• Tries to use all the cores on the server

– fix by limiting the number of threads to the available

processors to 1. This can be done by editing config.xml & policy.xml files

/usr/local/lib/ImageMagick-[version]/config/policy.xml /usr/local/lib/ImageMagick-[version]/config/config.xml Setting:

(30)

# yum install yum-protectbase Edit /etc/yum/pluginconf.d/rhnplugin.conf Add: [cloudlinux-x86_64-server-5] protect = 1 [cloudlinux-base] protect = 1

(31)

You can meet us at booth #4

If you rate my survey, I'll hook you up with $20 cPCache. Go to this address to take

the survey: http://go.cpanel.net/b33, and come up to the podium once you've

References

Download now ( PDF - 31 Page - 1.70 MB )

Related documents

Quaker of Virtue: Herbert Hoover and His Humane Foreign Policy

recognition, collaboration with the League of Nations, elimination of frictions between the United States and Great Britain and the ending of naval competition, the Hoover Debt

WE HAVE MORE ROOM IN OUR FAMILY. INTERESTED?

Using our Balance Transfer Authorization Form found on our VISA ® applications, transfer your high-rate credit card balances to our no-annual-fee, low-fixed-rate VISA ®

Trying to drive more traffic to your event or your business? Our signs and graphics specialists are waiting to speak with you today.

INDOOR BANNER DISPLAY Great for: promotions and sales, point-of- purchase displays, trade shows, employee communications and school events.. Give your message the

The past becomes present. An approach to the problem of aura in the work of Walter Benjamin

Esta forma de considerar el aura, que está presente, como hemos mencionado, en textos como Pequeña Historia de la fotografía o La obra de arte en la época de su

Advanced Mail Server Settings Options for Shared Hosting Clients

Under Outgoing mail (SMTP), check the box next to This server requires a secure connection (SSL) Under Incoming mail (POP3), check the box next to This server requires a

Writing the Proposal for a Qualitative Research Methodology Project

interpretive synthesis of qualitative findings across studies conducted by different conducted by

We Have Obliged And Rescheduled

The majority of airlines will have a contractual obligation to offer you a full refund or provide an alternative flight it they cancel your original flight Get Quote Travel.. The

Have questions..we have answers!

Parents and students will obtain the student’s individual class schedule at orientation and via FOCUS approximately one week prior to the start of school.. During orientation,