Proxmox OpenVZ SWAP and Performance

Proxmox OpenVZ SWAP and Performance

Get Social!

openvz-logo-150px_new_3 I have been having trouble with a Proxmox node which is only running OpenVZ containers however it is at the upper limit of its RAM resources. Over time, I noticed that Proxmox used SWAP (virtual memory, page file, etc), quite aggressively, to make sure there was always some RAM free. That sounds fantastic, and is just what I would expect the Proxmox server to be doing, except it does it all too well. Proxmox made sure that around 40% of the RAM on the host machine was free at the expense of moving many running processes across all the running containers to SWAP. This is how Linux works, by design, and is expected behaviour. Running processes which have memory which hasn’t been touched in a while have their memory moved to SWAP. This allows other applications which need the memory right now to use it and anything left over can be used as cache by the kernel. When a process with memory in SWAP needs to use that memory, it needs to be read from SWAP and back into memory so that it can be used. There is a huge overhead with this process and will often be noticed when you use a container which has not been used in a while – at the start everything will be slow until all the required memory items have been read from SWAP and put back into RAM. To help with this situation we can do two things:

  • Make sure SWAP is always on a fast disk with plenty of free IO bandwidth. On a small installation, this should not be on the same disk as your container file systems. SSDs can also bring a huge performance benefit over conventional mechanical drives.
  • Reduce the amount of RAM which Proxmox keeps free by making the algorithm which moves memory to SWAP less aggressive.

Move SWAP to fast storage

Generally, and when installing Proxmox for the first time a SWAP partition will be created on your hard disk. By default, this will be the same partition as your Proxmox operating system and your container storage. On a slow mechanical disk, this will result in far too much IO concurrency – that is different processes trying to read or write to a disk at the same time – which will massively affect server performance. One thing we can move to another disk is system wide swap.

You can either use a new file, disk, partition or block device for your new swap location. You will then need to turn your old SWAP device off to stop it from being used. Use the below examples to move your SWAP device.

See this post for a quick script to automatically create a SWAP file.

Make a new SWAP device as a file

Create a file on your file system and enable it to be used as a SWAP device. The below example uses the mount /mnt/swapdrive and the file swapfile to use as your new swap device with a size of 4096 MB.

dd if=/dev/zero of=/mnt/swapdrive/swapfile bs=1M count=4096

You will then need to format the file as SWAP with the below command.

mkswap /mnt/swapdrive/swapfile

Make a new SWAP device as a partition

Use the below command to use a drive partition as your new SWAP device. The below example uses /dev/sdc3 as your SWAP partition. You must have precreated this partition for it to be available.

mkswap /dev/sdc3
swapon /dev/sdc3

Turn a new SWAP device on

Once you have a new SWAP device created, either a file or a disk or partition you will need to enable it. Use the swapon command. The below shows an example of a file and disk partition command:

swapon /mnt/swapdrive/swapfile
swapon /dev/sdc3

Turn off the old SWAP device

To turn off the old SWAP device, first identify it using swapon -s.

swapon -s

Then, use the swapoff command to turn the device off. The below example is the default Proxmox SWAP device location.

swapoff /dev/mapper/pve-swap

Clear SWAP space without rebooting

You can clear your SWAP memory by turning the system wide SWAP memory off and then back on again. Run the below commands to turn off your system wide SWAP space forcing all the SWAP to be read back into RAM. You must have enough RAM for available on your system for this to work correctly. Once this has completed, run the second command to turn SWAP back on again. You can also use this to make your SWAP memory changes take effect.

swapoff -a 
swapon -a

Make the SWAP file persist after rebooting

To make sure your SWAP file is mounted the next time your machine reboots you’ll need to add an entry to the fstab file.

Open the fstab file with your text editor:

vi /etc/fstab

And add a line, similar to the below making sure the first attribute is the location of your newly created SWAP file.

/mnt/swapdrive/swapfile  swap  swap  defaults  0  0

Change the ‘swapiness’ setting

To change how aggressively Proxmox, or other Linux distribution, moves process memory to SWAP we have a swapiness attribute. The swapiness setting is a kernel setting which is permanently set in the /etc/sysctl.conf file, or temporarily using sysctl.

The swapiness setting takes a value between 0 and 100. Using 0 will virtually turn off using SWAP, except to avoid an out of memory exception (oom). Using a value of 100 will cause the system to use SWAP as often as possible and will likely degrade system performance servilely. A value of 60 is the default for Proxmox.

Change the swapiness value for the current boot

To change your swapiness value for the current boot, use the below command. The value will be reset after rebooting. The following example will set the swapiness value to 20.

sysctl -w vm.swappiness=20

Permanently change the swapiness value

Use the below command to permanently change your swapiness value. Note that this will not affect the current boot.

vi  /etc/sysctl.conf

And add the following to give a swapiness of 20

vm.swappiness=20

iptables in a Ubuntu OpenVZ container

Get Social!

proxmox logo gradIf you need a software firewall to shield containers on a Proxmox stack, you should always use a firewall on the host to decide what traffic is allowed for each container. This brings some obvious benefits such as it’s centrally managed – one configuration location for all containers on the node, and security as a compromised container cannot change firewall settings.

However, in Proxmox 3.0+ you can use iptables in a container which also has it’s own benefits under certain circumstances. For example, you can test firewall rules for a new development container without risking other containers on the same host, and you don’t need to give people access to the host to modify the rules.

I have tried iptables using a Ubuntu 12.04 container template. It works as expected but requires some setup on both the guest container and the Proxmox host.

Setup

Proxmox – steps to perform on the Proxmox host

You will need to enable containers access to the required kernel modules. To do this, edit the vz config file:

vi /etc/vz/vz.conf

And edit the IPTABLES= line as below.

IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"

Make sure the required modules are loaded by running the following in a console window as root:

modprobe xt_state
modprobe xt_tcpudp
modprobe ip_conntrack

 Container – steps to perform in the Ubuntu container

First, you need a console window in the host. Either use the GUI console window or use vzctl enter [VMID] to login to the container.

Install iptables using apt-get.

apt-get install iptables

Any changes you make to iptables, such as adding new rules, will be lost each time the service is restarted. This is obviously not ideal as all the rules will be lost every time the container reboots. To get round this we need to add a script to save the rules each time the network interface goes down, and one to load the rules when the interface starts up.

Create an iptables script to run when the network is started:

vi /etc/network/if-pre-up.d/iptables

And add the below script to load the rules into iptables:

#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0

And when the network goes down:

vi /etc/network/if-post-down.d/iptables

To save the rules:

#!/bin/sh
iptables-save -c > /etc/iptables.rules
exit 0

After your network is restarted, the current rules will be saved to /etc/iptables.rules. To add new rules, you can edit this file directly and load the settings or you can use the iptables commands to create the rules you require. More about that in my iptables cheat sheet.


Proxmox 3.0 RC2 is now available!

Get Social!

Proxmox 3.0 RC2 has been released for download. Whilst is is not supported or recommended for production, it’s a good idea to get to grips with the new features and feed any bugs back to the Proxmox team.

You can download the ISO from http://www.proxmox.com/downloads/proxmox-ve/17-iso-images

Highlights of the 3.0 release:

  • Based on Debian 7.0 (Wheezy)
  • new VM clone feature
  • new event driven API server (pveproxy)
    • completely replace apache2
    • efficient support for HTTP keep-alive
  • support bootlogd (boot log can be viewed on the GUI)
  • update qemu-kvm to 1.4.1

For more information, check out the forum thread: http://forum.proxmox.com/threads/13815-Proxmox-VE-3-0-RC2-released!

 


How to make a new OpenVZ template from an existing template for Proxmox

Get Social!

openvz-logo-150px_new_3The kind folks over at OpenVZ.org have created a rift of templates which we can use as a starting point for our template. It is possible however, to create your own template from scratch based on your favorite Linux distribution – that will be coming in a later blog post.

The starting point for this blog post is to have downloaded a template and started it up in a container. If you don’t have any templates you can download one from OpenVZ. If you use Proxmox as your hypervisor you can download one via the web gui by clicking on your storage, clicking and finally Templates.

So, as I say, you need to have a container up and running and for this post we are going to assume it is running under the VMID of 100. Make any required changes to the template such as:

  • apt-get update && apt-get upgrade (for Debian based containers).
  • yum update (for anything RedHat).

When you are ready to create the template, turn of the container by using the GUI’s Shutdown button or issuing the command halt in the containers terminal.

The next thing to do is to remove the network interface. It doesn’t matter if you use veth or venet – just use the web gui and remove the network device. Proxmox container network remove

Once this is complete, login via SSH to the Proxmox server and cd to the root directory of the container. If you have the default setup, this will be /var/lib/vz/private/100.

ssh root@proxmoxserver
cd /var/lib/vz/private/100

Issue the tar command to create the template archive (remember to keep the . on the end, it’s important!). You can change the container template name to anything you like, but I have found it best to conform to the following formula:

operatingsystem-version-archtype-description.tar.gz

tar -cvzpf /var/lib/vz/template/cache/oracle-6-x86_64-intitial.tar.gz .

That’s it! You can now select the container when creating a template from either the GUI or using CLI commands.

I have made a patch for the Proxmox web GUI to add this functionality to the the interface. See my GUI changes blog post for more information.


Proxmox VE 1.x is now End of Life (EoL)

Get Social!

proxmox_logoVersion 1.x of Proxmox VE is now end of life. This means that Proxmox will no longer be supported, bugs will not be fixed and security fixes will not be released. You will still receive the standard rift of Debian 6 patches and updates from the Debian repositories.

If you are still on version 1.x of Proxmox VE you should upgrade to Proxmox 2.2 as soon as possible. See the official Proxmox wiki on upgrading.

http://pve.proxmox.com/wiki/Upgrade_from_1.9_to_2.0

See our blog post on installing Proxmox 2 – Yes, I know it’s version 2.1 but, the steps are the same for Proxmox 2.2.


More Proxmox 2.2 updates available!

Category : Tech News

Get Social!

proxmox_logoThere are several updates in the Proxmox 2.2 repository available for download. This update introduces updates to software used by Proxmox, such as QEMU 1.3, and many bug fixes.

See the Proxmox Forum post for more details of the update.

For any 2.x version of Proxmox, you can update via apt-get by using the below commands in a terminal. Before updating, make sure all your VM’s have been stopped. Run the below commands on each server in your cluster.

apt-get update
apt-get dist-upgrade

Restart all Proxmox servers to complete the installation.


Visit our advertisers

Quick Poll

Which type of virtualisation do you use?
  • Add your answer

Visit our advertisers