Cgroup Control of Linux

Cgroup:control group-control Group: Add Users (processes) to a group (also known as controller controllers) by

Specifies the use of a group for resource-CPU memory network, etc., to restrict users ' use of computer resources

Similar to "Resource quotas" in Windows??

Similar to "RBAC" in many software, role-based access control??

Cgroup is simpler, more centralized, easier to manage than Pam authentication, and conforms to the Unix kiss principle

----------------------draw on the idea of the foreigner's Design (System)

The entire function is implemented by the LIBCGROUP.XX.RPM package

[Thu Oct 09:09 ~/desktop]# rpm-qa|grep "Cgroup"
libcgroup-0.37-4.el6.i686

First design the controller type: Set up a/etc/cgconfig.conf file, including CPU Cpuset CPUACCT memory devices Blkio Freezer Net_cls

It's not the whole controller that comes up, everything goes inside, but "layered" design ideas.

Then design the controller (i.e. the group =controller to be used for control): Specify the type of controller, control rule: This is also defined in the/etc/cgconfig.conf file.

After defining the controller to be used, the controller is written in the corresponding directory:/CGROUP/MEMORY-CPU-NETCLS, which means "pseudo file system"

With the controller group, it is necessary to tell Cgroup which users want to restrict the use of resources, it is necessary to add the user (or process) to the group:

It has designed a configuration file:/etc/cgrules.conf

Well, with the setup of these two steps, you can use Cgroup, and the Cgroup resource limit will work:

Start the Cgroup service, and then you can view the following: Cgget, direct Ls/cgroup file ...

The following is from the network * * *

group Exgroup {//new groups, controller type is memory
//mounted on/cgroup/memory/exgroup/*
Memory {
memory.limit_in_bytes = 209715200; Limit the amount of memory Used (200MB)
    }
}
Group daemons/http {//new groups, controller type is CPU
//mounted on/cgroup/cpu/daemons/http/*
CPU {
Cpu.share = "512"; CPU priority, default to 1024x768
    }
}

Ii. Configuring resource restriction Rules1. For system services, daemon mode is recommended--/etc/sysconfig/xxxx[email protected] ~]# vim/etc/sysconfig/httpd
... ...
cgroup_daemon= "Cpu:daemons/http"//Specify the controller type (CPU), resource Group (daemons/http) to be used by the HTTPD service via Cgroup_daemon
//can refer to document:/usr/share/doc/libcgrou-0.37/readme. RedHat 2. For user processes, you need to edit the policy file--/etc/cgrules.conf[email protected] ~]# vim/etc/cgrules.conf
... ...
<user>:<process name> <controllers> <destination>
Harry Memory exgroup/
*:httpd CPU Daemons/http the//第1-3 column indicates: User and process, controller type, resource group
//The user name and process name are separated by colons, allowing wildcards to be used
//If multiple controllers are used, separated by commas
//resource groups only need to write relative (to the pseudo file system root) path Third, start cgroup related services
The system service Cgconfig reads the cgconfig.conf configuration file and mounts the pseudo-file system accordingly, and the system service cgred invokes the file cgrules.conf and applies the rules set therein to control resource usage. [[Email protected] ~]# service cgconfig start; Chkconfig Cgconfig on
[[Email protected] ~]# service cgred start; Chkconfig cgred on

End: From Network * * * *

Cgred:cg-re-d: Cgroup ruels engine Daemon:cgroup's rule engines Daamon,

Cgroup Control of Linux