How I read the cgroups manual.
1. How I read the cgroups manual.
1.1. Literature
Total 160 pages.
1.1.1. man 8 cgroups
1.1.2. https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html
Not the last version, but I already lost the filename. From some kernel file October 2015, Tejun Heo
1.2. Which packages are responsible for cgroups in Slackware?
1.2.1. sysvinit-scripts-2.1-noarch-26:28:etc/rc.d/rc.S
Mounts the v1 filesystem and starts the services.
1.2.2. cgmanager-0.42-x86_64-1
Is used mostly for proxying control groups to containers.
1.2.3. libcgroup-0.41-x86_64-5
Has an actual daemon to manage control groups.
1.4. Which binaries we can use
1.4.2. libcgroup: usr/bin/cgcreate
1.4.3. libcgroup: usr/bin/cgdelete
1.4.4. libcgroup: usr/bin/cgexec
1.4.5. libcgroup: usr/bin/cgget
1.4.6. libcgroup: usr/bin/cgset
1.4.8. libcgroup: usr/bin/lscgroup
1.4.9. libcgroup: usr/bin/lssubsys
1.4.10. libcgroup: usr/sbin/cgclear
1.4.12. libcgroup: usr/sbin/cgrulesengd
1.4.13. cgmanager: usr/bin/cgm
1.4.14. cgmanager: usr/sbin/cgmanager
1.4.15. cgmanager: usr/sbin/cgproxy
1.5. Basic logic for the resource usage restriction
- I want nasty guys to never occupy more than 75% of the cpu.
echo 10000 > /sys/fs/cgroup/cpu/firefox/cpu.cfs_period_us echo 30000 > /sys/fs/cgroup/cpu/firefox/cpu.cfs_quota
- Should I even want to launch every firefox window as a separate group?
Because when Firefox eats all the CPU, it seems to be doing so with all processes.
- Should I even want to launch every firefox window as a separate group?
- I want to make nasty guys never have more than memsize/2 of memory.
/sys/fs/cgroup/memory/firefox/memory.limit_in_bytes
- I want GUI subsystem apps to never swap and always have at least 10% cpu and at least 1Gb of RAM.
The GUI subsystem apps are: Xorg xfdesktop xfwm4 xfce4-* Thunar* /usr/lib64/xfce4* /usr/libexec/* xscreensaver scim
cpu is set by: echo 128 > /sys/fs/cgroup/cpu/gui/cpu.shares
No swap option is set by: echo 0 > /sys/fs/cgroup/gui/memory.swappiness
Using controllers v1, it seems that it’s not possible to set the ’guaranteed’ amount of RAM.
- I want mission-critical apps to have at least 1Gb of memory and have at least 25% cpu
Mission-critical apps are: /sbin/* /usr/sbin/* /usr/local/sbin/* Anything that UID1 runs. $(cat /etc/shells) SCREEN /usr/bin/dbus-daemon /bin/su /bin/sulogin
cpu is set by: echo 256 > /sys/fs/cgroup/cpu/system/cpu.shares
memory: I don’t know how to give a minimal memory guarantee to an app using v1 controllers.
- I want to always have at least $MEMSIZE of swap free (for hibernation)
- I need to add ’swapaccount=1’ to boot/efi…
- I need to set the memory limit in the root group:
sys/fs/cgroup/memory/memory.memsw.limit_in_bytes Needs to have the value of swap size. command: free -b | awk ’/Swap {print $3}’
I need to add it to cgrules.conf, right?
- I need to add ’swapaccount=1’ to boot/efi…
- I want any process to never occupy more than 90% of the cpu time
CONFIG_CFS_BANDWIDTH, cpu controller Seems weird, as if I have to make a group for every process out there.
echo 100000 > /sys/fs/cgroup/cpu/cpu.cfs_period_us echo 360000 > /sys/fs/cgroup/cpu/cpu.cfs_quota
- I want to use the Lennart’s “bash grouping trick”
- /sbin/lwf_rc.auto_cpu_cgroup_remover
#!/bin/sh
cgdelete -g cpu:“$*” fi #if [ “$*” != “/user” ]; then
#fi
- /etc/rc.d/rc.lwf_lennarts_bash_trick
#!/bin/sh . /etc/rc.d/init.d/functions
start() { echo -n $“Setting the cpu cgroup release agent: ” echo “/sbin/rc.auto_cpu_cgroup_remover” > /sys/fs/cgroup/cpu/release_agent
for username in $(awk -F: ’$3 >= 1000 && $1 != “nobody” {print $1}’ /etc/passwd); do
cgcreate -g cpu:/$username/private -t $username:users -a $username:users –dperm=755 –tperm=755 –fperm=755 done echo I also need to add a dynamic rule to the cgred service… TODO chmod +x /etc/profile.d/00lwf_bash_group.sh chmod +x /etc/profile.d/00lwf_bash_group.csh return $? } stop() { echo -n $“Clearing the cpu cgroup release agent: ” echo “” > /sys/fs/cgroup/cpu/release_agent chmod -x /etc/profile.d/00lwf_bash_group.sh chmod -x /etc/profile.d/00lwf_bash_group.csh echo -n $“Clearing user groups.” for dirname in $(find . -type d -not -path ’.’ -not -path ’..’ -printf “%f ”); do cgdelete -r -g cpu:/users/private done return $? } status() { echo $“Release agent: ” cat -t /sys/fs/cgroup/cpu/release_agent echo $“Profile status:” file=/etc/profile.d/00lwf_bash_group.sh for file in {“/etc/profile.d/00lwf_bash_group.sh”,“/etc/profile.d/00lwf_bash_group.sh”} ; do if ( -x “$file” ) then echo “File ‘$file’ is executable” else echo “File ‘$file’ is not executable or found” endif done return $? } case "\(1" in start) start RETVAL=\)? ;; stop) stop RETVAL=\(? ;; status) status RETVAL=\)? ;; restart) stop start RETVAL=$? ;;
*) echo $“Usage: $0 {start|stop|status}” RETVAL=2 ;; esac
exit $RETVAL
- Add rc.lwf_set_auto_cpu_cgroup_remover to /etc/rc.d/rc3.d and rc4.d
Add these lines to the doinst.sh ln -s /etc/rc.d/rc.lwf_lennarts_bash_trick /etc/rc.d/rc3.d/S00cpu_cgroup_remover ln -s /etc/rc.d/rc.lwf_lennarts_bash_trick /etc/rc.d/rc4.d/S00cpu_cgroup_remover
- /etc/profile.d/00lwf_bash_group.sh
if [ “$PS1” ] ; then #mkdir -m 0700 /sys/fs/cgroup/cpu/user/\[ agroupname=/users/$(whoami)/private/\] cgcreate -g $agroupname echo $$ > $agroupname/tasks fi
- /etc/profile.d/00lwf_bash_group.csh
/bin/echo “I have no idea how to implement this in C-shell.”
- /sbin/lwf_rc.auto_cpu_cgroup_remover
- I want some more latency tricks.
I’m not sure about the next line: Is one millisecond a lot or not? echo 1000000 > /proc/sys/kernel/sched_min_granularity_ns
1.6. Limitations
1.7. Questions to the community
1.7.2. A question on the libcgroups mailing list
TODO: awaits moderation
1.8. I do use the dlack’s PAM packages
So I can just as well cofigure PAM to juggle groups But I will defer this till version 2.