jails Idiomatic way of setting NICEness for jails

M

mdyring

Hello,

I have a number of jails which I'd like to run with NICE < 0 to ensure they a prioritised under high load.

The host also runs a couple of bhyve VMs, I can configure these with priority="-1" in vm configure.

I can't find any option to do this for jails. I believe th usual way to go about this is for a service is letting rc.subr handle it with the ${name}_nice global.

I've tried setting this inside the jail for the relevant service, but get a setpriority() permission denied.

This makes sense and I guess I need to configure this outside the jail on the host.

Is there an idiomatic way to handle this? I'd imagine it is a common use case.

Thanks in advance.

Best regards,
Martin
 
Nice is inherited by child processes, so you just have to "nice" the process "booting" your jail. Example from my (poudriere) building jail (in /etc/jail.conf):
Code: 
# build server
builder {
     vnet = new;
[...]
     exec.start="/usr/bin/nice -n 20 /bin/sh /etc/rc";
[...]
}
 
Of course, this is a good solution.

Was scratching my head looking for something like a "nice" or "priority" setting in jail.conf, but this will do... nicely. 👍

Thanks, much appreciated.
 
zirias@ said:
Nice is inherited by child processes, so you just have to "nice" the process "booting" your jail. Example from my (poudriere) building jail (in /etc/jail.conf):
Code: 
# build server
builder {
     vnet = new;
[...]
     exec.start="/usr/bin/nice -n 20 /bin/sh /etc/rc";
[...]
}
Click to expand...
mdyring said:
Of course, this is a good solution.

Was scratching my head looking for something like a "nice" or "priority" setting in jail.conf, but this will do... nicely. 👍

Thanks, much appreciated.
Click to expand...

On further experimentation, this does not work for increasing scheduling priority ("nice -n -20") or using id|rtprio. I guess I am missing something simple?

Code: 
sudo jail -c playground
playground: created
nice: setpriority: Permission denied
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/local/lib/compat/pkg /usr/local/lib/perl5/5.32/mach/CORE
32-bit compatibility ldconfig path: /usr/lib32
[...]

Excerpt from /etc/jail.conf:
Code: 
playground {
    exec.start = "nice -n -1 sh /etc/rc";
    ip4.addr = "10.1.2.2/8";
    persist;
}
 
No, my bad, this is already executed inside the jail, so restrictions apply :oops:

Maybe a workaround would be possible using some "clever" exec.poststart which is executed in the host environment, e.g. something like ps -J <jailname> -o pid | tail -n +2 | xargs -n 1 renice -n -1. Of course, not exactly a "canonical" solution.
 
zirias@ said:
No, my bad, this is already executed inside the jail, so restrictions apply :oops:

Maybe a workaround would be possible using some "clever" exec.poststart which is executed in the host environment, e.g. something like ps -J <jailname> -o pid | tail -n +2 | xargs -n 1 renice -n -1. Of course, not exactly a "canonical" solution.
Click to expand...
I'm wondering if this could be done in exec.prestart, perhaps renice'ing the parent process ID (which presumably will launch the jail). Will see if I can get it working in the coming days.
 
You must log in or register to reply here.
Back
Top