home *** CD-ROM | disk | FTP | other *** search
ccccppppuuuusssseeeetttt((((1111)))) ccccppppuuuusssseeeetttt((((1111)))) NNNNAAAAMMMMEEEE ccccppppuuuusssseeeetttt, mmmmiiiisssseeeerrrr____ccccppppuuuusssseeeetttt - define and manage a set of CPUs SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS ccccppppuuuusssseeeetttt [-q _c_p_u_s_e_t__n_a_m_e[,_c_p_u_s_e_t__n_a_m_e__d_e_s_t] [-A _c_o_m_m_a_n_d] |[-c -f _f_i_l_e_n_a_m_e]|[-d]|[-i]|[-l]|[-m]|[-M]|[-Q]|[-p] |[-T]] | -C | -Q | -h DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN The _cccc_pppp_uuuu_ssss_eeee_tttt command is used to create and destroy cpusets, to retrieve information about existing cpusets, and to attach a process and all of its children to a cpuset. A cpuset is a named set of CPUs, which may be defined to be restricted or open. A restricted cpuset only allows processes that are members of the cpuset to run on the set of CPUs. An open cpuset allows any process to run on its cpus, but a process that is a member of the cpuset can only run on the CPUs belonging to the cpuset. A cpuset is defined by a cpuset configuration file and a name. See _cccc_pppp_uuuu_ssss_eeee_tttt(4) for a definition of the file format. The cpuset configuration file is used to list the CPUs that are members of the cpuset. It also contains any additional parameters required to define the cpuset. A cpuset name is between three and eight characters long; names of two or less characters are reserved. The file permissions of the configuration file define access to the cpuset. When permissions need to be checked, the current permissions of the file are used. It is therefore possible to change access to particular cpuset without having to tear it down and recreate it, simply by changing the access permissions. Read access allows a user to retrieve information about a cpuset while execute permission allows the user to attach a process to the cpuset. Cpusets on IRIX requires two user classes: root and user. The root class creates, destroys, moves a process, and adds a process to the cpuset. The user class is governed by the file permissions of the configuration file for the given cpuset. Given a configuration file with the following characteristics: Permissions Owner Group Size Filename -------------------------------------------------- -rwxr----- root cpuset 512 cpuset.test Group read permission allows a user belonging to the group cpuset to list all cpusets in the cpuset defined by the _cccc_pppp_uuuu_ssss_eeee_tttt_...._tttt_eeee_ssss_tttt file and get a listing of all processes in this cpuset. In order for the user to add processes to the cpuset governed by the _cccc_pppp_uuuu_ssss_eeee_tttt_...._tttt_eeee_ssss_tttt file, you would need to change the permissions as follows: PPPPaaaaggggeeee 1111 ccccppppuuuusssseeeetttt((((1111)))) ccccppppuuuusssseeeetttt((((1111)))) Permissions Owner Group Size Filename -------------------------------------------------- -rwxr-x--- root cpuset 512 cpuset.test In a Trusted IRIX environment, permissions are governed by the _////_eeee_tttt_cccc_////_cccc_aaaa_pppp_aaaa_bbbb_iiii_llll_iiii_tttt_yyyy file. See the _cccc_aaaa_pppp_aaaa_bbbb_iiii_llll_iiii_tttt_yyyy(4) and _cccc_aaaa_pppp_aaaa_bbbb_iiii_llll_iiii_tttt_iiii_eeee_ssss(4) man pages for more information on the capability mechanism that provides fine grained control over the privileges of a process. Each user in the capability file has a set of minimum and maximum permissions. Consequently, root does not have any special abilities except to be able to use suattr so that it may assume any capabilities and permissions. Capabilities and permissions are also narrowed by the use of mandatory access control (MAC) labels and access control lists (ACLs). In Trusted IRIX, to allow a user belonging to the group cpuset to list all cpusets in the cpuset defined by the _cccc_pppp_uuuu_ssss_eeee_tttt_...._tttt_eeee_ssss_tttt file and get a listing of all processes in this cpuset, you must perform the following: +o Assign the user with a MAC label of userlow. +o Make the following entry in the _////_eeee_tttt_cccc_////_cccc_aaaa_pppp_aaaa_bbbb_iiii_llll_iiii_tttt_yyyy file: _cccc_pppp_uuuu_uuuu_ssss_eeee_rrrr_1111_::::_aaaa_llll_llll_====_::::_aaaa_llll_llll_==== You can not assign a user all capabilities with effective, inherited, and permissive rights (_++++_eeee_iiii_pppp) added. If you add _++++_eeee_iiii_pppp, the user will gain more privileges than allowed by the Cpuset system. A Trusted IRIX user with a _cccc_pppp_uuuu_uuuu_ssss_eeee_rrrr_1111_::::_aaaa_llll_llll_====_::::_aaaa_llll_llll_==== entry in the _////_eeee_tttt_cccc_////_cccc_aaaa_pppp_aaaa_bbbb_iiii_llll_iiii_tttt_yyyy file, has the same permissions as the user class in IRIX. The root class in Trusted IRIX must have the _CCCC_AAAA_PPPP______SSSS_CCCC_HHHH_EEEE_DDDD______MMMM_GGGG_TTTT_++++_eeee_iiii_pppp capability to create and destroy cpusets and to move process out of the cpuset. In Trusted IRIX, you can use ACLs to control group permissions. With ACLs, you can easily select which users in the group can add a process to the cpuset. You can use ACLs to control a user's access to a cpuset without that user belonging to the group owner of the configuration file. OOOOPPPPTTTTIIIIOOOONNNNSSSS ----qqqq _c_p_u_s_e_t__n_a_m_e ----AAAA _c_o_m_m_a_n_d Runs the command on the cpuset identified by the -q parameter. If the user does not have access permissions or the cpuset does not exist, an error is returned. ----qqqq _c_p_u_s_e_t__n_a_m_e ----cccc ----ffff _f_i_l_e_n_a_m_e Creates a cpuset with the configuration file specified by the -f parameter and the name specified by the -q parameter. If the cpuset name already exists, a CPU specified in the cpuset configuration file is already a member of a cpuset, or the user does not have the requisite permissions, the operation fails. PPPPaaaaggggeeee 2222 ccccppppuuuusssseeeetttt((((1111)))) ccccppppuuuusssseeeetttt((((1111)))) ----qqqq _c_p_u_s_e_t__n_a_m_e ----llll Lists all the processes in the cpuset. ----qqqq _c_p_u_s_e_t__n_a_m_e ----mmmm Moves all the attached processes out of the cpuset. ----qqqq _c_p_u_s_e_t__n_a_m_e ----dddd Destroys the specified cpuset. A cpuset can only be destroyed if there are no processes currently attached to it. ----qqqq _c_p_u_s_e_t__n_a_m_e ----QQQQ Prints a list of the cpus that belong to the cpuset. ----qqqq _c_p_u_s_e_t__n_a_m_e ----pppp Prints out the permissions, ACLs, MAC labels, flags, number of processes and the cpus associated with the specified cpuset. ----qqqq _c_p_u_s_e_t__n_a_m_e,_c_p_u_s_e_t__n_a_m_e__d_e_s_t ----MMMM _s_u_b_o_p_t_i_o_n The -M option moves a process or a group of processes and their associated memory from cpuset_name to cpuset_name_dest. The valid suboptions are PID, ASH, JID, SID, and PGID indicate the id type to be moved. The -M option also requires the -i option. ----qqqq _c_p_u_s_e_t__n_a_m_e,_c_p_u_s_e_t__n_a_m_e__d_e_s_t ----TTTT _s_u_b_o_p_t_i_o_n The -T option moves a proces or a group of processes but not their memory from cpuset_name to cpuset_name_dest. The valid suboptions PID, ASH, JID, SID, and PGID indicate the id type to be moved. The -T option also requires the -i option. ----qqqq _c_p_u_s_e_t__n_a_m_e,_c_p_u_s_e_t__n_a_m_e__d_e_s_t [[[[----MMMM |||| ----TTTT]]]] _s_u_b_o_p_t_i_o_n ----iiii _i_d The -i option tells the command what id needs to be moved. ----CCCC Prints the name of the cpuset to which the process is currently attached. ----QQQQ Lists the names of all the cpusets currently defined. ----hhhh Print the command's usage message. RRRREEEESSSSTTTTRRRRIIIICCCCTTTTIIIIOOOONNNNSSSS A CPU can belong to at most one cpuset. CPU 0 cannot belong to an EXCLUSIVE cpuset. A CPU cannot be both restricted or isolated (see _m_p_a_d_m_i_n(1) and _s_y_s_m_p(2)) and also be a member of a cpuset. Only the superuser can create or destroy cpusets. Only the superuser can move all processes out of a cpuset (-m option). PPPPaaaaggggeeee 3333 ccccppppuuuusssseeeetttt((((1111)))) ccccppppuuuusssseeeetttt((((1111)))) runon(1) can not run a command on a cpu that is part of a cpuset unless the user has write or group write permission to access the cpuset's configuration file. DDDDEEEETTTTAAAAIIIILLLLSSSS There is a tuneable system parameter, in the static parameter group, mmmmiiiisssseeeerrrr called ccccppppuuuusssseeeetttt____nnnnoooobbbbiiiinnnndddd.... By default the boolean parameter is set to '0' or false. When this parameter is set to '1' (true), a further restriction is placed upon processes scheduled by cpuset: If cpuset_nobind == 1, Then nnnnoooo pppprrrroooocccceeeessssssss scheduled by cpuset may bind itself or a child process to any cpu. The request to bind to a cpu will be refused and the error code set to EPERM. In addition a message will be sent to the console and SYSLOG explaining the failure. NNNNOOOOTTTTEEEESSSS When using the -M or the -T options, the follwing items apply: +o When moving processes out of a cpuset to the general cpu pool (_g_l_o_b_a_l__c_p_u_s_e_t), use the value of 0 as the _d_e_s_t__c_p_u_s_e_t. Likewise, use the value of 0 as the _s_o_u_r_c_e__c_p_u_s_e_t when moving processes from the _g_l_o_b_a_l__c_p_u_s_e_t to a specific cpuset. +o When using the -M or the -T options, JID is not available unless the feature stream is being used and joblimits is installed. In a cluster environment, the cpuset configuration file should reside on the root filesystem. If the cpuset configuration file resides on a filesystem other than the root filesystem and you attempt to unmount the filesystem, the vnode for the cpuset remains active and the _uuuu_nnnn_mmmm_oooo_uuuu_nnnn_tttt (see _uuuu_nnnn_mmmm_oooo_uuuu_nnnn_tttt(1M) command fails. Make sure that your workload manager sets the configuration file to reside on the root filesystem. SSSSEEEEEEEE AAAALLLLSSSSOOOO mpadmin(1), runon(1), systune(1M), sysmp(2), boot_cpuset(4), cpuset(4), cpuset(5). _I_R_I_X _A_d_m_i_n: _R_e_s_o_u_r_c_e _A_d_m_i_n_i_s_t_r_a_t_i_o_n PPPPaaaaggggeeee 4444 
