Limiting CPU and Memory usage to users/groups(CGroups)

In this post we are going to see : Limiting CPU and Memory usage to users/groups.

In large environments, there is a chance to access single system by more than one users at a time. So, user’s can access the resources highly.

For our exercise going to use RHEL7 Operating System.

CGroups will help us to limit the resources by group of users.

We have below users created already to do practise.

[[email protected] ~]# grep home /etc/passwd
lbcuser1:x:1005:1007::/home/lbcuser1:/bin/bash
lbcuser2:x:1006:1008::/home/lbcuser2:/bin/bash
lbcuser3:x:1007:1009::/home/lbcuser3:/bin/bash
lbcuser:x:1008:1011::/home/lbcuser:/bin/bash

Users are assigned to below mentioned groups.

Groups:    lbcgroup, finance, admin

[[email protected] ~]# grep "lbcuser" /etc/group
finance:x:1003:lbcuser2
lbcgroup:x:1010:lbcuser1,lbcuser
admin:x:1012:lbcuser3

To work on this, lbcgroup package should be installed and will use /etc/cgconfig.conf and /etc/cgrules.conf to apply the rules overs the users to limit the resources use.

follow the below steps to apply rules by per Group:

[[email protected] ~]# vi /etc/cgconfig.conf
mount {
 cpu = /cgroup/cpu_and_mem;
 cpuacct = /cgroup/cpu_and_mem;
 memory = /cgroup/cpu_and_mem;
}

group finance {
 cpu {
 cpu.shares="250";
 }
 cpuacct {
 cpuacct.usage="0";
 }
 memory {
 memory.limit_in_bytes="1G";
 memory.memsw.limit_in_bytes="2G";
 }
}

group lbcgroup {
 cpu {
 cpu.shares="250";
 }
 cpuacct {
 cpuacct.usage="0";
 }
 memory {
 memory.limit_in_bytes="1G";
 memory.memsw.limit_in_bytes="2G";
 }
}

group admin {
 cpu {
 cpu.shares="500";
 }
 cpuacct {
 cpuacct.usage="0";
 }
 memory {
 memory.limit_in_bytes="1G";
 memory.memsw.limit_in_bytes="2G";
 }
}

While starting the server, above configuration file will mount cpu, cpuacct and memory subsystems to a cpu_and _memory cgroup.

CPU:

cpu-shares parameter used to assign the the CPU resources which is available to each and every processes. Assigning parameter values as 250, 250 and 500 for finance, lbcgroup and admin groups in cgroup will split the CPU resources in 1:1:2 ratio. If only one process is running, it doesn’t matter in which cgroup it falls. CPU limitation will be applied, when there is more than one process running.

cpuacct:

cpuacct.usage=”0″ this value is used to reset the CPU usage on cpuacct.usage and cpuacct_percpu files. These files contains the total CPU utilized time by all the process.

Memory:

memory.limit_in_bytes=”1G” parameter says that how much memory allowed to use by a cgroup.

memory.memsw.limit_in_bytes=”2G” parameter says that how much swap space allowed to use by a cgroup

cgrulesengd:

Start this daemon using below command:

[[email protected] ~]# systemctl start cgred

This daemon will help to move process to specific cgroup and for that we need to configure /etc/cgrules.conf like below

[[email protected] ~]# vi /etc/cgrules.conf
# /etc/cgrules.conf
#The format of this file is described in cgrules.conf(5)
#manual page.

@finance  cpu,memory finance
@lbcgroup cpu,memory lbcgroup
@admin    cpu        admin

Like above will assign rules to group.

In this, process will be moved to cgroup based on which user started this process and belongs to which group.

For example, Process detects the limitations from lbcgroup cgroup, which is started by lbcuser1 user and it will move to /cgroup/cpu_and_mem/lbcgroup/tasks file.

cgconfig:

Start this daemon to create hierarchy of cgroup to set the required parameters  in all cgroups.

[[email protected] ~]# systemctl start cgconfig

and to make all changes persistent across reboot, configure both(cgred, cgconfig) services to be started by default.

[[email protected] ~]# systemctl enable cgred

[[email protected] ~]# systemctl enable cgconfig

 

Reference: Red Hat official documentation

Leave a Reply

Your email address will not be published. Required fields are marked *