The OOM killer selects a container process (or processes) to end based on the badness reflected in /proc/<pid>/oom_score. The badness is calculated using process memory, total memory, and badness adjustment, and then clipped to the range from 0 to 1000. Each badness point stands for one thousandth of container memory. The process to be killed is the one with the highest resulting badness.
The OOM killer for container processes can be configured using the /etc/vz/oom-groups.conf file that lists patterns based on which badness adjustment is selected for each running process. Each pattern takes a single line and includes the following columns:
-
<command>, mask for the task command name; -
<parent>, mask for the parent task name; -
<oom_uid>, task user identifier (UID) filter:-
If
<oom_uid>is -1, the pattern will be applicable to tasks with any UIDs, -
If
<oom_uid>is 0 or higher, the pattern will be applicable to tasks with UIDs equal to the<oom_uid>value, -
If
<oom_uid>is smaller than -1, the pattern will be applicable to tasks with UIDs smaller than the negative<oom_uid>value);
-
If
-
<oom_score_adj>badness adjustment. As with badness itself, each adjustment point stands for one thousandth of total container memory. Negative adjustment values reduce process badness. In an out-of-memory situation, an adjustment will guarantee that the process will be allowed to occupy at least<oom_score_adj>thousandths of container memory while there are other processes with higher badness running in the container.
Note
Note: The <command> and <parent> masks support wildcard suffixes: asterisk matches any suffix. E.g., "foo" matches only "foo", "foo*" matches "foo" and "foobar".
For example, the pattern
sshd init -500 -100
means that in an out-of-memory situation, sshd, a child of init, will be guaranteed at least 100 thousandths (i.e., 10%) of container memory, if its UID is smaller than -(-500) or just 500, e.g., 499. According to RHEL conventions, UIDs from 1 to 499 are usually reserved for system use, so such delimitation may be useful to prioritize and save system processes.
While calculating the badness of a process, the OOM killer searches /proc/vz/oom_score_adj for a suitable pattern based on masks and task UID filter. The search starts from the first line and ends when the first suitable pattern is found. The corresponding adjustment value is then used to obtain the resulting process badness.
The data from /etc/vz/oom-groups.conf is reset and committed to the kernel on boot. To reset and commit the config file manually, you can use the following command:
# cat /etc/vz/oom-groups.conf > /proc/vz/oom_score_adj
