System Resources Enhancements

This section describes all system resources enhancements in the Solaris 10 3/05 release that are new or have been enhanced since the Solaris 9 OS was originally distributed in May 2002. The Solaris 10 OS includes a feature of key importance to Solaris users, the Solaris Zones partitioning technology.

Solaris Zones Software Partitioning Technology

This feature is new in the Solaris Express 2/04 release. In the Solaris Express 7/04 release, new functionality for Zones has been added.

The Solaris Zones software partitioning technology, a component of the Solaris Containers environment, is a software partitioning technology used to virtualize operating system services and provide an isolated and secure environment for running applications. A zone is a virtualized operating system environment created within a single instance of the Solaris Operating System. Zones basically provide the standard Solaris interfaces and application environment, and do not include a new ABI or API that would require applications to be ported.

Each zone can provide a customized set of services. Zones are ideal for environments that consolidate multiple applications on a single server. Resource management features can be used within zones to further control how applications use available system resources.

A zone can be thought of as a box. One or more applications can run in this box without affecting the rest of the system. This isolation prevents processes that are running in one zone from monitoring or interfering with processes that are running in other zones. Even a process with superuser credentials that is running inside a zone cannot view or affect activity in other zones.

The single instance of the Solaris Operating System is the global zone. The global zone is both the default zone for the system and the zone used for system-wide administrative control. One or more non-global zones can be created by an administrator working in the global zone. Once created, these non-global zones can be administered by individual zone administrators. The privileges of a zone administrator are confined to a non-global zone.

Non-global zones provide isolation at almost any level of granularity you require. A zone does not need a dedicated CPU, a physical device, or a portion of physical memory. These resources can either be multiplexed across several zones running within a single domain or system, or allocated on a per-zone basis using the resource management features available in the operating system. Even a small uniprocessor system can support multiple zones running simultaneously.

To achieve process isolation, a process can see or signal only those processes that exist in the same zone.

Basic communication between zones is provided by giving each zone at least one logical network interface. Applications running in different zones on the same system can bind to the same network port by using the distinct IP addresses associated with each zone or by using the wildcard address. An application running in one zone cannot observe the network traffic of another zone. This isolation is maintained even though the respective streams of packets travel through the same physical interface.

Each zone is given a portion of the file system hierarchy. Because each zone is confined to its subtree of the file system hierarchy, a workload running in a particular zone cannot access the on-disk data of another workload running in a different zone.

Files used by naming services reside within a zone's own root file system view. Thus, naming services in different zones are isolated from one other and can be configured differently.

For information about how to configure and use zones on your system, see the System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

System V IPC and Other Resource Controls

The resource controls (rctls) feature is new in the Solaris 9 software. Additional resource controls are new in the Software Express pilot program, and in the Solaris Express 3/04, 8/04, and 10/04 releases.

New project-based and new process-based resource controls have been added. Resource controls provide a mechanism for controlling how applications use system resources.

In the Software Express pilot program, the following resource controls were added. These resource controls affect the System V IPC (interprocess communication) facilities, which include shared memory, message queues, and semaphores.

• project.max-shm-ids

• project.max-sem-ids

• project.max-msg-ids

• project.max-shm-memory

• process.max-sem-nsems

• process.max-sem-ops

• process.max-msg-qbytes

See System V IPC Configuration for more information.

In the Solaris Express 3/04 release, the following event port resource controls were added:

• project.max-device-locked-memory

• project.max-port-ids

• process.max-port-events

In the Solaris Express 8/04 release, the following new resource controls have been added:

• project.max-lwps

• project.max-tasks

In the Solaris Express 10/04 release, the project.max-contracts resource control was added.

In the Solaris Express 11/04 release, the process.max-crypto-memory cryptographic resource control was added.

Information about resource controls is provided in Chapter 6, “Resource Controls (Overview),” in the System Administration Guide: Solaris Containers-Resource Management and Solaris Zones. This chapter includes the following:

• A current list of available resource controls

• A general description of resource controls

• Resource control configuration information

Information about configuring resource controls is also available in the project(4) man page.

New Solaris Project and Resource Management Command Functionality

This feature is new in the Solaris Express 7/04 release.

Enhancements to project database and resource control commands that are new in the Solaris Express 7/04 release include the following:

• Scaled value and unit modifier support for resource control values and commands

• Improved validation and easier manipulation of the project attributes field

  See the project(4) man page.

• Revised output format and new options for the prctl and projects commands

  See the prctl(1) and projects(1) man pages.

For information about the changes introduced, see the following chapters in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones:

• Chapter 2, “Projects and Tasks (Overview)”

• Chapter 3, “Administering Projects and Tasks”

• Chapter 6, “Resource Controls (Overview)”

• Chapter 7, “Administering Resource Controls (Tasks)”

Note that information about setting the user's default project through the useradd, usermod, and passmgmt commands has been updated in the guide. These commands are documented in the useradd(1M), usermod(1M), and passmgmt(1M) man pages.

See also the following man pages:

• prctl(1)

• projects(1)

• projadd(1M)

• projdel(1M)

• projmod(1M)

• rctladm(1M)

• setrctl(2)

• rctlblk_set_value(3C)

• setproject(3PROJECT)

• project(4)

Dynamic Resource Pools

This feature is new in the Solaris Express 1/04 release.

Dynamic resource pools (DRPs) provide a mechanism for adjusting each pool's resource allocation in response to system events and application load changes on systems that have resource pools enabled. Adjustments are automatically made to maintain the system performance goals specified by an administrator. Changes that are made to the configuration are logged.

These features are primarily enacted through the resource controller poold, a system daemon that is active when dynamic resource allocation is required. Periodically, poold examines the load on the system and determines whether intervention is required to enable the system to maintain the specified resource utilization goals. The daemon takes corrective action if possible, or the condition is logged.

For further information, see the following chapters in the System Administration Guide: Solaris Containers-Resource Management and Solaris Zones:

• Chapter 12, “Dynamic Resource Pools (Overview)”

• Chapter 13, “Administering Dynamic Resource Pools (Tasks)”

• Chapter 14, “Resource Management Configuration Example”

See also the following man pages:

• pooladm(1M)

• poolbind(1M)

• poolcfg(1M)

• poold(1M)

• poolstat(1M)

• libpool(3LIB)

Extended Accounting Subsystem Enhancements

Extended accounting is new when the Solaris 9 Operating System was originally distributed in May 2002. The Software Express pilot program introduced flow accounting enhancements and a Perl interface. These enhancements are included in the Solaris 10 3/05 release.

---

Note –

For Solaris 9 users, flow accounting enhancements are new in the Solaris 9 9/02 release. The Perl interface is new in the Solaris 9 4/03 release.

---

You can use extended accounting processes in conjunction with the flow accounting module for IPQoS. For information about IPQoS, see Part VII, “IP Quality of Service (IPQoS),” in the System Administration Guide: IP Services.

For information about the extended accounting feature, see Chapter 5, “Administering Extended Accounting (Tasks),” in the System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

A Perl interface to libexacct is available in the Software Express releases. This interface enables you to create Perl scripts that can read the accounting files which are produced by the exacct framework. You can also create Perl scripts that write exacct files. The new interface is functionally equivalent to the underlying C API.

You can use the Perl interface to record system resource consumption on a task or process basis. Or, you can record consumption on the basis of selectors provided by the IPQoS flowacct module.

For further information, see the following man pages:

• Exacct(3PERL)

• Exacct::Catalog(3PERL)

• Exacct::File(3PERL)

• Exacct::Object(3PERL)

• Exacct::Object::Group(3PERL)

• Exacct::Object::Item(3PERL)

• Kstat(3PERL)

• Project(3PERL)

• Task(3PERL)

For information on how to configure and use extended accounting with enhancements described in this section, see Chapter 4, “Extended Accounting (Overview),” in the System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

Physical Memory Control Using the Resource Capping Daemon

This feature is new in the Software Express pilot program and in the Solaris 9 12/03 release. This feature is included in the Solaris 10 3/05 release.

Physical memory control that uses the resource capping daemon is an optional feature. The resource capping daemon rcapd regulates the consumption of physical memory by processes that run in projects that have defined resource caps. Associated utilities provide mechanisms for administering the daemon and reporting related statistics.

For additional information, see Chapter 10, “Physical Memory Control Using the Resource Capping Daemon (Overview),” in the System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

See also the man pages rcapstat(1), rcapadm(1M), project(4), and rcapd(1M).