The cgroups system is a framework of process group-based resource management provided by the Linux kernel that can qualify resources that can be used for specific process groups. The specific introduction can refer to Mr. Zhou Mingyao's CGroup , practical Examples and principles described . 1", the article described in detail the concept of cgroup, structure, principles, and give an example of the application, is a rare collection of high-grade entry documents, it is recommended to study, the contents of this also do not repeat.
This paper mainly answers some common questions about the cognition and application of Cgroup.
1. What is the relationship between namespace and hierarchy and cgroup, container = hierarchy?
To better understand their relationship, let's take a look at Mr. Cao Jianghua's Linux container setup and simple Management "2" in the introduction of the Cgroup subsystem, It mentions such a subsystem--ns:
The NS subsystem provides a way to group processes into different namespaces. In a specific namespace, processes can interact with each other, but are isolated from processes running in other namespaces. These separate namespaces are sometimes referred to as containers when used for operating system-level virtualization.
It can be seen that there is no direct relationship between the container and the hierarchy, and the container is separated from the process in the Cgroup system as a subsystem (resource manager) that divides the namespace into hierarchy.
It is worth mentioning that the article that referred to the NS subsystem was before 2013, because the Cgroup function in the Linux kernel in 2013 had made many changes and eliminated the NS subsystem directly. Referred to in the wiki:
Redesign of Cgroups started in, with additional changes brought by versions 3.15 and 3.16 of the Linux kernel .... The "NS" subsystem is added early in cgroups development to integrate namespaces and control groups. If the "ns" Cgroup is mounted, each namespace would also create a new group in the Cgroup hierarchy. This is an experiment, is later judged to is a poor fit for the Cgroups APIs, and removedfrom the kernel.
Why do you want to reject the NS subsystem? The author's understanding is this, the person who used the cgroup will know that the cgroup is the allocation of the system resources, and the container not only for the process to use the resources to do the isolation, but also to prohibit the communication between the different containers, which is beyond the scope of cgroup responsibility, so that its functions become more complex and chaotic. As a result, containers are no longer managed by Cgroup, but are being implemented by other technologies.
2. Does Cgroup have an ID? Can a single cgroup be duplicated in different hierarchy?
Cgroup does not have an ID, but there are pointers to hierarchy (struct) and pointers to Top-cgroup, as well as headers for the linked lists that organize sibling cgroup and child cgroup, so each cgroup is unique in the system.
Hierarchy is essentially a directory structure in a file system, Cgroup is in the form of directories in hierarchy, and Cgroup in different hierarchy are different directories. The directory contains a series of configuration files for the Cgroup and the hierarchy subsystem, as well as the sub-cgroup.
3. The relationship between hierarchy and subsystem
Hierarchy can have a plurality of different subsystem attachment, such as CPU, memory and attachment; A subsystem can only be attached to one hierarchy, but if the second hierarchy has no other subsystem, then it can be attached, If there are two hierarchy with only CPU attached. Detailed rules refer to the relationships in Red Hat Enterprise Linux 6 Resource Managementguide"3" Between subsystems, hierarchies, Control Groups and Tasks section.
Does 4.root-cgroup contain all the processes in hierarchy?
No, each cgroup process in the same hierarchy does not appear in the other cgroup.
Root-cgroup The default setting is that once a new process is present, the system is immediately root-cgroup included (the child process is not tested). A Cgroup managed process can be viewed in the tasks file under its directory, and the operation process joining Cgroup only needs to add the PID to the file.
* Note: Once a process is put into a cgroup, not moving it to another cgroup will not leave the cgroup, and as long as it joins the other Cgroup, the original Cgroup will automatically release the process.
5. Can the child cgroup inherit the parent cgroup resource configuration?
is automatically inherited because the resource configuration of the child cgroup cannot exceed the bounds of the parent cgroup. As mentioned in Ubuntu document:
In general, the kernel enforces the hierarchical constraints on limits, so, instance if devices Cgroup/child1 can Not access a disk drive, then/child1/child2 cannot give itself those rights.
In the case of the parent Cgroup, the resource configuration of the child cgroup can be identical to each other.
6. What happens if there are overlapping resources assigned to multiple Cgroup? For example, the allocation of a 50% of resources, B allocated 100% of resources, how will they compete?
This gives the author's experimental results for CPU resources: Assume that a needs to use 10% of the resources, B needs 80% of the resources, then when the limit a use 50% of the resources, B is able to use 80%, but a need to use 80% of the resources, then limit A to use 50%, Both A and B run with 50% of the resources.
As can be seen, Cgroup's function is to define resources rather than dividing them.
The functions of the Cgroup command and subsystem configuration file can be referred to as "4"for use Cgroup.
7. How can I quickly switch the allocation of resources after changing the status of a container?
Modify the configuration file for the container corresponding to the Cgroup.
8. Why does a user directory automatically be created in every cgroup? -Ubuntu 14.04
Refer to the explanations in help.ubuntu.com:
As of Ubuntu 14.04 (Linux Kernel 3.16), users is automatically placed in a set of cgroups which they own, safely allowing them to constrain their own jobs using the child cgroups. This feature are relied upon, for instance, for unprivileged container creation in LXC.
Resources
"1" CGroup introduction, application examples and principle description. Http://www.ibm.com/developerworks/cn/linux/1506_cgroup/index.html
"2" Linux container building and simple management. https://www.ibm.com/developerworks/cn/linux/1312_caojh_linuxlxc/
"3" Red Hat Enterprise Linux 6 Resource Management Guide. Https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Resource_Management_Guide/index.html
"4" How to use Cgroup. http://tiewei.github.io/devops/howto-use-cgroup/
"5" CGROUPS. Https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
"6" wiki/cgroups. Https://en.wikipedia.org/wiki/Cgroups
"7" All about the Linux Kernel:cgroup ' s redesign. Http://www.linux.com/news/featured-blogs/200-libby-clark/733595-all-about-the-linux-kernel-cgroups-redesign
"8" Ubuntu Document. Https://help.ubuntu.com/lts/serverguide/cgroups-delegation.html
Cgroup Study Notes