Docker's Cgroup Chapter

First, Cgroup Introduction:

CGroup is the abbreviation for Control Groups, which is a mechanism provided by the Linux kernel to restrict, record, and isolate the material resources (such as CPU memory I/O) used by process groups (processes Groups). 2007 entered the Linux 2.6.24 kernel, CGroups is not a new creation, it will process management from Cpuset, the author is Google's Paul menage. CGroups is also the resource management tool that LXC uses to implement virtualization.

CGroup Function and composition

CGroup is the Linux kernel feature that manages any process in a group. CGroup itself is the infrastructure that provides the functionality and interface for grouping processes, and specific resource management functions such as I/O or memory allocation control are implemented through this function. These specific resource management functions are called CGroup subsystems or controllers. The CGroup subsystem has memory controller, control process scheduling CPU controller and so on. The Cgroup subsystem that the running kernel can use is confirmed by the/proc/cgroup.

CGroup provides a CGroup virtual file system as a user interface for group management and for each subsystem setup. To use CGroup, you must mount the CGroup file system. The mount option specifies which subsystem to use.

Second, Cgroup subsystem introduction:

Blkio-This subsystem sets input/output limits for block devices, such as physical devices (disk, SSD, USB, and so on).

CPU-this subsystem uses the scheduler to provide Cgroup task access to the CPU.

CPUACCT-This subsystem automatically generates the CPU reports used by the tasks in the Cgroup.

Cpuset-this subsystem allocates independent CPUs (on multicore systems) and memory nodes for tasks in Cgroup.

Devices-this subsystem allows or denies tasks in the Cgroup to access the device.

Freezer-This subsystem hangs or resumes tasks in the Cgroup.

Memory--This subsystem sets the limits for the use of tasks in Cgroup and automatically generates a report of memory resources used by those tasks.

NET_CLS-this subsystem uses the level identifier (CLASSID) to mark network packets, allowing the Linux Traffic Control Program (TC) to identify the packets generated from the specific cgroup.

NS--namespace subsystem.

Third, the contents of the experiment:

1. Lab Environment:
   RHEL6.5 172.25.44.1 server1.example.com

   Iptables SELinux Disabled

Installation of 2.Cgroup:

[email protected] ~]# Yum install-y libcgroup.x86_64

[[email protected] ~]#/etc/init.d/cgconfig start
Starting cgconfig service: [OK]

3. Memory Limit:

[email protected] ~]# ls/cgroup/memory/# #查看memory可用到的限制
Cgroup.event_control memory.move_charge_at_immigrate
Cgroup.procs Memory.oom_control
Memory.failcnt memory.soft_limit_in_bytes
Memory.force_empty Memory.stat
Memory.limit_in_bytes memory.swappiness
Memory.max_usage_in_bytes memory.usage_in_bytes
Memory.memsw.failcnt Memory.use_hierarchy
Memory.memsw.limit_in_bytes Notify_on_release
Memory.memsw.max_usage_in_bytes release_agent
Memory.memsw.usage_in_bytes Tasks
[email protected] ~]# cat/cgroup/memory/memory.limit_in_bytes
9223372036854775807 # #内存限制字节数

[email protected] ~]# vim/etc/cgconfig.conf

Group X1 {
Memory {
memory.limit_in_bytes=209715200; # #200 *1024*1024=209715200# Limit 200M

        }
    }
     [[email protected] ~]#/etc/init.d/cgconfig restart
     stopping Cgconfig service:                                   [  ok ]
    starting cgconfig service:                                   [  ok ]

     [[email protected] ~]# DF
    filesystem                    1k-blocks    used Available use% mounted on
    /dev/mapper/volgroup-lv_root    6926264 1033680   5540740  16%/
    tmpfs                             510120       0    510120   0 %/DEV/SHM
    /dev/vda1                        495844   33473     436771   8%/boot

Test:
[email protected] ~]# cd/dev/shm/
[[email protected] shm]# dd If=/dev/zero of=bigfile bs=1m count=300
300+0 Records in
300+0 Records out
314572800 bytes (315 MB) copied, 0.216686 s, 1.5 GB/s

In swap, so we also have to limit swap

Supplemental configuration files:

     [[email protected] shm]# vim/etc/cgconfig.conf
     group x1 {
        memory {
                 memory.limit_in_bytes=209715200;
                memory.memsw.limit_in_bytes=209715200;
       }
    }

     [[email protected] shm]#/etc/init.d/cgconfig restart
     stopping Cgconfig service:                                   [  ok ]
    starting cgconfig service:                                   [  ok ]
     [[email protected] shm]# cgexec-g memory:x1 dd if=/dev/zero of=bigfile bs=1m count=300
    killed
    

     Download Script Memapp1 memapp2 Two of 4096 pages of memory (1 pages of memory = 4 bytes) plus    line permissions, now make Mem App1 can be executed, MEMAPP2 can not
     [[email protected] ~]# chmod +x memapp*
     [[email protected] ~]#./memapp1
    -bash:./MEMAPP1:/lib /ld-linux.so.2:bad ELF interpreter:no Such file or directory
     [[email  Protected] ~]# yum install-y ld-linux.so.2

[email protected] ~]#./MEMAPP1

Process ID is:1217

Grabbing 4096 pages of memory

success!

Press any key to exit

[email protected] ~]#./MEMAPP2

Process ID is:1218

Grabbing 8192 pages of memory

success!

Press any key to exit

[email protected] ~]# vim/etc/cgconfig.conf

Group X1 {
Memory {
memory.limit_in_bytes=16777216; # #4096 *4*1024=16777216 memory.memsw.limit_in_bytes=1677721 6;
}
}

[email protected] ~]# vim/etc/cgrules.conf

*:MEMAPP1 Memory x1/
*:MEMAPP2 Memory x1/# #限制任何人在执行这两个脚本时, all follow the restrictions in X1

[email protected] ~]#/etc/init.d/cgconfig restart
Stopping cgconfig service: [OK]
Starting cgconfig service: [OK]
[email protected] ~]#/etc/init.d/cgred restart
Stopping CGroup Rules Engine Daemon ... [OK]
Starting CGroup Rules Engine Daemon: [OK]

Test:
[email protected] ~]#./MEMAPP1

Process ID is:1271

Grabbing 4096 pages of memory

success!

Press any key to exit

[email protected] ~]#./MEMAPP2

Process ID is:1272

Grabbing 8192 pages of memory
Killed
5.CPU limit:

The priority interval is 19 ~-20, and 19 is the lowest priority.

To modify a configuration file:

[email protected] ~]# vim/etc/cgconfig.conf

Group X2 {
CPU {
cpu.shares=100; # #优先级设为100, less than the default
}
}

[Email protected] ~]#/etc/init.d/cgconfig restart
stopping cgconfig service: [OK]
Starting cgconfig service: [OK]

Test:

If it is 2 CPUs, turn off a

[[email protected] ~]# cd/sys/devices/system/cpu/cpu1 (note: Cpu0 can not be turned off, there is no online choice)

[[email protected] cpu1]# cat online # #状态为1 that the CPU is working
1
[[email protected] cpu1]# echo 0 > online # #状态为0, which means turning off the CPU

[[email protected] cpu1]# dd If=/dev/zero of=/dev/null &
[1] 1286
[[email protected] cpu1]# dd If=/dev/zero of=/dev/null &
[2] 1287
[email protected] cpu1]# Top # #可以看到两个进程在均衡占用cpu
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/87/50/wKioL1fc4OHT5WdAAACL98-acDc530.png "title=" Screenshot from 2016-09-17 22-11-38.png "alt=" Wkiol1fc4oht5wdaaacl98-acdc530.png "/>

[email protected] cpu1]# cgexec-g cpu:x2 dd if=/dev/zero of=/dev/null &
[1] 1291
[email protected] cpu1]# Top # #只有一个资源在占用cpu

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/87/52/wKiom1fc4VqzUjEWAACEikYh-Eg798.png "title=" Screenshot from 2016-09-17 22-13-21.png "alt=" Wkiom1fc4vqzujewaaceikyh-eg798.png "/>

[[email protected] cpu1]# dd If=/dev/zero of=/dev/null &
[2] 1293
[[email protected] cpu1]# Top # #可以看到分配的cpu资源不同 Because the priority is different

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/87/50/wKioL1fc4X2wXegdAACDczJ3qBI447.png "title=" Screenshot from 2016-09-17 22-14-04.png "alt=" Wkiol1fc4x2wxegdaacdczj3qbi447.png "/>

6.i/o Restrictions:

To view the types of devices that are restricted:

[email protected] cpu1]# Ll/dev/vda
BRW-RW----1 root disk 252, 0 Sep 21:06/dev/vda

[email protected] cpu1]# ll/dev/sda1
BRW-RW----1 root disk 8, 1 Sep 20:42/dev/sda1

To modify a configuration file:

[email protected] ~]# vim/etc/cgconfig.conf

Group X3 {
Blkio {
Blkio.throttle.read_bps_device= "252:0 1024000";
}
}

[email protected] cpu1]#/etc/init.d/cgconfig restart

Test:

[email protected] cpu1]# cgexec-g blkio:x3 dd If=/dev/vda of=/dev/null

^c27401+0 Records in
27400+0 Records out
14028800 bytes (MB) copied, 13.9036 S, 1.0 MB/s

Speed limit of 1M

7. Limit Freezer:

To modify a configuration file:

[email protected] cpu1]# vim/etc/cgconfig.conf

Group X4 {
Freezer {
}
}

[email protected] cpu1]#/etc/init.d/cgconfig restart

To freeze a task:

[Email protected] cpu1]# cd/cgroup/freezer/x4

[Email protected] x4]# echo 7952 > Tasks

Cat Freezer.state

--thawed C Active state

FROZEN Frozen State

echo FROZEN > Freezer.state

Will find 7592 tasks are frozen, but the task is still in progress, like the CPU and so on

This article is from the "People in Need" blog, please be sure to keep this source http://zzkkk.blog.51cto.com/11721816/1853367

Docker's Cgroup Chapter