Linux control groups
在一个容器,如果不对其做任何资源限制,则宿主机会允许其占用无限大的内存空间,有时候会因为代码bug程序会一直申请内存,直到把宿主机内存占完,为了避免此类的问题出现,宿主机有必要对容器进行资源分配限制,比如CPU、内存等,Linux Cgroups的全称是Linux Control Groups,它最主要的作用,就是限制一个进程组能够使用的资源上限,包括CPU、内存、磁盘、网络带宽等等。此外,还能够对进程进行优先级设置,以及将进程挂起和恢复等操作。
验证系统cgroups
Cgroups在内核层默认已经开启,从centos和ubuntu 对比结果来看,显然内核较新的ubuntu 支持的功能更多。
Centos 8.1 cgroups:
[root@centos8 ~]#cat /etc/redhat-release
CentOS Linux release 8.1.1911 (Core)
[root@centos8 ~]#grep CGROUP /boot/config-4.18.0-147.el8.x86_64
CONFIG_CGROUPS=y
CONFIG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_CGROUP_WRITEBACK=y
CONFIG_CGROUP_SCHED=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_HUGETLB=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_BPF=y
# CONFIG_CGROUP_DEBUG is not set
CONFIG_SOCK_CGROUP_DATA=y
# CONFIG_BLK_CGROUP_IOLATENCY is not set
CONFIG_NETFILTER_XT_MATCH_CGROUP=m
CONFIG_NET_CLS_CGROUP=y
CONFIG_CGROUP_NET_PRIO=y
CONFIG_CGROUP_NET_CLASSID=y
[root@centos8 ~]#
Centos 7.6 cgroups:
[root@centos7 ~]#cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
[root@centos7 ~]#grep CGROUP /boot/config-3.10.0-957.el7.x86_64
CONFIG_CGROUPS=y
# CONFIG_CGROUP_DEBUG is not set
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_HUGETLB=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_SCHED=y
CONFIG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_NETFILTER_XT_MATCH_CGROUP=m
CONFIG_NET_CLS_CGROUP=y
CONFIG_NETPRIO_CGROUP=y
ubuntu cgroups:
[root@ubuntu1804 ~]#grep CGROUP /boot/config-4.15.0-29-generic
CONFIG_CGROUPS=y
CONFIG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_CGROUP_WRITEBACK=y
CONFIG_CGROUP_SCHED=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_HUGETLB=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_BPF=y
# CONFIG_CGROUP_DEBUG is not set
CONFIG_SOCK_CGROUP_DATA=y
CONFIG_NETFILTER_XT_MATCH_CGROUP=m
CONFIG_NET_CLS_CGROUP=m
CONFIG_CGROUP_NET_PRIO=y
CONFIG_CGROUP_NET_CLASSID=y
cgroups 中内存模块:
[root@ubuntu1804 ~]#grep MEMCG /boot/config-4.15.0-29-generic
CONFIG_MEMCG=y
CONFIG_MEMCG_SWAP=y
# CONFIG_MEMCG_SWAP_ENABLED is not set
CONFIG_SLUB_MEMCG_SYSFS_ON=y
cgroups具体实现
- blkio:块设备IO限制
- cpu:使用调度程序为 cgroup 任务提供 cpu 的访问
- cpuacct:产生 cgroup 任务的 cpu 资源报告
- cpuset:如果是多核心的 cpu,这个子系统会为 cgroup 任务分配单独的 cpu 和内存
- devices:允许或拒绝 cgroup 任务对设备的访问
- freezer:暂停和恢复 cgroup 任务
- memory:设置每个 cgroup 的内存限制以及产生内存资源报告
- net_cls:标记每个网络包以供 cgroup 方便使用
- ns:命名空间子系统
- perf_event:增加了对每 group 的监测跟踪的能力,可以监测属于某个特定的 group 的所有线程以及运行在特定CPU上的线程
查看系统cgroups
[root@ubuntu1804 ~]#ll /sys/fs/cgroup/
total 0
drwxr-xr-x 15 root root 380 Jan 22 16:20 ./
drwxr-xr-x 10 root root 0 Jan 22 16:20 ../
dr-xr-xr-x 5 root root 0 Jan 22 16:20 blkio/
lrwxrwxrwx 1 root root 11 Jan 22 16:20 cpu -> cpu,cpuacct/
lrwxrwxrwx 1 root root 11 Jan 22 16:20 cpuacct -> cpu,cpuacct/
dr-xr-xr-x 5 root root 0 Jan 22 16:20 cpu,cpuacct/
dr-xr-xr-x 3 root root 0 Jan 22 16:20 cpuset/
dr-xr-xr-x 5 root root 0 Jan 22 16:20 devices/
dr-xr-xr-x 3 root root 0 Jan 22 16:20 freezer/
dr-xr-xr-x 3 root root 0 Jan 22 16:20 hugetlb/
dr-xr-xr-x 5 root root 0 Jan 22 16:20 memory/
lrwxrwxrwx 1 root root 16 Jan 22 16:20 net_cls -> net_cls,net_prio/
dr-xr-xr-x 3 root root 0 Jan 22 16:20 net_cls,net_prio/
lrwxrwxrwx 1 root root 16 Jan 22 16:20 net_prio -> net_cls,net_prio/
dr-xr-xr-x 3 root root 0 Jan 22 16:20 perf_event/
dr-xr-xr-x 5 root root 0 Jan 22 16:20 pids/
dr-xr-xr-x 2 root root 0 Jan 22 16:20 rdma/
dr-xr-xr-x 6 root root 0 Jan 22 16:20 systemd/
dr-xr-xr-x 5 root root 0 Jan 22 16:20 unified/
[root@ubuntu1804 ~]#cat /sys/fs/cgroup/cpu/docker/5dee9be9afdbab8c2f6c4c5eb0f956c9579efe93110daf638f8fd15f43d961e2/cpuacct.usage
4751336886
[root@ubuntu1804 ~]#cat /sys/fs/cgroup/memory/docker/5dee9be9afdbab8c2f6c4c5eb0f956c9579efe93110daf638f8fd15f43d961e2/cpuacct.usage
cat: /sys/fs/cgroup/memory/docker/5dee9be9afdbab8c2f6c4c5eb0f956c9579efe93110daf638f8fd15f43d961e2/cpuacct.usage: No such file or directory
[root@ubuntu1804 ~]#cat /sys/fs/cgroup/memory/docker/5dee9be9afdbab8c2f6c4c5eb0f956c9579efe93110daf638f8fd15f43d961e2/memory.limit_in_bytes
9223372036854771712
[root@ubuntu1804 ~]#cat /sys/fs/cgroup/memory/docker/5dee9be9afdbab8c2f6c4c5eb0f956c9579efe93110daf638f8fd15f43d961e2/memory.max_usage_in_bytes
79278080
本文链接:http://www.yunweipai.com/34747.html
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/courses/52638.html