Docker with the namespace underlying cornerstone cgroup

Others 2019-07-31 13:01:05 views: null

A global namespace some system resources into a package abstraction, the abstraction global resource instances have their own isolated for the present process is the namespace. These global resources to change the namespace of the process is visible, while the other process is not visible.
Linux provides about several Namespaces:
the Namespace Constant Isolates
- Cgroup CLONE_NEWCGROUP Cgroup root Directory
- IPC CLONE_NEWIPC System V IPC, the POSIX the Message Queues
- Network CLONE_NEWNET Network Devices, Stacks, the ports, etc.
- Mount CLONE_NEWNS Mount Points
- PID CLONE_NEWPID Process IDs
- the User the User IDs and Group CLONE_NEWUSER
- UTS CLONE_NEWUTS Hostname Domain name and NIS
It can be seen cgroup a domain name, Cgroups is the abbreviation of control groups, originally proposed by google engineer, it was later integrated into the Linux kernel. Cgroups is a Linux kernel may provide limited recording, a physical resource isolation process group (process groups) used: mechanisms (such as CPU, memory, IO, etc.). Cgroups 7 by the sub-systems: namely cpuset, cpu, cpuacct, blkio, devices, freezer, memory. Assign and manage different types of resources is responsible for the completion of each cgroup subsystems.

  • blkio This subsystem is set as a block device input / output restriction, such as physical devices (disk, solid state disk, USB, etc.).
  • The cpu subsystem uses the scheduler to provide cgroup tasks access to the CPU.
  • cpuacct the CPU subsystem automatically generates reports cgroup tasks used.
  • The cpuset subsystem allocates independent CPU (multi-core system) and the memory node cgroup tasks.
  • This subsystem devices may be allowed or denied access to the device task in cgroup.
  • The freezer subsystem suspends or recovery tasks in the cgroup.
  • The memory subsystem memory limit set in cgroup tasks and automatically generate reports memory resources used by those tasks.
  • This subsystem uses net_cls class identifier (ClassID) labeled network packets, flow control procedure may allow Linux (tc) generated from identification packet cgroup in particular.
  • ns namespace subsystem.
    Docker is the use cgroup resource partitioning, each container are up and running as a process, each business will have a container-based pause POD container that is used as the base container. pause container provides content into namespace and communicates all containers under the same POD, shared network resources.
    View the vessel PID, corresponding to / proc / pid / down run of the container resource.

Guess you like

Origin www.cnblogs.com/janeysj/p/11274515.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com