FW: Matt Fischer’s LIMITING LXC MEMORY USAGE (aka How to limit the memory usage of Linux LXC containers and validate the memory limit)

I’ve been playing around with LXC over the past few weeks and one of the things I tried out was limiting the memory that the container is allowed to use. I didn’t plan on explaining all the ins-and-outs of LXC here, but a short description is that LXC provides a virtualizedish environment that is more than a chroot gives you, but less than a full-blown virtual machine. If you want more details, please check out stgraber’s blog post about LXC in 12.04.

Kernel Configuration
The first thing you need to do in order to limit memory usage for LXC is make sure your kernel is properly configured, you need the following flag enabled:


If you plan on also limiting swap space usage, you’ll also need:


These flags are enabled for me in my 12.10 kernel (3.5.0-22) and so presumably you’ll have them in 12.04.
Setting the Cap

First, I’m going to create my container. Following the instructions from stgraber’s blog post, and calling the container “memlimit”:

Read the entire post on Matt Fischer’s blog.

Share Button

HOWTO: Install SAP Sybase ASE 15.x and Linux Containers (LXC) – Ubuntu Server 13.04


Host OS:

  • Ubuntu Server 13.04 x86-64 (64bit)
  • At least 4GB RAM
  • 300GB available disk space

Sybase Patches:

  • If you’re going to run 32bit SQL Anywhere (or an embedded RSSD with Replication Server), you need to apply a SQL Anywhere patch: http://search.sybase.com/kbx/changerequests?bug_id=694479

Install LXC and the bridge-utils to support a network bridge:

aptitude install lxc debootstrap bridge-utils

Create the network bridge br0:

cd /etc/network

Edit interfaces:

  auto eth0
  iface eth0 inet dhcp


  # LXC bridge
  auto br0
  iface br0 inet dhcp
      bridge_ports eth0
      bridge_stp off
      bridge_fd 0
      bridge_maxwait 0

  auto eth0
  iface eth0 inet manual

Restart networking:

service networking restart

Create lxc-default-sybase Apparmor profile:

cd /etc/apparmor.d/lxc
cp lxc-default lxc-default-sybase

Edit lxc-default-sybase:

  profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {


  profile lxc-container-default-sybase flags=(attach_disconnected,mediate_deleted) {

replace/add only if using you’re using LXC version LOWER than 0.7.5-3ubuntu60 – see LXC bug 1021411:

   deny @{PROC}/sys/kernel/** wklx,


   deny @{PROC}/sys/kernel/(^shm)** wklx,

Update the kernel with the new lxc-default-sybase profile

apparmor_parser -r /etc/apparmor.d/lxc-containers

Replace /etc/lxc/lxc.conf with:


# cap the memory available to the container
lxc.cgroup.memory.limit_in_bytes = 2G

Assuming that volume group VG02 exists, let’s create the container with the name of “sybase”, and a logical volume of 100G using the xfs file system:

lxc-create -n sybase -t ubuntu -B lvm --lvname sybase --vgname VG02 --fstype xfs --fssize 100G

Before we start the ‘sybase’ container, we need to update the container configuration to use the lxc-container-default-sybase container:

cd /var/lib/lxc/sybase

Edit config:

  #lxc.aa_profile = unconfined


  lxc.aa_profile = lxc-container-default-sybase

We’re ready to start the container in console mode (to start it as a daemon add -d):

lxc-start -n sybase

The default login credentials are ubuntu / ubuntu

Let’s switch to root so we can install the packages to support Sybase ASE 15.7:

sudo su - root

Enable up to 512MB of shared memory:

echo "kernel.shmmax = 536870912" >> /etc/sysctl.conf
sysctl -p

Install the packages (nmon is a great os monitoring tool but if you don’t want it, don’t include it):

dpkg --add-architecture i386
apt-get update
apt-get install ia32-libs
apt-get install aptitude libaio1 xauth ia32-libs libstdc++5 nmon ncompress

If you want to install PPA repositories:

apt-get install python-software-properties

We need to set up the locale:

locale-gen en_US.UTF-8
echo 'LANG="en_US.UTF-8"' > /etc/default/locale

Copy the sybase software to your new Linux Container and extract it into a temporary directory.

Because Ubuntu seems to think that gzip can uncompress files compressed with the ‘compress’ command (it really can’t btw), you need to alias the uncompress with /usr/bin/uncompress.real:

alias uncompress='/usr/bin/uncompress.real'

From here, you would install and configure Sybase ASE 15.x as you normally would.

Determine ip address for eth0:

ifconfig|grep "inet addr"

In my case, the eth0 ip address is You will either want to reserve this address with your DHCP server or setup a static ip in /etc/interfaces.

Assuming we want to keep the address for this container, we need to modify the /etc/hosts file:
Replace: localhost sybase

with: localhost sybase
Share Button