What are CloudLinux, CageFS and LVE?
CloudLinux improves the stability of the server by encapsulating each client in an isolated, secure environment called a Lightweight Virtual Environment (LVE), a kernel technology developed by CloudLinux.
In shared hosting, the most common reason for downtime is a single account slowing down other accounts on the server. If one customer is using an unfair amount of resources (e.g. due to being under a DoS attack, poorly written script, etc.), the server would become slow or go down completely, affecting all other customers on the server. With CloudLinux, we are able to isolate the impact to the offending tenant only, while all other sites remain unaffected. CloudLinux improves the general stability and performance of the server by imposing limits on a number of resources that can be consumed by a single user.
What happens when an account reaches its resource limits?
Once an account reaches the limit of set resources, its sites will begin to slow down. At the same time, the other tenants on the server will continue to run normally.
Limits are put in place to protect against abuses and bad scripts, and not restrict normal usage of an account.
CageFS
CloudLinux includes CageFS – a virtualized user file system, that uniquely encapsulates each customer’s files and running processes, preventing users from seeing each other and potentially exploiting sensitive information. CageFS offers complete isolation and prevents a large number of attacks, such as privilege escalation and information disclosure attacks.
How to monitor resource usage
At any time you can see how much server resources your account is consuming. Simply log into cPanel and look at the resource usage stats in the right column. For detailed stats, use this button to get to the CPU and Concurrent Connection Usage:
How is resource usage calculated in CloudLinux and LVE?
Resource usage is calculated relative to the limits applied to your account only, and not the entire server.
For example, if your account allows 1 CPU Cores and 1 GB of RAM:
- A CPU usage of 100% would mean that your account is currently maxing out 1 CPU Core. A “fault” will be registered in such case. If the CPU usage grows, the LVE will apply the 100% cap, preventing the occupation of more CPU time and enqueuing operations for a later time.
- A memory usage of 50% would mean that your account is using 512 MB RAM.
Understanding of CloudLinux resource limits
CPU Usage
Specifies how much of the allocated CPU resources you are currently using. The amount of CPU resources is a percentage of one CPU core.
Therefore, if a limit is set to 100% – it translates to one CPU core.
If an LVE CPU limit reaches 100% it means that the account is using all of the CPU resources allocated, and any new processes will be put to sleep until existing processes complete. This can cause a website to slow down dramatically and in extreme cases even time out.
Virtual Memory Usage
Corresponds to the amount of memory, processes can allocate within LVE. When the process tries to allocate memory, CloudLinux checks if the new total virtual memory used by all processes in LVE is within the limit set. If it is not, CloudLinux will prevent memory from being allocated and in most cases this causes the process to fail.
Physical Memory Usage (RAM)
It is the actual memory allocated for your account. Virtual memory is usually a file on a disk drive that the operating system uses to store information when the real memory becomes full, for instance, the swap file on a Linux system.
If an account hits this limit the web page will see a CloudLinux 508 “resource limit reached” page. These errors are typically only brief and once the usage has reduced to below the limit, will automatically clear.
Entry Processes/EP
The number of processes that can be run at once for an account. For example, every PHP page that is accessed will usually generate a single entry process. Many people misinterpret this value as “number of visitors on a website at once”. Whilst it is true that each visitor accessing a PHP page will spawn an entry process, these processes usually end so quickly that it is extremely unlikely that 10 will be spawned concurrently and at a single moment unless you had a significantly large number of simultaneous visitors on the website at once. SSH sessions and cron jobs also count as entry processes.
Number of Processes
This limit is similar to the above but includes all processes generated by the account rather than the specific PHP, SSH or cron jobs. This number is typically very low, even under high activity, as non-PHP tasks execute and complete even more quickly.
I/O Usage (input/output)
Represents how much I/O or disk activity the account is using. Any task which makes use of the servers drives (such as reading or writing to the server) will consume I/O. A limit can be set as a maximum for each account to ensure that no single account can saturate the speed of the disk drives which would result in poor performance for all the accounts.
Notifications
Our system is setup to email notifications to the customers, should their account resources exceed any of the set limits.