I. INTRODUCTION
Cgroups is the abbreviation for control groups, which is a mechanism provided by the Linux kernel to restrict, record, and isolate the physical resources (such as Cpu,memory,io, and so on) used by the process groups (processes groups). Originally presented by Google's engineers, it was later integrated into the Linux kernel. Cgroups is also lxc for the realization of the use of the resource management tools, can say no cgroups there is no lxc.
Cgroups's initial goal was to provide a unified framework for resource management that integrates existing subsystems such as Cpuset and provides interfaces for future development of new subsystems. Cgroups is now available for a variety of applications, from resource control of a single process to virtualization at the operating system level (OS levels virtualization). Cgroups provides the following features:
1. Limit the number of resources that the process group can use (Resource limiting). For example: The memory subsystem can set a memory usage limit for the process group, and once the process group uses a limit of RAM to request memory, the Oom (out of memory) is triggered.
2. Priority control of the process group (prioritization). For example, you can use the CPU subsystem to assign a specific CPU share to a process group.
3. Record the number of resources used by the process group (Accounting). For example, you can use the CPUACCT subsystem to record the CPU time used by a process group
4. Process group Isolation (isolation). For example, using the NS subsystem allows different process groups to use different namespace for isolation purposes, and different process groups have their own process, network, and file system mount space.
5. Process Group control. For example, you can suspend and resume a process group using the freezer subsystem.
Two. Cgconfig Installation start
650) this.width=650; "src=" Https://s2.51cto.com/oss/201710/28/ec80bdfdc37e35d96677a5463dfd5031.png "title=" Screenshot from 2017-10-27 16-07-26.png "alt=" Ec80bdfdc37e35d96677a5463dfd5031.png "/>
Three. Memory limit
650) this.width=650; "src=" Https://s5.51cto.com/oss/201710/28/410fc3e7e5efaa981addaebbfdf07acd.png "style=" float: none; "Title=" screenshot from 2017-10-27 16-21-16.png "alt=" 410fc3e7e5efaa981addaebbfdf07acd.png "/>
1. Add group x1 with memory limit of 256M
650) this.width=650; "src=" Https://s5.51cto.com/oss/201710/28/63877e831428f73ba4ded8a493816f9a.png "style=" float: none; "Title=" screenshot from 2017-10-27 16-30-07.png "alt=" 63877e831428f73ba4ded8a493816f9a.png "/>
650) this.width=650; "src=" Https://s1.51cto.com/oss/201710/28/2a72af5f41adb8e63f9b0781699a76a7.png "style=" float: none; "Title=" screenshot from 2017-10-27 16-30-28.png "alt=" 2a72af5f41adb8e63f9b0781699a76a7.png "/>
2. Testing Memory Limit
Note: Must be written in/DEV/SHM memory space
Under normal circumstances there is no limit, you can write directly, cached value is 441
650) this.width=650; "src=" Https://s3.51cto.com/oss/201710/28/deb76079bd97533d4178d040ee08a0ea.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-21-02.png "alt=" Deb76079bd97533d4178d040ee08a0ea.png "/>
Use group:x1 policy to write only to 395, remaining writes to the swap partition 45M
650) this.width=650; "src=" Https://s1.51cto.com/oss/201710/28/93b7d4aecb1755a7b2268bb66195961b.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-20-25.png "alt=" 93b7d4aecb1755a7b2268bb66195961b.png "/>
Add Swap partition Memory limit
650) this.width=650; "src=" Https://s1.51cto.com/oss/201710/28/62406d5ac704d3ab019f043cd032f457.png "style=" float: none; "Title=" screenshot from 2017-10-27 16-47-03.png "alt=" 62406d5ac704d3ab019f043cd032f457.png "/>
650) this.width=650; "src=" Https://s1.51cto.com/oss/201710/28/444525ac5fdf367a04e5781aa58a8bec.png "style=" float: none; "Title=" screenshot from 2017-10-27 16-47-34.png "alt=" 444525ac5fdf367a04e5781aa58a8bec.png "/>
Write 300M memory directly forbidden, swap partition also cannot write
650) this.width=650; "src=" Https://s4.51cto.com/oss/201710/28/26840f60b48e50ff7cd9d0373a32783d.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-14-00.png "alt=" 26840f60b48e50ff7cd9d0373a32783d.png "/>
Four. CPU Priority limit
1. Add GROUP:X2,CPU priority to 100
650) this.width=650; "src=" Https://s3.51cto.com/oss/201710/28/9b28c2a5b983c4818d09861f18290764.png "style=" float: none; "Title=" screenshot from 2017-10-27 16-57-28.png "alt=" 9b28c2a5b983c4818d09861f18290764.png "/>
2. Test: First normal test, second use of GROUP:X2 strategy test
650) this.width=650; "src=" Https://s3.51cto.com/oss/201710/28/85aa8085c41fec07cca8ef4bc6698e18.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-08-36.png "alt=" 85aa8085c41fec07cca8ef4bc6698e18.png "/>
You can see that process 1305 with a priority of 100 executes after
Five. IO Interface Limitations
1. Add the Group:x3,io interface 252 device limit read 100M
650) this.width=650; "src=" Https://s1.51cto.com/oss/201710/28/f1d6aba86afcc927a440a6d3e62ac7b5.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-29-15.png "alt=" F1d6aba86afcc927a440a6d3e62ac7b5.png "/>
650) this.width=650; "src=" Https://s1.51cto.com/oss/201710/28/7bd53465c61e56b208a77edd6239cf01.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-29-39.png "alt=" 7bd53465c61e56b208a77edd6239cf01.png "/>
2. Install the Iotop detection module before testing
650) this.width=650; "src=" Https://s4.51cto.com/oss/201710/28/280ec971b206a94cc2cd6fe91ff7d605.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-30-03.png "alt=" 280ec971b206a94cc2cd6fe91ff7d605.png "/>
The first normal reading, reading speed of about 187M
650) this.width=650; "src=" Https://s4.51cto.com/oss/201710/28/60a13ab8b82702207770dbe2bb21d26e.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-34-35.png "alt=" 60a13ab8b82702207770dbe2bb21d26e.png "/>
650) this.width=650; "src=" Https://s4.51cto.com/oss/201710/28/6237615a3d1a5bebe87102d3cd656cc6.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-34-38.png "alt=" 6237615a3d1a5bebe87102d3cd656cc6.png "/>
The second time using GROUP:V3 Strategy test, the speed of 1M or so
650) this.width=650; "src=" Https://s4.51cto.com/oss/201710/28/0c34dbc1afbce3c4f228ac7bf237d09a.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-36-49.png "alt=" 0c34dbc1afbce3c4f228ac7bf237d09a.png "/>
650) this.width=650; "src=" Https://s4.51cto.com/oss/201710/28/ccef1ee9807c5d33aab58761839186c8.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-37-03.png "alt=" Ccef1ee9807c5d33aab58761839186c8.png "/>
Six. Cgconfig restrictions for different users
Use memory here as an example
1. Configure the/etc/cgrules.conf rule file, cgconfig as you just configured
650) this.width=650; "src=" Https://s5.51cto.com/oss/201710/28/22cb2dae616cfa62478afd6f4d878b0d.png "style=" float: none; "Title=" screenshot from 2017-10-27 18-00-07.png "alt=" 22cb2dae616cfa62478afd6f4d878b0d.png "/>
cgrules.conf Rules file requires the user restriction type restriction policy to be completed and the restart service configured
650) this.width=650; "src=" Https://s4.51cto.com/oss/201710/28/22f7dd07301b582044265c6662b61d7f.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-52-02.png "alt=" 22f7dd07301b582044265c6662b61d7f.png "/>
650) this.width=650; "src=" Https://s5.51cto.com/oss/201710/28/d8624d78a1515b585822cd8978ebdd92.png "style=" float: none; "Title=" screenshot from 2017-10-27 17-59-39.png "alt=" D8624d78a1515b585822cd8978ebdd92.png "/>
2. Testing
Create user Westos, enter into/DEV/SHM memory write space
650) this.width=650; "src=" Https://s5.51cto.com/oss/201710/28/291bbeaf3c5a86c3b2f1854af7be7449.png "style=" float: none; "Title=" screenshot from 2017-10-27 18-00-15.png "alt=" 291bbeaf3c5a86c3b2f1854af7be7449.png "/>
Write 300M memory, Limited
650) this.width=650; "src=" Https://s5.51cto.com/oss/201710/28/95b043caf08e8fff4d1df1215e16aecd.png "style=" float: none; "Title=" screenshot from 2017-10-27 18-00-49.png "alt=" 95b043caf08e8fff4d1df1215e16aecd.png "/>
Introduction to Linux Enterprise-cgconfig and related limitations