Cgroup study notes, cgroup

Cgroup study notes, cgroup

The cgroups system is a process group-based resource management framework provided by the Linux kernel. It can limit available resources for specific process groups. For details, refer to Mr. Zhou Mingyao'sCGroupIntroductionShao,YingUseRealExamples and principles 【1]This article describes the concept, structure, and principle of cgroup in detail, and provides application examples. It is a rare entry-level document. Therefore, it is recommended to learn it in step-by-step mode, the content is not repeated here.

This article mainly answers some common questions about cgroup cognition and application.

 

1. What is the relationship between namespace and hierarchy and cgroup? Container = level?

To better understand their relationship, let's take a look at Cao Jiang's Dr. Hua'sLinuxContainer creation and simple management 【2]This section describes the cgroup sub-system, which mentions a sub-system called ns:

The ns subsystem provides a way to group processes into different namespaces. In a specific namespace, processes can interact with each other, but are isolated from processes running in other namespaces. These separated namespaces are sometimes called containers when used for operating system-level virtualization.

It can be seen that there is no direct relationship between the container and the hierarchy. In the cgroup system, the container only serves as a sub-system (Resource Manager) to divide the namespace for the process in hierarchy and isolate it.

It is worth mentioning that the articles about the ns sub-system were published before 2013, because the cgroup function of the Linux kernel was modified a lot in 2013 and the ns sub-system was removed directly. Refer to the following mentioned in Wiki:

Redesign of cgroups started in 2013, with additional changes brought by versions 3.15 and 3.16 of the Linux kernel.……The "ns" subsystem was added early in cgroups development to integrate namespaces and control groups. If the "ns" cgroup was mounted, each namespace would also create a new group in the cgroup hierarchy. This was an experiment that was later judged to be a poor fit for the cgroups API, and removed from the kernel.

Why should we remove the ns subsystem? The author understands that cgroup is used to allocate system resources, while containers are not only isolated from the resources used by processes, the process communication between different containers is also prohibited, which is beyond the scope of cgroup's responsibility and makes its functions more complex and disordered. Therefore, containers are not managed by cgroup, but implemented by other technologies.

 

2. Does cgroup have an ID? Can a single cgroup be repeated in Different hierarchy records?

Cgroup does not have an ID, but there are hierarchy (struct) pointers and top-cgroup pointers. It also contains the table headers of linked lists that organize brothers cgroup and child cgroup respectively, therefore, each cgroup is unique in the system.

Hierarchy is essentially a directory structure in the file system. cgroup exists in hierarchy as a directory. cgroups in different hierarchy are different directories, the directory contains a series of configuration files for the cgroup and hierarchy sub-systems, as well as the sub-cgroup.

 

3. Relationship between hierarchy and subsystem

Hierarchy can be attached to multiple subsystems, such as cpu and memory. One subsystem can only be attached to one hierarchy. However, if the second hierarchy does not have other subsystems, it can be attached, if there are two hierarchy instances with only cpu dependencies. For detailed rules, referRed Hat Enterprise Linux 6 Resource Management Guide【3]InRelationships Between Subsystems, Hierarchies, Control Groups and Tasks.

 

4. Does the root-cgroup contain all processes in hierarchy?

No. The process of each cgroup in the same hierarchy does not appear in other cgroups.

The default value of root-cgroup is that once a new process appears, it is immediately included by root-cgroup (except for sub-processes, the child process is automatically in the same cgroup as the parent process when it is generated ). A cgroup-managed process can be viewed in the tasks file under its directory. To add an operating process to a cgroup, you only need to add the pid to the file.

* Note: Once a process is put into a cgroup, it will not be left if it is not moved to another cgroup. If it is added to another cgroup, the original cgroup will automatically release the process.

 

5. Can the child cgroup inherit the parent cgroup resource configuration?

It is automatically inherited because the resource configuration of the Child cgroup cannot exceed the limit of the parent cgroup. As mentioned in Ubuntu Document:

In general, the kernel enforces the hierarchical constraints on limits, so that for instance if devices cgroup /child1 cannot access a disk drive, then/child1/child2 cannot give itself those rights.

Under the limit of the parent cgroup, the resource configurations of the Child cgroup can be the same with each other.

 

6. What if the resources allocated to multiple cgroups overlap? For example, if A allocates 50% of resources to B and 100% of resources to B, how can they compete?

Here is the experiment result of the author on CPU resources: Assume that A needs 10% of resources and B needs 80% of resources, when A is limited to 50% of resources, B can use 80% of resources, but if A needs to use 80% of resources, then when A uses 50%, both A and B use 50% of resources.

It can be seen that the function of cgroup is to limit resources rather than divide resources.

For more information about how to operate cgroup commands and Subsystem Configuration files, seeHow to use cgroup [4].

 

7. How can I quickly switch resource allocation after changing the container status?

Modify the cgroup configuration file of the container.

 

8. Why is a user directory automatically created in each cgroup? -Ubuntu 14.04

Refer to the explanations in help.ubuntu.com:

As of Ubuntu 14.04 (Linux Kernel 3.16), users are automatically placed in a set of cgroups which they own, safely allowing them to constrain their own jobs using child cgroups. This feature is relied upon, for instance, for unprivileged container creation in lxc.

 

 

References

[1] CGroup introduction, application example and principle description. http://www.ibm.com/developerworks/cn/linux/1506_cgroup/index.html

[2] Linux container establishment and simple management-https://www.ibm.com/developerworks/cn/linux/1312_caojh_linuxlxc/

Red Hat Enterprise Linux 6 Resource Management Guide. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Resource_Management_Guide/index.html

[4] how to use cgroup. http://tiewei.github.io/devops/howto-use-cgroup/

(5) CGROUPS. https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt

Wiki/Cgroups. https://en.wikipedia.org/wiki/Cgroups

All About the Linux Kernel: Cgroup's Redesign. http://www.linux.com/news/featured-blogs/200-libby-clark/733595-all-about-the-linux-kernel-cgroups-redesign

Ubuntu Document. https://help.ubuntu.com/lts/serverguide/cgroups-delegation.html