Use the cgroup tool to limit computing resources for some/all users of the server
It mainly introduces how to limit resources for specified/all users (here we mainly introduce CPU and memory usage limits) to prevent certain users from occupying a large amount of server computing resources and affecting and crowding out others' normal use of the server.
- Install
cgroup
management toolssudo apt-get install cgroup-tools
mount -t cgroup
Check verification using command
Computing resources can be configured by writing /etc/cgconfig.conf
and files, where:/etc/cgrules.conf
/etc/cgconfig.conf
Implement specific configuration settings/etc/cgrules.conf
Determine which configuration each user belongs to
The cgroup tool will automatically generate some specific configuration files based on the different resource restrictions in the two files above, and place them in the /sys/fs/cgroup/
corresponding folders below, which is somewhat similar CMakeLists.txt
.
Usage group
limits single-user/multi-user computing resources
Use group
fields to create resource restriction groups to control resources for members within the group.
-
After
/etc/cgconfig.conf
adding the following configuration,users_mem_limit
the maximum memory that users in the group can apply for will be limited.# `group`是特殊字段,`users_mem_limit`是组的名称 group users_mem_limit{ memory{ memory.limit_in_bytes = 15G; memory.memsw.limit_in_bytes = 16G; } }
in:
-
memory.limit_in_bytes
Only limits actual physical memory usage, not including swap space -
memory.memsw.limit_in_bytes
Limit the total usage of actual physical memory and swap space -
Generally speaking, the two parameters need to be in bytes, but you can also use them directly here.
G
-
-
Add
/etc/cgrules.conf
the following configuration to add certain/certain users to the group.#用户名 #限制类型 #所属组 user01 memory users_mem_limit/ user02 memory users_mem_limit/
-
Set restrictions on service startup
#开机启动 systemctl enable cgconfig systemctl enable cgred #重启服务 systemctl restart cgconfig systemctl restart cgred
important point:
-
In this case, users in the group will share the limited 15G memory instead of the maximum 15G for each person. For example, in the above example,
user01
anduser02
will share 15G memory; -
If the program cannot apply for memory, it will stop and report an error. If you only limit the capacity of physical memory and do not limit the capacity of swap, the process will not be killed. Can keep running.
Use to template
limit memory and CPU usage for multiple users
You can also implement multi-user restrictions by using just now group
, but the restricted users will share the restricted resources. How to configure the computing resources of each user equally, and at the same time limit the excessive use of the shared server CPU and memory resources by all users? Implemented here using template
.
template
It's essentially just a template, essentially generating a separate group for all users? .
-
After
/etc/cgconfig.conf
adding the following configuration, use template and set the memory to not exceed 60GB and occupy up to 100% of 36 CPU cores.template users/%u { memory { memory.limit_in_bytes = 60G; memory.memsw.limit_in_bytes = 61G; } cpu { cpu.cfs_quota_us = 3600000; cpu.cfs_period_us = 100000; } }
The CPU limitation logic is:
-
Within
cpu.cfs_period_us
a cycle, only the mostcpu.cfs_quota_us
CPU resources can be used. -
By default,
cpu.cfs_period_us
the units are microseconds and the default value is100000
.cpu.cfs_quota_us
The value is -1, which means there is no limit. -
In the example, the ratio of the two parameters is used
cpu.cfs_quota_us/cpu.cfs_period_us=3600%
to achieve up to 100% occupation of 36 CPU cores.
-
-
Add
/etc/cgrules.conf
the following configuration to control the CPU and memory of all users.#所有用户 限制类型 模板 * cpu,memory users/%u
-
Set up service
#开机启动 systemctl enable cgconfig systemctl enable cgred #重启服务 systemctl restart cgconfig systemctl restart cgred
Some points to note
Below/sys/fs/cgroup
, there are different folders, and these files contain different resource configuration files.
cgroup /etc/cgconfig.conf
automatically generates some specific files based on the configuration file, and then /sys/fs/cgroup
generates corresponding configurations in different folders, for example:
-
group
The cgroup file generated in the configuration just used is/sys/fs/cgroup/memory/users_mem_limit
in the directory. -
The one you just used
template
will automatically generate the following data/sys/fs/cgroup/memory/users/user01
/sys/fs/cgroup/memory/users/user02
/sys/fs/cgroup/cpu/users/user01
/sys/fs/cgroup/cpu/users/user02
-
You can use the following command to delete a user's configuration. When he logs in again, it will be automatically canceled.
cgdelete cpu:/users/user01 cgdelete memory:/users/user01