Configuring memory allocation¶

To configure memory allocation, you must tune the memory_limit attributes of high and max for the QM partition.

The max value represents the maximum limit for memory use in the QM partition. QM processes that attempt to exceed the max limit initiate the Out of Memory killer. The high value is the memory threshold that the kernel tries not to exceed. If QM processes reach the high limit, the kernel will proactively release memory.

Writable QM container in package mode

When you build with aib-dev build (package mode), the QM container runs as writable by default. When you build with aib build (bootc/image mode), the QM container remains read-only. The writable setting appears as ReadOnly=false in the [Container] section of the QM drop-in configuration file.

Prerequisites

Podman
automotive-image-builder
A custom manifest file with a QM partition, such as the manifest file that you created in Embedding containerized applications in the QM partition.

Procedure

In your manifest file, configure the memory_limit attributes max and high to 40% and 35%, respectively:
Example memory_limit configuration
```
qm:
  memory_limit:
    max: 40%
    high: 35%
```

Verification

Build a disk image:

Example aib-dev build command

$ aib-dev build \
    --target qemu \
    <my_manifest>.aib.yml \
    <my_image>.qcow2

Run the image:
Example Automotive Image Runner command
```
$ air --nographics <my_image>.qcow2
```
After the image starts, log in as root using the password password.
Use the systemctl show command to display the MemoryMax value generated by the max option you set in your manifest:
Verify QM partition MemoryMax
```
[root@localhost ~]# systemctl show qm | grep MemoryMax
```
Expected output:
```
MemoryMax=823468032
```
Use the systemctl show command to display the MemoryHigh value generated by the high option you set in your manifest:
Verify QM partition MemoryHigh
```
[root@localhost ~]# systemctl show qm | grep MemoryHigh
```
Expected output:
```
MemoryHigh=720535552
```

Review the contents of the drop-in file generated by your manifest using the cat command:

Show drop-in configuration file contents

[root@localhost ~]# cat /usr/share/containers/systemd/qm.container.d/10-automotive.conf

Expected output:

[Service]
MemoryMax=40%
MemoryHigh=35%
CPUWeight=idle

[Container]

Out of Memory (OOM) protection¶

Automotive Image Builder automatically enables Out of Memory (OOM) protection when the QM partition is active. OOM protection sets DefaultOOMScoreAdjust=-1000 in the systemd configuration, which prevents the OOM killer from terminating critical host processes.

To explicitly control OOM protection, set enable_oom_protection in the image section of your manifest as shown in the following example:

Enable OOM protection explicitly

image:
  enable_oom_protection: true

For more information about OOM behavior in the QM partition, see Memory allocation in the QM partition.

Separate QM data partition¶

By default, QM data resides in the main /var partition. For images that require stronger isolation between QM and host data, you can configure a dedicated /var/qm partition by adding a var_qm section under image.partitions in your manifest.

The var_qm partition supports the following options:

relative_size: Set the size of the partition as a fraction of the total image size. 0 is the default value, which disables the feature.
size: Set the absolute size of the partition in bytes with a suffix (for example, 500 MiB).
external: Set to true when /var/qm resides on a separate physical device.
uuid: Assign a specific UUID for the partition.

Example var_qm partition configuration

image:
  partitions:
    var:
      relative_size: 0.3
    var_qm:
      relative_size: 0.1

Note

When planning partition sizes, ensure the combined relative_size of var and var_qm fits within the total image size. Both partitions are sized independently as fractions of the total image. The var_qm partition is only created when the QM partition is enabled.

Additional resources