You can fine-tune the parameters of virtual machines (VM). This will allow you to adjust the performance of the cluster and improve network security. The parameters available for fine-tuning depend on the type of virtualization in the cluster.
Available parameters
Clusters with KVM virtualization
- resources:
- vCPU — CPU count;
- RAM — RAM, MB;
- Storage — main disk space, GB;
-
partition for extension — the partition of the main disk that will be enlarged when the Storage parameter is changed. For example, /dev/sda2 or sda2;
Resource changing is not supported if snapshots have been created for the VM.
- limits:
- CPU weight — CPU usage priority. Values range from 128 to 10000. For example, a VM weighing 2048 will access the CPU twice as often as a VM weighing 1024;
- I/O usage weight — input/output operations priority. Values range from 100 to 1000. For example, a VM with the I/O weight of 200 will perform read and write operations to disk twice as often as a VM with the weight of 100;
- read speed, IOPS (change without VM rebooting is supported);
- write speed, IOPS (change without VM rebooting is supported);
- read speed, Mbps (change without VM rebooting is supported);
- write speed, Mbps (change without VM rebooting is supported);
- inbound traffic speed, Mbps (change without VM rebooting is supported);
-
outgoing traffic speed, Mbps (change without VM rebooting is supported);
- VMs with a traffic speed higher than 1000 Mbps may not work correctly.
- The limits for incoming and outgoing traffic set the average speed value. Therefore, the maximum speed on the VM's network interface may exceed the limits for some time.
- incoming TCP-connections;
- outgoing TCP-connections;
- antispoofing settings:
- Antispoofing enable/Antispoofing disable switch — enable or disable protection against network attacks using the IP-spoofing method;
-
Tagged traffic is permitted/Tagged traffic is not permitted switch — allow or deny traffic with the VLAN tags;
IP spoofing is a type of hacking attack that uses someone else's IP address to deceive a security system. During IP spoofing, hackers change the sender's address in the L3 packet. This allows hackers to hide the attacker's true address and send a reply packet to the desired address.
To protect VMs from IP spoofing, the platform checks the source MAC address in all L2 frames sent from the VM. If the source MAC address matches the VM's MAC address, the platform checks the source IP address in the L3 packet of the frame. If the source IP address does not match the VM's IP address, the L2 frame is discarded and is not transmitted further.
- port restrictions — restriction of connections to certain virtual machine (VM) ports. Read more in Restricting access to a VM;
- VM disks settings:
- Storage — disk space, GB;
- partition for extension — t he partition of the disk that will be enlarged when the Storage parameter is changed. For example, /dev/sda2 or sda2;
- virtualization parameters:
- CPU emulation mode — VM CPU specification defining method :
- By default — QEMU virtual CPU is emulated;
- Host-model — the emulated CPU will have the same function flags as the cluster node CPU;
- Host-passthrough — the emulated CPU will exactly match the CPU on the host machine cluster node and have the same function flags. This emulation mode provides better performance and may also be mandatory for some applications. Migration of such virtual machine is possible only to the fully matching CPU.
- boot loader type — BIOS or UEFI.
- CPU emulation mode — VM CPU specification defining method :
Clusters with LXD virtualization
- resources:
- vCPU — CPU count;
- RAM — RAM, MB;
-
Storage — disk space, GB;
For the platform to be able to resize a disk, the storage must have free space of at least the same size as the original disk.
- limits:
- CPU weight — CPU usage priority. Values range from 0 to 10. For example, a VM weighing 2 will access the CPU twice as often as a VM weighing 1;
- I/O usage weight — input/output operations priority. Values range from 0 to 10. For example, a VM with the I/O weight of 10 will perform read and write operations to disk twice as often as a VM with the weight of 5;
- network weight — priority in time allocated for processing requests . Values range from 1 to 10. For example, VM requests with a network weight of 2 will be allocated twice as often as VM requests with the weight of 1;
- process count;
- read speed, IOPS (change without VM rebooting is supported);
- write speed, IOPS (change without VM rebooting is supported);
- read speed, Mbps (change without VM rebooting is supported);
-
write speed, Mbps (change without VM rebooting is supported);
In the LXD cluster, the following settings cannot be used simultaneously:
- "read speed, IOPS" and "read speed, Mbps";
- "write speed, IOPS" and "write speed, Mbps".
- inbound traffic speed, Mbps (change without VM rebooting is supported);
-
outgoing traffic speed, Mbps (change without VM rebooting is supported);
VMs with a traffic speed higher than 1000 Mbps may not work correctly. - incoming TCP-connections;
- outgoing TCP-connections;
- antispoofing settings:
- Antispoofing enable/Antispoofing disable switch — enable or disable protection against network attacks using the IP-spoofing method;
-
Tagged traffic is permitted/Tagged traffic is not permitted switch — allow or deny traffic with the VLAN tags;
IP spoofing is a type of hacking attack that uses someone else's IP address to deceive a security system. During IP spoofing, hackers change the sender's address in the L3 packet. This allows hackers to hide the attacker's true address and send a reply packet to the desired address.
To protect VMs from IP spoofing, the platform checks the source MAC address in all L2 frames sent from the VM. If the source MAC address matches the VM's MAC address, the platform checks the source IP address in the L3 packet of the frame. If the source IP address does not match the VM's IP address, the L2 frame is discarded and is not transmitted further.
- port restrictions — restriction of connections to certain virtual machine (VM) ports. Read more in Restricting access to a VM;
-
сontainerization parameters:
- nested containerization — creating containers inside a container using Docker, Podman, LXC, etc.
Changing vCPU and RAM
In clusters with KVM virtualization type, you can increase the vCPU and RAM values without rebooting the VM:
- vCPU:
- for VM with Windows OS — no more than 128 cores;
- for other OS — no more than 256 cores;
- RAM — only in 1024 MB increments and not more than 16 times for each VM.
If the vCPU and RAM values decrease, the VM will be rebooted.
To increase the resource value without rebooting, enable the Increase CPU and RAM values without rebooting the VM option on the Resources and limits tab.
Increasing disk size
In clusters with the KVM virtualization type, there are two ways to increase the VM disk:
- with VM reboot — the platform enlarges the disk partition specified in the settings or adds unallocated space to the VM if no partition is specified;
- without rebooting the VM — the platform resizes the block device. Disk partitions remain unchanged.
Only one of the methods can be activated for each VM at a time. The selected method applies to all disks of the VM.
Specifics of operation for VMs with Windows OS
Partition increase is performed in the Linux environment using the virt-resize utility. Therefore, for Windows VMs, you have to specify a partition in Linux OS format in the Partition for expansion field. For example, /dev/sda4. To get the list of partitions:
- Connect to the cluster node with the VM via SSH.
-
Run the command:
virt-filesystems -d <domain> --all -l
Comments to the command
Increase with VM reboot
To increase the disk size:
- Enter Virtual machines → select the VM → Parameters button → Fine-tuning settings section → VM disk settings tab.
- Enable the Increase disk size without rebooting the VM option.
- In the Storage field, specify the desired disk size.
-
Specify the Partition for expansion. For example, /dev/sda2 or sda2.
- You can specify an external or an internal partition name. For example, the /dev/sda2 section in CentOS 8 can have the internal name /dev/vda2. Specify the internal name only if this partition is mounted on the system.
- To enlarge the disk by creating a new partition, leave the parameter blank. VMmanager will add unallocated disk space to the VM. You will be able to create a new partition in this space using the OS.
- Click the Change and restart button.
With this method, the platform:
- Shuts down the VM.
- Creates a new disk with a specified size.
- Copies data from the VM's original disk to the new disk.
- Turns on the VM.
- If the disk increase is successful, deletes the VM's original disk.
- If an error occurred during disk increase, restores VM operation with the original disk.
Increase without VM reboot
To increase the disk size:
- Enter Virtual machines → select the VM → Parameters button → Fine-tuning settings section → VM disk settings tab.
- Disable the Increase disk size without rebooting the VM option.
- In the Storage field, specify the desired disk size.
- The value in the Partition for expansion field will not be taken into account when the disk is changed.
- Click the Edit button.
With this method, the platform only changes the size of the block device. To increase a disk partition in the file system:
- Linux (EXT4, XFS):
- Connect to the VM via SSH.
-
Install utilities to resize the disk:
Debian, Ubuntuapt-get install cloud-guest-utils
AlmaLinuxdnf install cloud-utils-growpart
CentOSyum install cloud-utils-growpart
-
Define the partition and file system type:
lsblk -f
In the example below, the partition is vda2 and the file system type is EXT4.
NAME FSTYPE LABEL UUID MOUNTPOINT vda ├─vda1 └─vda2 ext4 4a9ea381-1b1c-f135-a540-685a8d3e82f8 /
-
Perform a partition expansion:
growpart /dev/<partition_name> <partition_number>
Comments to the command -
Change the file system size:
EXT4resize2fs /dev/<partition>
XFSxfs_growfs -d /dev/<partition>
Comments to the commands
- Windows (NTFS):
- Connect to the VM via VNC or SPICE.
- Change the partition size using the Disk Management tool. Read more in the Microsoft documentation.
Fine-tuning procedure
To fine-tune the parameters:
- Enter Virtual machines → select the VM → Parameters button → Fine-tuning settings section.
- Specify the required parameter values on the Resources and limits tab.
-
If the VM requires adding vCPU and RAM without rebooting, enable the Increase CPU and RAM values without rebooting option.
To apply this setting, the VM will be rebooted. - If the VM requires increasing disk size without rebooting, enable the Increase disk size without rebooting the VM option.
- Configure Port restrictions for the VM Read more in Restricting access to a VM .
-
If there are multiple disks connected to the VM in a KVM cluster, specify the required parameter values on the VM disk settings tab. Read more about virtual disks in Managing VM disks.
If disk settings are changed, the VM will be rebooted. -
Select the required parameter values on the Virtualization (Containerization) tab.
If the CPU emulation mode or boot loader type is changed, the VM will be rebooted. - Press Edit (Change and restart).
An example of resources and limits configuration
Example of VM disks configuration
An example of virtualization parameters configuration