Menno Lageman wrote:
Jeff Victor wrote:
Here we have a difficult non-technical decision to make. Which is
'better':
1) No "out-of-the-box" controls - the current situation. The
unsuspecting zone creator will unwittingly allow DoS attacks by zones
until it becomes clear that RM controls should be used, either through
education or a negative experience. Possible solutions to this include
A) One "enable-RM" knob which applies defaults that can be overridden
B) Templates that have default RM controls
C) Others
2) Out-of-the-box controls: all zones have default RM controls unless
the creator overrides those controls. These values would be generous
enough to prevent DoS attacks and the effects of very badly written
software, but not affect most workloads, as Mads suggests. Templates
could also be added to enable simple RM tuning.
On the premise that we're trying to give the regular[1] Zones user a
good, default RM setup, I'd vote for option 2 ('safe' OOB controls).
Experienced users that have more insight into what good values for their
zones should be, can override these defaults if needed. Which of course
leads to the question what the default out-of-the-box values should be.
This might be the hardest part.
I think that an appropriate fraction of the resource which exists at zone-boot
time is a good start. Agreeing to a specific fraction will, undoubtedly,
involve a great deal of arm-wrestling among us... ;-)
Menno
[1] someone who has no in-depth knowledge of/experience with Zones and
Resource Management and "just" needs a zone to run his applications in.
--------------------------------------------------------------------------
Jeff VICTOR Sun Microsystems jeff.victor @ sun.com
OS Ambassador Sr. Technical Specialist
Solaris 10 Zones FAQ: http://www.opensolaris.org/os/community/zones/faq
--------------------------------------------------------------------------
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
