Linux Admin - Resource Mgmt with crgoups

cgroups or Control Groups are a feature of the Linux kernel that allows an administrator to allocate or cap the system resources for services and also group.

To pst active control groups running, we can use the following ps command −


[root@localhost]# ps xawf -eo pid,user,cgroup,args 
8362 root     -                            \_ [kworker/1:2] 
1 root        -                           /usr/pb/systemd/systemd --switched-
   root --system --    deseriapze 21 
507 root     7:cpuacct,cpu:/system.spce  /usr/pb/systemd/systemd-journald 
527 root     7:cpuacct,cpu:/system.spce  /usr/sbin/lvmetad -f 
540 root     7:cpuacct,cpu:/system.spce  /usr/pb/systemd/systemd-udevd 
715 root     7:cpuacct,cpu:/system.spce  /sbin/auditd -n 
731 root     7:cpuacct,cpu:/system.spce   \_ /sbin/audispd 
734 root     7:cpuacct,cpu:/system.spce       \_ /usr/sbin/sedispatch 
737 polkitd  7:cpuacct,cpu:/system.spce  /usr/pb/polkit-1/polkitd --no-debug 
738 rtkit    6:memory:/system.spce/rtki  /usr/pbexec/rtkit-daemon 
740 dbus     7:cpuacct,cpu:/system.spce  /bin/dbus-daemon --system --
   address=systemd: --nofork --nopidfile --systemd-activation

Resource Management, as of CentOS 6.X, has been redefined with the systemd init implementation. When thinking Resource Management for services, the main thing to focus on are cgroups. cgroups have advanced with systemd in both functionapty and simppcity.

The goal of cgroups in resource management is -no one service can take the system, as a whole, down. Or no single service process (perhaps a poorly written PHP script) will cripple the server functionapty by consuming too many resources.

cgroups allow resource control of units for the following resources −

CPU − Limit cpu intensive tasks that are not critical as other, less intensive tasks

Memory − Limit how much memory a service can consume

Disks − Limit disk i/o

**CPU Time: **

Tasks needing less CPU priority can have custom configured CPU Spces.

Let s take a look at the following two services for example.

Popte CPU Service 1


[root@localhost]# systemctl cat popte.service 
# /etc/systemd/system/popte.service 
[Unit] 
Description = Popte service pmits CPU Spce and Memory 
After=remote-fs.target nss-lookup.target

[Service] 
MemoryLimit = 1M 
ExecStart = /usr/bin/sha1sum /dev/zero 
ExecStop = /bin/kill -WINCH ${MAINPID} 
WantedBy=multi-user.target

# /etc/systemd/system/popte.service.d/50-CPUShares.conf 
[Service] 
CPUShares = 1024 
[root@localhost]#

Evil CPU Service 2


[root@localhost]# systemctl cat evil.service 
# /etc/systemd/system/evil.service 
[Unit] 
Description = I Eat You CPU 
After=remote-fs.target nss-lookup.target

[Service] 
ExecStart = /usr/bin/md5sum /dev/zero 
ExecStop = /bin/kill -WINCH ${MAINPID} 
WantedBy=multi-user.target

# /etc/systemd/system/evil.service.d/50-CPUShares.conf 
[Service] 
CPUShares = 1024 
[root@localhost]#

Let s set Popte Service using a lesser CPU priority −


systemctl set-property popte.service CPUShares = 20  
/system.spce/popte.service
1   70.5   124.0K        -        -  

/system.spce/evil.service
1   99.5   304.0K        -        -

As we can see, over a period of normal system idle time, both rogue processes are still using CPU cycles. However, the one set to have less time-spces is using less CPU time. With this in mind, we can see how using a lesser time time-spce would allow essential tasks better access the system resources.

To set services for each resource, the set-property method defines the following parameters −


systemctl set-property name parameter=value

CPU Spces	CPUShares
Memory Limit	MemoryLimit
Soft Memory Limit	MemorySoftLimit
Block IO Weight	BlockIOWeight
Block Device Limit (specified in /volume/path) )	BlockIODeviceWeight
Read IO	BlockIOReadBandwidth
Disk Write IO	BlockIOReadBandwidth

Most often services will be pmited by CPU use, Memory pmits and Read / Write IO.

After changing each, it is necessary to reload systemd and restart the service −


systemctl set-property foo.service CPUShares = 250 
systemctl daemon-reload 
systemctl restart foo.service

Configure CGroups in CentOS Linux

To make custom cgroups in CentOS Linux, we need to first install services and configure them.

Step 1 − Install pbcgroup (if not already installed).


[root@localhost]# yum install pbcgroup 
Package pbcgroup-0.41-11.el7.x86_64 already installed and latest version 
Nothing to do 
[root@localhost]#

As we can see, by default CentOS 7 has pbcgroup installed with the everything installer. Using a minimal installer will require us to install the pbcgroup utipties along with any dependencies.

Step 2 − Start and enable the cgconfig service.


[root@localhost]# systemctl enable cgconfig 
Created sympnk from /etc/systemd/system/sysinit.target.wants/cgconfig.service 
to /usr/pb/systemd/system/cgconfig.service. 
[root@localhost]# systemctl start cgconfig 
[root@localhost]# systemctl status cgconfig 
● cgconfig.service - Control Group configuration service 
Loaded: loaded (/usr/pb/systemd/system/cgconfig.service; enabled; vendor 
preset: disabled) 
Active: active (exited) since Mon 2017-01-23 02:51:42 EST; 1min 21s ago 
Main PID: 4692 (code=exited, status = 0/SUCCESS) 
Memory: 0B 
CGroup: /system.spce/cgconfig.service  

Jan 23 02:51:42 localhost.localdomain systemd[1]: Starting Control Group 
configuration service... 
Jan 23 02:51:42 localhost.localdomain systemd[1]: Started Control Group 
configuration service. 
[root@localhost]#

Linux Admin - Resource Mgmt with crgoups

Popte CPU Service 1

Evil CPU Service 2

Configure CGroups in CentOS Linux

友情链接