OpenVZ/KVM Automated Anti-Abuse Daemon
Hi,
This thread serves as a proposal for an anti-abuse system daemon, that could automate the monitoring of the VM's and avoid abusing in terms of IO, CPU and Network, the latest the less critical.
Some sort of Nodewatch, directly integrated and the nodes, that can handle the suspensions and all that. It's something that should have already been done in my honest opinion.
Requirements for it:
- Give cgroups some use!;
- Ability to throttle CPU, IO / Network;
- Define thresholds for suspensions;
- Hook for billing panel integrations.
-
Kevin Jones commented
This is a great idea but I think it would be easier to install NodeWatch when an OpenVZ slave is deployed.
1) It's a tried and tested system
2) It's free
3) It's already built with SolusVM integration via the API which could be expanded on.This would save writing something from scratch. Yes, you would have to add netfilter full/stateful to each VMs conf file but once that's done this can be automated for new containers by adding it to the /etc/vz/conf files. Either way, something should be done.