In this post we are going to see : Limiting CPU and Memory usage to users/groups.
In large environments, there is a chance to access single system by more than one users at a time. So, user’s can access the resources highly.
For our exercise going to use RHEL7 Operating System.
CGroups will help us to limit the resources by group of users.
We have below users created already to do practise.
[root@server ~]# grep home /etc/passwd lbcuser1:x:1005:1007::/home/lbcuser1:/bin/bash lbcuser2:x:1006:1008::/home/lbcuser2:/bin/bash lbcuser3:x:1007:1009::/home/lbcuser3:/bin/bash lbcuser:x:1008:1011::/home/lbcuser:/bin/bash
Users are assigned to below mentioned groups.
Groups: lbcgroup, finance, admin
[root@server ~]# grep "lbcuser" /etc/group finance:x:1003:lbcuser2 lbcgroup:x:1010:lbcuser1,lbcuser admin:x:1012:lbcuser3
To work on this, lbcgroup package should be installed and will use /etc/cgconfig.conf and /etc/cgrules.conf to apply the rules overs the users to limit the resources use.
follow the below steps to apply rules by per Group:
[root@server ~]# vi /etc/cgconfig.conf
mount {
cpu = /cgroup/cpu_and_mem;
cpuacct = /cgroup/cpu_and_mem;
memory = /cgroup/cpu_and_mem;
}
group finance {
cpu {
cpu.shares="250";
}
cpuacct {
cpuacct.usage="0";
}
memory {
memory.limit_in_bytes="1G";
memory.memsw.limit_in_bytes="2G";
}
}
group lbcgroup {
cpu {
cpu.shares="250";
}
cpuacct {
cpuacct.usage="0";
}
memory {
memory.limit_in_bytes="1G";
memory.memsw.limit_in_bytes="2G";
}
}
group admin {
cpu {
cpu.shares="500";
}
cpuacct {
cpuacct.usage="0";
}
memory {
memory.limit_in_bytes="1G";
memory.memsw.limit_in_bytes="2G";
}
}
While starting the server, above configuration file will mount cpu, cpuacct and memory subsystems to a cpu_and _memory cgroup.
CPU:
cpu-shares parameter used to assign the the CPU resources which is available to each and every processes. Assigning parameter values as 250, 250 and 500 for finance, lbcgroup and admin groups in cgroup will split the CPU resources in 1:1:2 ratio. If only one process is running, it doesn’t matter in which cgroup it falls. CPU limitation will be applied, when there is more than one process running.
cpuacct:
cpuacct.usage=”0″ this value is used to reset the CPU usage on cpuacct.usage and cpuacct_percpu files. These files contains the total CPU utilized time by all the process.
Memory:
memory.limit_in_bytes=”1G” parameter says that how much memory allowed to use by a cgroup.
memory.memsw.limit_in_bytes=”2G” parameter says that how much swap space allowed to use by a cgroup
cgrulesengd:
Start this daemon using below command:
[root@server ~]# systemctl start cgred
This daemon will help to move process to specific cgroup and for that we need to configure /etc/cgrules.conf like below
[root@server ~]# vi /etc/cgrules.conf # /etc/cgrules.conf #The format of this file is described in cgrules.conf(5) #manual page. @finance cpu,memory finance @lbcgroup cpu,memory lbcgroup @admin cpu admin
Like above will assign rules to group.
In this, process will be moved to cgroup based on which user started this process and belongs to which group.
For example, Process detects the limitations from lbcgroup cgroup, which is started by lbcuser1 user and it will move to /cgroup/cpu_and_mem/lbcgroup/tasks file.
cgconfig:
Start this daemon to create hierarchy of cgroup to set the required parameters in all cgroups.
[root@server ~]# systemctl start cgconfig
and to make all changes persistent across reboot, configure both(cgred, cgconfig) services to be started by default.
[root@server ~]# systemctl enable cgred [root@server ~]# systemctl enable cgconfig
Reference: Red Hat official documentation