On Wed, Mar 02, 2011 at 04:28:46PM +0100, Jiri Denemark wrote:
Hi all,
When libvirt is running on a system with limited number of processes allowed
to be created by the user under which qemu processes are run, we hit
scalability issues.
My take on this issue is that it's in fact a host configuration issue and it
should just be documented that users need to increase the limit if they're
going to run large number of domains or on a large number of VCPUs.
I don't think libvirt should be involved in changing the limit in any way,
especially since it's not possible to change the limit in runtime as doing so
can only affect new processes.
If it were possible to change it on the fly, then I think it could be
valid to suggest it is libvirt's responsibility. Since ulimits can't be
changed for the existing QEMU processes though, the only option is to
change it ahead of time at a host level. The default of 1024 is clearly
faaar to low for modern systems so, IMHO, someone/thing just needs to
place a file at /etc/limits.d/qemu.conf to raise it say to 10,000 which
a modern Linux system can easily cope with.
The original rational for the nproc ulimit is to protect against fork
bombs, but this is really a terrible solution because it applies at the
wrong level. To protect against this properly we would want a limit on
a number of children any single QEMU process can spawn, not a limit on
the number that the QEMU user can spawn. The obvious places for this is
a cgroup tunable, which would mesh nicely with the fact that we put each
QEMU in a dedicated group. Someone has written such a patch before, but
it was never merged AFAICT:
http://lwn.net/Articles/285337/
Regards,
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|