Use the cgroup tool to limit computing resources for some/all users of the server

Use the cgroup tool to limit computing resources for some/all users of the server

It mainly introduces how to limit resources for specified/all users (here we mainly introduce CPU and memory usage limits) to prevent certain users from occupying a large amount of server computing resources and affecting and crowding out others' normal use of the server.

• Install cgroupmanagement tools

  sudo apt-get install cgroup-tools
  

• mount -t cgroupCheck verification using command

Computing resources can be configured by writing /etc/cgconfig.confand files, where:/etc/cgrules.conf

• /etc/cgconfig.confImplement specific configuration settings
• /etc/cgrules.confDetermine which configuration each user belongs to

The cgroup tool will automatically generate some specific configuration files based on the different resource restrictions in the two files above, and place them in the /sys/fs/cgroup/corresponding folders below, which is somewhat similar CMakeLists.txt.

Usage grouplimits single-user/multi-user computing resources

Use groupfields to create resource restriction groups to control resources for members within the group.

1. After /etc/cgconfig.confadding the following configuration, users_mem_limitthe maximum memory that users in the group can apply for will be limited.

   # `group`是特殊字段，`users_mem_limit`是组的名称
   group users_mem_limit{
         
         
           memory{
         
         
                   memory.limit_in_bytes = 15G;
                   memory.memsw.limit_in_bytes = 16G;
           }
   }
   

   in:

   • memory.limit_in_bytesOnly limits actual physical memory usage, not including swap space

   • memory.memsw.limit_in_bytesLimit the total usage of actual physical memory and swap space

   • Generally speaking, the two parameters need to be in bytes, but you can also use them directly here.G

2. Add /etc/cgrules.confthe following configuration to add certain/certain users to the group.

   #用户名			   #限制类型        #所属组
   user01               memory          users_mem_limit/
   user02               memory          users_mem_limit/
   

3. Set restrictions on service startup

   #开机启动
   systemctl enable cgconfig
   systemctl enable cgred
   #重启服务
   systemctl restart cgconfig
   systemctl restart cgred
   

important point:

• In this case, users in the group will share the limited 15G memory instead of the maximum 15G for each person. For example, in the above example, user01and user02will share 15G memory;

• If the program cannot apply for memory, it will stop and report an error. If you only limit the capacity of physical memory and do not limit the capacity of swap, the process will not be killed. Can keep running.

Use to templatelimit memory and CPU usage for multiple users

You can also implement multi-user restrictions by using just now group, but the restricted users will share the restricted resources. How to configure the computing resources of each user equally, and at the same time limit the excessive use of the shared server CPU and memory resources by all users? Implemented here using template.

templateIt's essentially just a template, essentially generating a separate group for all users? .

1. After /etc/cgconfig.confadding the following configuration, use template and set the memory to not exceed 60GB and occupy up to 100% of 36 CPU cores.

   template users/%u {
         
         
           memory {
         
         
                   memory.limit_in_bytes = 60G;
                   memory.memsw.limit_in_bytes = 61G;
           }
           cpu {
         
         
                   cpu.cfs_quota_us = 3600000;
                   cpu.cfs_period_us = 100000;
           }
   }
   

   The CPU limitation logic is:

   • Within cpu.cfs_period_usa cycle, only the most cpu.cfs_quota_usCPU resources can be used.

   • By default, cpu.cfs_period_usthe units are microseconds and the default value is 100000. cpu.cfs_quota_usThe value is -1, which means there is no limit.

   • In the example, the ratio of the two parameters is used cpu.cfs_quota_us/cpu.cfs_period_us=3600% to achieve up to 100% occupation of 36 CPU cores.

2. Add /etc/cgrules.confthe following configuration to control the CPU and memory of all users.

   #所有用户		 限制类型	           模板
   *               cpu,memory          users/%u
   

3. Set up service

   #开机启动
   systemctl enable cgconfig
   systemctl enable cgred
   #重启服务
   systemctl restart cgconfig
   systemctl restart cgred
   

Some points to note

Below/sys/fs/cgroup , there are different folders, and these files contain different resource configuration files.

cgroup /etc/cgconfig.confautomatically generates some specific files based on the configuration file, and then /sys/fs/cgroupgenerates corresponding configurations in different folders, for example:

1. groupThe cgroup file generated in the configuration just used is /sys/fs/cgroup/memory/users_mem_limitin the directory.

2. The one you just used templatewill automatically generate the following data

   • /sys/fs/cgroup/memory/users/user01
   • /sys/fs/cgroup/memory/users/user02
   • /sys/fs/cgroup/cpu/users/user01
   • /sys/fs/cgroup/cpu/users/user02

3. You can use the following command to delete a user's configuration. When he logs in again, it will be automatically canceled.

   cgdelete cpu:/users/user01
   cgdelete memory:/users/user01
   

reference

1. Use nice, cpulimit and cgroups to limit cpu usage
2. How to restrict users who occupy a large amount of server CPU resources
3. Linux systems use cgroups to limit excessive memory usage by user processes
4. Accurately limit CPU: Cgroups