基本介紹
CGroups 是一種對進程資源管理和控制的統一框架,它提供的是一種機制,而具體的策略(Policy)是通過子系統(subsystem)來完成的。子系統是CGroups對進程組進行資源控制的具體行為。
機制和策略是Linux操作系統中一種經典的設計思想,所謂機制就是“我要提供哪種功能”,而策略則是“我要怎樣來實現這種功能”。
RHEL提供了9個CGroups子系統。CGroups中每個子系統都代表一種類型的資源,詳見子系統。
在RHEL6中有Namespaces,在RHEL7中,通過lssubsys未列出。Namespaces 命名空間子系統。
在RHEL7中增了 perf_event, hugetlb 兩個子系統。
安裝
#yum install libcgroup-tools.x86_64 0:0.41-8.el7
專有名詞:
層級 - hierarchies:
配置文件
/etc/cgconfig.conf libcgroup的缺省配置文件 default libcgroup configuration file
/etc/cgconfig.d/ libcgroup的缺省配置目錄 default libcgroup configuration files directory
/etc/cgrules.conf
/etc/cgsnapshot_blacklist.conf
/etc/sysconfig/cgred
命令工具
/usr/bin/cgclassify
/usr/bin/cgcreate 創建CGroup群組
/usr/bin/cgdelete 刪除CGroup群組
/usr/bin/cgexec
/usr/bin/cgget
/usr/bin/cgset
/usr/bin/cgsnapshot
/usr/bin/lscgroup
/usr/bin/lssubsys
/usr/sbin/cgclear
/usr/sbin/cgconfigparser
/usr/sbin/cgrulesengd
服務
/usr/lib/systemd/system/cgconfig.service 提供創建層級的簡單方法,並在層級中附加子系統,且在那些層級中管理CGroups。根據配置文件/etc/cgconfig.conf 的內容,可創建層級、掛載所需文件系統、創建CGroups及為每個組群設定子系統參數。
/usr/lib/systemd/system/cgred.service
配置文件
1.1. /etc/cgconfig.conf
描述 DESCRIPTION
libcgroup配置文件,定義控制組(control groups)、他們的參數及掛載點。文件由mount、group、default三個sections組成。這些section可以構成層級,所有的都是可選的。以#開始的行都是注釋行。
為每個子系統創建並掛載獨立層級,並在這些層級中附加子系統。停止cgconfig服務,則會卸載它掛載的所有層級。文件包括兩個主要類型的條目:mount 和 group。掛載條目生成並掛載層級,將其作為虛擬文件系統,同時將子系統附加到那些層級中。掛載(mount)條目使用以下語法定義:
mount section:
1 mount { 2 <controller> = <path>; 3 ... 4 }
controller 內核子系統(kernel subsystem)的名字。內核支持的子系統列表在/proc/cgroups文件中;
| subsys_name | hierarchy | num_cgroups | enabled |
| cpuset | 10 | 1 | 1 |
| cpu | 4 | 1 | 1 |
| cpuacct | 4 | 1 | 1 |
| memory | 3 | 1 | 1 |
| devices | 2 | 1 | 1 |
| freezer | 5 | 1 | 1 |
| net_cls | 7 | 1 | 1 |
| blkio | 8 | 1 | 1 |
| perf_event | 6 | 1 | 1 |
| hugetlb | 9 | 1 | 1 |
命名的層次結構(named hierarchy)可以被作為contoller "name=<somename>", controller的名字需要用雙引號(double quotes). 詳見 Sample 2
libcgroup可以合並所有的子系統掛載到同一個目錄,,被掛載的目錄僅僅被掛載一次。詳見Sample 1
Path 被掛載的目錄,此目錄用於給定地控制器(controller)關聯組層次結構(group hierarchy)。此目錄在cgconfig服務啟動的時候如果不存在,將被cgconfig服務自動創建,cgconfig服務停止的時候,被刪除。
mount section 如果沒有,即沒有控制器(controller)被掛載。
group section:
1 group <name> { 2 [permissions] 3 <controller> { 4 <param name> = <param value>; 5 ... 6 } 7 ... 8 }
name: 控制組(control group)的名字,只能是字符,允許是路徑名。這些組形成一個樹,如,一個控制組中包含零個或多個子組(subgroups), 子組能用'/'做分隔符。
根控制組(root control group)在所有的層次結構中一直自動被創建,它是組層級結構(group hierarchy)的基礎。可以在cgconfig.conf文件中,顯示的以'.'作為根控制組的名字。這個 可以用作設置它的權限,詳見 Sample 6.
當一個子組沒有指定父組的時候,父組被自動創建。
permissions: 在被掛載的文件系統(mounted filesystem)中,給定控制組的權限。root對控制組可以作任何事情。權限的語法如下:
1 perm { 2 task { 3 uid = <task user>; 4 gid = <task group>; 5 fperm = <file permissions> 6 } 7 admin { 8 uid = <admin name>; 9 gid = <admin group>; 10 dperm = <directory permissions> 11 fperm = <file permissions> 12 } 13 }
task user/group 用戶和組的名字, 他們擁有控制組的任務文件(tasks file). 給定的fperm指定文件權限。需要注意的是,fperm設置的值不使用作為指定權限。相反,當前文件的所有者權限被用作"umask" 組用戶和其他用戶權限。例如,如果fperm=777, 那么group用戶和others用戶與文件所有者的權限相同。
task user/group Name of the user and the group, which own the tasks file of the control group. Given fperm then specify the file permissions. Please note that the given value is not used as was specified. Instead, current file owner permissions are used as a "umask" for group and others permissions. For example if fperm = 777 then both group and others will get the same permissions as the file owner.
admin user/group 用戶和用戶組的名字,他們擁有控制組的其余文件。給定的fperm和dperm控制文件和路徑的權限。同樣,fperm和dperm給定的值,用於masked當前文件/路徑所有者的權限。dperm為路徑,fperm為文件。
admin user/group Name of the user and the group which own the rest of control group's files. Given fperm and dperm control file and directory permissions. Again, the given value is masked by the file/directory owner permissions.
權限僅僅被應用到圈定的控制組,且不被子組繼承。在控制組定義中,如果沒有perm部分,root:root是所有文件的擁有者,同樣,如果fperm和dperm沒有設置,缺省文件的權限被保留。
Permissions are only apply to the enclosing control group and are not inherited by subgroups. If there is no perm section in the control group definition, root:root is the owner of all files and default file permissions are preserved if fperm resp. dperm are not specified.
controller 內核子系統(the kernel subsystem)的名字。這部分可以為空,在這個情況下缺省的內核參數將被用。通過指定控制器(controller),控制組和它所有的父級被特定的子系統。一個控制組能被多個子系統控制,即使子系統被掛載不同的目錄。一個控制組必須至少被一個子系統控制,因此libcgroup知道在哪個層級中創建控制組。
Name of the kernel subsystem. The section can be empty, default kernel parameters will be used in this case. By specifying controller the control group and all its parents are controlled by the specific subsystem. One control group can be controlled by multiple subsystems, even if the subsystems are mounted on different directories. Each control group must be controlled by at least one subsystem, so that libcgroup knows in which hierarchies the control group should be created.
給定的控制器的參數可以在后面的方括號部分被修改。
The parameters of the given controller can be modified in the following section enclosed in brackets.
param name 設置的文件名稱。每個控制器可以有零個或多個參數。
Name of the file to set. Each controller can have zero or more parameters.
param value 當控制被創建的時候,值被寫到文件中。如果有空格和其他特殊字符,此值應用雙引號引起來。
Value which should be written to the file when the control group is created. If it is enclosed in double quotes `"', it can contain spaces and other special characters.
如果沒有group部分設定,沒有group被創建。
If no group section is specified, no groups are created.
default section has this form:
1 default { 2 perm { 3 task { 4 uid = <task user>; 5 gid = <task group>; 6 fperm = <file permissions> 7 } 8 admin { 9 uid = <admin name>; 10 gid = <admin group>; 11 dperm = <directory permissions> 12 fperm = <file permissions> 13 } 14 } 15 }
perm部分的內容與group部分中的形式相同。這里定義的權限指定了所有者,組用戶和所有組用戶文件的權限,這個沒有明確在組部分制定他們的權限。即沒有在組部分設定權限,這里的設置才有效。
Content of the perm section has the same form as in group section. The permissions defined here specify owner and permissions of groups and files of all groups, which do not have explicitly specified their permissions in their group section.
template section 與組部分有相同的結構。模板名用相同的模板字符串作為cgrules.conf 定義的tag(參考 cgrules.conf). 模板定義被用作控制組定義規則在cgrules.conf用相同的定義名。模板不用default部分設置。即缺省部分的設置對模板部分沒有作用。
template section has the same structure as group section. Template name uses the same templates string as cgrules.conf destination tag (see (cgrules.conf (5)). Template definition is used as a control group definition for rules in cgrules.conf (5) with the same destination name. Templates does not use default section settings.
/etc/cgconfig.d/ 目錄被用來保存附加的配置文件。cgrulesengds 搜索這個目錄為附件的模板。
/etc/cgconfig.d/ directory can be used for additional configuration files. cgrulesengd searches this directory for additional templates.
命令: cgconfigparser
服務: cgconfig
關系,服務cgconfig啟動命令cgconfigparse,命令使用配置文件cgconfig.conf(缺省的配置文件)
Examples:
Example 1
The configuration file:
1 mount { 2 cpu = /mnt/cgroups/cpu; 3 cpuacct = /mnt/cgroups/cpu; 4 }
creates the hierarchy controlled by two subsystems with no groups inside. It corresponds to the following operations:
1 mkdir /mnt/cgroups/cpu 2 mount -t cgroup -o cpu,cpuacct cpu /mnt/cgroups/cpu
修改/etc/cgconfig.conf, 添加 mount {}后,重新啟動cgconfig(#service cgconfig restart)失敗,查看(#service cgconfig status)權限錯誤:
11月 16 19:45:09 localhost.localdomain cgconfigparser[3403]: Error: cannot mount cpu,cpuacct to /mnt/cgroups/cpu: Permission denied
Example 2
The configuration file:
1 mount { 2 cpu = /mnt/cgroups/cpu; 3 "name=scheduler" = /mnt/cgroups/cpu; 4 "name=noctrl" = /mnt/cgroups/noctrl; 5 } 6 7 group daemons { 8 cpu { 9 cpu.shares = "1000"; 10 } 11 } 12 group test { 13 "name=noctrl" { 14 } 15 }
創建兩個層次結構。一個層次結構命名為scheduler,控制cpu子系統,在組守護進行內部。另一個命名為noctrl層級結構,不帶任何控制器,帶有test組。相應的操作如下:
creates two hierarchies. One hierarchy named scheduler controlled by cpu subsystem, with group daemons inside. Second hierarchy is named noctrl without any controller, with group test. It corresponds to following operations:
#mkdir /mnt/cgroups/cpu #mount -t cgroup -o cpu,name=scheduler cpu /mnt/cgroups/cpu #mount -t cgroup -o none,name=noctrl none /mnt/cgroups/noctrl #mkdir /mnt/cgroups/cpu/daemons #echo 1000 > /mnt/cgroups/cpu/daemons/www/cpu.shares #mkdir /mnt/cgroups/noctrl/tests
守護進行組(daemons group)在它的第一個子組(subgroup)被創建的時候,自動被創建。它的所有參數有缺省值,僅僅root才能訪問組的文件。
由於cpuacct和cpu子系統都被掛載到相同目錄,所有組也被cpuacct隱式控制,即使在任何組中沒有cpuacct部分。
The daemons group is created automatically when its first subgroup is created. All its parameters have the default value and only root can access group's files.
Since both cpuacct and cpu subsystems are mounted to the same directory, all groups are implicitly controlled also by cpuacct subsystem, even if there is no cpuacct section in any of the groups.
Example 3
The configuration file:
1 mount { 2 cpu = /mnt/cgroups/cpu; 3 cpuacct = /mnt/cgroups/cpu; 4 } 5 6 group daemons/www { 7 perm { 8 task { 9 uid = root; 10 gid = webmaster; 11 fperm = 770; 12 } 13 admin { 14 uid = root; 15 gid = root; 16 dperm = 775; 17 fperm = 744; 18 } 19 } 20 cpu { 21 cpu.shares = "1000"; 22 } 23 } 24 25 group daemons/ftp { 26 perm { 27 task { 28 uid = root; 29 gid = ftpmaster; 30 fperm = 774; 31 } 32 admin { 33 uid = root; 34 gid = root; 35 dperm = 755; 36 fperm = 700; 37 } 38 } 39 cpu { 40 cpu.shares = "500"; 41 } 42 }
創建了由兩個子系統控制的層級,內帶一個組和兩個子組,設置了一個參數。相應如下操作(除了文件權限的小技巧模仿通過通過修改文件權限):
creates the hierarchy controlled by two subsystems with one group and two subgroups inside, setting one parameter. It corresponds to the following operations (except for file permissions which are little bit trickier to emulate via chmod):
1 mkdir /mnt/cgroups/cpu 2 mount -t cgroup -o cpu,cpuacct cpu /mnt/cgroups/cpu 3 4 mkdir /mnt/cgroups/cpu/daemons 5 6 mkdir /mnt/cgroups/cpu/daemons/www 7 chown root:root /mnt/cgroups/cpu/daemons/www/* 8 chown root:webmaster /mnt/cgroups/cpu/daemons/www/tasks 9 echo 1000 > /mnt/cgroups/cpu/daemons/www/cpu.shares 10 11 # + chmod the files so the result looks like: 12 # ls -la /mnt/cgroups/cpu/daemons/www/ 13 # admin.dperm = 755: 14 # drwxr-xr-x. 2 root webmaster 0 Jun 16 11:51 . 15 # 16 # admin.fperm = 744: 17 # --w-------. 1 root webmaster 0 Jun 16 11:51 cgroup.event_control 18 # -r--r--r--. 1 root webmaster 0 Jun 16 11:51 cgroup.procs 19 # -r--r--r--. 1 root webmaster 0 Jun 16 11:51 cpuacct.stat 20 # -rw-r--r--. 1 root webmaster 0 Jun 16 11:51 cpuacct.usage 21 # -r--r--r--. 1 root webmaster 0 Jun 16 11:51 cpuacct.usage_percpu 22 # -rw-r--r--. 1 root webmaster 0 Jun 16 11:51 cpu.rt_period_us 23 # -rw-r--r--. 1 root webmaster 0 Jun 16 11:51 cpu.rt_runtime_us 24 # -rw-r--r--. 1 root webmaster 0 Jun 16 11:51 cpu.shares 25 # -rw-r--r--. 1 root webmaster 0 Jun 16 11:51 notify_on_release 26 # 27 # tasks.fperm = 770 28 # -rw-rw----. 1 root webmaster 0 Jun 16 11:51 tasks 29 30 mkdir /mnt/cgroups/cpu/daemons/ftp 31 chown root:root /mnt/cgroups/cpu/daemons/ftp/* 32 chown root:ftpmaster /mnt/cgroups/cpu/daemons/ftp/tasks 33 echo 500 > /mnt/cgroups/cpu/daemons/ftp/cpu.shares 34 35 # + chmod the files so the result looks like: 36 # ls -la /mnt/cgroups/cpu/daemons/ftp/ 37 # admin.dperm = 755: 38 # drwxr-xr-x. 2 root ftpmaster 0 Jun 16 11:51 . 39 # 40 # admin.fperm = 700: 41 # --w-------. 1 root ftpmaster 0 Jun 16 11:51 cgroup.event_control 42 # -r--------. 1 root ftpmaster 0 Jun 16 11:51 cgroup.procs 43 # -r--------. 1 root ftpmaster 0 Jun 16 11:51 cpuacct.stat 44 # -rw-------. 1 root ftpmaster 0 Jun 16 11:51 cpuacct.usage 45 # -r--------. 1 root ftpmaster 0 Jun 16 11:51 cpuacct.usage_percpu 46 # -rw-------. 1 root ftpmaster 0 Jun 16 11:51 cpu.rt_period_us 47 # -rw-------. 1 root ftpmaster 0 Jun 16 11:51 cpu.rt_runtime_us 48 # -rw-------. 1 root ftpmaster 0 Jun 16 11:51 cpu.shares 49 # -rw-------. 1 root ftpmaster 0 Jun 16 11:51 notify_on_release 50 # 51 # tasks.fperm = 774: 52 # -rw-rw-r--. 1 root ftpmaster 0 Jun 16 11:51 tasks
守護進行組(daemons group)在它的第一個子組(subgroup)被創建的時候,自動被創建。它的所有參數有缺省值,僅僅root才能訪問組的文件。
由於cpuacct和cpu子系統都被掛載到相同目錄,所有組也被cpuacct隱式控制,即使在任何組中沒有cpuacct部分。
The daemons group is created automatically when its first subgroup is created. All its parameters have the default value and only root can access the group's files.
Since both cpuacct and cpu subsystems are mounted to the same directory, all groups are implicitly also controlled by the cpuacct subsystem, even if there is no cpuacct section in any of the groups.
Example 4
The configuration file:
1 mount { 2 cpu = /mnt/cgroups/cpu; 3 cpuacct = /mnt/cgroups/cpuacct; 4 } 5 6 group daemons { 7 cpuacct{ 8 } 9 cpu { 10 } 11 }
創建兩個層級,一個普通組包括兩個層級。對應如下操作:
creates two hierarchies and one common group in both of them. It corresponds to the following operations:
1 mkdir /mnt/cgroups/cpu 2 mkdir /mnt/cgroups/cpuacct 3 mount -t cgroup -o cpu cpu /mnt/cgroups/cpu 4 mount -t cgroup -o cpuacct cpuacct /mnt/cgroups/cpuacct 5 6 mkdir /mnt/cgroups/cpu/daemons 7 mkdir /mnt/cgroups/cpuacct/daemons
實際上創建了兩個組。一個組在 cpuacct 層級, 另一個組在 cpu 層級。這兩個組通常沒有任何東西,能夠包括不同的子組和不同的任務。
In fact there are two groups created. One in the cpuacct hierarchy, the second in the cpu hierarchy. These two groups have nothing in common and can contain different subgroups and different tasks.
Example 5
The configuration file:
1 mount { 2 cpu = /mnt/cgroups/cpu; 3 cpuacct = /mnt/cgroups/cpuacct; 4 } 5 6 group daemons { 7 cpuacct{ 8 } 9 } 10 11 group daemons/www { 12 cpu { 13 cpu.shares = "1000"; 14 } 15 } 16 17 group daemons/ftp { 18 cpu { 19 cpu.shares = "500"; 20 } 21 }
創建兩個層級,內部包括幾個組。每個組被創建在兩個層級中。對應的操作如下:
creates two hierarchies with few groups inside. One of the groups is created in both hierarchies. It corresponds to the following operations:
1 mkdir /mnt/cgroups/cpu 2 mkdir /mnt/cgroups/cpuacct 3 mount -t cgroup -o cpu cpu /mnt/cgroups/cpu 4 mount -t cgroup -o cpuacct cpuacct /mnt/cgroups/cpuacct 5 6 mkdir /mnt/cgroups/cpuacct/daemons 7 mkdir /mnt/cgroups/cpu/daemons 8 mkdir /mnt/cgroups/cpu/daemons/www 9 echo 1000 > /mnt/cgroups/cpu/daemons/www/cpu.shares 10 mkdir /mnt/cgroups/cpu/daemons/ftp 11 echo 500 > /mnt/cgroups/cpu/daemons/ftp/cpu.shares
組守護進程被創建在兩個層級。 在 cpuacct 層級,配置文件中顯示定義組。在 cpu 層級中,當 www 被創建時,組被隱式創建。這兩個組通常沒有任何東西,如他們沒有共享進程和子組。 組 www 和 ftp 被創建僅僅在 cpu 層級,不被 cpuacct 子系統控制。
Group daemons is created in both hierarchies. In the cpuacct hierarchy the group is explicitly mentioned in the configuration file. In the cpu hierarchy the group is created implicitly when www is created there. These two groups have nothing in common, for example they do not share processes and subgroups. Groups www and ftp are created only in the cpu hierarchy and are not controlled by the cpuacct subsystem.
Example 6
The configuration file:
1 mount { 2 cpu = /mnt/cgroups/cpu; 3 cpuacct = /mnt/cgroups/cpu; 4 } 5 6 group . { 7 perm { 8 task { 9 uid = root; 10 gid = operator; 11 } 12 admin { 13 uid = root; 14 gid = operator; 15 } 16 } 17 cpu { 18 } 19 } 20 21 group daemons { 22 perm { 23 task { 24 uid = root; 25 gid = daemonmaster; 26 } 27 admin { 28 uid = root; 29 gid = operator; 30 } 31 } 32 cpu { 33 } 34 }
創建了被兩個子系統控制、帶有一個組的層級,在組中明確了一下權限。相應的操作如下:
creates the hierarchy controlled by two subsystems with one group having some special permissions. It corresponds to the following operations:
1 mkdir /mnt/cgroups/cpu 2 mount -t cgroup -o cpu,cpuacct cpu /mnt/cgroups/cpu 3 4 chown root:operator /mnt/cgroups/cpu/* 5 chown root:operator /mnt/cgroups/cpu/tasks 6 7 mkdir /mnt/cgroups/cpu/daemons 8 chown root:operator /mnt/cgroups/cpu/daemons/* 9 chown root:daemonmaster /mnt/cgroups/cpu/daemons/tasks
操作組(operator group)中的用戶被允許去管理這些控制組(control groups), 例如,沒有root權限,創建新的控制組和在組中移動進程。
daemonmaster 組的成員能夠移動進程到 daemons 進程組,但不能從組中移出進程。僅僅 operator 或 root 能夠做。
Users which are members of the operator group are allowed to administer the control groups, i.e. create new control groups and move processes between these groups without having root privileges.
Members of the daemonmaster group can move processes to the daemons control group, but they can not move the process out of the group. Only the operator or root can do that.
Example 7
The configuration file:
mount { cpu = /mnt/cgroups/cpu; cpuacct = /mnt/cgroups/cpuacct; } group students { cpuacct{ } cpu { } } template students/%u { cpuacct{ } cpu { } }
1 #mkdir /mnt/cgroups/cpu/daemons 2 #mkdir /mnt/cgroups/cpuacct/daemons
這個情況與Example 4相似。唯一不同是模板,模板用於作為一個目標,如果一些規則適用"/students/%u".
The situation is the similar as in Example 4. The only difference is template, which is used if some rule uses "/students/%u" as a destination.
注意 RECOMMENDATIONS
保持層級獨立 Keep hierarchies separated
存在多個層級是非常有效和能在各種場景使用。保持事情的清楚,不要在多個層級中創建一個組。Exampls 4 和 5 顯得不宜閱讀和可能有點混淆,特別其他人閱讀配置文件時。
Having multiple hierarchies is perfectly valid and can be useful in various scenarios. To keeps things clean, do not create one group in multiple hierarchies. Examples 4 and 5 show how unreadable and confusing it can be, especially when reading somebody elses configuration file.
顯式好於隱式 Explicit is better than implicit
libcgroup 能夠隱式創建組,組為可配置子組的創建需要(即libcgroup在創建子組時,隱式創建組)。在簡單場景下,這可能是有用的和節省一下鍵盤敲擊。當出現多個層級是,最好是顯示的明確多個組和關於他們的所有控制區。
libcgroup can implicitly create groups which are needed for the creation of configured subgroups. This may be useful and save some typing in simple scenarios. When it comes to multiple hierarchies, it's better to explicitly specify all groups and all controllers related to them.
FILES
/etc/cgconfig.conf
default libcgroup configuration file
/etc/cgconfig.d/
default libcgroup configuration files directory
SEE ALSO
cgconfigparser (8)
BUGS
參數值必須要不帶空格的單一字符串。不支持帶引號的字符串。
Parameter values must be single strings without spaces. Parsing of quoted strings is not implemented.
使用 #man cgconfig.conf 獲取更多信息。
子系統
#lssubsys 列出當前的子系統 list hierarchies containing given subsystem
1 [root@localhost ~]# lssubsys 2 cpuset : 對於多核cpu,該子系統可以設置進程組只能在指定的核上運行,並且還可以設置進程組在制定的內存節點上申請內存。 3 cpu,cpuacct : CPU子系統為每個進程組設置一個使用CPU的權重值,以此管理進程組對CPU的訪問。cpuacct子系統只用於生成當前進程組內的進程對CPU的使用報告。 4 memory : 該子系統提供了以頁面為單位對內存的訪問,比如對進程組設置內存使用上限等,同時可以生成內存資源報告。 5 devices : 該子系統可以限制進程組對設備的訪問,即允許或禁止進程組對某設備的訪問。 6 freezer : 該子系統可以使得進程組中的所有進程掛起。 7 net_cls : 該子系統提供對網絡帶寬的訪問限制,比如對發送帶寬和接收帶寬進程限制。 8 blkio : 該子系統用於限制每個塊設備的輸入/輸出。與cpu子系統類似,該子系統通過為每個進程組設置權重來控制塊設備對其的I/O時間;其次,該子系統也可以限制進程組的I/O帶寬及IOPS。 9 perf_event 10 hugetlb
顯示子系統mount目錄
1 [root@localhost ~]# lssubsys -aim 2 cpuset /sys/fs/cgroup/cpuset 3 cpu,cpuacct /sys/fs/cgroup/cpu,cpuacct 4 memory /sys/fs/cgroup/memory 5 devices /sys/fs/cgroup/devices 6 freezer /sys/fs/cgroup/freezer 7 net_cls /sys/fs/cgroup/net_cls 8 blkio /sys/fs/cgroup/blkio 9 perf_event /sys/fs/cgroup/perf_event 10 hugetlb /sys/fs/cgroup/hugetlb
相關指令:
lscgroup (1), cgcreate (1), cgdelete
lscgroup list all cgroups
1 [root@localhost ~]# lscgroup 2 devices:/ 3 memory:/ 4 cpu,cpuacct:/ 5 freezer:/ 6 perf_event:/ 7 net_cls:/ 8 blkio:/ 9 hugetlb:/ 10 cpuset:/
相關指令: lssubsys (1), cgcreate (1), cgdelete (1), cgconfig.conf (5)
cgcreate 創建CGroup群組
/usr/bin/cgcreate
EXAMPLES
1 cgcreate -g *:student -g devices:teacher
在所有的掛載層級創建 student 控制組,在包含devices控制器的層級
create control group student in all mounted hierarchies and create control group teacher in hierarchy containing controller devices.
使用CGroups
1.查找某個進程所屬CGroups
#ps -O cgroups
[root@localhost ~]# ps -o cgroup CGROUP 1:name=systemd:/user.slice/user-0.slice/session-20.scope 1:name=systemd:/user.slice/user-0.slice/session-20.scope
FAQ:
1. 子系統是否可以創建、刪除.