What is rctl
In FreeBSD, in addition to login.conf, we also get a very nice and
flexible mechanism for setting resource limits: rctl.
I like it in particular for limiting resources allocated to each jail.
Configuration
Here is a short example:
jail:example_jail:vmemoryuse:deny=2G/jail
jail:example_jail:maxproc:deny=200/jail
jail:example_jail:readiops:throttle=500/jail
jail:example_jail:pcpu:deny=70/jail
In the above, for the jail identified by example_jail we allow:
- 2G of memory,
- 200 processes,
- 500 I/O read operations per second,
- 70% of CPU.
Enabling rctl on boot
Actually, there is no need to enable anything in rc.conf –
this is what you can find in /etc/defaults/rc.conf:
rctl_enable="YES" # Load rctl(8) rules on boot
rctl_rules="/etc/rctl.conf" # rctl(8) ruleset. See rctl.conf(5).
It is sufficent to simply create /etc/rctl.conf and the limits
will be set on system boot.
However, we need to edit /boot/loader.conf to add:
kern.racct.enable="1"
and then reboot the system.
rctl
rctl(without any switches) – prints the current set of rulesrctl -r :– clears all the rulesrctl -u jail:example_jail– prints the resource utilisation forexample_jail