container_workload.5 (2011 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

CONTAINER_WORKLOAD(5) CONTAINER_WORKLOAD(5)

NAME

container_workload - Describes the HP-UX workload containers

DESCRIPTION

A workload container is a type of HP-UX container. Workload containers provide process isolation, a pro-

tected ﬁle system, and

IPC isolation. Each workload container is provided with its own

IP address and

private network port space. You conﬁgure and administer workload containers with the srp(1M) com-

mand.

Process View

Only processes within a workload container are visible in a container, processes in one container cannot

view or signal processes in other containers.

Host, Node, and Domain Names

A workload container has the same hostname, nodename, and domain name as the global view.

User and Groups

of conﬁguration ﬁles. Users and groups may be granted login authization to speciﬁc workload containers

with the compartment login service.

File Systems

When a workload container is conﬁgured, srp(1M) creates a new container home directory

(/var/hpsrp/<container name>). Files and directories created under the container home are not accessi-

ble to processes running in other containers.

NFS and AutoFS Mounted File Systems

NFS and Autofs function inside a workload container as they otherwise would in the global view.

Mounted File Systems

File Systems such as NFS, LOFS, and VxFS may be mounted in a workload container when the container

is started if there is an appropriate entry in the container’s fstab (4) ﬁle (/var/hpsrp/<container

name>/etc/fstab).

Network Isolation

Each workload container is provided with its own

IP address and private network port space. Processes in

a workload container can only bind to addresses local to the container. Packets destined to a container

address are delivered to the appropriate network endpoints in the container. Packets originated from a

container will have the source address set to the container IP address.

The container

IP address may be conﬁgured to use a dedicated NIC or to share its NIC with other con-

tainers. The global system administrator conﬁgures the container IP addresses and interfaces. The net-

work conﬁguration may be viewed using the standard commands, including ifconﬁg(1M) and netstat (1M).

IPC Isolation

By default workload containers are restricted from communicating via

IPC with other containers, but are

allowed to communicate via most IPC with the global view by the container’s compartment rules. Signal

and PTY based IPC are restricted to the container by the compartment rules.

Workload containers share the system wide namespace for

IPC objects.

Resource Entitlements

Workload containers may be conﬁgured with a set of resource entitlements for CPU and memory usage,

including a guaranteed minimum CPU and memory allocation. A maximum CPU and memory entitlement

may be speciﬁed in addition to the minimum. Resource entitlements are optional.

HP-UX 11i Version 3: September 2011 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
CONTAINER_WORKLOAD(5) CONTAINER_WORKLOAD(5) NAME container_workload - Describes the HP-UX workload containers DESCRIPTION A workload container is a type of HP-UX container. Workload containers provide process isolation, a protected file system, and IPC isolation. Each workload container is provided with its own IP address and private network port space. You configure and administer workload containers with the srp(1M) command.
PAGE 2
CONTAINER_WORKLOAD(5) CONTAINER_WORKLOAD(5) Software Management The Software Distributor (sd(5)) is used to install or remove software. You must be in the global view to install or remove software. A workload container shares filesystem namespace with the global view, so by default. Products installed in the global view are accessible from a workload container. Device Access All devices in the global filesystem view are accessible in a workload container.