/ FreeBSD

Setting the CPU Affinity on FreeBSD Jails with ezjail

I just got a new home server: a HP ProLiant ML110 G6. Being a FreeBSD person myself, it was natural that I used it on my server instead of Linux.

I chose to use ezjail to manage the jails on my ProLiant, with the initial one being a Tor middle node. Despite the fact that where my ML110 is, the upstream is only 35mbps (which is pretty good for cable), I did not want to give my Tor jail access to all four cores.

Setting the CPU Affinity would let you choose a specific CPU core (or a range of cores) you want to use. However, it does not just let you pick the number of CPU cores you want and make FreeBSD choose the core running your jail. Going forward, I assumed that you have already created a jail using ezjail-admin. I also do not cover limiting a jail to a certain percentage of CPU usage.

To set a single core for a jail, you will run:

ezjail-admin config -c [CORE_NUMBER] [JAIL_NAME]

Where [CORE_NUMBER] is the core number you want your jail on, with 0 being the first and n-1 being the last should you have n cores, and [JAIL_NAME] being the name of the ezjail-managed jail you want to set the affinity of.

If you want to set a range of cores from start to end, you run:

ezjail-admin config -c [CORE_NUMBER_FIRST]-[CORE_NUMBER_LAST] [JAIL_NAME]

Where [CORE_NUMBER_FIRST] and [CORE_NUMBER_LAST] are the first and last cores you want to run on respectively, and [JAIL_NAME] being the jail name.

On the other hand, if you want to set specific cores only (and not a range), you need a comma separated list. To do this:

ezjail-admin config -c [CORE_NUMBER_FIRST],[CORE_NUMBER_SECOND],...,[CORE_NUMBER_N] [JAIL_NAME]

Where core numbers like [CORE_NUMBER_FIRST], [CORE_NUMBER_LAST], and [CORE_NUMBER_N] are the core numbers you want to run on, and [JAIL_NAME] being the jail name.

And hopefully, you should have your ezjail-managed FreeBSD jail limited to the CPU cores you want. While I did not cover a CPU percentage or RAM usage, this can be done with rctl.

Why would I do this?

Note: Keep in mind that this is a new section (as of September 19, 2017).

I'll admit: it doesn't really matter which CPU a jail runs on, but it might matter if you don't want a jail to have access to all the CPU cores available and only want [JAIL_NAME] to use one core. Since it's not really possible just specify the number of CPU cores with ezjail (or even iocell), a fallback would be to use CPU affinity, and that requires you to specify an exact CPU core. I know it's not the best solution (it would be better if we could let the scheduler choose provided a jail only runs on one core), but it's what works.