2021-07-03 14:33:50 +08:00
|
|
|
|
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-cgroups">
|
|
|
|
|
|
<title>Control Groups</title>
|
|
|
|
|
|
<para>
|
|
|
|
|
|
To keep track of the processes in a running system, systemd uses
|
|
|
|
|
|
<emphasis>control groups</emphasis> (cgroups). A control group is a
|
|
|
|
|
|
set of processes used to allocate resources such as CPU, memory or
|
|
|
|
|
|
I/O bandwidth. There can be multiple control group hierarchies,
|
|
|
|
|
|
allowing each kind of resource to be managed independently.
|
|
|
|
|
|
</para>
|
|
|
|
|
|
<para>
|
|
|
|
|
|
The command <literal>systemd-cgls</literal> lists all control groups
|
|
|
|
|
|
in the <literal>systemd</literal> hierarchy, which is what systemd
|
|
|
|
|
|
uses to keep track of the processes belonging to each service or
|
|
|
|
|
|
user session:
|
|
|
|
|
|
</para>
|
|
|
|
|
|
<programlisting>
|
|
|
|
|
|
$ systemd-cgls
|
|
|
|
|
|
├─user
|
|
|
|
|
|
│ └─eelco
|
|
|
|
|
|
│ └─c1
|
|
|
|
|
|
│ ├─ 2567 -:0
|
|
|
|
|
|
│ ├─ 2682 kdeinit4: kdeinit4 Running...
|
|
|
|
|
|
│ ├─ ...
|
|
|
|
|
|
│ └─10851 sh -c less -R
|
|
|
|
|
|
└─system
|
|
|
|
|
|
├─httpd.service
|
|
|
|
|
|
│ ├─2444 httpd -f /nix/store/3pyacby5cpr55a03qwbnndizpciwq161-httpd.conf -DNO_DETACH
|
|
|
|
|
|
│ └─...
|
|
|
|
|
|
├─dhcpcd.service
|
|
|
|
|
|
│ └─2376 dhcpcd --config /nix/store/f8dif8dsi2yaa70n03xir8r653776ka6-dhcpcd.conf
|
|
|
|
|
|
└─ ...
|
|
|
|
|
|
</programlisting>
|
|
|
|
|
|
<para>
|
|
|
|
|
|
Similarly, <literal>systemd-cgls cpu</literal> shows the cgroups in
|
|
|
|
|
|
the CPU hierarchy, which allows per-cgroup CPU scheduling
|
|
|
|
|
|
priorities. By default, every systemd service gets its own CPU
|
|
|
|
|
|
cgroup, while all user sessions are in the top-level CPU cgroup.
|
|
|
|
|
|
This ensures, for instance, that a thousand run-away processes in
|
|
|
|
|
|
the <literal>httpd.service</literal> cgroup cannot starve the CPU
|
|
|
|
|
|
for one process in the <literal>postgresql.service</literal> cgroup.
|
|
|
|
|
|
(By contrast, it they were in the same cgroup, then the PostgreSQL
|
|
|
|
|
|
process would get 1/1001 of the cgroup’s CPU time.) You can limit a
|
|
|
|
|
|
service’s CPU share in <literal>configuration.nix</literal>:
|
|
|
|
|
|
</para>
|
2022-12-21 22:00:27 +01:00
|
|
|
|
<programlisting language="nix">
|
2021-07-03 14:33:50 +08:00
|
|
|
|
systemd.services.httpd.serviceConfig.CPUShares = 512;
|
|
|
|
|
|
</programlisting>
|
|
|
|
|
|
<para>
|
|
|
|
|
|
By default, every cgroup has 1024 CPU shares, so this will halve the
|
|
|
|
|
|
CPU allocation of the <literal>httpd.service</literal> cgroup.
|
|
|
|
|
|
</para>
|
|
|
|
|
|
<para>
|
|
|
|
|
|
There also is a <literal>memory</literal> hierarchy that controls
|
|
|
|
|
|
memory allocation limits; by default, all processes are in the
|
|
|
|
|
|
top-level cgroup, so any service or session can exhaust all
|
|
|
|
|
|
available memory. Per-cgroup memory limits can be specified in
|
|
|
|
|
|
<literal>configuration.nix</literal>; for instance, to limit
|
|
|
|
|
|
<literal>httpd.service</literal> to 512 MiB of RAM (excluding swap):
|
|
|
|
|
|
</para>
|
2022-12-21 22:00:27 +01:00
|
|
|
|
<programlisting language="nix">
|
2021-07-03 14:33:50 +08:00
|
|
|
|
systemd.services.httpd.serviceConfig.MemoryLimit = "512M";
|
|
|
|
|
|
</programlisting>
|
|
|
|
|
|
<para>
|
|
|
|
|
|
The command <literal>systemd-cgtop</literal> shows a continuously
|
|
|
|
|
|
updated list of all cgroups with their CPU and memory usage.
|
|
|
|
|
|
</para>
|
|
|
|
|
|
</chapter>
|
