How to Set Resource Limits on a Linux VPS? Print

Resource limits on a Linux Virtual Private Server (VPS) control how much CPU, memory, disk I/O, and processes users or applications can use, ensuring fair resource allocation and system stability. This is critical for multi-user environments or resource-constrained VPS plans, preventing any single process from overwhelming the system. This guide covers setting resource limits using ulimit, cgroups, and nice on a Linux VPS (e.g., Ubuntu or CentOS), focusing on practical steps for common use cases.

Why Set Resource Limits?

• Prevent Overload: Stop users or processes from consuming excessive CPU, memory, or I/O.
• Ensure Stability: Maintain VPS performance for critical services like web servers or databases.
• Fair Allocation: Distribute resources equitably in multi-user or multi-application setups.
• Security: Mitigate risks from runaway processes or malicious users.

Prerequisites

• Root Access: Full administrative access via SSH or console.
• Linux OS: Ubuntu, CentOS, or another distribution with ulimit and cgroups support.
• Monitoring Tools: Install htop or iotop to track resource usage.
• Backup: Save critical configurations before making changes.

Steps to Set Resource Limits on a Linux VPS

This guide uses Ubuntu 20.04, with notes for CentOS where applicable.

Step 1: Access the VPS

• Connect via SSH:

  ssh user@your-vps-ip
  

• If SSH is unavailable, use the provider’s console. For example, VPS.DO’s SolusVM control panel offers VNC console access for direct management.

Step 2: Use ulimit for Per-User Limits

ulimit sets resource limits for user sessions (e.g., max processes, file size).

• Check current limits:

  ulimit -a
  

• Set temporary limits (session-specific):

  ulimit -u 100  # Max 100 processes
  ulimit -m 500000  # Max memory 500 MB
  

• Make persistent by editing /etc/security/limits.conf:

  sudo nano /etc/security/limits.conf
  

• Add (e.g., for user testuser):

  testuser hard nproc 100
  testuser hard as 500000
  

  • nproc: Max processes.
  • as: Max address space (memory in KB).
• Apply changes (requires new login):

  su - testuser
  

Step 3: Use cgroups for Fine-Grained Control

Control Groups (cgroups) manage resources for groups of processes, ideal for services like Apache or databases.

• Install cgroup-tools:

  sudo apt install cgroup-tools  # Ubuntu
  sudo yum install libcgroup-tools  # CentOS
  

• Create a cgroup for a user or process:

  sudo cgcreate -g cpu,memory:/testgroup
  

• Set CPU and memory limits:

  echo "500000" | sudo tee /sys/fs/cgroup/memory/testgroup/memory.limit_in_bytes  # 500 MB
  echo "100000" | sudo tee /sys/fs/cgroup/cpu/testgroup/cpu.cfs_quota_us  # 100ms CPU time
  

• Assign a process to the cgroup (e.g., PID 1234):

  sudo cgclassify -g cpu,memory:/testgroup 1234
  

• Alternatively, run a command in the cgroup:

  sudo cgexec -g cpu,memory:/testgroup /path/to/script.sh
  

Step 4: Adjust Process Priority with nice and ionice

Control CPU and I/O priority to prioritize critical services:

• Set CPU priority:

  nice -n 10 command  # Lower priority (range: -20 high to 19 low)
  

• Set I/O priority:

  ionice -c3 command  # Idle I/O class (1=high, 2=normal, 3=idle)
  

• Make persistent for a service (e.g., Apache):

  sudo nano /etc/systemd/system/apache2.service.d/override.conf
  

• Add:

  [Service]
  Nice=5
  IOClass=best-effort
  IOSchedulingPriority=4
  

• Reload and restart:

  sudo systemctl daemon-reload
  sudo systemctl restart apache2
  

Step 5: Monitor Resource Usage

• Check resource consumption:

  htop  # CPU and memory
  iotop -o  # Disk I/O
  

• Use VPS.DO’s SolusVM dashboard to monitor real-time CPU, RAM, and disk usage, ensuring limits align with available resources.

Step 6: Test and Verify

• Test limits by running a resource-intensive process:

  stress --cpu 2 --vm 1 --vm-bytes 600M
  

• Verify limits are enforced (e.g., process termination for exceeding memory).
• Check cgroup stats:

  cat /sys/fs/cgroup/memory/testgroup/memory.usage_in_bytes
  

Troubleshooting

• Limits Not Applied: Ensure limits.conf syntax is correct and cgroups are enabled (cat /proc/cgroups).
• Permission Errors: Use sudo for all commands; verify user permissions in limits.conf.
• Resource Overuse: If the VPS is still overloaded, check provider-imposed limits (e.g., CPU throttling) via logs or support.
• Service Failures: Verify service configs (e.g., systemd overrides) and restart services.

Best Practices

• Set Conservative Limits: Balance user needs with VPS capacity to avoid crashes.
• Monitor Regularly: Use htop or cron jobs to track resource usage.
• Backup Configurations: Save /etc/security/limits.conf and cgroup settings.
• Test Incrementally: Apply limits to test users before production.
• Secure Settings: Restrict access to config files (e.g., chmod 640 /etc/security/limits.conf).

When to Seek Help

If limits cause system instability or you suspect provider-side constraints, contact your VPS provider with logs (e.g., /var/log/syslog) and configuration details. Providers like VPS.DO offer 24/7 ticket-based support for troubleshooting.

Setting resource limits ensures your Linux VPS runs efficiently, protecting critical services and maintaining stability in resource-constrained environments.