The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Application Resource Limits In Cloudlinux

Discussion in 'CloudLinux' started by NixTree, Jan 13, 2012.

  1. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    386
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Hello,

    I have recently noticed ( yes..silly me :) ) this term in CloudLinux website "Application Resource Limits"!

    I still wonder what does this "exactly" means...is it possible to limit resources per application under a user? That is, suppose Joomla, Drupal, Wordpress - if these applications are installed under user A; can I limit resources per application for user A? If possible, please let me know how to do this! ( I still wonder how to do this, with my limited knowledge in LVE ).

    PS: I think I found the answer at http://www.cloudlinux.com/docs/mod_hostinglimits_lve.php - that is using LVEId directive. Pleaes let me know, if there is any exceptions!

    Thank you,
    Nibin.
     
    #1 NixTree, Jan 13, 2012
    Last edited: Jan 13, 2012
  2. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    It is very simple.

    After Cloud Linux is installed, every cpanel account on the server is given their own "LVE". (Light-weight Virtual Environment)

    Note: This has *nothing* to do with a virtual private server or VPS.

    So each LVE (cpanel user) is then assigned a limit to the amount of cpu they can consume, the amount of memory they can reach, and the number of "entry processes" (essentially concurrent number of processes) that they can have.

    If any of those limits are reached by the LVE (cpanel user), then limiting starts to occur. In thise way, no website or process that is running as a cpanel user can exceed their specified limit.

    You can assign different LVE (cpanel user) limits to each LVE (cpanel user). So if you have a special user who you want to have no limits on the server, then you would simply assign a 100% maximum cpu usage, 100% maximum memory limit, and a huge number of entry processes limit.

    The idea behind Cloud Linux is that if you have a few users who periodically use "too much" usage of the server for some reason... then Cloud Linux will automatically limit them, so they won't effect the server's other customers.

    It's very simple, and works very well.

    It is not the "answer to everything", because it is not designed to be so. For example, you can't (currently, although this feature is in beta now) limit mysql usage that is associated with a specific user. You can't limit their email usage, and you can't limit their usage of FTP or POP3, etc.

    (And honestly, I don't have any problem with that, since the vast majority of reasons we have high load on our servers, is because of webpages which run as the user... and this is something that Cloud Linux does control, and does it exactly as desired.)

    I hope that helps?

    My best suggestion is to try it out. You'll probably be surprised how effective it really is. We had a lot of doubt before we tried it, but we were desperate to try and get the constant high-load causing users on our servers under control without having to always suspend their accounts and have load go high first.

    And cloud linux worked perfectly. There are a handful of customers on each server who hit their limits, and cloud linux causes them to have NO effect on any other websites/email or software running on the server for other customers. Load stays nice and stable.

    :)

    So in summary.. no cloud linux is not "perfect" and can't do everything. However, it does everything it is designed to do very well.
     
  3. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    You said "If any of those limits are reached by the LVE (cpanel user), then limiting starts to occur. In thise way, no website or process that is running as a cpanel user can exceed their specified limit."

    And actually no, this was replied already here. That was what I asked actually, and the answer confirmed it only does this for apache process, and you even need to compile with LVE to work. So it only monitors Web process, not actually cPanel account process like you said. Its a plug to the Apache, not to cPanel. And this why it works the same with Plesk and other control panels as well. It has nothing to do with cPanel process actually. Just web process.

    And there many, many things which a user can do which are not related to web process. Postgresql, MySQL, Tomcat, Emails, Cron jobs, etc.
     
  4. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    And again, I say that cloud linux does not claim to be the server admin replacement. It is not designed to do what you (and I) want and think it should do.

    But it does do what it advertises very well, and it is very effective. It will limit every cpanel account's webpages (including called from cron, etc.) according to whatever limits you specify.

    It will not touch email or mysql or ftp, although they do have a mysql limiting system but I have not tried it.

    As for tomcat, I suppose it depends on how the tomcat threads are started. We don't run it on our servers, so I'm not sure.

    Why not go to cloud linux forums and ask your specific questions there? Igor (cloud linux developer) is very willing to answer anything you have. (cpanel is just a reseller of the cloud linux software, so if you have questions about it... then you are best to go directly to the source. The cloud linux website is going to be much more useful to you then the cpanel forums here.
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Would everyone like the 3 different CloudLinux threads that appear to be about similar questions and similar discussions merged? I am asking this as it is actually easier to have this all in one long-running thread versus multiple concurrent discussions on very similar topics.

    Also, I have to again correct this as I did in one of the other threads:

    Crons are limited and MySQL is limited if using MySQL governor addon. I've noted it twice in that other thread:

    http://forums.cpanel.net/f391/can-someone-answer-me-please-255732.html#post1064481
    http://forums.cpanel.net/f391/can-someone-answer-me-please-255732.html#post1075921
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I think that might make it a bit messy, TBH. Comments were made concurrently to them and merging will probably place them out of order a bit too much to make any more sense of.
     
  7. Brian

    Brian Well-Known Member

    Joined:
    Dec 1, 2010
    Messages:
    117
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    The above is incorrect.

    The above is dead on 100% correct.

    ---

    I apologize if there's been any prior confusion to this, but electric seems to have a solid grasp on how CloudLinux functions.

    ANY process, regardless of how it has been spawned (whether through Apache or otherwise) will contribute towards and be subject to CloudLinux limits as long as the process is owned by a cPanel user.

    The purpose of mod_hostinglimits.so is that it permits CloudLinux to additionally consider the usage of Apache spawned processes (regardless if those processes aren't being run as the user, such as when DSO/CGI is in use). Additionally, mod_hostinglimits.so permits the friendlier "temporarily unavailable" page when a user is at their limit as opposed to what would frequently be an internal server 500 page instead.

    However, you could unload mod_hostinglimits.so from Apache entirely and still have it limit CGI/PHP processes as long as you were using SuExec and suPHP/FCGI respectively. This is because with those handlers the processes would be spawned as the user anyway and thus be subject to CloudLinux limitations. You just would get internal 500 server errors when bouncing off the limit since Apache wouldn't understand what's going on beyond that the process it tried to spawn wasn't able to run.

    I just want to really clarify that CloudLinux is not limited to "Apache/web processes only". This is not true.

    So, circling back, literally every process owned by a cPanel user contributes towards its usage and thus is affected by CloudLinux limits set for that user (LVE). This includes crons, processes started manually via shell, and any other daemon that forks processes as the cPanel user or runs processes as the cPanel user.

    This list is admittedly very small, but a "ps aux | grep cpuserhere" will give you a good idea of what would be subject to CloudLinux limits for that user.

    Some examples of what is and is not subject to CloudLinux/LVE limits:
    • MySQL queries run as 'mysql' and not the user, therefore they are not inherently limited. MySQL Governor exists to address this.
    • Tomcat requests run as 'tomcat' and not the user, therefore they are not inherently limited. However, if accessing the Tomcat page through Apache (via mod_jk) the Apache portion of the request would be subject to LVE limits.
    • Mongrel (the daemon used to serve Ruby on Rails requests) runs as the cPanel user and therefore is subject to LVE limits
    • Crons run as the cPanel user and therefore are subject to LVE limits
    • imap/pop requests are served as the cPanel user and therefore are subject to LVE limits

    So on and so forth. Basically, everything electric has stated is absolutely correct.

    I concur that CloudLinux becomes more useful the more it brings additional aspects under its scope of resources it can limit. MySQL Governor is a recent addition and good example of exactly that. Obviously I don't know what is and isn't being planned (or reasonably able to be supported) by CloudLinux. You'd have to speak to CloudLinux employees directly and request that information. I certainly encourage posting to CloudLinux's forums or contacting them directly to voice your desire for further limiting of specific resources/daemons/etc.
     
  8. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    Thanks cPanelBrianO. You should copy your post to the top of this forum and make it a sticky with the title of, "What does Cloud Linux actually limit?" or something like that.

    This will help avoid any future confusion.
     
  9. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    WHAT? Yes, I mean what? Are you 100% sure about what you are saying? Im actually glad to read this because this is what I have asked for weeks now. And cPanel confirmed otherwise and not even the owner of Cloud Linux could confirm what you are saying.

    I asked exactly if this is was the case, even with examples, if it would run for all cPanel processes forked, regardless of what process it was, and nobody could confirm this, and this is why I assumed it only does this for Apache and cron. Now you are trowing me completely off the wall and telling me exactly the opposite and if this is true I want to use Cloud Linux, not only that but you confirmed a way to impose a direct error 500 instead of slowing the process down. If I understood that part correctly.

    I have asked this here:
    http://forums.cpanel.net/f391/can-someone-answer-me-please-255732.html

    And with more detail here:
    http://forums.cpanel.net/f391/cpanel-future-cloud-linux-255742.html

    Where Igor from Cloud Linux actually jumps in. Now how can it be that you know more about it that the developers and you even contradict what someone else from cPanel said in my first topic "255732". I don't say its not true but please, you guys are confusing me more and more. I want your answer to be the correct one because that is what I was asking all the time and nobody would confirm it. It was more confirmed what I asked, if it would only work for apache and not for other process like email.

    I was even told it will not work for things you said it does work, like email. So please can you jump into those topics or someone can officially confirm this or deny it?

    What you are saying is that it will work with any process created as a cPanel user, regardless of what it is? This means the LVE doent mean if its apache, or email, or what ever, if its created by the cPanel user it will be imposed and regulated by the limits of the LVE?
     
  10. Brian

    Brian Well-Known Member

    Joined:
    Dec 1, 2010
    Messages:
    117
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    What? I'm not sure where you got that implication from my post. I was simply stating that mod_hostinglimits.so, when it realizes a limit has been hit, produces a friendlier "error page" as opposed to what Apache would display otherwise (500 internal server error) when it ran into LVE limits. Apache cannot "trump" the LVE limits that get enforced and change how the enforcement occurs. So, it doesn't matter what kind of page you return to the user in terms of if limiting occurs and how it occurs (mod_hosting_limits.so being present *would* affect if DSO/CGI configurations results in user pages contributing towards the limit, though.

    I've read through what Igor has written, and I don't find anything that contradicts what I wrote in my prior response. He's simply explaining the concept, intention, and design implementation of CloudLinux as a whole. That is not what is being covered in this thread. I would certainly yield to whatever Igor has stated if I've indeed said something to contradict what he's said. Could you post the part(s) of his replies that contradict mine?

    Similarly, I can't really find anything that cPanelTristan has said that contradicts what I've posted either. The explanations/answers given were simply tailored to your questions about Apache and crons specifically. I, however, simply elaborated further beyond that.

    However, I do see where you could see some confusion in regards to email from cPanelTristan's response. Admittedly, CloudLinux affecting email is a "kind of yes" and "kind of no" response. As I've stated, any process running as the cPanel user will be subject to CloudLinux/LVE limits. Therefore, any such dovecot/courier processes that run *as* that user will be limited by CloudLinux. However, the actual use of Horde, Squirrelmail, Roundcube, etc. run as their respective webmail user (cpanelhorde, cpanelroundcube, etc.) and are NOT subject to those limits. Some email related items are subject to limits, some aren't. It's not necessarily clear to say "email" is limited or not limited. You have to break it down to the particular service/function you're curious about.

    "Created by" would be inaccurate, as some daemons use setuid/setgid or fork processes as another user. It would be accurate, however, to say "any processes that are currently running as the cPanel user". Then, there are the added functions like mod_hostinglimits.so and MySQL Governor that *do* permit some processes not run as the cPanel user to contribute towards the limit.
     
  11. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    How about if you say it like this:

    1. Login as root using ssh.
    2. Run "top".
    3. Any process you see running as a cpanel user is subjected to the cloud linux LVE. This could be php, mail, cronjob, sh, or whatever. If it says "cpanelusername" in the USER column, then it is included in cpanelusername's LVE limits.


    Would you say that is accurate?
     
  12. iseletsk

    iseletsk Well-Known Member

    Joined:
    Mar 3, 2010
    Messages:
    163
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Princeton, New Jersey, United States
    What gets limited and how:
    By default:
    * Anything that runs through Apache, with UID > 100, matching AllowedHandler (see modhostinglimits.conf) -- which basically php, cgi, but not static files -- requires mod_hostinglimits
    * All the cronjonbs
    * Anything that is being executed via suexec (more exactly via apr function that calls suexec) -- requires mod_hostinglimits
    This includes mod_fcgid, mod_cgid. It doesn't include mod_fastcgi (that pretty much no one runs now)

    If you install pam_lve or cagefs -- SSH is also inside LVE.

    Mail is never restricted.
    RoR is not restricted by default, requires tiny patch to cPanel: cPanel & RoR inside LVE (we hope to propagate it to cPanel soon)
    I am pretty sure same is true about tomcat.
    Anything that is being executed as user by cpserv server is not limited by default. Anything that is executed by apache is.

    One more note: If you have cagefs, but no mod_hostinglimits -- it will still put all the processes executed by apache inside LVE -- it it will not enforce max entry processes limit. You should still run with mod_hostinglimits enabled.

    How things are limited:
    * If user hits max entry processes limits -- we display 508 Resource Limits Reached
    * If user hits CPU limit -- site will be slow. This often causes surge in connections, hitting max entry processes and 508 error..
    * If memory limits reached -- results are somewhat unpredictable, you can get 500 or 503 error, or you can get just part of the page not being rendered, or mail not being sent (due to sendmail failing)
    The only real way to pick up the reason is to run lveinfo --by-fault=mem (or do the same via WHM)
    We are working on that -- to make sure we provide similar message as with max entry processes, and we will be able to do it for suPHP/mod_php -- but I am not sure about mod_fcgid.
     
  13. Brian

    Brian Well-Known Member

    Joined:
    Dec 1, 2010
    Messages:
    117
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Ah hah! Excellent, Igor. Thank you for that information. It looks like I was incorrect on some of my assessments. Igor's post should clarify everything that was asked in this thread, though. I appreciate it.
     
  14. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Igor, is there a way to show a page error instead of slowing the website slow down when user reaches the CPU limit? 500, 503 or any other? It seems that the LVE knows when a user reaches the CPU limit and just puts the process on waiting, which could cause it slow down. If it actually knows the limit is reached it could also have the option to kill it and show directly a server error.

    I really would love that feature and use it instead of slowing it down, and I know on other hosting communities Cloud Linux opposer attacked this as well, most decent providers don´t want to be mixed in the same bag with the ones where people have slow websites because of heavy loaded servers or small bandwidth pipes.

    Getting a slow website has no difference with an overwhelmed server server and usually represents a very bad service. Myself and other providers would rather prefer a straight and direct error which informs the customers why it happens (CPU maxed out in this case) over a website getting slower. This would lead to support tickets of websites sometimes being slow and other times working very well and would also leave the customers with a bad test in their mouth about the service hired.

    I do prefer a direct error, vs a slow website which only leads people to hit reload causing even more load and process. You said this yourself and im sure what happens when a website gets slow, people just start to hit the account even more. So this can be avoided, both the slow website and the overheat of users trying to load it with a direct error.

    I see you said memory limits are on the work. I hope that gets to work as expected in the future, and sadly, I think allot of providers actually do use fcgi this days over suPHP because RAM is cheaper this days and its cheaper then running heavy CPU and disk process which is what suPHP causes forking allot of process on the drives.

    Are there plans to integrate the LVE into more cPanel services in the future? Email and FTP would be great. Database like PostgreSQL together with MySQL would be perfect.
     
    #14 nibb, Feb 15, 2012
    Last edited: Feb 15, 2012
  15. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Thats what I thought as well and sadly I don´t think its the case. Igor has pointed out what will run under the LVE limits.

    And it makes sense like I said in another post because the LVE are not made exclusively for cPanel and works with other control panels as well. Igor just confirmed this and email is not one of them either, any process that runs as cPanel doesn't necessary mean it will run under the LVE at all. Like I said in other posts, its for web process or stuff that goes via Apache.

    I guess I was not so wrong either then.

    Lets hope the list of things it can run under the LVE increases in the future.
     
    #15 nibb, Feb 15, 2012
    Last edited: Feb 15, 2012
  16. iseletsk

    iseletsk Well-Known Member

    Joined:
    Mar 3, 2010
    Messages:
    163
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Princeton, New Jersey, United States
    It is possible to implement from technology standpoint. It is actually quite easy. Monitor it via lvestats, shut it down if average CPU for 1 minute is above 75-90% of CPU limit.

    Is it needed? -- not sure. Majority of the time the slow might mean just 10% slower, or 20% slower then usual. Would you want to display an error if that happens?
    What if it is twice as slow? Meaning it takes 1 second instead of .5 seconds to load? What if it is 3 seconds instead of 1 second?

    Basically if the site is really, really slow, and there are many visitors -- they will be getting resource limits reached any way. It has to be some strange corner case, when there are just a few visitors, and website is slow just for those few visitors.

     
  17. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    I agree with nibb that it would be nice to have the option to display an error to the site visitor if cpu usage is being exceeded, instead of slowing the site down.

    To me, it makes more sense to show a "resource limit exceeded" error then to make it appear the server is overwhelmed or under-powered. Plust, the customer just thinks there is a server problem with no idea it is his website code at fault. So an error msg would give them information about their website problem instead of them contacting us to say our server is crashing...

    Plus, as nibb pointed out... it would prevent the "compounding" problem where customer thinks the problem is on the server so they just keep hitting reload in the browser... which makes the problem even worse and skyrockets the number of connections, etc..


    Lastly... it would be very very beneficial to have the incorrect information in this thread cleaned up by a mod. :)

    Thanks!
     
  18. ckh

    ckh Well-Known Member

    Joined:
    Dec 6, 2003
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Phoenix, AZ
    cPanel Access Level:
    DataCenter Provider
    I much prefer the site slow down instead of using more cpu than assigned. I have CL set up on a server where the sites are cpu intensive. If they reach their limit and their site slows, they need to purchase more cpu. Not unlike a vps or server, if they reach their cpu limits their sites are going to slow down and they need to upgrade.

    I also like the fact that even if they are maxed out on cpu, the client can still log into cPanel and view their cpu usage.

    I don't see the advantage of showing an error page to "visitors" if a site is maxing out the cpu vs the site running slower. Typically showing an error page to the visitors is less preferable than just being slow to load.

    I let my clients know their accounts are limited by cpu and if their site slows down, they need to upgrade the cpu.
     
  19. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I agree with ckh on the page slow down thing. We're all used to pages loading slow from time to time on most any site for whatever reason. If I get more than a few error pages I might think the site/server has issues instead of blaming it on a what might seem like simple network congestion otherwise.
     
  20. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    Hello, the problem is when a customer does not understand their website is being limited.. and instead they think the server has a problem so they complain to support about how slow the server is, etc. Then if we explain to them their website is using too much CPU, they will often tell us that it's impossible and that it must be the server that has a problem because their website is working just fine but it is too slow.

    Many non-technical customers do not understand there is a problem unless there is a corresponding error that tells them about the problem.

    It would be nice if Cloud Linux has the ability to let admin select which option is preferred. (ie: Should cloud linux limit and slow down the website that uses too much CPU, or should it simply stop the process and display and error?)
     
Loading...

Share This Page