Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
4.3. Per-group Division of CPU and Memory Resources
When a large amount of users use a single system, it is practical to provide certain users with more resources than others. Consider the following example: in a hypothetical company, there are three departments — finance, sales, and engineering. Because engineers use the system and its resources for more tasks than the other departments, it is logical that they have more resources available in case all departments are running CPU and memory intensive tasks.
Cgroups provide a way to limit the resources per each system group of users. For this example, assume that the following users have been created on the system:
These users have been assigned to the following system groups:
grep -e "50[678]" /etc/group
~]$ grep -e "50[678]" /etc/group
finance:x:506:jenn,john
sales:x:507:mark,martin
engineering:x:508:peter,mike
For this example to work properly, you must have the libcgroup package installed. Using the
/etc/cgconfig.conf and /etc/cgrules.conf files, you can create a hierarchy and a set of rules which determine the amount of resources for each user. To achieve this, follow the steps in Procedure 4.3, “Per-group CPU and memory resource management”.
Procedure 4.3. Per-group CPU and memory resource management
- In the
/etc/cgconfig.conffile, configure the following subsystems to be mounted and cgroups to be created:Copy to Clipboard Copied! Toggle word wrap Toggle overflow When loaded, the above configuration file mounts thecpu,cpuacct, andmemorysubsystems to a singlecpu_and_memcgroup. For more information on these subsystems, refer to Chapter 3, Subsystems and Tunable Parameters. Next, it creates a hierarchy incpu_and_memwhich contains three cgroups: sales, finance, and engineering. In each of these cgroups, custom parameters are set for each subsystem:cpu— thecpu.sharesparameter determines the share of CPU resources available to each process in all cgroups. Setting the parameter to250,250, and500in the finance, sales, and engineering cgroups respectively means that processes started in these groups will split the resources with a 1:1:2 ratio. Note that when a single process is running, it consumes as much CPU as necessary no matter which cgroup it is placed in. The CPU limitation only comes into effect when two or more processes compete for CPU resources.cpuacct— thecpuacct.usage="0"parameter is used to reset values stored in thecpuacct.usageandcpuacct.usage_percpufiles. These files report total CPU time (in nanoseconds) consumed by all processes in a cgroup.memory— thememory.limit_in_bytesparameter represents the amount of memory that is made available to all processes within a certain cgroup. In our example, processes started in the finance cgroup have 2 GB of memory available, processes in the sales group have 4 GB of memory available, and processes in the engineering group have 8 GB of memory available. Thememory.memsw.limit_in_bytesparameter specifies the total amount of memory and swap space processes may use. Should a process in the finance cgroup hit the 2 GB memory limit, it is allowed to use another 1 GB of swap space, thus totaling the configured 3 GB.
- To define the rules which the
cgrulesengddaemon uses to move processes to specific cgroups, configure the/etc/cgrules.confin the following way:#<user/group> <controller(s)> <cgroup> @finance cpu,cpuacct,memory finance @sales cpu,cpuacct,memory sales @engineering cpu,cpuacct,memory engineering
#<user/group> <controller(s)> <cgroup> @finance cpu,cpuacct,memory finance @sales cpu,cpuacct,memory sales @engineering cpu,cpuacct,memory engineeringCopy to Clipboard Copied! Toggle word wrap Toggle overflow The above configuration creates rules that assign a specific system group (for example,@finance) the resource controllers it may use (for example,cpu,cpuacct,memory) and a cgroup (for example,finance) which contains all processes originating from that system group.In our example, when thecgrulesengddaemon, started via theservice cgred startcommand, detects a process that is started by a user that belongs to the finance system group (for example,jenn), that process is automatically moved to the/cgroup/cpu_and_mem/finance/tasksfile and is subjected to the resource limitations set in the finance cgroup. - Start the
cgconfigservice to create the hierarchy of cgroups and set the needed parameters in all created cgroups:service cgconfig start
~]# service cgconfig start Starting cgconfig service: [ OK ]Copy to Clipboard Copied! Toggle word wrap Toggle overflow Start thecgredservice to let thecgrulesengddaemon detect any processes started in system groups configured in the/etc/cgrules.conffile:service cgred start
~]# service cgred start Starting CGroup Rules Engine Daemon: [ OK ]Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note thatcgredis the name of the service that starts thecgrulesengddaemon. - To make all of the changes above persistent across reboots, configure the
cgconfigandcgredservices to be started by default:chkconfig cgconfig on chkconfig cgred on
~]# chkconfig cgconfig on ~]# chkconfig cgred onCopy to Clipboard Copied! Toggle word wrap Toggle overflow
To test whether this setup works, execute a CPU or memory intensive process and observe the results, for example, using the top utility. To test the CPU resource management, execute the following
dd command under each user:
dd if=/dev/zero of=/dev/null bs=1024k
~]$ dd if=/dev/zero of=/dev/null bs=1024k
The above command reads the
/dev/zero and outputs it to the /dev/null in chunks of 1024 KB. When the top utility is launched, you can see results similar to these:
All processes have been correctly assigned to their cgroups and are only allowed to consume CPU resource made available to them. If all but two processes, which belong to the finance and engineering cgroups, are stopped, the remaining resources are evenly split between both processes:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 8202 mike 20 0 103m 1676 556 R 66.4 0.2 0:06.35 dd 8200 john 20 0 103m 1672 556 R 33.2 0.2 0:05.08 dd ⋮
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
8202 mike 20 0 103m 1676 556 R 66.4 0.2 0:06.35 dd
8200 john 20 0 103m 1672 556 R 33.2 0.2 0:05.08 dd
⋮
Alternative method
Because the
cgrulesengd daemon moves a process to a cgroup only after the appropriate conditions set by the rules in /etc/cgrules.conf have been fulfilled, that process may be running for a few milliseconds in an incorrect cgroup. An alternative way to move processes to their specified cgroups is to use the pam_cgroup.so PAM module. This module moves processes to available cgroups according to rules defined in the /etc/cgrules.conf file. Follow the steps in Procedure 4.4, “Using a PAM module to move processes to cgroups” to configure the pam_cgroup.so PAM module. Note that the libcgroup-pam package that provides this module is available form the Optional subscription channel. Before subscribing to this channel please see the Scope of Coverage Details. If you decide to install packages from the channel, follow the steps documented in the article called How to access Optional and Supplementary channels, and -devel packages using Red Hat Subscription Manager (RHSM)? on Red Hat Customer Portal.
Procedure 4.4. Using a PAM module to move processes to cgroups
- Install the libcgroup-pam package from the optional Red Hat Enterprise Linux Yum repository:
yum install libcgroup-pam --enablerepo=rhel-6-server-optional-rpms
~]# yum install libcgroup-pam --enablerepo=rhel-6-server-optional-rpmsCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Ensure that the PAM module has been installed and exists:
ls /lib64/security/pam_cgroup.so
~]# ls /lib64/security/pam_cgroup.so /lib64/security/pam_cgroup.soCopy to Clipboard Copied! Toggle word wrap Toggle overflow Note that on 32-bit systems, the module is placed in the/lib/securitydirectory. - Add the following line to the
/etc/pam.d/sufile to use thepam_cgroup.somodule each time thesucommand is executed:session optional pam_cgroup.so
session optional pam_cgroup.soCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Configure the
/etc/cgconfig.confand/etc/cgrules.conffiles as in Procedure 4.3, “Per-group CPU and memory resource management”. - Log out all users that are affected by the cgroup settings in the
/etc/cgrules.conffile to apply the above configuration.
When using the
pam_cgroup.so PAM module, you may disable the cgred service.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}