© Photographer, 123RF.com
Cgroups for resource management in Linux
Take Control
A couple of years ago, I was teaching Linux at a large-scale IT service provider's office. Their administrators had plenty of experience with commercial Unix variants, such as HP-UX, and they asked me how they could implement resource management and controls on Linux. How could an administrator restrict the amount of RAM used by a single process or a group of processes?
At the time, I had to admit that Linux didn't offer this feature. But in 2006, Rohit Seth started to develop this functionality, and as of kernel 2.6.24, administrators can use it. Originally referred to as "process containers," control groups (cgroups for short) [1] can restrict, enumerate (for billing purposes), and isolate resources (e.g., RAM, CPU, I/O).
Although many administrators will not need to use this functionality on a standard server, this application is very interesting in environments with KVM-based virtualization. Cgroups let you restrict the resources used by a virtual guest or prioritize use compared with other guests.
A cgroup lets the administrator group multiple processes and then define parameters for specific subsystems for these processes and all of their child processes. A subsystem could be a resource controller that manages the amount of RAM available.
To use cgroups, you first need to define a hierarchy in which the groups will be managed. To do so, you edit the /etc/cgconfig.conf file, which you can see in Listing 1.
Listing 1
/etc/cgconfig.conf
01 mount {
02 cpuset = /cgroup/cpuset;
03 cpu = /cgroup/cpu;
04 cpuacct = /cgroup/cpuacct;
05 memory = /cgroup/memory;
06 devices = /cgroup/devices;
07 freezer = /cgroup/freezer;
08 
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
LXC 1.0
LXC 1.0, released in early 2014, was the first stable version for managing Linux containers. We check out the lightweight container solution to see whether it is now ready for production. -
Workshop: Container virtualization with LXC on Ubuntu 10.04
LXC creates system containers that let administrators isolate security and critical services. We show you how to set up such a system within a system. -
Secure Your KVM Virtual Machines
A common misconception posits that software cannot cause mischief if you lock the system away in a virtual machine, because even if an intruder compromises the web server on the virtual machine, it will only damage the guest. If you believe this, you are in for a heap of hurt. -
Established container solutions in Linux
Container solutions are not newcomers to the virtualization scene; they have existed for years. We look at the different flavors available for Linux systems. -
Container Virtualization Comeback with Docker
Docker helps the Linux container achieve an appealing comeback and integrates some features missing from earlier container solutions.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
