1. What are CGroups?

CGroups is a mechanism provided by the Linux kernel to limit the resources used by processes. Its full name is Control Groups. Users can use CGroups to achieve fine Control and restriction of CPU, memory and other resources used by processes. For example, you can limit the CPU usage of a process to 1 gb and the memory usage to 1 GB. In this way, process-level resources are physically isolated and resources on physical machines are fully utilized. Based on this feature, many virtual technologies are implemented by CGroups at the bottom, such as LXC, Docker, Systemd and so on.

2. How does CGroups implement physical resource isolation?

CGroups implements the VFS interface and provides a virtual file structure to limit the physical resources that can be used by a process. This eliminates the implementation details and allows users to implement resource group isolation through file-like operations. Here is a typical CGroups application architecture diagram:

task
The subsystem
The control group
The hierarchy tree

2.1 Tasks (Tasks)

A task, or a process in a system, is the carrier of specific execution in the system.

2.2 SubSystem

Subsystems are controllable resources, such as CPU, Memory, IO, etc. Common subsystems include:

  • The CPU subsystem, which limits the CPU usage of processes.
  • Cpuacct subsystem, which can count CPU usage reports of processes in Cgroups.
  • Cpuset subsystem, which can assign separate CPU nodes or memory nodes to processes in CGroups.
  • A memory subsystem that limits the memory usage of processes.
  • Blkio subsystem, which can limit the block device IO of a process.
  • Devices subsystem that controls processes that can access certain devices.

2.3 Control Group

A control group represents the relationship between a set of tasks and subsystems to define how the system should manage and control resources.

2.4 Hierarchy

Hierarchy tree, a tree structure composed of a series of Cgroups. Each node is a Cgroup, and a Cgroup can have multiple children, which inherit the attributes of their parent by default.

3. Use method

Create a hierarchy tree and add the subsystem resources to the hierarchy tree. 2. Create a Cgroup under the hierarchy tree

4, summarize

Cgroups provide powerful capabilities that allow us to control the resource usage of our applications, as well as statistics on resource usage data, which is the foundation of container technology. Provides the following functions:

  • Resource limitations: Cgroups can limit the total amount of resources that process groups can use. For example, if you set the maximum amount of Memory your application can use while running, you will receive OOM (Out of Memory) if you exceed this quota.
  • The amount of CPU time allocated and the amount of DISK IO bandwidth is used to control the priorities of the process.
  • Resource Accounting: Cgroups can measure system resource usage, such as CPU usage and memory usage. This function is suitable for Accounting.
  • Control: Cgroups can suspend or resume process groups.

5, thank you

  • Docker container base technology: Linux Cgroup introduction
  • CGroup introduction, application example, and principle description
  • Introduction to Cgroups for Linux resource management
  • Basic concepts of Cgroup
  • Cgroups resource limits Docker
  • INTRODUCTION TO CONTROL GROUPS (CGROUPS)